Created attachment 159169 [details] Update textproc/elasticsearch from 1.6.0 to 1.7.0 A new version 1.7.0 is available.
Created attachment 159215 [details] security/vuxml for elasticsearch < 1.6.1 This Elasticsearch update resolves two security issues documented on https://www.elastic.co/community/security Log: Document Elasticsearch directory traversal attach and remote code execution PR: 201834 Security: CVE-2015-5377 Security: fb3668df-32d7-11e5-a4a5-002590263bf5 Security: CVE-2015-5531 Security: ae8c09cb-32da-11e5-a4a5-002590263bf5 Validation: > make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml > env PKG_DBDIR=/usr/ports/security/vuxml pkg audit elasticsearch-1.6.0 elasticsearch-1.6.0 is vulnerable: elasticsearch -- directory traversal attack via snapshot API CVE: CVE-2015-5531 WWW: https://vuxml.FreeBSD.org/freebsd/ae8c09cb-32da-11e5-a4a5-002590263bf5.html elasticsearch-1.6.0 is vulnerable: elasticsearch -- remote code execution via transport protocol CVE: CVE-2015-5377 WWW: https://vuxml.FreeBSD.org/freebsd/fb3668df-32d7-11e5-a4a5-002590263bf5.html 1 problem(s) in the installed packages found. > env PKG_DBDIR=/usr/ports/security/vuxml pkg audit elasticsearch-1.7.0 0 problem(s) in the installed packages found.
Created attachment 159560 [details] Update textproc/elasticsearch from 1.6.0 to 1.7.0 + NO_ARCH & minor rclint cleanups Boris, Some tiny additions to the update patch. textproc/elasticsearch: update 1.6.0 -> 1.7.0 - Add NO_ARCH - Apply minor cleanup to rc scripts
Created attachment 159561 [details] Poudriere testport Build testing done: 8.4-RELEASE-p36 amd64 8.4-RELEASE-p36 i386 9.3-RELEASE-p21 amd64 9.3-RELEASE-p21 i386 10.1-RELEASE-p16 amd64 10.1-RELEASE-p16 i386 10.2-RC2 amd64 10.2-RC2 i386 11.0-CURRENT r286208 amd64 11.0-CURRENT r286208 i386 Runtime testing: This patch in an ELK suite along with my Kibana work @ https://reviews.freebsd.org/D3290
A commit references this bug: Author: junovitch Date: Wed Aug 5 22:11:06 UTC 2015 New revision: 393622 URL: https://svnweb.freebsd.org/changeset/ports/393622 Log: Document Elasticsearch directory traversal attack and remote code execution PR: 201834 Security: CVE-2015-5377 Security: fb3668df-32d7-11e5-a4a5-002590263bf5 Security: CVE-2015-5531 Security: ae8c09cb-32da-11e5-a4a5-002590263bf5 Approved by: feld (mentor) Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: junovitch Date: Wed Aug 5 22:18:33 UTC 2015 New revision: 393624 URL: https://svnweb.freebsd.org/changeset/ports/393624 Log: textproc/elasticsearch: update 1.6.0 -> 1.7.0 - Add NO_ARCH - Apply minor cleanup to rc scripts PR: 201834 Security: CVE-2015-5377 Security: fb3668df-32d7-11e5-a4a5-002590263bf5 Security: CVE-2015-5531 Security: ae8c09cb-32da-11e5-a4a5-002590263bf5 Approved by: ports-secteam (feld), feld (mentor) MFH: 2015Q3 Changes: head/textproc/elasticsearch/Makefile head/textproc/elasticsearch/distinfo head/textproc/elasticsearch/files/elasticsearch-plugin.in head/textproc/elasticsearch/files/elasticsearch.in head/textproc/elasticsearch/pkg-plist
A commit references this bug: Author: junovitch Date: Wed Aug 5 22:25:09 UTC 2015 New revision: 393625 URL: https://svnweb.freebsd.org/changeset/ports/393625 Log: MFH: r393624 textproc/elasticsearch: update 1.6.0 -> 1.7.0 - Add NO_ARCH - Apply minor cleanup to rc scripts PR: 201834 Security: CVE-2015-5377 Security: fb3668df-32d7-11e5-a4a5-002590263bf5 Security: CVE-2015-5531 Security: ae8c09cb-32da-11e5-a4a5-002590263bf5 Approved by: ports-secteam (feld), feld (mentor) Changes: _U branches/2015Q3/ branches/2015Q3/textproc/elasticsearch/Makefile branches/2015Q3/textproc/elasticsearch/distinfo branches/2015Q3/textproc/elasticsearch/files/elasticsearch-plugin.in branches/2015Q3/textproc/elasticsearch/files/elasticsearch.in branches/2015Q3/textproc/elasticsearch/pkg-plist
Take, clarify security issues in title, add keywords, and close.