Date: Fri, 07 Mar 2014 12:09:52 +0100 From: Moritz Wilhelmy <mw@barfooze.de> To: FreeBSD-gnats-submit@freebsd.org Cc: wg@FreeBSD.org, novel@FreeBSD.org, shish@FreeBSD.org Subject: ports/187346: switch emacs24 over to gnutls3 Message-ID: <E1WLsf2-000Eof-8t@furnace.wzff.de> Resent-Message-ID: <201403071120.s27BK1ZJ035168@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 187346 >Category: ports >Synopsis: switch emacs24 over to gnutls3 >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Mar 07 11:20:01 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Moritz Wilhelmy >Release: FreeBSD 9.1-RELEASE-p6 amd64 >Organization: >Environment: FreeBSD ports collection as of yesterday >Description: emacs24 still uses gnutls 2.x rather than gnutls 3.x. This is problematic because the 2.x series seems to be no longer maintained by upstream (at least, it isn't listed here: http://gnutls.org/download.html ). Since 3.x is already in the ports repository, emacs should be switched over to use the newer release series of gnutls. Two rather critical vulnerabilities were recently fixed in gnutls: http://gnutls.org/news.html Seeing that security/gnutls was last updated in Feb 2013 and 2.x was last updated in 2012 according to http://www.freshports.org/security/gnutls and the mtime on the distfiles on the gnutls master site, maybe it would be best to remove version 2.x from the ports tree entirely. Therefore I'm putting all the editors/emacs, security/gnutls and security/gnutls3 maintainers into Cc. (Sorry for excessive overzealousness) >How-To-Repeat: Compile emacs with gnutls enabled in "make config", watch it pull in security/gnutls rather than security/gnutls3 >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1WLsf2-000Eof-8t>