svn commit: r324675 - in head/security/polarssl: . files
Matthias Andree
mandree at FreeBSD.org
Tue Aug 13 17:17:17 UTC 2013
Author: mandree
Date: Tue Aug 13 17:17:15 2013
New Revision: 324675
URL: http://svnweb.freebsd.org/changeset/ports/324675
Log:
Update to new version 1.2.8, fixing security issues (denial of service).
Fix fetching, by bypassing splash screen (adds files/fetchwrapper.sh).
Approved by: jase (maintainer)
Security: 72bf9e21-03df-11e3-bd8d-080027ef73ec
Security: CVE-2013-4623
Added:
head/security/polarssl/files/fetchwrapper.sh (contents, props changed)
Modified:
head/security/polarssl/Makefile
head/security/polarssl/distinfo
head/security/polarssl/pkg-plist
Modified: head/security/polarssl/Makefile
==============================================================================
--- head/security/polarssl/Makefile Tue Aug 13 16:53:48 2013 (r324674)
+++ head/security/polarssl/Makefile Tue Aug 13 17:17:15 2013 (r324675)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= polarssl
-PORTVERSION= 1.2.7
+PORTVERSION= 1.2.8
DISTVERSIONSUFFIX= -gpl
CATEGORIES= security devel
MASTER_SITES= http://polarssl.org/download/
@@ -12,7 +12,10 @@ COMMENT= Open Source embedded SSL/TLS cr
LICENSE= GPLv2
-FETCH_ARGS= -pRr
+# bypass the HTML "now downloading..." splash site, code below
+# .include <bsd.port.pre.mk>
+URL_SUFFIX= ?do=yes
+FETCH_ARGS= -pRro ${DISTFILES}
ALL_TARGET= no_test
USE_GMAKE= yes
@@ -48,6 +51,9 @@ post-install:
.include <bsd.port.pre.mk>
+FETCH_CMD:= ${SHELL} ${FILESDIR}/fetchwrapper.sh \
+ ${URL_SUFFIX} ${FETCH_BINARY} ${FETCH_ARGS}
+
.if ${ARCH} == "powerpc"
BROKEN= Does not compile on powerpc
.endif
Modified: head/security/polarssl/distinfo
==============================================================================
--- head/security/polarssl/distinfo Tue Aug 13 16:53:48 2013 (r324674)
+++ head/security/polarssl/distinfo Tue Aug 13 17:17:15 2013 (r324675)
@@ -1,2 +1,2 @@
-SHA256 (polarssl-1.2.7-gpl.tgz) = d64c2d1247f93cdeb884bd3706dfddffc636634bbf81d3772af750d5b5191328
-SIZE (polarssl-1.2.7-gpl.tgz) = 977888
+SHA256 (polarssl-1.2.8-gpl.tgz) = 23cf931e322ab397d26c89b7e805cf2229df46c5196f4f67ebfc0e285848637b
+SIZE (polarssl-1.2.8-gpl.tgz) = 998609
Added: head/security/polarssl/files/fetchwrapper.sh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/polarssl/files/fetchwrapper.sh Tue Aug 13 17:17:15 2013 (r324675)
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# $FreeBSD$
+
+# This script tacks the first argument onto each URL found in the list,
+# discards and then executes the list.
+
+# URL matching is simplistic, a URL is what matches *tp://* (so file:///
+# is not matched).
+
+# For instance, calling:
+# fetchwrapper.sh '?do=yes' /usr/bin/fetch -pPr http://example.org/file
+# will execute:
+# /usr/bin/fetch -pPr http://example.org/file?do=yes
+
+# The intention is to work around download splash screens on web servers.
+
+# (C) Copyright 2013 by Matthias Andree.
+# Licensed under the 2-clause BSD license.
+
+if [ $# -lt 3 ] ; then
+ echo >&2 "Usage: $0 URLsuffix fetch-command [options] URL [post-options]"
+ exit 1
+fi
+
+patcharray() {
+ # based on Rich Felker's "Working with arrays",
+ # http://www.etalabs.net/sh_tricks.html
+ for i do
+ case "$i" in *tp://*) j=$suffix ;; *) j= ;; esac
+ printf %s%s\\n "$i" "$j" | sed -e "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/"
+ done
+ echo " "
+}
+
+suffix="$1" ; shift
+args=$(patcharray "$@")
+eval "set -- $args"
+
+set -x
+exec "$@"
Modified: head/security/polarssl/pkg-plist
==============================================================================
--- head/security/polarssl/pkg-plist Tue Aug 13 16:53:48 2013 (r324674)
+++ head/security/polarssl/pkg-plist Tue Aug 13 17:17:15 2013 (r324675)
@@ -50,6 +50,8 @@ include/polarssl/padlock.h
include/polarssl/pem.h
include/polarssl/pbkdf2.h
include/polarssl/pkcs11.h
+include/polarssl/pkcs12.h
+include/polarssl/pkcs5.h
include/polarssl/rsa.h
include/polarssl/sha1.h
include/polarssl/sha2.h
More information about the svn-ports-head
mailing list