From owner-freebsd-ports-bugs@freebsd.org  Thu Jul 23 03:28:32 2015
Return-Path: <owner-freebsd-ports-bugs@freebsd.org>
Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5C3E09A8F9A
 for <freebsd-ports-bugs@mailman.ysv.freebsd.org>;
 Thu, 23 Jul 2015 03:28:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4765516E0
 for <freebsd-ports-bugs@FreeBSD.org>; Thu, 23 Jul 2015 03:28:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6N3SWlx059870
 for <freebsd-ports-bugs@FreeBSD.org>; Thu, 23 Jul 2015 03:28:32 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-ports-bugs@FreeBSD.org
Subject: [Bug 201780] dns/libidn: out-of-bounds read issue with invalid UTF-8
 input (CVE-2015-2059)
Date: Thu, 23 Jul 2015 03:28:32 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: jason.unovitch@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: attachments.created
Message-ID: <bug-201780-13-G4IyXLLG73@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-201780-13@https.bugs.freebsd.org/bugzilla/>
References: <bug-201780-13@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 03:28:32 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201780

--- Comment #1 from Jason Unovitch <jason.unovitch@gmail.com> ---
Created attachment 159103
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159103&action=edit
libidn-1.31.patch

Changelog:

- Update to upstream version 1.31
- Add USES=gmake to build on all supported FreeBSD releases

PR:        201780
Security:    CVE-2015-2059
Security:    4caf01e2-30e6-11e5-a4a5-002590263bf5


Details:
- 1.3.1 update is a given. The item worth discussing is upstream's comment in
their change log:
"and we are marking this release as beta rather than stable to signal that we
may reconsider this approach if people disagree. "

- Add USES=gmake.  libidn-1.30 and libidn-1.31 both build on FreeBSD 10+ where
bmake is the default.  I tested on 10.1-RELEASE, 10.2-BETA2, and 11-CURRENT. 
It will not build on 8.4-RELEASE and 9.3-RELEASE (shown below given the default
fmake).  This makes gmake the default so the port builds on all releases.

....
  CC       tlds.lo
  CCLD     libidn.la
Making all in po
Error expanding embedded variable.
*** [all-recursive] Error code 1

-- 
You are receiving this mail because:
You are the assignee for the bug.