laffer1 | 25 Feb 15:44 2015

src [6968] trunk/UPDATING: document security patches for bind and igmp

Revision: 6968
          http://svnweb.midnightbsd.org/src/?rev=6968
Author:   laffer1
Date:     2015-02-25 09:44:54 -0500 (Wed, 25 Feb 2015)
Log Message:
-----------
document security patches for bind and igmp

Modified Paths:
--------------
    trunk/UPDATING

Modified: trunk/UPDATING
===================================================================
--- trunk/UPDATING	2015-02-25 14:43:47 UTC (rev 6967)
+++ trunk/UPDATING	2015-02-25 14:44:54 UTC (rev 6968)
 <at>  <at>  -1,5 +1,21  <at>  <at> 
 Updating Information for MidnightBSD users.

+20150225:
+        Fix two security vulnerabilities.
+
+        1. BIND servers which are configured to perform DNSSEC validation and which
+        are using managed keys (which occurs implicitly when using
+        "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
+        unpredictable behavior due to the use of an improperly initialized
+        variable.
+
+        CVE-2015-1349
+
(Continue reading)

laffer1 | 25 Feb 15:43 2015

src [6967] trunk: Fix two security vulnerabilities.

Revision: 6967
          http://svnweb.midnightbsd.org/src/?rev=6967
Author:   laffer1
Date:     2015-02-25 09:43:47 -0500 (Wed, 25 Feb 2015)
Log Message:
-----------
Fix two security vulnerabilities.

Modified Paths:
--------------
    trunk/contrib/bind98/lib/dns/zone.c
    trunk/sys/netinet/igmp.c

Modified: trunk/contrib/bind98/lib/dns/zone.c
===================================================================
--- trunk/contrib/bind98/lib/dns/zone.c	2015-02-25 14:38:00 UTC (rev 6966)
+++ trunk/contrib/bind98/lib/dns/zone.c	2015-02-25 14:43:47 UTC (rev 6967)
 <at>  <at>  -7873,6 +7873,12  <at>  <at> 
 					     namebuf, tag);
 				trustkey = ISC_TRUE;
 			}
+		} else {
+			/*
+			 * No previously known key, and the key is not
+			 * secure, so skip it.
+			 */
+			continue;
 		}

 		/* Delete old version */
(Continue reading)

laffer1 | 25 Feb 15:38 2015

src [6966] release/0.5.9/: MidnightBSD 0.5.9-RELEASE

Revision: 6966
          http://svnweb.midnightbsd.org/src/?rev=6966
Author:   laffer1
Date:     2015-02-25 09:38:00 -0500 (Wed, 25 Feb 2015)
Log Message:
-----------
MidnightBSD 0.5.9-RELEASE

Added Paths:
-----------
    release/0.5.9/

laffer1 | 25 Feb 15:34 2015

src [6965] stable/0.5: 0.5.9 RELEASE

Revision: 6965
          http://svnweb.midnightbsd.org/src/?rev=6965
Author:   laffer1
Date:     2015-02-25 09:34:35 -0500 (Wed, 25 Feb 2015)
Log Message:
-----------
0.5.9 RELEASE

Modified Paths:
--------------
    stable/0.5/UPDATING
    stable/0.5/sys/conf/newvers.sh

Modified: stable/0.5/UPDATING
===================================================================
--- stable/0.5/UPDATING	2015-02-25 14:32:10 UTC (rev 6964)
+++ stable/0.5/UPDATING	2015-02-25 14:34:35 UTC (rev 6965)
 <at>  <at>  -1,5 +1,23  <at>  <at> 
 Updating Information for MidnightBSD users.

+20150225:
+	0.5.9 RELEASE
+
+	Fix two security vulnerabilities. 
+
+	1. BIND servers which are configured to perform DNSSEC validation and which
+	are using managed keys (which occurs implicitly when using
+	"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
+	unpredictable behavior due to the use of an improperly initialized
+	variable.
(Continue reading)

laffer1 | 25 Feb 15:32 2015

src [6964] stable/0.5/sys/netinet/igmp.c: An integer overflow in computing the size of IGMPv3 data buffer can result

Revision: 6964
          http://svnweb.midnightbsd.org/src/?rev=6964
Author:   laffer1
Date:     2015-02-25 09:32:10 -0500 (Wed, 25 Feb 2015)
Log Message:
-----------
An integer overflow in computing the size of IGMPv3 data buffer can result
in a buffer which is too small for the requested operation.

This can result in a DOS attack.

Modified Paths:
--------------
    stable/0.5/sys/netinet/igmp.c

Modified: stable/0.5/sys/netinet/igmp.c
===================================================================
--- stable/0.5/sys/netinet/igmp.c	2015-02-25 14:30:33 UTC (rev 6963)
+++ stable/0.5/sys/netinet/igmp.c	2015-02-25 14:32:10 UTC (rev 6964)
 <at>  <at>  -1532,8 +1532,8  <at>  <at> 
 		case IGMP_VERSION_3: {
 				struct igmpv3 *igmpv3;
 				uint16_t igmpv3len;
-				uint16_t srclen;
-				int nsrc;
+				uint16_t nsrc;
+				int srclen;

 				IGMPSTAT_INC(igps_rcv_v3_queries);
 				igmpv3 = (struct igmpv3 *)igmp;
(Continue reading)

laffer1 | 25 Feb 15:30 2015

src [6963] stable/0.5/contrib/bind98/lib/dns/zone.c: BIND servers which are configured to perform DNSSEC validation and which

Revision: 6963
          http://svnweb.midnightbsd.org/src/?rev=6963
Author:   laffer1
Date:     2015-02-25 09:30:33 -0500 (Wed, 25 Feb 2015)
Log Message:
-----------
BIND servers which are configured to perform DNSSEC validation and which
are using managed keys (which occurs implicitly when using
"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
unpredictable behavior due to the use of an improperly initialized
variable.

CVE-2015-1349

Modified Paths:
--------------
    stable/0.5/contrib/bind98/lib/dns/zone.c

Modified: stable/0.5/contrib/bind98/lib/dns/zone.c
===================================================================
--- stable/0.5/contrib/bind98/lib/dns/zone.c	2015-02-06 13:57:11 UTC (rev 6962)
+++ stable/0.5/contrib/bind98/lib/dns/zone.c	2015-02-25 14:30:33 UTC (rev 6963)
 <at>  <at>  -7873,6 +7873,12  <at>  <at> 
 					     namebuf, tag);
 				trustkey = ISC_TRUE;
 			}
+		} else {
+			/*
+			 * No previously known key, and the key is not
+			 * secure, so skip it.
(Continue reading)

laffer1 | 24 Feb 14:34 2015

mports [18030] trunk/security/openssh-portable: OpenSSH 6.7p1

Revision: 18030
          http://svnweb.midnightbsd.org/mports/?rev=18030
Author:   laffer1
Date:     2015-02-24 08:34:14 -0500 (Tue, 24 Feb 2015)
Log Message:
-----------
OpenSSH 6.7p1

Modified Paths:
--------------
    trunk/security/openssh-portable/Makefile
    trunk/security/openssh-portable/distinfo
    trunk/security/openssh-portable/files/extra-patch-hpn-build-options
    trunk/security/openssh-portable/files/openssh.in
    trunk/security/openssh-portable/files/patch-readconf.c
    trunk/security/openssh-portable/files/patch-ssh-agent.c
    trunk/security/openssh-portable/files/patch-sshd_config.5

Modified: trunk/security/openssh-portable/Makefile
===================================================================
--- trunk/security/openssh-portable/Makefile	2015-02-24 13:10:27 UTC (rev 18029)
+++ trunk/security/openssh-portable/Makefile	2015-02-24 13:34:14 UTC (rev 18030)
 <at>  <at>  -1,7 +1,7  <at>  <at> 
 # $MidnightBSD$

 PORTNAME=	openssh
-DISTVERSION=	6.6p1
+DISTVERSION=	6.7p1
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
(Continue reading)

laffer1 | 24 Feb 14:10 2015

mports [18029] trunk/security/openssl: OpenSSL 1.0.1l

Revision: 18029
          http://svnweb.midnightbsd.org/mports/?rev=18029
Author:   laffer1
Date:     2015-02-24 08:10:27 -0500 (Tue, 24 Feb 2015)
Log Message:
-----------
OpenSSL 1.0.1l

Modified Paths:
--------------
    trunk/security/openssl/Makefile
    trunk/security/openssl/distinfo

Modified: trunk/security/openssl/Makefile
===================================================================
--- trunk/security/openssl/Makefile	2015-02-24 13:02:15 UTC (rev 18028)
+++ trunk/security/openssl/Makefile	2015-02-24 13:10:27 UTC (rev 18029)
 <at>  <at>  -2,8 +2,8  <at>  <at> 

 PORTNAME=	openssl
 PORTVERSION=	1.0.1
-PORTREVISION=	4
-DISTVERSIONSUFFIX=	k
+PORTREVISION=	5
+DISTVERSIONSUFFIX=	l
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/%SUBDIR%/ \
 		ftp://ftp.openssl.org/%SUBDIR%/ \

Modified: trunk/security/openssl/distinfo
(Continue reading)

laffer1 | 24 Feb 14:02 2015

mports [18028] trunk/dns/bind99: bind 9.9.6P2

Revision: 18028
          http://svnweb.midnightbsd.org/mports/?rev=18028
Author:   laffer1
Date:     2015-02-24 08:02:15 -0500 (Tue, 24 Feb 2015)
Log Message:
-----------
bind 9.9.6P2

Modified Paths:
--------------
    trunk/dns/bind99/Makefile
    trunk/dns/bind99/distinfo

Modified: trunk/dns/bind99/Makefile
===================================================================
--- trunk/dns/bind99/Makefile	2015-02-24 12:58:54 UTC (rev 18027)
+++ trunk/dns/bind99/Makefile	2015-02-24 13:02:15 UTC (rev 18028)
 <at>  <at>  -15,7 +15,7  <at>  <at> 
 LICENSE=	iscl

 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.9.6-P1
+ISCVERSION=	9.9.6-P2

 MAKE_JOBS_UNSAFE=	yes

Modified: trunk/dns/bind99/distinfo
===================================================================
--- trunk/dns/bind99/distinfo	2015-02-24 12:58:54 UTC (rev 18027)
+++ trunk/dns/bind99/distinfo	2015-02-24 13:02:15 UTC (rev 18028)
(Continue reading)

laffer1 | 24 Feb 13:58 2015

mports [18027] trunk/dns/bind910: 9.10.1P2 BIND

Revision: 18027
          http://svnweb.midnightbsd.org/mports/?rev=18027
Author:   laffer1
Date:     2015-02-24 07:58:54 -0500 (Tue, 24 Feb 2015)
Log Message:
-----------
9.10.1P2 BIND

Modified Paths:
--------------
    trunk/dns/bind910/Makefile
    trunk/dns/bind910/distinfo

Modified: trunk/dns/bind910/Makefile
===================================================================
--- trunk/dns/bind910/Makefile	2015-02-22 17:08:58 UTC (rev 18026)
+++ trunk/dns/bind910/Makefile	2015-02-24 12:58:54 UTC (rev 18027)
 <at>  <at>  -14,7 +14,7  <at>  <at> 
 LICENSE=	iscl

 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.10.1-P1
+ISCVERSION=	9.10.1-P2

 MAKE_JOBS_UNSAFE=	yes

Modified: trunk/dns/bind910/distinfo
===================================================================
--- trunk/dns/bind910/distinfo	2015-02-22 17:08:58 UTC (rev 18026)
+++ trunk/dns/bind910/distinfo	2015-02-24 12:58:54 UTC (rev 18027)
(Continue reading)

laffer1 | 22 Feb 18:08 2015

mports [18026] trunk/devel/subversion: fix paths and plist

Revision: 18026
          http://svnweb.midnightbsd.org/mports/?rev=18026
Author:   laffer1
Date:     2015-02-22 12:08:58 -0500 (Sun, 22 Feb 2015)
Log Message:
-----------
fix paths and plist

Modified Paths:
--------------
    trunk/devel/subversion/Makefile.common
    trunk/devel/subversion/pkg-plist

Modified: trunk/devel/subversion/Makefile.common
===================================================================
--- trunk/devel/subversion/Makefile.common	2015-02-22 15:48:24 UTC (rev 18025)
+++ trunk/devel/subversion/Makefile.common	2015-02-22 17:08:58 UTC (rev 18026)
 <at>  <at>  -2,7 +2,7  <at>  <at> 

 PORTNAME?=	subversion
 PORTVERSION=	1.8.11
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES+=	devel
 MASTER_SITES=	${MASTER_SITE_APACHE}
 DIST_SUBDIR=	subversion18
 <at>  <at>  -15,8 +15,8  <at>  <at> 

 CPE_VENDOR=	apache

(Continue reading)


Gmane