From owner-svn-ports-branches@FreeBSD.ORG Wed Sep 24 07:42:22 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 202DDB16; Wed, 24 Sep 2014 07:42:22 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E5702D99; Wed, 24 Sep 2014 07:42:21 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8O7gLs3021086; Wed, 24 Sep 2014 07:42:21 GMT (envelope-from avilla@FreeBSD.org) Received: (from avilla@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8O7gLce021085; Wed, 24 Sep 2014 07:42:21 GMT (envelope-from avilla@FreeBSD.org) Message-Id: <201409240742.s8O7gLce021085@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: avilla set sender to avilla@FreeBSD.org using -f From: Alberto Villa Date: Wed, 24 Sep 2014 07:42:21 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369163 - branches/2014Q3/multimedia/mlt/files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2014 07:42:22 -0000 Author: avilla Date: Wed Sep 24 07:42:21 2014 New Revision: 369163 URL: http://svnweb.freebsd.org/changeset/ports/369163 QAT: https://qat.redports.org/buildarchive/r369163/ Log: MFH: r369138 - Fix build with Clang. PR: 189043 Approved by: portmgr (rea) Added: branches/2014Q3/multimedia/mlt/files/patch-gite50606c - copied unchanged from r369138, head/multimedia/mlt/files/patch-gite50606c Modified: Directory Properties: branches/2014Q3/ (props changed) Copied: branches/2014Q3/multimedia/mlt/files/patch-gite50606c (from r369138, head/multimedia/mlt/files/patch-gite50606c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q3/multimedia/mlt/files/patch-gite50606c Wed Sep 24 07:42:21 2014 (r369163, copy of r369138, head/multimedia/mlt/files/patch-gite50606c) @@ -0,0 +1,27 @@ +commit e50606ca3f680029b7f16bbbf284adac34f30ded +Author: Dan Dennedy +Date: Mon Jun 2 19:18:50 2014 -0700 + + Fix compilation with clang. + +diff --git a/configure b/configure +index eb20880..e540704 100755 +--- configure ++++ configure +@@ -81,10 +81,12 @@ build_config() + if [ "$optimisations" = "true" ] + then + echo "OPTIMISATIONS=-O2 -pipe" +- # Since gcc 4.6, this optimization enabled with -O1 causes filter_line_sse2 to crash. +- echo "OPTIMISATIONS+=-fno-tree-dominator-opts" +- # Since gcc 4.6, this optimization enabled with -O2 causes filter_line_sse2 to crash. +- echo "OPTIMISATIONS+=-fno-tree-pre" ++ if $("$CC" --version 2> /dev/null | grep gcc); then ++ # Since gcc 4.6, this optimization enabled with -O1 causes filter_line_sse2 to crash. ++ echo "OPTIMISATIONS+=-fno-tree-dominator-opts" ++ # Since gcc 4.6, this optimization enabled with -O2 causes filter_line_sse2 to crash. ++ echo "OPTIMISATIONS+=-fno-tree-pre" ++ fi + fi + + echo "CFLAGS+=-Wall -DPIC \$(TARGETARCH) \$(TARGETCPU) \$(OPTIMISATIONS) \$(MMX_FLAGS) \$(SSE_FLAGS) \$(SSE2_FLAGS) \$(DEBUG_FLAGS) \$(LARGE_FILE)" From owner-svn-ports-branches@FreeBSD.ORG Wed Sep 24 12:19:11 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E9DA316C; Wed, 24 Sep 2014 12:19:11 +0000 (UTC) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.233.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3E1C113B; Wed, 24 Sep 2014 12:19:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codelabs.ru; s=three; h=Sender:In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=rJgOi/AYW0gxJ5KYUyg+TskYhdiQ/YlkWc60aSyTaqo=; b=rkc3y0d2pAZ5vjy8KUhxxplto5/8AAxYObdA3IKm33+tCvquC6kjvA9ccMl02N881Qdf5cyL0z4a2Yp0BjZQDba/lcds9S0SMdATriQnWSXR3/OuDx1v8qQELCZPimhxMNuYpxLq/tFMeXSb5tqJqX+f+VYSUz/ByCoYbWszajFVBpSPYPvbds0eTRAJSJ9G6Yvk5DKcCDlfBhU3cMUnKtYStnom+0ckStEJNIRhl9e11WB8Um/GtkCcQXFv9NXR/yOK7zfHvujXIqH80Zv4S1SCHCdKQMx3RKJPXsm26PH30bDcBFFPej1RoVaMGssitUaOObD8IQjVrH4dN900VoD9E/il+BGsM/ZiyZy1s/u3j2gsjTrHiA6ZwpGqHn9NUtbU3tqTZLkzElpEgS/gb+PQLRKJfDZDZwre/4LfoxvuZnXmCd9mSGSipNt1+Y+DnrHVaIP3iSyk2sZxHKTh7Au8JJ3GYLXOtR8qz/oGuTDNDvwbS2uJRNkLfDebsyIWG//Ob+2WUSdPLPa59dJ9sHCWqP/yz4TTeib0t1QeZV/3Oid+NX8d3BgmEx/0qYDuicb/DGzPITBo0nC88W7imjZdoMlUpWIUBYSZ8hdjNUFyN0ysjlWUJvtU2m6fPAZOTtd14gmJKOciT4v8csCuxgrbmQ8itIOftM6M9DgIw6o=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.233.66]) by 0.mx.codelabs.ru with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) id 1XWlXG-000K2q-8o; Wed, 24 Sep 2014 16:19:06 +0400 Date: Wed, 24 Sep 2014 16:19:03 +0400 From: Eygene Ryabinkin To: Alberto Villa Subject: Re: svn commit: r369163 - branches/2014Q3/multimedia/mlt/files Message-ID: References: <201409240742.s8O7gLce021085@svn.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="vGgW1X5XWziG23Ko" Content-Disposition: inline In-Reply-To: <201409240742.s8O7gLce021085@svn.freebsd.org> Sender: rea@codelabs.ru Cc: svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org, ports-committers@freebsd.org X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2014 12:19:12 -0000 --vGgW1X5XWziG23Ko Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Wed, Sep 24, 2014 at 07:42:21AM +0000, Alberto Villa wrote: > Author: avilla > Date: Wed Sep 24 07:42:21 2014 > New Revision: 369163 > URL: http://svnweb.freebsd.org/changeset/ports/369163 > QAT: https://qat.redports.org/buildarchive/r369163/ >=20 > Log: > MFH: r369138 > =20 > - Fix build with Clang. > =20 > PR: 189043 > Approved by: portmgr (rea) Should read "Approved by: ports-secteam (rea)", I am not in portmgr. --=20 Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ] --vGgW1X5XWziG23Ko Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iL4EABEKAGYFAlQitrdfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDgyRkUwNkJDRDQ5N0MwREU0OUVDNEZGMDE2 QUY5RUFFODE1MkVDRkIACgkQFq+eroFS7PtCbwD7BqI5VcSNuYombpTwCfBnuhba cn5KPAQOucqMTBcMfDsA/08hFVcFh6yn0OXj5c/bbfZw4PTnq0tJNJsfAbQUQ85b =7uVy -----END PGP SIGNATURE----- --vGgW1X5XWziG23Ko-- From owner-svn-ports-branches@FreeBSD.ORG Wed Sep 24 13:07:34 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8CF1E4AB; Wed, 24 Sep 2014 13:07:34 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 77CB5949; Wed, 24 Sep 2014 13:07:34 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8OD7Ywe073052; Wed, 24 Sep 2014 13:07:34 GMT (envelope-from antoine@FreeBSD.org) Received: (from antoine@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8OD7YAU073051; Wed, 24 Sep 2014 13:07:34 GMT (envelope-from antoine@FreeBSD.org) Message-Id: <201409241307.s8OD7YAU073051@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: antoine set sender to antoine@FreeBSD.org using -f From: Antoine Brodin Date: Wed, 24 Sep 2014 13:07:34 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369177 - branches/2014Q3/editors/wordgrinder X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2014 13:07:34 -0000 Author: antoine Date: Wed Sep 24 13:07:33 2014 New Revision: 369177 URL: http://svnweb.freebsd.org/changeset/ports/369177 QAT: https://qat.redports.org/buildarchive/r369177/ Log: Mark wordgrinder BROKEN in 2014Q3 branch Fixing it would require major upgrade of some dependencies Approved by: portmgr (self) Modified: branches/2014Q3/editors/wordgrinder/Makefile Modified: branches/2014Q3/editors/wordgrinder/Makefile ============================================================================== --- branches/2014Q3/editors/wordgrinder/Makefile Wed Sep 24 12:59:32 2014 (r369176) +++ branches/2014Q3/editors/wordgrinder/Makefile Wed Sep 24 13:07:33 2014 (r369177) @@ -11,6 +11,8 @@ COMMENT= Simple Unicode-aware console-ba LICENSE= MIT +BROKEN= Fails to build + RUN_DEPENDS= ${LUA_MODLIBDIR}/lfs.so:${PORTSDIR}/devel/luafilesystem USES= lua:51 tar:bzip2 From owner-svn-ports-branches@FreeBSD.ORG Wed Sep 24 17:52:23 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 74FDA8DF; Wed, 24 Sep 2014 17:52:23 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5FE971AC; Wed, 24 Sep 2014 17:52:23 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8OHqNp1008324; Wed, 24 Sep 2014 17:52:23 GMT (envelope-from ehaupt@FreeBSD.org) Received: (from ehaupt@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8OHqMo8008319; Wed, 24 Sep 2014 17:52:22 GMT (envelope-from ehaupt@FreeBSD.org) Message-Id: <201409241752.s8OHqMo8008319@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: ehaupt set sender to ehaupt@FreeBSD.org using -f From: Emanuel Haupt Date: Wed, 24 Sep 2014 17:52:22 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369191 - branches/2014Q3/shells/bash X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2014 17:52:23 -0000 Author: ehaupt Date: Wed Sep 24 17:52:22 2014 New Revision: 369191 URL: http://svnweb.freebsd.org/changeset/ports/369191 QAT: https://qat.redports.org/buildarchive/r369191/ Log: - Update to patch level 25 (4.3.25) - Provide CPE information [1] Provided by: des [1] Security: CVE-2014-6271 Approved by: portmgr (bdrewery) Modified: branches/2014Q3/shells/bash/Makefile branches/2014Q3/shells/bash/distinfo branches/2014Q3/shells/bash/pkg-plist Modified: branches/2014Q3/shells/bash/Makefile ============================================================================== --- branches/2014Q3/shells/bash/Makefile Wed Sep 24 17:31:45 2014 (r369190) +++ branches/2014Q3/shells/bash/Makefile Wed Sep 24 17:52:22 2014 (r369191) @@ -2,9 +2,9 @@ # $FreeBSD$ PORTNAME= bash -PATCHLEVEL= 18 +PATCHLEVEL= 25 PORTVERSION= 4.3.${PATCHLEVEL:S/^0//g} -PORTREVISION?= 2 +PORTREVISION?= 0 CATEGORIES= shells MASTER_SITES= GNU MASTER_SITE_SUBDIR= ${PORTNAME} @@ -30,8 +30,9 @@ IMPLICITCD_DESC= Use directory name alon COLONBREAKSWORDS_DESC= Colons break words HELP_DESC= Enable builtin help -USES= bison makeinfo +USES= bison cpe makeinfo OPTIONS_SUB= yes +CPE_VENDOR= gnu IMPLICITCD_EXTRA_PATCHES= ${PATCHDIR}/extrapatch-implicitcd COLONBREAKSWORDS_EXTRA_PATCHES= ${PATCHDIR}/extrapatch-colonbreakswords Modified: branches/2014Q3/shells/bash/distinfo ============================================================================== --- branches/2014Q3/shells/bash/distinfo Wed Sep 24 17:31:45 2014 (r369190) +++ branches/2014Q3/shells/bash/distinfo Wed Sep 24 17:52:22 2014 (r369191) @@ -36,3 +36,17 @@ SHA256 (bash/bash43-017) = 1267c25c6b5ba SIZE (bash/bash43-017) = 1565 SHA256 (bash/bash43-018) = 7aa8b40a9e973931719d8cc72284a8fb3292b71b522db57a5a79052f021a3d58 SIZE (bash/bash43-018) = 1315 +SHA256 (bash/bash43-019) = a7a91475228015d676cafa86d2d7aa9c5d2139aa51485b6bbdebfdfbcf0d2d23 +SIZE (bash/bash43-019) = 2610 +SHA256 (bash/bash43-020) = ca5e86d87f178128641fe91f2f094875b8c1eb2de9e0d2e9154f5d5cc0336c98 +SIZE (bash/bash43-020) = 2777 +SHA256 (bash/bash43-021) = 41439f06883e6bd11c591d9d5e9ae08afbc2abd4b935e1d244b08100076520a9 +SIZE (bash/bash43-021) = 1623 +SHA256 (bash/bash43-022) = fd4d47bb95c65863f634c4706c65e1e3bae4ee8460c72045c0a0618689061a88 +SIZE (bash/bash43-022) = 1782 +SHA256 (bash/bash43-023) = 9ac250c7397a8f53dbc84dfe790d2a418fbf1fe090bcece39b4a5c84a2d300d4 +SIZE (bash/bash43-023) = 3414 +SHA256 (bash/bash43-024) = 3b505882a0a6090667d75824fc919524cd44cc3bd89dd08b7c4e622d3f960f6c +SIZE (bash/bash43-024) = 1909 +SHA256 (bash/bash43-025) = 1e5186f5c4a619bb134a1177d9e9de879f3bb85d9c5726832b03a762a2499251 +SIZE (bash/bash43-025) = 3940 Modified: branches/2014Q3/shells/bash/pkg-plist ============================================================================== --- branches/2014Q3/shells/bash/pkg-plist Wed Sep 24 17:31:45 2014 (r369190) +++ branches/2014Q3/shells/bash/pkg-plist Wed Sep 24 17:52:22 2014 (r369191) @@ -39,7 +39,3 @@ man/man1/bashbug.1.gz %%NLS%%share/locale/vi/LC_MESSAGES/bash.mo %%NLS%%share/locale/zh_CN/LC_MESSAGES/bash.mo %%NLS%%share/locale/zh_TW/LC_MESSAGES/bash.mo -%%NLS%%@dirrmtry share/locale/en@boldquot/LC_MESSAGES -%%NLS%%@dirrmtry share/locale/en@boldquot -%%NLS%%@dirrmtry share/locale/en@quot/LC_MESSAGES -%%NLS%%@dirrmtry share/locale/en@quot From owner-svn-ports-branches@FreeBSD.ORG Wed Sep 24 18:12:40 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 68FA3E99; Wed, 24 Sep 2014 18:12:40 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 39C6E605; Wed, 24 Sep 2014 18:12:40 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8OICeih018147; Wed, 24 Sep 2014 18:12:40 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8OICdU7018146; Wed, 24 Sep 2014 18:12:39 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201409241812.s8OICdU7018146@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Wed, 24 Sep 2014 18:12:39 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369193 - branches/2014Q3/security/vuxml X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2014 18:12:40 -0000 Author: delphij Date: Wed Sep 24 18:12:39 2014 New Revision: 369193 URL: http://svnweb.freebsd.org/changeset/ports/369193 QAT: https://qat.redports.org/buildarchive/r369193/ Log: MFH: r369192 Document bash remote code execution vulnerability. Approved by: portmgr (ports-security blanket) Modified: branches/2014Q3/security/vuxml/vuln.xml Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q3/security/vuxml/vuln.xml Wed Sep 24 18:07:12 2014 (r369192) +++ branches/2014Q3/security/vuxml/vuln.xml Wed Sep 24 18:12:39 2014 (r369193) @@ -57,6 +57,42 @@ Notes: --> + + bash -- remote code execution vulnerability + + + bash + bash-static + 3.03.0.17 + 3.13.1.18 + 3.23.2.52 + 4.04.0.39 + 4.14.1.12 + 4.24.2.48 + 4.34.3.25 + + + + +

Chet Ramey reports:

+
+

Under certain circumstances, bash will execute user code + while processing the environment for exported function + definitions.

+
+ + + + CVE-2014-6271 + https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ + https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html + + + 2014-09-24 + 2014-09-24 + + + asterisk -- Remotely triggered crash From owner-svn-ports-branches@FreeBSD.ORG Wed Sep 24 18:18:02 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8E90627B; Wed, 24 Sep 2014 18:18:02 +0000 (UTC) Received: from mail-yk0-x235.google.com (mail-yk0-x235.google.com [IPv6:2607:f8b0:4002:c07::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 25C5466B; Wed, 24 Sep 2014 18:18:02 +0000 (UTC) Received: by mail-yk0-f181.google.com with SMTP id 200so2900036ykr.26 for ; Wed, 24 Sep 2014 11:18:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=sKvSLNjZmChr/n/pjzWHXZbmta96ZaC/nSVoRvU2F2s=; b=novh57HZt6T/WrE/3xeRp+4af+ty+1/oGpnwa2FFmYwSk1HUGyPkG/qqfID1imRoEH 9g8CEFey/ZU4aSEHv3MilmFB/gGYpMgGiiTkThJUoHFQccpYk3SJADf/gKz1Z7bHK3/i zKKH8GUaSyVelrsBFcD80C0df0KkMxdDujWq3xVbY7Qjue04c/B8SoY4yoPIIFvDrwuI 0yJniwpNU/2FEh4hb/gDiSXSpU7ZHwKtymcJW2Q3ubAQmJLunDJXVRr1jhXSsznaGRXD z1zChMqVP94Bs2GX+6WagkoDqkEK8GPJ5PW8N4SVDsN2baj1M5gnpnX0qxxYT9Mvgdp4 FvqQ== MIME-Version: 1.0 X-Received: by 10.236.166.100 with SMTP id f64mr1993103yhl.114.1411582681347; Wed, 24 Sep 2014 11:18:01 -0700 (PDT) Sender: antoine.brodin.freebsd@gmail.com Received: by 10.170.164.197 with HTTP; Wed, 24 Sep 2014 11:18:01 -0700 (PDT) In-Reply-To: <201409241812.s8OICdU7018146@svn.freebsd.org> References: <201409241812.s8OICdU7018146@svn.freebsd.org> Date: Wed, 24 Sep 2014 20:18:01 +0200 X-Google-Sender-Auth: lZ3XZ_oPgFFl9p3T4RaLJRkN20M Message-ID: Subject: Re: svn commit: r369193 - branches/2014Q3/security/vuxml From: Antoine Brodin To: Xin LI Content-Type: text/plain; charset=UTF-8 Cc: "svn-ports-all@freebsd.org" , svn-ports-branches@freebsd.org, "ports-committers@freebsd.org" X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2014 18:18:02 -0000 On Wed, Sep 24, 2014 at 8:12 PM, Xin LI wrote: > Author: delphij > Date: Wed Sep 24 18:12:39 2014 > New Revision: 369193 > URL: http://svnweb.freebsd.org/changeset/ports/369193 > QAT: https://qat.redports.org/buildarchive/r369193/ > > Log: > MFH: r369192 > > Document bash remote code execution vulnerability. > > Approved by: portmgr (ports-security blanket) Hi, Commits to the quarterly branches can be Approved by: ports-secteam, not need to invoke portmgr Cheers, Antoine From owner-svn-ports-branches@FreeBSD.ORG Thu Sep 25 08:31:41 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CDAD1427; Thu, 25 Sep 2014 08:31:41 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AE7107DB; Thu, 25 Sep 2014 08:31:41 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8P8Vf47029267; Thu, 25 Sep 2014 08:31:41 GMT (envelope-from rene@FreeBSD.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8P8VfjT029264; Thu, 25 Sep 2014 08:31:41 GMT (envelope-from rene@FreeBSD.org) Message-Id: <201409250831.s8P8VfjT029264@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: rene set sender to rene@FreeBSD.org using -f From: Rene Ladan Date: Thu, 25 Sep 2014 08:31:41 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369222 - branches/2014Q3/security/vuxml X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 08:31:42 -0000 Author: rene Date: Thu Sep 25 08:31:40 2014 New Revision: 369222 URL: http://svnweb.freebsd.org/changeset/ports/369222 QAT: https://qat.redports.org/buildarchive/r369222/ Log: MFH: r369217 Document new vulnerability in www/chromium < 37.0.2062.124 Obtained from: http://googlechromereleases.blogspot.nl/ Document krfb -- Multiple security issues in bundled libvncserver (while here) Approved by: portmgr (erwin) Modified: branches/2014Q3/security/vuxml/vuln.xml Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q3/security/vuxml/vuln.xml Thu Sep 25 08:17:08 2014 (r369221) +++ branches/2014Q3/security/vuxml/vuln.xml Thu Sep 25 08:31:40 2014 (r369222) @@ -57,6 +57,65 @@ Notes: --> + + chromium -- RSA signature malleability in NSS + + + chromium + 37.0.2062.124 + + + + +

Google Chrome Releases reports:

+
+

[414124] RSA signature malleability in NSS (CVE-2014-1568). + Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith + and Advanced Threat Research team at Intel Security

+
+ + + + CVE-2014-1568 + http://googlechromereleases.blogspot.nl/ + + + 2014-09-24 + 2014-09-25 + + + + + krfb -- Multiple security issues in bundled libvncserver + + + krfb + 4.12.5_4 + + + + +

Martin Sandsmark reports:

+
+

krfb 4.14 [and earlier] embeds libvncserver which has had + several security issues.

+

Several remotely exploitable security issues have been + uncovered in libvncserver, some of which might allow a + remote authenticated user code execution or application + crashes.

+
+ + + + CVE-2014-6055 + http://lists.kde.org/?l=kde-announce&m=141153917319769&w=2 + + + 2014-09-23 + 2014-09-25 + + + bash -- remote code execution vulnerability From owner-svn-ports-branches@FreeBSD.ORG Thu Sep 25 09:08:24 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AB845CF1; Thu, 25 Sep 2014 09:08:24 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8B1C6BE7; Thu, 25 Sep 2014 09:08:24 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8P98Owe044634; Thu, 25 Sep 2014 09:08:24 GMT (envelope-from rakuco@FreeBSD.org) Received: (from rakuco@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8P98O4u044632; Thu, 25 Sep 2014 09:08:24 GMT (envelope-from rakuco@FreeBSD.org) Message-Id: <201409250908.s8P98O4u044632@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: rakuco set sender to rakuco@FreeBSD.org using -f From: Raphael Kubo da Costa Date: Thu, 25 Sep 2014 09:08:24 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369224 - in branches/2014Q3/net/krfb: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 09:08:24 -0000 Author: rakuco Date: Thu Sep 25 09:08:23 2014 New Revision: 369224 URL: http://svnweb.freebsd.org/changeset/ports/369224 QAT: https://qat.redports.org/buildarchive/r369224/ Log: MFH: r369207 Add upstream patches for CVE-2014-6055 (more vulnerabilities in libvncserver). Don't worry, more recent krfb versions will stop bundling libvncserver. Security: fb25333d-442f-11e4-98f3-5453ed2e2b49 Approved by: portmgr (erwin), ports-secteam (rea) Added: branches/2014Q3/net/krfb/files/patch-CVE-2014-6055 - copied unchanged from r369207, head/net/krfb/files/patch-CVE-2014-6055 Modified: branches/2014Q3/net/krfb/Makefile Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/net/krfb/Makefile ============================================================================== --- branches/2014Q3/net/krfb/Makefile Thu Sep 25 09:08:21 2014 (r369223) +++ branches/2014Q3/net/krfb/Makefile Thu Sep 25 09:08:23 2014 (r369224) @@ -2,7 +2,7 @@ PORTNAME= krfb PORTVERSION= ${KDE4_VERSION} -PORTREVISION= 1 +PORTREVISION= 4 CATEGORIES= net kde MASTER_SITES= KDE/${KDE4_BRANCH}/${PORTVERSION}/src DIST_SUBDIR= KDE/${PORTVERSION} Copied: branches/2014Q3/net/krfb/files/patch-CVE-2014-6055 (from r369207, head/net/krfb/files/patch-CVE-2014-6055) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q3/net/krfb/files/patch-CVE-2014-6055 Thu Sep 25 09:08:23 2014 (r369224, copy of r369207, head/net/krfb/files/patch-CVE-2014-6055) @@ -0,0 +1,212 @@ +Fixes for CVE-2014-6055, taken from upstream. + +commit d931eafccf3140d740ac61e876dce72a23ade7f4 +Author: Martin T. H. Sandsmark +Date: Tue Sep 23 22:46:27 2014 +0200 + + libvncserver: Check malloc() return value on client->server ClientCutText message. + + Client can send up to 2**32-1 bytes of text, and such a large allocation + is likely to fail in case of high memory pressure. This would in a + server crash (write at address 0). + + Upstream commit: 6037a9074d52b1963c97cb28ea1096c7c14cbf28 + +commit 126a746dd7bee35840083e9bec7a52935a010346 +Author: Martin T. H. Sandsmark +Date: Tue Sep 23 22:43:38 2014 +0200 + + libnvcserver: Do not accept a scaling factor of zero. + + This would cause a division by zero and crash the server. + + Upstream commit: 05a9bd41a8ec0a9d580a8f420f41718bdd235446 + +commit 2e211579455fd832fb21322482c005b6a85aa1bf +Author: Martin T. H. Sandsmark +Date: Tue Sep 23 22:40:17 2014 +0200 + + libvncserver: Fix multiple stack-based buffer overflows in file transfer feature + + Upstream commit: 06ccdf016154fde8eccb5355613ba04c59127b2e + + CVE-2014-6055 + +commit 857c2b411ed806ef806116407612a2d2a40fab9c +Author: Martin T. H. Sandsmark +Date: Tue Sep 23 17:54:11 2014 +0200 + + libvncserver: Fix stack-based buffer overflow in rfbFileTransferOffer message, FileTime processing + + Upstream commit: f528072216dec01cee7ca35d94e171a3b909e677 + + CVE-2014-6055 +--- libvncserver/rfbserver.c ++++ libvncserver/rfbserver.c +@@ -1175,13 +1175,21 @@ typedef struct { + #define RFB_FILE_ATTRIBUTE_TEMPORARY 0x100 + #define RFB_FILE_ATTRIBUTE_COMPRESSED 0x800 + +-rfbBool rfbFilenameTranslate2UNIX(rfbClientPtr cl, char *path, char *unixPath) ++rfbBool rfbFilenameTranslate2UNIX(rfbClientPtr cl, char *path, char *unixPath, size_t unixPathMaxLen) + { + int x; + char *home=NULL; + + FILEXFER_ALLOWED_OR_CLOSE_AND_RETURN("", cl, FALSE); + ++ /* ++ * Do not use strncpy() - truncating the file name would probably have undesirable side effects ++ * Instead check if destination buffer is big enough ++ */ ++ ++ if (strlen(path) >= unixPathMaxLen) ++ return FALSE; ++ + /* C: */ + if (path[0]=='C' && path[1]==':') + strcpy(unixPath, &path[2]); +@@ -1190,6 +1198,10 @@ rfbBool rfbFilenameTranslate2UNIX(rfbClientPtr cl, char *path, char *unixPath) + home = getenv("HOME"); + if (home!=NULL) + { ++ /* Re-check buffer size */ ++ if ((strlen(path) + strlen(home) + 1) >= unixPathMaxLen) ++ return FALSE; ++ + strcpy(unixPath, home); + strcat(unixPath,"/"); + strcat(unixPath, path); +@@ -1227,7 +1239,9 @@ rfbBool rfbSendDirContent(rfbClientPtr cl, int length, char *buffer) + FILEXFER_ALLOWED_OR_CLOSE_AND_RETURN("", cl, FALSE); + + /* Client thinks we are Winblows */ +- rfbFilenameTranslate2UNIX(cl, buffer, path); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, path, sizeof(path))) ++ return FALSE; ++ + + if (DB) rfbLog("rfbProcessFileTransfer() rfbDirContentRequest: rfbRDirContent: \"%s\"->\"%s\"\n",buffer, path); + +@@ -1504,7 +1518,12 @@ rfbBool rfbProcessFileTransfer(rfbClientPtr cl, uint8_t contentType, uint8_t con + /* add some space to the end of the buffer as we will be adding a timespec to it */ + if ((buffer = rfbProcessFileTransferReadBuffer(cl, length))==NULL) return FALSE; + /* The client requests a File */ +- rfbFilenameTranslate2UNIX(cl, buffer, filename1); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, filename1, sizeof(filename1))) ++ { ++ if (buffer!=NULL) free(buffer); ++ return FALSE; ++ } ++ + cl->fileTransfer.fd=open(filename1, O_RDONLY, 0744); + + /* +@@ -1602,7 +1621,8 @@ rfbBool rfbProcessFileTransfer(rfbClientPtr cl, uint8_t contentType, uint8_t con + p = strrchr(buffer, ','); + if (p!=NULL) { + *p = '\0'; +- strcpy(szFileTime, p+1); ++ strncpy(szFileTime, p+1, sizeof(szFileTime)); ++ szFileTime[sizeof(szFileTime)-1] = '\x00'; /* ensure NULL terminating byte is present, even if copy overflowed */ + } else + szFileTime[0]=0; + +@@ -1619,7 +1639,12 @@ rfbBool rfbProcessFileTransfer(rfbClientPtr cl, uint8_t contentType, uint8_t con + } + sizeHtmp = Swap32IfLE(sizeHtmp); + +- rfbFilenameTranslate2UNIX(cl, buffer, filename1); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, filename1, sizeof(filename1))) ++ { ++ if (buffer!=NULL) free(buffer); ++ return FALSE; ++ } ++ + + /* If the file exists... We can send a rfbFileChecksums back to the client before we send an rfbFileAcceptHeader */ + /* TODO: Delta Transfer */ +@@ -1745,7 +1770,12 @@ rfbBool rfbProcessFileTransfer(rfbClientPtr cl, uint8_t contentType, uint8_t con + if ((buffer = rfbProcessFileTransferReadBuffer(cl, length))==NULL) return FALSE; + switch (contentParam) { + case rfbCDirCreate: /* Client requests the creation of a directory */ +- rfbFilenameTranslate2UNIX(cl, buffer, filename1); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, filename1, sizeof(filename1))) ++ { ++ if (buffer!=NULL) free(buffer); ++ return FALSE; ++ } ++ + retval = mkdir(filename1, 0755); + if (DB) rfbLog("rfbProcessFileTransfer() rfbCommand: rfbCDirCreate(\"%s\"->\"%s\") %s\n", buffer, filename1, (retval==-1?"Failed":"Success")); + /* +@@ -1754,7 +1784,11 @@ rfbBool rfbProcessFileTransfer(rfbClientPtr cl, uint8_t contentType, uint8_t con + if (buffer!=NULL) free(buffer); + return retval; + case rfbCFileDelete: /* Client requests the deletion of a file */ +- rfbFilenameTranslate2UNIX(cl, buffer, filename1); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, filename1, sizeof(filename1))) ++ { ++ if (buffer!=NULL) free(buffer); ++ return FALSE; ++ } + if (stat(filename1,&statbuf)==0) + { + if (S_ISDIR(statbuf.st_mode)) +@@ -1772,8 +1806,17 @@ rfbBool rfbProcessFileTransfer(rfbClientPtr cl, uint8_t contentType, uint8_t con + { + /* Split into 2 filenames ('*' is a seperator) */ + *p = '\0'; +- rfbFilenameTranslate2UNIX(cl, buffer, filename1); +- rfbFilenameTranslate2UNIX(cl, p+1, filename2); ++ if (!rfbFilenameTranslate2UNIX(cl, buffer, filename1, sizeof(filename1))) ++ { ++ if (buffer!=NULL) free(buffer); ++ return FALSE; ++ } ++ ++ if (!rfbFilenameTranslate2UNIX(cl, p+1, filename2, sizeof(filename2))) ++ { ++ if (buffer!=NULL) free(buffer); ++ return FALSE; ++ } + retval = rename(filename1,filename2); + if (DB) rfbLog("rfbProcessFileTransfer() rfbCommand: rfbCFileRename(\"%s\"->\"%s\" -->> \"%s\"->\"%s\") %s\n", buffer, filename1, p+1, filename2, (retval==-1?"Failed":"Success")); + /* +@@ -2361,6 +2404,12 @@ rfbProcessClientNormalMessage(rfbClientPtr cl) + + str = (char *)malloc(msg.cct.length); + ++ if (str == NULL) { ++ rfbLogPerror("rfbProcessClientNormalMessage: not enough memory"); ++ rfbCloseClient(cl); ++ return; ++ } ++ + if ((n = rfbReadExact(cl, str, msg.cct.length)) <= 0) { + if (n != 0) + rfbLogPerror("rfbProcessClientNormalMessage: read"); +@@ -2385,6 +2434,11 @@ rfbProcessClientNormalMessage(rfbClientPtr cl) + rfbCloseClient(cl); + return; + } ++ if (msg.ssc.scale == 0) { ++ rfbLogPerror("rfbProcessClientNormalMessage: will not accept a scale factor of zero"); ++ rfbCloseClient(cl); ++ return; ++ } + rfbStatRecordMessageRcvd(cl, msg.type, sz_rfbSetScaleMsg, sz_rfbSetScaleMsg); + rfbLog("rfbSetScale(%d)\n", msg.ssc.scale); + rfbScalingSetup(cl,cl->screen->width/msg.ssc.scale, cl->screen->height/msg.ssc.scale); +@@ -2401,6 +2455,11 @@ rfbProcessClientNormalMessage(rfbClientPtr cl) + rfbCloseClient(cl); + return; + } ++ if (msg.ssc.scale == 0) { ++ rfbLogPerror("rfbProcessClientNormalMessage: will not accept a scale factor of zero"); ++ rfbCloseClient(cl); ++ return; ++ } + rfbStatRecordMessageRcvd(cl, msg.type, sz_rfbSetScaleMsg, sz_rfbSetScaleMsg); + rfbLog("rfbSetScale(%d)\n", msg.ssc.scale); + rfbScalingSetup(cl,cl->screen->width/msg.ssc.scale, cl->screen->height/msg.ssc.scale); From owner-svn-ports-branches@FreeBSD.ORG Thu Sep 25 12:37:47 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 127C2D62; Thu, 25 Sep 2014 12:37:47 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D7B817C3; Thu, 25 Sep 2014 12:37:46 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8PCbkvF049328; Thu, 25 Sep 2014 12:37:46 GMT (envelope-from rene@FreeBSD.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8PCbkKC049324; Thu, 25 Sep 2014 12:37:46 GMT (envelope-from rene@FreeBSD.org) Message-Id: <201409251237.s8PCbkKC049324@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: rene set sender to rene@FreeBSD.org using -f From: Rene Ladan Date: Thu, 25 Sep 2014 12:37:46 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369246 - branches/2014Q3/www/chromium X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 12:37:47 -0000 Author: rene Date: Thu Sep 25 12:37:45 2014 New Revision: 369246 URL: http://svnweb.freebsd.org/changeset/ports/369246 QAT: https://qat.redports.org/buildarchive/r369246/ Log: MFH: r369245 Update www/chromium to 37.0.2062.124 to fix the NSS vulnerability. Security: http://vuxml.freebsd.org/freebsd/bd2ef267-4485-11e4-b0b7-00262d5ed8ee.html Approved by: portmgr (erwin) Modified: branches/2014Q3/www/chromium/Makefile branches/2014Q3/www/chromium/distinfo Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/www/chromium/Makefile ============================================================================== --- branches/2014Q3/www/chromium/Makefile Thu Sep 25 12:27:26 2014 (r369245) +++ branches/2014Q3/www/chromium/Makefile Thu Sep 25 12:37:45 2014 (r369246) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= chromium -PORTVERSION= 37.0.2062.120 +PORTVERSION= 37.0.2062.124 CATEGORIES= www MASTER_SITES= http://commondatastorage.googleapis.com/chromium-browser-official/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} Modified: branches/2014Q3/www/chromium/distinfo ============================================================================== --- branches/2014Q3/www/chromium/distinfo Thu Sep 25 12:27:26 2014 (r369245) +++ branches/2014Q3/www/chromium/distinfo Thu Sep 25 12:37:45 2014 (r369246) @@ -1,4 +1,4 @@ -SHA256 (chromium-37.0.2062.120.tar.xz) = b3073758b6caf384d30de20ba7514ee52cce5c1460bc768cd28d15f53f0c6efb -SIZE (chromium-37.0.2062.120.tar.xz) = 223332628 -SHA256 (chromium-37.0.2062.120-testdata.tar.xz) = 4d0fcc08caff9f12581695ca1d6c4bc87dfb9cd0428802408cc30809ea414e0d -SIZE (chromium-37.0.2062.120-testdata.tar.xz) = 114482628 +SHA256 (chromium-37.0.2062.124.tar.xz) = 5a7ca0b1e9b4c51555cf82d8bebf5a8cc5b5810ccacd1087ba82a17b8ac830d8 +SIZE (chromium-37.0.2062.124.tar.xz) = 223325856 +SHA256 (chromium-37.0.2062.124-testdata.tar.xz) = 08a9febabe4995b88ccb99203057fac2056615e35fe5e8907604a1e07e1a9794 +SIZE (chromium-37.0.2062.124-testdata.tar.xz) = 114485636 From owner-svn-ports-branches@FreeBSD.ORG Thu Sep 25 12:55:23 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 01C1C63C; Thu, 25 Sep 2014 12:55:22 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D675B99E; Thu, 25 Sep 2014 12:55:22 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8PCtMYr059010; Thu, 25 Sep 2014 12:55:22 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8PCtL62059001; Thu, 25 Sep 2014 12:55:21 GMT (envelope-from des@FreeBSD.org) Message-Id: <201409251255.s8PCtL62059001@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: des set sender to des@FreeBSD.org using -f From: Dag-Erling Smørgrav Date: Thu, 25 Sep 2014 12:55:21 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369250 - in branches/2014Q3/security: ca_root_nss nss nss/files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 12:55:23 -0000 Author: des Date: Thu Sep 25 12:55:21 2014 New Revision: 369250 URL: http://svnweb.freebsd.org/changeset/ports/369250 QAT: https://qat.redports.org/buildarchive/r369250/ Log: Update security/nss and security/ca_root_nss to 3.17.1. Manual merge because these ports have very complex revision history interleaved with other Mozilla ports. Approved by: ports-secteam Security: CVE-2014-1544 Security: 48108fb0-751c-4cbb-8f33-09239ead4b55.html Deleted: branches/2014Q3/security/nss/files/patch-bug856300 Modified: branches/2014Q3/security/ca_root_nss/Makefile branches/2014Q3/security/ca_root_nss/distinfo branches/2014Q3/security/ca_root_nss/pkg-plist branches/2014Q3/security/nss/Makefile branches/2014Q3/security/nss/distinfo Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/security/ca_root_nss/Makefile ============================================================================== --- branches/2014Q3/security/ca_root_nss/Makefile Thu Sep 25 12:48:21 2014 (r369249) +++ branches/2014Q3/security/ca_root_nss/Makefile Thu Sep 25 12:55:21 2014 (r369250) @@ -14,6 +14,7 @@ ETCSYMLINK_DESC= Add symlink to /etc/ssl USES= perl5 USE_PERL5= build +NO_ARCH= yes NO_WRKSUBDIR= yes CERTDIR?= share/certs @@ -24,7 +25,7 @@ PLIST_SUB+= CERTDIR=${CERTDIR} # !!! Please DO NOT submit patches for new version until it has !!! # !!! been committed there first. !!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -VERSION_NSS= 3.16.1 +VERSION_NSS= 3.17.1 #NSS_SUFFIX= .with.ckbi.1.93 CERTDATA_TXT_PATH= nss-${VERSION_NSS}/nss/lib/ckfw/builtins/certdata.txt BUNDLE_PROCESSOR= MAca-bundle.pl Modified: branches/2014Q3/security/ca_root_nss/distinfo ============================================================================== --- branches/2014Q3/security/ca_root_nss/distinfo Thu Sep 25 12:48:21 2014 (r369249) +++ branches/2014Q3/security/ca_root_nss/distinfo Thu Sep 25 12:55:21 2014 (r369250) @@ -1,2 +1,2 @@ -SHA256 (nss-3.16.1.tar.gz) = fab750f7d34c09cf34df25da1924a9a8f4c7f1768e2d456f8be767ecbbe84a6e -SIZE (nss-3.16.1.tar.gz) = 6409506 +SHA256 (nss-3.17.1.tar.gz) = 0e210afba7cd1e033a08f61fcd1f466639649fc413e72aa050f3d52c19376e5f +SIZE (nss-3.17.1.tar.gz) = 6927105 Modified: branches/2014Q3/security/ca_root_nss/pkg-plist ============================================================================== --- branches/2014Q3/security/ca_root_nss/pkg-plist Thu Sep 25 12:48:21 2014 (r369249) +++ branches/2014Q3/security/ca_root_nss/pkg-plist Thu Sep 25 12:55:21 2014 (r369250) @@ -1,4 +1,2 @@ %%CERTDIR%%/ca-root-nss.crt -@dirrmtry %%CERTDIR%% -%%ETCSYMLINK%%@cwd / -%%ETCSYMLINK%%etc/ssl/cert.pem +%%ETCSYMLINK%%/etc/ssl/cert.pem Modified: branches/2014Q3/security/nss/Makefile ============================================================================== --- branches/2014Q3/security/nss/Makefile Thu Sep 25 12:48:21 2014 (r369249) +++ branches/2014Q3/security/nss/Makefile Thu Sep 25 12:55:21 2014 (r369250) @@ -2,9 +2,7 @@ # $FreeBSD$ PORTNAME= nss -PORTVERSION= 3.16.1 -PORTREVISION= 1 -#DISTVERSIONSUFFIX= .with.ckbi.1.93 +PORTVERSION= 3.17.1 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src @@ -12,7 +10,7 @@ MAINTAINER= gecko@FreeBSD.org COMMENT= Libraries to support development of security-enabled applications BUILD_DEPENDS= zip:${PORTSDIR}/archivers/zip \ - nspr>=4.10.3:${PORTSDIR}/devel/nspr \ + nspr>=4.10.5:${PORTSDIR}/devel/nspr \ sqlite3>=3.7.15:${PORTSDIR}/databases/sqlite3 LIB_DEPENDS= libnspr4.so:${PORTSDIR}/devel/nspr \ libsqlite3.so:${PORTSDIR}/databases/sqlite3 @@ -21,7 +19,9 @@ WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVER MAKE_JOBS_UNSAFE= yes USE_LDCONFIG= ${PREFIX}/lib/nss -USES= gmake perl5 +USES= cpe gmake perl5 +CPE_VENDOR= mozilla +CPE_PRODUCT= network_security_services USE_PERL5= build MAKE_ENV= LIBRARY_PATH="${LOCALBASE}/lib" \ SQLITE_INCLUDE_DIR="${LOCALBASE}/include" \ @@ -40,15 +40,17 @@ INSTALL_BINS= certcgi certutil checkcert p7verify pk12util rsaperf shlibsign signtool signver \ ssltap strsclnt symkeyutil vfychain vfyserv -.if !defined(WITH_DEBUG) +OPTIONS_DEFINE= DEBUG + +.include + +.if ! ${PORT_OPTIONS:MDEBUG} MAKE_ENV+= BUILD_OPT=1 BINS= ${DIST}/${OPSYS}${OSREL}_OPT.OBJ .else BINS= ${DIST}/${OPSYS}${OSREL}_DBG.OBJ .endif -.include - .if ${ARCH} == amd64 USE_BINUTILS= # intel-gcm.s CFLAGS+= -B${LOCALBASE}/bin @@ -81,7 +83,7 @@ do-install: ${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss ${STAGEDIR}${PREFIX}/lib/nss ${FIND} ${DIST}/public/nss -type l \ -exec ${INSTALL_DATA} {} ${STAGEDIR}${PREFIX}/include/nss/nss \; - ${INSTALL_DATA} ${BINS}/lib/*.so.1 \ + ${INSTALL_LIB} ${BINS}/lib/*.so.1 \ ${STAGEDIR}${PREFIX}/lib/nss ${INSTALL_DATA} ${BINS}/lib/libcrmf.a \ ${STAGEDIR}${PREFIX}/lib/nss @@ -94,4 +96,4 @@ do-install: ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${STAGEDIR}${PREFIX}/bin ${INSTALL_DATA} ${WRKDIR}/nss.pc ${STAGEDIR}${PREFIX}/libdata/pkgconfig -.include +.include Modified: branches/2014Q3/security/nss/distinfo ============================================================================== --- branches/2014Q3/security/nss/distinfo Thu Sep 25 12:48:21 2014 (r369249) +++ branches/2014Q3/security/nss/distinfo Thu Sep 25 12:55:21 2014 (r369250) @@ -1,2 +1,2 @@ -SHA256 (nss-3.16.1.tar.gz) = fab750f7d34c09cf34df25da1924a9a8f4c7f1768e2d456f8be767ecbbe84a6e -SIZE (nss-3.16.1.tar.gz) = 6409506 +SHA256 (nss-3.17.1.tar.gz) = 0e210afba7cd1e033a08f61fcd1f466639649fc413e72aa050f3d52c19376e5f +SIZE (nss-3.17.1.tar.gz) = 6927105 From owner-svn-ports-branches@FreeBSD.ORG Thu Sep 25 15:39:29 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CE5A0704; Thu, 25 Sep 2014 15:39:29 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A0C38E7A; Thu, 25 Sep 2014 15:39:29 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8PFdTMN037439; Thu, 25 Sep 2014 15:39:29 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8PFdTPJ037435; Thu, 25 Sep 2014 15:39:29 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201409251539.s8PFdTPJ037435@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Thu, 25 Sep 2014 15:39:29 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369262 - in branches/2014Q3/shells/bash: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 15:39:29 -0000 Author: bdrewery Date: Thu Sep 25 15:39:28 2014 New Revision: 369262 URL: http://svnweb.freebsd.org/changeset/ports/369262 QAT: https://qat.redports.org/buildarchive/r369262/ Log: MFH: r369261 Fix CVE-2014-3659. The original fix in 25 was not enough. Obtained from: http://seclists.org/oss-sec/2014/q3/690 (bash developer) Security: CVE-2014-3659 Added: branches/2014Q3/shells/bash/files/patch-parse.y - copied unchanged from r369261, head/shells/bash/files/patch-parse.y Modified: branches/2014Q3/shells/bash/Makefile Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/shells/bash/Makefile ============================================================================== --- branches/2014Q3/shells/bash/Makefile Thu Sep 25 15:38:56 2014 (r369261) +++ branches/2014Q3/shells/bash/Makefile Thu Sep 25 15:39:28 2014 (r369262) @@ -4,7 +4,7 @@ PORTNAME= bash PATCHLEVEL= 25 PORTVERSION= 4.3.${PATCHLEVEL:S/^0//g} -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES= shells MASTER_SITES= GNU MASTER_SITE_SUBDIR= ${PORTNAME} @@ -64,6 +64,9 @@ CONFLICTS+= bash-static-[0-9]* .endif post-patch: +# Ensure y.tab.c is regenerated + ${TOUCH} ${WRKSRC}/parse.y + ${RM} ${WRKSRC}/y.tab.c @${REINPLACE_CMD} -e "s|%%PREFIX%%|${PREFIX}|g" ${WRKSRC}/doc/bash.1 .if ${PORT_OPTIONS:MSYSLOG} @${REINPLACE_CMD} \ Copied: branches/2014Q3/shells/bash/files/patch-parse.y (from r369261, head/shells/bash/files/patch-parse.y) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q3/shells/bash/files/patch-parse.y Thu Sep 25 15:39:28 2014 (r369262, copy of r369261, head/shells/bash/files/patch-parse.y) @@ -0,0 +1,13 @@ +http://seclists.org/oss-sec/2014/q3/690 + +*** ../bash-20140912/parse.y 2014-08-26 15:09:42.000000000 -0400 +--- parse.y 2014-09-24 22:47:28.000000000 -0400 +*************** +*** 2959,2962 **** +--- 2959,2964 ---- + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + current_token = '\n'; /* XXX */ + last_read_token = '\n'; From owner-svn-ports-branches@FreeBSD.ORG Fri Sep 26 07:38:03 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D171BDF5; Fri, 26 Sep 2014 07:38:03 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B2805B66; Fri, 26 Sep 2014 07:38:03 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8Q7c34O098767; Fri, 26 Sep 2014 07:38:03 GMT (envelope-from xmj@FreeBSD.org) Received: (from xmj@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8Q7c3nE098765; Fri, 26 Sep 2014 07:38:03 GMT (envelope-from xmj@FreeBSD.org) Message-Id: <201409260738.s8Q7c3nE098765@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: xmj set sender to xmj@FreeBSD.org using -f From: Johannes Jost Meixner Date: Fri, 26 Sep 2014 07:38:03 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369304 - branches/2014Q3/www/linux-f10-flashplugin11 X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2014 07:38:04 -0000 Author: xmj Date: Fri Sep 26 07:38:02 2014 New Revision: 369304 URL: http://svnweb.freebsd.org/changeset/ports/369304 QAT: https://qat.redports.org/buildarchive/r369304/ Log: MFH: r369267 Backport Adobe's Flash upgrade to fix twelve vulnerabilities. While here, set maintainer to emulation@ in line with r369160. Approved by: swills (mentor) Approved by: portmgr (erwin) Security: ca44b64c-4453-11e4-9ea1-c485083ca99c Modified: branches/2014Q3/www/linux-f10-flashplugin11/Makefile branches/2014Q3/www/linux-f10-flashplugin11/distinfo Modified: branches/2014Q3/www/linux-f10-flashplugin11/Makefile ============================================================================== --- branches/2014Q3/www/linux-f10-flashplugin11/Makefile Fri Sep 26 03:33:04 2014 (r369303) +++ branches/2014Q3/www/linux-f10-flashplugin11/Makefile Fri Sep 26 07:38:02 2014 (r369304) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= flashplugin -PORTVERSION= 11.2r202.378 +PORTVERSION= 11.2r202.406 CATEGORIES= www multimedia linux MASTER_SITES= http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \ LOCAL/nox:suplib @@ -11,7 +11,7 @@ DISTFILES= install_flash_player_11_linux linux-f10-flashsupport-9.0.1.i386.tar.gz:suplib DIST_SUBDIR= ${PORTNAME}/${PORTVERSION} -MAINTAINER= eadler@FreeBSD.org +MAINTAINER= emulation@FreeBSD.org COMMENT= Adobe Flash Player NPAPI Plugin ONLY_FOR_ARCHS= amd64 i386 @@ -25,12 +25,15 @@ RESTRICTED_FILES= ${DISTFILES:Nlinux-f10 NO_BUILD= yes NO_WRKSUBDIR= yes -USES= webplugin:linux desktop-file-utils +USES= webplugin:linux desktop-file-utils cpe WEBPLUGIN_FILES= libflashplayer.so OPTIONS_DEFINE= GNOME GNOME_DESC= include gnome support for .desktop file +CPE_VENDOR= adobe +CPE_PRODUCT= flash_player + OPTIONS_SUB= yes PLIST_SUB+=RESETPREFIX=${PREFIX} Modified: branches/2014Q3/www/linux-f10-flashplugin11/distinfo ============================================================================== --- branches/2014Q3/www/linux-f10-flashplugin11/distinfo Fri Sep 26 03:33:04 2014 (r369303) +++ branches/2014Q3/www/linux-f10-flashplugin11/distinfo Fri Sep 26 07:38:02 2014 (r369304) @@ -1,4 +1,4 @@ -SHA256 (flashplugin/11.2r202.378/install_flash_player_11_linux.i386.tar.gz) = 9f8fa4cf965189d421425fc2facc14fcebde1f2374a73bcd9750e407ed155eda -SIZE (flashplugin/11.2r202.378/install_flash_player_11_linux.i386.tar.gz) = 6926052 -SHA256 (flashplugin/11.2r202.378/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf -SIZE (flashplugin/11.2r202.378/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455 +SHA256 (flashplugin/11.2r202.406/install_flash_player_11_linux.i386.tar.gz) = 8b44f49b85ed7dba310306cd62a3de35d37bb8468c3841e4d713a0b80541c381 +SIZE (flashplugin/11.2r202.406/install_flash_player_11_linux.i386.tar.gz) = 6925631 +SHA256 (flashplugin/11.2r202.406/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf +SIZE (flashplugin/11.2r202.406/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455 From owner-svn-ports-branches@FreeBSD.ORG Fri Sep 26 21:10:27 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9777884F; Fri, 26 Sep 2014 21:10:27 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 81ED38C0; Fri, 26 Sep 2014 21:10:27 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8QLAROV086124; Fri, 26 Sep 2014 21:10:27 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8QLAQwW086121; Fri, 26 Sep 2014 21:10:26 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201409262110.s8QLAQwW086121@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Fri, 26 Sep 2014 21:10:26 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369345 - in branches/2014Q3: . shells/bash shells/bash/files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2014 21:10:27 -0000 Author: bdrewery Date: Fri Sep 26 21:10:26 2014 New Revision: 369345 URL: http://svnweb.freebsd.org/changeset/ports/369345 QAT: https://qat.redports.org/buildarchive/r369345/ Log: MFH: r369341 Disable function importing from the environment by default. This can be enabled by using --import-functions or enabling the IMPORTFUNCTIONS option. This removes the risk of further parser bugs leading to code execution, as well as the risk to setuid scripts and poorly written applications that do not cleanse their environment [1][2]. Also note that there is an unofficial 4.3.26 floating around that has not yet been officially released. r369261 covers the change in 4.3.26. See also: http://seclists.org/oss-sec/2014/q3/747 [1] http://seclists.org/oss-sec/2014/q3/746 [2] http://seclists.org/oss-sec/2014/q3/755 [3] Obtained from: NetBSD (based on) [3] PR: 193932 Reviewed by: Eric Vangyzen With hat: portmgr Added: branches/2014Q3/shells/bash/files/extrapatch-import-functions - copied unchanged from r369341, head/shells/bash/files/extrapatch-import-functions Modified: branches/2014Q3/UPDATING branches/2014Q3/shells/bash/Makefile Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/UPDATING ============================================================================== --- branches/2014Q3/UPDATING Fri Sep 26 20:47:35 2014 (r369344) +++ branches/2014Q3/UPDATING Fri Sep 26 21:10:26 2014 (r369345) @@ -5,6 +5,22 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20140926: + AFFECTS: users of shells/bash + AUTHOR: bdrewery@FreeBSD.org + + Bash supports a feature of exporting functions in the environment with + export -f. Running bash with exported functioned in the environment will + then import those functions into the environment. This resulted in + security issues CVE-2014-6271 and CVE-2014-7169, commonly known as + "shellshock". + + To fully mitigate against this sort of attack we have applied a non-upstream + patch to disable this functionality by default. You can execute bash + with --import-functions to allow it to import functions from the + environment. The default can also be changed in the port by selecting the + IMPORTFUNCTIONS option. + 20140627: AFFECTS: Users of Java AUTHOR: swills@FreeBSD.org Modified: branches/2014Q3/shells/bash/Makefile ============================================================================== --- branches/2014Q3/shells/bash/Makefile Fri Sep 26 20:47:35 2014 (r369344) +++ branches/2014Q3/shells/bash/Makefile Fri Sep 26 21:10:26 2014 (r369345) @@ -4,7 +4,7 @@ PORTNAME= bash PATCHLEVEL= 25 PORTVERSION= 4.3.${PATCHLEVEL:S/^0//g} -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES= shells MASTER_SITES= GNU MASTER_SITE_SUBDIR= ${PORTNAME} @@ -25,10 +25,12 @@ COMMENT= The GNU Project's Bourne Again LICENSE= GPLv3 OPTIONS_DEFINE= IMPLICITCD COLONBREAKSWORDS HELP NLS STATIC SYSLOG DOCS +OPTIONS_DEFINE+= IMPORTFUNCTIONS OPTIONS_DEFAULT= IMPLICITCD COLONBREAKSWORDS HELP NLS IMPLICITCD_DESC= Use directory name alone to cd into it COLONBREAKSWORDS_DESC= Colons break words HELP_DESC= Enable builtin help +IMPORTFUNCTIONS_DESC= Import function from env without --import-functions USES= bison cpe makeinfo OPTIONS_SUB= yes @@ -36,6 +38,8 @@ CPE_VENDOR= gnu IMPLICITCD_EXTRA_PATCHES= ${PATCHDIR}/extrapatch-implicitcd COLONBREAKSWORDS_EXTRA_PATCHES= ${PATCHDIR}/extrapatch-colonbreakswords +# Always apply this for now. The option will modify the default. +EXTRA_PATCHES+= ${PATCHDIR}/extrapatch-import-functions HELP_CONFIGURE_ENABLE= help-builtin NLS_CONFIGURE_ENABLE= nls @@ -54,6 +58,12 @@ CONFIGURE_ARGS+= --without-bash-malloc \ .include +.if ${PORT_OPTIONS:MIMPORTFUNCTIONS} +CFLAGS+= -DIMPORT_FUNCTIONS_DEF=1 +.else +CFLAGS+= -DIMPORT_FUNCTIONS_DEF=0 +.endif + .if ${PORT_OPTIONS:MSTATIC} || defined(NO_DYNAMICROOT) || (defined(NOSHARED) && ${NOSHARED:tl} != "no") CONFIGURE_ARGS+= --enable-static-link PKGNAMESUFFIX= -static Copied: branches/2014Q3/shells/bash/files/extrapatch-import-functions (from r369341, head/shells/bash/files/extrapatch-import-functions) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q3/shells/bash/files/extrapatch-import-functions Fri Sep 26 21:10:26 2014 (r369345, copy of r369341, head/shells/bash/files/extrapatch-import-functions) @@ -0,0 +1,43 @@ +Based on christos@NetBSD's patch + +--- shell.c.christos 2014-01-14 08:04:32.000000000 -0500 ++++ shell.c 2014-09-25 16:11:51.000000000 -0400 +@@ -229,6 +229,7 @@ + #else + int posixly_correct = 0; /* Non-zero means posix.2 superset. */ + #endif ++int import_functions = IMPORT_FUNCTIONS_DEF; /* Import functions from environment */ + + /* Some long-winded argument names. These are obviously new. */ + #define Int 1 +@@ -248,6 +249,7 @@ + { "help", Int, &want_initial_help, (char **)0x0 }, + { "init-file", Charp, (int *)0x0, &bashrc_file }, + { "login", Int, &make_login_shell, (char **)0x0 }, ++ { "import-functions", Int, &import_functions, (char **)0x0 }, + { "noediting", Int, &no_line_editing, (char **)0x0 }, + { "noprofile", Int, &no_profile, (char **)0x0 }, + { "norc", Int, &no_rc, (char **)0x0 }, + +$NetBSD: patch-variables.c,v 1.1 2014/09/25 20:28:32 christos Exp $ + +Only read functions from environment if flag is set. +--- variables.c.christos 2014-09-25 16:09:41.000000000 -0400 ++++ variables.c 2014-09-25 16:12:10.000000000 -0400 +@@ -105,6 +105,7 @@ + extern int assigning_in_environment; + extern int executing_builtin; + extern int funcnest_max; ++extern int import_functions; + + #if defined (READLINE) + extern int no_line_editing; +@@ -349,7 +350,7 @@ initialize_shell_variables (env, privmod + + /* If exported function, define it now. Don't import functions from + the environment in privileged mode. */ +- if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4)) ++ if (import_functions && privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4)) + { + string_length = strlen (string); + temp_string = (char *)xmalloc (3 + string_length + char_index); From owner-svn-ports-branches@FreeBSD.ORG Fri Sep 26 21:32:04 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6E10B22E; Fri, 26 Sep 2014 21:32:04 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 59816BA9; Fri, 26 Sep 2014 21:32:04 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8QLW44H099472; Fri, 26 Sep 2014 21:32:04 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8QLW3FJ099470; Fri, 26 Sep 2014 21:32:03 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201409262132.s8QLW3FJ099470@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Fri, 26 Sep 2014 21:32:03 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369348 - in branches/2014Q3/shells/bash: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2014 21:32:04 -0000 Author: bdrewery Date: Fri Sep 26 21:32:03 2014 New Revision: 369348 URL: http://svnweb.freebsd.org/changeset/ports/369348 QAT: https://qat.redports.org/buildarchive/r369348/ Log: MFH: r369347 Update to patchlevel 26. This is a NOP as r369261 already covered it. Deleted: branches/2014Q3/shells/bash/files/patch-parse.y Modified: branches/2014Q3/shells/bash/Makefile branches/2014Q3/shells/bash/distinfo Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/shells/bash/Makefile ============================================================================== --- branches/2014Q3/shells/bash/Makefile Fri Sep 26 21:29:20 2014 (r369347) +++ branches/2014Q3/shells/bash/Makefile Fri Sep 26 21:32:03 2014 (r369348) @@ -2,9 +2,9 @@ # $FreeBSD$ PORTNAME= bash -PATCHLEVEL= 25 +PATCHLEVEL= 26 PORTVERSION= 4.3.${PATCHLEVEL:S/^0//g} -PORTREVISION?= 2 +PORTREVISION?= 0 CATEGORIES= shells MASTER_SITES= GNU MASTER_SITE_SUBDIR= ${PORTNAME} Modified: branches/2014Q3/shells/bash/distinfo ============================================================================== --- branches/2014Q3/shells/bash/distinfo Fri Sep 26 21:29:20 2014 (r369347) +++ branches/2014Q3/shells/bash/distinfo Fri Sep 26 21:32:03 2014 (r369348) @@ -50,3 +50,5 @@ SHA256 (bash/bash43-024) = 3b505882a0a60 SIZE (bash/bash43-024) = 1909 SHA256 (bash/bash43-025) = 1e5186f5c4a619bb134a1177d9e9de879f3bb85d9c5726832b03a762a2499251 SIZE (bash/bash43-025) = 3940 +SHA256 (bash/bash43-026) = 2ecc12201b3ba4273b63af4e9aad2305168cf9babf6d11152796db08724c214d +SIZE (bash/bash43-026) = 1575 From owner-svn-ports-branches@FreeBSD.ORG Sat Sep 27 19:37:57 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ECB9FCEE; Sat, 27 Sep 2014 19:37:56 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CE6F6922; Sat, 27 Sep 2014 19:37:56 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8RJbuor035418; Sat, 27 Sep 2014 19:37:56 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8RJbuZd035416; Sat, 27 Sep 2014 19:37:56 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201409271937.s8RJbuZd035416@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Sat, 27 Sep 2014 19:37:56 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r369417 - in branches/2014Q3/net-mgmt/nrpe: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Sep 2014 19:37:57 -0000 Author: bdrewery Date: Sat Sep 27 19:37:55 2014 New Revision: 369417 URL: http://svnweb.freebsd.org/changeset/ports/369417 QAT: https://qat.redports.org/buildarchive/r369417/ Log: MFH: r369416 - Apply patch to fix timed out SSL connections from spinning CPU Tested by: bdrewery Submitted by: kajetan.staszkiewicz@innogames.de Submitted by: ohauer PR: 176438 Approved by: maintainer timeout Modified: branches/2014Q3/net-mgmt/nrpe/Makefile branches/2014Q3/net-mgmt/nrpe/files/patch-src-nrpe.c Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/net-mgmt/nrpe/Makefile ============================================================================== --- branches/2014Q3/net-mgmt/nrpe/Makefile Sat Sep 27 19:36:35 2014 (r369416) +++ branches/2014Q3/net-mgmt/nrpe/Makefile Sat Sep 27 19:37:55 2014 (r369417) @@ -3,7 +3,7 @@ PORTNAME= nrpe DISTVERSION= 2.15 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= net-mgmt MASTER_SITES= SF/nagios/${PORTNAME}-2.x/${PORTNAME}-${PORTVERSION} Modified: branches/2014Q3/net-mgmt/nrpe/files/patch-src-nrpe.c ============================================================================== --- branches/2014Q3/net-mgmt/nrpe/files/patch-src-nrpe.c Sat Sep 27 19:36:35 2014 (r369416) +++ branches/2014Q3/net-mgmt/nrpe/files/patch-src-nrpe.c Sat Sep 27 19:37:55 2014 (r369417) @@ -1,6 +1,15 @@ ---- src/nrpe.c.orig 2013-07-10 21:18:24.000000000 +0000 -+++ src/nrpe.c 2013-07-10 21:20:25.000000000 +0000 -@@ -89,7 +89,9 @@ +--- ./src/nrpe.c.orig 2013-09-06 17:27:13.000000000 +0200 ++++ ./src/nrpe.c 2013-10-05 17:15:33.000000000 +0200 +@@ -30,6 +30,8 @@ + #include "utils.h" + #include "acl.h" + ++#include ++ + #ifdef HAVE_SSL + #include "../include/dh.h" + #endif +@@ -100,7 +102,9 @@ int use_src=FALSE; /* Define parameter for SRC option */ @@ -10,7 +19,38 @@ int main(int argc, char **argv){ -@@ -1673,6 +1675,7 @@ +@@ -969,8 +973,14 @@ + continue; + + /* socket is nonblocking and we don't have a connection yet */ +- if(errno==EAGAIN) ++ if(errno==EAGAIN) { ++ struct pollfd pfd; ++ ++ pfd.fd = sock; ++ pfd.events = POLLIN; ++ poll(&pfd,1,-1); + continue; ++ } + + /* fix for HP-UX 11.0 - just retry */ + if(errno==ENOBUFS) +@@ -1207,9 +1217,13 @@ + if(result==STATE_OK && use_ssl==TRUE){ + if((ssl=SSL_new(ctx))!=NULL){ + SSL_set_fd(ssl,sock); ++ int n = 0; + + /* keep attempting the request if needed */ +- while(((rc=SSL_accept(ssl))!=1) && (SSL_get_error(ssl,rc)==SSL_ERROR_WANT_READ)); ++ while( ((rc=SSL_accept(ssl))!=1) && (SSL_get_error(ssl,rc)==SSL_ERROR_WANT_READ) && n <= 600){ ++ usleep(100000); ++ n++; ++ } + + if(rc!=1){ + syslog(LOG_ERR,"Error: Could not complete SSL handshake. %d\n",SSL_get_error(ssl,rc)); +@@ -1796,6 +1810,7 @@ return OK; } @@ -18,7 +58,7 @@ void complete_SSL_shutdown( SSL *ssl) { /* -@@ -1693,6 +1696,7 @@ +@@ -1816,6 +1831,7 @@ if( SSL_shutdown( ssl)) break; } }