The NetBSD Project

CVS log for pkgsrc/www/libwww/patches/Attic/patch-ap

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / www / libwww / patches

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.2, Sun Jun 24 16:54:59 2018 UTC (5 years, 8 months ago) by adam
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +1 -1 lines
FILE REMOVED

libwww: updated to 5.4.2

5.4.2:
Unknown changes.

Changes with libwww 5.4.1
* Removed the expat source code in favor of linking against
the global system expat library to avoid having to track
security advisories in that library
* Updated expat to 2.2.0
* Updated autotools to the current versions
* Library/src/HTSQL.c: add missing mysql_init to HTSQL_connect reported by Xavier Torne
* configure.ac, Library/src/Makefile.am, Library/cvs2sql/Makefile.am,
  Robot/src/Makefile.am:
  modify configure scripts for mysql_config based autoconf processing
* Library/src/HTSQL.c, Library/src/HTSQL.html, Library/src/HTSQLLog.c: remove
  mysql directory from include directiv
* Robot/src/RobotMain.c: added flag MR_KEEP_META for -lm last modified option
  detected by Jan Hutaø
* Robot/src/RobotMain.c: added flag MR_KEEP_META for -title option
  detected by Jan Hutaø
* close leak in HTBound process_boundary() detected by Sam Varshavchik
  using valgrind; excised old #if 0 snippets from HTMIME.c
* Library/src/HTCookie.c: add private function HTCookie_splitPair to
  split a KEY=VALUE pair, from Jesse Morgan
* configure.ac: remove unecessary check for appkit.h as
  suggested by Roger Persson
* Library/src/wwwsys.html: change genuine angle bracket characters
  into the angle bracket entities, thanks to Bobby Jack
* Library/src/HT*.html, Library/src/SSL/HT*.html: wrap
  all header files with extern "C"
* Library/src/HTFile, configure.ac: add a basis for
  addressing Ben's security concerns
* Library/src/HTBound.c: libwww security advisory fix from
  Sam Varshavchik, fix double-counting of processed bytes,
  rewrote HTBoundary_put_block, to fix problematic HTTP 1.1
  byte range requests
* Library/src/: HTAlert.c, HTHeader.c, HTInit.c, HTNet.c,
  HTProfil.c, HTProt.c, HTTrans.c: Patch to greatly speed up
  repeated requests, from Arthur Smith
* Library/src/HTSQL.c: modifications to compile without using
  deprecated mysql functions
* config/: config.sub, ltmain.sh: updates for recent version of
  libtool
* INSTALL.html, Library/src/HTEvtLst.c: cleaning
* libwww-config.in: include -lwwwssl, thanks to mgoddard at
  itgs-presearch.com
* Library/src/SSL/HTSSLWriter.c: avoids an eternal loop in libwww
* Library/src/SSL/HTSSL.html, Robot/src/RobotMain.c: fix for webbot
  -v option check and documentation addition
* configure.ac, Library/src/SSL/HTSSL.c,
  Library/src/SSL/windows/wwwssl.def, Robot/src/HTRobMan.html,
  Robot/src/Makefile.am, Robot/src/RobotMain.c: basic support for
  client side certificates using PEM format
* Library/src/SSL/: HTSSL.c, HTSSLReader.c, HTSSLWriter.c: add
  openssl to include for ssl.h and rand.h
* config/: config.guess, config.sub, ltmain.sh: update after
  running libtoolize
* Robot/src/Makefile.am: use SSL directory for libwwwssl.la
* Robot/src/RobotMain.c: include HTSSL.h
* configure.ac: fix aclocal underquoting warnings
* Robot/src/: RobotMain.c, Makefile.am: update to enable https
  protocol
* Library/src/HTTPReq.c: fixed , to _ in HTTRACE call
* Library/src/HTTPReq.c: removed LIBWWW_USEIDN, because unnecessary
* modules/idn/unicode_template.c: forgot one file
* Library/src/HTDNS.html: moved IDN to main branch
* Library/src/HTDNS.c: moved IDN to main branch
* Library/src/HTTPReq.c: added "LIBWWW_USEIDN" conditional
* Library/src/HTTPReq.c: moved IDN to main branch
* Library/Overview.html: JK: Added the libwww survey results

Revision 1.1.2.2 / (download) - annotate - [select for diffs], Sat Nov 5 17:25:26 2005 UTC (18 years, 4 months ago) by snj
Branch: pkgsrc-2005Q3
Changes since 1.1.2.1: +524 -0 lines
Diff to previous 1.1.2.1 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)

Pullup ticket 886 - requested by Lubomir Sedlacik
security fix for libwww

Revisions pulled up:
- pkgsrc/www/libwww/Makefile		1.62
- pkgsrc/www/libwww/distinfo		1.21
- pkgsrc/www/libwww/patches/patch-ap	1.1

   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Thu Nov  3 15:51:59 UTC 2005

   Modified Files:
           pkgsrc/www/libwww: Makefile distinfo
   Added Files:
           pkgsrc/www/libwww/patches: patch-ap

   Log Message:
   Security fix for SA17119:

   "A vulnerability was found in W3C Libwww, which potentially can be
   exploited by malicious people to cause a DoS (Denial of Service).

   The vulnerability is caused due to a boundary error in the
   "HTBoundary_put_block()" function when processing multipart MIME data.
   This may be exploited to cause an illegal memory access past the end of
   the input buffer via specially crafted multipart MIME data.

   Successful exploitation can potentially cause an application that uses
   Libwww to crash."

   http://secunia.com/advisories/17119/
   https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597

   Bump PKGREVISION.
   Patch from RedHat.

Revision 1.1.2.1, Thu Nov 3 15:51:59 2005 UTC (18 years, 4 months ago) by snj
Branch: pkgsrc-2005Q3
Changes since 1.1: +0 -524 lines
FILE REMOVED

file patch-ap was added on branch pkgsrc-2005Q3 on 2005-11-03 15:51:59 +0000

Revision 1.1 / (download) - annotate - [select for diffs], Thu Nov 3 15:51:59 2005 UTC (18 years, 4 months ago) by salo
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1, pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2, pkgsrc-2006Q1-base, pkgsrc-2006Q1, pkgsrc-2005Q4-base, pkgsrc-2005Q4, cwrapper, cube-native-xorg-base, cube-native-xorg
Branch point for: pkgsrc-2005Q3

Security fix for SA17119:

"A vulnerability was found in W3C Libwww, which potentially can be exploited
by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a boundary error in the
"HTBoundary_put_block()" function when processing multipart MIME data. This
may be exploited to cause an illegal memory access past the end of the input
buffer via specially crafted multipart MIME data.

Successful exploitation can potentially cause an application that uses Libwww
to crash."

http://secunia.com/advisories/17119/
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597

Bump PKGREVISION.
Patch from RedHat.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>