diff options
| author | spz <spz@pkgsrc.org> | 2016-05-25 19:07:28 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2016-05-25 19:07:28 +0000 |
| commit | 2ce6f17716208a478ed5178011175d45331f5cbb (patch) | |
| tree | 6b835b19b2c6b13dcf947a64d30937b7c4285868 /doc | |
| parent | 87a5ee051f7227be87e99bcee150c05cfa17bd7c (diff) | |
| download | pkgsrc-2ce6f17716208a478ed5178011175d45331f5cbb.tar.gz | |
Pullup ticket #5028 - requested by he
textproc/libxml2: security update
Revisions pulled up:
- textproc/libxml2/Makefile 1.141
- textproc/libxml2/distinfo 1.110-1.112
- textproc/libxml2/patches/patch-aa 1.29
- textproc/libxml2/patches/patch-ab 1.29-1.30
- textproc/libxml2/patches/patch-ac 1.9
- textproc/libxml2/patches/patch-ad 1.19
- textproc/libxml2/patches/patch-ae 1.15
- textproc/libxml2/patches/patch-ag deleted
- textproc/libxml2/patches/patch-encoding.c added at 1.2
- textproc/libxml2/patches/patch-runtest.c added at 1.2
- textproc/libxml2/patches/patch-testlimits.c added at 1.2
- textproc/libxml2/patches/patch-timsort.h added at 1.2
- textproc/libxml2/patches/patch-xmlIO.c added at 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Tue May 24 12:00:08 UTC 2016
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
pkgsrc/textproc/libxml2/patches: patch-aa patch-ab patch-ac patch-ad
patch-ae
Added Files:
pkgsrc/textproc/libxml2/patches: patch-encoding.c patch-runtest.c
patch-testlimits.c patch-timsort.h patch-xmlIO.c
Removed Files:
pkgsrc/textproc/libxml2/patches: patch-ag
Log Message:
Update libxml2 to 2.9.4.
Pkgsrc changes:
* Add some casts to match types and format strings, plus
fix value range of toupper() operation.
* Merge patch-ag into the new patch-encoding.c.
* Add comments to existing patches which lacked comments.
Upstream changes to libxml2-2.9.4: May 23 2016
Security:
CVE-2016-3627 Avoid building recursive entities
CVE-2016-1833 Heap-based buffer overread in htmlCurrentChar
CVE-2016-1835 Heap use-after-free in xmlSAX2AttributeNs
CVE-2016-1837 Heap use-after-free in htmlParsePubidLiteral
and htmlParseSystemiteral
CVE-2016-1836 Bug 759398: Heap use-after-free in xmlDictComputeFastKey
CVE-2016-1839 Bug 758605: Heap-based buffer overread in xmlDictAddString
CVE-2016-1838 Bug 758588: Heap-based buffer overread in
xmlParserPrintFileContextInternal
CVE-2016-1840 Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup
CVE-2016-4483 Avoid an out of bound access when serializing
malformed strings
CVE-2016-1834 Bug 763071: heap-buffer-overflow in xmlStrncat
CVE-2016-3705 Add missing increments of recursion depth counter to
XML parser.
CVE-2016-1762 Heap-based buffer overread in xmlNextChar
More format string warnings with possible format string vulnerability
Heap-based buffer-underreads due to xmlParseName
Fix some format string warnings with possible format string vulnerability
Unsigned addition may overflow in xmlMallocAtomicLoc()
Other bugfixes:
Detect change of encoding when parsing HTML names
Fix inappropriate fetch of entities content
Correct the usage of LDFLAGS
Revert the use of SAVE_LDFLAGS in configure.ac
libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles
Add more debugging info to runtest
Implement "runtest -u" mode
Integer signed/unsigned type mismatch in xmlParserInputGrow()
Integer overflow parsing port number in URI
Fix apibuild for a recently added constructv2.9.4-rc2
Use pkg-config to locate zlib when possible
Use pkg-config to locate ICU when possible
Fix an error with regexp on nullable counted char transition
Fix memory leak with XPath namespace nodes
Fix namespace axis traversal
Add a make rule to rebuild for ASAN
Fix null pointer deref in docs with no root element
Portability to non C99 compliant compilers
dict.h: Move xmlDictPtr definition before includes to allow direct
inclusion.
Fix XSD validation of URIs with ampersands
xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean
"end of day" and should not cause an error. v2.9.4-rc1
os400: tell about xmllint and xmlcatalog in README400.
os400: properly process SGML add in XMLCATALOG command.
os400: implement CL command XMLCATALOG.
os400: compile and install program xmlcatalog (qshell-only).
xmlcatalog: flush stdout before interactive shell input.
os400: expand tabs in sources, strip trailing blanks.
os400: implement CL command XMLLINT.
os400: compile and install program xmllint (qshell-only).
os400: initscript make_module(): Use options instead of
positional parameters.
xmllint: flush stdout before interactive shell input.
os400: c14n.rpgle: allow *omit for nullable reference parameters.
os400: use like() for double type.
os400: use like() for int type.
os400: use like() for unsigned int type.
os400: use like() for enum types.
Add xz to xml2-config --libs output
Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression
Fix namespace::node() XPath expression
Fix OOB write in xmlXPathEmptyNodeSet
Fix parsing of NCNames in XPath
Fix OOB read with invalid UTF-8 in xmlUTF8Strsize
Do normalize string-based datatype value in RelaxNG facet checking
Fix typo: s{ ec -> cr }cipt
Fix typos: dictio{ nn -> n }ar{y,ies}
Fix typos: PATH_{ SEAPARATOR -> SEPARATOR }
Correct a typo.
Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix
for "xmlSaveUri() incorrectly recomposes URIs with rootless paths"
Bug 760861: REGRESSION (bf9c1dad): Missing results for
test/schemas/regexp-char-ref_[01].xsd
error.c: *input->cur == 0 does not mean no error
Add missing RNG test files
Bug 760190: configure.ac should be able to build --with-icu without
icu-config tool
Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus
UTF-8 encoding error when multi-byte character in large CDATA
section is split across buffer
Bug 758572: ASAN crash in make check
Bug 721158: Missing ICU string when doing --version on xmllint
python 3: libxml2.c wrappers create Unicode str already
win32\VC10\config.h and VS 2015
Add autogen.sh to distrib
Add configure maintainer mode
To generate a diff of this commit:
cvs rdiff -u -r1.140 -r1.141 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.109 -r1.110 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r1.28 -r1.29 pkgsrc/textproc/libxml2/patches/patch-aa \
pkgsrc/textproc/libxml2/patches/patch-ab
cvs rdiff -u -r1.8 -r1.9 pkgsrc/textproc/libxml2/patches/patch-ac
cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/libxml2/patches/patch-ad
cvs rdiff -u -r1.14 -r1.15 pkgsrc/textproc/libxml2/patches/patch-ae
cvs rdiff -u -r1.12 -r0 pkgsrc/textproc/libxml2/patches/patch-ag
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-encoding.c \
pkgsrc/textproc/libxml2/patches/patch-runtest.c \
pkgsrc/textproc/libxml2/patches/patch-testlimits.c \
pkgsrc/textproc/libxml2/patches/patch-timsort.h \
pkgsrc/textproc/libxml2/patches/patch-xmlIO.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue May 24 21:08:21 UTC 2016
Modified Files:
pkgsrc/textproc/libxml2: distinfo
pkgsrc/textproc/libxml2/patches: patch-encoding.c patch-runtest.c
patch-testlimits.c patch-timsort.h patch-xmlIO.c
Log Message:
Add upstream bug report URLs (from he@).
To generate a diff of this commit:
cvs rdiff -u -r1.110 -r1.111 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/libxml2/patches/patch-encoding.c \
pkgsrc/textproc/libxml2/patches/patch-runtest.c \
pkgsrc/textproc/libxml2/patches/patch-testlimits.c \
pkgsrc/textproc/libxml2/patches/patch-timsort.h \
pkgsrc/textproc/libxml2/patches/patch-xmlIO.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Wed May 25 07:16:36 UTC 2016
Modified Files:
pkgsrc/textproc/libxml2: distinfo
pkgsrc/textproc/libxml2/patches: patch-ab
Log Message:
Submit the typo part of configure upstream, note the bug-ID.
To generate a diff of this commit:
cvs rdiff -u -r1.111 -r1.112 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r1.29 -r1.30 pkgsrc/textproc/libxml2/patches/patch-ab
Diffstat (limited to 'doc')
0 files changed, 0 insertions, 0 deletions