cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
130,889 Commits 1 Branch 0 Tags
Commit Graph

196 Commits

Author SHA1 Message Date
landry
176eab4f30 Remove gd.tuwien.ac.at from MASTER_SITES, seems it doesnt exist anymore. 
I checked that the distfiles still fetched from their alternative
source.
There still remains two issues with converters/xlhtml (no other source
for the oooooold version we have in tree) and the gentoo patch in
x11/qt3.
 2018-06-30 11:41:36 +00:00
espie
5d03220e45 tag libxml2/rebuild 2018-06-29 09:58:56 +00:00
jasper
89cf8c171b - update to libxml2-2.9.8 
tested in a bulk by and ok aja@
 2018-03-14 08:20:49 +00:00
steven
74a10782d6 update to 2.9.7 
ok jca@  test in bulk build by naddy@
 2017-11-08 06:51:35 +00:00
jasper
2c46888b09 update to libxml-2.9.5 
tested in a bulk by, and ok aja@
 2017-09-14 14:56:41 +00:00
bluhm
b8d001b4f6 Fix libxml2 CVE-2017-7375, CVE-2017-7376, CVE-2017-9663. 
From Matthias Pitzl; OK danj@
 2017-07-14 18:12:05 +00:00
pirofti
2d18623b49 Security update for textproc/libxml 
Patches for CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050.
From Matthias Pitzl, thanks!

OK ajacoutot
 2017-06-03 09:40:42 +00:00
bluhm
eb2cd0dc44 Apply patches for CVE-2016-4658 and CVE-2016-5131 to libxml 2.9.4. 
From Simon Mages; OK ajacoutot@
 2016-12-30 15:54:57 +00:00
jasper
176fa3912d - update to libxml-2.9.4 
tested in a bulk by aja@
 2016-09-01 21:56:59 +00:00
naddy
304c41a904 remove forgotten MODICONV_ variable 2016-04-26 21:33:41 +00:00
naddy
63efdb14e9 replace libiconv module with library dependency 2016-04-06 19:37:24 +00:00
naddy
27fdde5b69 get rid of NO_SHARED_ARCHS and PFRAG.shared 2016-03-12 17:22:07 +00:00
naddy
ce859edcb4 garbage collect CONFIGURE_SHARED 2016-03-11 20:28:21 +00:00
ajacoutot
ed5ace9f8f Update to libxml-2.9.3. 2015-11-22 08:06:36 +00:00
ajacoutot
881d837dc5 SECURITY: merge all recent CVEs from upstream 
CVE-2015-8242 Buffer overead with HTML parser in push mode
CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
CVE-2015-7499-2 Detect incoherency on GROW
CVE-2015-7499-1 Add xmlHaltParser() to stop the parser
CVE-2015-5312 Another entity expansion issue
CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
CVE-2015-7498 Avoid processing entities after encoding conversion failures
CVE-2015-8035 Fix XZ compression support loop
CVE-2015-7942-2 Fix an error in previous Conditional section patch
CVE-2015-7942 Another variation of overflow in Conditional sections
CVE-2015-1819 Enforce the reader to run in constant memory
CVE-2015-7941_2 Cleanup conditional section error handling
CVE-2015-7941_1 Stop parsing on entities boundaries errors

Note that there's a new libxml release out, but it's in a bulk currently...
 2015-11-21 08:46:43 +00:00
jasper
2e2e561184 fix patch 2015-11-05 14:29:33 +00:00
jasper
3e3cdd7025 Security fix for CVE-2015-8035 and improve the fix for CVE-2015-7941 (from upstream) 2015-11-05 14:24:12 +00:00
jasper
3222b75e3d Security fixes for CVE-2015-7941 and CVE-2015-7942 2015-10-23 14:21:16 +00:00
ajacoutot
f81136b744 SECURITY fix for CVE-2015-1819: 
- Enforce the reader to run in constant memory

reminded by kwm@FreeBSD.org
ok jasper@
 2015-07-01 11:26:55 +00:00
jasper
52074a0570 backport fix from upstream to unbreak the xmlcatalog command 
ptd out by aja@
 2014-10-18 08:56:21 +00:00
jasper
0fe2061d14 - update to libxml 2.9.2 
* mostly bugfixes and two security fixes (booth were applied already)

ok aja@
 2014-10-17 13:24:59 +00:00
jasper
642160a28a security fix for CVE-2014-3660, more billion laugh entity expansion fixes 2014-10-16 17:53:25 +00:00
sthen
f9b16f1900 In libxml, use arc4random instead of rand_r for hash bucket randomization. 
Avoids triggering APIWARN for its many dependencies. ok/tweaks ajacoutot@ (on
earlier version), jca@
 2014-05-29 13:40:51 +00:00
jasper
6647870f6b Security fix for CVE-2014-0191 
external parameter entity loaded when entity substitution is disabled

pointed out by aja@
 2014-05-12 07:48:35 +00:00
jasper
4c2b741e35 use correct variable in FAKE_FLAGS, so we can drop a chunk from the patch 2014-03-09 19:54:45 +00:00
jasper
cb39815aaa - update libxml to 2.9.1 
tested in a bulk by landry@, thanks!
ok aja@
 2013-09-25 12:32:22 +00:00
miod
63fffecb3a No __builtin_clzll unless gcc >= 3.4; gives this a chance to build with gcc 3.3. 2013-08-19 16:00:10 +00:00
naddy
792c32ed74 remove some gcc2 workarounds 2013-08-07 16:49:36 +00:00
espie
3b83b6ddb6 give it a chance on gcc < 3... 2013-06-30 10:12:14 +00:00
sthen
f1ca092d73 Backport security fixes from libxml upstream: 
https://secunia.com/advisories/53061/
https://bugzilla.gnome.org/show_bug.cgi?id=690202

ok ajacoutot@
 2013-04-17 13:55:42 +00:00
sthen
6dd623e6b9 update to libxml 2.9.0, ok ajacoutot@ 2013-04-14 23:22:04 +00:00
ajacoutot
58f1a6f9f6 USE_LIBTOOL=Yes is the default now. 2013-03-21 08:45:11 +00:00
espie
eae66e4a7b PERMIT_* / REGRESS->TEST sweep 2013-03-11 11:35:43 +00:00
jasper
82fea34cab - update to libxml-2.8.0 
tested on amd64, sparc64, mips64el and powerpc.
ok aja@
 2012-09-30 12:22:05 +00:00
naddy
1663a22640 no need for groff 2012-08-05 00:16:50 +00:00
jasper
249155d82f Security fix for SA49177, 
Libxml2 "xmlXPtrEvalXPtrPart()" Off-By-One Vulnerability

Patch from upstream git

ok aja@
 2012-05-18 13:25:46 +00:00
sthen
56be85e0e1 missed REVISION bump; pointed out by pascal@, thanks! 2012-02-23 12:37:46 +00:00
sthen
273c75eb1b apply a fix for CVE-2012-0841 to libxml. ok ajacoutot@ 
"certain XML parsers/servers are affected by the same, or similar,
flaw as the hash table collisions CPU usage denial of service.
Sending a specially crafted message to an XML service can result
in longer processing time, which could lead to a denial of service.
It is reported that this attack on XML can be applied on different
XML nodes (such as entities, element attributes, namespaces, various
elements in the XML security, etc.)."
 2012-02-23 09:39:00 +00:00
ajacoutot
a2bd8e17dc Bring some patches from upstream repo to fix the following CVE: 
CVE-2011-0216 - Off-by-one error
CVE-2011-2821 - Double free vulnerability
CVE-2011-2834 - Double free vulnerability
CVE-2011-3905 - DOS (out-of-bounds read) via unspecified vectors
CVE-2011-3919 - Heap-based buffer overflow

ok sthen@
 2012-01-23 10:17:49 +00:00
jasper
dc77888463 Security fix for CVE-2011-2821 and CVE-2011-2834, 
Libxml2 Two XSLT Double Free Vulnerabilities

Patches from upstream.
 2011-10-30 12:35:16 +00:00
espie
82d351bc74 use bsd.port.arch.mk 2011-10-02 08:18:04 +00:00
espie
46d3548829 normalize pkgpath 2011-09-16 11:41:38 +00:00
jasper
e930168a83 - fix patch names, no binary change 
- add missing rcs ids
 2011-07-08 09:52:50 +00:00
jasper
3b3f7eec16 bump after default python version switch 2011-06-08 18:09:58 +00:00
sthen
d71dd2a4c3 add http MASTER_SITES, remove MASTER_SITE_GNOME as they only have 2.6 releases 2011-06-03 10:12:15 +00:00
gsoares
cba05c375f Security Fix for SA44711, Libxml2 XPath Nodeset Processing Vulnerability. 
OK sthen@, "Yep, please go ahead" jasper@
 2011-06-01 17:31:21 +00:00
jasper
0f0605e729 Security fix for CVE-2010-4494, 
Libxml2 XPath Double Free Vulnerability

Patch from upstream git.
 2010-12-28 10:53:02 +00:00
espie
733eeeedb6 I don't know if the removal of versioning was intentional, but this is 
definitely NOT the same library.
 2010-11-21 12:25:49 +00:00
espie
811d94d9d6 new depends 2010-11-20 19:56:47 +00:00
jasper
3744502856 - bugfix update of libxml to 2.7.8 
ok aja@, landry@ (who also tested it in a bulk, thanks)
 2010-11-15 09:54:11 +00:00