- Avoid double-free if malloc fails in inputPush
- Fix memory leak in xmlLoadEntityContent error path
- Fix integer overflow in xmlBufferDump()
- Fix use-after-free bugs when calling xmlTextReaderClose() before
xmlFreeTextReader() on post-validating parser
Prodded by tj@, thanks
if a port needs 2.x then set MODPY_VERSION=${MODPY_DEFAULT_VERSION_2}.
This commit doesn't change any versions currently used; it may be that
some ports have MODPY_DEFAULT_VERSION_2 but don't require it, those
should be cleaned up in the course of updating ports where possible.
Python module ports providing py3-* packages should still use
FLAVOR=python3 so that we don't have a mixture of dependencies some
using ${MODPY_FLAVOR} and others not.
to public interfaces of the library get resolved directly, rather than go
through the plt, when libxml is build as a shared library.
This is similar to what is done in libc and a few other libraries.
This logic is made conditional and currently only enabled under linux when
building with a compiler advertizing itself as gcc >= 3.3..
By enabling it on OpenBSD, the number of relocations in libxml2.so.16.1 (as
computed from objdump -R /usr/local/lib/libxml2.so.16.1 | wc -l) decreases from
4350 (4357 lines of output) to 3484 (3491 lines of output).
from Miod, thanks++
survived a bulk
runtime tested with a full blown GNOME Desktop, Libreoffice, Chromium...
ok jasper@
it unbreak py-lxml testsuite (specially test_thread_error_log).
the --without-threads was used long time ago before we got rthreads. it should be fine now.
I checked that the distfiles still fetched from their alternative
source.
There still remains two issues with converters/xlhtml (no other source
for the oooooold version we have in tree) and the gentoo patch in
x11/qt3.
CVE-2015-8242 Buffer overead with HTML parser in push mode
CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
CVE-2015-7499-2 Detect incoherency on GROW
CVE-2015-7499-1 Add xmlHaltParser() to stop the parser
CVE-2015-5312 Another entity expansion issue
CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
CVE-2015-7498 Avoid processing entities after encoding conversion failures
CVE-2015-8035 Fix XZ compression support loop
CVE-2015-7942-2 Fix an error in previous Conditional section patch
CVE-2015-7942 Another variation of overflow in Conditional sections
CVE-2015-1819 Enforce the reader to run in constant memory
CVE-2015-7941_2 Cleanup conditional section error handling
CVE-2015-7941_1 Stop parsing on entities boundaries errors
Note that there's a new libxml release out, but it's in a bulk currently...
