Portaudit 0.6.0:

Fix remote code execution which can occur with a specially crafted
audit file.  The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.

Add signature verification of the portaudit database.  The public key
is for the database generated for portaudit.FreeBSD.org is included
in the distribution.

(This parts add the portaudit public key missed in initial commit.)

Submitted by:   Michael Gmelin <freebsd@grem.de>
Reported by:    Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
Security:       Remote code execution
Security:       http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
Feature safe:   yes
With hat:       so

1 files changed, 14 insertions, 0 deletions

diff --git a/ports-mgmt/portaudit/files/portaudit.pubkey b/ports-mgmt/portaudit/files/portaudit.pubkey
new file mode 100644
index 000000000000..fe5e085fc576
--- /dev/null
+++ b/ports-mgmt/portaudit/files/portaudit.pubkey
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4nwaFiYtZYkMGqBXwaiH
+XkjSrg3bMWbJdtMeqTqOypzS38YwmKlyY3IrqxDtOMy1NrEuOBhKNk0C4o5vMJbf
+VaIh0C7WB3sRRVCkJWZmUfTKzQ0OO4bKlnXQiNZKhmcNfKJWC13SIJvpzJ9I7VZK
+aSfNKjzoVlDaJZ6F43vt+UBOilUscracoTlIvWRmkTKuBKzahgeu98qozh3hqJq9
+tpz/e0/ptqQvMDKNGmSolBLoNalD1XkGZm9cFKiVHZx0QE/WTl0YnI1mxnYCDsya
+DcfOrqz+Brw+uBnA2pWAPs40G+4kx+UnhnYM/0E6jwomvJA3mnVgeYwiXRw6UNTh
+yg4oMp8Rj14lAtXnOf4IK2eb17Wgbc5uKvBF4WTB9/tfJYqJd4QzTsEoLGtdVQ8C
+Jv0uMc92Q9D3NzwBverBMIg3GeDf6gQevrR0sYquThUkBkadZNwksZ7ikVbd1zDg
+PRKhQxLCZUU0GrisuK5pWk+bkJEQ5EA+QzoBjaRwSkFDaMA8tdv/Gc3He+dbKJlx
+hYk9OZ+YjzW8JeuXM6pBu1bYU0oQ8QLoLUJfWAdgryYk/Q6HnHjgFQFb/Ski6F8k
+HHvV1U8diQ+LUmewYiaP8DFhiGDI82/X/S74Mc2EFPWewHCk3c8+VefKffajYWyl
+KnPe+xfUMlm1BYH5TwUtnN8CAwEAAQ==
+-----END PUBLIC KEY-----