Bug 198875

Summary:

[exp-run][security/gnutls][security] CVE-2015-0294

Product:

Ports & Packages

Reporter:

Sevan Janiyan <venture37>

Component:

Individual Port(s)

Assignee:

Xin LI <delphij>

Status:

Closed FIXED

Severity:

Affects Many People

CC:

bdrewery, delphij, portmgr

Priority:

---

Flags:

bdrewery: maintainer-feedback+
bdrewery: exp-run?

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Proposed patch	none

Description Sevan Janiyan 2015-03-24 17:46:45 UTC

https://bugzilla.redhat.com/show_bug.cgi?id=1196323

Comment 1 Bryan Drewery freebsd_committer

2015-03-24 18:19:15 UTC

Thanks. I wonder why they have not published it here http://www.gnutls.org/security.html

Comment 2 Bryan Drewery freebsd_committer

2015-03-24 18:21:13 UTC

We do have the latest 3.2.x version of 3.2.21 as well. We need to do an exp-run to update to 3.3.x (which is separate from this PR).

Comment 3 Xin LI freebsd_committer

2015-05-21 00:11:20 UTC

Ping?

(BTW I have noticed that this port is built with zlib by default, which we could have good reasons not to enable by default...)

Comment 4 Bryan Drewery freebsd_committer

2015-05-21 01:05:53 UTC

I'm not sure what needs to happen here for the current 3.2.x version. I haven't done any work to update it to 3.3.x. If disabling ZLIB is sufficient please just do it.

Comment 5 Xin LI freebsd_committer

2015-05-21 18:15:35 UTC

Created attachment 157016 [details]
Proposed patch

Comment 6 Xin LI freebsd_committer

2015-05-21 18:17:12 UTC

(In reply to Bryan Drewery from comment #4)
Well, no.  The ZLIB part is purely unrelated and we can probably defer it.

I've created a patch for purpose of exp-run.  My impression is that gnutls is quite buggy but looks like there are about 1500 ports depending on it (!).

Comment 7 Bryan Drewery freebsd_committer

2015-05-21 18:30:49 UTC

Please exp-run patch in comment #5

Comment 8 Antoine Brodin freebsd_committer

2015-05-21 20:44:45 UTC

Take for exp-run

Comment 9 Antoine Brodin freebsd_committer

2015-05-22 15:13:26 UTC

Exp-run results:

http://package22.nyi.freebsd.org/build.html?mastername=84i386-default-PR198875&build=2015-05-22_05h37m25s
http://package22.nyi.freebsd.org/build.html?mastername=84amd64-default-PR198875&build=2015-05-21_20h48m00s
http://package23.nyi.freebsd.org/build.html?mastername=93i386-default-PR198875&build=2015-05-22_05h37m38s
http://package23.nyi.freebsd.org/build.html?mastername=93amd64-default-PR198875&build=2015-05-21_20h48m05s
http://package18.nyi.freebsd.org/build.html?mastername=101i386-default-PR198875&build=2015-05-22_05h37m47s
http://package18.nyi.freebsd.org/build.html?mastername=101amd64-default-PR198875&build=2015-05-21_20h48m08s

I see no failure related to gnutls.

Comment 10 Bryan Drewery freebsd_committer

2015-05-22 15:14:53 UTC

Please commit. I have no strong maintainership on this really. Anyone may update it within reason.

Comment 11 commit-hook freebsd_committer

2015-05-22 15:46:18 UTC

A commit references this bug:

Author: delphij
Date: Fri May 22 15:46:10 UTC 2015
New revision: 387029
URL: https://svnweb.freebsd.org/changeset/ports/387029

Log:
  Update to 3.3.15.

  PR:		198875
  Approved by:	maintainer

Changes:
  head/security/gnutls/Makefile
  head/security/gnutls/distinfo
  head/security/gnutls/pkg-plist

Comment 12 commit-hook freebsd_committer

2015-05-22 15:55:20 UTC

A commit references this bug:

Author: delphij
Date: Fri May 22 15:54:57 UTC 2015
New revision: 387030
URL: https://svnweb.freebsd.org/changeset/ports/387030

Log:
  MFH: r387029

  Update to 3.3.15.

  PR:		198875
  Approved by:	ports-secteam@ (self)

Changes:
_U  branches/2015Q2/
  branches/2015Q2/security/gnutls/Makefile
  branches/2015Q2/security/gnutls/distinfo
  branches/2015Q2/security/gnutls/pkg-plist

Comment 13 Xin LI freebsd_committer

2015-05-28 19:11:49 UTC

Fix already committed.