Subject: CVS commit: [pkgsrc-2018Q4] pkgsrc/textproc/uriparser
From: Benny Siegert
Date: 2019-01-29 11:20:39
Message id: 20190129102039.DF304FB16@cvs.NetBSD.org

Log Message:
Pullup ticket #5893 - requested by taca
textproc/uriparser: security fix

Revisions pulled up:
- textproc/uriparser/Makefile                                   1.12
- textproc/uriparser/distinfo                                   1.10

---
   Module Name:	pkgsrc
   Committed By:	bsiegert
   Date:		Sun Jan  6 13:47:20 UTC 2019

   Modified Files:
   	pkgsrc/textproc/uriparser: Makefile distinfo

   Log Message:
   Update uriparser to 0.9.1.

   >>>>>>>>>>>>> SECURITY \ 
>>>>>>>>>>>>>>>>>>>> \ 
>>>>>>>>>>>>>>>>>>>> \ 
>>>>>>>>>>>>>>>>
     * Fixed:
         Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6
         addresses with embedded IPv4 address, e.g. "//[::44.1";
         mitigated if passed parameter <afterLast> points to readable memory
         containing a '\0' byte.
         Thanks to Joergen Ibsen for the report!
   >>>>>>>>>>>>> SECURITY \ 
>>>>>>>>>>>>>>>>>>>> \ 
>>>>>>>>>>>>>>>>>>>> \ 
>>>>>>>>>>>>>>>>
     * Fixed: When parsing a malformed URI with an IPvFuture address
         (e.g. "http://[vA.123456" missing "]"), errorPos \ 
would point to the first
         character after "v" than the actual position of the error \ 
(here: the end
         of the string)
     * Fixed: uriToStringCharsRequired* reported 1 more byte than actually needed
         for IPv4 address URIs (GitHub #41); Thanks to @gyh007 for the patch!
     * Fixed: Compilation with MinGW
         Thanks to Sandro Mani for the patch!
     * Fixed: Drop use of asprintf from the test suite for MinGW (GitHub #40)
     * Improved: For parse errors, waterproof errorPos <= afterLast
     * Soname: 1:24:0

   Via email from Sebastian Pipping.

Files:
RevisionActionfile
1.11.2.1modifypkgsrc/textproc/uriparser/Makefile
1.9.2.1modifypkgsrc/textproc/uriparser/distinfo