diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2019-01-29 10:20:39 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2019-01-29 10:20:39 +0000 |
commit | 6c99f7bbcebf8571a10701a80770477110f0f9ac (patch) | |
tree | 47aa9d8dbac2c81a2ed92cd22337bc048c091cf4 /games/koth | |
parent | f870be800fa484d448836c280ae83efc00ee3e48 (diff) | |
download | pkgsrc-6c99f7bbcebf8571a10701a80770477110f0f9ac.tar.gz |
Pullup ticket #5893 - requested by taca
textproc/uriparser: security fix
Revisions pulled up:
- textproc/uriparser/Makefile 1.12
- textproc/uriparser/distinfo 1.10
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Jan 6 13:47:20 UTC 2019
Modified Files:
pkgsrc/textproc/uriparser: Makefile distinfo
Log Message:
Update uriparser to 0.9.1.
>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
* Fixed:
Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6
addresses with embedded IPv4 address, e.g. "//[::44.1";
mitigated if passed parameter <afterLast> points to readable memory
containing a '\0' byte.
Thanks to Joergen Ibsen for the report!
>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
* Fixed: When parsing a malformed URI with an IPvFuture address
(e.g. "http://[vA.123456" missing "]"), errorPos would point to the first
character after "v" than the actual position of the error (here: the end
of the string)
* Fixed: uriToStringCharsRequired* reported 1 more byte than actually needed
for IPv4 address URIs (GitHub #41); Thanks to @gyh007 for the patch!
* Fixed: Compilation with MinGW
Thanks to Sandro Mani for the patch!
* Fixed: Drop use of asprintf from the test suite for MinGW (GitHub #40)
* Improved: For parse errors, waterproof errorPos <= afterLast
* Soname: 1:24:0
Via email from Sebastian Pipping.
Diffstat (limited to 'games/koth')
0 files changed, 0 insertions, 0 deletions