Subject: CVS commit: pkgsrc/security/crypto++
From: Adam Ciarcinski
Date: 2017-05-18 23:20:23
Message id: 20170518212023.72C80FBE4@cvs.NetBSD.org
Log Message:
Crypto++ 5.6.5

The 5.6.5 release was mostly a maintenance release. The release included two CVE \ 
fixes.

The first, CVE-2016-7420, was a procedural finding due to external build systems \ 
failing to define NDEBUG for release builds. The gap was the project's failure \ 
to tell users to define NDEBUG. The second, CVE-2016-7544, was a potential \ 
memory corruption on Windows platforms when using Microsoft compilers due to use \ 
of _malloca and _freea.

Due to CVE-2016-7420 and the possibility for an unwanted assert to egress data, \ 
users and distros are encouraged to recompile the library and all dependent \ 
programs.
Files:
RevisionActionfile
1.21modifypkgsrc/security/crypto++/Makefile
1.7modifypkgsrc/security/crypto++/PLIST
1.13modifypkgsrc/security/crypto++/buildlink3.mk
1.12modifypkgsrc/security/crypto++/distinfo
1.1addpkgsrc/security/crypto++/patches/patch-GNUmakefile
1.6removepkgsrc/security/crypto++/patches/patch-aa
1.1removepkgsrc/security/crypto++/patches/patch-config.h