Changes include:
* Update release from 1.94 to 1.96 in yaws formula using GitHub's releases URL
* Update `sha1` for new source archive
* Provide `--HEAD` option for yaws formula (needed for newer Erlang versions)
* Add `test` method with a basic tests for yaws formula
* Revert private method extraction to address method extraction from @adamv
* Use autoconf for yaws formula and specify build dependency on autoconf
* Add patches for yaws formula which is necessary for Erlang R16B01 and above
* Make tests valid for `--HEAD` builds even when the next version is bumped
ClosesHomebrew/homebrew#23076.
Signed-off-by: Adam Vandenberg <flangy@gmail.com>
What's New in 2.0.22
====================
* Fixed possible infinite recursion in the compressed packet
parser. [CVE-2013-4402]
* Improved support for some card readers.
* Prepared building with the forthcoming Libgcrypt 1.6.
* Protect against rogue keyservers sending secret keys.
Impact of the security problem
==============================
Special crafted input data may be used to cause a denial of service
against GPG (GnuPG's OpenPGP part) and some other OpenPGP
implementations. All systems using GPG to process incoming data are
affected.
Taylor R. Campbell invented a neat trick to generate OpenPGP packages
to force GPG to recursively parse certain parts of OpenPGP messages ad
infinitum. As a workaround a tight "ulimit -v" setting may be used to
mitigate the problem. Sample input data to trigger this problem has
not yet been seen in the wild. Details of the attack will eventually
be published by its inventor.
A fixed release of the GnuPG 1.4 series has also been released.
An updated vesion of gpg4win will be released next week.
Signed-off-by: Jack Nagel <jacknagel@gmail.com>
What's New
===========
* Fixed possible infinite recursion in the compressed packet
parser. [CVE-2013-4402]
* Protect against rogue keyservers sending secret keys.
* Use 2048 bit also as default for batch key generation.
* Minor bug fixes.
Impact of the security problem
==============================
Special crafted input data may be used to cause a denial of service
against GPG (GnuPG's OpenPGP part) and some other OpenPGP
implementations. All systems using GPG to process incoming data are
affected.
Taylor R. Campbell invented a neat trick to generate OpenPGP packages
to force GPG to recursively parse certain parts of OpenPGP messages ad
infinitum. As a workaround a tight "ulimit -v" setting may be used to
mitigate the problem. Sample input data to trigger this problem has
not yet been seen in the wild. Details of the attack will eventually
be published by its inventor.
A fixed release of the GnuPG 2.0 series has also been released.
Signed-off-by: Jack Nagel <jacknagel@gmail.com>
Changes between GMP version 5.1.2 and 5.1.3:
BUGS FIXED
* The internal functions mpn_sbpi1_div_qr_sec mpn_sbpi1_div_r_sec
could compute garbage with a low probability. They are now rewritten,
and the test code has been improved.
* A bug in the ia64 implementation of mpn_divrem_2, clobbering some
callee-save registers, has been fixed. This is an internal
function, with the bug manifesting itself as miscomputation in,
e.g., mpn_sqrtrem.
* The documentation now correctly says 'const' for input arguments.
ClosesHomebrew/homebrew#23060.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
Partially adapted from the ffmpeg formula. libav compilation seems robust, I
tested on two laptops and installed alongside ffmpeg without issue. I also
tested with all build options enabled.
Previous mention of a libav formula was at Homebrew/homebrew#12534.
ClosesHomebrew/homebrew#20827.
Signed-off-by: Xiyue Deng <manphiz@gmail.com>
This project has been removed from GNU mirrors.
Debian still packages a version of it, so users of this software
could switch the formula to use the Debian download, though we
no longer want to carry this in core.
