kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/textproc/expat
History
drochner 97cbf062bc add patches from upstream to fix possible crashes and memory corruption 
on malformed input (CVE-2016-0718)
Description: The Expat XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overflows during processing and error
reporting. The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. The bugs allow for a denial of service
attack in many applications by an unauthenticated attacker, and could
conceivably result in remote code execution.

bump PKGREV

also add an improvement to the fix for CVE-2015-1283 which was part
of the 2.1.1 release -- don't rely on defined behaviour on overflows
of signed integer operations, from upstream git:
f0bec73b01/

pkgsrc change: add a hint how to run the pkg's selftest (not enabled
permanently because this would add a dependency on C++)
2016-05-17 19:15:01 +00:00
..
patches add patches from upstream to fix possible crashes and memory corruption 2016-05-17 19:15:01 +00:00
buildlink3.mk revert ABI/ABI bump for expat. 2016-03-18 09:36:26 +00:00
builtin.mk Improve STEP_MSG. 2015-02-04 23:44:34 +00:00
DESCR
distinfo add patches from upstream to fix possible crashes and memory corruption 2016-05-17 19:15:01 +00:00
Makefile add patches from upstream to fix possible crashes and memory corruption 2016-05-17 19:15:01 +00:00
PLIST Update to 2.1.1 2016-03-16 19:55:55 +00:00