Date: Tue, 13 Nov 2012 19:49:16 +0000 (UTC) From: Beat Gaetzi <beat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r307391 - in branches/RELENG_9_1_0: irc/weechat irc/weechat-devel security/vuxml Message-ID: <201211131949.qADJnGi7009275@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: beat Date: Tue Nov 13 19:49:16 2012 New Revision: 307391 URL: http://svnweb.freebsd.org/changeset/ports/307391 Log: MFH r307263 by eadler: Apply an upstream patch that fixes a security hole when receiving a special colored message. The maintainer was contacted but due to the nature of the issue apply the patch ASAP. Approved by: secteam-ports (swills) Security: e02c572f-2af0-11e2-bb44-003067b2972c MFH r307275 by jase: - Update to 0.3.9.1 Changes: http://www.weechat.org/files/changelog/ChangeLog-0.3.9.1.html MFH r307276 by jase: - Remove extraneous patch MFH r307279 by jase: - Update to 20121110 - Remove extraneous patch MFH r307387 by jase: - Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c) - Document assigned CVE Identifier - Document workaround for vulnerable versions Feature safe: yes Modified: branches/RELENG_9_1_0/irc/weechat-devel/Makefile branches/RELENG_9_1_0/irc/weechat-devel/distinfo branches/RELENG_9_1_0/irc/weechat/Makefile branches/RELENG_9_1_0/irc/weechat/distinfo branches/RELENG_9_1_0/security/vuxml/vuln.xml Directory Properties: branches/RELENG_9_1_0/ (props changed) Modified: branches/RELENG_9_1_0/irc/weechat-devel/Makefile ============================================================================== --- branches/RELENG_9_1_0/irc/weechat-devel/Makefile Tue Nov 13 19:41:12 2012 (r307390) +++ branches/RELENG_9_1_0/irc/weechat-devel/Makefile Tue Nov 13 19:49:16 2012 (r307391) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= weechat -PORTVERSION= 20121103 +PORTVERSION= 20121110 CATEGORIES= irc MASTER_SITES= http://perturb.me.uk/distfiles/ \ ${MASTER_SITE_LOCAL} @@ -26,7 +26,7 @@ WANT_PERL= yes LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl \ gcrypt:${PORTSDIR}/security/libgcrypt -GITREV= c848cb4 +GITREV= 7cd376b WRKSRC= ${WRKDIR}/${PORTNAME}-${GITREV} # Please note: the DEBUG option is *NOT* empty, it is utilised by Modified: branches/RELENG_9_1_0/irc/weechat-devel/distinfo ============================================================================== --- branches/RELENG_9_1_0/irc/weechat-devel/distinfo Tue Nov 13 19:41:12 2012 (r307390) +++ branches/RELENG_9_1_0/irc/weechat-devel/distinfo Tue Nov 13 19:49:16 2012 (r307391) @@ -1,2 +1,2 @@ -SHA256 (weechat-devel-c848cb4.tar.gz) = 0addead395d9eaeafa782996ccc447dafa3b5138d3e21285b602abf37c614655 -SIZE (weechat-devel-c848cb4.tar.gz) = 2511229 +SHA256 (weechat-devel-7cd376b.tar.gz) = dd10c1ab81051ec3476ad95a12c4c70cd8161a5f0dbcc7f0659e3d2602a79ef2 +SIZE (weechat-devel-7cd376b.tar.gz) = 2517031 Modified: branches/RELENG_9_1_0/irc/weechat/Makefile ============================================================================== --- branches/RELENG_9_1_0/irc/weechat/Makefile Tue Nov 13 19:41:12 2012 (r307390) +++ branches/RELENG_9_1_0/irc/weechat/Makefile Tue Nov 13 19:49:16 2012 (r307391) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= weechat -PORTVERSION= 0.3.9 +PORTVERSION= 0.3.9.1 CATEGORIES= irc MASTER_SITES= http://weechat.org/files/src/ Modified: branches/RELENG_9_1_0/irc/weechat/distinfo ============================================================================== --- branches/RELENG_9_1_0/irc/weechat/distinfo Tue Nov 13 19:41:12 2012 (r307390) +++ branches/RELENG_9_1_0/irc/weechat/distinfo Tue Nov 13 19:49:16 2012 (r307391) @@ -1,2 +1,2 @@ -SHA256 (weechat-0.3.9.tar.gz) = 8666c788cbb212036197365df3ba3cf964a23e4f644d76ea51d66dbe3be593bb -SIZE (weechat-0.3.9.tar.gz) = 3761786 +SHA256 (weechat-0.3.9.1.tar.gz) = 9a6ad4aacbda9c5524dc519cc8782621d59ba1bf0556e64f5ae4f9102f28b29d +SIZE (weechat-0.3.9.1.tar.gz) = 3756617 Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml ============================================================================== --- branches/RELENG_9_1_0/security/vuxml/vuln.xml Tue Nov 13 19:41:12 2012 (r307390) +++ branches/RELENG_9_1_0/security/vuxml/vuln.xml Tue Nov 13 19:49:16 2012 (r307391) @@ -134,10 +134,13 @@ Note: Please add new entries to the beg <blockquote cite="https://savannah.nongnu.org/bugs/?37704">; <p>A buffer overflow is causing a crash or freeze of WeeChat when decoding IRC colors in strings.</p> + <p>Workaround for a non-patched version: + /set irc.network.colors_receive off</p> </blockquote> </body> </description> <references> + <cvename>CVE-2012-5854</cvename> <freebsdpr>ports/173513</freebsdpr> <url>http://weechat.org/security/</url>; <url>https://savannah.nongnu.org/bugs/?37704</url>; @@ -145,7 +148,7 @@ Note: Please add new entries to the beg <dates> <discovery>2012-11-09</discovery> <entry>2012-11-10</entry> - <modified>2012-11-10</modified> + <modified>2012-11-13</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211131949.qADJnGi7009275>