Date: Wed, 8 Jan 2014 11:18:44 +0000 (UTC) From: Roman Bogorodskiy <novel@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r339094 - in head/security/gnutls: . files Message-ID: <201401081118.s08BIifW035456@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: novel Date: Wed Jan 8 11:18:44 2014 New Revision: 339094 URL: http://svnweb.freebsd.org/changeset/ports/339094 Log: - Fix possbile DoS in TLS record decoding [1] - Fix installation without NLS [2] - Require gmake and perl for build because in some occasions it will rebuild the documentation that works in a proper way with gmake only and needs perl - Bump PORTREVISION Security: CVE-2013-2116 Reported by: mat [2] Added: head/security/gnutls/files/ head/security/gnutls/files/patch-lib-gnutls_cipher.c (contents, props changed) Modified: head/security/gnutls/Makefile head/security/gnutls/pkg-plist Modified: head/security/gnutls/Makefile ============================================================================== --- head/security/gnutls/Makefile Wed Jan 8 11:18:11 2014 (r339093) +++ head/security/gnutls/Makefile Wed Jan 8 11:18:44 2014 (r339094) @@ -3,7 +3,7 @@ PORTNAME= gnutls PORTVERSION= 2.12.23 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security net MASTER_SITES= \ ftp://ftp.gnutls.org/gcrypt/gnutls/v${PORTVERSION:C/.[0-9]+$//}/ @@ -19,7 +19,8 @@ LIB_DEPENDS= nettle:${PORTSDIR}/security CONFLICTS= gnutls-devel-[0-9]* -USES= pathfix pkgconfig iconv +USES= pathfix pkgconfig iconv gmake perl5 +USE_PERL5= build USE_BZIP2= yes USE_GNOME= ltverhack GNU_CONFIGURE= yes Added: head/security/gnutls/files/patch-lib-gnutls_cipher.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gnutls/files/patch-lib-gnutls_cipher.c Wed Jan 8 11:18:44 2014 (r339094) @@ -0,0 +1,11 @@ +--- lib/gnutls_cipher.c.orig 2013-02-04 12:53:03.000000000 +0400 ++++ lib/gnutls_cipher.c 2013-02-04 12:53:03.000000000 +0400 +@@ -561,6 +561,8 @@ + return GNUTLS_E_DECRYPTION_FAILED; + } + pad = ciphertext.data[ciphertext.size - 1]; /* pad */ ++ if (pad+1 > ciphertext.size-hash_size) ++ pad_failed = GNUTLS_E_DECRYPTION_FAILED; + + /* Check the pading bytes (TLS 1.x). + * Note that we access all 256 bytes of ciphertext for padding check Modified: head/security/gnutls/pkg-plist ============================================================================== --- head/security/gnutls/pkg-plist Wed Jan 8 11:18:11 2014 (r339093) +++ head/security/gnutls/pkg-plist Wed Jan 8 11:18:44 2014 (r339094) @@ -716,8 +716,8 @@ man/man3/gnutls_x509_rdn_get_oid.3.gz %%NLS%%share/locale/sv/LC_MESSAGES/libgnutls.mo %%NLS%%share/locale/vi/LC_MESSAGES/libgnutls.mo %%NLS%%share/locale/zh_CN/LC_MESSAGES/libgnutls.mo +%%NLS%%@dirrmtry share/locale/en@quot/LC_MESSAGES +%%NLS%%@dirrmtry share/locale/en@quot +%%NLS%%@dirrmtry share/locale/en@boldquot/LC_MESSAGES +%%NLS%%@dirrmtry share/locale/en@boldquot @dirrm include/gnutls -@dirrmtry share/locale/en@quot/LC_MESSAGES -@dirrmtry share/locale/en@quot -@dirrmtry share/locale/en@boldquot/LC_MESSAGES -@dirrmtry share/locale/en@boldquot
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401081118.s08BIifW035456>