From douglas@slowhand.douglasthrift.net  Sun Jul 29 05:37:09 2012
Return-Path: <douglas@slowhand.douglasthrift.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 96589106566B;
	Sun, 29 Jul 2012 05:37:09 +0000 (UTC)
	(envelope-from douglas@slowhand.douglasthrift.net)
Received: from slowhand.douglasthrift.net (slowhand.douglasthrift.net [69.55.236.40])
	by mx1.freebsd.org (Postfix) with ESMTP id 36A638FC08;
	Sun, 29 Jul 2012 05:37:09 +0000 (UTC)
Received: from slowhand.douglasthrift.net (douglas@slowhand.douglasthrift.net [69.55.236.40])
	by slowhand.douglasthrift.net (8.14.5/8.14.5) with ESMTP id q6T5b1Tg026518
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Sat, 28 Jul 2012 22:37:01 -0700 (PDT)
	(envelope-from douglas@slowhand.douglasthrift.net)
Received: (from douglas@localhost)
	by slowhand.douglasthrift.net (8.14.5/8.14.5/Submit) id q6T5b1nL026517;
	Sat, 28 Jul 2012 22:37:01 -0700 (PDT)
	(envelope-from douglas)
Message-Id: <201207290537.q6T5b1nL026517@slowhand.douglasthrift.net>
Date: Sat, 28 Jul 2012 22:37:01 -0700 (PDT)
From: <douglas@douglasthrift.net>
Reply-To: <douglas@douglasthrift.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc: douglas@douglasthrift.net, zi@freebsd.org
Subject: Update port: net/isc-dhcp41-server Upgrade to 4.1-ESV-R6
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         170245
>Category:       ports
>Synopsis:       Update port: net/isc-dhcp41-server Upgrade to 4.1-ESV-R6
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    zi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 29 05:40:01 UTC 2012
>Closed-Date:    Mon Jul 30 12:42:46 UTC 2012
>Last-Modified:  Mon Jul 30 12:50:06 UTC 2012
>Originator:     
>Release:        FreeBSD 8.0-RELEASE-p6 amd64
>Organization:
>Environment:
System: FreeBSD slowhand.douglasthrift.net 8.0-RELEASE-p6 FreeBSD 8.0-RELEASE-p6 #2: Wed Sep 28 21:40:42 PDT 2011 user@jail8.johncompanies.com:/usr/obj/usr/src/sys/jail8 amd64
>Description:
Upgraded net/isc-dhcp41-server to 4.1-ESV-R6.

https://redports.org/buildarchive/20120729045327-59756/
https://redports.org/buildarchive/20120729045226-47986/
https://redports.org/buildarchive/20120729035941-19277/

From RELNOTES:

            Changes since 4.1-ESV-R5

- Correct code to calculate timing values in client to compare
  rebind value to infinity instead of renew value.
  Thanks to Chenda Huang from H3C Technologies Co., Limited
  for reporting this issue.
  [ISC-Bugs #29062]

- Fix some issues in the code for parsing and printing options.
  [ISC-Bugs #22625] - properly print options that have several fields
  followed by an array of something for example "fIa"
  [ISC-Bugs #27289] - properly parse options in declarations that have
  several fields followed by an array of something for example "fIa"
  [ISC-Bugs #27296] - properly determine if we parsed a 16 or 32 bit
  value in evaluate_numeric_expression (extract-int).
  [ISC-Bugs #27314] - properly parse a zero length option from
  a lease file.  Thanks to Marius Tomaschewski from SUSE for the report
  and prototype patch for this ticket as well as ticket 27289.

! Previously the server code was relaxed to allow packets with zero
  length client ids to be processed.  Under some situations use of
  zero length client ids can cause the server to go into an infinite
  loop.  As such ids are not valid according to RFC 2132 section 9.14
  the server no longer accepts them.  Client ids with a length of 1
  are also invalid but the server still accepts them in order to
  minimize disruption.  The restriction will likely be tightened in
  the future to disallow ids with a length of 1.
  Thanks to Markus Hietava of Codenomicon CROSS project for the
  finding this issue and CERT-FI for vulnerability coordination.
  [ISC-Bugs #29851]
  CVE: CVE-2012-3571

! A pair of memory leaks were found and fixed.  Thanks to
  Glen Eustace of Massey University, New Zealand for finding
  this issue.
  [ISC-Bugs #30024]
  CVE: CVE-2012-3954
>How-To-Repeat:
>Fix:
--- isc-dhcp41-server.2012-07-29T053120Z.diff begins here ---
diff -Nrux .svn -x work /usr/ports/net/isc-dhcp41-server/Makefile isc-dhcp41-server/Makefile
--- /usr/ports/net/isc-dhcp41-server/Makefile	2012-06-17 23:03:31.000000000 -0700
+++ isc-dhcp41-server/Makefile	2012-07-28 18:45:45.000000000 -0700
@@ -21,10 +21,10 @@
 
 LICENSE=	ISCL
 
-PATCHLEVEL=	R5
-PORTREVISION_SERVER=	4
-PORTREVISION_CLIENT=	1
-PORTREVISION_RELAY=	4
+PATCHLEVEL=	R6
+PORTREVISION_SERVER=	5
+PORTREVISION_CLIENT=	2
+PORTREVISION_RELAY=	5
 
 SUBSYS?=	server
 WRKSRC=		${WRKDIR}/${PORTNAME}-${DISTVERSION}-${PATCHLEVEL}
diff -Nrux .svn -x work /usr/ports/net/isc-dhcp41-server/distinfo isc-dhcp41-server/distinfo
--- /usr/ports/net/isc-dhcp41-server/distinfo	2012-06-17 23:03:31.000000000 -0700
+++ isc-dhcp41-server/distinfo	2012-07-28 18:46:00.000000000 -0700
@@ -1,4 +1,4 @@
-SHA256 (dhcp-4.1-ESV-R5.tar.gz) = c028fd6f9c1fff38fd0ae21cc89a70912e0eb759ea1019fb25b145cf14527583
-SIZE (dhcp-4.1-ESV-R5.tar.gz) = 1120684
+SHA256 (dhcp-4.1-ESV-R6.tar.gz) = deb666a1ab02dd1375c0ebd237ce1fcb3e4d9e7be520d25ba25f1f40eb0ead9e
+SIZE (dhcp-4.1-ESV-R6.tar.gz) = 1121186
 SHA256 (ldap-for-dhcp-4.1.1-2.tar.gz) = 566b7be2ebefdc583d0bf0095c804ba69807b67e5cc29a2b64b1b39202b37d0d
 SIZE (ldap-for-dhcp-4.1.1-2.tar.gz) = 39004
--- isc-dhcp41-server.2012-07-29T053120Z.diff ends here ---
>Release-Note:
>Audit-Trail:

From: linimon@FreeBSD.org
To: bug-followup@FreeBSD.org, linimon@FreeBSD.org, gnats-admin@FreeBSD.org,
        freebsd-ports-bugs@FreeBSD.org
Cc:  
Subject: Re: ports/170246: Re: ports/170245: Update port: net/isc-dhcp41-server Upgrade to 4.1-ESV-46
Date: Mon, 30 Jul 2012 02:52:19 GMT

 Synopsis: Re: ports/170245: Update port: net/isc-dhcp41-server Upgrade to 4.1-ESV-46
 
 State-Changed-From-To: open->closed
 State-Changed-By: linimon
 State-Changed-When: Mon Jul 30 02:51:40 UTC 2012
 State-Changed-Why: 
 Misfiled followup to ports/170245; content migrated.
 
 
 Responsible-Changed-From-To: gnats-admin->freebsd-ports-bugs
 Responsible-Changed-By: linimon
 Responsible-Changed-When: Mon Jul 30 02:51:40 UTC 2012
 Responsible-Changed-Why: 
 
 http://www.freebsd.org/cgi/query-pr.cgi?pr=170246

Date: Sat, 28 Jul 2012 22:50:46 -0700
From: Douglas Thrift <douglas@douglasthrift.net>
To: bug-followup@FreeBSD.ORG
Subject: Re: ports/170245: Update port: net/isc-dhcp41-server Upgrade to 4.1-ESV-46

 Oops! Typo in the synopsis: 4.1-ESV-46 should be 4.1-ESV-R6.
 
 -- 
 Douglas William Thrift
 <douglas@douglasthrift.net>
 <http://douglasthrift.net/>
Responsible-Changed-From-To: freebsd-ports-bugs->zi 
Responsible-Changed-By: zi 
Responsible-Changed-When: Mon Jul 30 12:24:25 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=170245 
State-Changed-From-To: open->closed 
State-Changed-By: zi 
State-Changed-When: Mon Jul 30 12:42:45 UTC 2012 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=170245 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/170245: commit references a PR
Date: Mon, 30 Jul 2012 12:42:43 +0000 (UTC)

 Author: zi
 Date: Mon Jul 30 12:42:32 2012
 New Revision: 301716
 URL: http://svn.freebsd.org/changeset/ports/301716
 
 Log:
   - Update net/isc-dhcp41-server to 4.1-ESV-R6 [1]
   - Document vulnerabilities in net/isc-dhcp41-server
   - Cleanup formatting in vuxml
   
   PR:		ports/170245 [1]
   Submitted by:	Douglas Thrift <douglas@douglasthrift.net> (maintainer) [1]
   Security:	c7fa3618-d5ff-11e1-90a2-000c299b62e1
 
 Modified:
   head/net/isc-dhcp41-server/Makefile
   head/net/isc-dhcp41-server/distinfo
   head/security/vuxml/vuln.xml
 
 Modified: head/net/isc-dhcp41-server/Makefile
 ==============================================================================
 --- head/net/isc-dhcp41-server/Makefile	Mon Jul 30 12:10:39 2012	(r301715)
 +++ head/net/isc-dhcp41-server/Makefile	Mon Jul 30 12:42:32 2012	(r301716)
 @@ -21,10 +21,10 @@ COMMENT?=	The ISC Dynamic Host Configura
  
  LICENSE=	ISCL
  
 -PATCHLEVEL=	R5
 -PORTREVISION_SERVER=	4
 -PORTREVISION_CLIENT=	1
 -PORTREVISION_RELAY=	4
 +PATCHLEVEL=	R6
 +PORTREVISION_SERVER=	5
 +PORTREVISION_CLIENT=	2
 +PORTREVISION_RELAY=	5
  
  SUBSYS?=	server
  WRKSRC=		${WRKDIR}/${PORTNAME}-${DISTVERSION}-${PATCHLEVEL}
 
 Modified: head/net/isc-dhcp41-server/distinfo
 ==============================================================================
 --- head/net/isc-dhcp41-server/distinfo	Mon Jul 30 12:10:39 2012	(r301715)
 +++ head/net/isc-dhcp41-server/distinfo	Mon Jul 30 12:42:32 2012	(r301716)
 @@ -1,4 +1,4 @@
 -SHA256 (dhcp-4.1-ESV-R5.tar.gz) = c028fd6f9c1fff38fd0ae21cc89a70912e0eb759ea1019fb25b145cf14527583
 -SIZE (dhcp-4.1-ESV-R5.tar.gz) = 1120684
 +SHA256 (dhcp-4.1-ESV-R6.tar.gz) = deb666a1ab02dd1375c0ebd237ce1fcb3e4d9e7be520d25ba25f1f40eb0ead9e
 +SIZE (dhcp-4.1-ESV-R6.tar.gz) = 1121186
  SHA256 (ldap-for-dhcp-4.1.1-2.tar.gz) = 566b7be2ebefdc583d0bf0095c804ba69807b67e5cc29a2b64b1b39202b37d0d
  SIZE (ldap-for-dhcp-4.1.1-2.tar.gz) = 39004
 
 Modified: head/security/vuxml/vuln.xml
 ==============================================================================
 --- head/security/vuxml/vuln.xml	Mon Jul 30 12:10:39 2012	(r301715)
 +++ head/security/vuxml/vuln.xml	Mon Jul 30 12:42:32 2012	(r301716)
 @@ -67,28 +67,28 @@ Note:  Please add new entries to the beg
  	<h1>A Bugzilla Security Advisory reports:</h1>
  	<blockquote cite="http://www.bugzilla.org/security/3.6.9/">
  	  <p>The following security issues have been discovered in
 -	    Bugzilla:</p>
 +	     Bugzilla:</p>
  	  <h1>Information Leak</h1>
  	  <p>Versions: 4.1.1 to 4.2.1, 4.3.1</p>
  	  <p>In HTML bugmails, all bug IDs and attachment IDs are
 -	   linkified, and hovering these links displays a tooltip
 -	   with the bug summary or the attachment description if
 -	   the user is allowed to see the bug or attachment.
 -	   But when validating user permissions when generating the
 -	   email, the permissions of the user who edited the bug were
 -	   taken into account instead of the permissions of the
 -	   addressee. This means that confidential information could
 -	   be disclosed to the addressee if the other user has more
 -	   privileges than the addressee.
 -	   Plain text bugmails are not affected as bug and attachment
 -	   IDs are not linkified.</p>
 +	     linkified, and hovering these links displays a tooltip
 +	     with the bug summary or the attachment description if
 +	     the user is allowed to see the bug or attachment.
 +	     But when validating user permissions when generating the
 +	     email, the permissions of the user who edited the bug were
 +	     taken into account instead of the permissions of the
 +	     addressee. This means that confidential information could
 +	     be disclosed to the addressee if the other user has more
 +	     privileges than the addressee.
 +	     Plain text bugmails are not affected as bug and attachment
 +	     IDs are not linkified.</p>
  	  <h1>Information Leak</h1>
 -           <p>Versions: 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to
 -            4.2.1, 4.3.1</p>
 +          <p>Versions: 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to
 +              4.2.1, 4.3.1</p>
  	  <p>The description of a private attachment could be visible
 -	   to a user who hasn't permissions to access this attachment
 -	   if the attachment ID is mentioned in a public comment in
 -	   a bug that the user can see.</p>
 +	     to a user who hasn't permissions to access this attachment
 +	     if the attachment ID is mentioned in a public comment in
 +	     a bug that the user can see.</p>
  	</blockquote>
        </body>
      </description>
 @@ -176,13 +176,13 @@ Note:  Please add new entries to the beg
  	<p>The RT development team reports:</p>
  	<blockquote cite="http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html">
  	  <p>RT::Authen::ExternalAuth 0.10 and below (for all versions
 -	  of RT) are vulnerable to an escalation of privilege attack
 -	  where the URL of a RSS feed of the user can be used to
 -	  acquire a fully logged-in session as that user.
 -	  CVE-2012-2770 has been assigned to this vulnerability.</p>
 +	     of RT) are vulnerable to an escalation of privilege attack
 +	     where the URL of a RSS feed of the user can be used to
 +	     acquire a fully logged-in session as that user.
 +	     CVE-2012-2770 has been assigned to this vulnerability.</p>
  	  <p>Users of RT 3.8.2 and above should upgrade to
 -	  RT::Authen::ExternalAuth 0.11, which resolves this
 -	  vulnerability.</p>
 +	     RT::Authen::ExternalAuth 0.11, which resolves this
 +	     vulnerability.</p>
  	</blockquote>
        </body>
      </description>
 @@ -200,6 +200,10 @@ Note:  Please add new entries to the beg
      <topic>isc-dhcp -- multiple vulnerabilities</topic>
      <affects>
        <package>
 +	<name>isc-dhcp41-server</name>
 +	<range><lt>4.1.e_5,2</lt></range>
 +      </package>
 +      <package>
  	<name>isc-dhcp42-server</name>
  	<range><lt>4.2.4_1</lt></range>
        </package>
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
>Unformatted:
