pkgsrc/mail/libytnef/patches
nros 0ddb5cb233 Update libytnef to version 1.9.2.
The changes in patch-ytnef.c has been applied upstream.
patch-ytnef.c has now been removed.

Changes from Changelog:

v1.9.2 - February 23, 2017

Thanks to @hannob for finding some Out-of-bound exceptions in memory handline.
* [SECURITY] An invalid memory access (heap overrun) in handling LONG datatypes (CVE-2017-6800)
* [SECURITY] Missing a check for fields of size 0 (CVE-2017-6801)
* [SECURITY] Potential buffer overrun on incoming Compressed RTF Streams (CVE-2017-6802)

This version  & the previous 1.9.1 resolves the following CVEs:
* CVE-2017-6306
* CVE-2017-6305
* CVE-2017-6304
* CVE-2017-6303
* CVE-2017-6302
* CVE-2017-6301
* CVE-2017-6300
* CVE-2017-6299
* CVE-2017-6298

v1.9.1 - Feb 14, 2017
* BugFix for path handling- label both / and \ as invalid characters inattachments
* Remove lots of exit(-1)'s from the code that would crash calling programs
* [SECURITY] Thanks to EricSesterhennX41 for a patch to fix lots of invalid
memory allocation around corrupted files.

v1.9 - January 2, 2017
* Unify libytnef and ytnef tools into a single build & package (Thanks @jmallach)
* Fix applied for CVE-2010-5109
* Various fixes for errors found via Static Analysis (cppcheck)
* Various memory leaks plugged (Thanks @slonik-v-domene)
* Bugfix for a broken "uniqueness" checker
* Lots of formatting & documentation cleanups

Now that the two packages are unified into a single install & build, I've had
to choose a unifier of Version Numbers.  I chose 1.9 .
2017-08-17 09:49:47 +00:00
..
patch-ytnef_Makefile.am
patch-ytnefprint_Makefile.am