MFH: r546350

Update from 1.0.7 to 1.0.9.

<Security note>

Please consider updating brotli to version 1.0.9 (latest).

Version 1.0.9 contains a fix to "integer overflow" problem.  This
happens when "one-shot" decoding API is used (or input chunk for
streaming API is not limited), input size (chunk size) is larger
than 2GiB, and input contains uncompressed blocks. After the
overflow happens, `memcpy` is invoked with a gigantic `num`
value, that will likely cause the crash.

</Security note>

Approved by:	ports-secteam (fluffy)
This commit is contained in:
Dan Langille 2020-09-19 01:22:04 +00:00
parent 91c1e54aee
commit 2bbee4fd08
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/branches/2020Q3/; revision=548933
2 changed files with 4 additions and 5 deletions

View File

@ -2,8 +2,7 @@
# $FreeBSD$
PORTNAME= brotli
PORTVERSION= 1.0.7
PORTREVISION= 2
PORTVERSION= 1.0.9
DISTVERSIONPREFIX= v
PORTEPOCH= 1
CATEGORIES= archivers devel

View File

@ -1,3 +1,3 @@
TIMESTAMP = 1540423662
SHA256 (google-brotli-v1.0.7_GH0.tar.gz) = 4c61bfb0faca87219ea587326c467b95acb25555b53d1a421ffa3c8a9296ee2c
SIZE (google-brotli-v1.0.7_GH0.tar.gz) = 23827908
TIMESTAMP = 1598538126
SHA256 (google-brotli-v1.0.9_GH0.tar.gz) = f9e8d81d0405ba66d181529af42a3354f838c939095ff99930da6aa9cdf6fe46
SIZE (google-brotli-v1.0.9_GH0.tar.gz) = 486984