pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/textproc/expat
Module Name: pkgsrc
Committed By: wiz
Date: Tue Mar 17 21:20:10 UTC 2026
Modified Files:
pkgsrc/textproc/expat: Makefile distinfo
Log Message:
expat: update to 2.7.5.
Ok maya@
Release 2.7.5 Tue March 17 2026
Security fixes:
#1158 CVE-2026-32776 -- Fix NULL function pointer dereference for
empty external parameter entities; it takes use of both
functions XML_ExternalEntityParserCreate and
XML_SetParamEntityParsing for an application to be
vulnerable.
#1161 #1162 CVE-2026-32777 -- Protect from XML_TOK_INSTANCE_START
infinite loop in function entityValueProcessor; it takes
use of both functions XML_ExternalEntityParserCreate and
XML_SetParamEntityParsing for an application to be
vulnerable.
#1163 CVE-2026-32778 -- Fix NULL dereference in function setContext
on retry after an earlier ouf-of-memory condition; it takes
use of function XML_ParserCreateNS or XML_ParserCreate_MM
for an application to be vulnerable.
#1160 Three more unfixed vulnerabilities left
Other changes:
#1146 #1147 Autotools: Fix condition for symbol versioning check, in
particular when compiling with slibtool (not libtool)
#1156 Address Cppcheck >=2.20.0 warnings
#1153 tests: Make test_buffer_can_grow_to_max work for MinGW on
Ubuntu 24.04
#1157 #1159 Version info bumped from 12:2:11 (libexpat*.so.1.11.2)
to 12:3:11 (libexpat*.so.1.11.3); see https://verbump.de/
for what these numbers do
Infrastructure:
#1148 CI: Fix FreeBSD and Solaris CI
#1149 CI: Bump to WASI SDK 30
#1153 CI: Adapt to breaking changes with Ubuntu 22.04
#1156 CI: Adapt to breaking changes in Cppcheck
Special thanks to:
Berkay Eren Ürün
Christian Ng
Fabio Scaccabarozzi
Francesco Bertolaccini
Mark Brand
Rhodri James
and
AddressSanitizer
Buttercup
OSS-Fuzz / ClusterFuzz
Trail of Bits
To generate a diff of this commit:
cvs rdiff -u -r1.62 -r1.63 pkgsrc/textproc/expat/Makefile
cvs rdiff -u -r1.56 -r1.57 pkgsrc/textproc/expat/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/textproc/expat/Makefile
diff -u pkgsrc/textproc/expat/Makefile:1.62 pkgsrc/textproc/expat/Makefile:1.63
--- pkgsrc/textproc/expat/Makefile:1.62 Sat Jan 31 17:39:42 2026
+++ pkgsrc/textproc/expat/Makefile Tue Mar 17 21:20:10 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.62 2026/01/31 17:39:42 wiz Exp $
+# $NetBSD: Makefile,v 1.63 2026/03/17 21:20:10 wiz Exp $
-DISTNAME= expat-2.7.4
+DISTNAME= expat-2.7.5
CATEGORIES= textproc
MASTER_SITES= ${MASTER_SITE_GITHUB:=libexpat/}
GITHUB_PROJECT= libexpat
Index: pkgsrc/textproc/expat/distinfo
diff -u pkgsrc/textproc/expat/distinfo:1.56 pkgsrc/textproc/expat/distinfo:1.57
--- pkgsrc/textproc/expat/distinfo:1.56 Sat Jan 31 17:39:42 2026
+++ pkgsrc/textproc/expat/distinfo Tue Mar 17 21:20:10 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.56 2026/01/31 17:39:42 wiz Exp $
+$NetBSD: distinfo,v 1.57 2026/03/17 21:20:10 wiz Exp $
-BLAKE2s (expat-2.7.4.tar.gz) = 27646dba84b1caf2c783051d7937bd00e1b8a8eb85c08f892bcfec8b60f4f8f2
-SHA512 (expat-2.7.4.tar.gz) = 3fa9d9092f85f585351ee3f9e46009e289faa1288401e59e93513e2661f70742dfc3daee8639d2db2d8dc8348c01846ad5040ad8baf56f964778b075c3296bdf
-Size (expat-2.7.4.tar.gz) = 804806 bytes
+BLAKE2s (expat-2.7.5.tar.gz) = 679fbf8744d8f0356232a728f366827ba118bf15af91c918bc5fc9b08fb9aadb
+SHA512 (expat-2.7.5.tar.gz) = fefcc386800ac242e6c7408caf3667264534d7ab269cd3768478bfb0d558e1a32adca03e1822269447f1609bedc5bdbbde47dd9a3824bfd080274a8d691942a3
+Size (expat-2.7.5.tar.gz) = 805627 bytes
Home |
Main Index |
Thread Index |
Old Index