Navigation:
Browse pkgsrc
(this page)| 2019-01-29 11:20:39 by Benny Siegert | Files touched by this commit (2) |
Log message:
Pullup ticket #5893 - requested by taca
textproc/uriparser: security fix
Revisions pulled up:
- textproc/uriparser/Makefile 1.12
- textproc/uriparser/distinfo 1.10
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Jan 6 13:47:20 UTC 2019
Modified Files:
pkgsrc/textproc/uriparser: Makefile distinfo
Log message:
Update uriparser to 0.9.1.
>>>>>>>>>>>>> SECURITY \
>>>>>>>>>>>>>>>>>>>> \
>>>>>>>>>>>>>>>>>>>> \
>>>>>>>>>>>>>>>>
* Fixed:
Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6
addresses with embedded IPv4 address, e.g. "//[::44.1";
mitigated if passed parameter <afterLast> points to readable memory
containing a '\0' byte.
Thanks to Joergen Ibsen for the report!
>>>>>>>>>>>>> SECURITY \
>>>>>>>>>>>>>>>>>>>> \
>>>>>>>>>>>>>>>>>>>> \
>>>>>>>>>>>>>>>>
* Fixed: When parsing a malformed URI with an IPvFuture address
(e.g. "http://[vA.123456" missing "]"), errorPos \
would point to the first
character after "v" than the actual position of the error \
(here: the end
of the string)
* Fixed: uriToStringCharsRequired* reported 1 more byte than actually needed
for IPv4 address URIs (GitHub #41); Thanks to @gyh007 for the patch!
* Fixed: Compilation with MinGW
Thanks to Sandro Mani for the patch!
* Fixed: Drop use of asprintf from the test suite for MinGW (GitHub #40)
* Improved: For parse errors, waterproof errorPos <= afterLast
* Soname: 1:24:0
Via email from Sebastian Pipping.
|
New packages: