cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist ports/ports-mgmt/portaudit/files portaudit-cmd.sh

Olli Hauer ohauer at FreeBSD.org
Sun Mar 11 21:59:38 UTC 2012


On 2012-03-11 22:32, Simon L. Nielsen wrote:
> simon       2012-03-11 21:32:58 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     ports-mgmt/portaudit Makefile pkg-plist 
>     ports-mgmt/portaudit/files portaudit-cmd.sh 
>   Log:
>   Portaudit 0.6.0:
>   
>   Fix remote code execution which can occur with a specially crafted
>   audit file.  The attacker would need to get the portaudit(1) to
>   download the bad audit database, e.g. by performing a man in the
>   middle attack.
>   
>   Add signature verification of the portaudit database.  The public key
>   is for the database generated for portaudit.FreeBSD.org is included
>   in the distribution.
>   
>   Submitted by:   Michael Gmelin <freebsd at grem.de>
>   Reported by:    Michael Gmelin <freebsd at grem.de>, Joerg Scheinert
>   Security:       Remote code execution
>   Security:       http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
>   Feature safe:   yes
>   With hat:       so
>   
>   Revision  Changes    Path
>   1.30      +2 -1      ports/ports-mgmt/portaudit/Makefile
>   1.20      +69 -10    ports/ports-mgmt/portaudit/files/portaudit-cmd.sh
>   1.6       +1 -0      ports/ports-mgmt/portaudit/pkg-plist
> 
> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/Makefile.diff?&r1=1.29&r2=1.30&f=h
> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/files/portaudit-cmd.sh.diff?&r1=1.19&r2=1.20&f=h
> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/pkg-plist.diff?&r1=1.5&r2=1.6&f=h
> 


Hi Simon,

seems the public key was not committed.

and thanks for removing the annoying ""Vulnerability check disabled ..." message


More information about the cvs-ports mailing list