From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Jan 21 19:43:03 2015 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8CC5AEFB for ; Wed, 21 Jan 2015 19:43:03 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 72D6C333 for ; Wed, 21 Jan 2015 19:43:03 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t0LJh3Sp092436 for ; Wed, 21 Jan 2015 19:43:03 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 196351] net/libutp: backport fix for transmission crash (likely CVE-2012-6129) Date: Wed, 21 Jan 2015 19:43:03 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: needs-qa, patch, regression, security X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: mi@ALDAN.algebra.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2015 19:43:03 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196351 --- Comment #11 from Mikhail T. --- Comment on attachment 151065 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=151065 files/patch-CVE-2012-6129 Jan, comparing third-party/libutp, that's bundled with Transmission against our bittorrent-libutp-7c4f19a, I get exactly the same changes as above EXCEPT for the following: --- bittorrent-libutp-7c4f19a/utp_utils.cpp 2013-05-14 19:05:36.000000000 -0400 +++ libutp/utp_utils.cpp 2014-07-01 13:10:47.850913000 -0400 ... -#define UDP_TEREDO_MTU (TEREDO_MTU - IPV6_HEADER_SIZE - UDP_HEADER_SIZE) +#define UDP_TEREDO_MTU (TEREDO_MTU - UDP_HEADER_SIZE) It would seem to me, if we are bringing our libutp in line with what its main (sole?) user expects, we should include all changes. Did you omit the change to utp_utils.cpp on purpose? Thank you! -- You are receiving this mail because: You are the assignee for the bug.