From owner-svn-ports-head@FreeBSD.ORG Thu Jan 22 17:31:50 2015 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EADC9A6D; Thu, 22 Jan 2015 17:31:49 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D64BF95E; Thu, 22 Jan 2015 17:31:49 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t0MHVnAZ006194; Thu, 22 Jan 2015 17:31:49 GMT (envelope-from mi@FreeBSD.org) Received: (from mi@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t0MHVmDw005908; Thu, 22 Jan 2015 17:31:48 GMT (envelope-from mi@FreeBSD.org) Message-Id: <201501221731.t0MHVmDw005908@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: mi set sender to mi@FreeBSD.org using -f From: Mikhail Teterin Date: Thu, 22 Jan 2015 17:31:48 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r377674 - in head/net/libutp: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jan 2015 17:31:50 -0000 Author: mi Date: Thu Jan 22 17:31:47 2015 New Revision: 377674 URL: https://svnweb.freebsd.org/changeset/ports/377674 QAT: https://qat.redports.org/buildarchive/r377674/ Log: Add a patch fixing a long-standing security problem. Bump PORTREVISION. PR: 196351 Differential Revision: D1593 Submitted by: Jan Beich Security: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6129 While here, arrange for building a few of the small utilities bundled with library, and install them along with another potentially useful header-file. Sponsored by: http://libpipe.com/ Added: head/net/libutp/files/BSDmakefile.utils (contents, props changed) head/net/libutp/files/patch-CVE-2012-6129 (contents, props changed) Modified: head/net/libutp/Makefile head/net/libutp/files/BSDmakefile head/net/libutp/pkg-descr head/net/libutp/pkg-plist Modified: head/net/libutp/Makefile ============================================================================== --- head/net/libutp/Makefile Thu Jan 22 17:28:10 2015 (r377673) +++ head/net/libutp/Makefile Thu Jan 22 17:31:47 2015 (r377674) @@ -3,10 +3,11 @@ PORTNAME= bittorrent-libutp PORTVERSION= 0.20130514 +PORTREVISION= 1 CATEGORIES= net devel MAINTAINER= mi@aldan.algebra.com -COMMENT= The uTorrent Transport Protocol library +COMMENT= The uTorrent Transport Protocol library and sample utilities LICENSE= MIT @@ -23,4 +24,16 @@ USE_LDCONFIG= yes pre-install: @${MKDIR} ${STAGEDIR}${PREFIX}/include/libutp +post-build: + ${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_file PROG_CXX=utp_send + ${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_file PROG_CXX=utp_recv + ${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_test PROG_CXX=utp_test + +post-install: + ${INSTALL_PROGRAM} \ + ${WRKSRC}/utp_file/utp_send \ + ${WRKSRC}/utp_file/utp_recv \ + ${WRKSRC}/utp_test/utp_test \ + ${STAGEDIR}${PREFIX}/bin/ + .include Modified: head/net/libutp/files/BSDmakefile ============================================================================== --- head/net/libutp/files/BSDmakefile Thu Jan 22 17:28:10 2015 (r377673) +++ head/net/libutp/files/BSDmakefile Thu Jan 22 17:31:47 2015 (r377674) @@ -9,6 +9,8 @@ CXXFLAGS+= -Wall INCLUDEDIR= ${PREFIX}/include/libutp LIBDIR= ${PREFIX}/lib -INCS= utp.h utp_utils.h utypes.h +INCS= utp.h utp_utils.h utypes.h utp_file/udp.h + +WARNS= 5 .include Added: head/net/libutp/files/BSDmakefile.utils ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/libutp/files/BSDmakefile.utils Thu Jan 22 17:31:47 2015 (r377674) @@ -0,0 +1,10 @@ +# PROG_CXX defined on command-line + +SRCS= ${PROG_CXX}.cpp +NO_MAN= ha-ha +LDADD= -L.. -lutp +CXXFLAGS+= -I.. -DPOSIX + +WARNS= 3 + +.include Added: head/net/libutp/files/patch-CVE-2012-6129 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/libutp/files/patch-CVE-2012-6129 Thu Jan 22 17:31:47 2015 (r377674) @@ -0,0 +1,52 @@ +Index: utp.cpp +=================================================================== +--- utp.cpp (revision 13645) ++++ utp.cpp (revision 13646) +@@ -1487,6 +1487,8 @@ size_t UTPSocket::selective_ack_bytes(uint base, c + return acked_bytes; + } + ++enum { MAX_EACK = 128 }; ++ + void UTPSocket::selective_ack(uint base, const byte *mask, byte len) + { + if (cur_window_packets == 0) return; +@@ -1499,7 +1501,7 @@ void UTPSocket::selective_ack(uint base, const byt + // resends is a stack of sequence numbers we need to resend. Since we + // iterate in reverse over the acked packets, at the end, the top packets + // are the ones we want to resend +- int resends[32]; ++ int resends[MAX_EACK]; + int nr = 0; + + LOG_UTPV("0x%08x: Got EACK [%032b] base:%u", this, *(uint32*)mask, base); +@@ -1572,6 +1574,12 @@ void UTPSocket::selective_ack(uint base, const byt + if (((v - fast_resend_seq_nr) & ACK_NR_MASK) <= OUTGOING_BUFFER_MAX_SIZE && + count >= DUPLICATE_ACKS_BEFORE_RESEND && + duplicate_ack < DUPLICATE_ACKS_BEFORE_RESEND) { ++ // resends is a stack, and we're mostly interested in the top of it ++ // if we're full, just throw away the lower half ++ if (nr >= MAX_EACK - 2) { ++ memmove(resends, &resends[MAX_EACK/2], MAX_EACK/2 * sizeof(resends[0])); ++ nr -= MAX_EACK / 2; ++ } + resends[nr++] = v; + LOG_UTPV("0x%08x: no ack for %u", this, v); + } else { +@@ -1580,13 +1588,12 @@ void UTPSocket::selective_ack(uint base, const byt + } + } while (--bits >= -1); + +- if (((base - 1 - fast_resend_seq_nr) & ACK_NR_MASK) < 256 && +- count >= DUPLICATE_ACKS_BEFORE_RESEND && +- duplicate_ack < DUPLICATE_ACKS_BEFORE_RESEND) { ++ if (((base - 1 - fast_resend_seq_nr) & ACK_NR_MASK) <= OUTGOING_BUFFER_MAX_SIZE && ++ count >= DUPLICATE_ACKS_BEFORE_RESEND) { + // if we get enough duplicate acks to start + // resending, the first packet we should resend + // is base-1 +- resends[nr++] = base - 1; ++ resends[nr++] = (base - 1) & ACK_NR_MASK; + } else { + LOG_UTPV("0x%08x: not resending %u count:%d dup_ack:%u fast_resend_seq_nr:%u", + this, base - 1, count, duplicate_ack, fast_resend_seq_nr); Modified: head/net/libutp/pkg-descr ============================================================================== --- head/net/libutp/pkg-descr Thu Jan 22 17:28:10 2015 (r377673) +++ head/net/libutp/pkg-descr Thu Jan 22 17:31:47 2015 (r377674) @@ -9,4 +9,4 @@ transport for uTorrent peer-to-peer conn uTP is written in C++, but the external interface is strictly C (ANSI C89). -WWW: https://github.com/bittorrent/libutp +WWW: https://github.com/bittorrent/libutp Modified: head/net/libutp/pkg-plist ============================================================================== --- head/net/libutp/pkg-plist Thu Jan 22 17:28:10 2015 (r377673) +++ head/net/libutp/pkg-plist Thu Jan 22 17:31:47 2015 (r377674) @@ -1,6 +1,10 @@ +bin/utp_send +bin/utp_recv +bin/utp_test lib/libutp.so.0 lib/libutp.so lib/libutp.a +include/libutp/udp.h include/libutp/utp.h include/libutp/utp_utils.h include/libutp/utypes.h