Bug 261407 - security/aide: Upgrade to 0.17.4 (CVE-2021-45417)
Summary: security/aide: Upgrade to 0.17.4 (CVE-2021-45417)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Cy Schubert
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-22 17:41 UTC by Yonas Yanfa
Modified: 2022-01-23 23:03 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (cy)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Yonas Yanfa 2022-01-22 17:41:22 UTC
From the NEWS file:

Version 0.17.4 (2022-01-19)
    * SECURITY FIX
        - Precalculate buffer size in base64 functions (CVE-2021-45417)
Comment 1 Cy Schubert freebsd_committer 2022-01-23 22:16:51 UTC
It doesn't build on FreeBSD. Some linuxisms need working around.
Comment 2 commit-hook freebsd_committer 2022-01-23 23:02:44 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c404f72d903fbc5283f02627f78c8094d77ea502

commit c404f72d903fbc5283f02627f78c8094d77ea502
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-01-23 22:59:57 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-01-23 23:01:46 +0000

    security/vuxml: Document aide CVE-2021-45417

    Document aide heap buffer overflow.

    PR:             261407
    Reported by:    Yonas Yanfa <yonas.yanfa@gmail.com>

 security/vuxml/vuln-2022.xml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
Comment 3 commit-hook freebsd_committer 2022-01-23 23:02:45 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8fbfc5f93128b55b1ca8748cde645fe443c31c10

commit 8fbfc5f93128b55b1ca8748cde645fe443c31c10
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-01-23 22:51:09 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-01-23 23:01:46 +0000

    security/aide: Update to 0.17.4

    Update aide to 0.17.4, fixing CVE-2021-45417.

    PR:             261407
    Reported by:    Yonas Yanfa <yonas.yanfa@gmail.com>
    MFH:            2022Q1
    Security:       CVE-2021-45417

 security/aide/Makefile                            |  2 +-
 security/aide/distinfo                            |  6 +++---
 security/aide/files/patch-doc_aide.1 (gone)       | 14 --------------
 security/aide/files/patch-include_util.h (new)    | 10 ++++++++++
 security/aide/files/patch-src_commandconf.c (new) | 13 +++++++++++++
 5 files changed, 27 insertions(+), 18 deletions(-)
Comment 4 Cy Schubert freebsd_committer 2022-01-23 23:03:36 UTC
Fixed.
Comment 5 commit-hook freebsd_committer 2022-01-23 23:03:46 UTC
A commit in branch 2022Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=06dbdc2155d4edbe853e16ee56b1dfaeea62404e

commit 06dbdc2155d4edbe853e16ee56b1dfaeea62404e
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-01-23 22:51:09 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-01-23 23:02:38 +0000

    security/aide: Update to 0.17.4

    Update aide to 0.17.4, fixing CVE-2021-45417.

    PR:             261407
    Reported by:    Yonas Yanfa <yonas.yanfa@gmail.com>
    Security:       CVE-2021-45417

    (cherry picked from commit 8fbfc5f93128b55b1ca8748cde645fe443c31c10)

 security/aide/Makefile                            |  2 +-
 security/aide/distinfo                            |  6 +++---
 security/aide/files/patch-doc_aide.1 (gone)       | 14 --------------
 security/aide/files/patch-include_util.h (new)    | 10 ++++++++++
 security/aide/files/patch-src_commandconf.c (new) | 13 +++++++++++++
 5 files changed, 27 insertions(+), 18 deletions(-)