Navigation:
Browse pkgsrc
(this page)| 2019-11-04 09:13:50 by Thomas Klausner | Files touched by this commit (3) |
Log message: libtasn1: honor LDFLAGS |
2019-10-25 08:03:12 by S.P.Zeidler | Files touched by this commit (2) |  |
Log message: update libtasn1 to version 4.14: * Noteworthy changes in release 4.14 (released 2019-07-21) [stable] - New #defines for version checking: ASN1_VERSION_MAJOR, ASN1_VERSION_MINOR, ASN1_VERSION_PATCH, ASN1_VERSION_NUMBER. The next release will switch to semantic version semantics. - Simplify ordering of SET OF elements by using qsort(). - Marked explicitly const uses of asn1_node with the introduction of the (compatible) asn1_node_const type. - Limit recursion in _asn1_expand_object_id() to detect infinite recursion in incorrect .asn files (#4). - asn1_array2tree(): fixed thread safety issues. - Several fixes in gtk-doc generation. fixes CVE-2018-1000654 |
| 2018-10-14 01:23:20 by Leonardo Taccari | Files touched by this commit (2) |
Log message: libtasn1: Update security/libtasn1 to 4.13 Changes: - On indefinite string decoding, set a maximum level of allowed recursions (3) to protect the BER decoder from a stack exhaustion. |
| 2018-05-01 08:58:07 by Thomas Klausner | Files touched by this commit (1) |
Log message: libtasn1: add bison build dependency. Fixes build on -current after patch-lib_ASN1.y was added. |
| 2018-04-29 08:00:39 by David A. Holland | Files touched by this commit (1) |
Log message: Bump PKGREVISION for previous. |
| 2018-04-29 05:41:43 by David A. Holland | Files touched by this commit (2) |
Log message: Use <ctype.h> properly. Noted in PR 51821. |
| 2017-08-18 23:53:47 by Adam Ciarcinski | Files touched by this commit (2) |
Log message: release 4.12: - Corrected so-name version release 4.11: - Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid encoding in the DER time fields. - Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag allows decoding errors in time fields even when in strict DER mode. That is introduced in order to allow toleration of invalid times in X.509 certificates (which are common) even though strict DER adherence is enforced in other fields. - Added safety check in asn1_find_node(). That prevents a crash when a very long variable name is provided by the developer. Note that this to be exploited requires controlling the ASN.1 definitions used by the developer, i.e., the 'name' parameter of asn1_write_value() or asn1_read_value(). The library is not designed to protect against malicious manipulation of the developer assigned variable names. |
| 2017-02-26 09:45:44 by Adam Ciarcinski | Files touched by this commit (3) |
Log message: * Noteworthy changes in release 4.10: - Updated gnulib - Removed -Werror from default compiler flags - Fixed undefined behavior when negating integers in _asn1_ltostr(). Issue found by oss-fuzz project (via gnutls): https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=388 - Pass the correct length to _asn1_get_indefinite_length_string in asn1_get_length_ber. This addresses reading 1-byte past the end of data. Issue found by oss-fuzz project (via gnutls): https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=330 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33 |
| 2017-01-11 17:25:06 by Thomas Klausner | Files touched by this commit (1) |
Log message: Remove -Werror from compilation flags. PR 51821 PR 51829 |
| 2017-01-10 16:26:32 by Thomas Klausner | Files touched by this commit (2) |
Log message: Updated libtasn1 to 4.9. * Noteworthy changes in release 4.9 (released 2016-07-25) [stable] - Fixes to OID encoding of OIDs which have elements which exceed 2^32 |
New packages: