Bug 282419 - net/keycloak: Update to 26.0.4 CVE-2021-44549
Summary: net/keycloak: Update to 26.0.4 CVE-2021-44549
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Vladimir Druzenko
URL: https://www.keycloak.org/2024/10/keyc...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-10-30 13:41 UTC by Matthias Wolf
Modified: 2024-10-31 10:57 UTC (History)
2 users (show)

See Also:
vvd: merge-quarterly+

Attachments
net/keycloak (1.74 KB, patch)
2024-10-30 13:41 UTC, Matthias Wolf 		freebsd: maintainer-approval+
Details | Diff
security/vuxml (1.50 KB, patch)
2024-10-31 07:35 UTC, Matthias Wolf 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Wolf 2024-10-30 13:41:23 UTC 
Created attachment 254642 [details]
net/keycloak

Upgrade Keycloak to 26.0.4.

Tested on 13.4-RELEASE.

Security: CVE-2021-44549
Comment 1 Vladimir Druzenko freebsd_committer freebsd_triage 2024-10-30 15:10:38 UTC 
Can you create patch with record for security/vuxml: https://cgit.freebsd.org/ports/log/security/vuxml?
Comment 2 commit-hook freebsd_committer freebsd_triage 2024-10-30 16:14:34 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=246bb67e540c86ff93d0f57aff9574df131ffbcb

commit 246bb67e540c86ff93d0f57aff9574df131ffbcb
Author:     Matthias Wolf <freebsd@rheinwolf.de>
AuthorDate: 2024-10-30 16:12:29 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-10-30 16:12:29 +0000

    net/keycloak: Update 26.0.2 → 26.0.4, fix CVE-2021-44549

    Changelog:
    https://www.keycloak.org/2024/10/keycloak-2604-released.html

    PR:     282419
    MFH:    2024Q3

 net/keycloak/Makefile  | 2 +-
 net/keycloak/distinfo  | 6 +++---
 net/keycloak/pkg-plist | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2024-10-30 16:17:37 UTC 
A commit in branch 2024Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b11e1df397fcb22d85d6fe4c5d58aae352c67d00

commit b11e1df397fcb22d85d6fe4c5d58aae352c67d00
Author:     Matthias Wolf <freebsd@rheinwolf.de>
AuthorDate: 2024-10-30 16:12:29 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-10-30 16:16:21 +0000

    net/keycloak: Update 26.0.2 → 26.0.4, fix CVE-2021-44549

    Changelog:
    https://www.keycloak.org/2024/10/keycloak-2604-released.html

    PR:     282419
    MFH:    2024Q3
    (cherry picked from commit 246bb67e540c86ff93d0f57aff9574df131ffbcb)

 net/keycloak/Makefile  | 2 +-
 net/keycloak/distinfo  | 6 +++---
 net/keycloak/pkg-plist | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
Comment 4 Matthias Wolf 2024-10-31 07:35:51 UTC 
Created attachment 254786 [details]
security/vuxml

Created a patch for security/vuxml.

This is my first entry to vuxml, so I hope I created a valid entry. :)
Comment 5 commit-hook freebsd_committer freebsd_triage 2024-10-31 10:51:52 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=331f33b5fe04f74565ac89bd34aa1a2347eb0c5a

commit 331f33b5fe04f74565ac89bd34aa1a2347eb0c5a
Author:     Matthias Wolf <freebsd@rheinwolf.de>
AuthorDate: 2024-10-31 10:50:31 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-10-31 10:50:31 +0000

    security/vuxml: Add record for net/keycloak < 26.0.4 CVE-2021-44549

    PR:     282419

 security/vuxml/vuln/2024.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
Comment 6 Vladimir Druzenko freebsd_committer freebsd_triage 2024-10-31 10:57:32 UTC 
(In reply to Matthias Wolf from comment #4)
LGFM, thanks!