Created attachment 239619 [details] 6.2.1 to 6.2.4 patch Update EternalTerminal to 6.2.4 Tested on x86_64. Upstream release notes: CVE-2022-48257, CVE-2022-48258 remedied fix readme regarding port forwarding by @cbyrohl in #522 Fix test failures that started appearing in CI by @jwmcglynn in #526 Add documentation for the EternalTerminal protocol by @jwmcglynn in #523 ssh-et: apply upstream updates by @infokiller in #527 docs: write gpg key to trusted.gpg.d for APT by @Rongronggg9 in #530 Support for ipv6 addresses (with or without port specified) by @jshort in #536 ipv6 abbreviated address support by @jshort in #539 Fix launchd plist config to remove daemonization. by @jshort in #540 Explicitly set verbosity from cxxopts value. by @jshort in #542 Remove daemon flag in systemd config by @CmdQ in #549 Format all source with clang-format. by @jshort in #552 Fix tunnel parsing exception handling. by @jshort in #550 Fix SIGTERM behavior that causes systemd control of etserver to timeout. by @jshort in #554 Parse telemetry ini config as boolean and make telemetry opt-in. by @jshort in #553 Logfile open mode and permission plus location configurability. by @jshort in #556
Note to self: VuXml entries.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2a6cc6635b837b263eef5058ecc822b82d23ceb8 commit 2a6cc6635b837b263eef5058ecc822b82d23ceb8 Author: Will Tisdale <willtisdale@gmail.com> AuthorDate: 2023-01-21 16:57:51 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-23 12:52:45 +0000 net/eternalterminal: Update to 6.2.4 ChangeLog: https://github.com/MisterTea/EternalTerminal/compare/et-v6.2.1...et-v6.2.4 * CVE-2022-48257, CVE-2022-48258 remedied * fix readme regarding port forwarding * Fix test failures that started appearing in CI * Add documentation for the EternalTerminal protocol * ssh-et: apply upstream updates * docs: write gpg key to trusted.gpg.d for APT * Support for ipv6 addresses (with or without port specified) * ipv6 abbreviated address support * Fix launchd plist config to remove daemonization. * Explicitly set verbosity from cxxopts value. * Remove daemon flag in systemd config * Format all source with clang-format. * Fix tunnel parsing exception handling. * Fix SIGTERM behavior that causes systemd control of etserver to timeout. * Parse telemetry ini config as boolean and make telemetry opt-in. * Logfile open mode and permission plus location configurability. PR: 269079 Reported by: willtisdale@gmail.com (maintainer) MFH: 2023Q1 (security fixes) Security: CVE-2022-48257, CVE-2022-48258 net/eternalterminal/Makefile | 3 +-- net/eternalterminal/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-)
A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=b03a64bcb12603f43a425b51a58c1a014e7b9b42 commit b03a64bcb12603f43a425b51a58c1a014e7b9b42 Author: Will Tisdale <willtisdale@gmail.com> AuthorDate: 2023-01-21 16:57:51 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-23 12:53:49 +0000 net/eternalterminal: Update to 6.2.4 ChangeLog: https://github.com/MisterTea/EternalTerminal/compare/et-v6.2.1...et-v6.2.4 * CVE-2022-48257, CVE-2022-48258 remedied * fix readme regarding port forwarding * Fix test failures that started appearing in CI * Add documentation for the EternalTerminal protocol * ssh-et: apply upstream updates * docs: write gpg key to trusted.gpg.d for APT * Support for ipv6 addresses (with or without port specified) * ipv6 abbreviated address support * Fix launchd plist config to remove daemonization. * Explicitly set verbosity from cxxopts value. * Remove daemon flag in systemd config * Format all source with clang-format. * Fix tunnel parsing exception handling. * Fix SIGTERM behavior that causes systemd control of etserver to timeout. * Parse telemetry ini config as boolean and make telemetry opt-in. * Logfile open mode and permission plus location configurability. PR: 269079 Reported by: willtisdale@gmail.com (maintainer) MFH: 2023Q1 (security fixes) Security: CVE-2022-48257, CVE-2022-48258 (cherry picked from commit 2a6cc6635b837b263eef5058ecc822b82d23ceb8) net/eternalterminal/Makefile | 3 +-- net/eternalterminal/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-)
Committed and merged to 2023Q1, Thanks!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=be92f125bb0888a16fae98a1d239f87bf8293a08 commit be92f125bb0888a16fae98a1d239f87bf8293a08 Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2023-01-23 12:51:17 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-23 12:55:09 +0000 security/vuxml: register net/eternalterminal vulnerabilities CVE-2022-48257 and CVE-2022-48258 PR: 269079 security/vuxml/vuln/2023.xml | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-)