svn commit: r510822 - branches/2019Q3/www/libevhtp
Richard Gallamore
ultima at FreeBSD.org
Mon Sep 2 16:27:13 UTC 2019
Author: ultima
Date: Mon Sep 2 16:27:12 2019
New Revision: 510822
URL: https://svnweb.freebsd.org/changeset/ports/510822
Log:
MFH: r510747
Fix stack overflow that can occur in libevhtp
libevhtp allocates a stack based on data length
when C99 is detected at compile time. There are
no checks to verify that the stack is big enough
which can cause a stack overflow.
Adding EVHTP_HAS_C99=false at compile time changes
this behavior by allocate to a buffer which has
proper checks in place.
More information about this bug can be found at:
https://github.com/criticalstack/libevhtp/issues/118
https://github.com/haiwen/seafile/issues/1928
Approved by: ports-secteam (joneum)
Modified:
branches/2019Q3/www/libevhtp/Makefile
Directory Properties:
branches/2019Q3/ (props changed)
Modified: branches/2019Q3/www/libevhtp/Makefile
==============================================================================
--- branches/2019Q3/www/libevhtp/Makefile Mon Sep 2 16:26:40 2019 (r510821)
+++ branches/2019Q3/www/libevhtp/Makefile Mon Sep 2 16:27:12 2019 (r510822)
@@ -2,7 +2,7 @@
PORTNAME= libevhtp
PORTVERSION= 1.2.16
-PORTREVISION= 2
+PORTREVISION= 4
CATEGORIES= www
MAINTAINER= ultima at FreeBSD.org
@@ -19,7 +19,8 @@ USE_GITHUB= yes
GH_ACCOUNT= criticalstack
CMAKE_ARGS= -DCMAKE_INCLUDE_PATH:PATH=include/event2 \
- -DCMAKE_LIBRARY_PATH:PATH=lib/event2
+ -DCMAKE_LIBRARY_PATH:PATH=lib/event2 \
+ -DEVHTP_HAS_C99:BOOL=FALSE
PLIST_SUB= PORTVERSION=${PORTVERSION}
More information about the svn-ports-all
mailing list