[Bug 202261] [PATCH] devel/py-foolscap: update to 0.8.0, multiple security improvements

Wed Aug 12 00:55:35 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202261

            Bug ID: 202261
           Summary: [PATCH] devel/py-foolscap: update to 0.8.0, multiple
                    security improvements
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: kevlo at FreeBSD.org
          Reporter: tom at hur.st
             Flags: maintainer-feedback?(kevlo at FreeBSD.org)
          Keywords: patch
          Assignee: kevlo at FreeBSD.org

Created attachment 159791
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159791&action=edit
patch to 0.8.0

This patch updates from 0.6.4 to 0.8.0, corrects a use of :=, and adds a
regression-test target.

Self tests improve in the update thus on 10.1-BETA2:

0.6.4: FAILED (skips=4, failures=1, errors=10, successes=441)
0.8.0: FAILED (skips=4, failures=1, errors=7, successes=462)

0.7.0 includes this security fix:

> The "flappserver" feature was found to have a vulnerability in the
> service-lookup code which, when combined with an attacker who has the ability
> to write files to a location where the flappserver process could read them,
> would allow that attacker to obtain control of the flappserver process.

0.8.0 generates better TLS certificates, and removes unauthenticated Tubs.

-- 
You are receiving this mail because:
You are the assignee for the bug.