Re: security/gnutls update when...
There are no problems with this that can be seen. Thank you Roman. On Sun, Mar 25, 2012 at 07:26:34PM +0400, Roman Bogorodskiy wrote: Jason Hellenthal wrote: Apparently this port has fell two versions behind. Is there anything that is going to happen to update it to the current stable version ? These advisories have been out for a week now. And the current version is 2.12.18. Database created: Sat Mar 24 13:15:03 EDT 2012 Affected package: gnutls-2.12.16 Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. Reference: http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html Affected package: gnutls-2.12.16 Type of problem: gnutls -- possible overflow/Denial of service vulnerabilities. Reference: http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html 2 problem(s) in your installed packages found. The port was updated to 2.12.18 with some hacks to prevent shlib version bump. Please report if you have any problems with that. Roman Bogorodskiy -- ;s =; pgpUUO2M3j2FE.pgp Description: PGP signature
Re: security/gnutls update when...
Jason Hellenthal wrote: Apparently this port has fell two versions behind. Is there anything that is going to happen to update it to the current stable version ? These advisories have been out for a week now. And the current version is 2.12.18. Database created: Sat Mar 24 13:15:03 EDT 2012 Affected package: gnutls-2.12.16 Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. Reference: http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html Affected package: gnutls-2.12.16 Type of problem: gnutls -- possible overflow/Denial of service vulnerabilities. Reference: http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html 2 problem(s) in your installed packages found. The port was updated to 2.12.18 with some hacks to prevent shlib version bump. Please report if you have any problems with that. Roman Bogorodskiy pgpepbxCPIb12.pgp Description: PGP signature
security/gnutls update when...
Apparently this port has fell two versions behind. Is there anything that is going to happen to update it to the current stable version ? These advisories have been out for a week now. And the current version is 2.12.18. Database created: Sat Mar 24 13:15:03 EDT 2012 Affected package: gnutls-2.12.16 Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. Reference: http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html Affected package: gnutls-2.12.16 Type of problem: gnutls -- possible overflow/Denial of service vulnerabilities. Reference: http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html 2 problem(s) in your installed packages found. -- ;s =; pgp7BKEh337D3.pgp Description: PGP signature
Re: security/gnutls update when...
On (03/24/12 13:29), Jason Hellenthal wrote: Apparently this port has fell two versions behind. Is there anything that is going to happen to update it to the current stable version ? These advisories have been out for a week now. And the current version is 2.12.18. Database created: Sat Mar 24 13:15:03 EDT 2012 Affected package: gnutls-2.12.16 Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. Reference: http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html Affected package: gnutls-2.12.16 Type of problem: gnutls -- possible overflow/Denial of service vulnerabilities. Reference: http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html 2 problem(s) in your installed packages found. -- ;s =; Jason, There is an update in progress (ports/166307). There is a shared library version bump that is part of the gnutls update and this requires a little extra scrutiny. This, combined with the upcoming 8.3 RELEASE is what is contributing to the delay. Hope this helps, -r -- Ryan Steinmetz PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2 ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: security/gnutls update when...
On Sat, Mar 24, 2012 at 10:29 AM, Jason Hellenthal jhellent...@dataix.net wrote: Apparently this port has fell two versions behind. Is there anything that is going to happen to update it to the current stable version ? These advisories have been out for a week now. And the current version is 2.12.18. Database created: Sat Mar 24 13:15:03 EDT 2012 Affected package: gnutls-2.12.16 Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. Reference: http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html Affected package: gnutls-2.12.16 Type of problem: gnutls -- possible overflow/Denial of service vulnerabilities. Reference: http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html 2 problem(s) in your installed packages found. -- ;s =; Note that one of these problems is with libtasn1 and is not a gnutls problems at all. So updating libtasn1actually fixes this one, although the other does require an update to a version of gnutls that has yet to be ported. -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: security/gnutls update when...
On Sat, Mar 24, 2012 at 01:52:45PM -0400, Ryan Steinmetz wrote: On (03/24/12 13:29), Jason Hellenthal wrote: Apparently this port has fell two versions behind. Is there anything that is going to happen to update it to the current stable version ? These advisories have been out for a week now. And the current version is 2.12.18. Database created: Sat Mar 24 13:15:03 EDT 2012 Affected package: gnutls-2.12.16 Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. Reference: http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html Affected package: gnutls-2.12.16 Type of problem: gnutls -- possible overflow/Denial of service vulnerabilities. Reference: http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html 2 problem(s) in your installed packages found. -- ;s =; Jason, There is an update in progress (ports/166307). There is a shared library version bump that is part of the gnutls update and this requires a little extra scrutiny. This, combined with the upcoming 8.3 RELEASE is what is contributing to the delay. Thanks Ryan. Not to sound hasty I realize the release is coming and thought that to be most of the reason as well the shared bump, but I have already had to deal with a few ramifications from rand(lusers); I appreciate the feedback, it gives me at least something to work with. Thanks again. -- ;s =; ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: security/gnutls update when...
On Sat, Mar 24, 2012 at 10:54:32AM -0700, Kevin Oberman wrote:
On Sat, Mar 24, 2012 at 10:29 AM, Jason Hellenthal
jhellent...@dataix.net wrote:
Apparently this port has fell two versions behind. Is there anything
that is going to happen to update it to the current stable version ?
These advisories have been out for a week now. And the current version
is 2.12.18.
Database created: Sat Mar 24 13:15:03 EDT 2012
Affected package: gnutls-2.12.16
Type of problem: libtasn1 -- ASN.1 length decoding vulnerability.
Reference:
http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html
Affected package: gnutls-2.12.16
Type of problem: gnutls -- possible overflow/Denial of service
vulnerabilities.
Reference:
http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html
2 problem(s) in your installed packages found.
--
;s =;
Note that one of these problems is with libtasn1 and is not a gnutls
problems at all. So updating libtasn1actually fixes this one, although
the other does require an update to a version of gnutls that has yet
to be ported.
Only if it was installed or implied...
.if (defined(WITH_LIBTASN1) || exists(${LOCALBASE}/lib/libtasn1.so.4))
!defined(WITHOUT_LIBTASN1)
LIB_DEPENDS+= tasn1.4:${PORTSDIR}/security/libtasn1
.else
CONFIGURE_ARGS+=--with-included-libtasn1
.endif
--
;s =;
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: security/gnutls update when...
Kevin Oberman wrote: On Sat, Mar 24, 2012 at 10:29 AM, Jason Hellenthal jhellent...@dataix.net wrote: Apparently this port has fell two versions behind. Is there anything that is going to happen to update it to the current stable version ? These advisories have been out for a week now. And the current version is 2.12.18. Database created: Sat Mar 24 13:15:03 EDT 2012 Affected package: gnutls-2.12.16 Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. Reference: http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html Affected package: gnutls-2.12.16 Type of problem: gnutls -- possible overflow/Denial of service vulnerabilities. Reference: http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html 2 problem(s) in your installed packages found. -- ;s =; Note that one of these problems is with libtasn1 and is not a gnutls problems at all. So updating libtasn1actually fixes this one, although the other does require an update to a version of gnutls that has yet to be ported. There's a vulnerability in gnutls also: http://www.gnu.org/software/gnutls/security.html Mu Dynamics released an advisory for both libtasn1 and gnutls: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5959 gnutls one is tagged MU-201202-01 and libtasn1 on is MU-201202-02. Roman Bogorodskiy pgpjf0nHsK5UG.pgp Description: PGP signature
