---
- branch: MAIN
  date: Fri Mar  9 12:12:28 UTC 2012
  files:
  - new: '1.114'
    old: '1.113'
    path: pkgsrc/textproc/libxml2/Makefile
    pathrev: pkgsrc/textproc/libxml2/Makefile@1.114
    type: modified
  - new: '1.89'
    old: '1.88'
    path: pkgsrc/textproc/libxml2/distinfo
    pathrev: pkgsrc/textproc/libxml2/distinfo@1.89
    type: modified
  - new: '1.1'
    old: '0'
    path: pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-aa
    pathrev: pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-aa@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ab
    pathrev: pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ab@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ac
    pathrev: pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ac@1.1
    type: added
  id: 20120309T121228Z.7f5dfa3c2d0a953c0d01b184b4d38f8e107d2924
  log: |
    Add patch from upstream to add hash randomization.
    Without that, (untrusted) input can fill hash buckets uneven, causing
    high CPU load. (CVE-2012-0841)
    To get a patch which is simple enough to get pulled up to the stable
    pkgsrc branch, I've not touched "configure" but just assumed that
    the POSIX functions rand(), srand() and time() are present.
    bump PKGREV
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/textproc/libxml2'
  unixtime: '1331295148'
  user: drochner