./textproc/expat, XML parser library written in C

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.2.0, Package name: expat-2.2.0, Maintainer: drochner

This is James Clark's expat XML parser library in C. It is a stream oriented
parser that requires setting handlers to deal with the structure that the
parser discovers in the document.

Master sites:

SHA1: 8453bc52324be4c796fd38742ec48470eef358b3
RMD160: fb4ff9f78c8f09019f571758f8d559a3c640002f
Filesize: 404.641 KB

Version history: (Expand)

CVS history: (Expand)

   2016-06-22 17:39:09 by Matthias Drochner | Files touched by this commit (5) | Package removed
Log message:
update to 2.2.0
-security patches which we already had in pkgsrc are integrated
-Use more entropy for hash initialization than the original fix
 to CVE-2012-0876
-Resolve troublesome internal call to srand that was introduced
 with Expat 2.1.0 when addressing CVE-2012-0876
   2016-05-17 21:15:01 by Matthias Drochner | Files touched by this commit (6)
Log message:
add patches from upstream to fix possible crashes and memory corruption
on malformed input (CVE-2016-0718)
Description: The Expat XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overflows during processing and error
reporting. The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. The bugs allow for a denial of service
attack in many applications by an unauthenticated attacker, and could
conceivably result in remote code execution.


also add an improvement to the fix for CVE-2015-1283 which was part
of the 2.1.1 release -- don't rely on defined behaviour on overflows
of signed integer operations, from upstream git:
https://sourceforge.net/p/expat/code_gi … 785d71bde/

pkgsrc change: add a hint how to run the pkg's selftest (not enabled
permanently because this would add a dependency on C++)
   2016-03-18 10:36:26 by Thomas Klausner | Files touched by this commit (1)
Log message:
revert ABI/ABI bump for expat.

Not necessary and cuases problems.
   2016-03-16 20:55:55 by Ryo ONODERA | Files touched by this commit (5) | Package updated
Log message:
Update to 2.1.1

Release 2.1.1 Sat March 12 2016
        Security fixes:
            #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer

        Bug fixes:
            #502: Fix potential null pointer dereference
            #520: Symbol XML_SetHashSalt was not exported
            Output of "xmlwf -h" was incomplete

        Other changes
            #503: Document behavior of calling XML_SetHashSalt with salt 0
            Minor improvements to man page xmlwf(1)
            Improvements to the experimental CMake build system
            libtool now invoked with --verbose
   2016-01-01 02:29:30 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Do not use GNU make, bump PKGREVISION
Fix circular dependency of PREFER_PKGSRC=yes case.
   2015-11-04 03:00:17 by Alistair G. Crooks | Files touched by this commit (797)
Log message:
Add SHA512 digests for distfiles for textproc category

Problems found locating distfiles:
	Package cabocha: missing distfile cabocha-0.68.tar.bz2
	Package convertlit: missing distfile clit18src.zip
	Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-08-04 10:47:19 by Tobias Nygren | Files touched by this commit (3)
Log message:
CVE-2015-1283 heap based buffer overflow in expat.
Patch via Debian bug#793484 and Mozilla. Bump.
   2015-02-05 00:44:34 by Tobias Nygren | Files touched by this commit (4)
Log message:
Improve STEP_MSG.
(pkgsrc may seem like magic sometimes, but let's be honest here.)