Navigation:
Browse pkgsrc
(this page)| 2017-06-20 20:31:36 by S.P.Zeidler | Files touched by this commit (3) |
Log message: build fix for OS X and Solaris from Tim Zingelman <tez@netbsd.org>: OS X & Solaris have sys/random.h but not getrandom() so the build fails with a missing symbol. \ Test linking the getrandom snippet instead of only compiling it in configure. |
2017-06-18 08:01:33 by S.P.Zeidler | Files touched by this commit (4) |  |
Log message: update of expat from 2.2.0 to 2.2.1 (mostly security fixes and cleanup) Security issues fixed: CVE-2017-9233, CVE-2016-9063, improve fix for CVE-2016-5300 fixed regression from fix to CVE-2016-0718 Cleanup: Drop AmigaOS 4.x, Borland C++ Builder, OpenVMS, Open Watcom, Visual Studio 6.0 and Pre-X Mac OS support |
2016-06-22 17:39:09 by Matthias Drochner | Files touched by this commit (5) |  |
Log message: update to 2.2.0 changes: -security patches which we already had in pkgsrc are integrated -Use more entropy for hash initialization than the original fix to CVE-2012-0876 -Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 |
| 2016-05-17 21:15:01 by Matthias Drochner | Files touched by this commit (6) |
Log message: add patches from upstream to fix possible crashes and memory corruption on malformed input (CVE-2016-0718) Description: The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. bump PKGREV also add an improvement to the fix for CVE-2015-1283 which was part of the 2.1.1 release -- don't rely on defined behaviour on overflows of signed integer operations, from upstream git: https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/ pkgsrc change: add a hint how to run the pkg's selftest (not enabled permanently because this would add a dependency on C++) |
| 2016-03-18 10:36:26 by Thomas Klausner | Files touched by this commit (1) |
Log message: revert ABI/ABI bump for expat. Not necessary and cuases problems. |
| 2016-03-16 20:55:55 by Ryo ONODERA | Files touched by this commit (5) |
Log message:
Update to 2.1.1
Changelog:
Release 2.1.1 Sat March 12 2016
Security fixes:
#582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
Bug fixes:
#502: Fix potential null pointer dereference
#520: Symbol XML_SetHashSalt was not exported
Output of "xmlwf -h" was incomplete
Other changes
#503: Document behavior of calling XML_SetHashSalt with salt 0
Minor improvements to man page xmlwf(1)
Improvements to the experimental CMake build system
libtool now invoked with --verbose
|
| 2016-01-01 02:29:30 by Ryo ONODERA | Files touched by this commit (3) |
Log message: Do not use GNU make, bump PKGREVISION Fix circular dependency of PREFER_PKGSRC=yes case. |
| 2015-11-04 03:00:17 by Alistair G. Crooks | Files touched by this commit (797) |
Log message: Add SHA512 digests for distfiles for textproc category Problems found locating distfiles: Package cabocha: missing distfile cabocha-0.68.tar.bz2 Package convertlit: missing distfile clit18src.zip Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. |
| 2015-08-04 10:47:19 by Tobias Nygren | Files touched by this commit (3) |
Log message: CVE-2015-1283 heap based buffer overflow in expat. Patch via Debian bug#793484 and Mozilla. Bump. |
| 2015-02-05 00:44:34 by Tobias Nygren | Files touched by this commit (4) |
Log message: Improve STEP_MSG. (pkgsrc may seem like magic sometimes, but let's be honest here.) |
New packages: