From owner-svn-ports-head@FreeBSD.ORG  Mon Jul 30 12:42:33 2012
Return-Path: <owner-svn-ports-head@FreeBSD.ORG>
Delivered-To: svn-ports-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 353E9106566C;
	Mon, 30 Jul 2012 12:42:33 +0000 (UTC) (envelope-from zi@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 152CD8FC0A;
	Mon, 30 Jul 2012 12:42:33 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q6UCgWQG093630;
	Mon, 30 Jul 2012 12:42:32 GMT (envelope-from zi@svn.freebsd.org)
Received: (from zi@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q6UCgWWd093626;
	Mon, 30 Jul 2012 12:42:32 GMT (envelope-from zi@svn.freebsd.org)
Message-Id: <201207301242.q6UCgWWd093626@svn.freebsd.org>
From: Ryan Steinmetz <zi@FreeBSD.org>
Date: Mon, 30 Jul 2012 12:42:32 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
	svn-ports-head@freebsd.org
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r301716 - in head: net/isc-dhcp41-server security/vuxml
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the ports tree for head
	<svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>, 
	<mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
	<mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jul 2012 12:42:33 -0000

Author: zi
Date: Mon Jul 30 12:42:32 2012
New Revision: 301716
URL: http://svn.freebsd.org/changeset/ports/301716

Log:
  - Update net/isc-dhcp41-server to 4.1-ESV-R6 [1]
  - Document vulnerabilities in net/isc-dhcp41-server
  - Cleanup formatting in vuxml
  
  PR:		ports/170245 [1]
  Submitted by:	Douglas Thrift <douglas@douglasthrift.net> (maintainer) [1]
  Security:	c7fa3618-d5ff-11e1-90a2-000c299b62e1

Modified:
  head/net/isc-dhcp41-server/Makefile
  head/net/isc-dhcp41-server/distinfo
  head/security/vuxml/vuln.xml

Modified: head/net/isc-dhcp41-server/Makefile
==============================================================================
--- head/net/isc-dhcp41-server/Makefile	Mon Jul 30 12:10:39 2012	(r301715)
+++ head/net/isc-dhcp41-server/Makefile	Mon Jul 30 12:42:32 2012	(r301716)
@@ -21,10 +21,10 @@ COMMENT?=	The ISC Dynamic Host Configura
 
 LICENSE=	ISCL
 
-PATCHLEVEL=	R5
-PORTREVISION_SERVER=	4
-PORTREVISION_CLIENT=	1
-PORTREVISION_RELAY=	4
+PATCHLEVEL=	R6
+PORTREVISION_SERVER=	5
+PORTREVISION_CLIENT=	2
+PORTREVISION_RELAY=	5
 
 SUBSYS?=	server
 WRKSRC=		${WRKDIR}/${PORTNAME}-${DISTVERSION}-${PATCHLEVEL}

Modified: head/net/isc-dhcp41-server/distinfo
==============================================================================
--- head/net/isc-dhcp41-server/distinfo	Mon Jul 30 12:10:39 2012	(r301715)
+++ head/net/isc-dhcp41-server/distinfo	Mon Jul 30 12:42:32 2012	(r301716)
@@ -1,4 +1,4 @@
-SHA256 (dhcp-4.1-ESV-R5.tar.gz) = c028fd6f9c1fff38fd0ae21cc89a70912e0eb759ea1019fb25b145cf14527583
-SIZE (dhcp-4.1-ESV-R5.tar.gz) = 1120684
+SHA256 (dhcp-4.1-ESV-R6.tar.gz) = deb666a1ab02dd1375c0ebd237ce1fcb3e4d9e7be520d25ba25f1f40eb0ead9e
+SIZE (dhcp-4.1-ESV-R6.tar.gz) = 1121186
 SHA256 (ldap-for-dhcp-4.1.1-2.tar.gz) = 566b7be2ebefdc583d0bf0095c804ba69807b67e5cc29a2b64b1b39202b37d0d
 SIZE (ldap-for-dhcp-4.1.1-2.tar.gz) = 39004

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon Jul 30 12:10:39 2012	(r301715)
+++ head/security/vuxml/vuln.xml	Mon Jul 30 12:42:32 2012	(r301716)
@@ -67,28 +67,28 @@ Note:  Please add new entries to the beg
 	<h1>A Bugzilla Security Advisory reports:</h1>
 	<blockquote cite="http://www.bugzilla.org/security/3.6.9/">
 	  <p>The following security issues have been discovered in
-	    Bugzilla:</p>
+	     Bugzilla:</p>
 	  <h1>Information Leak</h1>
 	  <p>Versions: 4.1.1 to 4.2.1, 4.3.1</p>
 	  <p>In HTML bugmails, all bug IDs and attachment IDs are
-	   linkified, and hovering these links displays a tooltip
-	   with the bug summary or the attachment description if
-	   the user is allowed to see the bug or attachment.
-	   But when validating user permissions when generating the
-	   email, the permissions of the user who edited the bug were
-	   taken into account instead of the permissions of the
-	   addressee. This means that confidential information could
-	   be disclosed to the addressee if the other user has more
-	   privileges than the addressee.
-	   Plain text bugmails are not affected as bug and attachment
-	   IDs are not linkified.</p>
+	     linkified, and hovering these links displays a tooltip
+	     with the bug summary or the attachment description if
+	     the user is allowed to see the bug or attachment.
+	     But when validating user permissions when generating the
+	     email, the permissions of the user who edited the bug were
+	     taken into account instead of the permissions of the
+	     addressee. This means that confidential information could
+	     be disclosed to the addressee if the other user has more
+	     privileges than the addressee.
+	     Plain text bugmails are not affected as bug and attachment
+	     IDs are not linkified.</p>
 	  <h1>Information Leak</h1>
-           <p>Versions: 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to
-            4.2.1, 4.3.1</p>
+          <p>Versions: 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to
+              4.2.1, 4.3.1</p>
 	  <p>The description of a private attachment could be visible
-	   to a user who hasn't permissions to access this attachment
-	   if the attachment ID is mentioned in a public comment in
-	   a bug that the user can see.</p>
+	     to a user who hasn't permissions to access this attachment
+	     if the attachment ID is mentioned in a public comment in
+	     a bug that the user can see.</p>
 	</blockquote>
       </body>
     </description>
@@ -176,13 +176,13 @@ Note:  Please add new entries to the beg
 	<p>The RT development team reports:</p>
 	<blockquote cite="http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html">
 	  <p>RT::Authen::ExternalAuth 0.10 and below (for all versions
-	  of RT) are vulnerable to an escalation of privilege attack
-	  where the URL of a RSS feed of the user can be used to
-	  acquire a fully logged-in session as that user.
-	  CVE-2012-2770 has been assigned to this vulnerability.</p>
+	     of RT) are vulnerable to an escalation of privilege attack
+	     where the URL of a RSS feed of the user can be used to
+	     acquire a fully logged-in session as that user.
+	     CVE-2012-2770 has been assigned to this vulnerability.</p>
 	  <p>Users of RT 3.8.2 and above should upgrade to
-	  RT::Authen::ExternalAuth 0.11, which resolves this
-	  vulnerability.</p>
+	     RT::Authen::ExternalAuth 0.11, which resolves this
+	     vulnerability.</p>
 	</blockquote>
       </body>
     </description>
@@ -200,6 +200,10 @@ Note:  Please add new entries to the beg
     <topic>isc-dhcp -- multiple vulnerabilities</topic>
     <affects>
       <package>
+	<name>isc-dhcp41-server</name>
+	<range><lt>4.1.e_5,2</lt></range>
+      </package>
+      <package>
 	<name>isc-dhcp42-server</name>
 	<range><lt>4.2.4_1</lt></range>
       </package>