From owner-freebsd-ports-bugs@FreeBSD.ORG  Mon Aug 31 19:00:13 2009
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BEE71106568B
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Mon, 31 Aug 2009 19:00:13 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 963AC8FC1A
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Mon, 31 Aug 2009 19:00:13 +0000 (UTC)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n7VJ0Dsk049356
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Mon, 31 Aug 2009 19:00:13 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n7VJ0Dnm049355;
	Mon, 31 Aug 2009 19:00:13 GMT (envelope-from gnats)
Resent-Date: Mon, 31 Aug 2009 19:00:13 GMT
Resent-Message-Id: <200908311900.n7VJ0Dnm049355@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Matthias Andree <matthias.andree@gmx.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9BA39106566C
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 31 Aug 2009 18:56:52 +0000 (UTC)
	(envelope-from matthias.andree@gmx.de)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by mx1.freebsd.org (Postfix) with SMTP id 089378FC1A
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 31 Aug 2009 18:56:51 +0000 (UTC)
Received: (qmail invoked by alias); 31 Aug 2009 18:56:45 -0000
Received: from g229215065.adsl.alicedsl.de (EHLO mandree.no-ip.org)
	[92.229.215.65]
	by mail.gmx.net (mp008) with SMTP; 31 Aug 2009 20:56:45 +0200
Received: from rho.emma.line.org (vmfreebsd [192.168.0.6])
	by merlin.emma.line.org (Postfix) with ESMTP id CD37894616;
	Mon, 31 Aug 2009 20:56:42 +0200 (CEST)
Received: by rho.emma.line.org (Postfix, from userid 500)
	id 1B3B533E77; Mon, 31 Aug 2009 20:56:42 +0200 (CEST)
Message-Id: <20090831185642.1B3B533E77@rho.emma.line.org>
Date: Mon, 31 Aug 2009 20:56:41 +0200 (CEST)
From: Matthias Andree <matthias.andree@gmx.de>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/138415: [MAINTAINER] dns/dnsmasq: SECURITY update to 2.50
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2009 19:00:13 -0000


>Number:         138415
>Category:       ports
>Synopsis:       [MAINTAINER] dns/dnsmasq: SECURITY update to 2.50
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 31 19:00:13 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 7.2-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD rho.emma.line.org 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #0: Wed Jun 24 00:57:44 UTC 2009
>Description:
- Update to 2.50, complete changelog:
            Fix security problem which allowed any host permitted to
            do TFTP to possibly compromise dnsmasq by remote buffer
            overflow when TFTP enabled. Thanks to Core Security
            Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
            Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
            Pablo Annetta. This problem has Bugtraq id: 36121
            and CVE: 2009-2957
 
            Fix a problem which allowed a malicious TFTP client to
            crash dnsmasq. Thanks to Steve Grubb at Red Hat for
            spotting this. This problem has Bugtraq id: 36120 and
            CVE: 2009-2958

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- dnsmasq-2.50.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/dns/dnsmasq/Makefile,v
retrieving revision 1.55
diff -u -u -r1.55 Makefile
--- Makefile	13 Aug 2009 21:05:45 -0000	1.55
+++ Makefile	31 Aug 2009 18:55:33 -0000
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	dnsmasq
-PORTVERSION=	2.49
-PORTREVISION=	2
+PORTVERSION=	2.50
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://www.thekelleys.org.uk/dnsmasq/ \
 		${MASTER_SITE_GENTOO}
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/dns/dnsmasq/distinfo,v
retrieving revision 1.39
diff -u -u -r1.39 distinfo
--- distinfo	15 Jun 2009 21:07:27 -0000	1.39
+++ distinfo	31 Aug 2009 18:55:33 -0000
@@ -1,3 +1,3 @@
-MD5 (dnsmasq-2.49.tar.gz) = 7ccc861d8a733474f9c0a0a127006ee9
-SHA256 (dnsmasq-2.49.tar.gz) = 41cf32fc496a216d33d75b00fc3bf0386f4cb3b89996a853dc3bb78c09f30b31
-SIZE (dnsmasq-2.49.tar.gz) = 407342
+MD5 (dnsmasq-2.50.tar.gz) = f7b1e17c590e493039537434c57c9de7
+SHA256 (dnsmasq-2.50.tar.gz) = 43cb239cc10803fbc39fe1424b7481e7e1e553476a88c6d691b60da44762a60f
+SIZE (dnsmasq-2.50.tar.gz) = 402668
--- dnsmasq-2.50.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted: