Navigation:
Browse pkgsrc
(this page)| 2012-03-12 19:06:50 by S.P.Zeidler | Files touched by this commit (8) |
Log message:
Pullup ticket #3701 - requested by drochner
textproc/libxml2: security fix and HEAD compatibility
Revisions pulled up:
- textproc/libxml2/Makefile 1.113-1.114
- textproc/libxml2/distinfo 1.88-1.89
- textproc/libxml2/patches/patch-CVE-2012-0841-aa 1.1
- textproc/libxml2/patches/patch-CVE-2012-0841-ab 1.1
- textproc/libxml2/patches/patch-CVE-2012-0841-ac 1.1
- textproc/libxml2/patches/patch-aa 1.24
- textproc/libxml2/patches/patch-ab 1.22
- textproc/libxml2/patches/patch-am 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Wed Feb 22 11:10:18 UTC 2012
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
pkgsrc/textproc/libxml2/patches: patch-aa patch-ab
Added Files:
pkgsrc/textproc/libxml2/patches: patch-am
Log message:
build the library thread-aware, i.e. use <pthread.h> but do not
link against libpthread. (It doesn't create threads, just uses
locking.) This seems to be wanted by some applications, eg vlc
issues a warning on startup (with no visible consequences afaict,
but anyway).
I hope this works for other OSes too. If not, we should probably
add support for these cases to mk/pthread.bl3.mk.
bump PKGREV
To generate a diff of this commit:
cvs rdiff -u -r1.112 -r1.113 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.87 -r1.88 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r1.23 -r1.24 pkgsrc/textproc/libxml2/patches/patch-aa
cvs rdiff -u -r1.21 -r1.22 pkgsrc/textproc/libxml2/patches/patch-ab
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-am
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Fri Mar 9 12:12:28 UTC 2012
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-CVE-2012-0841-aa
patch-CVE-2012-0841-ab patch-CVE-2012-0841-ac
Log message:
Add patch from upstream to add hash randomization.
Without that, (untrusted) input can fill hash buckets uneven, causing
high CPU load. (CVE-2012-0841)
To get a patch which is simple enough to get pulled up to the stable
pkgsrc branch, I've not touched "configure" but just assumed that
the POSIX functions rand(), srand() and time() are present.
bump PKGREV
To generate a diff of this commit:
cvs rdiff -u -r1.113 -r1.114 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.88 -r1.89 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-aa \
pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ab \
pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ac
|
| 2012-01-19 07:07:36 by Steven Drake | Files touched by this commit (3) |
Log message: Pullup ticket #3654 - requested by tron textproc/libxml2 security patch Revisions pulled up: - textproc/libxml2/Makefile 1.112 - textproc/libxml2/distinfo 1.86 - textproc/libxml2/patches/patch-al 1.3 --- Module Name: pkgsrc Committed By: drochner Date: Tue Jan 17 14:43:44 UTC 2012 Modified Files: pkgsrc/textproc/libxml2: Makefile distinfo pkgsrc/textproc/libxml2/patches: patch-al Log message: add patch from upstream to fix potential DOS problem (CVE-2011-3905) bump PKGREV |
| 2012-01-13 14:10:42 by Matthias Scheler | Files touched by this commit (3) |
Log message: Pullup ticket #3648 - requested by drochner textproc/libxml2: security patch Revisions pulled up: - textproc/libxml2/Makefile 1.111 - textproc/libxml2/distinfo 1.85 - textproc/libxml2/patches/patch-al 1.2 --- Module Name: pkgsrc Committed By: drochner Date: Thu Jan 12 11:25:10 UTC 2012 Modified Files: pkgsrc/textproc/libxml2: Makefile distinfo pkgsrc/textproc/libxml2/patches: patch-al Log message: add 2 patches from upstream: -fix buffer overflow on entity references with long name (CVE-2011-3919) -fix error handling on realloc() failure bump PKGREV |
New packages: