| Commit History - (may be incomplete: see SVNWeb link above for full details) |
| Date | By | Description |
11 Mar 2012 22:05:39
  0.6.0
|
simon  |
Portaudit 0.6.0:
Fix remote code execution which can occur with a specially crafted
audit file. The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.
Add signature verification of the portaudit database. The public key
is for the database generated for portaudit.FreeBSD.org is included
in the distribution.
(This parts add the portaudit public key missed in initial commit.)
Submitted by: Michael Gmelin <freebsd@grem.de>
Reported by: Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
Security: Remote code execution
Security:
http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
Feature safe: yes
With hat: so |
11 Mar 2012 21:32:58
0.6.0
|
simon |
Portaudit 0.6.0:
Fix remote code execution which can occur with a specially crafted
audit file. The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.
Add signature verification of the portaudit database. The public key
is for the database generated for portaudit.FreeBSD.org is included
in the distribution.
Submitted by: Michael Gmelin <freebsd@grem.de>
Reported by: Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
Security: Remote code execution
Security:
http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
Feature safe: yes
With hat: so |
05 Feb 2011 08:37:06
0.5.17
 |
remko |
Add some improvements via Doug:
This patch changes the order in which the conf file is read vs.
when the default variable assignments are made in order to provide
the ability to override them in the conf file. It also adds the
ability to include a conf file in the same directory as the script.
The patch also changes some of the = assignments to := where
having a null setting by mistake would be fatal.
The use case for these changes is the ability to "package" all
of the elements together in one place for use on multiple systems
that can all mount the same central location.
PR: 154518
Submitted by: dougb
Hat: secteam
Feature safe: yes |
31 Jan 2011 20:17:04
0.5.16
|
uqs |
Don't enclose URLs in <>, it makes them harder to copy&paste and URLs are
not email addresses.
PR: ports/127214 (first half)
Reviewed by: simon
Feature safe: yes |
03 May 2010 21:02:21
0.5.15
|
delphij |
Prefer using base system binaries.
Reported by: Paul Hoffman <phoffman proper com>
With hat: secteam |
26 Oct 2009 09:17:28
0.5.14
|
remko |
Forgot to bump version.
Prodded by: antoine |
21 Oct 2009 08:30:57
0.5.13
|
remko |
Fix unmatched quote.
PR: ports/139810
Submitted by: bf <bf1783 at gmail dot com> |
21 Jun 2009 15:45:18
0.5.13
|
simon |
Download portaudit database from http://portaudit.FreeBSD.org/ instead
of http://www.FreeBSD.org/ports/portaudit/.
This is primarily done to work around bug in lighttpd on www.FreeBSD.org
where If-Modified-Since isn't handled correctly possibly resulting in
users behind web proxies getting an outdated version of the portaudit
database.
Bump portaudit version number.
Big thanks to the reporter for the detailed PR with good information
about reproducing the issue.
PR: www/134505
Reported by: Christian Ullrich <chris@chrullrich.net>
Prodding by: remko, Christian Ullrich |
27 Dec 2007 09:54:23
0.5.12
|
simon |
- Fix portaudit -Fq to actually be quiet. [1]
- Remove support for FreeBSD older than 4.11 and 5.3.
- Remove conditional dependency on bzip2 which I can't really see how
could be activated automatically.
Reported by: "J. Martin Petersen" <jmp@alvorlig.dk> [1]
PR: ports/117845 [1]
With hat: maintainer / secteam |
02 Apr 2007 12:40:32
0.5.11
|
erwin |
Add security to CATEGORIES
"Sounds like a good idea": simon |
15 Mar 2007 07:14:35
0.5.11
|
remko |
Correct URL to the VuXML pages for FreeBSD. Also bump modification date.
PR: ports/104813
Submitted by: Alan Amesbury <amesbury at umn dot edu> |
05 Feb 2007 01:08:46
0.5.11
|
pav |
Populate a new ports-mgmt category. List of moved ports:
devel/portcheckout -> ports-mgmt/portcheckout
devel/portlint -> ports-mgmt/portlint
devel/portmk -> ports-mgmt/portmk
devel/porttools -> ports-mgmt/porttools
misc/instant-tinderbox -> ports-mgmt/instant-tinderbox
misc/porteasy -> ports-mgmt/porteasy
misc/portell -> ports-mgmt/portell
misc/portless -> ports-mgmt/portless
misc/tinderbox -> ports-mgmt/tinderbox
security/jailaudit -> ports-mgmt/jailaudit
security/portaudit -> ports-mgmt/portaudit
security/portaudit-db -> ports-mgmt/portaudit-db
security/vulnerability-test-port -> ports-mgmt/vulnerability-test-port (Only the first 15 lines of the commit message are shown above  ) |
If you buy from Amazon USA, please support us by using this link.
