pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/textproc/expat
Module Name: pkgsrc
Committed By: wiz
Date: Sun Mar 30 07:48:15 UTC 2025
Modified Files:
pkgsrc/textproc/expat: Makefile distinfo
Removed Files:
pkgsrc/textproc/expat/patches:
patch-cmake_autotools_expat-noconfig____macos.cmake.in
Log Message:
expat: update to 2.7.1.
Release 2.7.1 Thu March 27 2025
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
Release 2.7.0 Thu March 13 2025
Security fixes:
#893 #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
Other changes:
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
Infrastructure:
#926 tests: Increase robustness
#927 #932 ..
#930 #933 tests: Increase test coverage
#617 #950 ..
#951 #952 ..
#954 #955 .. Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on
#961 Google's libprotobuf-mutator ("LPM")
#957 Fuzzing|CI: Start producing fuzzing code coverage reports
#936 CI: Pass -q -q for LCOV >=2.1 in coverage.sh
#942 CI: Small fuzzing related improvements
#139 #203 ..
#791 #946 CI: Make GitHub Actions build using MSVC on Windows and
produce 32bit and 64bit Windows binaries
#956 CI: Get off of about-to-be-removed Ubuntu 20.04
#960 #964 CI: Start uploading to Coverity Scan for static analysis
#972 CI: Stop loading DTD from the internet to address flaky CI
#971 CI: Adapt to breaking changes in Cppcheck
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/textproc/expat/Makefile
cvs rdiff -u -r1.52 -r1.53 pkgsrc/textproc/expat/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/textproc/expat/patches/patch-cmake_autotools_expat-noconfig____macos.cmake.in
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/textproc/expat/Makefile
diff -u pkgsrc/textproc/expat/Makefile:1.58 pkgsrc/textproc/expat/Makefile:1.59
--- pkgsrc/textproc/expat/Makefile:1.58 Wed Sep 4 13:08:26 2024
+++ pkgsrc/textproc/expat/Makefile Sun Mar 30 07:48:15 2025
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.58 2024/09/04 13:08:26 adam Exp $
+# $NetBSD: Makefile,v 1.59 2025/03/30 07:48:15 wiz Exp $
-DISTNAME= expat-2.6.3
+DISTNAME= expat-2.7.1
CATEGORIES= textproc
MASTER_SITES= ${MASTER_SITE_GITHUB:=libexpat/}
GITHUB_PROJECT= libexpat
Index: pkgsrc/textproc/expat/distinfo
diff -u pkgsrc/textproc/expat/distinfo:1.52 pkgsrc/textproc/expat/distinfo:1.53
--- pkgsrc/textproc/expat/distinfo:1.52 Wed Dec 18 15:03:58 2024
+++ pkgsrc/textproc/expat/distinfo Sun Mar 30 07:48:15 2025
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.52 2024/12/18 15:03:58 brook Exp $
+$NetBSD: distinfo,v 1.53 2025/03/30 07:48:15 wiz Exp $
-BLAKE2s (expat-2.6.3.tar.gz) = fcc81c1c25ef679e6c93fe93c7c1b0cc5a306f94163d3e53b506917cb6537185
-SHA512 (expat-2.6.3.tar.gz) = 0c0f0df947bbe7084ba2bffce082bc40e061cbf02363f3043e8e6be33b71277dbf13fd54dcc0f641b704293e3faea5b8c1d3c752737db4c908097bf5df8bd02d
-Size (expat-2.6.3.tar.gz) = 764617 bytes
-SHA1 (patch-cmake_autotools_expat-noconfig____macos.cmake.in) = 21411931ba40ca89435a3a41b3c329039540bfa2
+BLAKE2s (expat-2.7.1.tar.gz) = fa9600a2ac4552b3e4d6a94b34392e6a3fa4b6d1c0d704cd2e937c17ed9705d8
+SHA512 (expat-2.7.1.tar.gz) = 1b6b94f3253ac3ab3f8c69d1c852db2334c99cb7990b9656f5f2458198d1eb854e79cce0e39151aef0d5e01a740fc965651c6a57fda585f9a24c543f2693f78c
+Size (expat-2.7.1.tar.gz) = 785356 bytes
Home |
Main Index |
Thread Index |
Old Index