Subject: CVS commit: pkgsrc/chat/libotr
From: Greg Troxel
Date: 2016-03-09 19:04:17
Message id: 20160309180417.9FB62FBB7@cvs.NetBSD.org

Log Message:
Update to 4.1.1.

This is a security release addressing CVE-2016-2851.

- Fix an integer overflow bug that can cause a heap buffer overflow (and
  from there remote code execution) on 64-bit platforms
- Fix possible free() of an uninitialized pointer
- Be stricter about parsing v3 fragments
- Add a testsuite ("make check" to run it), but only on Linux for now,
  since it uses Linux-specific features such as epoll
- Fix a memory leak when reading a malformed instance tag file
- Protocol documentation clarifications

Files:
RevisionActionfile
1.18modifypkgsrc/chat/libotr/Makefile
1.12modifypkgsrc/chat/libotr/distinfo