From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Aug 11 19:10:10 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A1E91065673 for ; Thu, 11 Aug 2011 19:10:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 05F408FC12 for ; Thu, 11 Aug 2011 19:10:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p7BJA8vf036207 for ; Thu, 11 Aug 2011 19:10:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p7BJA8gx036206; Thu, 11 Aug 2011 19:10:08 GMT (envelope-from gnats) Resent-Date: Thu, 11 Aug 2011 19:10:08 GMT Resent-Message-Id: <201108111910.p7BJA8gx036206@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Wesley Shields Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C3671065677; Thu, 11 Aug 2011 19:00:21 +0000 (UTC) (envelope-from wxs@atarininja.org) Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.49.45]) by mx1.freebsd.org (Postfix) with ESMTP id 7F56D8FC29; Thu, 11 Aug 2011 19:00:16 +0000 (UTC) Received: by syn.atarininja.org (Postfix, from userid 1001) id 5EF7D5C43; Thu, 11 Aug 2011 14:46:32 -0400 (EDT) Message-Id: <20110811184632.5EF7D5C43@syn.atarininja.org> Date: Thu, 11 Aug 2011 14:46:32 -0400 (EDT) From: Wesley Shields To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: jpaetzel@FreeBSD.org, douglas@douglasthrift.net Subject: ports/159698: [SECURITY UPDATE]: Update net/isc-dhcp31-server and net/isc-dhcp41-server X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Wesley Shields List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Aug 2011 19:10:10 -0000 >Number: 159698 >Category: ports >Synopsis: [SECURITY UPDATE]: Update net/isc-dhcp31-server and net/isc-dhcp41-server >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Aug 11 19:10:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Wesley Shields >Release: FreeBSD 8.2-RELEASE-p2 amd64 >Organization: >Environment: System: FreeBSD syn.csh.rit.edu 8.2-RELEASE-p2 FreeBSD 8.2-RELEASE-p2 #3: Sun May 29 08:12:53 EDT 2011 root@syn.csh.rit.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: ISC released an advisory for their DHCP server. The attached patch updates both net/isc-dhcp41-server and net/isc-dhcp31-server to their latest versions. I'm also attaching a vuxml entry for this. I'm willing to commit both of these immediately, given that they are security relevant. However, since they are at least in the case of net/isc-dhcp31-server contain other updates (going to -R3 skipping -R1, -R2 was never released) I'd like to give Josh a couple of days to comment on it. http://www.isc.org/software/dhcp/advisories/cve-2011-2748 >How-To-Repeat: N/A >Fix: Index: vuln.xml =================================================================== RCS file: /ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.2406 diff -u -r1.2406 vuln.xml --- vuln.xml 11 Aug 2011 08:37:56 -0000 1.2406 +++ vuln.xml 11 Aug 2011 18:34:23 -0000 @@ -34,6 +34,38 @@ --> + + isc-dhcp-server -- server halt upon processing certain packets + + + isc-dhcp31-server + 3.1.ESV_1,1 + + + isc-dhcp41-server + isc-dhcp41-server-4.1.e_2,2 + + + + +

ISC reports:

+
+

A pair of defects cause the server to halt upon processing certain + packets. The patch is to properly discard or process those packets. +

+
+ + + + CVE-2011-2748 + CVE-2011-2749 + + + 2011-11-10 + 2011-04-11 + + + libXfont -- possible local privilege escalation Index: net/isc-dhcp31-server/Makefile =================================================================== RCS file: /ncvs/ports/net/isc-dhcp31-server/Makefile,v retrieving revision 1.134 diff -u -r1.134 Makefile --- net/isc-dhcp31-server/Makefile 10 Jul 2011 03:24:46 -0000 1.134 +++ net/isc-dhcp31-server/Makefile 11 Aug 2011 18:37:21 -0000 @@ -15,12 +15,12 @@ MASTER_SITE_SUBDIR= dhcp dhcp/dhcp-3.1-history PKGNAMEPREFIX= isc- PKGNAMESUFFIX= 31-${SUBSYS} -DISTNAME= ${PORTNAME}-3.1-ESV +DISTNAME= ${PORTNAME}-3.1-ESV-R3 MAINTAINER= jpaetzel@FreeBSD.org COMMENT?= The ISC Dynamic Host Configuration Protocol server -PORTREVISION_SERVER= 0 +PORTREVISION_SERVER= 1 PORTREVISION_CLIENT= 0 PORTREVISION_RELAY= 0 PORTREVISION_DEVEL= 0 Index: net/isc-dhcp31-server/distinfo =================================================================== RCS file: /ncvs/ports/net/isc-dhcp31-server/distinfo,v retrieving revision 1.64 diff -u -r1.64 distinfo --- net/isc-dhcp31-server/distinfo 20 Mar 2011 12:51:32 -0000 1.64 +++ net/isc-dhcp31-server/distinfo 11 Aug 2011 18:32:26 -0000 @@ -1,2 +1,2 @@ -SHA256 (dhcp-3.1-ESV.tar.gz) = e316b7dc34f05e38724273a473f823719281f229a71a80bc358f8e74687fd7d7 -SIZE (dhcp-3.1-ESV.tar.gz) = 797454 +SHA256 (dhcp-3.1-ESV-R3.tar.gz) = fb86e124c1fe57d6d6376ceb3eb025320cce5b98002b614e1540fc21a88d6bc6 +SIZE (dhcp-3.1-ESV-R3.tar.gz) = 799075 Index: net/isc-dhcp41-server/Makefile =================================================================== RCS file: /ncvs/ports/net/isc-dhcp41-server/Makefile,v retrieving revision 1.24 diff -u -r1.24 Makefile --- net/isc-dhcp41-server/Makefile 10 Jul 2011 03:24:46 -0000 1.24 +++ net/isc-dhcp41-server/Makefile 11 Aug 2011 18:31:53 -0000 @@ -21,8 +21,8 @@ LICENSE= ISCL -PATCHLEVEL= R2 -PORTREVISION_SERVER= 1 +PATCHLEVEL= R3 +PORTREVISION_SERVER= 2 PORTREVISION_CLIENT= 0 PORTREVISION_RELAY= 2 Index: net/isc-dhcp41-server/distinfo =================================================================== RCS file: /ncvs/ports/net/isc-dhcp41-server/distinfo,v retrieving revision 1.6 diff -u -r1.6 distinfo --- net/isc-dhcp41-server/distinfo 10 Apr 2011 21:40:52 -0000 1.6 +++ net/isc-dhcp41-server/distinfo 11 Aug 2011 18:31:38 -0000 @@ -1,4 +1,2 @@ -SHA256 (dhcp-4.1-ESV-R2.tar.gz) = 49fa6f00ceee536e1e66698cc416279d333f833e41d545185a5b8684638cff03 -SIZE (dhcp-4.1-ESV-R2.tar.gz) = 1094285 -SHA256 (ldap-for-dhcp-4.1.1-2.tar.gz) = 566b7be2ebefdc583d0bf0095c804ba69807b67e5cc29a2b64b1b39202b37d0d -SIZE (ldap-for-dhcp-4.1.1-2.tar.gz) = 39004 +SHA256 (dhcp-4.1-ESV-R3.tar.gz) = 0bed3380e1daf6f17e3524d5ef282c8f0d2ca1f455479463bf15f0d44b76c615 +SIZE (dhcp-4.1-ESV-R3.tar.gz) = 1103284 >Release-Note: >Audit-Trail: >Unformatted: