Date: Wed, 5 Jun 2013 09:02:47 +0000 (UTC) From: Koop Mast <kwm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r319965 - in head: net-im/telepathy-gabble security/vuxml Message-ID: <201306050902.r5592lpk013334@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kwm Date: Wed Jun 5 09:02:46 2013 New Revision: 319965 URL: http://svnweb.freebsd.org/changeset/ports/319965 Log: Update to 0.16.6. Obtained from: GNOME dev repo Security: CVE-2013-1431 Modified: head/net-im/telepathy-gabble/Makefile head/net-im/telepathy-gabble/distinfo head/security/vuxml/vuln.xml Modified: head/net-im/telepathy-gabble/Makefile ============================================================================== --- head/net-im/telepathy-gabble/Makefile Wed Jun 5 09:02:10 2013 (r319964) +++ head/net-im/telepathy-gabble/Makefile Wed Jun 5 09:02:46 2013 (r319965) @@ -1,16 +1,15 @@ # $FreeBSD$ -# $MCom: ports/net-im/telepathy-gabble/Makefile,v 1.22 2012/08/08 16:56:40 kwm Exp $ +# $MCom: ports/trunk/net-im/telepathy-gabble/Makefile 17271 2013-04-01 15:16:27Z kwm $ PORTNAME= telepathy-gabble -PORTVERSION= 0.16.1 +PORTVERSION= 0.16.6 CATEGORIES= net-im MASTER_SITES= http://telepathy.freedesktop.org/releases/${PORTNAME}/ MAINTAINER= gnome@FreeBSD.org COMMENT= Jabber Connection Manager for Telepathy Framework -BUILD_DEPENDS= xsltproc:${PORTSDIR}/textproc/libxslt \ - telepathy-glib>=0.18.0:${PORTSDIR}/net-im/telepathy-glib \ +BUILD_DEPENDS= telepathy-glib>=0.18.0:${PORTSDIR}/net-im/telepathy-glib \ ${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss LIB_DEPENDS= soup-2.4:${PORTSDIR}/devel/libsoup \ nice:${PORTSDIR}/net-im/libnice \ @@ -20,10 +19,12 @@ LIB_DEPENDS= soup-2.4:${PORTSDIR}/devel/ loudmouth-1:${PORTSDIR}/net-im/loudmouth RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss +PORTSCOUT= limitw:1,even + GNU_CONFIGURE= yes -LDFLAGS+= ${PTHREAD_LIBS} USE_GMAKE= yes -USE_GNOME= gnomehack glib20 +USES= pathfix pkgconfig +USE_GNOME= glib20 libxslt:build USE_SQLITE= yes USE_OPENSSL= yes USE_PYTHON_BUILD= yes Modified: head/net-im/telepathy-gabble/distinfo ============================================================================== --- head/net-im/telepathy-gabble/distinfo Wed Jun 5 09:02:10 2013 (r319964) +++ head/net-im/telepathy-gabble/distinfo Wed Jun 5 09:02:46 2013 (r319965) @@ -1,2 +1,2 @@ -SHA256 (telepathy-gabble-0.16.1.tar.gz) = 77536d0ca6c040f1b1bd46c6f5914d0677a6dc6ecf1e858816c24fcf07e3f310 -SIZE (telepathy-gabble-0.16.1.tar.gz) = 2644994 +SHA256 (telepathy-gabble-0.16.6.tar.gz) = 0a4726241f3e0ef6a42281eca954ff63948c44d2faa264242faa3a92fb02b792 +SIZE (telepathy-gabble-0.16.6.tar.gz) = 2434346 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jun 5 09:02:10 2013 (r319964) +++ head/security/vuxml/vuln.xml Wed Jun 5 09:02:46 2013 (r319965) @@ -51,6 +51,39 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="a3c2dee5-cdb9-11e2-b9ce-080027019be0"> + <topic>telepathy-gabble -- TLS verification bypass</topic> + <affects> + <package> + <name>telepathy-gabble</name> + <range><lt>0.16.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Simon McVittie reports:</p> + <blockquote cite="http://lists.freedesktop.org/archives/telepathy/2013-May/006449.html">; + <p>This release fixes a man-in-the-middle attack.</p> + <p>If you use an unencrypted connection to a "legacy Jabber" + (pre-XMPP) server, this version of Gabble will not connect + until you make one of these configuration changes:</p> + <p>. upgrade the server software to something that supports XMPP 1.0; or</p> + <p>. use an encrypted "old SSL" connection, typically on port 5223 + (old-ssl); or</p> + <p>. turn off "Encryption required (TLS/SSL)" (require-encryption).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-1431</cvename> + <url>http://lists.freedesktop.org/archives/telepathy/2013-May/006449.html</url>; + </references> + <dates> + <discovery>2013-05-27</discovery> + <entry>2013-06-05</entry> + </dates> + </vuln> + <vuln vid="4865d189-cd62-11e2-ae11-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306050902.r5592lpk013334>