Date: Thu, 25 Jul 2013 18:29:27 +0000 (UTC) From: Benjamin Kaduk <bjk@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r323659 - in head: . net/openafs security/vuxml Message-ID: <201307251829.r6PITRYj038739@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bjk (doc committer) Date: Thu Jul 25 18:29:27 2013 New Revision: 323659 URL: http://svnweb.freebsd.org/changeset/ports/323659 Log: Update to 1.6.5 This is a security release by upstream, and requires configuration changes in addition to the software update. See UPDATING. Reviewed by: ports-security (zi, remko) Approved by: hrs (mentor, ports committer) Modified: head/UPDATING head/net/openafs/Makefile head/net/openafs/distinfo head/security/vuxml/vuln.xml Modified: head/UPDATING ============================================================================== --- head/UPDATING Thu Jul 25 18:05:05 2013 (r323658) +++ head/UPDATING Thu Jul 25 18:29:27 2013 (r323659) @@ -5,6 +5,17 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20130725: + AFFECTS: users of net/openafs + AUTHOR: bjk@FreeBSD.org + + The OpenAFS 1.6.5 release is a security release which requires substantial + configuration changes to the AFS servers in addition to the software update, + in order to be fully protected. The entry for OPENAFS-SA-2013-003 on + http://www.openafs.org/security/ has links to the upgrade documentation. + The procedure involves rekeying the cell to a non-DES krb5 key, stored in + a krb5 keytab named rxkad.keytab in PREFIX/etc/openafs/server/. + 20130720: AFFECTS: users of japanese/mozc-server and japanese/mozc-el AUTHOR: hrs@FreeBSD.org Modified: head/net/openafs/Makefile ============================================================================== --- head/net/openafs/Makefile Thu Jul 25 18:05:05 2013 (r323658) +++ head/net/openafs/Makefile Thu Jul 25 18:29:27 2013 (r323659) @@ -21,7 +21,7 @@ LICENSE_NAME= IBM Public License Version LICENSE_FILE= ${WRKSRC}/doc/LICENSE LICENSE_PERMS= auto-accept -AFS_DISTVERSION= 1.6.4 +AFS_DISTVERSION= 1.6.5 DBVERSION= 2013-01-28 OPTIONS_DEFINE= FUSE Modified: head/net/openafs/distinfo ============================================================================== --- head/net/openafs/distinfo Thu Jul 25 18:05:05 2013 (r323658) +++ head/net/openafs/distinfo Thu Jul 25 18:29:27 2013 (r323659) @@ -1,6 +1,6 @@ -SHA256 (openafs-1.6.4-src.tar.bz2) = a724d23c0cf942e2c463487b4ce213db41ac5801c8a8d74d372d5757313224d7 -SIZE (openafs-1.6.4-src.tar.bz2) = 14562800 -SHA256 (openafs-1.6.4-doc.tar.bz2) = e0953c67dc9eee6bb4494d935e4e7ae560332405f670315ecc86c178fde2c93e -SIZE (openafs-1.6.4-doc.tar.bz2) = 3493373 +SHA256 (openafs-1.6.5-src.tar.bz2) = 176fab2d710d8dcf566f5aa229fd796dd8165561d57590e32790a3034a195ef2 +SIZE (openafs-1.6.5-src.tar.bz2) = 14400420 +SHA256 (openafs-1.6.5-doc.tar.bz2) = 754ce1fd1c3b9026883453d5cde1705452568f4e54e86fbf02a75debf8f57f2f +SIZE (openafs-1.6.5-doc.tar.bz2) = 3488188 SHA256 (CellServDB.2013-01-28) = faa755c6e13d8a71182a4036d1cee01bce49fb2a93feb6499683f22049391a17 SIZE (CellServDB.2013-01-28) = 36787 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Jul 25 18:05:05 2013 (r323658) +++ head/security/vuxml/vuln.xml Thu Jul 25 18:29:27 2013 (r323659) @@ -51,6 +51,37 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="c4d412c8-f4d1-11e2-b86c-000c295229d5"> + <topic>openafs -- single-DES cell-wide key brute force vulnerability</topic> + <affects> + <package> + <name>openafs</name> + <range><lt>1.6.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>OpenAFS Project reports:</p> + <blockquote cite="http://openafs.org/pages/security/OPENAFS-SA-2013-003.txt">; + <p>The small size of the DES key space permits an attacker to brute + force a cell's service key and then forge traffic from any user + within the cell. The key space search can be performed in under 1 + day at a cost of around $100 using publicly available services.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-4134</cvename> + <url>http://openafs.org/pages/security/OPENAFS-SA-2013-003.txt</url>; + <url>http://openafs.org/pages/security/how-to-rekey.txt</url>; + <url>http://openafs.org/pages/security/install-rxkad-k5-1.6.txt</url>; + </references> + <dates> + <discovery>2013-07-24</discovery> + <entry>2013-07-25</entry> + </dates> + </vuln> + <vuln vid="2ae24334-f2e6-11e2-8346-001e8c75030d"> <topic>subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307251829.r6PITRYj038739>