From owner-freebsd-ports@FreeBSD.ORG Sat Mar 24 17:52:48 2012 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 22A1C1065676; Sat, 24 Mar 2012 17:52:48 +0000 (UTC) (envelope-from zi@FreeBSD.org) Received: from fast.rit.edu (fast.rit.edu [129.21.182.30]) by mx1.freebsd.org (Postfix) with ESMTP id E194C8FC1D; Sat, 24 Mar 2012 17:52:47 +0000 (UTC) Received: from fast.rit.edu (localhost.rit.edu [127.0.0.1]) by fast.rit.edu (Postfix) with ESMTP id 2B5361D235; Sat, 24 Mar 2012 13:52:47 -0400 (EDT) X-Virus-Scanned: by amavisd-new at fast.rit.edu Received: from fast.rit.edu ([127.0.0.1]) by fast.rit.edu (fast.rit.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1OlW5KWcvWW1; Sat, 24 Mar 2012 13:52:46 -0400 (EDT) Received: from syn.rit.edu (syn.rit.edu [129.21.182.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by fast.rit.edu (Postfix) with ESMTPS id 5839E1D21A; Sat, 24 Mar 2012 13:52:46 -0400 (EDT) Received: from syn.rit.edu (localhost.rit.edu [127.0.0.1]) by syn.rit.edu (8.14.4/8.14.3) with ESMTP id q2OHqkf7044045; Sat, 24 Mar 2012 13:52:46 -0400 (EDT) (envelope-from zi@FreeBSD.org) Received: (from zi@localhost) by syn.rit.edu (8.14.4/8.14.3/Submit) id q2OHqjYn043876; Sat, 24 Mar 2012 13:52:45 -0400 (EDT) (envelope-from zi@FreeBSD.org) Date: Sat, 24 Mar 2012 13:52:45 -0400 From: Ryan Steinmetz To: Jason Hellenthal Message-ID: <20120324175245.GA78438@fast.rit.edu> References: <20120324172937.GA43822@DataIX.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120324172937.GA43822@DataIX.net> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: ports@FreeBSD.org, pav@FreeBSD.org, delphij@FreeBSD.org, novel@FreeBSD.org Subject: Re: security/gnutls update when... X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Mar 2012 17:52:48 -0000 On (03/24/12 13:29), Jason Hellenthal wrote: > > Apparently this port has fell two versions behind. Is there anything > that is going to happen to update it to the current stable version ? > > > These advisories have been out for a week now. And the current version > is 2.12.18. > > > Database created: Sat Mar 24 13:15:03 EDT 2012 > Affected package: gnutls-2.12.16 > Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. > Reference: > http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html > > Affected package: gnutls-2.12.16 > Type of problem: gnutls -- possible overflow/Denial of service > vulnerabilities. > Reference: > http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html > > 2 problem(s) in your installed packages found. > > > > -- > ;s =; Jason, There is an update in progress (ports/166307). There is a shared library version bump that is part of the gnutls update and this requires a little extra scrutiny. This, combined with the upcoming 8.3 RELEASE is what is contributing to the delay. Hope this helps, -r -- Ryan Steinmetz PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2