"A vulnerability was found in W3C Libwww, which potentially can be exploited
by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a boundary error in the
"HTBoundary_put_block()" function when processing multipart MIME data. This
may be exploited to cause an illegal memory access past the end of the input
buffer via specially crafted multipart MIME data.
Successful exploitation can potentially cause an application that uses Libwww
to crash."
http://secunia.com/advisories/17119/https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597
Bump PKGREVISION.
Patch from RedHat.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
by moving the inclusion of buildlink3.mk files outside of the protected
region. This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.
BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list. This ordering property is used to check for builtin
packages in the correct order. The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end. However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
if test -x /bin/true; then
else
so replace with:
if test -x /bin/true; then
:
else
From Roland Illig in a posting to "tech-pkg"
Also add missing openssl/buildlink2.mk to buildlink2.mk.
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
partially revert Makefile, v1.32, so platforms without openssl-0.9.6e
in base will be able to find libssl.so.300 and libcrypto.so.300 for
binaries linked against libwwwwwl.so. Bump pkgrevision to reflect the
change in dependencies on platforms without openssl-0.9.6e in base.
1) Linking a shared library against a static "socks{4,5}" library
does not have the desired effect of eliminating the dependency on
"socks" (not as it does for binaries).
2) No package linked against "libwww" seems to actually utilize
"socks".
Also bump the PKGREVISION and buildlink DEPENDS to the current level,
and liberalize the (formal) dependency on "openssl", for the benefit
of pre-NetBSD-1.5 systems. From now on, we can have no more issues
with "openssl" or "socks{4,5}" versions, as only the libwwwssl.*
shared libraries carry a run-time dependency on "openssl", but no
package links against them, and no "libwww" shared libraries can carry
a run-time dependency on any "socks" libraries. [Previous versions, of
course, may have had issues -- see PR 17010, which this is a partial
fix for.]
