248758 – New ebuild submission for net-dns/noip-updater for version 2.1.9

Bug 248758 - New ebuild submission for net-dns/noip-updater for version 2.1.9

Summary: New ebuild submission for net-dns/noip-updater for version 2.1.9

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	Daniel Black (RETIRED)

URL:
Whiteboard:
Keywords:	EBUILD

Depends on:
Blocks:	248709
	Show dependency tree

Reported:	2008-11-25 09:19 UTC by Behzat
Modified:	2008-12-14 17:07 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
net-dns/noip-updater-2.1.9 (noip-updater-2.1.9.ebuild,1.19 KB, text/plain) 2008-11-25 09:20 UTC, Behzat	Details
Ebuild in the style of 2.1.7 (noip-updater-2.1.9.ebuild,1.31 KB, text/plain) 2008-11-25 17:15 UTC, John Whitlock	Details
patch to go with my ebuild (noip-2.1.9-cflags.patch,473 bytes, patch) 2008-11-25 17:17 UTC, John Whitlock	Details \| Diff
noip-updater-2.1.9 with patched edition. (noip-updater-2.1.9.ebuild,1.31 KB, text/plain) 2008-11-26 14:08 UTC, Behzat	Details
core source code patch file for noip-2.1.9 (noip-2.1.9-update.patch,16.21 KB, patch) 2008-11-26 14:09 UTC, Behzat	Details \| Diff
File fixed. (noip-updater-2.1.9.ebuild,1.36 KB, text/plain) 2008-11-26 14:52 UTC, Behzat	Details
File fixed. (noip-2.1.9.update.patch,15.28 KB, patch) 2008-11-26 14:52 UTC, Behzat	Details \| Diff
Patch file fixed. (noip-2.1.9.update.patch,15.28 KB, patch) 2008-11-26 14:56 UTC, Behzat	Details \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Behzat 2008-11-25 09:19:38 UTC

::::: Quatation from NO-IP EMail:::::

Security Advisory - 2008-11-22
------------------------------------------------------------------------------
Summary:
Important: No-IP Linux DUC (Dynamic Update Client)

An updated version of the No-IP Linux Dynamic Update Client that fixes
a security issue is now available.

This update has been rated as having important security impact.

Description:
Versions 2.1.1- > 2.1.8 are prone to a stack-based buffer-overflow due to
a boundary error when processing HTTP responses received  from the update
server. This can be exploited and cause a stack-based buffer overflow when
performing an update.

A malicious user could exploit this by faking the No-IP update server
via DNS poisoning or a man in the middle attack.  This can cause a denial of
service (client crash) or
potentially execute arbitrary code on the computer the client is running on.

Users running versions 2.1.8 and older are encouraged to upgrade to the most
recent version, 2.1.9
at http://www.no-ip.com/downloads?page=linux&av=1

Regards,

The No-IP Team

Note:  This email was sent from an unmonitored account.  If you have any
questions or comments please open a trouble ticket at
http://www.no-ip.com/ticket

Reproducible: Didn't try

Actual Results:  
It's work but you should create manually "/usr/etc" directory.

Comment 1 Behzat 2008-11-25 09:20:10 UTC

Created attachment 173310 [details]
net-dns/noip-updater-2.1.9

Comment 2 Serkan Kaba (RETIRED) gentoo-dev

2008-11-25 11:18:19 UTC

*** Bug 248709 has been marked as a duplicate of this bug. ***

Comment 3 John Whitlock 2008-11-25 17:15:12 UTC

Created attachment 173367 [details]
Ebuild in the style of 2.1.7

I've made an ebuild that matches the style of the 2.1.7-r1 ebuild.  It required a new patch, which I'll upload next

Comment 4 John Whitlock 2008-11-25 17:17:15 UTC

Created attachment 173368 [details, diff]
patch to go with my ebuild

Comment 5 Behzat 2008-11-26 14:08:37 UTC

Created attachment 173458 [details]
noip-updater-2.1.9 with patched edition.

Comment 6 Behzat 2008-11-26 14:09:25 UTC

Created attachment 173460 [details, diff]
core source code patch file for noip-2.1.9

Comment 7 Behzat 2008-11-26 14:52:26 UTC

Created attachment 173469 [details]
File fixed.

Comment 8 Behzat 2008-11-26 14:52:53 UTC

Created attachment 173471 [details, diff]
File fixed.

Comment 9 Behzat 2008-11-26 14:56:48 UTC

Created attachment 173475 [details, diff]
Patch file fixed.

Comment 10 Gilles Dartiguelongue (RETIRED) gentoo-dev

2008-12-12 11:30:21 UTC

oops, I should've checked if there was an ebuild here first. Guys, please check if the updates I posted on the security bug are working for you.

Comment 11 Gilles Dartiguelongue (RETIRED) gentoo-dev

2008-12-14 15:54:25 UTC

the ebuild I submitted in the security bug has been commited. Please submit an enhancement request if necessary.

Comment 12 Behzat 2008-12-14 17:07:25 UTC

Hello Gilles,

I do not know it's necessary but I wrote ebuild and patch file. Currently, it works fine and I do not run across any issue.

Regards,
Behzat.

(In reply to comment #11)
> the ebuild I submitted in the security bug has been commited. Please submit an
> enhancement request if necessary.
>