FreeBSD Bugzilla – Attachment 250092 Details for
Bug 278463
ftp/filezilla: needs update to 3.67.0 to fix PuTTY bug leaking info on NIST-P521 based private keys [CVE-2024-31497]
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
filezilla security update fixing the PuTTY NIST-P521 nonce vulnerability exposing ecdsa...nistp521 private keys
0002-ftp-filezilla-security-update-to-3.67.0.patch (text/plain), 3.90 KB, created by
Matthias Andree
on 2024-04-19 19:24:02 UTC
(
hide
)
Description:
filezilla security update fixing the PuTTY NIST-P521 nonce vulnerability exposing ecdsa...nistp521 private keys
Filename:
MIME Type:
Creator:
Matthias Andree
Created:
2024-04-19 19:24:02 UTC
Size:
3.90 KB
patch
obsolete
>From bd24006cd9025f7f3cb0f17ffdeea5c2776c79ff Mon Sep 17 00:00:00 2001 >From: Matthias Andree <mandree@FreeBSD.org> >Date: Fri, 19 Apr 2024 18:37:55 +0200 >Subject: [PATCH 2/2] ftp/filezilla: security update to 3.67.0 > >PR: 278463 >Security: 080936ba-fbb7-11ee-abc8-6960f2492b1d >Security: CVE-2024-31497 >--- > ftp/filezilla/Makefile | 24 +++++++++++------------- > ftp/filezilla/distinfo | 6 +++--- > ftp/filezilla/pkg-plist | 7 +++---- > 3 files changed, 17 insertions(+), 20 deletions(-) > >diff --git a/ftp/filezilla/Makefile b/ftp/filezilla/Makefile >index 14257a4c1790..092919e93cc0 100644 >--- a/ftp/filezilla/Makefile >+++ b/ftp/filezilla/Makefile >@@ -1,6 +1,6 @@ > PORTNAME= filezilla >-PORTVERSION= 3.55.1 >-PORTREVISION= 3 >+PORTVERSION= 3.67.0 >+PORTREVISION= 0 > CATEGORIES= ftp > MASTER_SITES= https://download.filezilla-project.org/client/ > DISTNAME= FileZilla_${PORTVERSION}_src >@@ -14,24 +14,26 @@ LICENSE_FILE= ${WRKSRC}/COPYING > > BUILD_DEPENDS= ${RUN_DEPENDS} > LIB_DEPENDS= libfilezilla.so:ftp/libfilezilla \ >- libfontconfig.so:x11-fonts/fontconfig \ >- libfreetype.so:print/freetype2 \ >- libgcrypt.so:security/libgcrypt \ >- libgnutls.so:security/gnutls \ >+ libharfbuzz.so:print/harfbuzz \ > libidn.so:dns/libidn \ > libnettle.so:security/nettle \ > libpugixml.so:textproc/pugixml >+ > RUN_DEPENDS= xdg-open:devel/xdg-utils > >+TEST_DEPENDS= cppunit-config:devel/cppunit >+TEST_TARGET= check >+ > USES= compiler:c++17-lang gmake gnome iconv:wchar_t libtool localbase \ >- pkgconfig sqlite tar:bzip2 >-USE_GNOME= cairo gtk30 >+ pkgconfig sqlite tar:xz >+USE_GNOME= cairo gtk30 gdkpixbuf2 > INSTALL_TARGET= install-strip > GNU_CONFIGURE= yes >+CONFIGURE_ARGS+=--enable-fast-install > GNU_CONFIGURE_MANPREFIX=${PREFIX}/share > WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} > >-USE_WX= 3.0 >+USE_WX= 3.2 > WX_CONF_ARGS= relative > > OPTIONS_DEFINE= DBUS NLS >@@ -49,8 +51,4 @@ NLS_CONFIGURE_OFF= --disable-locales > CONFIGURE_ARGS+= --disable-manualupdatecheck > .endif > >-post-patch: >- @${REINPLACE_CMD} -Ee 's|(dummy) wxrc|\1 ${WXRC_CMD:T}|' \ >- ${CONFIGURE_WRKSRC}/${CONFIGURE_SCRIPT} >- > .include <bsd.port.mk> >diff --git a/ftp/filezilla/distinfo b/ftp/filezilla/distinfo >index fbb1e692c995..df2e87c95a85 100644 >--- a/ftp/filezilla/distinfo >+++ b/ftp/filezilla/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1631620135 >-SHA256 (FileZilla_3.55.1_src.tar.bz2) = 67f8d0e11f53fd23207d3cbfc942d03f3e23ee439ee48a14a2143c9950f776a5 >-SIZE (FileZilla_3.55.1_src.tar.bz2) = 4910935 >+TIMESTAMP = 1713539909 >+SHA256 (FileZilla_3.67.0_src.tar.xz) = e5dadc807db999ceb464984f974d3ef59b562c59546658057e9b201183adaf9a >+SIZE (FileZilla_3.67.0_src.tar.xz) = 4058264 >diff --git a/ftp/filezilla/pkg-plist b/ftp/filezilla/pkg-plist >index ecae7232a89e..8f4571784618 100644 >--- a/ftp/filezilla/pkg-plist >+++ b/ftp/filezilla/pkg-plist >@@ -1,9 +1,9 @@ > bin/filezilla > bin/fzputtygen > bin/fzsftp >-lib/libfzclient-commonui-private-3.55.1.so >+lib/libfzclient-commonui-private-3.67.0.so > lib/libfzclient-commonui-private.so >-lib/libfzclient-private-3.55.1.so >+lib/libfzclient-private-3.67.0.so > lib/libfzclient-private.so > share/man/man1/filezilla.1.gz > share/man/man1/fzputtygen.1.gz >@@ -684,8 +684,6 @@ share/applications/filezilla.desktop > %%DATADIR%%/resources/tango/48x48/upload.png > %%DATADIR%%/resources/tango/48x48/uploadadd.png > %%DATADIR%%/resources/tango/theme.xml >-%%DATADIR%%/resources/xrc/dialogs.xrc >-%%DATADIR%%/resources/xrc/netconfwizard.xrc > share/icons/hicolor/16x16/apps/filezilla.png > share/icons/hicolor/32x32/apps/filezilla.png > share/icons/hicolor/480x480/apps/filezilla.png >@@ -703,6 +701,7 @@ share/icons/hicolor/scalable/apps/filezilla.svg > %%NLS%%share/locale/da/LC_MESSAGES/filezilla.mo > %%NLS%%share/locale/de/LC_MESSAGES/filezilla.mo > %%NLS%%share/locale/el/LC_MESSAGES/filezilla.mo >+%%NLS%%share/locale/en/LC_MESSAGES/filezilla.mo > %%NLS%%share/locale/es/LC_MESSAGES/filezilla.mo > %%NLS%%share/locale/et/LC_MESSAGES/filezilla.mo > %%NLS%%share/locale/eu/LC_MESSAGES/filezilla.mo >-- >2.44.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=250092">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 278463
:
250088
|
250089
|
250091
| 250092