Date: Fri, 18 Sep 2020 11:55:13 -0400 From: "Dan Langille" <dan@langille.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Cc: "Sergey A. Osokin" <osa@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r546350 - head/archivers/brotli Message-ID: <342c7c5a-79a4-4dfb-a96d-ac6e41db4dc5@www.fastmail.com> In-Reply-To: <202008271445.07REjcEa065070@repo.freebsd.org> References: <202008271445.07REjcEa065070@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 27, 2020, at 10:45 AM, Sergey A. Osokin wrote: > Author: osa > Date: Thu Aug 27 14:45:38 2020 > New Revision: 546350 > URL: https://svnweb.freebsd.org/changeset/ports/546350 > > Log: > Update from 1.0.7 to 1.0.9. > > <Security note> > > Please consider updating brotli to version 1.0.9 (latest). > > Version 1.0.9 contains a fix to "integer overflow" problem. This > happens when "one-shot" decoding API is used (or input chunk for > streaming API is not limited), input size (chunk size) is larger > than 2GiB, and input contains uncompressed blocks. After the > overflow happens, `memcpy` is invoked with a gigantic `num` > value, that will likely cause the crash. > > </Security note> > > Modified: > head/archivers/brotli/Makefile > head/archivers/brotli/distinfo > > Modified: head/archivers/brotli/Makefile > ============================================================================== > --- head/archivers/brotli/Makefile Thu Aug 27 14:34:53 2020 (r546349) > +++ head/archivers/brotli/Makefile Thu Aug 27 14:45:38 2020 (r546350) > @@ -2,8 +2,7 @@ > # $FreeBSD$ > > PORTNAME= brotli > -PORTVERSION= 1.0.7 > -PORTREVISION= 2 > +PORTVERSION= 1.0.9 > DISTVERSIONPREFIX= v > PORTEPOCH= 1 > CATEGORIES= archivers devel > > Modified: head/archivers/brotli/distinfo > ============================================================================== > --- head/archivers/brotli/distinfo Thu Aug 27 14:34:53 2020 (r546349) > +++ head/archivers/brotli/distinfo Thu Aug 27 14:45:38 2020 (r546350) > @@ -1,3 +1,3 @@ > -TIMESTAMP = 1540423662 > -SHA256 (google-brotli-v1.0.7_GH0.tar.gz) = > 4c61bfb0faca87219ea587326c467b95acb25555b53d1a421ffa3c8a9296ee2c > -SIZE (google-brotli-v1.0.7_GH0.tar.gz) = 23827908 > +TIMESTAMP = 1598538126 > +SHA256 (google-brotli-v1.0.9_GH0.tar.gz) = > f9e8d81d0405ba66d181529af42a3354f838c939095ff99930da6aa9cdf6fe46 > +SIZE (google-brotli-v1.0.9_GH0.tar.gz) = 486984 > -- Dan Langille dan@langille.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?342c7c5a-79a4-4dfb-a96d-ac6e41db4dc5>