Date: Sun, 30 Jun 2002 02:14:29 +0300 (EEST) From: Andrey Simonenko <simon@simon.org.ua> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/40020: URGENT: maintainer updates port sysutils/ipa 1.2.6 -> 1.2.7 Message-ID: <20020630021208.P29001-100000@lion.com.ua>
next in thread | raw e-mail | index | archive | help
>Number: 40020 >Category: ports >Synopsis: URGENT maintainer update port sysutils/ipa 1.2.6 -> 1.2.7 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Jun 29 16:20:02 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Andrey Simonenko >Release: FreeBSD 4.6-RC i386 >Organization: >Environment: FreeBSD 4.6-RC i386 >Description: Please update port sysutils/ipa 1.2.6 -> 1.2.7 as quickly as possible. I broked some functionality of IPA, but removed security problem from IPA (strange that nobody reported me about security problem with ipastat(8)). 1.2.7 30/06/2002 released - SECURITY PROBLEM: I removed SUID bit from ipastat(8) due to security problems, and don't even try to set it back. Admins who use the "db_owner" parameter *and* use some safe user/group, *and* din't forget to set the same safe user/group for the ipastat(8) program, as it was said in the SECURITY NOTE on the ipastat(8) manual page, should not worry a lot. Admins, who ignored that SECURITY NOTE, should double check security of their systems and change all passwords, secrets keys, etc., if you think that somebody cracked your systems by ipastat(8). I'm sorry about this sad program mistake. >How-To-Repeat: >Fix: diff -ruN ipa.orig/Makefile ipa/Makefile --- ipa.orig/Makefile Thu Jun 20 20:50:40 2002 +++ ipa/Makefile Sun Jun 30 01:58:04 2002 @@ -6,7 +6,7 @@ # PORTNAME= ipa -PORTVERSION= 1.2.6 +PORTVERSION= 1.2.7 CATEGORIES= sysutils MASTER_SITES= http://www.simon.org.ua/ipa/ \ http://www.mirrors.wiretapped.net/security/network-monitoring/ipa/ \ diff -ruN ipa.orig/distinfo ipa/distinfo --- ipa.orig/distinfo Thu Jun 20 20:50:40 2002 +++ ipa/distinfo Sun Jun 30 01:58:07 2002 @@ -1 +1 @@ -MD5 (ipa-1.2.6.tar.gz) = 28837faea0aa9147da1954200c8e843d +MD5 (ipa-1.2.7.tar.gz) = db3ea4565917a6fbe35da953647e15e0 >Release-Note: >Audit-Trail: >Unformatted: To: FreeBSD-gnats-submit@freebsd.org From: Andrey Simonenko <simon@simon.org.ua> Reply-To: Andrey Simonenko <simon@simon.org.ua> Cc: X-send-pr-version: 3.113 X-GNATS-Notify: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020630021208.P29001-100000>