diff options
| author | pawel <pawel@FreeBSD.org> | 2016-08-02 01:43:19 +0800 |
|---|---|---|
| committer | pawel <pawel@FreeBSD.org> | 2016-08-02 01:43:19 +0800 |
| commit | 18b6599eb7d0409f2fbb8e1fcfb80a5c75c764c1 (patch) | |
| tree | 8ec00d7f062947f42f5f734b17cb54014d77048b /security/dropbear | |
| parent | 7c8e2a01dcbf24f9aed29c4e2efb778a8be952b6 (diff) | |
| download | freebsd-ports-gnome-18b6599eb7d0409f2fbb8e1fcfb80a5c75c764c1.tar.gz freebsd-ports-gnome-18b6599eb7d0409f2fbb8e1fcfb80a5c75c764c1.tar.zst freebsd-ports-gnome-18b6599eb7d0409f2fbb8e1fcfb80a5c75c764c1.zip | |
- Update to version 2016.74
- Add license information
Changelog:
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
PR: 211298
Submitted by: Piotr Kubaj (maintainer)
MFH: 2016Q3
Diffstat (limited to 'security/dropbear')
| -rw-r--r-- | security/dropbear/Makefile | 5 | ||||
| -rw-r--r-- | security/dropbear/distinfo | 5 |
2 files changed, 7 insertions, 3 deletions
diff --git a/security/dropbear/Makefile b/security/dropbear/Makefile index ed89df1b9b14..323dc0b70ed0 100644 --- a/security/dropbear/Makefile +++ b/security/dropbear/Makefile @@ -2,13 +2,16 @@ # $FreeBSD$ PORTNAME= dropbear -PORTVERSION= 2016.73 +PORTVERSION= 2016.74 CATEGORIES= security ipv6 MASTER_SITES= http://matt.ucc.asn.au/dropbear/releases/ MAINTAINER= pkubaj@anongoth.pl COMMENT= SSH 2 server, designed to be usable in small memory environments +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE + GNU_CONFIGURE= yes USES= cpe gmake tar:bzip2 CPE_VENDOR= matt_johnston diff --git a/security/dropbear/distinfo b/security/dropbear/distinfo index 7de4535e4e99..422b513fd65d 100644 --- a/security/dropbear/distinfo +++ b/security/dropbear/distinfo @@ -1,2 +1,3 @@ -SHA256 (dropbear-2016.73.tar.bz2) = 5c61a4f69b093b688629cd365be38701485ff63cfb23642dab7a05ad250aefd7 -SIZE (dropbear-2016.73.tar.bz2) = 1621584 +TIMESTAMP = 1469201269 +SHA256 (dropbear-2016.74.tar.bz2) = 2720ea54ed009af812701bcc290a2a601d5c107d12993e5d92c0f5f81f718891 +SIZE (dropbear-2016.74.tar.bz2) = 1622234 |