Path to this page:
Subject: CVS commit: [pkgsrc-2011Q4] pkgsrc/textproc/libxml2
From: S.P.Zeidler
Date: 2012-03-12 19:06:50
Message id: 20120312180650.8996B175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3701 - requested by drochner
textproc/libxml2: security fix and HEAD compatibility
Revisions pulled up:
- textproc/libxml2/Makefile 1.113-1.114
- textproc/libxml2/distinfo 1.88-1.89
- textproc/libxml2/patches/patch-CVE-2012-0841-aa 1.1
- textproc/libxml2/patches/patch-CVE-2012-0841-ab 1.1
- textproc/libxml2/patches/patch-CVE-2012-0841-ac 1.1
- textproc/libxml2/patches/patch-aa 1.24
- textproc/libxml2/patches/patch-ab 1.22
- textproc/libxml2/patches/patch-am 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Wed Feb 22 11:10:18 UTC 2012
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
pkgsrc/textproc/libxml2/patches: patch-aa patch-ab
Added Files:
pkgsrc/textproc/libxml2/patches: patch-am
Log Message:
build the library thread-aware, i.e. use <pthread.h> but do not
link against libpthread. (It doesn't create threads, just uses
locking.) This seems to be wanted by some applications, eg vlc
issues a warning on startup (with no visible consequences afaict,
but anyway).
I hope this works for other OSes too. If not, we should probably
add support for these cases to mk/pthread.bl3.mk.
bump PKGREV
To generate a diff of this commit:
cvs rdiff -u -r1.112 -r1.113 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.87 -r1.88 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r1.23 -r1.24 pkgsrc/textproc/libxml2/patches/patch-aa
cvs rdiff -u -r1.21 -r1.22 pkgsrc/textproc/libxml2/patches/patch-ab
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-am
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Fri Mar 9 12:12:28 UTC 2012
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-CVE-2012-0841-aa
patch-CVE-2012-0841-ab patch-CVE-2012-0841-ac
Log Message:
Add patch from upstream to add hash randomization.
Without that, (untrusted) input can fill hash buckets uneven, causing
high CPU load. (CVE-2012-0841)
To get a patch which is simple enough to get pulled up to the stable
pkgsrc branch, I've not touched "configure" but just assumed that
the POSIX functions rand(), srand() and time() are present.
bump PKGREV
To generate a diff of this commit:
cvs rdiff -u -r1.113 -r1.114 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.88 -r1.89 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-aa \
pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ab \
pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ac
Files: