Date: Mon, 2 Sep 2019 16:27:12 +0000 (UTC) From: Richard Gallamore <ultima@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r510822 - branches/2019Q3/www/libevhtp Message-ID: <201909021627.x82GRC3b070591@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ultima Date: Mon Sep 2 16:27:12 2019 New Revision: 510822 URL: https://svnweb.freebsd.org/changeset/ports/510822 Log: MFH: r510747 Fix stack overflow that can occur in libevhtp libevhtp allocates a stack based on data length when C99 is detected at compile time. There are no checks to verify that the stack is big enough which can cause a stack overflow. Adding EVHTP_HAS_C99=false at compile time changes this behavior by allocate to a buffer which has proper checks in place. More information about this bug can be found at: https://github.com/criticalstack/libevhtp/issues/118 https://github.com/haiwen/seafile/issues/1928 Approved by: ports-secteam (joneum) Modified: branches/2019Q3/www/libevhtp/Makefile Directory Properties: branches/2019Q3/ (props changed) Modified: branches/2019Q3/www/libevhtp/Makefile ============================================================================== --- branches/2019Q3/www/libevhtp/Makefile Mon Sep 2 16:26:40 2019 (r510821) +++ branches/2019Q3/www/libevhtp/Makefile Mon Sep 2 16:27:12 2019 (r510822) @@ -2,7 +2,7 @@ PORTNAME= libevhtp PORTVERSION= 1.2.16 -PORTREVISION= 2 +PORTREVISION= 4 CATEGORIES= www MAINTAINER= ultima@FreeBSD.org @@ -19,7 +19,8 @@ USE_GITHUB= yes GH_ACCOUNT= criticalstack CMAKE_ARGS= -DCMAKE_INCLUDE_PATH:PATH=include/event2 \ - -DCMAKE_LIBRARY_PATH:PATH=lib/event2 + -DCMAKE_LIBRARY_PATH:PATH=lib/event2 \ + -DEVHTP_HAS_C99:BOOL=FALSE PLIST_SUB= PORTVERSION=${PORTVERSION}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909021627.x82GRC3b070591>