git: 80ae8c028fe1 - main - security/botan2: Fix CVE-2024-50383 (+)

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dima Panov <fluffy_at_FreeBSD.org>
Date: Fri, 25 Jul 2025 12:33:40 UTC
The branch main has been updated by fluffy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=80ae8c028fe127f6f1313d7f1314970d1c4b1830

commit 80ae8c028fe127f6f1313d7f1314970d1c4b1830
Author:     Dima Panov <fluffy@FreeBSD.org>
AuthorDate: 2025-07-25 12:31:19 +0000
Commit:     Dima Panov <fluffy@FreeBSD.org>
CommitDate: 2025-07-25 12:31:19 +0000

    security/botan2: Fix CVE-2024-50383 (+)
    
    Backport upstream fix: make additions be constant time
    Fixes vulnerability CVE-2024-50383
    
    While here, prepare for upcoming retire of Boost.System library which is stub since Boost-1.70
---
 security/botan2/Makefile | 5 ++++-
 security/botan2/distinfo | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/security/botan2/Makefile b/security/botan2/Makefile
index 1ca8fcfdbee3..5e0f65c0ff07 100644
--- a/security/botan2/Makefile
+++ b/security/botan2/Makefile
@@ -9,7 +9,8 @@ DISTNAME=	Botan-${PORTVERSION}
 PATCH_SITES+=	https://github.com/randombit/botan/commit/
 PATCHFILES+=	37fec38ff97604f964122cd2d33f5d503f319b10.patch:-p1 \
 		698c383b050591ae1a239c9e6d4ebe05532d2eee.patch:-p1 \
-		0fed26215b52a3d30122deb528f6b4deb824eae7.patch:-p1
+		0fed26215b52a3d30122deb528f6b4deb824eae7.patch:-p1 \
+		1eb0d14a7c110207479f40c8369faacc73d945c8.patch:-p1
 
 MAINTAINER=	fluffy@FreeBSD.org
 COMMENT=	Portable, easy to use and efficient C++ crypto library
@@ -109,6 +110,8 @@ PLIST_SUB+=	HAS_PROCESSOR_RNG="@comment "
 post-patch:
 	@${REINPLACE_CMD} -e 's|^optimization_flags .*|optimization_flags "${CXXFLAGS}"|' \
 		${WRKSRC}/src/build-data/cc/clang.txt
+	@${REINPLACE_CMD} -e 's|boost_system|boost_filesystem|' \
+		${WRKSRC}/src/lib/utils/boost/info.txt
 
 post-install:
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/botan ${STAGEDIR}${PREFIX}/lib/libbotan-2.so.${_SOABIVER}.${_SHLIBVER}.${_SHLIBVERPATCH}
diff --git a/security/botan2/distinfo b/security/botan2/distinfo
index 334533525222..f45a3087e771 100644
--- a/security/botan2/distinfo
+++ b/security/botan2/distinfo
@@ -1,4 +1,4 @@
-TIMESTAMP = 1737980464
+TIMESTAMP = 1753445434
 SHA256 (Botan-2.19.5.tar.xz) = dfeea0e0a6f26d6724c4af01da9a7b88487adb2d81ba7c72fcaf52db522c9ad4
 SIZE (Botan-2.19.5.tar.xz) = 6140148
 SHA256 (37fec38ff97604f964122cd2d33f5d503f319b10.patch) = 65d185241f6ca5ed5f1ee271855d7733874218df7fccb82a21c12b97e47828c0
@@ -7,3 +7,5 @@ SHA256 (698c383b050591ae1a239c9e6d4ebe05532d2eee.patch) = b3d9c32018fb17035b8119
 SIZE (698c383b050591ae1a239c9e6d4ebe05532d2eee.patch) = 2927
 SHA256 (0fed26215b52a3d30122deb528f6b4deb824eae7.patch) = 5af4a25ee9252829469cdb33de9f8afd212b96520a03b50855f8fc73cb99779a
 SIZE (0fed26215b52a3d30122deb528f6b4deb824eae7.patch) = 2512
+SHA256 (1eb0d14a7c110207479f40c8369faacc73d945c8.patch) = 97df96aab5fb3632773b804e077171da48204e81776a945c69672e5c7b0d7396
+SIZE (1eb0d14a7c110207479f40c8369faacc73d945c8.patch) = 1300