/expat, XML parser library written in C
2.1.1nb1, Package name:
expat-2.1.1nb1, Maintainer: drochner
This is James Clark's expat XML parser library in C. It is a stream oriented
parser that requires setting handlers to deal with the structure that the
parser discovers in the document.
Master sites: SHA1:
Version history: (Expand)
- (2016-05-18) Updated to version: expat-2.1.1nb1
- (2016-03-17) Updated to version: expat-2.1.1
- (2016-01-01) Updated to version: expat-2.1.0nb2
- (2015-08-04) Updated to version: expat-2.1.0nb1
- (2012-04-01) Updated to version: expat-2.1.0
- (2010-01-26) Updated to version: expat-2.0.1nb2
CVS history: (Expand)
| 2016-05-17 21:15:01 by Matthias Drochner | Files touched by this commit (6) |
add patches from upstream to fix possible crashes and memory corruption
on malformed input (CVE-2016-0718)
Description: The Expat XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overflows during processing and error
reporting. The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. The bugs allow for a denial of service
attack in many applications by an unauthenticated attacker, and could
conceivably result in remote code execution.
also add an improvement to the fix for CVE-2015-1283 which was part
of the 2.1.1 release -- don't rely on defined behaviour on overflows
of signed integer operations, from upstream git:
https://sourceforge.net/p/expat/code_gi … 785d71bde/
pkgsrc change: add a hint how to run the pkg's selftest (not enabled
permanently because this would add a dependency on C++)
| 2016-03-18 10:36:26 by Thomas Klausner | Files touched by this commit (1) |
revert ABI/ABI bump for expat.
Not necessary and cuases problems.
| 2016-03-16 20:55:55 by Ryo ONODERA | Files touched by this commit (5) | |
Update to 2.1.1
Release 2.1.1 Sat March 12 2016
#582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
#502: Fix potential null pointer dereference
#520: Symbol XML_SetHashSalt was not exported
Output of "xmlwf -h" was incomplete
#503: Document behavior of calling XML_SetHashSalt with salt 0
Minor improvements to man page xmlwf(1)
Improvements to the experimental CMake build system
libtool now invoked with --verbose
| 2016-01-01 02:29:30 by Ryo ONODERA | Files touched by this commit (3) | |
Do not use GNU make, bump PKGREVISION
Fix circular dependency of PREFER_PKGSRC=yes case.
| 2015-11-04 03:00:17 by Alistair G. Crooks | Files touched by this commit (797) |
Add SHA512 digests for distfiles for textproc category
Problems found locating distfiles:
Package cabocha: missing distfile cabocha-0.68.tar.bz2
Package convertlit: missing distfile clit18src.zip
Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
| 2015-08-04 10:47:19 by Tobias Nygren | Files touched by this commit (3) |
CVE-2015-1283 heap based buffer overflow in expat.
Patch via Debian bug#793484 and Mozilla. Bump.
| 2015-02-05 00:44:34 by Tobias Nygren | Files touched by this commit (4) |
(pkgsrc may seem like magic sometimes, but let's be honest here.)
| 2015-01-07 15:26:47 by Ryo ONODERA | Files touched by this commit (1) |
Provide fake expat.pc for builtin case.