2017-06-20 20:31:36 by S.P.Zeidler | Files touched by this commit (3) |
Log message:
build fix for OS X and Solaris from Tim Zingelman <tez@netbsd.org>:
OS X & Solaris have sys/random.h but not getrandom() so the build fails
with a missing symbol. \
Test linking the getrandom snippet instead of only compiling it
in configure.
|
2017-06-18 08:01:33 by S.P.Zeidler | Files touched by this commit (4) | |
Log message:
update of expat from 2.2.0 to 2.2.1 (mostly security fixes and cleanup)
Security issues fixed:
CVE-2017-9233, CVE-2016-9063, improve fix for CVE-2016-5300
fixed regression from fix to CVE-2016-0718
Cleanup: Drop AmigaOS 4.x, Borland C++ Builder, OpenVMS, Open Watcom,
Visual Studio 6.0 and Pre-X Mac OS support
|
2016-06-22 17:39:09 by Matthias Drochner | Files touched by this commit (5) | |
Log message:
update to 2.2.0
changes:
-security patches which we already had in pkgsrc are integrated
-Use more entropy for hash initialization than the original fix
to CVE-2012-0876
-Resolve troublesome internal call to srand that was introduced
with Expat 2.1.0 when addressing CVE-2012-0876
|
2016-05-17 21:15:01 by Matthias Drochner | Files touched by this commit (6) |
Log message:
add patches from upstream to fix possible crashes and memory corruption
on malformed input (CVE-2016-0718)
Description: The Expat XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overflows during processing and error
reporting. The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. The bugs allow for a denial of service
attack in many applications by an unauthenticated attacker, and could
conceivably result in remote code execution.
bump PKGREV
also add an improvement to the fix for CVE-2015-1283 which was part
of the 2.1.1 release -- don't rely on defined behaviour on overflows
of signed integer operations, from upstream git:
https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/
pkgsrc change: add a hint how to run the pkg's selftest (not enabled
permanently because this would add a dependency on C++)
|
2016-03-18 10:36:26 by Thomas Klausner | Files touched by this commit (1) |
Log message:
revert ABI/ABI bump for expat.
Not necessary and cuases problems.
|
2016-03-16 20:55:55 by Ryo ONODERA | Files touched by this commit (5) |
Log message:
Update to 2.1.1
Changelog:
Release 2.1.1 Sat March 12 2016
Security fixes:
#582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
Bug fixes:
#502: Fix potential null pointer dereference
#520: Symbol XML_SetHashSalt was not exported
Output of "xmlwf -h" was incomplete
Other changes
#503: Document behavior of calling XML_SetHashSalt with salt 0
Minor improvements to man page xmlwf(1)
Improvements to the experimental CMake build system
libtool now invoked with --verbose
|
2016-01-01 02:29:30 by Ryo ONODERA | Files touched by this commit (3) |
Log message:
Do not use GNU make, bump PKGREVISION
Fix circular dependency of PREFER_PKGSRC=yes case.
|
2015-11-04 03:00:17 by Alistair G. Crooks | Files touched by this commit (797) |
Log message:
Add SHA512 digests for distfiles for textproc category
Problems found locating distfiles:
Package cabocha: missing distfile cabocha-0.68.tar.bz2
Package convertlit: missing distfile clit18src.zip
Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
2015-08-04 10:47:19 by Tobias Nygren | Files touched by this commit (3) |
Log message:
CVE-2015-1283 heap based buffer overflow in expat.
Patch via Debian bug#793484 and Mozilla. Bump.
|
2015-02-05 00:44:34 by Tobias Nygren | Files touched by this commit (4) |
Log message:
Improve STEP_MSG.
(pkgsrc may seem like magic sometimes, but let's be honest here.)
|