--
This module provides the Perl API to the Sablotron XSLT engine
(textproc/sablotron). For more information about it, refer to the
XSLT standard at http://w3.org/TR/XSLT/
Fixed buffer overflow.
>SECURITY ADVISORY 13th February 2001
>----------------------------------------------------------------------
>Program: analog
>Versions: all versions except 4.16 and 4.90beta3
>Operating systems: all
>----------------------------------------------------------------------
>There is a buffer overflow bug in all versions of analog released
>prior to today. A malicious user could use an ALIAS command to
>construct very long strings which were not checked for length.
>
>This bug is particularly dangerous if the form interface (which allows
>unknown users to run the program via a CGI script) has been installed.
>
>This bug was discovered by the program author, and there is no known
>exploit. However, users are advised to upgrade to one of the two safe
>versions immediately, especially if they have installed the form
>interface. The URL is http://www.analog.cx/
>
>I apologise for the inconvenience.
> Stephen Turner
This port had no real name associated with the listed address. When
trying to reach this person, the mail bounces. It also appears from
the logs that this person hasn't been maintaining this.
* pull every dependency under the same rule, using specialized fragments.
* re-check after the dependency is expanded, unless earlyexit is true.
* explicitly recognize /nonexistent as a specific way to have always
triggered dependencies, use it to handle DEPENDS in a uniform way.
* parse dependencies fully. Note that we know have a pkg variable that will
be used.
Thanks to naddy@ for useful tweaks.
This is probably not quite perfect yet, stuff may break. Other stuff that
remain to be done:
- handle library dependencies better, so that lib.10 will match only
lib.10.x and not lib.100.
- handle default FLAVORS correctly. This involves not
passing FLAVOR='', but rearranging ${MAKE} ${_DEPEND_THRU} to remove
FLAVOR from the environment and from MAKEFLAGS (yucky).