Wed Mar 9 18:04:17 2016 UTC ()
Update to 4.1.1.

This is a security release addressing CVE-2016-2851.

- Fix an integer overflow bug that can cause a heap buffer overflow (and
  from there remote code execution) on 64-bit platforms
- Fix possible free() of an uninitialized pointer
- Be stricter about parsing v3 fragments
- Add a testsuite ("make check" to run it), but only on Linux for now,
  since it uses Linux-specific features such as epoll
- Fix a memory leak when reading a malformed instance tag file
- Protocol documentation clarifications


(gdt)
diff -r1.17 -r1.18 pkgsrc/chat/libotr/Makefile
diff -r1.11 -r1.12 pkgsrc/chat/libotr/distinfo
cvs diff -r1.17 -r1.18 pkgsrc/chat/libotr/Makefile (expand / switch to unified diff)

--- pkgsrc/chat/libotr/Makefile 2014/10/21 11:46:31 1.17
+++ pkgsrc/chat/libotr/Makefile 2016/03/09 18:04:17 1.18
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.17 2014/10/21 11:46:31 gdt Exp $ 1# $NetBSD: Makefile,v 1.18 2016/03/09 18:04:17 gdt Exp $
2 2
3VERSION= 4.1.0 3VERSION= 4.1.1
4DISTNAME= libotr-${VERSION} 4DISTNAME= libotr-${VERSION}
5PKGNAME= libotr-${VERSION} 5PKGNAME= libotr-${VERSION}
6CATEGORIES= chat security 6CATEGORIES= chat security
7MASTER_SITES= http://www.cypherpunks.ca/otr/ 7MASTER_SITES= http://www.cypherpunks.ca/otr/
8 8
9MAINTAINER= nathanw@NetBSD.org 9MAINTAINER= nathanw@NetBSD.org
10# also gdt@NetBSD.org 10# also gdt@NetBSD.org
11HOMEPAGE= http://www.cypherpunks.ca/otr/ 11HOMEPAGE= http://www.cypherpunks.ca/otr/
12COMMENT= Library for Off-The-Record encrypted messaging 12COMMENT= Library for Off-The-Record encrypted messaging
13LICENSE= gnu-gpl-v2 13LICENSE= gnu-gpl-v2
14 14
15# Work around rc tarballs that unpack to bare version. 15# Work around rc tarballs that unpack to bare version.
16WRKSRC= ${WRKDIR}/${PKGNAME_NOREV} 16WRKSRC= ${WRKDIR}/${PKGNAME_NOREV}
cvs diff -r1.11 -r1.12 pkgsrc/chat/libotr/distinfo (expand / switch to unified diff)

--- pkgsrc/chat/libotr/distinfo 2015/11/03 01:20:21 1.11
+++ pkgsrc/chat/libotr/distinfo 2016/03/09 18:04:17 1.12
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.11 2015/11/03 01:20:21 agc Exp $ 1$NetBSD: distinfo,v 1.12 2016/03/09 18:04:17 gdt Exp $
2 2
3SHA1 (libotr-4.1.0.tar.gz) = df30bc87a7a8f37678dd679d17fa1f9638ea247e 3SHA1 (libotr-4.1.1.tar.gz) = 3894b82a6c307ad011681ad342d69b18344933ae
4RMD160 (libotr-4.1.0.tar.gz) = addbde1d9b4f423025ee14481961c580fbe6b9e6 4RMD160 (libotr-4.1.1.tar.gz) = 528c5ad4ba89f3225bebf5b5ecadf815239fed88
5SHA512 (libotr-4.1.0.tar.gz) = 3c6a6bf8ee64467484519187d1bc86001d5ae6ceb169e9c828f7750a1db3dadfef677b828a5d292e5caa12f874711df4fd2db977d48dc968e9f0edc2eab58e3e 5SHA512 (libotr-4.1.1.tar.gz) = c957206235b9f627542f23a645c822ea1b318d83fa655f41ed8d9a3c0dddf30b88f0ca82060026af155e48ecb13969dc9270831f20304669794151f666ae5cb0
6Size (libotr-4.1.0.tar.gz) = 576771 bytes 6Size (libotr-4.1.1.tar.gz) = 655791 bytes