./textproc/expat, XML parser library written in C

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.1.1nb1, Package name: expat-2.1.1nb1, Maintainer: drochner

This is James Clark's expat XML parser library in C. It is a stream oriented
parser that requires setting handlers to deal with the structure that the
parser discovers in the document.


Master sites:

SHA1: ff91419882ac52151050dad0ee8190645fbeee08
RMD160: a1741237726c0b48d7a3f03943c76826ee6f3e48
Filesize: 395.608 KB

Version history: (Expand)


CVS history: (Expand)


   2016-05-17 21:15:01 by Matthias Drochner | Files touched by this commit (6)
Log message:
add patches from upstream to fix possible crashes and memory corruption
on malformed input (CVE-2016-0718)
Description: The Expat XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overflows during processing and error
reporting. The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. The bugs allow for a denial of service
attack in many applications by an unauthenticated attacker, and could
conceivably result in remote code execution.

bump PKGREV

also add an improvement to the fix for CVE-2015-1283 which was part
of the 2.1.1 release -- don't rely on defined behaviour on overflows
of signed integer operations, from upstream git:
https://sourceforge.net/p/expat/code_gi … 785d71bde/

pkgsrc change: add a hint how to run the pkg's selftest (not enabled
permanently because this would add a dependency on C++)
   2016-03-18 10:36:26 by Thomas Klausner | Files touched by this commit (1)
Log message:
revert ABI/ABI bump for expat.

Not necessary and cuases problems.
   2016-03-16 20:55:55 by Ryo ONODERA | Files touched by this commit (5) | Package updated
Log message:
Update to 2.1.1

Changelog:
Release 2.1.1 Sat March 12 2016
        Security fixes:
            #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer

        Bug fixes:
            #502: Fix potential null pointer dereference
            #520: Symbol XML_SetHashSalt was not exported
            Output of "xmlwf -h" was incomplete

        Other changes
            #503: Document behavior of calling XML_SetHashSalt with salt 0
            Minor improvements to man page xmlwf(1)
            Improvements to the experimental CMake build system
            libtool now invoked with --verbose
   2016-01-01 02:29:30 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Do not use GNU make, bump PKGREVISION
Fix circular dependency of PREFER_PKGSRC=yes case.
   2015-11-04 03:00:17 by Alistair G. Crooks | Files touched by this commit (797)
Log message:
Add SHA512 digests for distfiles for textproc category

Problems found locating distfiles:
	Package cabocha: missing distfile cabocha-0.68.tar.bz2
	Package convertlit: missing distfile clit18src.zip
	Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-08-04 10:47:19 by Tobias Nygren | Files touched by this commit (3)
Log message:
CVE-2015-1283 heap based buffer overflow in expat.
Patch via Debian bug#793484 and Mozilla. Bump.
   2015-02-05 00:44:34 by Tobias Nygren | Files touched by this commit (4)
Log message:
Improve STEP_MSG.
(pkgsrc may seem like magic sometimes, but let's be honest here.)
   2015-01-07 15:26:47 by Ryo ONODERA | Files touched by this commit (1)
Log message:
Provide fake expat.pc for builtin case.