Subject: CVS commit: pkgsrc/archivers/brotli
From: Thomas Klausner
Date: 2020-08-31 10:45:44
Message id: 20200831084544.CB928FB27@cvs.NetBSD.org

Log Message:
brotli: update to 1.0.9.

Version 1.0.9 contains a fix to "integer overflow" problem. This
happens when "one-shot" decoding API is used (or input chunk for
streaming API is not limited), input size (chunk size) is larger
than 2GiB, and input contains uncompressed blocks. After the overflow
happens, `memcpy` is invoked with a gigantic `num` value, that will
likely cause the crash.

Files:
RevisionActionfile
1.2modifypkgsrc/archivers/brotli/patches/patch-CMakeLists.txt
1.8modifypkgsrc/archivers/brotli/distinfo
1.8modifypkgsrc/archivers/brotli/Makefile