net/libutp: pull Transmission's fix for CVE-2012-6129
AbandonedPublic
Actions

Authored by jbeich on Jan 22 2015, 4:48 AM.

Details

Reviewers

Summary

Pull Transmisson's fix for stack-based buffer overflow in libutp

Also fixed upstream but due to breaking API changes net/libutp update
is delayed until consumers adapt, or at least net-p2p/transmission-*.

PR: 196351
Obtained from: https://trac.transmissionbt.com/changeset/13646/
Approved by: bapt (mentor)
Approved by: mi (maintainer)
MFH: 2014Q4
MFH: 2015Q1
Security: CVE-2012-6129
Security: 0523fb7e-8444-4e86-812d-8de05f6f0dce

/branches/2014Q4 and /branches/2015Q1 want the fix becasue
Transmission there uses system libutp, see rP369657.

Test Plan

Run Transmission for a while with uTP enabled.

Diff Detail

Repository

rP FreeBSD ports repository

Lint

No Lint Coverage

Unit

No Test Coverage

Event Timeline

jbeich updated this revision to Diff 3315.Jan 22 2015, 4:48 AM

jbeich retitled this revision from to net/libutp: pull Transmission's fix for CVE-2012-6129.

jbeich updated this object.

jbeich edited the test plan for this revision. (Show Details)

jbeich added a reviewer: bapt.

jbeich added a parent revision: D1575: security/vuxml: add entry for libutp CVE-2012-6129.Jan 22 2015, 4:48 AM

You will need to bump port revision as well

This revision now requires changes to proceed.Jan 22 2015, 12:55 PM

Closed by commit rP377674 (authored by @mi).

Revision Contents
Changeset List

Path

Size

net/

libutp/

files/

patch-CVE-2012-6129

52 lines

Diff 3315

View Options

net/libutp/files/patch-CVE-2012-6129

net/libutp: pull Transmission's fix for CVE-2012-6129AbandonedPublicActions