Add a patch fixing a long-standing security problem. Bump PORTREVISION.

PR:		196351
Differential Revision:	D1593
Submitted by:	Jan Beich
Security:	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6129

While here, arrange for building a few of the small utilities bundled
with library, and install them along with another potentially useful
header-file.

Sponsored by:	http://libpipe.com/

6 files changed, 84 insertions, 3 deletions

diff --git a/net/libutp/Makefile b/net/libutp/Makefile
index 39ff0d7688eb..71d573bff026 100644
--- a/net/libutp/Makefile
+++ b/net/libutp/Makefile
@@ -3,10 +3,11 @@
 
 PORTNAME=	bittorrent-libutp
 PORTVERSION=	0.20130514
+PORTREVISION=	1
 CATEGORIES=	net devel
 
 MAINTAINER=	mi@aldan.algebra.com
-COMMENT=	The uTorrent Transport Protocol library
+COMMENT=	The uTorrent Transport Protocol library and sample utilities
 
 LICENSE=	MIT
 
@@ -23,4 +24,16 @@ USE_LDCONFIG=	yes
 pre-install:
 	@${MKDIR} ${STAGEDIR}${PREFIX}/include/libutp
 
+post-build:
+	${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_file PROG_CXX=utp_send
+	${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_file PROG_CXX=utp_recv
+	${MAKE} -f ${FILESDIR}/BSDmakefile.utils -C ${WRKSRC}/utp_test PROG_CXX=utp_test
+
+post-install:
+	${INSTALL_PROGRAM}	\
+	    ${WRKSRC}/utp_file/utp_send	\
+	    ${WRKSRC}/utp_file/utp_recv	\
+	    ${WRKSRC}/utp_test/utp_test \
+		${STAGEDIR}${PREFIX}/bin/
+
 .include <bsd.port.mk>
diff --git a/net/libutp/files/BSDmakefile b/net/libutp/files/BSDmakefile
index bf6d5ae08577..ead56cbd465a 100644
--- a/net/libutp/files/BSDmakefile
+++ b/net/libutp/files/BSDmakefile
@@ -9,6 +9,8 @@ CXXFLAGS+=	-Wall
 
 INCLUDEDIR=	${PREFIX}/include/libutp
 LIBDIR= 	${PREFIX}/lib
-INCS=  		utp.h utp_utils.h utypes.h
+INCS=  		utp.h utp_utils.h utypes.h utp_file/udp.h
+
+WARNS=	5
 
 .include <bsd.lib.mk>
diff --git a/net/libutp/files/BSDmakefile.utils b/net/libutp/files/BSDmakefile.utils
new file mode 100644
index 000000000000..d250ba258e5f
--- /dev/null
+++ b/net/libutp/files/BSDmakefile.utils
@@ -0,0 +1,10 @@
+# PROG_CXX defined on command-line
+
+SRCS=		${PROG_CXX}.cpp
+NO_MAN=		ha-ha
+LDADD=		-L.. -lutp
+CXXFLAGS+=	-I.. -DPOSIX
+
+WARNS=	3
+
+.include <bsd.prog.mk>
diff --git a/net/libutp/files/patch-CVE-2012-6129 b/net/libutp/files/patch-CVE-2012-6129
new file mode 100644
index 000000000000..0c5cf9f821c4
--- /dev/null
+++ b/net/libutp/files/patch-CVE-2012-6129
@@ -0,0 +1,52 @@
+Index: utp.cpp
+===================================================================
+--- utp.cpp	(revision 13645)
++++ utp.cpp	(revision 13646)
+@@ -1487,6 +1487,8 @@ size_t UTPSocket::selective_ack_bytes(uint base, c
+ 	return acked_bytes;
+ }
+ 
++enum { MAX_EACK = 128 };
++
+ void UTPSocket::selective_ack(uint base, const byte *mask, byte len)
+ {
+ 	if (cur_window_packets == 0) return;
+@@ -1499,7 +1501,7 @@ void UTPSocket::selective_ack(uint base, const byt
+ 	// resends is a stack of sequence numbers we need to resend. Since we
+ 	// iterate in reverse over the acked packets, at the end, the top packets
+ 	// are the ones we want to resend
+-	int resends[32];
++	int resends[MAX_EACK];
+ 	int nr = 0;
+ 
+ 	LOG_UTPV("0x%08x: Got EACK [%032b] base:%u", this, *(uint32*)mask, base);
+@@ -1572,6 +1574,12 @@ void UTPSocket::selective_ack(uint base, const byt
+ 		if (((v - fast_resend_seq_nr) & ACK_NR_MASK) <= OUTGOING_BUFFER_MAX_SIZE &&
+ 			count >= DUPLICATE_ACKS_BEFORE_RESEND &&
+ 			duplicate_ack < DUPLICATE_ACKS_BEFORE_RESEND) {
++			// resends is a stack, and we're mostly interested in the top of it
++			// if we're full, just throw away the lower half
++			if (nr >= MAX_EACK - 2) {
++				memmove(resends, &resends[MAX_EACK/2], MAX_EACK/2 * sizeof(resends[0]));
++				nr -= MAX_EACK / 2;
++			}
+ 			resends[nr++] = v;
+ 			LOG_UTPV("0x%08x: no ack for %u", this, v);
+ 		} else {
+@@ -1580,13 +1588,12 @@ void UTPSocket::selective_ack(uint base, const byt
+ 		}
+ 	} while (--bits >= -1);
+ 
+-	if (((base - 1 - fast_resend_seq_nr) & ACK_NR_MASK) < 256 &&
+-		count >= DUPLICATE_ACKS_BEFORE_RESEND &&
+-		duplicate_ack < DUPLICATE_ACKS_BEFORE_RESEND) {
++	if (((base - 1 - fast_resend_seq_nr) & ACK_NR_MASK) <= OUTGOING_BUFFER_MAX_SIZE &&
++		count >= DUPLICATE_ACKS_BEFORE_RESEND) {
+ 		// if we get enough duplicate acks to start
+ 		// resending, the first packet we should resend
+ 		// is base-1
+-		resends[nr++] = base - 1;
++		resends[nr++] = (base - 1) & ACK_NR_MASK;
+ 	} else {
+ 		LOG_UTPV("0x%08x: not resending %u count:%d dup_ack:%u fast_resend_seq_nr:%u",
+ 				 this, base - 1, count, duplicate_ack, fast_resend_seq_nr);
diff --git a/net/libutp/pkg-descr b/net/libutp/pkg-descr
index f7aeb17a2e67..eb59b56d0c7a 100644
--- a/net/libutp/pkg-descr
+++ b/net/libutp/pkg-descr
@@ -9,4 +9,4 @@ transport for uTorrent peer-to-peer connections.
 uTP is written in C++, but the external interface is strictly C
 (ANSI C89).
 
-WWW:	https://github.com/bittorrent/libutp
+WWW: https://github.com/bittorrent/libutp
diff --git a/net/libutp/pkg-plist b/net/libutp/pkg-plist
index 17046de36c96..5d74febba7df 100644
--- a/net/libutp/pkg-plist
+++ b/net/libutp/pkg-plist
@@ -1,6 +1,10 @@
+bin/utp_send
+bin/utp_recv
+bin/utp_test
 lib/libutp.so.0
 lib/libutp.so
 lib/libutp.a
+include/libutp/udp.h
 include/libutp/utp.h
 include/libutp/utp_utils.h
 include/libutp/utypes.h