Bug 171080

Summary: DOS vulnerability in net-p2p/bitcoin and bitcoind - CVE-2012-2459
Product: Ports & Packages Reporter: Peter Zuidema <peter>
Component: Individual Port(s)Assignee: Steve Wills <swills>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Peter Zuidema 2012-08-26 12:40:02 UTC 
As copied from the CVE entry - 
---
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
Comment 1 Steve Wills freebsd_committer freebsd_triage 2012-08-29 20:45:56 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->swills

I'll take it.
Comment 2 dfilter service freebsd_committer freebsd_triage 2012-09-02 03:52:10 UTC 
Author: swills
Date: Sun Sep  2 02:51:56 2012
New Revision: 303526
URL: http://svn.freebsd.org/changeset/ports/303526

Log:
  - Update to 0.6.3
  
  PR:		ports/171080
  Security:	b50913ce-f4a7-11e1-b135-003067b2972c

Added:
  head/net-p2p/bitcoin/files/
  head/net-p2p/bitcoin/files/patch-transactiondesc.cpp   (contents, props changed)
Modified:
  head/net-p2p/bitcoin/Makefile   (contents, props changed)
  head/net-p2p/bitcoin/distinfo   (contents, props changed)

Modified: head/net-p2p/bitcoin/Makefile
==============================================================================
--- head/net-p2p/bitcoin/Makefile	Sun Sep  2 00:35:37 2012	(r303525)
+++ head/net-p2p/bitcoin/Makefile	Sun Sep  2 02:51:56 2012	(r303526)
@@ -6,77 +6,68 @@
 #
 
 PORTNAME=	bitcoin
-PORTVERSION=	0.4.0
-PORTREVISION=	1
+PORTVERSION=	0.6.3
 CATEGORIES=	net-p2p finance
-MASTER_SITES=	https://nodeload.github.com/${PORTNAME}/${PORTNAME}/tarball/	\
-		http://mirror.inerd.com/FreeBSD/distfiles/${PORTNAME}/
-DISTFILES=	v${PORTVERSION}
 
 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	Virtual Peer-to-Peer Currency Client
 
-BUILD_DEPENDS=	${LOCALBASE}/include/boost/graph/parallel/algorithm.hpp:${PORTSDIR}/devel/boost-libs # 1.40+
-LIB_DEPENDS=	boost_date_time.4:${PORTSDIR}/devel/boost-libs
+LIB_DEPENDS=	boost_date_time:${PORTSDIR}/devel/boost-libs
 
-OPTIONS=	GUI  "Build with wxWidgets GUI" on	\
-		UPNP "Build with UPNP support"  off
+OPTIONS=	GUI  "Build with QT3 GUI" on	\
+		UPNP "Build with UPNP support"  off \
+		QRCODES "Build with QR code display" on
+
+USE_GITHUB=     yes
+GH_ACCOUNT=     bitcoin
+GH_PROJECT=	bitcoin
+GH_COMMIT=      6e0c5e3
 
 USE_GMAKE=	yes
 USE_OPENSSL=	yes
 USE_BDB=	yes
-WANT_BDB_VER=	47	# 4.8 doesn't work
+WANT_BDB_VER=	47
 
 CXXFLAGS+=	-I${LOCALBASE}/include -I${BDB_INCLUDE_DIR}
 CXXFLAGS+=	-L${LOCALBASE}/lib -L${BDB_LIB_DIR}
 CXXFLAGS+=	-Wno-invalid-offsetof
 
-WRKSRC=		${WRKDIR}/bitcoin-bitcoin-72274ed/src
-
-DIST_SUBDIR=	${PORTNAME}
-
-LOCALES=	cs de eo es fr it lt nl pt ro ru sv zh_cn
-
 .include <bsd.port.options.mk>
 
 .if defined(WITH_GUI) && !defined(WITHOUT_X11)
-USE_GNOME=	gtk20
-
-#USE_WX=		2.9+
-
-BUILD_DEPENDS+=	${LOCALBASE}/include/wx-2.9/wx/aboutdlg.h:${PORTSDIR}/x11-toolkits/wxgtk29
-RUN_DEPENDS+=	${LOCALBASE}/include/wx-2.9/wx/aboutdlg.h:${PORTSDIR}/x11-toolkits/wxgtk29
-WX_CONFIG=	${LOCALBASE}/bin/wxgtk2u-2.9-config
-
-BINARY=		bitcoin
-PLIST_FILES=	bin/${BINARY}
+USE_QT_VER=	4
+USE_QT4=	corelib gui qmake_build linguist uic moc rcc
+BINARY=		bitcoin-qt
 .else
-USE_GNOME=	glib20
-
 BINARY=		bitcoind
 ALL_TARGET=	${BINARY}
-PLIST_FILES=	bin/${BINARY}
+MAKE_ARGS+=	-C ${WRKSRC}/src
 .endif
 
-.if defined(WITH_UPNP)
-LIB_DEPENDS+=	miniupnpc:${PORTSDIR}/net/miniupnpc
-MAKE_ENV+=	USE_UPNP=yes
+.if defined(WITH_QRCODES)
+LIB_DEPENDS+=	qrencode:${PORTSDIR}/graphics/libqrencode
+QMAKE_USE_QRCODE=1
+.else
+QMAKE_USE_QRCODE=0
 .endif
 
-.if !defined(WITHOUT_NLS)
-PLIST_FILES+=	${LOCALES:C|^|share/locale/|:C|$|/LC_MESSAGES/bitcoin.mo|}
-PLIST_DIRSTRY+=	${LOCALES:C|^|share/locale/|:C|$|/LC_MESSAGES|}
-PLIST_DIRSTRY+=	${LOCALES:C|^|share/locale/|}
+PLIST_FILES=	bin/${BINARY}
+
+.if defined(WITH_UPNP)
+LIB_DEPENDS+=	miniupnpc:${PORTSDIR}/net/miniupnpc
+QMAKE_USE_UPNP=	1
+.else
+QMAKE_USE_UPNP=	-
 .endif
 
 .include <bsd.port.pre.mk>
 
 post-patch:
-	@${CP} ${WRKSRC}/protocol.h ${WRKSRC}/protocol.h.orig
+	@${CP} ${WRKSRC}/src/protocol.h ${WRKSRC}/src/protocol.h.orig
 	@${AWK} 'BEGIN { f = 0 } { if ( $$0 ~ /^#include/ && f == 0 ) { f = 1; print "#include <sys/socket.h>"; print "#include <netinet/in.h>" }; print }' \
-		${WRKSRC}/protocol.h.orig > ${WRKSRC}/protocol.h
+		${WRKSRC}/src/protocol.h.orig > ${WRKSRC}/src/protocol.h
 
-	@cd ${WRKSRC} && ${CP} -p makefile.unix Makefile
+	@cd ${WRKSRC}/src && ${CP} -p makefile.unix Makefile
 	@${REINPLACE_CMD} \
 		-e 's|wx-config|${WX_CONFIG}|g' \
 		-e 's|^CXXFLAGS=.*$$|CXXFLAGS += $$(DEFS)|' \
@@ -84,18 +75,22 @@ post-patch:
 		-e 's|-l pthread|${PTHREAD_LIBS}|g' \
 		-e 's:-O3::' -e 's:-\(march=[A-Za-z0-9]*\)::g' \
 		-e 's:-l dl::' \
-		${WRKSRC}/Makefile
+		${WRKSRC}/src/Makefile
+
+do-configure:
+.if defined(WITH_GUI) && !defined(WITHOUT_X11)
+	cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} \
+		${QMAKE} USE_UPNP=${QMAKE_USE_UPNP} USE_QRCODE=${QMAKE_USE_QRCODE} \
+		QMAKE_LRELEASE=lrelease-qt4 PREFIX=${PREFIX} INCLUDEPATH=${BDB_INCLUDE_DIR} \
+		QMAKE_LIBDIR+=${BDB_LIB_DIR} bitcoin-qt.pro
+.endif
 
 do-install:
 	@${MKDIR} ${PREFIX}/bin
+.if defined(WITH_GUI) && !defined(WITHOUT_X11)
 	${INSTALL_PROGRAM} ${WRKSRC}/${BINARY} ${PREFIX}/bin/
-
-.if !defined(WITHOUT_NLS)
-.  for lo in ${LOCALES}
-	@${MKDIR} ${PREFIX}/share/locale/${lo}/LC_MESSAGES
-	${INSTALL_DATA} ${WRKSRC}/../locale/${lo}/LC_MESSAGES/bitcoin.mo \
-		${PREFIX}/share/locale/${lo}/LC_MESSAGES/
-.  endfor
+.else
+	${INSTALL_PROGRAM} ${WRKSRC}/src/${BINARY} ${PREFIX}/bin/
 .endif
 
 .include <bsd.port.post.mk>

Modified: head/net-p2p/bitcoin/distinfo
==============================================================================
--- head/net-p2p/bitcoin/distinfo	Sun Sep  2 00:35:37 2012	(r303525)
+++ head/net-p2p/bitcoin/distinfo	Sun Sep  2 02:51:56 2012	(r303526)
@@ -1,2 +1,2 @@
-SHA256 (bitcoin/v0.4.0) = 4feb67c2191ae3c7ebfbcd2fbc98bfdb01242a63f9d9158f5a75482542f02d11
-SIZE (bitcoin/v0.4.0) = 896167
+SHA256 (bitcoin-0.6.3.tar.gz) = b4d538bdfd0c11dd0d12896ad444bcdc04cfc98b55deca73ed951ecef03363a6
+SIZE (bitcoin-0.6.3.tar.gz) = 1362075

Added: head/net-p2p/bitcoin/files/patch-transactiondesc.cpp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net-p2p/bitcoin/files/patch-transactiondesc.cpp	Sun Sep  2 02:51:56 2012	(r303526)
@@ -0,0 +1,10 @@
+--- src/qt/transaction.cpp.orig	2012-09-01 03:08:26.000000000 +0000
++++ src/qt/transactiondesc.cpp	2012-09-01 03:08:38.000000000 +0000
+@@ -7,6 +7,7 @@
+ #include "wallet.h"
+ #include "db.h"
+ #include "ui_interface.h"
++#include "walletdb.h"
+ 
+ #include <QString>
+ 
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 3 Steve Wills freebsd_committer freebsd_triage 2012-09-02 03:58:47 UTC 
State Changed
From-To: open->closed

Port updated and vuxml entry added, thanks for the heads up.