CVSROOT: /cvs
Module name: ports
Changes by: juan...@cvs.openbsd.org 2018/06/09 10:48:26
Modified files:
devel/mercurial: Tag: OPENBSD_6_3 Makefile
Added files:
devel/mercurial/patches: Tag: OPENBSD_6_3
patch-mercurial_mpatch_c
Log message:
SECURITY. From upstream:
"Multiple issues found in mpatch.c with a fuzzer:
- OVE-20180430-0001
- OVE-20180430-0002
- OVE-20180430-0004
With the following fixes:
- mpatch: be more careful about parsing binary patch data (SEC)
- mpatch: protect against underflow in mpatch_apply (SEC)
- mpatch: ensure fragment start isn't past the end of orig (SEC)
- mpatch: fix UB in int overflows in gather() (SEC)
- mpatch: fix UB integer overflows in discard() (SEC)
- mpatch: avoid integer overflow in mpatch_decode (SEC)
- mpatch: avoid integer overflow in combine() (SEC)
No exploits are known at the time."
