Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id C36067A2AB for ; Wed, 25 May 2016 19:07:30 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 70A6185E5C; Wed, 25 May 2016 19:07:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id F3B8485E40 for ; Wed, 25 May 2016 19:07:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 0l-dYiZihK-p for ; Wed, 25 May 2016 19:07:29 +0000 (UTC) Received: from cvs.NetBSD.org (unknown [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 1EDD684CE7 for ; Wed, 25 May 2016 19:07:29 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 19E37FBBA; Wed, 25 May 2016 19:07:29 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Wed, 25 May 2016 19:07:29 +0000 From: "S.P.Zeidler" Subject: CVS commit: [pkgsrc-2016Q1] pkgsrc/textproc/libxml2 To: pkgsrc-changes@NetBSD.org Reply-To: spz@netbsd.org X-Mailer: log_accum Message-Id: <20160525190729.19E37FBBA@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: spz Date: Wed May 25 19:07:29 UTC 2016 Modified Files: pkgsrc/textproc/libxml2 [pkgsrc-2016Q1]: Makefile distinfo pkgsrc/textproc/libxml2/patches [pkgsrc-2016Q1]: patch-aa patch-ab patch-ac patch-ad patch-ae Added Files: pkgsrc/textproc/libxml2/patches [pkgsrc-2016Q1]: patch-encoding.c patch-runtest.c patch-testlimits.c patch-timsort.h patch-xmlIO.c Removed Files: pkgsrc/textproc/libxml2/patches [pkgsrc-2016Q1]: patch-ag Log Message: Pullup ticket #5028 - requested by he textproc/libxml2: security update Revisions pulled up: - textproc/libxml2/Makefile 1.141 - textproc/libxml2/distinfo 1.110-1.112 - textproc/libxml2/patches/patch-aa 1.29 - textproc/libxml2/patches/patch-ab 1.29-1.30 - textproc/libxml2/patches/patch-ac 1.9 - textproc/libxml2/patches/patch-ad 1.19 - textproc/libxml2/patches/patch-ae 1.15 - textproc/libxml2/patches/patch-ag deleted - textproc/libxml2/patches/patch-encoding.c added at 1.2 - textproc/libxml2/patches/patch-runtest.c added at 1.2 - textproc/libxml2/patches/patch-testlimits.c added at 1.2 - textproc/libxml2/patches/patch-timsort.h added at 1.2 - textproc/libxml2/patches/patch-xmlIO.c added at 1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: he Date: Tue May 24 12:00:08 UTC 2016 Modified Files: pkgsrc/textproc/libxml2: Makefile distinfo pkgsrc/textproc/libxml2/patches: patch-aa patch-ab patch-ac patch-ad patch-ae Added Files: pkgsrc/textproc/libxml2/patches: patch-encoding.c patch-runtest.c patch-testlimits.c patch-timsort.h patch-xmlIO.c Removed Files: pkgsrc/textproc/libxml2/patches: patch-ag Log Message: Update libxml2 to 2.9.4. Pkgsrc changes: * Add some casts to match types and format strings, plus fix value range of toupper() operation. * Merge patch-ag into the new patch-encoding.c. * Add comments to existing patches which lacked comments. Upstream changes to libxml2-2.9.4: May 23 2016 Security: CVE-2016-3627 Avoid building recursive entities CVE-2016-1833 Heap-based buffer overread in htmlCurrentChar CVE-2016-1835 Heap use-after-free in xmlSAX2AttributeNs CVE-2016-1837 Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral CVE-2016-1836 Bug 759398: Heap use-after-free in xmlDictComputeFastKey CVE-2016-1839 Bug 758605: Heap-based buffer overread in xmlDictAddString CVE-2016-1838 Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal CVE-2016-1840 Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup CVE-2016-4483 Avoid an out of bound access when serializing malformed strings CVE-2016-1834 Bug 763071: heap-buffer-overflow in xmlStrncat CVE-2016-3705 Add missing increments of recursion depth counter to XML parser. CVE-2016-1762 Heap-based buffer overread in xmlNextChar More format string warnings with possible format string vulnerability Heap-based buffer-underreads due to xmlParseName Fix some format string warnings with possible format string vulnerability Unsigned addition may overflow in xmlMallocAtomicLoc() Other bugfixes: Detect change of encoding when parsing HTML names Fix inappropriate fetch of entities content Correct the usage of LDFLAGS Revert the use of SAVE_LDFLAGS in configure.ac libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles Add more debugging info to runtest Implement "runtest -u" mode Integer signed/unsigned type mismatch in xmlParserInputGrow() Integer overflow parsing port number in URI Fix apibuild for a recently added constructv2.9.4-rc2 Use pkg-config to locate zlib when possible Use pkg-config to locate ICU when possible Fix an error with regexp on nullable counted char transition Fix memory leak with XPath namespace nodes Fix namespace axis traversal Add a make rule to rebuild for ASAN Fix null pointer deref in docs with no root element Portability to non C99 compliant compilers dict.h: Move xmlDictPtr definition before includes to allow direct inclusion. Fix XSD validation of URIs with ampersands xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of day" and should not cause an error. v2.9.4-rc1 os400: tell about xmllint and xmlcatalog in README400. os400: properly process SGML add in XMLCATALOG command. os400: implement CL command XMLCATALOG. os400: compile and install program xmlcatalog (qshell-only). xmlcatalog: flush stdout before interactive shell input. os400: expand tabs in sources, strip trailing blanks. os400: implement CL command XMLLINT. os400: compile and install program xmllint (qshell-only). os400: initscript make_module(): Use options instead of positional parameters. xmllint: flush stdout before interactive shell input. os400: c14n.rpgle: allow *omit for nullable reference parameters. os400: use like() for double type. os400: use like() for int type. os400: use like() for unsigned int type. os400: use like() for enum types. Add xz to xml2-config --libs output Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression Fix namespace::node() XPath expression Fix OOB write in xmlXPathEmptyNodeSet Fix parsing of NCNames in XPath Fix OOB read with invalid UTF-8 in xmlUTF8Strsize Do normalize string-based datatype value in RelaxNG facet checking Fix typo: s{ ec -> cr }cipt Fix typos: dictio{ nn -> n }ar{y,ies} Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } Correct a typo. Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix for "xmlSaveUri() incorrectly recomposes URIs with rootless paths" Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd error.c: *input->cur == 0 does not mean no error Add missing RNG test files Bug 760190: configure.ac should be able to build --with-icu without icu-config tool Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer Bug 758572: ASAN crash in make check Bug 721158: Missing ICU string when doing --version on xmllint python 3: libxml2.c wrappers create Unicode str already win32\VC10\config.h and VS 2015 Add autogen.sh to distrib Add configure maintainer mode To generate a diff of this commit: cvs rdiff -u -r1.140 -r1.141 pkgsrc/textproc/libxml2/Makefile cvs rdiff -u -r1.109 -r1.110 pkgsrc/textproc/libxml2/distinfo cvs rdiff -u -r1.28 -r1.29 pkgsrc/textproc/libxml2/patches/patch-aa \ pkgsrc/textproc/libxml2/patches/patch-ab cvs rdiff -u -r1.8 -r1.9 pkgsrc/textproc/libxml2/patches/patch-ac cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/libxml2/patches/patch-ad cvs rdiff -u -r1.14 -r1.15 pkgsrc/textproc/libxml2/patches/patch-ae cvs rdiff -u -r1.12 -r0 pkgsrc/textproc/libxml2/patches/patch-ag cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-encoding.c \ pkgsrc/textproc/libxml2/patches/patch-runtest.c \ pkgsrc/textproc/libxml2/patches/patch-testlimits.c \ pkgsrc/textproc/libxml2/patches/patch-timsort.h \ pkgsrc/textproc/libxml2/patches/patch-xmlIO.c ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Tue May 24 21:08:21 UTC 2016 Modified Files: pkgsrc/textproc/libxml2: distinfo pkgsrc/textproc/libxml2/patches: patch-encoding.c patch-runtest.c patch-testlimits.c patch-timsort.h patch-xmlIO.c Log Message: Add upstream bug report URLs (from he@). To generate a diff of this commit: cvs rdiff -u -r1.110 -r1.111 pkgsrc/textproc/libxml2/distinfo cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/libxml2/patches/patch-encoding.c \ pkgsrc/textproc/libxml2/patches/patch-runtest.c \ pkgsrc/textproc/libxml2/patches/patch-testlimits.c \ pkgsrc/textproc/libxml2/patches/patch-timsort.h \ pkgsrc/textproc/libxml2/patches/patch-xmlIO.c ------------------------------------------------------------------- Module Name: pkgsrc Committed By: he Date: Wed May 25 07:16:36 UTC 2016 Modified Files: pkgsrc/textproc/libxml2: distinfo pkgsrc/textproc/libxml2/patches: patch-ab Log Message: Submit the typo part of configure upstream, note the bug-ID. To generate a diff of this commit: cvs rdiff -u -r1.111 -r1.112 pkgsrc/textproc/libxml2/distinfo cvs rdiff -u -r1.29 -r1.30 pkgsrc/textproc/libxml2/patches/patch-ab To generate a diff of this commit: cvs rdiff -u -r1.140 -r1.140.2.1 pkgsrc/textproc/libxml2/Makefile cvs rdiff -u -r1.109 -r1.109.4.1 pkgsrc/textproc/libxml2/distinfo cvs rdiff -u -r1.28 -r1.28.8.1 pkgsrc/textproc/libxml2/patches/patch-aa \ pkgsrc/textproc/libxml2/patches/patch-ab cvs rdiff -u -r1.8 -r1.8.8.1 pkgsrc/textproc/libxml2/patches/patch-ac cvs rdiff -u -r1.18 -r1.18.8.1 pkgsrc/textproc/libxml2/patches/patch-ad cvs rdiff -u -r1.14 -r1.14.8.1 pkgsrc/textproc/libxml2/patches/patch-ae cvs rdiff -u -r1.12 -r0 pkgsrc/textproc/libxml2/patches/patch-ag cvs rdiff -u -r0 -r1.2.2.2 pkgsrc/textproc/libxml2/patches/patch-encoding.c \ pkgsrc/textproc/libxml2/patches/patch-runtest.c \ pkgsrc/textproc/libxml2/patches/patch-testlimits.c \ pkgsrc/textproc/libxml2/patches/patch-timsort.h \ pkgsrc/textproc/libxml2/patches/patch-xmlIO.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.