---
- branch: MAIN
  date: Thu Aug 17 09:49:48 UTC 2017
  files:
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/mail/libytnef/Makefile
    pathrev: pkgsrc/mail/libytnef/Makefile@1.5
    type: modified
  - new: '1.1'
    old: '0'
    path: pkgsrc/mail/libytnef/Makefile.common
    pathrev: pkgsrc/mail/libytnef/Makefile.common@1.1
    type: added
  - new: '1.2'
    old: '1.1'
    path: pkgsrc/mail/libytnef/PLIST
    pathrev: pkgsrc/mail/libytnef/PLIST@1.2
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/mail/libytnef/buildlink3.mk
    pathrev: pkgsrc/mail/libytnef/buildlink3.mk@1.3
    type: modified
  - new: '1.4'
    old: '1.3'
    path: pkgsrc/mail/libytnef/distinfo
    pathrev: pkgsrc/mail/libytnef/distinfo@1.4
    type: modified
  - new: '0'
    old: '1.1'
    path: pkgsrc/mail/libytnef/patches/patch-ytnef.c
    pathrev: pkgsrc/mail/libytnef/patches/patch-ytnef.c@0
    type: deleted
  - new: '1.1'
    old: '0'
    path: pkgsrc/mail/libytnef/patches/patch-ytnef_Makefile.am
    pathrev: pkgsrc/mail/libytnef/patches/patch-ytnef_Makefile.am@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/mail/libytnef/patches/patch-ytnefprint_Makefile.am
    pathrev: pkgsrc/mail/libytnef/patches/patch-ytnefprint_Makefile.am@1.1
    type: added
  id: 20170817T094948Z.e545dec74e03811f7e383a6f3be45c279b28141b
  log: |
    Update libytnef to version 1.9.2.

    The changes in patch-ytnef.c has been applied upstream.
    patch-ytnef.c has now been removed.

    Changes from Changelog:

    v1.9.2 - February 23, 2017

    Thanks to @hannob for finding some Out-of-bound exceptions in memory handline.
    * [SECURITY] An invalid memory access (heap overrun) in handling LONG datatypes (CVE-2017-6800)
    * [SECURITY] Missing a check for fields of size 0 (CVE-2017-6801)
    * [SECURITY] Potential buffer overrun on incoming Compressed RTF Streams (CVE-2017-6802)

    This version  & the previous 1.9.1 resolves the following CVEs:
    * CVE-2017-6306
    * CVE-2017-6305
    * CVE-2017-6304
    * CVE-2017-6303
    * CVE-2017-6302
    * CVE-2017-6301
    * CVE-2017-6300
    * CVE-2017-6299
    * CVE-2017-6298

    v1.9.1 - Feb 14, 2017
    * BugFix for path handling- label both / and \ as invalid characters inattachments
    * Remove lots of exit(-1)'s from the code that would crash calling programs
    * [SECURITY] Thanks to EricSesterhennX41 for a patch to fix lots of invalid
    memory allocation around corrupted files.

    v1.9 - January 2, 2017
    * Unify libytnef and ytnef tools into a single build & package (Thanks @jmallach)
    * Fix applied for CVE-2010-5109
    * Various fixes for errors found via Static Analysis (cppcheck)
    * Various memory leaks plugged (Thanks @slonik-v-domene)
    * Bugfix for a broken "uniqueness" checker
    * Lots of formatting & documentation cleanups

    Now that the two packages are unified into a single install & build, I've had
    to choose a unifier of Version Numbers.  I chose 1.9 .
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/mail/libytnef'
  unixtime: '1502963388'
  user: nros