Subject: CVS commit: [pkgsrc-2011Q4] pkgsrc/textproc/libxml2
From: S.P.Zeidler
Date: 2012-03-12 19:06:50
Message id: 20120312180650.8996B175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3701 - requested by drochner
textproc/libxml2: security fix and HEAD compatibility

Revisions pulled up:
- textproc/libxml2/Makefile                                     1.113-1.114
- textproc/libxml2/distinfo                                     1.88-1.89
- textproc/libxml2/patches/patch-CVE-2012-0841-aa               1.1
- textproc/libxml2/patches/patch-CVE-2012-0841-ab               1.1
- textproc/libxml2/patches/patch-CVE-2012-0841-ac               1.1
- textproc/libxml2/patches/patch-aa                             1.24
- textproc/libxml2/patches/patch-ab                             1.22
- textproc/libxml2/patches/patch-am                             1.1

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Wed Feb 22 11:10:18 UTC 2012

   Modified Files:
           pkgsrc/textproc/libxml2: Makefile distinfo
           pkgsrc/textproc/libxml2/patches: patch-aa patch-ab
   Added Files:
           pkgsrc/textproc/libxml2/patches: patch-am

   Log Message:
   build the library thread-aware, i.e. use <pthread.h> but do not
   link against libpthread. (It doesn't create threads, just uses
   locking.) This seems to be wanted by some applications, eg vlc
   issues a warning on startup (with no visible consequences afaict,
   but anyway).
   I hope this works for other OSes too. If not, we should probably
   add support for these cases to mk/pthread.bl3.mk.
   bump PKGREV

   To generate a diff of this commit:
   cvs rdiff -u -r1.112 -r1.113 pkgsrc/textproc/libxml2/Makefile
   cvs rdiff -u -r1.87 -r1.88 pkgsrc/textproc/libxml2/distinfo
   cvs rdiff -u -r1.23 -r1.24 pkgsrc/textproc/libxml2/patches/patch-aa
   cvs rdiff -u -r1.21 -r1.22 pkgsrc/textproc/libxml2/patches/patch-ab
   cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-am

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Fri Mar  9 12:12:28 UTC 2012

   Modified Files:
           pkgsrc/textproc/libxml2: Makefile distinfo
   Added Files:
           pkgsrc/textproc/libxml2/patches: patch-CVE-2012-0841-aa
           patch-CVE-2012-0841-ab patch-CVE-2012-0841-ac

   Log Message:
   Add patch from upstream to add hash randomization.
   Without that, (untrusted) input can fill hash buckets uneven, causing
   high CPU load. (CVE-2012-0841)
   To get a patch which is simple enough to get pulled up to the stable
   pkgsrc branch, I've not touched "configure" but just assumed that
   the POSIX functions rand(), srand() and time() are present.
   bump PKGREV

   To generate a diff of this commit:
   cvs rdiff -u -r1.113 -r1.114 pkgsrc/textproc/libxml2/Makefile
   cvs rdiff -u -r1.88 -r1.89 pkgsrc/textproc/libxml2/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-aa \
       pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ab \
       pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ac
Files:
RevisionActionfile
1.110.2.3modifypkgsrc/textproc/libxml2/Makefile
1.84.2.3modifypkgsrc/textproc/libxml2/distinfo
1.23.30.1modifypkgsrc/textproc/libxml2/patches/patch-aa
1.21.10.1modifypkgsrc/textproc/libxml2/patches/patch-ab
1.1.2.2addpkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-aa
1.1.2.2addpkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ab
1.1.2.2addpkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ac
1.1.2.2addpkgsrc/textproc/libxml2/patches/patch-am