From owner-svn-ports-head@FreeBSD.ORG Wed Jun 4 18:51:20 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C2C7F731; Wed, 4 Jun 2014 18:51:20 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B11C023C1; Wed, 4 Jun 2014 18:51:20 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s54IpKUZ054072; Wed, 4 Jun 2014 18:51:20 GMT (envelope-from cy@svn.freebsd.org) Received: (from cy@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s54IpKg0054063; Wed, 4 Jun 2014 18:51:20 GMT (envelope-from cy@svn.freebsd.org) Message-Id: <201406041851.s54IpKg0054063@svn.freebsd.org> From: Cy Schubert Date: Wed, 4 Jun 2014 18:51:20 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r356535 - in head/security/gnutls: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 18:51:20 -0000 Author: cy Date: Wed Jun 4 18:51:20 2014 New Revision: 356535 URL: http://svnweb.freebsd.org/changeset/ports/356535 QAT: https://qat.redports.org/buildarchive/r356535/ Log: Patch CVE-2014-3466 to prevent memory corruption due to server hello parsing. Obtained from: https://gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd Security: CVE-2014-3466, 9733c480-ebff-11e3-970b-206a8a720317 Added: head/security/gnutls/files/patch-lib-gnutls_handshake.c (contents, props changed) Modified: head/security/gnutls/Makefile Modified: head/security/gnutls/Makefile ============================================================================== --- head/security/gnutls/Makefile Wed Jun 4 18:50:52 2014 (r356534) +++ head/security/gnutls/Makefile Wed Jun 4 18:51:20 2014 (r356535) @@ -3,7 +3,7 @@ PORTNAME= gnutls PORTVERSION= 2.12.23 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security net MASTER_SITES= \ ftp://ftp.gnutls.org/gcrypt/gnutls/v${PORTVERSION:C/.[0-9]+$//}/ \ Added: head/security/gnutls/files/patch-lib-gnutls_handshake.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gnutls/files/patch-lib-gnutls_handshake.c Wed Jun 4 18:51:20 2014 (r356535) @@ -0,0 +1,11 @@ +--- lib/gnutls_handshake.c.orig 2012-11-03 06:03:47.000000000 -0700 ++++ lib/gnutls_handshake.c 2014-06-04 07:55:49.138570114 -0700 +@@ -1797,7 +1797,7 @@ + DECR_LEN (len, 1); + session_id_len = data[pos++]; + +- if (len < session_id_len) ++ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;