Bug 224477 - net/rsync: add patches to fix security vulnerabilities
Summary: net/rsync: add patches to fix security vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Emanuel Haupt
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-20 09:58 UTC by Yasuhiro Kimura
Modified: 2017-12-20 15:52 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (ehaupt)


Attachments
patch file (5.69 KB, patch)
2017-12-20 09:58 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura freebsd_committer freebsd_triage 2017-12-20 09:58:22 UTC
Created attachment 188988 [details]
patch file

* Add patches to fix following security vulnerabilities.
** CVE-2017-16548
** CVE-2017-17433
** CVE-2017-17434
* Bump PORTREVISION.
* Move position of PORTREVISION in Makefile to fix portlint warning.
Comment 1 Yasuhiro Kimura freebsd_committer freebsd_triage 2017-12-20 10:12:07 UTC
I submitted bug #224478 that adds entry for these security vulnerabilities to security/vuxml. So please commit it too.

And FYI patches are obtained from Debian.
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-12-20 14:19:09 UTC
A commit references this bug:

Author: ehaupt
Date: Wed Dec 20 14:18:21 UTC 2017
New revision: 456798
URL: https://svnweb.freebsd.org/changeset/ports/456798

Log:
  - Add patches [1] to fix following security vulnerabilities:
    * CVE-2017-16548
    * CVE-2017-17433
    * CVE-2017-17434
  - Bump PORTREVISION
  - Move position of PORTREVISION in Makefile to fix portlint warning

  PR:		224477
  Submitted by:	yasu@utahime.org
  Obtained from:	debian
  MFH:		2017Q4 (blanket)

Changes:
  head/net/rsync/Makefile
  head/net/rsync/files/patch-CVE-2017-16548
  head/net/rsync/files/patch-CVE-2017-17433
  head/net/rsync/files/patch-CVE-2017-17434-1
  head/net/rsync/files/patch-CVE-2017-17434-2
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-12-20 14:20:12 UTC
A commit references this bug:

Author: ehaupt
Date: Wed Dec 20 14:19:35 UTC 2017
New revision: 456800
URL: https://svnweb.freebsd.org/changeset/ports/456800

Log:
  MFH: r456798

  - Add patches [1] to fix following security vulnerabilities:
    * CVE-2017-16548
    * CVE-2017-17433
    * CVE-2017-17434
  - Bump PORTREVISION
  - Move position of PORTREVISION in Makefile to fix portlint warning

  PR:		224477
  Submitted by:	yasu@utahime.org
  Obtained from:	debian

  Approved by:	ports-secteam (blanket)

Changes:
_U  branches/2017Q4/
  branches/2017Q4/net/rsync/Makefile
  branches/2017Q4/net/rsync/files/patch-CVE-2017-16548
  branches/2017Q4/net/rsync/files/patch-CVE-2017-17433
  branches/2017Q4/net/rsync/files/patch-CVE-2017-17434-1
  branches/2017Q4/net/rsync/files/patch-CVE-2017-17434-2
Comment 4 Emanuel Haupt freebsd_committer freebsd_triage 2017-12-20 15:52:05 UTC
Thank you very much for this high quality patch. I've committed the patch to head and 2017Q4. I've also taken care of the VuXML entry.