FreeBSD Bugzilla – Attachment 249158 Details for
Bug 277692
net/quiche: update to 0.20.1 (fixes 2 CVE's)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Update quiche to 0.20.1
quiche-0.20.1.patch (text/plain), 2.44 KB, created by
Ralf van der Enden
on 2024-03-14 13:44:13 UTC
(
hide
)
Description:
Update quiche to 0.20.1
Filename:
MIME Type:
Creator:
Ralf van der Enden
Created:
2024-03-14 13:44:13 UTC
Size:
2.44 KB
patch
obsolete
>From f0edd9e877c3f99dcd1fbca0a3e9f680fc7281f3 Mon Sep 17 00:00:00 2001 >From: Ralf van der Enden <tremere@cainites.net> >Date: Tue, 12 Mar 2024 22:43:00 +0100 >Subject: [PATCH] net-p2p/quiche: update 0.20.1 (fixes 2 CVE's) - Added a limit > to how many connection IDs are locally queued for retirement. Without the > limit an attacker could cause a server to queue an unbounded number of > retired connection IDs, leading to a slow but steady increase in memory usage > (CVE-2024-1410). - Added a limit to the maximum CRYPTO frame data offset that > can be buffered. Without the limit an attacker could cause a server to queue > an unbounded number of bytes, leading to a slow but steady increase in memory > usage (CVE-2024-1765). > >PR: 277692 >--- > net/quiche/Makefile | 3 +-- > net/quiche/distinfo | 6 +++--- > 2 files changed, 4 insertions(+), 5 deletions(-) > >diff --git a/net/quiche/Makefile b/net/quiche/Makefile >index b2c04929a7..44458653bc 100644 >--- a/net/quiche/Makefile >+++ b/net/quiche/Makefile >@@ -1,6 +1,5 @@ > PORTNAME= quiche >-DISTVERSION= 0.20.0 >-PORTREVISION= 1 >+DISTVERSION= 0.20.1 > CATEGORIES= net > > MAINTAINER= junho.choi@gmail.com >diff --git a/net/quiche/distinfo b/net/quiche/distinfo >index 992a0c780f..7539b4e398 100644 >--- a/net/quiche/distinfo >+++ b/net/quiche/distinfo >@@ -1,4 +1,4 @@ >-TIMESTAMP = 1702388908 >+TIMESTAMP = 1710274017 > SHA256 (rust/crates/aho-corasick-1.1.2.crate) = b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0 > SIZE (rust/crates/aho-corasick-1.1.2.crate) = 183136 > SHA256 (rust/crates/android-tzdata-0.1.1.crate) = e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0 >@@ -241,7 +241,7 @@ SHA256 (rust/crates/windows_x86_64_gnullvm-0.48.5.crate) = 0b7b52767868a23d5bab7 > SIZE (rust/crates/windows_x86_64_gnullvm-0.48.5.crate) = 418486 > SHA256 (rust/crates/windows_x86_64_msvc-0.48.5.crate) = ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538 > SIZE (rust/crates/windows_x86_64_msvc-0.48.5.crate) = 798412 >-SHA256 (cloudflare-quiche-0.20.0_GH0.tar.gz) = 7125bc82ddcf38fbfbc69882ccb2723bfb4d5bfeb42718b8291d26ec06042e38 >-SIZE (cloudflare-quiche-0.20.0_GH0.tar.gz) = 681940 >+SHA256 (cloudflare-quiche-0.20.1_GH0.tar.gz) = 9c460d8ecf6c80c06bf9b42f91201ef33f912e2615a871ff2d0e50197b901c71 >+SIZE (cloudflare-quiche-0.20.1_GH0.tar.gz) = 683362 > SHA256 (google-boringssl-f1c75347d_GH0.tar.gz) = fc0bb68685e8e5fe25c4170dec90796d290b754529baae19e03cbc73365eb08a > SIZE (google-boringssl-f1c75347d_GH0.tar.gz) = 43373250 >-- >2.44.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=249158">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
fernape
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 277692
: 249158 |
249492