Path to this page:
Subject: CVS commit: [pkgsrc-2017Q1] pkgsrc/security/crypto++
From: Benny Siegert
Date: 2017-05-29 20:37:29
Message id: 20170529183729.36D44FBE4@cvs.NetBSD.org
Log Message:
Pullup ticket #5457 - requested by sevan
security/crypto++: security fix
Revisions pulled up:
- security/crypto++/Makefile 1.21
- security/crypto++/PLIST 1.7
- security/crypto++/buildlink3.mk 1.13
- security/crypto++/distinfo 1.12
- security/crypto++/patches/patch-GNUmakefile 1.1
- security/crypto++/patches/patch-aa deleted
- security/crypto++/patches/patch-config.h deleted
---
Module Name: pkgsrc
Committed By: adam
Date: Thu May 18 21:20:23 UTC 2017
Modified Files:
pkgsrc/security/crypto++: Makefile PLIST buildlink3.mk distinfo
Added Files:
pkgsrc/security/crypto++/patches: patch-GNUmakefile
Removed Files:
pkgsrc/security/crypto++/patches: patch-aa patch-config.h
Log Message:
Crypto++ 5.6.5
The 5.6.5 release was mostly a maintenance release. The release included
two CVE fixes.
The first, CVE-2016-7420, was a procedural finding due to external build
systems failing to define NDEBUG for release builds. The gap was the
project's failure to tell users to define NDEBUG. The
second, CVE-2016-7544, was a potential memory corruption on Windows
platforms when using Microsoft compilers due to use of _malloca and _freea.
Due to CVE-2016-7420 and the possibility for an unwanted assert to
egress data, users and distros are encouraged to recompile the library
and all dependent programs.
Files: