Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Mar 2012 15:33:54 -0400
From:      Jason Hellenthal <jhellenthal@dataix.net>
To:        Kevin Oberman <kob6558@gmail.com>
Cc:        ports@freebsd.org, novel@freebsd.org
Subject:   Re: security/gnutls update when...
Message-ID:  <20120324193354.GB30901@DataIX.net>
In-Reply-To: <CAN6yY1sZRYYB0ZGCp7J6yJUMyXtmjsNKnNPYn9O2_XorMRi3cQ@mail.gmail.com>
References:  <20120324172937.GA43822@DataIX.net> <CAN6yY1sZRYYB0ZGCp7J6yJUMyXtmjsNKnNPYn9O2_XorMRi3cQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Sat, Mar 24, 2012 at 10:54:32AM -0700, Kevin Oberman wrote:
> On Sat, Mar 24, 2012 at 10:29 AM, Jason Hellenthal
> <jhellenthal@dataix.net> wrote:
> >
> > Apparently this port has fell two versions behind. Is there anything
> > that is going to happen to update it to the current stable version ?
> >
> >
> > These advisories have been out for a week now. And the current version
> > is 2.12.18.
> >
> >
> > Database created: Sat Mar 24 13:15:03 EDT 2012
> > Affected package: gnutls-2.12.16
> > Type of problem: libtasn1 -- ASN.1 length decoding vulnerability.
> > Reference:
> > http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html
> >
> > Affected package: gnutls-2.12.16
> > Type of problem: gnutls -- possible overflow/Denial of service
> > vulnerabilities.
> > Reference:
> > http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html
> >
> > 2 problem(s) in your installed packages found.
> >
> >
> >
> > --
> > ;s =;
> 
> Note that one of these problems is with libtasn1 and is not a gnutls
> problems at all. So updating libtasn1actually fixes this one, although
> the other does require an update to a version of gnutls that has yet
> to be ported.

Only if it was installed or implied...

.if (defined(WITH_LIBTASN1) || exists(${LOCALBASE}/lib/libtasn1.so.4))
&& !defined(WITHOUT_LIBTASN1)
LIB_DEPENDS+=   tasn1.4:${PORTSDIR}/security/libtasn1
.else
CONFIGURE_ARGS+=        --with-included-libtasn1
.endif

-- 
;s =;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120324193354.GB30901>