From owner-freebsd-ports@FreeBSD.ORG Sat Mar 24 19:30:53 2012 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F155E1065673 for ; Sat, 24 Mar 2012 19:30:53 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 79D728FC15 for ; Sat, 24 Mar 2012 19:30:53 +0000 (UTC) Received: by iahk25 with SMTP id k25so8276166iah.13 for ; Sat, 24 Mar 2012 12:30:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=K2oqwXCHsm2N9s51SfG7UABRLVnFvQLblnAQqXwn3iw=; b=Jx7rkaYCoe/PQ6pzpglrCUYbiHk36AyWvv6zZMtJcgNQH6eG6fnFUdbDoBzACd2swL xfHraDZ5YYysfXvwoTlTaBc5GZnWEMcbkA1ZmCi+JICKoFPYdfeQYttsCeQ+0hiyEV35 AM2Ik3at72YnrUl+KIkXGU+yZIeOrWYnWY4ns= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=K2oqwXCHsm2N9s51SfG7UABRLVnFvQLblnAQqXwn3iw=; b=N0/be7qiX/ML2460qQdnJCx5NI/XXjMEI7/8bB7zvxfSdQm1S2ZQwcfZVL7qBJoQQ5 R5tLMa8T2DfA/z+amTq7C0nRSs8wSxnE/w1E4HWCMM5oqs2JqpRwG3YFsMF1/nFrB2Vb 1SpNxSaNdlfvhh6fI47wIqehm/g8qWV3WhNa8z1/woxXelkVYgKAiUbcc2T5zbxw6Evn pZY8lzjxV9bdLzIDGt4b+B5VPqX4CHBjK8/uqFCXpAGJOr57yb7K7qz+8dt5go9juGEQ yDv+DFNQib2c1EblfaYxHC55ZxrobO0v1S2lYNLvyiB+4+Y4Owj3RnCUsuaxgkJeCJgI nfiQ== Received: by 10.43.49.195 with SMTP id vb3mr10002396icb.33.1332617452723; Sat, 24 Mar 2012 12:30:52 -0700 (PDT) Received: from DataIX.net ([99.181.142.190]) by mx.google.com with ESMTPS id hq3sm14665876igc.0.2012.03.24.12.30.51 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 24 Mar 2012 12:30:52 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q2OJUmEQ066352 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 24 Mar 2012 15:30:48 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jhellenthal@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q2OJUm0w065765; Sat, 24 Mar 2012 15:30:48 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sat, 24 Mar 2012 15:30:48 -0400 From: Jason Hellenthal To: Ryan Steinmetz Message-ID: <20120324193048.GA30901@DataIX.net> References: <20120324172937.GA43822@DataIX.net> <20120324175245.GA78438@fast.rit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120324175245.GA78438@fast.rit.edu> X-Gm-Message-State: ALoCoQkl/I3zYJO3CeteYGzi7a5C6jO2YFLPBFzjds4SoIB578MZw4brHZ3dWFFybRkK3Q2+Mg+C Cc: ports@freebsd.org, pav@freebsd.org, delphij@freebsd.org, novel@freebsd.org Subject: Re: security/gnutls update when... X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Mar 2012 19:30:54 -0000 On Sat, Mar 24, 2012 at 01:52:45PM -0400, Ryan Steinmetz wrote: > On (03/24/12 13:29), Jason Hellenthal wrote: > > > > Apparently this port has fell two versions behind. Is there anything > > that is going to happen to update it to the current stable version ? > > > > > > These advisories have been out for a week now. And the current version > > is 2.12.18. > > > > > > Database created: Sat Mar 24 13:15:03 EDT 2012 > > Affected package: gnutls-2.12.16 > > Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. > > Reference: > > http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html > > > > Affected package: gnutls-2.12.16 > > Type of problem: gnutls -- possible overflow/Denial of service > > vulnerabilities. > > Reference: > > http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html > > > > 2 problem(s) in your installed packages found. > > > > > > > > -- > > ;s =; > > Jason, > > There is an update in progress (ports/166307). There is a shared > library version bump that is part of the gnutls update and this requires > a little extra scrutiny. This, combined with the upcoming 8.3 RELEASE > is what is contributing to the delay. > Thanks Ryan. Not to sound hasty I realize the release is coming and thought that to be most of the reason as well the shared bump, but I have already had to deal with a few ramifications from rand(lusers); I appreciate the feedback, it gives me at least something to work with. Thanks again. -- ;s =;