From 2bbee4fd08bc09be89a0a7e1ead5e6cdb6af74d6 Mon Sep 17 00:00:00 2001 From: Dan Langille Date: Sat, 19 Sep 2020 01:22:04 +0000 Subject: MFH: r546350 Update from 1.0.7 to 1.0.9. Please consider updating brotli to version 1.0.9 (latest). Version 1.0.9 contains a fix to "integer overflow" problem. This happens when "one-shot" decoding API is used (or input chunk for streaming API is not limited), input size (chunk size) is larger than 2GiB, and input contains uncompressed blocks. After the overflow happens, `memcpy` is invoked with a gigantic `num` value, that will likely cause the crash. Approved by: ports-secteam (fluffy) --- archivers/brotli/Makefile | 3 +-- archivers/brotli/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/archivers/brotli/Makefile b/archivers/brotli/Makefile index 8a4b429f9324..dcbeab5a3703 100644 --- a/archivers/brotli/Makefile +++ b/archivers/brotli/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= brotli -PORTVERSION= 1.0.7 -PORTREVISION= 2 +PORTVERSION= 1.0.9 DISTVERSIONPREFIX= v PORTEPOCH= 1 CATEGORIES= archivers devel diff --git a/archivers/brotli/distinfo b/archivers/brotli/distinfo index 7f70c72d5822..e6404d22d341 100644 --- a/archivers/brotli/distinfo +++ b/archivers/brotli/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1540423662 -SHA256 (google-brotli-v1.0.7_GH0.tar.gz) = 4c61bfb0faca87219ea587326c467b95acb25555b53d1a421ffa3c8a9296ee2c -SIZE (google-brotli-v1.0.7_GH0.tar.gz) = 23827908 +TIMESTAMP = 1598538126 +SHA256 (google-brotli-v1.0.9_GH0.tar.gz) = f9e8d81d0405ba66d181529af42a3354f838c939095ff99930da6aa9cdf6fe46 +SIZE (google-brotli-v1.0.9_GH0.tar.gz) = 486984 -- cgit v1.2.3