From nobody@FreeBSD.org  Sun Aug 26 11:38:22 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F36CE106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 26 Aug 2012 11:38:21 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id DF74F8FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 26 Aug 2012 11:38:21 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q7QBcLEq096905
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 26 Aug 2012 11:38:21 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q7QBcLQN096904;
	Sun, 26 Aug 2012 11:38:21 GMT
	(envelope-from nobody)
Message-Id: <201208261138.q7QBcLQN096904@red.freebsd.org>
Date: Sun, 26 Aug 2012 11:38:21 GMT
From: Peter Zuidema <peter@icebear.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: DOS vulnerability in bitcoin and bitcoind - CVE-2012-2459
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         171080
>Category:       ports
>Synopsis:       DOS vulnerability in net-p2p/bitcoin and bitcoind - CVE-2012-2459
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    swills
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 26 11:40:02 UTC 2012
>Closed-Date:    Sun Sep 02 02:58:48 UTC 2012
>Last-Modified:  Sun Sep  2 03:00:25 UTC 2012
>Originator:     Peter Zuidema
>Release:        8.3-RELEASE-p3
>Organization:
>Environment:
FreeBSD ganesh.icebear.net 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Wed Jun 20 23:13:40 CEST 2012     root@ganesh.icebear.net:/usr/obj/usr/src/sys/GANESH  amd64
>Description:
As copied from the CVE entry - 
---
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->swills 
Responsible-Changed-By: swills 
Responsible-Changed-When: Wed Aug 29 19:45:56 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=171080 
State-Changed-From-To: open->closed 
State-Changed-By: swills 
State-Changed-When: Sun Sep 2 02:58:47 UTC 2012 
State-Changed-Why:  
Port updated and vuxml entry added, thanks for the heads up. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=171080 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/171080: commit references a PR
Date: Sun,  2 Sep 2012 02:52:10 +0000 (UTC)

 Author: swills
 Date: Sun Sep  2 02:51:56 2012
 New Revision: 303526
 URL: http://svn.freebsd.org/changeset/ports/303526
 
 Log:
   - Update to 0.6.3
   
   PR:		ports/171080
   Security:	b50913ce-f4a7-11e1-b135-003067b2972c
 
 Added:
   head/net-p2p/bitcoin/files/
   head/net-p2p/bitcoin/files/patch-transactiondesc.cpp   (contents, props changed)
 Modified:
   head/net-p2p/bitcoin/Makefile   (contents, props changed)
   head/net-p2p/bitcoin/distinfo   (contents, props changed)
 
 Modified: head/net-p2p/bitcoin/Makefile
 ==============================================================================
 --- head/net-p2p/bitcoin/Makefile	Sun Sep  2 00:35:37 2012	(r303525)
 +++ head/net-p2p/bitcoin/Makefile	Sun Sep  2 02:51:56 2012	(r303526)
 @@ -6,77 +6,68 @@
  #
  
  PORTNAME=	bitcoin
 -PORTVERSION=	0.4.0
 -PORTREVISION=	1
 +PORTVERSION=	0.6.3
  CATEGORIES=	net-p2p finance
 -MASTER_SITES=	https://nodeload.github.com/${PORTNAME}/${PORTNAME}/tarball/	\
 -		http://mirror.inerd.com/FreeBSD/distfiles/${PORTNAME}/
 -DISTFILES=	v${PORTVERSION}
  
  MAINTAINER=	ports@FreeBSD.org
  COMMENT=	Virtual Peer-to-Peer Currency Client
  
 -BUILD_DEPENDS=	${LOCALBASE}/include/boost/graph/parallel/algorithm.hpp:${PORTSDIR}/devel/boost-libs # 1.40+
 -LIB_DEPENDS=	boost_date_time.4:${PORTSDIR}/devel/boost-libs
 +LIB_DEPENDS=	boost_date_time:${PORTSDIR}/devel/boost-libs
  
 -OPTIONS=	GUI  "Build with wxWidgets GUI" on	\
 -		UPNP "Build with UPNP support"  off
 +OPTIONS=	GUI  "Build with QT3 GUI" on	\
 +		UPNP "Build with UPNP support"  off \
 +		QRCODES "Build with QR code display" on
 +
 +USE_GITHUB=     yes
 +GH_ACCOUNT=     bitcoin
 +GH_PROJECT=	bitcoin
 +GH_COMMIT=      6e0c5e3
  
  USE_GMAKE=	yes
  USE_OPENSSL=	yes
  USE_BDB=	yes
 -WANT_BDB_VER=	47	# 4.8 doesn't work
 +WANT_BDB_VER=	47
  
  CXXFLAGS+=	-I${LOCALBASE}/include -I${BDB_INCLUDE_DIR}
  CXXFLAGS+=	-L${LOCALBASE}/lib -L${BDB_LIB_DIR}
  CXXFLAGS+=	-Wno-invalid-offsetof
  
 -WRKSRC=		${WRKDIR}/bitcoin-bitcoin-72274ed/src
 -
 -DIST_SUBDIR=	${PORTNAME}
 -
 -LOCALES=	cs de eo es fr it lt nl pt ro ru sv zh_cn
 -
  .include <bsd.port.options.mk>
  
  .if defined(WITH_GUI) && !defined(WITHOUT_X11)
 -USE_GNOME=	gtk20
 -
 -#USE_WX=		2.9+
 -
 -BUILD_DEPENDS+=	${LOCALBASE}/include/wx-2.9/wx/aboutdlg.h:${PORTSDIR}/x11-toolkits/wxgtk29
 -RUN_DEPENDS+=	${LOCALBASE}/include/wx-2.9/wx/aboutdlg.h:${PORTSDIR}/x11-toolkits/wxgtk29
 -WX_CONFIG=	${LOCALBASE}/bin/wxgtk2u-2.9-config
 -
 -BINARY=		bitcoin
 -PLIST_FILES=	bin/${BINARY}
 +USE_QT_VER=	4
 +USE_QT4=	corelib gui qmake_build linguist uic moc rcc
 +BINARY=		bitcoin-qt
  .else
 -USE_GNOME=	glib20
 -
  BINARY=		bitcoind
  ALL_TARGET=	${BINARY}
 -PLIST_FILES=	bin/${BINARY}
 +MAKE_ARGS+=	-C ${WRKSRC}/src
  .endif
  
 -.if defined(WITH_UPNP)
 -LIB_DEPENDS+=	miniupnpc:${PORTSDIR}/net/miniupnpc
 -MAKE_ENV+=	USE_UPNP=yes
 +.if defined(WITH_QRCODES)
 +LIB_DEPENDS+=	qrencode:${PORTSDIR}/graphics/libqrencode
 +QMAKE_USE_QRCODE=1
 +.else
 +QMAKE_USE_QRCODE=0
  .endif
  
 -.if !defined(WITHOUT_NLS)
 -PLIST_FILES+=	${LOCALES:C|^|share/locale/|:C|$|/LC_MESSAGES/bitcoin.mo|}
 -PLIST_DIRSTRY+=	${LOCALES:C|^|share/locale/|:C|$|/LC_MESSAGES|}
 -PLIST_DIRSTRY+=	${LOCALES:C|^|share/locale/|}
 +PLIST_FILES=	bin/${BINARY}
 +
 +.if defined(WITH_UPNP)
 +LIB_DEPENDS+=	miniupnpc:${PORTSDIR}/net/miniupnpc
 +QMAKE_USE_UPNP=	1
 +.else
 +QMAKE_USE_UPNP=	-
  .endif
  
  .include <bsd.port.pre.mk>
  
  post-patch:
 -	@${CP} ${WRKSRC}/protocol.h ${WRKSRC}/protocol.h.orig
 +	@${CP} ${WRKSRC}/src/protocol.h ${WRKSRC}/src/protocol.h.orig
  	@${AWK} 'BEGIN { f = 0 } { if ( $$0 ~ /^#include/ && f == 0 ) { f = 1; print "#include <sys/socket.h>"; print "#include <netinet/in.h>" }; print }' \
 -		${WRKSRC}/protocol.h.orig > ${WRKSRC}/protocol.h
 +		${WRKSRC}/src/protocol.h.orig > ${WRKSRC}/src/protocol.h
  
 -	@cd ${WRKSRC} && ${CP} -p makefile.unix Makefile
 +	@cd ${WRKSRC}/src && ${CP} -p makefile.unix Makefile
  	@${REINPLACE_CMD} \
  		-e 's|wx-config|${WX_CONFIG}|g' \
  		-e 's|^CXXFLAGS=.*$$|CXXFLAGS += $$(DEFS)|' \
 @@ -84,18 +75,22 @@ post-patch:
  		-e 's|-l pthread|${PTHREAD_LIBS}|g' \
  		-e 's:-O3::' -e 's:-\(march=[A-Za-z0-9]*\)::g' \
  		-e 's:-l dl::' \
 -		${WRKSRC}/Makefile
 +		${WRKSRC}/src/Makefile
 +
 +do-configure:
 +.if defined(WITH_GUI) && !defined(WITHOUT_X11)
 +	cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} \
 +		${QMAKE} USE_UPNP=${QMAKE_USE_UPNP} USE_QRCODE=${QMAKE_USE_QRCODE} \
 +		QMAKE_LRELEASE=lrelease-qt4 PREFIX=${PREFIX} INCLUDEPATH=${BDB_INCLUDE_DIR} \
 +		QMAKE_LIBDIR+=${BDB_LIB_DIR} bitcoin-qt.pro
 +.endif
  
  do-install:
  	@${MKDIR} ${PREFIX}/bin
 +.if defined(WITH_GUI) && !defined(WITHOUT_X11)
  	${INSTALL_PROGRAM} ${WRKSRC}/${BINARY} ${PREFIX}/bin/
 -
 -.if !defined(WITHOUT_NLS)
 -.  for lo in ${LOCALES}
 -	@${MKDIR} ${PREFIX}/share/locale/${lo}/LC_MESSAGES
 -	${INSTALL_DATA} ${WRKSRC}/../locale/${lo}/LC_MESSAGES/bitcoin.mo \
 -		${PREFIX}/share/locale/${lo}/LC_MESSAGES/
 -.  endfor
 +.else
 +	${INSTALL_PROGRAM} ${WRKSRC}/src/${BINARY} ${PREFIX}/bin/
  .endif
  
  .include <bsd.port.post.mk>
 
 Modified: head/net-p2p/bitcoin/distinfo
 ==============================================================================
 --- head/net-p2p/bitcoin/distinfo	Sun Sep  2 00:35:37 2012	(r303525)
 +++ head/net-p2p/bitcoin/distinfo	Sun Sep  2 02:51:56 2012	(r303526)
 @@ -1,2 +1,2 @@
 -SHA256 (bitcoin/v0.4.0) = 4feb67c2191ae3c7ebfbcd2fbc98bfdb01242a63f9d9158f5a75482542f02d11
 -SIZE (bitcoin/v0.4.0) = 896167
 +SHA256 (bitcoin-0.6.3.tar.gz) = b4d538bdfd0c11dd0d12896ad444bcdc04cfc98b55deca73ed951ecef03363a6
 +SIZE (bitcoin-0.6.3.tar.gz) = 1362075
 
 Added: head/net-p2p/bitcoin/files/patch-transactiondesc.cpp
 ==============================================================================
 --- /dev/null	00:00:00 1970	(empty, because file is newly added)
 +++ head/net-p2p/bitcoin/files/patch-transactiondesc.cpp	Sun Sep  2 02:51:56 2012	(r303526)
 @@ -0,0 +1,10 @@
 +--- src/qt/transaction.cpp.orig	2012-09-01 03:08:26.000000000 +0000
 ++++ src/qt/transactiondesc.cpp	2012-09-01 03:08:38.000000000 +0000
 +@@ -7,6 +7,7 @@
 + #include "wallet.h"
 + #include "db.h"
 + #include "ui_interface.h"
 ++#include "walletdb.h"
 + 
 + #include <QString>
 + 
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
>Unformatted:
