From owner-svn-ports-head@FreeBSD.ORG Thu Jul 25 18:29:28 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id C6C3F609; Thu, 25 Jul 2013 18:29:28 +0000 (UTC) (envelope-from bjk@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9A12B28A4; Thu, 25 Jul 2013 18:29:28 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6PITSwA038745; Thu, 25 Jul 2013 18:29:28 GMT (envelope-from bjk@svn.freebsd.org) Received: (from bjk@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r6PITRYj038739; Thu, 25 Jul 2013 18:29:27 GMT (envelope-from bjk@svn.freebsd.org) Message-Id: <201307251829.r6PITRYj038739@svn.freebsd.org> From: Benjamin Kaduk Date: Thu, 25 Jul 2013 18:29:27 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r323659 - in head: . net/openafs security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jul 2013 18:29:28 -0000 Author: bjk (doc committer) Date: Thu Jul 25 18:29:27 2013 New Revision: 323659 URL: http://svnweb.freebsd.org/changeset/ports/323659 Log: Update to 1.6.5 This is a security release by upstream, and requires configuration changes in addition to the software update. See UPDATING. Reviewed by: ports-security (zi, remko) Approved by: hrs (mentor, ports committer) Modified: head/UPDATING head/net/openafs/Makefile head/net/openafs/distinfo head/security/vuxml/vuln.xml Modified: head/UPDATING ============================================================================== --- head/UPDATING Thu Jul 25 18:05:05 2013 (r323658) +++ head/UPDATING Thu Jul 25 18:29:27 2013 (r323659) @@ -5,6 +5,17 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20130725: + AFFECTS: users of net/openafs + AUTHOR: bjk@FreeBSD.org + + The OpenAFS 1.6.5 release is a security release which requires substantial + configuration changes to the AFS servers in addition to the software update, + in order to be fully protected. The entry for OPENAFS-SA-2013-003 on + http://www.openafs.org/security/ has links to the upgrade documentation. + The procedure involves rekeying the cell to a non-DES krb5 key, stored in + a krb5 keytab named rxkad.keytab in PREFIX/etc/openafs/server/. + 20130720: AFFECTS: users of japanese/mozc-server and japanese/mozc-el AUTHOR: hrs@FreeBSD.org Modified: head/net/openafs/Makefile ============================================================================== --- head/net/openafs/Makefile Thu Jul 25 18:05:05 2013 (r323658) +++ head/net/openafs/Makefile Thu Jul 25 18:29:27 2013 (r323659) @@ -21,7 +21,7 @@ LICENSE_NAME= IBM Public License Version LICENSE_FILE= ${WRKSRC}/doc/LICENSE LICENSE_PERMS= auto-accept -AFS_DISTVERSION= 1.6.4 +AFS_DISTVERSION= 1.6.5 DBVERSION= 2013-01-28 OPTIONS_DEFINE= FUSE Modified: head/net/openafs/distinfo ============================================================================== --- head/net/openafs/distinfo Thu Jul 25 18:05:05 2013 (r323658) +++ head/net/openafs/distinfo Thu Jul 25 18:29:27 2013 (r323659) @@ -1,6 +1,6 @@ -SHA256 (openafs-1.6.4-src.tar.bz2) = a724d23c0cf942e2c463487b4ce213db41ac5801c8a8d74d372d5757313224d7 -SIZE (openafs-1.6.4-src.tar.bz2) = 14562800 -SHA256 (openafs-1.6.4-doc.tar.bz2) = e0953c67dc9eee6bb4494d935e4e7ae560332405f670315ecc86c178fde2c93e -SIZE (openafs-1.6.4-doc.tar.bz2) = 3493373 +SHA256 (openafs-1.6.5-src.tar.bz2) = 176fab2d710d8dcf566f5aa229fd796dd8165561d57590e32790a3034a195ef2 +SIZE (openafs-1.6.5-src.tar.bz2) = 14400420 +SHA256 (openafs-1.6.5-doc.tar.bz2) = 754ce1fd1c3b9026883453d5cde1705452568f4e54e86fbf02a75debf8f57f2f +SIZE (openafs-1.6.5-doc.tar.bz2) = 3488188 SHA256 (CellServDB.2013-01-28) = faa755c6e13d8a71182a4036d1cee01bce49fb2a93feb6499683f22049391a17 SIZE (CellServDB.2013-01-28) = 36787 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Jul 25 18:05:05 2013 (r323658) +++ head/security/vuxml/vuln.xml Thu Jul 25 18:29:27 2013 (r323659) @@ -51,6 +51,37 @@ Note: Please add new entries to the beg --> + + openafs -- single-DES cell-wide key brute force vulnerability + + + openafs + 1.6.5 + + + + +

OpenAFS Project reports:

+
+

The small size of the DES key space permits an attacker to brute + force a cell's service key and then forge traffic from any user + within the cell. The key space search can be performed in under 1 + day at a cost of around $100 using publicly available services.

+
+ + + + CVE-2013-4134 + http://openafs.org/pages/security/OPENAFS-SA-2013-003.txt + http://openafs.org/pages/security/how-to-rekey.txt + http://openafs.org/pages/security/install-rxkad-k5-1.6.txt + + + 2013-07-24 + 2013-07-25 + + + subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.