slackware-current

Miroirs/slackware-current

Fork 0

mirror of git://slackware.nl/current.git synced 2025-01-15 15:41:54 +01:00

Commit graph

Author	SHA1	Message	Date
Patrick J Volkerding	48a597699d	Sun Dec 10 01:12:17 UTC 2023 l/libxml2-2.12.2-x86_64-2.txz: Rebuilt. Add --sysconfdir=/etc option so that this can find the xml catalog. Thanks to SpiderTux. Fix the following security issues: Fix integer overflows with XML_PARSE_HUGE. Fix dict corruption caused by entity reference cycles. Hashing of empty dict strings isn't deterministic. Fix null deref in xmlSchemaFixupComplexType. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-40303 https://www.cve.org/CVERecord?id=CVE-2022-40304 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://www.cve.org/CVERecord?id=CVE-2023-28484 (* Security fix *)	2023-12-10 02:58:55 +01:00
Patrick J Volkerding	4f2f8fa3a5	Sat Dec 9 19:55:12 UTC 2023 kde/plasma-wayland-protocols-1.12.0-x86_64-1.txz: Upgraded. l/libxslt-1.1.39-x86_64-1.txz: Upgraded. l/zxing-cpp-2.2.0-x86_64-1.txz: Upgraded. xap/seamonkey-2.53.18-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.18 testing/packages/libxml2-2.12.2-x86_64-1.txz: Upgraded. Hey folks, I'm in need of a bit of assistance here. I've had libxml2 on the back burner for quite some time now in spite of yet-another variation of the old "billion laughs" resource exhaustion attack that's been supposedly fixed. The issue I'm running into with newer versions of libxml2 is that the rewrite rules for mapping external entities to files on the system no longer work, and I'm not sure why that is. For a quick demonstration, upgrade to this libxml2 package and then try to build glib2. You'll see xsltproc called to generate documentation such as the man pages, but it isn't able to find the entity locally and fails due to --nonet. I'll be keeping an eye on LQ if anyone has any hints. Thanks!	2023-12-09 21:35:16 +01:00

Author

SHA1

Message

Date

Patrick J Volkerding

48a597699d

Sun Dec 10 01:12:17 UTC 2023

l/libxml2-2.12.2-x86_64-2.txz:  Rebuilt.
  Add --sysconfdir=/etc option so that this can find the xml catalog.
  Thanks to SpiderTux.
  Fix the following security issues:
  Fix integer overflows with XML_PARSE_HUGE.
  Fix dict corruption caused by entity reference cycles.
  Hashing of empty dict strings isn't deterministic.
  Fix null deref in xmlSchemaFixupComplexType.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-40303
    https://www.cve.org/CVERecord?id=CVE-2022-40304
    https://www.cve.org/CVERecord?id=CVE-2023-29469
    https://www.cve.org/CVERecord?id=CVE-2023-28484
  (* Security fix *)

2023-12-10 02:58:55 +01:00

Patrick J Volkerding

4f2f8fa3a5

Sat Dec 9 19:55:12 UTC 2023

kde/plasma-wayland-protocols-1.12.0-x86_64-1.txz:  Upgraded.
l/libxslt-1.1.39-x86_64-1.txz:  Upgraded.
l/zxing-cpp-2.2.0-x86_64-1.txz:  Upgraded.
xap/seamonkey-2.53.18-x86_64-1.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.18
testing/packages/libxml2-2.12.2-x86_64-1.txz:  Upgraded.
  Hey folks, I'm in need of a bit of assistance here. I've had libxml2 on the
  back burner for quite some time now in spite of yet-another variation of
  the old "billion laughs" resource exhaustion attack that's been supposedly
  fixed. The issue I'm running into with newer versions of libxml2 is that
  the rewrite rules for mapping external entities to files on the system no
  longer work, and I'm not sure why that is. For a quick demonstration,
  upgrade to this libxml2 package and then try to build glib2. You'll see
  xsltproc called to generate documentation such as the man pages, but it isn't
  able to find the entity locally and fails due to --nonet.
  I'll be keeping an eye on LQ if anyone has any hints. Thanks!

2023-12-09 21:35:16 +01:00

2 commits