On Sun, 12 Aug 2012 22:41:44 +0200, Pascal Stumpf wrote: > On Sun, 12 Aug 2012 15:56:12 -0400, Brad Smith wrote: > > On Sun, Aug 12, 2012 at 09:37:41PM +0200, Pascal Stumpf wrote: > > > Fix for CVE-2012-3461 (multiple heap overflows), tested so far with > > > climm on amd64. > > > > > > Also, taking maintainer for this. > > > > The first patch in the diff should be removed. > > As you wish ... >
They just released a new version, containing the security fixes. Remove the $FreeBSD$ line while here. Index: Makefile =================================================================== RCS file: /cvs/ports/security/libotr/Makefile,v retrieving revision 1.14 diff -u -p -r1.14 Makefile --- Makefile 4 Apr 2012 06:45:27 -0000 1.14 +++ Makefile 19 Aug 2012 13:52:41 -0000 @@ -1,17 +1,17 @@ # $OpenBSD: Makefile,v 1.14 2012/04/04 06:45:27 ajacoutot Exp $ -# $FreeBSD: Makefile,v 1.2 2005/04/21 14:22:54 pav Exp $ COMMENT= portable OTR messaging library and toolkit -DISTNAME= libotr-3.2.0 +DISTNAME= libotr-3.2.1 CATEGORIES= security -REVISION= 0 SHARED_LIBS += otr 3.2 # 4.0 HOMEPAGE= http://www.cypherpunks.ca/otr/ MASTER_SITES= ${HOMEPAGE} + +MAINTAINER = Pascal Stumpf <pascal.stu...@cubes.de> # GPLv2 PERMIT_PACKAGE_CDROM= Yes Index: distinfo =================================================================== RCS file: /cvs/ports/security/libotr/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo 18 Jul 2008 13:21:22 -0000 1.6 +++ distinfo 19 Aug 2012 13:52:41 -0000 @@ -1,5 +1,2 @@ -MD5 (libotr-3.2.0.tar.gz) = +roC5g9k5JKDiSm+InL4OQ== -RMD160 (libotr-3.2.0.tar.gz) = k39RJBXrO4LVcwsar75dVfTxU9o= -SHA1 (libotr-3.2.0.tar.gz) = 5eELjdr1mwraYEbRVtBDHNJ5Dbk= -SHA256 (libotr-3.2.0.tar.gz) = 2DudIONuKkpV5TNvFdHSGNYnvAr3r5Tjg1vci22LZpM= -SIZE (libotr-3.2.0.tar.gz) = 430299 +SHA256 (libotr-3.2.1.tar.gz) = 1CjqpYSYS6oJRQzKB3QuCsj8YkAfOhxVbjAlAjNpzfQ= +SIZE (libotr-3.2.1.tar.gz) = 414684
