diff options
author | mi <mi@FreeBSD.org> | 2015-01-23 01:31:47 +0800 |
---|---|---|
committer | mi <mi@FreeBSD.org> | 2015-01-23 01:31:47 +0800 |
commit | ca71bf32e24dfb2c49854231ad2a3915c15cc23e (patch) | |
tree | 965421917f2a1897131d21a1cee559732385e596 /net | |
parent | a666fcf46d695ea39f050d297843f2ebb2de05f8 (diff) | |
download | freebsd-ports-gnome-ca71bf32e24dfb2c49854231ad2a3915c15cc23e.tar.gz freebsd-ports-gnome-ca71bf32e24dfb2c49854231ad2a3915c15cc23e.tar.zst freebsd-ports-gnome-ca71bf32e24dfb2c49854231ad2a3915c15cc23e.zip |
Add a patch fixing a long-standing security problem. Bump PORTREVISION.
PR: 196351
Differential Revision: D1593
Submitted by: Jan Beich
Security: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6129
While here, arrange for building a few of the small utilities bundled
with library, and install them along with another potentially useful
header-file.
Sponsored by: http://libpipe.com/
Diffstat (limited to 'net')
-rw-r--r-- | net/libutp/Makefile | 15 | ||||
-rw-r--r-- | net/libutp/files/BSDmakefile | 4 | ||||
-rw-r--r-- | net/libutp/files/BSDmakefile.utils | 10 | ||||
-rw-r--r-- | net/libutp/files/patch-CVE-2012-6129 | 52 | ||||
-rw-r--r-- | net/libutp/pkg-descr | 2 | ||||
-rw-r--r-- | net/libutp/pkg-plist | 4 |
6 files changed, 84 insertions, 3 deletions
diff --git a/net/libutp/Makefile b/net/libutp/Makefile index 39ff0d7688eb..71d573bff026 100644 --- a/net/libutp/Makefile +++ b/net/libutp/Makefile @@ -3,10 +3,11 @@ PORTNAME= bittorrent-libutp PORTVERSION= 0.20130514 +PORTREVISION= 1 CATEGORIES= net devel MAINTAINER= mi@aldan.algebra.com -COMMENT= The uTorrent Transport Protocol library +COMMENT= The uTorrent Transport Protocol library and sample utilities LICENSE= MIT @@ -23,4 +24,16 @@ USE_LDCONFIG= yes pre-install: @${MKDIR} ${STAGEDIR}${PREFIX}/include/libutp +post-build: + ${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_file PROG_CXX=utp_send + ${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_file PROG_CXX=utp_recv + ${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_test PROG_CXX=utp_test + +post-install: + ${INSTALL_PROGRAM} \ + ${WRKSRC}/utp_file/utp_send \ + ${WRKSRC}/utp_file/utp_recv \ + ${WRKSRC}/utp_test/utp_test \ + ${STAGEDIR}${PREFIX}/bin/ + .include <bsd.port.mk> diff --git a/net/libutp/files/BSDmakefile b/net/libutp/files/BSDmakefile index bf6d5ae08577..ead56cbd465a 100644 --- a/net/libutp/files/BSDmakefile +++ b/net/libutp/files/BSDmakefile @@ -9,6 +9,8 @@ CXXFLAGS+= -Wall INCLUDEDIR= ${PREFIX}/include/libutp LIBDIR= ${PREFIX}/lib -INCS= utp.h utp_utils.h utypes.h +INCS= utp.h utp_utils.h utypes.h utp_file/udp.h + +WARNS= 5 .include <bsd.lib.mk> diff --git a/net/libutp/files/BSDmakefile.utils b/net/libutp/files/BSDmakefile.utils new file mode 100644 index 000000000000..d250ba258e5f --- /dev/null +++ b/net/libutp/files/BSDmakefile.utils @@ -0,0 +1,10 @@ +# PROG_CXX defined on command-line + +SRCS= ${PROG_CXX}.cpp +NO_MAN= ha-ha +LDADD= -L.. -lutp +CXXFLAGS+= -I.. -DPOSIX + +WARNS= 3 + +.include <bsd.prog.mk> diff --git a/net/libutp/files/patch-CVE-2012-6129 b/net/libutp/files/patch-CVE-2012-6129 new file mode 100644 index 000000000000..0c5cf9f821c4 --- /dev/null +++ b/net/libutp/files/patch-CVE-2012-6129 @@ -0,0 +1,52 @@ +Index: utp.cpp +=================================================================== +--- utp.cpp (revision 13645) ++++ utp.cpp (revision 13646) +@@ -1487,6 +1487,8 @@ size_t UTPSocket::selective_ack_bytes(uint base, c + return acked_bytes; + } + ++enum { MAX_EACK = 128 }; ++ + void UTPSocket::selective_ack(uint base, const byte *mask, byte len) + { + if (cur_window_packets == 0) return; +@@ -1499,7 +1501,7 @@ void UTPSocket::selective_ack(uint base, const byt + // resends is a stack of sequence numbers we need to resend. Since we + // iterate in reverse over the acked packets, at the end, the top packets + // are the ones we want to resend +- int resends[32]; ++ int resends[MAX_EACK]; + int nr = 0; + + LOG_UTPV("0x%08x: Got EACK [%032b] base:%u", this, *(uint32*)mask, base); +@@ -1572,6 +1574,12 @@ void UTPSocket::selective_ack(uint base, const byt + if (((v - fast_resend_seq_nr) & ACK_NR_MASK) <= OUTGOING_BUFFER_MAX_SIZE && + count >= DUPLICATE_ACKS_BEFORE_RESEND && + duplicate_ack < DUPLICATE_ACKS_BEFORE_RESEND) { ++ // resends is a stack, and we're mostly interested in the top of it ++ // if we're full, just throw away the lower half ++ if (nr >= MAX_EACK - 2) { ++ memmove(resends, &resends[MAX_EACK/2], MAX_EACK/2 * sizeof(resends[0])); ++ nr -= MAX_EACK / 2; ++ } + resends[nr++] = v; + LOG_UTPV("0x%08x: no ack for %u", this, v); + } else { +@@ -1580,13 +1588,12 @@ void UTPSocket::selective_ack(uint base, const byt + } + } while (--bits >= -1); + +- if (((base - 1 - fast_resend_seq_nr) & ACK_NR_MASK) < 256 && +- count >= DUPLICATE_ACKS_BEFORE_RESEND && +- duplicate_ack < DUPLICATE_ACKS_BEFORE_RESEND) { ++ if (((base - 1 - fast_resend_seq_nr) & ACK_NR_MASK) <= OUTGOING_BUFFER_MAX_SIZE && ++ count >= DUPLICATE_ACKS_BEFORE_RESEND) { + // if we get enough duplicate acks to start + // resending, the first packet we should resend + // is base-1 +- resends[nr++] = base - 1; ++ resends[nr++] = (base - 1) & ACK_NR_MASK; + } else { + LOG_UTPV("0x%08x: not resending %u count:%d dup_ack:%u fast_resend_seq_nr:%u", + this, base - 1, count, duplicate_ack, fast_resend_seq_nr); diff --git a/net/libutp/pkg-descr b/net/libutp/pkg-descr index f7aeb17a2e67..eb59b56d0c7a 100644 --- a/net/libutp/pkg-descr +++ b/net/libutp/pkg-descr @@ -9,4 +9,4 @@ transport for uTorrent peer-to-peer connections. uTP is written in C++, but the external interface is strictly C (ANSI C89). -WWW: https://github.com/bittorrent/libutp +WWW: https://github.com/bittorrent/libutp diff --git a/net/libutp/pkg-plist b/net/libutp/pkg-plist index 17046de36c96..5d74febba7df 100644 --- a/net/libutp/pkg-plist +++ b/net/libutp/pkg-plist @@ -1,6 +1,10 @@ +bin/utp_send +bin/utp_recv +bin/utp_test lib/libutp.so.0 lib/libutp.so lib/libutp.a +include/libutp/udp.h include/libutp/utp.h include/libutp/utp_utils.h include/libutp/utypes.h |