Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 11 Mar 2012 22:06:33 +0000
From:      "Simon L. B. Nielsen" <simon@FreeBSD.org>
To:        ohauer@FreeBSD.org
Cc:        cvs-ports@freebsd.org, cvs-all@freebsd.org
Subject:   Re: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist ports/ports-mgmt/portaudit/files portaudit-cmd.sh
Message-ID:  <D212A942-B3B1-4A3C-A292-C5CFF102BD3C@FreeBSD.org>
In-Reply-To: <4F5D2046.4030309@FreeBSD.org>
References:  <201203112132.q2BLWwTZ074498@repoman.freebsd.org> <4F5D2046.4030309@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail 


On 11 Mar 2012, at 21:59, Olli Hauer wrote:

> On 2012-03-11 22:32, Simon L. Nielsen wrote:
>> simon       2012-03-11 21:32:58 UTC
>> 
>>  FreeBSD ports repository
>> 
>>  Modified files:
>>    ports-mgmt/portaudit Makefile pkg-plist 
>>    ports-mgmt/portaudit/files portaudit-cmd.sh 
>>  Log:
>>  Portaudit 0.6.0:
>> 
>>  Fix remote code execution which can occur with a specially crafted
>>  audit file.  The attacker would need to get the portaudit(1) to
>>  download the bad audit database, e.g. by performing a man in the
>>  middle attack.
>> 
>>  Add signature verification of the portaudit database.  The public key
>>  is for the database generated for portaudit.FreeBSD.org is included
>>  in the distribution.
>> 
>>  Submitted by:   Michael Gmelin <freebsd@grem.de>
>>  Reported by:    Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
>>  Security:       Remote code execution
>>  Security:       http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
>>  Feature safe:   yes
>>  With hat:       so
>> 
>>  Revision  Changes    Path
>>  1.30      +2 -1      ports/ports-mgmt/portaudit/Makefile
>>  1.20      +69 -10    ports/ports-mgmt/portaudit/files/portaudit-cmd.sh
>>  1.6       +1 -0      ports/ports-mgmt/portaudit/pkg-plist
>> 
>> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/Makefile.diff?&r1=1.29&r2=1.30&f=h
>> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/files/portaudit-cmd.sh.diff?&r1=1.19&r2=1.20&f=h
>> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/pkg-plist.diff?&r1=1.5&r2=1.6&f=h
> 
> 
> Hi Simon,
> 
> seems the public key was not committed

Doh, rookie mistake. Thanks! Fixed.

> and thanks for removing the annoying ""Vulnerability check disabled ..." message

Np - it has been bugging me for years but not quiet enough... :-)

-- 
Simon L. B. Nielsen
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D212A942-B3B1-4A3C-A292-C5CFF102BD3C>