From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Sep 22 20:40:24 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D74C416A4D1 for ; Wed, 22 Sep 2004 20:40:24 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8056643D53 for ; Wed, 22 Sep 2004 20:40:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i8MKeK8g023411 for ; Wed, 22 Sep 2004 20:40:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i8MKeKb7023410; Wed, 22 Sep 2004 20:40:20 GMT (envelope-from gnats) Resent-Date: Wed, 22 Sep 2004 20:40:20 GMT Resent-Message-Id: <200409222040.i8MKeKb7023410@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Andrew Thompson Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B10B316A4CF for ; Wed, 22 Sep 2004 20:35:20 +0000 (GMT) Received: from thingy.tbd.co.nz (thingy.tbd.co.nz [210.48.70.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F52943D55 for ; Wed, 22 Sep 2004 20:35:19 +0000 (GMT) (envelope-from thompsa@thingy.tbd.co.nz) Received: from thingy.tbd.co.nz (localhost [127.0.0.1])i8MKhQCc004940 for ; Thu, 23 Sep 2004 08:43:26 +1200 Received: (from thompsa@localhost) by thingy.tbd.co.nz (8.12.3/8.12.3/Debian-6.6) id i8MKhPx0004914 for FreeBSD-gnats-submit@freebsd.org; Thu, 23 Sep 2004 08:43:25 +1200 Message-Id: <20040922204325.GA24831@thingy.tbd.co.nz> Date: Thu, 23 Sep 2004 08:43:25 +1200 From: Andrew Thompson To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/72012: [maintainer-update] security update for net/freeradius X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 20:40:25 -0000 >Number: 72012 >Category: ports >Synopsis: [maintainer-update] security update for net/freeradius >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Sep 22 20:40:19 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Andrew Thompson >Release: FreeBSD 5.2-CURRENT i386 >Organization: >Environment: System: FreeBSD nhs1.fire.org.nz 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Wed Aug 11 12:00:31 NZST 2004 thompsa@nhs1.fire.org.nz:/usr/obj/usr/src/sys/NHS1 i386 >Description: Update to 1.0.1 for the following bug-fixes. (no functionality changes) *Please commit before 5.3* Denial-of-Service Security Fix * Fix two remote crashes and a memory leak in RADIUS packet decoding. Bug fixes. * Fix premature "success" during EAP/TLS handshake. * Dictionary handling now complains about identically named values with different values, and rejects dictionary entries with bad data * Update dictionaries to deal with the above change. >How-To-Repeat: >Fix: diff -urN net/freeradius.orig/Makefile net/freeradius/Makefile --- net/freeradius.orig/Makefile Thu Sep 23 08:23:51 2004 +++ net/freeradius/Makefile Thu Sep 23 08:24:11 2004 @@ -6,7 +6,7 @@ # PORTNAME= freeradius -PORTVERSION= 1.0.0 +PORTVERSION= 1.0.1 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \ ftp://ftp.Awfulhak.org/pub/radius/ diff -urN net/freeradius.orig/distinfo net/freeradius/distinfo --- net/freeradius.orig/distinfo Thu Sep 23 08:23:51 2004 +++ net/freeradius/distinfo Thu Sep 23 08:24:58 2004 @@ -1,2 +1,2 @@ -MD5 (freeradius-1.0.0.tar.gz) = 4755295e786c2d119c6749cc4dc66e10 -SIZE (freeradius-1.0.0.tar.gz) = 2199631 +MD5 (freeradius-1.0.1.tar.gz) = abc30cb71367f859ceed4de6477cd59f +SIZE (freeradius-1.0.1.tar.gz) = 2237745 >Release-Note: >Audit-Trail: >Unformatted: