Subject: CVS commit: [pkgsrc-2016Q1] pkgsrc/textproc/libxml2
From: S.P.Zeidler
Date: 2016-05-25 21:07:29
Message id: 20160525190729.19E37FBBA@cvs.NetBSD.org

Log Message:
Pullup ticket #5028 - requested by he
textproc/libxml2: security update

Revisions pulled up:
- textproc/libxml2/Makefile                                     1.141
- textproc/libxml2/distinfo                                     1.110-1.112
- textproc/libxml2/patches/patch-aa                             1.29
- textproc/libxml2/patches/patch-ab                             1.29-1.30
- textproc/libxml2/patches/patch-ac                             1.9
- textproc/libxml2/patches/patch-ad                             1.19
- textproc/libxml2/patches/patch-ae                             1.15
- textproc/libxml2/patches/patch-ag                             deleted
- textproc/libxml2/patches/patch-encoding.c                     added at 1.2
- textproc/libxml2/patches/patch-runtest.c                      added at 1.2
- textproc/libxml2/patches/patch-testlimits.c                   added at 1.2
- textproc/libxml2/patches/patch-timsort.h                      added at 1.2
- textproc/libxml2/patches/patch-xmlIO.c                        added at 1.2

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	he
   Date:		Tue May 24 12:00:08 UTC 2016

   Modified Files:
   	pkgsrc/textproc/libxml2: Makefile distinfo
   	pkgsrc/textproc/libxml2/patches: patch-aa patch-ab patch-ac patch-ad
   	    patch-ae
   Added Files:
   	pkgsrc/textproc/libxml2/patches: patch-encoding.c patch-runtest.c
   	    patch-testlimits.c patch-timsort.h patch-xmlIO.c
   Removed Files:
   	pkgsrc/textproc/libxml2/patches: patch-ag

   Log Message:
   Update libxml2 to 2.9.4.

   Pkgsrc changes:
    * Add some casts to match types and format strings, plus
      fix value range of toupper() operation.
    * Merge patch-ag into the new patch-encoding.c.
    * Add comments to existing patches which lacked comments.

   Upstream changes to libxml2-2.9.4: May 23 2016

   Security:

      CVE-2016-3627 Avoid building recursive entities
      CVE-2016-1833 Heap-based buffer overread in htmlCurrentChar
      CVE-2016-1835 Heap use-after-free in xmlSAX2AttributeNs
      CVE-2016-1837 Heap use-after-free in htmlParsePubidLiteral
      	      	 and htmlParseSystemiteral
      CVE-2016-1836 Bug 759398: Heap use-after-free in xmlDictComputeFastKey
      CVE-2016-1839 Bug 758605: Heap-based buffer overread in xmlDictAddString
      CVE-2016-1838 Bug 758588: Heap-based buffer overread in
   	      	 xmlParserPrintFileContextInternal
      CVE-2016-1840 Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup
      CVE-2016-4483 Avoid an out of bound access when serializing
      		 malformed strings
      CVE-2016-1834 Bug 763071: heap-buffer-overflow in xmlStrncat
      CVE-2016-3705 Add missing increments of recursion depth counter to
      		 XML parser.
      CVE-2016-1762 Heap-based buffer overread in xmlNextChar

      More format string warnings with possible format string vulnerability
      Heap-based buffer-underreads due to xmlParseName
      Fix some format string warnings with possible format string vulnerability
      Unsigned addition may overflow in xmlMallocAtomicLoc()

   Other bugfixes:

      Detect change of encoding when parsing HTML names
      Fix inappropriate fetch of entities content
      Correct the usage of LDFLAGS
      Revert the use of SAVE_LDFLAGS in configure.ac
      libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles
      Add more debugging info to runtest
      Implement "runtest -u" mode
      Integer signed/unsigned type mismatch in xmlParserInputGrow()
      Integer overflow parsing port number in URI
      Fix apibuild for a recently added constructv2.9.4-rc2
      Use pkg-config to locate zlib when possible
      Use pkg-config to locate ICU when possible
      Fix an error with regexp on nullable counted char transition
      Fix memory leak with XPath namespace nodes
      Fix namespace axis traversal
      Add a make rule to rebuild for ASAN
      Fix null pointer deref in docs with no root element
      Portability to non C99 compliant compilers
      dict.h: Move xmlDictPtr definition before includes to allow direct
        inclusion.
      Fix XSD validation of URIs with ampersands
      xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean
        "end of day" and should not cause an error. v2.9.4-rc1
      os400: tell about xmllint and xmlcatalog in README400.
      os400: properly process SGML add in XMLCATALOG command.
      os400: implement CL command XMLCATALOG.
      os400: compile and install program xmlcatalog (qshell-only).
      xmlcatalog: flush stdout before interactive shell input.
      os400: expand tabs in sources, strip trailing blanks.
      os400: implement CL command XMLLINT.
      os400: compile and install program xmllint (qshell-only).
      os400: initscript make_module(): Use options instead of
        positional parameters.
      xmllint: flush stdout before interactive shell input.
      os400: c14n.rpgle: allow *omit for nullable reference parameters.
      os400: use like() for double type.
      os400: use like() for int type.
      os400: use like() for unsigned int type.
      os400: use like() for enum types.
      Add xz to xml2-config --libs output
      Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression
      Fix namespace::node() XPath expression
      Fix OOB write in xmlXPathEmptyNodeSet
      Fix parsing of NCNames in XPath
      Fix OOB read with invalid UTF-8 in xmlUTF8Strsize
      Do normalize string-based datatype value in RelaxNG facet checking
      Fix typo: s{ ec -> cr }cipt
      Fix typos: dictio{ nn -> n }ar{y,ies}
      Fix typos: PATH_{ SEAPARATOR -> SEPARATOR }
      Correct a typo.
      Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix
        for "xmlSaveUri() incorrectly recomposes URIs with rootless paths"
      Bug 760861: REGRESSION (bf9c1dad): Missing results for
        test/schemas/regexp-char-ref_[01].xsd
      error.c: *input->cur == 0 does not mean no error
      Add missing RNG test files
      Bug 760190: configure.ac should be able to build --with-icu without
        icu-config tool
      Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus
        UTF-8 encoding error when multi-byte character in large CDATA
        section is split across buffer
      Bug 758572: ASAN crash in make check
      Bug 721158: Missing ICU string when doing --version on xmllint
      python 3: libxml2.c wrappers create Unicode str already
      win32\VC10\config.h and VS 2015
      Add autogen.sh to distrib
      Add configure maintainer mode

   To generate a diff of this commit:
   cvs rdiff -u -r1.140 -r1.141 pkgsrc/textproc/libxml2/Makefile
   cvs rdiff -u -r1.109 -r1.110 pkgsrc/textproc/libxml2/distinfo
   cvs rdiff -u -r1.28 -r1.29 pkgsrc/textproc/libxml2/patches/patch-aa \
       pkgsrc/textproc/libxml2/patches/patch-ab
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/textproc/libxml2/patches/patch-ac
   cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/libxml2/patches/patch-ad
   cvs rdiff -u -r1.14 -r1.15 pkgsrc/textproc/libxml2/patches/patch-ae
   cvs rdiff -u -r1.12 -r0 pkgsrc/textproc/libxml2/patches/patch-ag
   cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-encoding.c \
       pkgsrc/textproc/libxml2/patches/patch-runtest.c \
       pkgsrc/textproc/libxml2/patches/patch-testlimits.c \
       pkgsrc/textproc/libxml2/patches/patch-timsort.h \
       pkgsrc/textproc/libxml2/patches/patch-xmlIO.c

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Tue May 24 21:08:21 UTC 2016

   Modified Files:
   	pkgsrc/textproc/libxml2: distinfo
   	pkgsrc/textproc/libxml2/patches: patch-encoding.c patch-runtest.c
   	    patch-testlimits.c patch-timsort.h patch-xmlIO.c

   Log Message:
   Add upstream bug report URLs (from he@).

   To generate a diff of this commit:
   cvs rdiff -u -r1.110 -r1.111 pkgsrc/textproc/libxml2/distinfo
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/libxml2/patches/patch-encoding.c \
       pkgsrc/textproc/libxml2/patches/patch-runtest.c \
       pkgsrc/textproc/libxml2/patches/patch-testlimits.c \
       pkgsrc/textproc/libxml2/patches/patch-timsort.h \
       pkgsrc/textproc/libxml2/patches/patch-xmlIO.c

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	he
   Date:		Wed May 25 07:16:36 UTC 2016

   Modified Files:
   	pkgsrc/textproc/libxml2: distinfo
   	pkgsrc/textproc/libxml2/patches: patch-ab

   Log Message:
   Submit the typo part of configure upstream, note the bug-ID.

   To generate a diff of this commit:
   cvs rdiff -u -r1.111 -r1.112 pkgsrc/textproc/libxml2/distinfo
   cvs rdiff -u -r1.29 -r1.30 pkgsrc/textproc/libxml2/patches/patch-ab

Files:
RevisionActionfile
1.140.2.1modifypkgsrc/textproc/libxml2/Makefile
1.109.4.1modifypkgsrc/textproc/libxml2/distinfo
1.28.8.1modifypkgsrc/textproc/libxml2/patches/patch-aa
1.28.8.1modifypkgsrc/textproc/libxml2/patches/patch-ab
1.8.8.1modifypkgsrc/textproc/libxml2/patches/patch-ac
1.18.8.1modifypkgsrc/textproc/libxml2/patches/patch-ad
1.14.8.1modifypkgsrc/textproc/libxml2/patches/patch-ae
1.2.2.2addpkgsrc/textproc/libxml2/patches/patch-encoding.c
1.2.2.2addpkgsrc/textproc/libxml2/patches/patch-runtest.c
1.2.2.2addpkgsrc/textproc/libxml2/patches/patch-testlimits.c
1.2.2.2addpkgsrc/textproc/libxml2/patches/patch-timsort.h
1.2.2.2addpkgsrc/textproc/libxml2/patches/patch-xmlIO.c
1.12removepkgsrc/textproc/libxml2/patches/patch-ag