freebsd-ports/ports-mgmt/portaudit/pkg-plist at 09e8089e23d89a4f2d22e036428a55ebf57870c6 - kpriv/freebsd-ports - Disroot Forgejo: Brace yourself, merge conflicts ahead.

kpriv/freebsd-ports

Simon L. B. Nielsen 23dc1240c1 Portaudit 0.6.0:

Fix remote code execution which can occur with a specially crafted
audit file.  The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.

Add signature verification of the portaudit database.  The public key
is for the database generated for portaudit.FreeBSD.org is included
in the distribution.

Submitted by:	Michael Gmelin <freebsd@grem.de>
Reported by:	Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
Security:	Remote code execution
Security:	http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
Feature safe:	yes
With hat:	so

2012-03-11 21:32:58 +00:00

8 lines

243 B

Text

Raw Blame History

 sbin/portaudit
 etc/portaudit.pubkey
 etc/portaudit.conf.sample
 %%PERIODICDIR%%/security/410.portaudit
 @dirrmtry %%PERIODICDIR%%/security
 @dirrmtry %%PERIODICDIR%%
 @exec mkdir -p %%DATABASEDIR%%
 @unexec rmdir %%DATABASEDIR%% 2>/dev/null || true