./textproc/libxml2, XML parser library from the GNOME project

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.9.4nb4, Package name: libxml2-2.9.4nb4, Maintainer: pkgsrc-users

XML parser library from the GNOME project


Required to run:
[textproc/xmlcatmgr]

Required to build:
[pkgtools/cwrappers]

Package options: inet6

Master sites:

SHA1: 958ae70baf186263a4bd801a81dd5d682aedd1db
RMD160: bb59656e0683d64a38a2f1a45ca9d918837e1e56
Filesize: 5248.857 KB

Version history: (Expand)


CVS history: (Expand)


   2017-06-21 02:23:24 by Tim Zingelman | Files touched by this commit (4)
Log message:
xmlSnprintfElementContent failed to correctly check the available
buffer space in two locations.
Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048).
From: \ 
https://git.gnome.org/browse/libxml2/co … d175959d74

There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.

Percent sign in DTD Names
=========================
This fixes bug 766956 initially reported by Wei Lei and independently by
Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
involved.

xmlParseNameComplex with XML_PARSE_OLD10
========================================
This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
Thanks to Marcel Böhme and Thuan Pham for the report.

Additional hardening
====================
A separate check was added in xmlParseNameComplex to validate the
buffer size.

From: \ 
https://git.gnome.org/browse/libxml2/co … b6767251e3
   2017-06-11 06:40:53 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
libxml2: Apply upstream patch for CVE-2017-5969.
(Minor issue, only a denial-of-service when using recover mode)

bump PKGREVISION
   2017-01-19 19:52:30 by Alistair G. Crooks | Files touched by this commit (352)
Log message:
Convert all occurrences (353 by my count) of

	MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
   2016-12-30 03:17:49 by David A. Holland | Files touched by this commit (3)
Log message:
PKGREVISION shouldn't be in Makefile.common, even though the last two
bumps applied to both users.
   2016-12-27 03:34:34 by Sevan Janiyan | Files touched by this commit (6)
Log message:
Patch for CVE-2016-4658 & CVE-2016-5131
Bump rev
   2016-11-30 15:46:22 by Sevan Janiyan | Files touched by this commit (3)
Log message:
Patch CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726
Bump rev.
   2016-05-28 08:47:51 by Thomas Klausner | Files touched by this commit (1)
Log message:
Use standard format for 'used by' lines, since some tools make use of this.
   2016-05-28 01:51:10 by Paul Goyette | Files touched by this commit (2)
Log message:
Introduce a Makefile.common so we can share it with textproc/py-libxml2