svn commit: r339094 - in head/security/gnutls: . files

Roman Bogorodskiy novel at FreeBSD.org
Wed Jan 8 11:18:45 UTC 2014 

Author: novel
Date: Wed Jan  8 11:18:44 2014
New Revision: 339094
URL: http://svnweb.freebsd.org/changeset/ports/339094

Log:
  - Fix possbile DoS in TLS record decoding [1]
  - Fix installation without NLS [2]
  - Require gmake and perl for build because in some
    occasions it will rebuild the documentation that
    works in a proper way with gmake only and needs perl
  - Bump PORTREVISION
  
  Security:	CVE-2013-2116
  Reported by:	mat [2]

Added:
  head/security/gnutls/files/
  head/security/gnutls/files/patch-lib-gnutls_cipher.c   (contents, props changed)
Modified:
  head/security/gnutls/Makefile
  head/security/gnutls/pkg-plist

Modified: head/security/gnutls/Makefile
==============================================================================
--- head/security/gnutls/Makefile	Wed Jan  8 11:18:11 2014	(r339093)
+++ head/security/gnutls/Makefile	Wed Jan  8 11:18:44 2014	(r339094)
@@ -3,7 +3,7 @@
 
 PORTNAME=	gnutls
 PORTVERSION=	2.12.23
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security net
 MASTER_SITES=	\
 	ftp://ftp.gnutls.org/gcrypt/gnutls/v${PORTVERSION:C/.[0-9]+$//}/
@@ -19,7 +19,8 @@ LIB_DEPENDS=	nettle:${PORTSDIR}/security
 
 CONFLICTS=	gnutls-devel-[0-9]*
 
-USES=		pathfix pkgconfig iconv
+USES=		pathfix pkgconfig iconv gmake perl5
+USE_PERL5=	build
 USE_BZIP2=	yes
 USE_GNOME=	ltverhack
 GNU_CONFIGURE=	yes

Added: head/security/gnutls/files/patch-lib-gnutls_cipher.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/gnutls/files/patch-lib-gnutls_cipher.c	Wed Jan  8 11:18:44 2014	(r339094)
@@ -0,0 +1,11 @@
+--- lib/gnutls_cipher.c.orig	2013-02-04 12:53:03.000000000 +0400
++++ lib/gnutls_cipher.c	2013-02-04 12:53:03.000000000 +0400
+@@ -561,6 +561,8 @@
+           return GNUTLS_E_DECRYPTION_FAILED;
+         }
+       pad = ciphertext.data[ciphertext.size - 1];   /* pad */
++      if (pad+1 > ciphertext.size-hash_size)
++        pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+ 
+       /* Check the pading bytes (TLS 1.x). 
+        * Note that we access all 256 bytes of ciphertext for padding check

Modified: head/security/gnutls/pkg-plist
==============================================================================
--- head/security/gnutls/pkg-plist	Wed Jan  8 11:18:11 2014	(r339093)
+++ head/security/gnutls/pkg-plist	Wed Jan  8 11:18:44 2014	(r339094)
@@ -716,8 +716,8 @@ man/man3/gnutls_x509_rdn_get_oid.3.gz
 %%NLS%%share/locale/sv/LC_MESSAGES/libgnutls.mo
 %%NLS%%share/locale/vi/LC_MESSAGES/libgnutls.mo
 %%NLS%%share/locale/zh_CN/LC_MESSAGES/libgnutls.mo
+%%NLS%%@dirrmtry share/locale/en at quot/LC_MESSAGES
+%%NLS%%@dirrmtry share/locale/en at quot
+%%NLS%%@dirrmtry share/locale/en at boldquot/LC_MESSAGES
+%%NLS%%@dirrmtry share/locale/en at boldquot
 @dirrm include/gnutls
- at dirrmtry share/locale/en at quot/LC_MESSAGES
- at dirrmtry share/locale/en at quot
- at dirrmtry share/locale/en at boldquot/LC_MESSAGES
- at dirrmtry share/locale/en at boldquot

More information about the svn-ports-all mailing list