Bug 198875 - [exp-run][security/gnutls][security] CVE-2015-0294
Summary: [exp-run][security/gnutls][security] CVE-2015-0294
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Xin LI
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-24 17:46 UTC by Sevan Janiyan
Modified: 2015-05-28 19:11 UTC (History)
3 users (show)

See Also:
bdrewery: maintainer-feedback+
bdrewery: exp-run?

Attachments
Proposed patch (18.82 KB, patch)
2015-05-21 18:15 UTC, Xin LI 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Bryan Drewery freebsd_committer freebsd_triage 2015-03-24 18:19:15 UTC 
Thanks. I wonder why they have not published it here http://www.gnutls.org/security.html
Comment 2 Bryan Drewery freebsd_committer freebsd_triage 2015-03-24 18:21:13 UTC 
We do have the latest 3.2.x version of 3.2.21 as well. We need to do an exp-run to update to 3.3.x (which is separate from this PR).
Comment 3 Xin LI freebsd_committer freebsd_triage 2015-05-21 00:11:20 UTC 
Ping?

(BTW I have noticed that this port is built with zlib by default, which we could have good reasons not to enable by default...)
Comment 4 Bryan Drewery freebsd_committer freebsd_triage 2015-05-21 01:05:53 UTC 
I'm not sure what needs to happen here for the current 3.2.x version. I haven't done any work to update it to 3.3.x. If disabling ZLIB is sufficient please just do it.
Comment 5 Xin LI freebsd_committer freebsd_triage 2015-05-21 18:15:35 UTC 
Created attachment 157016 [details]
Proposed patch
Comment 6 Xin LI freebsd_committer freebsd_triage 2015-05-21 18:17:12 UTC 
(In reply to Bryan Drewery from comment #4)
Well, no.  The ZLIB part is purely unrelated and we can probably defer it.

I've created a patch for purpose of exp-run.  My impression is that gnutls is quite buggy but looks like there are about 1500 ports depending on it (!).
Comment 7 Bryan Drewery freebsd_committer freebsd_triage 2015-05-21 18:30:49 UTC 
Please exp-run patch in comment #5
Comment 8 Antoine Brodin freebsd_committer freebsd_triage 2015-05-21 20:44:45 UTC 
Take for exp-run
Comment 10 Bryan Drewery freebsd_committer freebsd_triage 2015-05-22 15:14:53 UTC 
Please commit. I have no strong maintainership on this really. Anyone may update it within reason.
Comment 11 commit-hook freebsd_committer freebsd_triage 2015-05-22 15:46:18 UTC 
A commit references this bug:

Author: delphij
Date: Fri May 22 15:46:10 UTC 2015
New revision: 387029
URL: https://svnweb.freebsd.org/changeset/ports/387029

Log:
  Update to 3.3.15.

  PR:		198875
  Approved by:	maintainer

Changes:
  head/security/gnutls/Makefile
  head/security/gnutls/distinfo
  head/security/gnutls/pkg-plist
Comment 12 commit-hook freebsd_committer freebsd_triage 2015-05-22 15:55:20 UTC 
A commit references this bug:

Author: delphij
Date: Fri May 22 15:54:57 UTC 2015
New revision: 387030
URL: https://svnweb.freebsd.org/changeset/ports/387030

Log:
  MFH: r387029

  Update to 3.3.15.

  PR:		198875
  Approved by:	ports-secteam@ (self)

Changes:
_U  branches/2015Q2/
  branches/2015Q2/security/gnutls/Makefile
  branches/2015Q2/security/gnutls/distinfo
  branches/2015Q2/security/gnutls/pkg-plist
Comment 13 Xin LI freebsd_committer freebsd_triage 2015-05-28 19:11:49 UTC 
Fix already committed.