Bug 201224 - net-p2p/bitcoin: Update to 0.10.2 (fixes security vulnerability)
Summary: net-p2p/bitcoin: Update to 0.10.2 (fixes security vulnerability)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Mark Felder
URL:
Keywords: patch, patch-ready, security
Depends on:
Blocks:
 
Reported: 2015-06-30 16:53 UTC by s7r
Modified: 2015-07-06 03:22 UTC (History)
4 users (show)

See Also:
robbak: maintainer-feedback+

Attachments
Patch to update to 0.10.2 (1.69 KB, patch)
2015-07-05 01:41 UTC, robbak 		robbak: maintainer-approval+
Details | Diff
Poudriere logs for build of -daemon in 8.4-i386 jail (161.37 KB, text/plain)
2015-07-05 01:44 UTC, robbak 		no flags Details
Poudriere logs for build of net-p2p/bitcoin in 8.4-i386 jail (255.08 KB, text/plain)
2015-07-05 01:45 UTC, robbak 		no flags Details
Poudriere logs for build of -daemon in 10.1-amd64 jail (160.10 KB, text/plain)
2015-07-05 01:46 UTC, robbak 		no flags Details
Poudriere logs for build of -utils in 9.3 amd64 jail (138.94 KB, text/plain)
2015-07-05 01:47 UTC, robbak 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description s7r 2015-06-30 16:53:30 UTC 
net-p2p/bitcoin is still at 0.10.1

0.10.2 was released which fixes an important DoS vulnerability on nodes. Thanks.
Comment 1 robbak 2015-07-05 01:41:11 UTC 
Created attachment 158359 [details]
Patch to update to 0.10.2

This patch updates the port to 0.10.2. It also adds a shebangfix to some testing python files, reorders the configure args, and adds a comment, to make testing easier.
Comment 2 robbak 2015-07-05 01:42:15 UTC 
Update patch applied. Thanks to all for the reports.
Comment 3 robbak 2015-07-05 01:44:26 UTC 
Created attachment 158360 [details]
Poudriere logs for build of -daemon in 8.4-i386 jail
Comment 4 robbak 2015-07-05 01:45:13 UTC 
Created attachment 158361 [details]
Poudriere logs for build of net-p2p/bitcoin in 8.4-i386 jail
Comment 5 robbak 2015-07-05 01:46:14 UTC 
Created attachment 158362 [details]
Poudriere logs for build of -daemon in 10.1-amd64 jail
Comment 6 robbak 2015-07-05 01:47:02 UTC 
Created attachment 158363 [details]
Poudriere logs for build of -utils in 9.3 amd64 jail
Comment 7 Mark Felder freebsd_committer freebsd_triage 2015-07-06 02:48:39 UTC 
I'll take this
Comment 8 commit-hook freebsd_committer freebsd_triage 2015-07-06 03:09:42 UTC 
A commit references this bug:

Author: feld
Date: Mon Jul  6 03:09:37 UTC 2015
New revision: 391383
URL: https://svnweb.freebsd.org/changeset/ports/391383

Log:
  Update to 0.10.2
  Resolves CVE-2015-3641

  https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

  PR:		201224
  Approved by:	maintainer

Changes:
  head/net-p2p/bitcoin/Makefile
  head/net-p2p/bitcoin/distinfo
Comment 9 commit-hook freebsd_committer freebsd_triage 2015-07-06 03:11:44 UTC 
A commit references this bug:

Author: feld
Date: Mon Jul  6 03:10:53 UTC 2015
New revision: 391384
URL: https://svnweb.freebsd.org/changeset/ports/391384

Log:
  MFH: r391383

  Update to 0.10.2
  Resolves CVE-2015-3641

  https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

  PR:		201224
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2015Q3/
  branches/2015Q3/net-p2p/bitcoin/Makefile
  branches/2015Q3/net-p2p/bitcoin/distinfo
Comment 10 Mark Felder freebsd_committer freebsd_triage 2015-07-06 03:22:24 UTC 
Committed, thanks