Bug 220797 - net-mgmt/collectd5: update to 5.7.2 (Fixes security vulnerability)
Summary: net-mgmt/collectd5: update to 5.7.2 (Fixes security vulnerability)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Olivier Cochard
URL: https://collectd.org/news.shtml#news104
Keywords: security
Depends on:
Blocks:
 
Reported: 2017-07-17 12:43 UTC by luca.pizzamiglio
Modified: 2017-07-23 10:08 UTC (History)
4 users (show)

See Also:
ports: maintainer-feedback+
koobs: merge-quarterly+

Attachments
The updating patch (893 bytes, patch)
2017-07-17 12:43 UTC, luca.pizzamiglio 		koobs: maintainer-approval+
Details | Diff
poudriere build on FreeBSD 11 amd64 (284.64 KB, text/x-log)
2017-07-17 12:53 UTC, luca.pizzamiglio 		no flags Details
poudriere build on FreeBSD 10.3 i386 (83.74 KB, text/x-log)
2017-07-17 12:54 UTC, luca.pizzamiglio 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description luca.pizzamiglio 2017-07-17 12:43:41 UTC 
Created attachment 184429 [details]
The updating patch

net-mgmt/collectd5: update to 5.7.2

Updating collectd5 to the last version.
There are fixes on several plugins (https://collectd.org/news.shtml#news104)
Merge-querterly possible and advised.

testport: OK (poudriere: 10.3,11.0 on amd64,i386)
Comment 1 luca.pizzamiglio 2017-07-17 12:53:57 UTC 
Created attachment 184430 [details]
poudriere build on FreeBSD 11 amd64
Comment 2 luca.pizzamiglio 2017-07-17 12:54:26 UTC 
Created attachment 184431 [details]
poudriere build on FreeBSD 10.3 i386
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-07-17 13:38:47 UTC 
A commit references this bug:

Author: olivier
Date: Mon Jul 17 13:38:04 UTC 2017
New revision: 446072
URL: https://svnweb.freebsd.org/changeset/ports/446072

Log:
  Update to 5.7.2

  PR:		220797
  Submitted by:	luca.pizzamiglio@gmail.com (maintainer)

Changes:
  head/net-mgmt/collectd5/Makefile
  head/net-mgmt/collectd5/distinfo
Comment 4 Olivier Cochard freebsd_committer freebsd_triage 2017-07-17 13:52:16 UTC 
thanks!
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2017-07-18 12:38:33 UTC 
Re-open for MFH (as requested)

5.7.2 is a bug fix release (alone warranting a merge), but additionally, fixes a security vulnerability (with CVE)...

Network plugin: A potential endless-loop has been fixed. This can be triggered remotely by sending a signed network packet to a server which is not set up to check signatures. Thanks to Marcin Kozlowski and Pavel Rochnyack. #2174, #2233, CVE-2017-7401

Further, luca doesn't appear to be (or at least match) maintainer on record (ports @ bsdserwis com)
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2017-07-18 12:38:56 UTC 
Additionally, pending VuXML
Comment 7 Olivier Cochard freebsd_committer freebsd_triage 2017-07-18 13:03:41 UTC 
I've mixed up the PR submitter and the port maintainer: When I've realized my mistake I've sent an email to the port maintainer for his instruction (should I revert my commit or not).
Comment 8 Krzysztof 2017-07-18 19:29:52 UTC 
I was a liitle "confused" that bug was closed without waiting for my approval :-)))

I've installed new version on my servers and everything works corrctly so I think that commit should not be reverted - especially that new version resolves security issues.

So I approved this patch once again and I think this ticket could be closed.
Comment 9 Kubilay Kocak freebsd_committer freebsd_triage 2017-07-19 03:43:13 UTC 
Pending VuXML entry and MFH
Comment 10 commit-hook freebsd_committer freebsd_triage 2017-07-19 10:14:47 UTC 
A commit references this bug:

Author: olivier
Date: Wed Jul 19 10:13:46 UTC 2017
New revision: 446192
URL: https://svnweb.freebsd.org/changeset/ports/446192

Log:
  Document vulnerability in collectd5

  PR:		220797
  Reported by:	luca.pizzamiglio@gmail.com
  Security:	CVE-2017-7401

Changes:
  head/security/vuxml/vuln.xml
Comment 11 commit-hook freebsd_committer freebsd_triage 2017-07-20 21:40:41 UTC 
A commit references this bug:

Author: olivier
Date: Thu Jul 20 21:39:39 UTC 2017
New revision: 446296
URL: https://svnweb.freebsd.org/changeset/ports/446296

Log:
  MFH: r446072

  Update to 5.7.2

  PR:		220797
  Submitted by:	luca.pizzamiglio@gmail.com

  Approved by:	ports-secteam

Changes:
_U  branches/2017Q3/
  branches/2017Q3/net-mgmt/collectd5/Makefile
  branches/2017Q3/net-mgmt/collectd5/distinfo
Comment 12 Olivier Cochard freebsd_committer freebsd_triage 2017-07-20 21:42:31 UTC 
Merged to quarterly.