Bug 224477

Summary: net/rsync: add patches to fix security vulnerabilities
Product: Ports & Packages Reporter: Yasuhiro Kimura <yasu>
Component: Individual Port(s)Assignee: Emanuel Haupt <ehaupt>
Status: Closed FIXED    
Severity: Affects Some People Flags: bugzilla: maintainer-feedback? (ehaupt)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224478
Attachments:
Description Flags
patch file none

Description Yasuhiro Kimura freebsd_committer freebsd_triage 2017-12-20 09:58:22 UTC 
Created attachment 188988 [details]
patch file

* Add patches to fix following security vulnerabilities.
** CVE-2017-16548
** CVE-2017-17433
** CVE-2017-17434
* Bump PORTREVISION.
* Move position of PORTREVISION in Makefile to fix portlint warning.
Comment 1 Yasuhiro Kimura freebsd_committer freebsd_triage 2017-12-20 10:12:07 UTC 
I submitted bug #224478 that adds entry for these security vulnerabilities to security/vuxml. So please commit it too.

And FYI patches are obtained from Debian.
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-12-20 14:19:09 UTC 
A commit references this bug:

Author: ehaupt
Date: Wed Dec 20 14:18:21 UTC 2017
New revision: 456798
URL: https://svnweb.freebsd.org/changeset/ports/456798

Log:
  - Add patches [1] to fix following security vulnerabilities:
    * CVE-2017-16548
    * CVE-2017-17433
    * CVE-2017-17434
  - Bump PORTREVISION
  - Move position of PORTREVISION in Makefile to fix portlint warning

  PR:		224477
  Submitted by:	yasu@utahime.org
  Obtained from:	debian
  MFH:		2017Q4 (blanket)

Changes:
  head/net/rsync/Makefile
  head/net/rsync/files/patch-CVE-2017-16548
  head/net/rsync/files/patch-CVE-2017-17433
  head/net/rsync/files/patch-CVE-2017-17434-1
  head/net/rsync/files/patch-CVE-2017-17434-2
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-12-20 14:20:12 UTC 
A commit references this bug:

Author: ehaupt
Date: Wed Dec 20 14:19:35 UTC 2017
New revision: 456800
URL: https://svnweb.freebsd.org/changeset/ports/456800

Log:
  MFH: r456798

  - Add patches [1] to fix following security vulnerabilities:
    * CVE-2017-16548
    * CVE-2017-17433
    * CVE-2017-17434
  - Bump PORTREVISION
  - Move position of PORTREVISION in Makefile to fix portlint warning

  PR:		224477
  Submitted by:	yasu@utahime.org
  Obtained from:	debian

  Approved by:	ports-secteam (blanket)

Changes:
_U  branches/2017Q4/
  branches/2017Q4/net/rsync/Makefile
  branches/2017Q4/net/rsync/files/patch-CVE-2017-16548
  branches/2017Q4/net/rsync/files/patch-CVE-2017-17433
  branches/2017Q4/net/rsync/files/patch-CVE-2017-17434-1
  branches/2017Q4/net/rsync/files/patch-CVE-2017-17434-2
Comment 4 Emanuel Haupt freebsd_committer freebsd_triage 2017-12-20 15:52:05 UTC 
Thank you very much for this high quality patch. I've committed the patch to head and 2017Q4. I've also taken care of the VuXML entry.