Bug 201224

Summary: net-p2p/bitcoin: Update to 0.10.2 (fixes security vulnerability)
Product: Ports & Packages Reporter: s7r
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Many People CC: feld, ports-secteam, robbak, robbak
Priority: --- Keywords: patch, patch-ready, security
Version: LatestFlags: robbak: maintainer-feedback+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch to update to 0.10.2
robbak: maintainer-approval+
Poudriere logs for build of -daemon in 8.4-i386 jail
none
Poudriere logs for build of net-p2p/bitcoin in 8.4-i386 jail
none
Poudriere logs for build of -daemon in 10.1-amd64 jail
none
Poudriere logs for build of -utils in 9.3 amd64 jail none

Description s7r 2015-06-30 16:53:30 UTC 
net-p2p/bitcoin is still at 0.10.1

0.10.2 was released which fixes an important DoS vulnerability on nodes. Thanks.
Comment 1 robbak 2015-07-05 01:41:11 UTC 
Created attachment 158359 [details]
Patch to update to 0.10.2

This patch updates the port to 0.10.2. It also adds a shebangfix to some testing python files, reorders the configure args, and adds a comment, to make testing easier.
Comment 2 robbak 2015-07-05 01:42:15 UTC 
Update patch applied. Thanks to all for the reports.
Comment 3 robbak 2015-07-05 01:44:26 UTC 
Created attachment 158360 [details]
Poudriere logs for build of -daemon in 8.4-i386 jail
Comment 4 robbak 2015-07-05 01:45:13 UTC 
Created attachment 158361 [details]
Poudriere logs for build of net-p2p/bitcoin in 8.4-i386 jail
Comment 5 robbak 2015-07-05 01:46:14 UTC 
Created attachment 158362 [details]
Poudriere logs for build of -daemon in 10.1-amd64 jail
Comment 6 robbak 2015-07-05 01:47:02 UTC 
Created attachment 158363 [details]
Poudriere logs for build of -utils in 9.3 amd64 jail
Comment 7 Mark Felder freebsd_committer freebsd_triage 2015-07-06 02:48:39 UTC 
I'll take this
Comment 8 commit-hook freebsd_committer freebsd_triage 2015-07-06 03:09:42 UTC 
A commit references this bug:

Author: feld
Date: Mon Jul  6 03:09:37 UTC 2015
New revision: 391383
URL: https://svnweb.freebsd.org/changeset/ports/391383

Log:
  Update to 0.10.2
  Resolves CVE-2015-3641

  https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

  PR:		201224
  Approved by:	maintainer

Changes:
  head/net-p2p/bitcoin/Makefile
  head/net-p2p/bitcoin/distinfo
Comment 9 commit-hook freebsd_committer freebsd_triage 2015-07-06 03:11:44 UTC 
A commit references this bug:

Author: feld
Date: Mon Jul  6 03:10:53 UTC 2015
New revision: 391384
URL: https://svnweb.freebsd.org/changeset/ports/391384

Log:
  MFH: r391383

  Update to 0.10.2
  Resolves CVE-2015-3641

  https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

  PR:		201224
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2015Q3/
  branches/2015Q3/net-p2p/bitcoin/Makefile
  branches/2015Q3/net-p2p/bitcoin/distinfo
Comment 10 Mark Felder freebsd_committer freebsd_triage 2015-07-06 03:22:24 UTC 
Committed, thanks