package/libesmtp: security bump to version 1.1.0
After more than a decade, libESMTP version 1.0.6 is superceded. Despite
proving robust a little bitrot has occurred, especially regarding
OpenSSL support. The original application data APIs are prone to memory
leaks and are deprecated in favour of safer replacements. Version 1.1
updates libESMTP without breaking API and ABI compatibility and
provides a basis for future development.
In addition to updates to the codebase, documentation is modernised and
is more comprehensive.
All libESMTP users are encouraged to upgrade from version 1.0.6.
- Update license files
- Update indentation in hash file (two spaces)
- Switch to meson-package
- Handle threads and tls meson options
- libesmtp-config has been dropped:
https://github.com/libesmtp/libESMTP/issues/8
- Fix CVE-2019-19977: libESMTP through 1.0.6 mishandles domain copying
into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as
demonstrated by a stack-based buffer over-read.
https://github.com/libesmtp/libESMTP/releases/tag/v1.1.0
https://libesmtp.github.io/changes-since-v1.0.6.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
projects / buildroot.git / commit