svn commit: r319965 - in head: net-im/telepathy-gabble security/vuxml

Koop Mast kwm at FreeBSD.org
Wed Jun 5 09:02:48 UTC 2013 

Author: kwm
Date: Wed Jun  5 09:02:46 2013
New Revision: 319965
URL: http://svnweb.freebsd.org/changeset/ports/319965

Log:
  Update to 0.16.6.
  
  Obtained from:	GNOME dev repo
  Security:	CVE-2013-1431

Modified:
  head/net-im/telepathy-gabble/Makefile
  head/net-im/telepathy-gabble/distinfo
  head/security/vuxml/vuln.xml

Modified: head/net-im/telepathy-gabble/Makefile
==============================================================================
--- head/net-im/telepathy-gabble/Makefile	Wed Jun  5 09:02:10 2013	(r319964)
+++ head/net-im/telepathy-gabble/Makefile	Wed Jun  5 09:02:46 2013	(r319965)
@@ -1,16 +1,15 @@
 # $FreeBSD$
-#    $MCom: ports/net-im/telepathy-gabble/Makefile,v 1.22 2012/08/08 16:56:40 kwm Exp $
+#    $MCom: ports/trunk/net-im/telepathy-gabble/Makefile 17271 2013-04-01 15:16:27Z kwm $
 
 PORTNAME=	telepathy-gabble
-PORTVERSION=	0.16.1
+PORTVERSION=	0.16.6
 CATEGORIES=	net-im
 MASTER_SITES=	http://telepathy.freedesktop.org/releases/${PORTNAME}/
 
 MAINTAINER=	gnome at FreeBSD.org
 COMMENT=	Jabber Connection Manager for Telepathy Framework
 
-BUILD_DEPENDS=	xsltproc:${PORTSDIR}/textproc/libxslt \
-		telepathy-glib>=0.18.0:${PORTSDIR}/net-im/telepathy-glib \
+BUILD_DEPENDS=	telepathy-glib>=0.18.0:${PORTSDIR}/net-im/telepathy-glib \
 		${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss
 LIB_DEPENDS=	soup-2.4:${PORTSDIR}/devel/libsoup \
 		nice:${PORTSDIR}/net-im/libnice \
@@ -20,10 +19,12 @@ LIB_DEPENDS=	soup-2.4:${PORTSDIR}/devel/
 		loudmouth-1:${PORTSDIR}/net-im/loudmouth
 RUN_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss
 
+PORTSCOUT=	limitw:1,even
+
 GNU_CONFIGURE=	yes
-LDFLAGS+=	${PTHREAD_LIBS}
 USE_GMAKE=	yes
-USE_GNOME=	gnomehack glib20
+USES=		pathfix pkgconfig
+USE_GNOME=	glib20 libxslt:build
 USE_SQLITE=	yes
 USE_OPENSSL=	yes
 USE_PYTHON_BUILD=	yes

Modified: head/net-im/telepathy-gabble/distinfo
==============================================================================
--- head/net-im/telepathy-gabble/distinfo	Wed Jun  5 09:02:10 2013	(r319964)
+++ head/net-im/telepathy-gabble/distinfo	Wed Jun  5 09:02:46 2013	(r319965)
@@ -1,2 +1,2 @@
-SHA256 (telepathy-gabble-0.16.1.tar.gz) = 77536d0ca6c040f1b1bd46c6f5914d0677a6dc6ecf1e858816c24fcf07e3f310
-SIZE (telepathy-gabble-0.16.1.tar.gz) = 2644994
+SHA256 (telepathy-gabble-0.16.6.tar.gz) = 0a4726241f3e0ef6a42281eca954ff63948c44d2faa264242faa3a92fb02b792
+SIZE (telepathy-gabble-0.16.6.tar.gz) = 2434346

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Jun  5 09:02:10 2013	(r319964)
+++ head/security/vuxml/vuln.xml	Wed Jun  5 09:02:46 2013	(r319965)
@@ -51,6 +51,39 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="a3c2dee5-cdb9-11e2-b9ce-080027019be0">
+    <topic>telepathy-gabble -- TLS verification bypass</topic>
+    <affects>
+      <package>
+	<name>telepathy-gabble</name>
+	<range><lt>0.16.6</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Simon McVittie reports:</p>
+	<blockquote cite="http://lists.freedesktop.org/archives/telepathy/2013-May/006449.html">
+	  <p>This release fixes a man-in-the-middle attack.</p>
+	  <p>If you use an unencrypted connection to a "legacy Jabber"
+	     (pre-XMPP) server, this version of Gabble will not connect
+	     until you make one of these configuration changes:</p>
+	  <p>. upgrade the server software to something that supports XMPP 1.0; or</p>
+	  <p>. use an encrypted "old SSL" connection, typically on port 5223
+	     (old-ssl); or</p>
+	  <p>. turn off "Encryption required (TLS/SSL)" (require-encryption).</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-1431</cvename>
+      <url>http://lists.freedesktop.org/archives/telepathy/2013-May/006449.html</url>
+    </references>
+    <dates>
+      <discovery>2013-05-27</discovery>
+      <entry>2013-06-05</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="4865d189-cd62-11e2-ae11-00262d5ed8ee">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>

More information about the svn-ports-all mailing list