head 1.9; access; symbols pkgsrc-2013Q2:1.9.0.4 pkgsrc-2013Q2-base:1.9 pkgsrc-2012Q4:1.9.0.2 pkgsrc-2012Q4-base:1.9 pkgsrc-2011Q4:1.8.0.18 pkgsrc-2011Q4-base:1.8 pkgsrc-2011Q3:1.8.0.16 pkgsrc-2011Q3-base:1.8 pkgsrc-2011Q2:1.8.0.14 pkgsrc-2011Q2-base:1.8 pkgsrc-2011Q1:1.8.0.12 pkgsrc-2011Q1-base:1.8 pkgsrc-2010Q4:1.8.0.10 pkgsrc-2010Q4-base:1.8 pkgsrc-2010Q3:1.8.0.8 pkgsrc-2010Q3-base:1.8 pkgsrc-2010Q2:1.8.0.6 pkgsrc-2010Q2-base:1.8 pkgsrc-2010Q1:1.8.0.4 pkgsrc-2010Q1-base:1.8 pkgsrc-2009Q4:1.8.0.2 pkgsrc-2009Q4-base:1.8 pkgsrc-2009Q3:1.7.0.4 pkgsrc-2009Q3-base:1.7 pkgsrc-2009Q2:1.7.0.2 pkgsrc-2008Q4:1.6.0.26 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.24 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.22 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.20 pkgsrc-2008Q2-base:1.6 pkgsrc-2008Q1:1.6.0.18 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.16 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.6.0.14 pkgsrc-2007Q3-base:1.6 pkgsrc-2007Q2:1.6.0.12 pkgsrc-2007Q2-base:1.6 pkgsrc-2007Q1:1.6.0.10 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.6.0.8 pkgsrc-2006Q4-base:1.6 pkgsrc-2006Q3:1.6.0.6 pkgsrc-2006Q3-base:1.6 pkgsrc-2006Q2:1.6.0.4 pkgsrc-2006Q2-base:1.6 pkgsrc-2006Q1:1.6.0.2 pkgsrc-2006Q1-base:1.6 pkgsrc-2005Q4:1.5.0.12 pkgsrc-2005Q4-base:1.5 pkgsrc-2005Q3:1.5.0.10 pkgsrc-2005Q3-base:1.5 pkgsrc-2005Q2:1.5.0.8 pkgsrc-2005Q2-base:1.5 pkgsrc-2005Q1:1.5.0.6 pkgsrc-2005Q1-base:1.5 pkgsrc-2004Q4:1.5.0.4 pkgsrc-2004Q4-base:1.5 pkgsrc-2004Q3:1.5.0.2 pkgsrc-2004Q3-base:1.5 pkgsrc-2004Q2:1.4.0.4 pkgsrc-2004Q2-base:1.4 pkgsrc-2004Q1:1.4.0.2 pkgsrc-2004Q1-base:1.4 pkgsrc-2003Q4:1.3.0.4 pkgsrc-2003Q4-base:1.3 netbsd-1-6-1:1.3.0.2 netbsd-1-6-1-base:1.3 netbsd-1-6:1.1.0.8 netbsd-1-6-RELEASE-base:1.1 pkgviews:1.1.0.4 pkgviews-base:1.1 buildlink2:1.1.0.2 buildlink2-base:1.2 netbsd-1-5-PATCH003:1.1; locks; strict; comment @# @; 1.9 date 2012.04.01.08.52.43; author obache; state dead; branches; next 1.8; 1.8 date 2009.11.08.08.34.32; author obache; state Exp; branches; next 1.7; 1.7 date 2009.09.10.09.59.21; author drochner; state Exp; branches 1.7.2.1; next 1.6; 1.6 date 2006.01.22.16.46.02; author wiz; state dead; branches; next 1.5; 1.5 date 2004.09.15.17.09.37; author jlam; state Exp; branches; next 1.4; 1.4 date 2004.03.02.18.13.58; author drochner; state dead; branches; next 1.3; 1.3 date 2003.02.05.03.57.14; author jlam; state Exp; branches; next 1.2; 1.2 date 2002.08.20.11.46.51; author drochner; state dead; branches; next 1.1; 1.1 date 2001.11.22.00.55.49; author abs; state Exp; branches 1.1.2.1; next ; 1.7.2.1 date 2009.09.10.09.59.21; author spz; state dead; branches; next 1.7.2.2; 1.7.2.2 date 2009.09.13.11.38.45; author spz; state Exp; branches; next ; 1.1.2.1 date 2002.08.22.11.12.38; author jlam; state dead; branches; next ; desc @@ 1.9 log @Update expat to 2.1.0, contains security fixes. Release 2.1.0 Sat March 24 2012 - Bug Fixes: #1742315: Harmful XML_ParserCreateNS suggestion. #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. #1983953, 2517952, 2517962, 2649838: Build modifications using autoreconf instead of buildconf.sh. #2815947, #2884086: OBJEXT and EXEEXT support while building. #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. #2517938: xmlwf should return non-zero exit status if not well-formed. #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. #2855609: Dangling positionPtr after error. #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). #2958794: CVE-2012-1148 - Memory leak in poolGrow. #2990652: CMake support. #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. #3206497: Unitialized memory returned from XML_Parse. #3287849: make check fails on mingw-w64. #3496608: CVE-2012-0876 - Hash DOS attack. - Patches: #1749198: pkg-config support. #3010222: Fix for bug #3010819. #3312568: CMake support. #3446384: Report byte offsets for attr names and values. - New Features / API changes: Added new API member XML_SetHashSalt() that allows setting an intial value (salt) for hash calculations. This is part of the fix for bug #3496608 to randomize hash parameters. When compiled with XML_ATTR_INFO defined, adds new API member XML_GetAttributeInfo() that allows retrieving the byte offsets for attribute names and values (patch #3446384). Added CMake build system. See bug #2990652 and patch #3312568. Added run-benchmark target to Makefile.in - relies on testdata module present in the same relative location as in the repository. @ text @$NetBSD: patch-aa,v 1.8 2009/11/08 08:34:32 obache Exp $ CVE-2009-3720 --- lib/xmltok_impl.c.orig 2009-09-10 11:37:45.000000000 +0200 +++ lib/xmltok_impl.c @@@@ -1744,7 +1744,7 @@@@ PREFIX(updatePosition)(const ENCODING *e const char *end, POSITION *pos) { - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ @ 1.8 log @Note that patch-aa is for CVE-2009-3720. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.7 2009/09/10 09:59:21 drochner Exp $ @ 1.7 log @fix SA36425: possible DoS due to an error when parsing certain UTF-8 sequences (patch from Python CVS) bump PKGREVISION @ text @d1 3 a3 1 $NetBSD$ @ 1.7.2.1 log @file patch-aa was added on branch pkgsrc-2009Q2 on 2009-09-13 11:38:45 +0000 @ text @d1 13 @ 1.7.2.2 log @Pullup ticket 2886 - requested by drochner security fix Revisions pulled up: - pkgsrc/textproc/expat/Makefile 1.24 - pkgsrc/textproc/expat/distinfo 1.17 Files added: pkgsrc/textproc/expat/patches/patch-aa 1.7 Module Name: pkgsrc Committed By: drochner Date: Thu Sep 10 09:59:21 UTC 2009 Modified Files: pkgsrc/textproc/expat: Makefile distinfo Added Files: pkgsrc/textproc/expat/patches: patch-aa Log Message: fix SA36425: possible DoS due to an error when parsing certain UTF-8 sequences (patch from Python CVS) bump PKGREVISION To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 pkgsrc/textproc/expat/Makefile cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/expat/distinfo cvs rdiff -u -r0 -r1.7 pkgsrc/textproc/expat/patches/patch-aa @ text @a0 13 $NetBSD: patch-aa,v 1.7 2009/09/10 09:59:21 drochner Exp $ --- lib/xmltok_impl.c.orig 2009-09-10 11:37:45.000000000 +0200 +++ lib/xmltok_impl.c @@@@ -1744,7 +1744,7 @@@@ PREFIX(updatePosition)(const ENCODING *e const char *end, POSITION *pos) { - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ @ 1.6 log @Update to 2.0.0: Release 2.0.0 Wed Jan 11 2006 - We no longer use the "check" library for C unit testing; we always use the (partial) internal implementation of the API. - Report XML_NS setting via XML_GetFeatureList(). - Fixed headers for use from C++. - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber() now return unsigned integers. - Added XML_LARGE_SIZE switch to enable 64-bit integers for byte indexes and line/column numbers. - Updated to use libtool 1.5.22 (the most recent). - Added support for AmigaOS. - Some mostly minor bug fixes. SF issues include: 1006708, 1021776, 1023646, 1114960, 1156398, 1221160, 1271642. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.5 2004/09/15 17:09:37 jlam Exp $ d3 11 a13 11 --- lib/expat.h.orig Thu Jul 15 20:54:57 2004 +++ lib/expat.h @@@@ -43,7 +43,7 @@@@ enum XML_Status { #define XML_STATUS_ERROR XML_STATUS_ERROR XML_STATUS_OK = 1, #define XML_STATUS_OK XML_STATUS_OK - XML_STATUS_SUSPENDED = 2, + XML_STATUS_SUSPENDED = 2 #define XML_STATUS_SUSPENDED XML_STATUS_SUSPENDED }; @ 1.5 log @Don't have a comma end an enumeration list, which is apparently not allowed by GCC with -pedantic -ansi. Bump the PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @update to 1.95.7 bugfixes and compatibility improvements @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.3 2003/02/05 03:57:14 jlam Exp $ d3 1 a3 1 --- lib/expat.h.orig Thu Jan 16 14:03:42 2003 d5 8 a12 3 @@@@ -57,6 +57,32 @@@@ typedef unsigned char XML_Bool; #define XML_TRUE ((XML_Bool) 1) #define XML_FALSE ((XML_Bool) 0) a13 62 +/* Parses some input. Returns XML_STATUS_ERROR if a fatal error is + detected. The last call to XML_Parse must have isFinal true; len + may be zero for this call (or any other). + + The XML_Status enum gives the possible return values for the + XML_Parse and XML_ParseBuffer functions. Though the return values + for these functions has always been described as a Boolean value, + the implementation, at least for the 1.95.x series, has always + returned exactly one of these values. The preprocessor #defines + are included so this stanza can be added to code that still needs + to support older versions of Expat 1.95.x: + + #ifndef XML_STATUS_OK + #define XML_STATUS_OK 1 + #define XML_STATUS_ERROR 0 + #endif + + Otherwise, the #define hackery is quite ugly and would have been dropped. +*/ +enum XML_Status { + XML_STATUS_ERROR = 0, +#define XML_STATUS_ERROR XML_STATUS_ERROR + XML_STATUS_OK = 1 +#define XML_STATUS_OK XML_STATUS_OK +}; + enum XML_Error { XML_ERROR_NONE, XML_ERROR_NO_MEMORY, @@@@ -712,32 +738,6 @@@@ XML_GetSpecifiedAttributeCount(XML_Parse */ XMLPARSEAPI(int) XML_GetIdAttributeIndex(XML_Parser parser); - -/* Parses some input. Returns XML_STATUS_ERROR if a fatal error is - detected. The last call to XML_Parse must have isFinal true; len - may be zero for this call (or any other). - - The XML_Status enum gives the possible return values for the - XML_Parse and XML_ParseBuffer functions. Though the return values - for these functions has always been described as a Boolean value, - the implementation, at least for the 1.95.x series, has always - returned exactly one of these values. The preprocessor #defines - are included so this stanza can be added to code that still needs - to support older versions of Expat 1.95.x: - - #ifndef XML_STATUS_OK - #define XML_STATUS_OK 1 - #define XML_STATUS_ERROR 0 - #endif - - Otherwise, the #define hackery is quite ugly and would have been dropped. -*/ -enum XML_Status { - XML_STATUS_ERROR = 0, -#define XML_STATUS_ERROR XML_STATUS_ERROR - XML_STATUS_OK = 1 -#define XML_STATUS_OK XML_STATUS_OK -}; XMLPARSEAPI(enum XML_Status) XML_Parse(XML_Parser parser, const char *s, int len, int isFinal); @ 1.3 log @Bump PKGREVISION of textproc/expat to 1: fix an obvious C bug where types should be declared/defined before they are used. This should fix errors of the form: .../expat.h:657: use of enum `XML_Status' without previous declaration .../expat.h:736: multiple definition of `enum XML_Status' @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @update to 1.95.4 changes since 1.95.2: -Added the XML_ParserReset() API function -Allow xmlwf to read from standard input -Install a man page for xmlwf on Unix systems -bugfixes -unrelated portability enhancements @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.1 2001/11/22 00:55:49 abs Exp $ d3 5 a7 16 --- configure.orig Thu Nov 22 00:23:29 2001 +++ configure @@@@ -1757,7 +1757,14 @@@@ if test "$GCC" = yes ; then - CFLAGS="$CFLAGS -Wall -Wmissing-prototypes -Wstrict-prototypes -fexceptions" + CFLAGS="$CFLAGS -Wall -Wmissing-prototypes -Wstrict-prototypes" + ${CC-cc} -v >conftest.c 2>&1 + gcc_pre_fexceptions=` + awk '/gcc version/{sub("^[^0-9]*","",$3);if ($3<2.8){print "true"} }' \ + conftest.c` + if [ -z "$gcc_pre_fexceptions" ]; then + CFLAGS="$CFLAGS -fexceptions" + fi fi d9 59 d69 2 @ 1.1 log @Handle gcc pre-2.8 - do not use -fexceptions in that case. So I found a 1.3 box running pkgsrc and wanted to update apache... @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @Merge changes from pkgsrc-current into the buildlink2 branch for the packages that have buildlink2.mk files. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.1 2001/11/22 00:55:49 abs Exp $ @