pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/textproc/expat expat: update to 2.4.1



details:   https://anonhg.NetBSD.org/pkgsrc/rev/71969de0bf3a
branches:  trunk
changeset: 453189:71969de0bf3a
user:      nia <nia%pkgsrc.org@localhost>
date:      Tue May 25 06:34:08 2021 +0000

description:
expat: update to 2.4.1

Release 2.4.1 Sun May 23 2021
        Bug fixes:
       #488 #490  Autotools: Fix installed header expat_config.h for multilib
                    systems; regression introduced in 2.4.0 by pull request #486

        Other changes:
       #491 #492  Version info bumped from 9:0:8 to 9:1:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Gentoo's QA check "multilib_check_headers"

Release 2.4.0 Sun May 23 2021
        Security fixes:
   #34 #466 #484  CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
                    (denial-of-service; flavors targeting CPU time or RAM or both,
                    leveraging general entities or parameter entities or both)
                    by tracking and limiting the input amplification factor
                    (<amplification> := (<direct> + <indirect>) / <direct>).
                    By conservative default, amplification up to a factor of 100.0
                    is tolerated and rejection only starts after 8 MiB of output bytes
                    (=<direct> + <indirect>) have been processed.
                    The fix adds the following to the API:
                    - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
                      signals this specific condition.
                    - Two new API functions ..
                      - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
                      - XML_SetBillionLaughsAttackProtectionActivationThreshold
                      .. to further tighten billion laughs protection parameters
                      when desired.  Please see file "doc/reference.html" for details.
                      If you ever need to increase the defaults for non-attack XML
                      payload, please file a bug report with libexpat.
                    - Two new XML_FEATURE_* constants ..
                      - that can be queried using the XML_GetFeatureList function, and
                      - that are shown in "xmlwf -v" output.
                    - Two new environment variable switches ..
                      - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
                      - EXPAT_ENTITY_DEBUG=(0|1)
                      .. for runtime debugging of accounting and entity processing.
                      Specific behavior of these values may change in the future.
                    - Two new command line arguments "-a FACTOR" and "-b BYTES"
                      for xmlwf to further tighten billion laughs protection
                      parameters when desired.
                      If you ever need to increase the defaults for non-attack XML
                      payload, please file a bug report with libexpat.

        Bug fixes:
       #332 #470  For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
                    or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
                    for UTF-16 payloads containing CDATA sections.
       #485 #486  Autotools: Fix generated CMake files for non-64bit and
                    non-Linux platforms (e.g. macOS and MinGW in particular)
                    that were introduced with release 2.3.0

        Other changes:
       #468 #469  xmlwf: Improve help output and the xmlwf man page
            #463  xmlwf: Improve maintainability through some refactoring
            #477  xmlwf: Fix man page DocBook validity
       #458 #459  CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
                    and CMAKE_INSTALL_INCLUDEDIR
       #471 #481  CMake: Add support for standard variable BUILD_SHARED_LIBS
            #457  Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
            #467  Resolve macro HAVE_EXPAT_CONFIG_H
            #472  Delete unused legacy helper file "conftools/PrintPath"
       #473 #483  Improve attribution
  #464 #465 #477  doc/reference.html: Fix XHTML validity
       #475 #478  doc/reference.html: Replace the 90s look by OK.css
            #479  Version info bumped from 8:0:7 to 9:0:8
                    due to addition of new symbols and error codes;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
            #456  CI: Enable periodic runs
            #457  CI: Start covering the list of exported symbols
            #474  CI: Isolate coverage task
       #476 #482  CI: Adapt to breaking changes in image "ubuntu-18.04"
            #477  CI: Cover well-formedness and DocBook/XHTML validity
                    of doc/reference.html and doc/xmlwf.xml

        Special thanks to:
            Dimitry Andric
            Eero Helenius
            Nick Wellnhofer
            Rhodri James
            Tomas Korbar
            Yury Gribov
                 and
            Clang LeakSan
            JetBrains
            OSS-Fuzz

diffstat:

 textproc/expat/Makefile |   4 ++--
 textproc/expat/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r e8b32dd6a4ab -r 71969de0bf3a textproc/expat/Makefile
--- a/textproc/expat/Makefile   Tue May 25 05:46:39 2021 +0000
+++ b/textproc/expat/Makefile   Tue May 25 06:34:08 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.46 2021/05/10 09:33:33 wiz Exp $
+# $NetBSD: Makefile,v 1.47 2021/05/25 06:34:08 nia Exp $
 
-DISTNAME=      expat-2.3.0
+DISTNAME=      expat-2.4.1
 CATEGORIES=    textproc
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=libexpat/}
 GITHUB_PROJECT=        libexpat
diff -r e8b32dd6a4ab -r 71969de0bf3a textproc/expat/distinfo
--- a/textproc/expat/distinfo   Tue May 25 05:46:39 2021 +0000
+++ b/textproc/expat/distinfo   Tue May 25 06:34:08 2021 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.36 2021/05/10 09:33:33 wiz Exp $
+$NetBSD: distinfo,v 1.37 2021/05/25 06:34:08 nia Exp $
 
-SHA1 (expat-2.3.0.tar.gz) = 8928f1d87b2b475ebf1b0a5b1f27032c0fc99dbc
-RMD160 (expat-2.3.0.tar.gz) = 4d13fc507ae057a3d1620225b59fc09f17eff5b7
-SHA512 (expat-2.3.0.tar.gz) = 5ba6f707d5f2c758ecfa02e43f412e8ab09283f91d06f95fc24ac2b7ffbe2cd3e561390a40ef90448573881a7561622fdfbc5f7bd53cff7abc1ef310f411a16a
-Size (expat-2.3.0.tar.gz) = 676629 bytes
+SHA1 (expat-2.4.1.tar.gz) = 171c635c757e0ac9005f72b9578af021fddbcfb3
+RMD160 (expat-2.4.1.tar.gz) = 11e80cd41990a2b574c77e9e36b040d1711dc0fc
+SHA512 (expat-2.4.1.tar.gz) = 7390bf8d6b3e99f3bccc5c3d92f21d02c0b8ed29f1f9556e18dbae7caa813814b4fd7bd7aa2d711da27c97141d4a627b481b18ac57cef2c2438b78bac1c31203
+Size (expat-2.4.1.tar.gz) = 697439 bytes



Home | Main Index | Thread Index | Old Index