Date: Sun, 1 Sep 2019 22:48:46 +0000 (UTC) From: Richard Gallamore <ultima@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r510747 - head/www/libevhtp Message-ID: <201909012248.x81MmkOA034522@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ultima Date: Sun Sep 1 22:48:46 2019 New Revision: 510747 URL: https://svnweb.freebsd.org/changeset/ports/510747 Log: Fix stack overflow that can occur in libevhtp libevhtp allocates a stack based on data length when C99 is detected at compile time. There are no checks to verify that the stack is big enough which can cause a stack overflow. Adding EVHTP_HAS_C99=false at compile time changes this behavior by allocate to a buffer which has proper checks in place. More information about this bug can be found at: https://github.com/criticalstack/libevhtp/issues/118 https://github.com/haiwen/seafile/issues/1928 MFH: 2019Q3 Modified: head/www/libevhtp/Makefile Modified: head/www/libevhtp/Makefile ============================================================================== --- head/www/libevhtp/Makefile Sun Sep 1 21:48:44 2019 (r510746) +++ head/www/libevhtp/Makefile Sun Sep 1 22:48:46 2019 (r510747) @@ -2,7 +2,7 @@ PORTNAME= libevhtp PORTVERSION= 1.2.16 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= www MAINTAINER= ultima@FreeBSD.org @@ -19,7 +19,8 @@ USE_GITHUB= yes GH_ACCOUNT= criticalstack CMAKE_ARGS= -DCMAKE_INCLUDE_PATH:PATH=include/event2 \ - -DCMAKE_LIBRARY_PATH:PATH=lib/event2 + -DCMAKE_LIBRARY_PATH:PATH=lib/event2 \ + -DEVHTP_HAS_C99:BOOL=FALSE PLIST_SUB= PORTVERSION=${PORTVERSION}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909012248.x81MmkOA034522>