aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authormi <mi@FreeBSD.org>2015-01-23 01:31:47 +0800
committermi <mi@FreeBSD.org>2015-01-23 01:31:47 +0800
commitca71bf32e24dfb2c49854231ad2a3915c15cc23e (patch)
tree965421917f2a1897131d21a1cee559732385e596 /net
parenta666fcf46d695ea39f050d297843f2ebb2de05f8 (diff)
downloadfreebsd-ports-gnome-ca71bf32e24dfb2c49854231ad2a3915c15cc23e.tar.gz
freebsd-ports-gnome-ca71bf32e24dfb2c49854231ad2a3915c15cc23e.tar.zst
freebsd-ports-gnome-ca71bf32e24dfb2c49854231ad2a3915c15cc23e.zip
Add a patch fixing a long-standing security problem. Bump PORTREVISION.
PR: 196351 Differential Revision: D1593 Submitted by: Jan Beich Security: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6129 While here, arrange for building a few of the small utilities bundled with library, and install them along with another potentially useful header-file. Sponsored by: http://libpipe.com/
Diffstat (limited to 'net')
-rw-r--r--net/libutp/Makefile15
-rw-r--r--net/libutp/files/BSDmakefile4
-rw-r--r--net/libutp/files/BSDmakefile.utils10
-rw-r--r--net/libutp/files/patch-CVE-2012-612952
-rw-r--r--net/libutp/pkg-descr2
-rw-r--r--net/libutp/pkg-plist4
6 files changed, 84 insertions, 3 deletions
diff --git a/net/libutp/Makefile b/net/libutp/Makefile
index 39ff0d7688eb..71d573bff026 100644
--- a/net/libutp/Makefile
+++ b/net/libutp/Makefile
@@ -3,10 +3,11 @@
PORTNAME= bittorrent-libutp
PORTVERSION= 0.20130514
+PORTREVISION= 1
CATEGORIES= net devel
MAINTAINER= mi@aldan.algebra.com
-COMMENT= The uTorrent Transport Protocol library
+COMMENT= The uTorrent Transport Protocol library and sample utilities
LICENSE= MIT
@@ -23,4 +24,16 @@ USE_LDCONFIG= yes
pre-install:
@${MKDIR} ${STAGEDIR}${PREFIX}/include/libutp
+post-build:
+ ${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_file PROG_CXX=utp_send
+ ${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_file PROG_CXX=utp_recv
+ ${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_test PROG_CXX=utp_test
+
+post-install:
+ ${INSTALL_PROGRAM} \
+ ${WRKSRC}/utp_file/utp_send \
+ ${WRKSRC}/utp_file/utp_recv \
+ ${WRKSRC}/utp_test/utp_test \
+ ${STAGEDIR}${PREFIX}/bin/
+
.include <bsd.port.mk>
diff --git a/net/libutp/files/BSDmakefile b/net/libutp/files/BSDmakefile
index bf6d5ae08577..ead56cbd465a 100644
--- a/net/libutp/files/BSDmakefile
+++ b/net/libutp/files/BSDmakefile
@@ -9,6 +9,8 @@ CXXFLAGS+= -Wall
INCLUDEDIR= ${PREFIX}/include/libutp
LIBDIR= ${PREFIX}/lib
-INCS= utp.h utp_utils.h utypes.h
+INCS= utp.h utp_utils.h utypes.h utp_file/udp.h
+
+WARNS= 5
.include <bsd.lib.mk>
diff --git a/net/libutp/files/BSDmakefile.utils b/net/libutp/files/BSDmakefile.utils
new file mode 100644
index 000000000000..d250ba258e5f
--- /dev/null
+++ b/net/libutp/files/BSDmakefile.utils
@@ -0,0 +1,10 @@
+# PROG_CXX defined on command-line
+
+SRCS= ${PROG_CXX}.cpp
+NO_MAN= ha-ha
+LDADD= -L.. -lutp
+CXXFLAGS+= -I.. -DPOSIX
+
+WARNS= 3
+
+.include <bsd.prog.mk>
diff --git a/net/libutp/files/patch-CVE-2012-6129 b/net/libutp/files/patch-CVE-2012-6129
new file mode 100644
index 000000000000..0c5cf9f821c4
--- /dev/null
+++ b/net/libutp/files/patch-CVE-2012-6129
@@ -0,0 +1,52 @@
+Index: utp.cpp
+===================================================================
+--- utp.cpp (revision 13645)
++++ utp.cpp (revision 13646)
+@@ -1487,6 +1487,8 @@ size_t UTPSocket::selective_ack_bytes(uint base, c
+ return acked_bytes;
+ }
+
++enum { MAX_EACK = 128 };
++
+ void UTPSocket::selective_ack(uint base, const byte *mask, byte len)
+ {
+ if (cur_window_packets == 0) return;
+@@ -1499,7 +1501,7 @@ void UTPSocket::selective_ack(uint base, const byt
+ // resends is a stack of sequence numbers we need to resend. Since we
+ // iterate in reverse over the acked packets, at the end, the top packets
+ // are the ones we want to resend
+- int resends[32];
++ int resends[MAX_EACK];
+ int nr = 0;
+
+ LOG_UTPV("0x%08x: Got EACK [%032b] base:%u", this, *(uint32*)mask, base);
+@@ -1572,6 +1574,12 @@ void UTPSocket::selective_ack(uint base, const byt
+ if (((v - fast_resend_seq_nr) & ACK_NR_MASK) <= OUTGOING_BUFFER_MAX_SIZE &&
+ count >= DUPLICATE_ACKS_BEFORE_RESEND &&
+ duplicate_ack < DUPLICATE_ACKS_BEFORE_RESEND) {
++ // resends is a stack, and we're mostly interested in the top of it
++ // if we're full, just throw away the lower half
++ if (nr >= MAX_EACK - 2) {
++ memmove(resends, &resends[MAX_EACK/2], MAX_EACK/2 * sizeof(resends[0]));
++ nr -= MAX_EACK / 2;
++ }
+ resends[nr++] = v;
+ LOG_UTPV("0x%08x: no ack for %u", this, v);
+ } else {
+@@ -1580,13 +1588,12 @@ void UTPSocket::selective_ack(uint base, const byt
+ }
+ } while (--bits >= -1);
+
+- if (((base - 1 - fast_resend_seq_nr) & ACK_NR_MASK) < 256 &&
+- count >= DUPLICATE_ACKS_BEFORE_RESEND &&
+- duplicate_ack < DUPLICATE_ACKS_BEFORE_RESEND) {
++ if (((base - 1 - fast_resend_seq_nr) & ACK_NR_MASK) <= OUTGOING_BUFFER_MAX_SIZE &&
++ count >= DUPLICATE_ACKS_BEFORE_RESEND) {
+ // if we get enough duplicate acks to start
+ // resending, the first packet we should resend
+ // is base-1
+- resends[nr++] = base - 1;
++ resends[nr++] = (base - 1) & ACK_NR_MASK;
+ } else {
+ LOG_UTPV("0x%08x: not resending %u count:%d dup_ack:%u fast_resend_seq_nr:%u",
+ this, base - 1, count, duplicate_ack, fast_resend_seq_nr);
diff --git a/net/libutp/pkg-descr b/net/libutp/pkg-descr
index f7aeb17a2e67..eb59b56d0c7a 100644
--- a/net/libutp/pkg-descr
+++ b/net/libutp/pkg-descr
@@ -9,4 +9,4 @@ transport for uTorrent peer-to-peer connections.
uTP is written in C++, but the external interface is strictly C
(ANSI C89).
-WWW: https://github.com/bittorrent/libutp
+WWW: https://github.com/bittorrent/libutp
diff --git a/net/libutp/pkg-plist b/net/libutp/pkg-plist
index 17046de36c96..5d74febba7df 100644
--- a/net/libutp/pkg-plist
+++ b/net/libutp/pkg-plist
@@ -1,6 +1,10 @@
+bin/utp_send
+bin/utp_recv
+bin/utp_test
lib/libutp.so.0
lib/libutp.so
lib/libutp.a
+include/libutp/udp.h
include/libutp/utp.h
include/libutp/utp_utils.h
include/libutp/utypes.h