Re: UPDATE: net/znc 1.7.3 -> 1.7.4
OK. On 6/26/2019 3:04 PM, Hiltjo Posthuma wrote: Hi, This updates the znc port from 1.7.3 to 1.7.4. It contains a security fix: Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12816 Patch reference: https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311 I only build the package on amd64 and have not tested it. Patch below: diff --git net/znc/Makefile net/znc/Makefile index 6cb912ed596..52267267db7 100644 --- net/znc/Makefile +++ net/znc/Makefile @@ -2,8 +2,7 @@ COMMENT= advanced IRC bouncer -DISTNAME= znc-1.7.3 -REVISION= 0 +DISTNAME= znc-1.7.4 CATEGORIES= net MASTER_SITES= ${HOMEPAGE}releases/ diff --git net/znc/distinfo net/znc/distinfo index 4a337b107f8..b333b2182eb 100644 --- net/znc/distinfo +++ net/znc/distinfo @@ -1,2 +1,2 @@ -SHA256 (znc-1.7.3.tar.gz) = HkzDGDeh6ObMMQhzZZoWfOwWo/1CgcvDvzZOQjUsET0= -SIZE (znc-1.7.3.tar.gz) = 2084575 +SHA256 (znc-1.7.4.tar.gz) = saMpIajm157mxZAMjQcpMCaWbbfAWqrEiYQjG+/Em3E= +SIZE (znc-1.7.4.tar.gz) = 2084756
Re: UPDATE: net/znc 1.7.3 -> 1.7.4
On Wed, Jun 26, 2019 at 09:04:10PM +0200, Hiltjo Posthuma wrote: > Hi, > > This updates the znc port from 1.7.3 to 1.7.4. > > It contains a security fix: > > Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin > users > to escalate privileges and execute arbitrary code by loading a module with a > crafted name. > > Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12816 > Patch reference: > https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311 > > I only build the package on amd64 and have not tested it. > > > Patch below: > > > diff --git net/znc/Makefile net/znc/Makefile > index 6cb912ed596..52267267db7 100644 > --- net/znc/Makefile > +++ net/znc/Makefile > @@ -2,8 +2,7 @@ > > COMMENT= advanced IRC bouncer > > -DISTNAME=znc-1.7.3 > -REVISION=0 > +DISTNAME=znc-1.7.4 > CATEGORIES= net > MASTER_SITES=${HOMEPAGE}releases/ > > diff --git net/znc/distinfo net/znc/distinfo > index 4a337b107f8..b333b2182eb 100644 > --- net/znc/distinfo > +++ net/znc/distinfo > @@ -1,2 +1,2 @@ > -SHA256 (znc-1.7.3.tar.gz) = HkzDGDeh6ObMMQhzZZoWfOwWo/1CgcvDvzZOQjUsET0= > -SIZE (znc-1.7.3.tar.gz) = 2084575 > +SHA256 (znc-1.7.4.tar.gz) = saMpIajm157mxZAMjQcpMCaWbbfAWqrEiYQjG+/Em3E= > +SIZE (znc-1.7.4.tar.gz) = 2084756 > > -- > Kind regards, > Hiltjo > Thanks! It works for me. ok solene@
UPDATE: net/znc 1.7.3 -> 1.7.4
Hi, This updates the znc port from 1.7.3 to 1.7.4. It contains a security fix: Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12816 Patch reference: https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311 I only build the package on amd64 and have not tested it. Patch below: diff --git net/znc/Makefile net/znc/Makefile index 6cb912ed596..52267267db7 100644 --- net/znc/Makefile +++ net/znc/Makefile @@ -2,8 +2,7 @@ COMMENT= advanced IRC bouncer -DISTNAME= znc-1.7.3 -REVISION= 0 +DISTNAME= znc-1.7.4 CATEGORIES=net MASTER_SITES= ${HOMEPAGE}releases/ diff --git net/znc/distinfo net/znc/distinfo index 4a337b107f8..b333b2182eb 100644 --- net/znc/distinfo +++ net/znc/distinfo @@ -1,2 +1,2 @@ -SHA256 (znc-1.7.3.tar.gz) = HkzDGDeh6ObMMQhzZZoWfOwWo/1CgcvDvzZOQjUsET0= -SIZE (znc-1.7.3.tar.gz) = 2084575 +SHA256 (znc-1.7.4.tar.gz) = saMpIajm157mxZAMjQcpMCaWbbfAWqrEiYQjG+/Em3E= +SIZE (znc-1.7.4.tar.gz) = 2084756 -- Kind regards, Hiltjo