Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) by www.NetBSD.org (Postfix) with ESMTP id 3CCF563B8C0 for ; Fri, 9 Mar 2012 12:12:24 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 7BDFB14A579; Fri, 9 Mar 2012 12:12:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B18B614A53C for ; Fri, 9 Mar 2012 12:12:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id jylSZiyG_o4V for ; Fri, 9 Mar 2012 12:12:28 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 332EE14A51D for ; Fri, 9 Mar 2012 12:12:28 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 5E2FE175DD; Fri, 9 Mar 2012 12:12:28 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Fri, 9 Mar 2012 12:12:28 +0000 From: "Matthias Drochner" Subject: CVS commit: pkgsrc/textproc/libxml2 To: pkgsrc-changes@NetBSD.org Reply-To: drochner@netbsd.org X-Mailer: log_accum Message-Id: <20120309121228.5E2FE175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: drochner Date: Fri Mar 9 12:12:28 UTC 2012 Modified Files: pkgsrc/textproc/libxml2: Makefile distinfo Added Files: pkgsrc/textproc/libxml2/patches: patch-CVE-2012-0841-aa patch-CVE-2012-0841-ab patch-CVE-2012-0841-ac Log Message: Add patch from upstream to add hash randomization. Without that, (untrusted) input can fill hash buckets uneven, causing high CPU load. (CVE-2012-0841) To get a patch which is simple enough to get pulled up to the stable pkgsrc branch, I've not touched "configure" but just assumed that the POSIX functions rand(), srand() and time() are present. bump PKGREV To generate a diff of this commit: cvs rdiff -u -r1.113 -r1.114 pkgsrc/textproc/libxml2/Makefile cvs rdiff -u -r1.88 -r1.89 pkgsrc/textproc/libxml2/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-aa \ pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ab \ pkgsrc/textproc/libxml2/patches/patch-CVE-2012-0841-ac Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.