CVSROOT: /cvs Module name: src Changes by: mill...@cvs.openbsd.org 2023/01/25 12:06:50
Modified files:
usr.bin/pkg-config/OpenBSD: PkgConfig.pm
Log message:
Fix CVE-2023-24056, unbounded variable expansion in pkg-config.
We now die with an error when trying to expand a variable that is
already longer than 64K. This was never a buffer overflow in our
pkg-config, but rather an unbounded memory allocation that would
eventually run up against resource limits. OK sthen@ jasper@
