Navigation:
Browse pkgsrc
(this page)| 2017-10-31 14:15:44 by Filip Hajny | Files touched by this commit (10) |
Log message: textproc/*libxml2: Move patches and distinfo files under the main package since the distfile is just one anyway. |
| 2017-10-30 15:02:03 by Filip Hajny | Files touched by this commit (2) |
Log message: Update textproc/libxml2 to 2.9.6. Update Portability: - Change preprocessor OS tests to __linux__ Bug Fixes: - Fix XPath stack frame logic - Report undefined XPath variable error message - Fix regression with librsvg - Handle more invalid entity values in recovery mode - Fix structured validation errors - Fix memory leak in LZMA decompressor - Set memory limit for LZMA decompression - Handle illegal entity values in recovery mode - Fix debug dump of streaming XPath expressions - Fix memory leak in nanoftp - Fix memory leaks in SAX1 parser |
2017-09-10 22:49:20 by Thomas Klausner | Files touched by this commit (14) |  |
Log message: Updated libxml2 to 2.9.5. 2.9.5: Sep 04 2017 • Reference Manual • Security: Detect infinite recursion in parameter entities (Nick Wellnhofer), Fix handling of parameter-entity references (Nick Wellnhofer), Disallow namespace nodes in XPointer ranges (Nick Wellnhofer), Fix XPointer paths beginning with range-to (Nick Wellnhofer) • Documentation: Documentation fixes (Nick Wellnhofer), Spelling and grammar fixes (Nick Wellnhofer) • Portability: Adding README.zOS to list of extra files for the release (Daniel Veillard), Description of work needed to compile on zOS (Stéphane Michaut), Porting libxml2 on zOS encoding of code (Stéphane Michaut), small changes for OS/400 (Patrick Monnerat), relaxng.c, xmlschemas.c: Fix build on pre-C99 compilers (Chun-wei Fan) • Bug Fixes: Problem resolving relative URIs (Daniel Veillard), Fix unwanted warnings when switching encodings (Nick Wellnhofer), Fix signature of xmlSchemaAugmentImportedIDC (Daniel Veillard), Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup (David Kilzer), Fix NULL pointer deref in xmlFAParseCharClassEsc (Nick Wellnhofer), Fix infinite loops with push parser in recovery mode (Nick Wellnhofer), Send xmllint usage error to stderr (Nick Wellnhofer), Fix NULL deref in xmlParseExternalEntityPrivate (Nick Wellnhofer), Make sure not to call IS_BLANK_CH when parsing the DTD (Nick Wellnhofer), Fix xmlHaltParser (Nick Wellnhofer), Fix pathological performance when outputting charrefs (Nick Wellnhofer), Fix invalid-source-encoding warnings in testWriter.c (Nick Wellnhofer), Fix duplicate SAX callbacks for entity content (David Kilzer), Treat URIs with scheme as absolute in C14N (Nick Wellnhofer), Fix copy-paste errors in error messages (Nick Wellnhofer), Fix sanity check in htmlParseNameComplex (Nick Wellnhofer), Fix potential infinite loop in xmlStringLenDecodeEntities (Nick Wellnhofer), Reset parser input pointers on encoding failure (Nick Wellnhofer), Fix memory leak in xmlParseEntityDecl error path (Nick Wellnhofer), Fix xmlBuildRelativeURI for URIs starting with '. /' (Nick Wellnhofer), Fix type confusion in xmlValidateOneNamespace (Nick Wellnhofer), Fix memory leak in xmlStringLenGetNodeList (Nick Wellnhofer), Fix NULL pointer deref in xmlDumpElementContent (Daniel Veillard), Fix memory leak in xmlBufAttrSerializeTxtContent (Nick Wellnhofer), Stop parser on unsupported encodings (Nick Wellnhofer), Check for integer overflow in memory debug code (Nick Wellnhofer), Fix buffer size checks in xmlSnprintfElementContent (Nick Wellnhofer), Avoid reparsing in xmlParseStartTag2 (Nick Wellnhofer), Fix undefined behavior in xmlRegExecPushStringInternal (Nick Wellnhofer), Check XPath exponents for overflow (Nick Wellnhofer), Check for overflow in xmlXPathIsPositionalPredicate (Nick Wellnhofer), Fix spurious error message (Nick Wellnhofer), Fix memory leak in xmlCanonicPath (Nick Wellnhofer), Fix memory leak in xmlXPathCompareNodeSetValue (Nick Wellnhofer), Fix memory leak in pattern error path (Nick Wellnhofer), Fix memory leak in parser error path (Nick Wellnhofer), Fix memory leaks in XPointer error paths (Nick Wellnhofer), Fix memory leak in xmlXPathNodeSetMergeAndClear (Nick Wellnhofer), Fix memory leak in XPath filter optimizations (Nick Wellnhofer), Fix memory leaks in XPath error paths (Nick Wellnhofer), Do not leak the new CData node if adding fails (David Tardon), Prevent unwanted external entity reference (Neel Mehta), Increase buffer space for port in HTTP redirect support (Daniel Veillard), Fix more NULL pointer derefs in xpointer.c (Nick Wellnhofer), Avoid function/data pointer conversion in xpath.c (Nick Wellnhofer), Fix format string warnings (Nick Wellnhofer), Disallow namespace nodes in XPointer points (Nick Wellnhofer), Fix comparison with root node in xmlXPathCmpNodes (Nick Wellnhofer), Fix attribute decoding during XML schema validation (Alex Henrie), Fix NULL pointer deref in XPointer range-to (Nick Wellnhofer) • Improvements: Updating the spec file to reflect Fedora 24 (Daniel Veillard), Add const in five places to move 1 KiB to .rdata (Bruce Dawson), Fix missing part of comment for function xmlXPathEvalExpression() (Daniel Veillard), Get rid of "blanks wrapper" for parameter entities (Nick Wellnhofer), Simplify handling of parameter entity references (Nick Wellnhofer), Deduplicate code in encoding.c (Nick Wellnhofer), Make HTML parser functions take const pointers (Nick Wellnhofer), Build test programs only when needed (Nick Wellnhofer), Fix doc/examples/index.py (Nick Wellnhofer), Fix compiler warnings in threads.c (Nick Wellnhofer), Fix empty-body warning in nanohttp.c (Nick Wellnhofer), Fix cast-align warnings (Nick Wellnhofer), Fix unused-parameter warnings (Nick Wellnhofer), Rework entity boundary checks (Nick Wellnhofer), Don't switch encoding for internal parameter entities (Nick Wellnhofer), Merge duplicate code paths handling PE references (Nick Wellnhofer), Test SAX2 callbacks with entity substitution (Nick Wellnhofer), Support catalog and threads tests under --without-sax1 (Nick Wellnhofer), Misc fixes for 'make tests' (Nick Wellnhofer), Initialize keepBlanks in HTML parser (Nick Wellnhofer), Add test cases for bug 758518 (David Kilzer), Fix compiler warning in htmlParseElementInternal (Nick Wellnhofer), Remove useless check in xmlParseAttributeListDecl (Nick Wellnhofer), Allow zero sized memory input buffers (Nick Wellnhofer), Add TODO comment in xmlSwitchEncoding (Nick Wellnhofer), Check for integer overflow in xmlXPathFormatNumber (Nick Wellnhofer), Make Travis print UBSan stacktraces (Nick Wellnhofer), Add .travis.yml (Nick Wellnhofer), Fix expected error output in Python tests (Nick Wellnhofer), Simplify control flow in xmlParseStartTag2 (Nick Wellnhofer), Disable LeakSanitizer when running API tests (Nick Wellnhofer), Avoid out-of-bound array access in API tests (Nick Wellnhofer), Avoid spurious UBSan errors in parser.c (Nick Wellnhofer), Parse small XPath numbers more accurately (Nick Wellnhofer), Rework XPath rounding functions (Nick Wellnhofer), Fix white space in test output (Nick Wellnhofer), Fix axis traversal from attribute and namespace nodes (Nick Wellnhofer), Check for trailing characters in XPath expressions earlier (Nick Wellnhofer), Rework final handling of XPath results (Nick Wellnhofer), Make xmlXPathEvalExpression call xmlXPathEval (Nick Wellnhofer), Remove unused variables (Nick Wellnhofer), Don't print generic error messages in XPath tests (Nick Wellnhofer) • Cleanups: Fix a couple of misleading indentation errors (Daniel Veillard), Remove unnecessary calls to xmlPopInput (Nick Wellnhofer) |
| 2017-06-21 02:23:24 by Tim Zingelman | Files touched by this commit (4) |
Log message: xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). From: \ https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74 There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Percent sign in DTD Names ========================= This fixes bug 766956 initially reported by Wei Lei and independently by Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone involved. xmlParseNameComplex with XML_PARSE_OLD10 ======================================== This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). Thanks to Marcel Böhme and Thuan Pham for the report. Additional hardening ==================== A separate check was added in xmlParseNameComplex to validate the buffer size. From: \ https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3 |
| 2017-06-11 06:40:53 by Maya Rashish | Files touched by this commit (3) |
Log message: libxml2: Apply upstream patch for CVE-2017-5969. (Minor issue, only a denial-of-service when using recover mode) bump PKGREVISION |
| 2017-01-19 19:52:30 by Alistair G. Crooks | Files touched by this commit (352) |
Log message: Convert all occurrences (353 by my count) of MASTER_SITES= site1 \ site2 style continuation lines to be simple repeated MASTER_SITES+= site1 MASTER_SITES+= site2 lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint accordingly. |
| 2016-12-30 03:17:49 by David A. Holland | Files touched by this commit (3) |
Log message: PKGREVISION shouldn't be in Makefile.common, even though the last two bumps applied to both users. |
| 2016-12-27 03:34:34 by Sevan Janiyan | Files touched by this commit (6) |
Log message: Patch for CVE-2016-4658 & CVE-2016-5131 Bump rev |
| 2016-11-30 15:46:22 by Sevan Janiyan | Files touched by this commit (3) |
Log message: Patch CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726 Bump rev. |
| 2016-05-28 08:47:51 by Thomas Klausner | Files touched by this commit (1) |
Log message: Use standard format for 'used by' lines, since some tools make use of this. |
New packages: