aboutsummaryrefslogtreecommitdiffstats
path: root/ftp
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2013-12-19 07:04:24 +0800
committerdelphij <delphij@FreeBSD.org>2013-12-19 07:04:24 +0800
commit8c22919f153e55385c781806cf0e679d76119d86 (patch)
tree61c87dca698b425a6df10184c8d862fbe31ab876 /ftp
parent4ccde899e821ee9637699adbd6326766b61cfeb3 (diff)
downloadfreebsd-ports-graphics-8c22919f153e55385c781806cf0e679d76119d86.tar.gz
freebsd-ports-graphics-8c22919f153e55385c781806cf0e679d76119d86.tar.zst
freebsd-ports-graphics-8c22919f153e55385c781806cf0e679d76119d86.zip
Apply vendor fix for CVE-2013-6422, cURL libcurl cert name check ignore
with GnuTLS. Document the vulnerability fix in vuxml while I'm here.
Diffstat (limited to 'ftp')
-rw-r--r--ftp/curl/Makefile2
-rw-r--r--ftp/curl/files/patch-CVE-2013-642232
2 files changed, 33 insertions, 1 deletions
diff --git a/ftp/curl/Makefile b/ftp/curl/Makefile
index 856fc239faf..05980d04bdd 100644
--- a/ftp/curl/Makefile
+++ b/ftp/curl/Makefile
@@ -3,7 +3,7 @@
PORTNAME= curl
PORTVERSION= 7.33.0
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= ftp www
MASTER_SITES= http://curl.haxx.se/download/ \
LOCAL/sunpoet
diff --git a/ftp/curl/files/patch-CVE-2013-6422 b/ftp/curl/files/patch-CVE-2013-6422
new file mode 100644
index 00000000000..3c29829f945
--- /dev/null
+++ b/ftp/curl/files/patch-CVE-2013-6422
@@ -0,0 +1,32 @@
+--- ./lib/gtls.c.orig 2013-10-12 15:05:06.000000000 -0700
++++ ./lib/gtls.c 2013-12-18 15:00:22.000000000 -0800
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -633,10 +633,8 @@
+ else
+ infof(data, "\t server certificate verification OK\n");
+ }
+- else {
++ else
+ infof(data, "\t server certificate verification SKIPPED\n");
+- goto after_server_cert_verification;
+- }
+
+ /* initialize an X.509 certificate structure. */
+ gnutls_x509_crt_init(&x509_cert);
+@@ -766,8 +764,6 @@
+
+ gnutls_x509_crt_deinit(x509_cert);
+
+-after_server_cert_verification:
+-
+ /* compression algorithm (if any) */
+ ptr = gnutls_compression_get_name(gnutls_compression_get(session));
+ /* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */