pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/textproc/expat
Module Name: pkgsrc
Committed By: adam
Date: Wed Feb 7 13:19:26 UTC 2024
Modified Files:
pkgsrc/textproc/expat: Makefile builtin.mk distinfo
Log Message:
expat: updated to 2.6.0
Release 2.6.0 Tue February 6 2024
Security fixes:
* * CVE-2023-52425 -- Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request * and to include earlier pull request *,
in order to not break the fix.
* CVE-2023-52426 -- Fix billion laughs attacks for users
compiling *without* XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).
Bug fixes:
* Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark
* Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined
* * Protect against closing entities out of order
Other changes:
* Improve support for arc4random/arc4random_buf
* * Improve buffer growth in XML_GetBuffer and XML_Parse
* * xmlwf: Support --help and --version
* * xmlwf: Support custom buffer size for XML_GetBuffer and read
* xmlwf: Improve language and URL clickability in help output
* examples: Add new example "element_declarations.c"
* Be stricter about macro XML_CONTEXT_BYTES at build time
* Make inclusion to expat_config.h consistent
* * Autotools: configure.ac: Support --disable-maintainer-mode
* * ..
* * * Autotools: Sync CMake templates with CMake 3.26
* Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability
* Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows
* * Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)
* Autotools|CMake: Fix PACKAGE_BUGREPORT variable
* * Autotools|CMake: Make test suite require a C++11 compiler
* CMake: Require CMake >=3.5.0
* CMake: Lowercase off_t and size_t to help a bug in Meson
* CMake: Sort xmlwf sources alphabetically
* CMake|Windows: Fix generation of DLL file version info
* CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON
* * docs: Document the importance of isFinal + adjust tests
accordingly
* docs: Improve use of "NULL" and "null"
* docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)
* docs: reference.html: Promote function XML_ParseBuffer more
* docs: reference.html: Add HTML anchors to XML_* macros
* docs: reference.html: Upgrade to OK.css 1.2.0
* * docs: Fix typos
* docs|CI: Use HTTPS URLs instead of HTTP at various places
* * ..
* * ..
* * Address compiler warnings
* * Address clang-tidy warnings
* * Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
for what these numbers do
Infrastructure:
* * docs: Document security policy in file SECURITY.md
* docs: Improve parse buffer variables in-code documentation
* * ..
* * ..
* * * Refactor coverage and conformance tests
* * Refactor debug level variables to unsigned long
* Improve handling of empty environment variable value
in function getDebugLevel (without visible user effect)
* * ..
* * ..
* * tests: Improve test coverage with regard to parse chunk size
* * * Fuzzing: Improve fuzzing coverage
* * Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests
* * CI: Resolve some Travis CI leftovers
* CI: Be robust towards absence of Git tags
* * CI: Set permissions to "contents: read" for security
* CI: Pin all GitHub Actions to specific commits for security
* CI: Reject spelling errors using codespell
* CI: Enforce clang-tidy clean code
* * ..
* * CI: Upgrade Clang from 15 to 18
* CI: Start using Clang's Control Flow Integrity sanitizer
* * * CI: Adapt to breaking changes in GitHub Actions Ubuntu images
* CI: Adapt to breaking changes in Clang/LLVM Debian packaging
* CI: Adapt to breaking changes in codespell
* CI: Adapt to breaking changes in Cppcheck
To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 pkgsrc/textproc/expat/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/textproc/expat/builtin.mk
cvs rdiff -u -r1.47 -r1.48 pkgsrc/textproc/expat/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/textproc/expat/Makefile
diff -u pkgsrc/textproc/expat/Makefile:1.54 pkgsrc/textproc/expat/Makefile:1.55
--- pkgsrc/textproc/expat/Makefile:1.54 Wed Oct 26 10:37:47 2022
+++ pkgsrc/textproc/expat/Makefile Wed Feb 7 13:19:26 2024
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.54 2022/10/26 10:37:47 wiz Exp $
+# $NetBSD: Makefile,v 1.55 2024/02/07 13:19:26 adam Exp $
-DISTNAME= expat-2.5.0
+DISTNAME= expat-2.6.0
CATEGORIES= textproc
MASTER_SITES= ${MASTER_SITE_GITHUB:=libexpat/}
GITHUB_PROJECT= libexpat
@@ -11,18 +11,17 @@ HOMEPAGE= https://libexpat.github.io/
COMMENT= XML parser library written in C
LICENSE= mit
-GNU_CONFIGURE= yes
+USE_LANGUAGES= c c++
USE_LIBTOOL= yes
-
+USE_TOOLS+= bash:test
+GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --without-examples
CONFIGURE_ARGS+= --without-tests
# workaround suggested by upstream; xmlwf.1 is in tarball, so docbook not needed
CONFIGURE_ENV+= DOCBOOK_TO_MAN=false
CONFIGURE_ARGS+= --without-docbook
-USE_LANGUAGES= c c++
-TEST_TARGET= test
-USE_TOOLS+= bash:test
+TEST_TARGET= check
REPLACE_BASH= test-driver-wrapper.sh
# we can't use cmake due to a cyclic dependency
#USE_CMAKE= yes
Index: pkgsrc/textproc/expat/builtin.mk
diff -u pkgsrc/textproc/expat/builtin.mk:1.22 pkgsrc/textproc/expat/builtin.mk:1.23
--- pkgsrc/textproc/expat/builtin.mk:1.22 Sat Jan 13 20:07:34 2024
+++ pkgsrc/textproc/expat/builtin.mk Wed Feb 7 13:19:26 2024
@@ -1,4 +1,4 @@
-# $NetBSD: builtin.mk,v 1.22 2024/01/13 20:07:34 riastradh Exp $
+# $NetBSD: builtin.mk,v 1.23 2024/02/07 13:19:26 adam Exp $
BUILTIN_PKG:= expat
@@ -25,7 +25,7 @@ MAKEVARS+= IS_BUILTIN.expat
### a package name to represent the built-in package.
###
.if !defined(BUILTIN_PKG.expat) && \
- ${IS_BUILTIN.expat:M[yY][eE][sS]} && \
+ ${IS_BUILTIN.expat:tl} == yes && \
empty(H_EXPAT:M__nonexistent__)
BUILTIN_VERSION.expat!= \
${AWK} '/\#define[ ]*XML_MAJOR_VERSION/ { M = $$3 } \
@@ -47,12 +47,12 @@ USE_BUILTIN.expat= no
. else
USE_BUILTIN.expat= ${IS_BUILTIN.expat}
. if defined(BUILTIN_PKG.expat) && \
- ${IS_BUILTIN.expat:M[yY][eE][sS]}
+ ${IS_BUILTIN.expat:tl} == yes
USE_BUILTIN.expat= yes
. for _dep_ in ${BUILDLINK_API_DEPENDS.expat}
-. if ${USE_BUILTIN.expat:M[yY][eE][sS]}
+. if ${USE_BUILTIN.expat:tl} == yes
USE_BUILTIN.expat!= \
- if ${PKG_ADMIN} pmatch ${_dep_:Q} ${BUILTIN_PKG.expat:Q}; then \
+ if ${PKG_ADMIN} pmatch ${_dep_:Q} ${BUILTIN_PKG.expat}; then \
${ECHO} yes; \
else \
${ECHO} no; \
@@ -69,9 +69,9 @@ MAKEVARS+= USE_BUILTIN.expat
### solely to determine whether a built-in implementation exists.
###
CHECK_BUILTIN.expat?= no
-.if ${CHECK_BUILTIN.expat:M[nN][oO]}
+.if ${CHECK_BUILTIN.expat:tl} == no
-. if ${USE_BUILTIN.expat:M[nN][oO]}
+. if ${USE_BUILTIN.expat:tl} == no
BUILDLINK_API_DEPENDS.expat+= expat>=1.95.4
. else
. if !empty(H_EXPAT:M${X11BASE}/*)
@@ -87,7 +87,7 @@ BUILDLINK_PREFIX.expat= /boot/common
# Fake pkg-config for builtin expat on NetBSD
-.if ${USE_BUILTIN.expat:M[yY][eE][sS]}
+.if ${USE_BUILTIN.expat:tl} == yes
. if !empty(USE_TOOLS:C/:.*//:Mpkg-config)
do-configure-pre-hook: override-expat-pkgconfig
Index: pkgsrc/textproc/expat/distinfo
diff -u pkgsrc/textproc/expat/distinfo:1.47 pkgsrc/textproc/expat/distinfo:1.48
--- pkgsrc/textproc/expat/distinfo:1.47 Wed Oct 26 10:37:47 2022
+++ pkgsrc/textproc/expat/distinfo Wed Feb 7 13:19:26 2024
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.47 2022/10/26 10:37:47 wiz Exp $
+$NetBSD: distinfo,v 1.48 2024/02/07 13:19:26 adam Exp $
-BLAKE2s (expat-2.5.0.tar.gz) = 2f284355b044c2f48b0066408c3333975e2748230afcfcd0c63cc872dc7f2c47
-SHA512 (expat-2.5.0.tar.gz) = f1ff7da5fafb47dcd6e0f0d892826aba6de76509c8497bc00382f1109ab8e2a93d396943dbb52216457044993a39d73728048adf650d8e83e28189edc7b78402
-Size (expat-2.5.0.tar.gz) = 719235 bytes
+BLAKE2s (expat-2.6.0.tar.gz) = 8e980691fe962ab355dc6fbf7c53f92f5d0eacab3e282dc0dc3c0ad09865d6ef
+SHA512 (expat-2.6.0.tar.gz) = ec24bff301eb887232d9e0c9051a7aa5f0461adc0c7918dda3e96fe7a0a9a5b8bdccfb4a82f99643ea1a3a1da28f698a31be1848eacb2ec3eaec6453733e4667
+Size (expat-2.6.0.tar.gz) = 761561 bytes
Home |
Main Index |
Thread Index |
Old Index