Date: Tue, 13 Aug 2013 17:17:16 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r324675 - in head/security/polarssl: . files Message-ID: <201308131717.r7DHHG5I006622@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Tue Aug 13 17:17:15 2013 New Revision: 324675 URL: http://svnweb.freebsd.org/changeset/ports/324675 Log: Update to new version 1.2.8, fixing security issues (denial of service). Fix fetching, by bypassing splash screen (adds files/fetchwrapper.sh). Approved by: jase (maintainer) Security: 72bf9e21-03df-11e3-bd8d-080027ef73ec Security: CVE-2013-4623 Added: head/security/polarssl/files/fetchwrapper.sh (contents, props changed) Modified: head/security/polarssl/Makefile head/security/polarssl/distinfo head/security/polarssl/pkg-plist Modified: head/security/polarssl/Makefile ============================================================================== --- head/security/polarssl/Makefile Tue Aug 13 16:53:48 2013 (r324674) +++ head/security/polarssl/Makefile Tue Aug 13 17:17:15 2013 (r324675) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= polarssl -PORTVERSION= 1.2.7 +PORTVERSION= 1.2.8 DISTVERSIONSUFFIX= -gpl CATEGORIES= security devel MASTER_SITES= http://polarssl.org/download/ @@ -12,7 +12,10 @@ COMMENT= Open Source embedded SSL/TLS cr LICENSE= GPLv2 -FETCH_ARGS= -pRr +# bypass the HTML "now downloading..." splash site, code below +# .include <bsd.port.pre.mk> +URL_SUFFIX= ?do=yes +FETCH_ARGS= -pRro ${DISTFILES} ALL_TARGET= no_test USE_GMAKE= yes @@ -48,6 +51,9 @@ post-install: .include <bsd.port.pre.mk> +FETCH_CMD:= ${SHELL} ${FILESDIR}/fetchwrapper.sh \ + ${URL_SUFFIX} ${FETCH_BINARY} ${FETCH_ARGS} + .if ${ARCH} == "powerpc" BROKEN= Does not compile on powerpc .endif Modified: head/security/polarssl/distinfo ============================================================================== --- head/security/polarssl/distinfo Tue Aug 13 16:53:48 2013 (r324674) +++ head/security/polarssl/distinfo Tue Aug 13 17:17:15 2013 (r324675) @@ -1,2 +1,2 @@ -SHA256 (polarssl-1.2.7-gpl.tgz) = d64c2d1247f93cdeb884bd3706dfddffc636634bbf81d3772af750d5b5191328 -SIZE (polarssl-1.2.7-gpl.tgz) = 977888 +SHA256 (polarssl-1.2.8-gpl.tgz) = 23cf931e322ab397d26c89b7e805cf2229df46c5196f4f67ebfc0e285848637b +SIZE (polarssl-1.2.8-gpl.tgz) = 998609 Added: head/security/polarssl/files/fetchwrapper.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/polarssl/files/fetchwrapper.sh Tue Aug 13 17:17:15 2013 (r324675) @@ -0,0 +1,41 @@ +#!/bin/sh + +# $FreeBSD$ + +# This script tacks the first argument onto each URL found in the list, +# discards and then executes the list. + +# URL matching is simplistic, a URL is what matches *tp://* (so file:/// +# is not matched). + +# For instance, calling: +# fetchwrapper.sh '?do=yes' /usr/bin/fetch -pPr http://example.org/file +# will execute: +# /usr/bin/fetch -pPr http://example.org/file?do=yes + +# The intention is to work around download splash screens on web servers. + +# (C) Copyright 2013 by Matthias Andree. +# Licensed under the 2-clause BSD license. + +if [ $# -lt 3 ] ; then + echo >&2 "Usage: $0 URLsuffix fetch-command [options] URL [post-options]" + exit 1 +fi + +patcharray() { + # based on Rich Felker's "Working with arrays", + # http://www.etalabs.net/sh_tricks.html + for i do + case "$i" in *tp://*) j=$suffix ;; *) j= ;; esac + printf %s%s\\n "$i" "$j" | sed -e "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" + done + echo " " +} + +suffix="$1" ; shift +args=$(patcharray "$@") +eval "set -- $args" + +set -x +exec "$@" Modified: head/security/polarssl/pkg-plist ============================================================================== --- head/security/polarssl/pkg-plist Tue Aug 13 16:53:48 2013 (r324674) +++ head/security/polarssl/pkg-plist Tue Aug 13 17:17:15 2013 (r324675) @@ -50,6 +50,8 @@ include/polarssl/padlock.h include/polarssl/pem.h include/polarssl/pbkdf2.h include/polarssl/pkcs11.h +include/polarssl/pkcs12.h +include/polarssl/pkcs5.h include/polarssl/rsa.h include/polarssl/sha1.h include/polarssl/sha2.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308131717.r7DHHG5I006622>