Created attachment 192708 [details] Re-baselined patch for version 5.1.2 This patch upgrades the port to 5.1.2 from the upstream. I tested this with poudriere testport using a 11.1-RELEASE-p9/amd64 jail.
Created attachment 192709 [details] Re-baselined patch for 5.1.2 This patch supersedes the original because the diff was generated the wrong way around (i.e. from new to old rather than from old to new).
Kamailio 5.1.2 addresses this CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-8828
Created attachment 193069 [details] Re-baselined patch for 5.1.3 This patch takes a review comment into account (https://forums.freebsd.org/threads/port-patch-request-wait-time.65725/#post-386433) and since Kamailio 5.1.3 has been released in the meantime, I re-baselined to 5.1.3.
testbuilds@work
A commit references this bug: Author: pi Date: Sun May 6 06:58:01 UTC 2018 New revision: 469180 URL: https://svnweb.freebsd.org/changeset/ports/469180 Log: net/kamailio: update 5.0.1 -> 5.1.3 - lots of changes PR: 227677 Submitted by: Ben Hood <ben@relops.com> Relnotes: https://www.kamailio.org/w/kamailio-v5-1-0-release-notes/ https://www.kamailio.org/pub/kamailio/5.1.3/ChangeLog https://www.kamailio.org/pub/kamailio/5.1.2/ChangeLog https://www.kamailio.org/pub/kamailio/5.1.1/ChangeLog https://www.kamailio.org/pub/kamailio/5.1.0/ChangeLog https://www.kamailio.org/pub/kamailio/5.0.6/ChangeLog Security: CVE-2018-8828 Changes: head/net/kamailio/Makefile head/net/kamailio/distinfo head/net/kamailio/files/patch-src_Makefile head/net/kamailio/files/patch-src_Makefile.defs head/net/kamailio/files/patch-src_core_ip__addr.h head/net/kamailio/files/patch-src_main.c head/net/kamailio/files/patch-src_modules_ctl_ctl.c head/net/kamailio/files/patch-src_modules_ctl_ctl__defaults.h head/net/kamailio/files/patch-src_modules_db__berkeley_Makefile head/net/kamailio/files/patch-src_modules_db__oracle_Makefile head/net/kamailio/files/patch-src_modules_db__sqlite_Makefile head/net/kamailio/files/patch-src_modules_tls_Makefile head/net/kamailio/files/patch-src_modules_tls_sip-router__cert.sh head/net/kamailio/files/patch-src_modules_websocket_ws__frame.c head/net/kamailio/files/patch-utils_kamctl_Makefile head/net/kamailio/pkg-plist
Many thanks for merging this, much appreciated. Do I need to mark the ticket as closed or will this happen as part of the workflow?
I asked ports-secteam@ for approval to merge the upgrade to the quarterly tree and there I keep the PR open.
Ah, so this change is now in the mainline of the ports source tree, but it only gets rolled into a portsnap on a quarterly basis?
Yes, for a bit of info on the quarterly branch, see https://wiki.freebsd.org/PortsSubversionPrimer#Quarterly_Branch One more thing, we probably should provide a vuxml record for that CVE: https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/book.html#security-notify I'm short on time, but if you want to venture into that, feel free to add a vuxml diff to this PR and I'll work on it.
A commit references this bug: Author: pi Date: Sun May 6 12:56:01 UTC 2018 New revision: 469214 URL: https://svnweb.freebsd.org/changeset/ports/469214 Log: MFH: r469180 net/kamailio: update 5.0.1 -> 5.1.3 - lots of changes PR: 227677 Submitted by: Ben Hood <ben@relops.com> Relnotes: https://www.kamailio.org/w/kamailio-v5-1-0-release-notes/ https://www.kamailio.org/pub/kamailio/5.1.3/ChangeLog https://www.kamailio.org/pub/kamailio/5.1.2/ChangeLog https://www.kamailio.org/pub/kamailio/5.1.1/ChangeLog https://www.kamailio.org/pub/kamailio/5.1.0/ChangeLog https://www.kamailio.org/pub/kamailio/5.0.6/ChangeLog Security: CVE-2018-8828 Approved by: ports-secteam (riggs) Changes: _U branches/2018Q2/ branches/2018Q2/net/kamailio/Makefile branches/2018Q2/net/kamailio/distinfo branches/2018Q2/net/kamailio/files/patch-src_Makefile branches/2018Q2/net/kamailio/files/patch-src_Makefile.defs branches/2018Q2/net/kamailio/files/patch-src_core_ip__addr.h branches/2018Q2/net/kamailio/files/patch-src_main.c branches/2018Q2/net/kamailio/files/patch-src_modules_ctl_ctl.c branches/2018Q2/net/kamailio/files/patch-src_modules_ctl_ctl__defaults.h branches/2018Q2/net/kamailio/files/patch-src_modules_db__berkeley_Makefile branches/2018Q2/net/kamailio/files/patch-src_modules_db__oracle_Makefile branches/2018Q2/net/kamailio/files/patch-src_modules_db__sqlite_Makefile branches/2018Q2/net/kamailio/files/patch-src_modules_tls_Makefile branches/2018Q2/net/kamailio/files/patch-src_modules_tls_sip-router__cert.sh branches/2018Q2/net/kamailio/files/patch-src_modules_websocket_ws__frame.c branches/2018Q2/net/kamailio/files/patch-utils_kamctl_Makefile branches/2018Q2/net/kamailio/pkg-plist
Created attachment 193113 [details] VuXML update for buffer overflow in Kamailio As per request, here is a VuXML entry for the buffer overflow.
A commit references this bug: Author: pi Date: Wed May 9 16:32:16 UTC 2018 New revision: 469454 URL: https://svnweb.freebsd.org/changeset/ports/469454 Log: security/vuxml: document kamailio CVE-2018-8828 PR: 227677 Submitted by: Ben Hood <ben@relops.com> Changes: head/security/vuxml/vuln.xml
thanks!