MFH r307263 by eadler:

Apply an upstream patch that fixes a security hole when receiving a special colored message. The maintainer was contacted but due to the nature of the issue apply the patch ASAP. Approved by: secteam-ports (swills) Security: e02c572f-2af0-11e2-bb44-003067b2972c MFH r307275 by jase: - Update to 0.3.9.1 Changes: http://www.weechat.org/files/changelog/ChangeLog-0.3.9.1.html MFH r307276 by jase: - Remove extraneous patch MFH r307279 by jase: - Update to 20121110 - Remove extraneous patch MFH r307387 by jase: - Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c) - Document assigned CVE Identifier - Document workaround for vulnerable versions Feature safe: yes
freebsd · Nov 13, 2012 · f4fd845 · f4fd845
1 parent 54f71a9
commit f4fd845
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 8 deletions.
diff --git a/irc/weechat-devel/Makefile b/irc/weechat-devel/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	weechat
-PORTVERSION=	20121103
+PORTVERSION=	20121110
 CATEGORIES=	irc
 MASTER_SITES=	http://perturb.me.uk/distfiles/ \
 		${MASTER_SITE_LOCAL}
@@ -26,7 +26,7 @@ WANT_PERL=	yes
 LIB_DEPENDS+=	curl:${PORTSDIR}/ftp/curl \
 		gcrypt:${PORTSDIR}/security/libgcrypt
 
-GITREV=	c848cb4
+GITREV=	7cd376b
 WRKSRC=	${WRKDIR}/${PORTNAME}-${GITREV}
 
 # Please note: the DEBUG option is *NOT* empty, it is utilised by

diff --git a/irc/weechat-devel/distinfo b/irc/weechat-devel/distinfo
@@ -1,2 +1,2 @@
-SHA256 (weechat-devel-c848cb4.tar.gz) = 0addead395d9eaeafa782996ccc447dafa3b5138d3e21285b602abf37c614655
-SIZE (weechat-devel-c848cb4.tar.gz) = 2511229
+SHA256 (weechat-devel-7cd376b.tar.gz) = dd10c1ab81051ec3476ad95a12c4c70cd8161a5f0dbcc7f0659e3d2602a79ef2
+SIZE (weechat-devel-7cd376b.tar.gz) = 2517031
diff --git a/irc/weechat/Makefile b/irc/weechat/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	weechat
-PORTVERSION=	0.3.9
+PORTVERSION=	0.3.9.1
 CATEGORIES=	irc
 MASTER_SITES=	http://weechat.org/files/src/
 

diff --git a/irc/weechat/distinfo b/irc/weechat/distinfo
@@ -1,2 +1,2 @@
-SHA256 (weechat-0.3.9.tar.gz) = 8666c788cbb212036197365df3ba3cf964a23e4f644d76ea51d66dbe3be593bb
-SIZE (weechat-0.3.9.tar.gz) = 3761786
+SHA256 (weechat-0.3.9.1.tar.gz) = 9a6ad4aacbda9c5524dc519cc8782621d59ba1bf0556e64f5ae4f9102f28b29d
+SIZE (weechat-0.3.9.1.tar.gz) = 3756617
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
@@ -134,18 +134,21 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="https://savannah.nongnu.org/bugs/?37704">
 	  <p>A buffer overflow is causing a crash or freeze of WeeChat when 
 	  decoding IRC colors in strings.</p>
+	  <p>Workaround for a non-patched version: 
+	  /set irc.network.colors_receive off</p>
 	</blockquote>
       </body>
     </description>
     <references>
+      <cvename>CVE-2012-5854</cvename>
       <freebsdpr>ports/173513</freebsdpr>
       <url>http://weechat.org/security/</url>
       <url>https://savannah.nongnu.org/bugs/?37704</url>
     </references>
     <dates>
       <discovery>2012-11-09</discovery>
       <entry>2012-11-10</entry>
-      <modified>2012-11-10</modified>
+      <modified>2012-11-13</modified>
     </dates>
   </vuln>