CVS commit: pkgsrc/textproc/p5-XML-Parser

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/textproc/p5-XML-Parser
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Thu, 19 Mar 2026 15:22:30 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Thu Mar 19 15:22:30 UTC 2026

Modified Files:
        pkgsrc/textproc/p5-XML-Parser: Makefile distinfo
Removed Files:
        pkgsrc/textproc/p5-XML-Parser/patches: patch-MANIFEST

Log Message:
p5-XML-Parser: update to 2.48.

Security fix release.

2.48 2026-03-18 (by Todd Rinaldo)

  Fixes:
    - GH #39 Fix off-by-one heap buffer overflow in st_serial_stack growth check (CVE-2006-10003)
    - GH #64 Fix buffer overflow in parse_stream when filehandle has :utf8 layer (CVE-2006-10002)
    - GH #27 Prevent symbol table auto-vivification in Expat::parse
    - GH #30 Set UTF-8 flag on sysid in ExternEnt handler and fix Debug style for non-ASCII chars
    - GH #36 Prevent position overflow for large files in line/column/error paths
    - GH #41 Fix xml_escape to escape all occurrences of quote characters
    - GH #44 Fix lexical filehandle handling in ExternEnt handler return values
    - GH #45 Clean up compiler warnings in Expat.xs
    - GH #47 Fix routing of character data after root element to Char handler
    - GH #48 Fix current_byte overflow for large XML files on 32-bit perl
    - GH #50 Propagate xpcroak errors in Subs style instead of swallowing them
    - GH #53 Fix parameter entity references in internal DTD subset breaking handler dispatch
    - GH #65 Support standard LIBS and INC options in Makefile.PL; propagate to Expat/Makefile.PL
    - GH #69 Auto-detect multiarch library paths for expat
    - GH #72 Localize $_ in Style::Stream to avoid read-only modification
    - GH #76 Use system tmpdir for temp files in Devel::CheckLib
    - GH #83 Use pkg-config to auto-detect expat in non-standard locations
    - GH #90 Improve "Couldn't find your C compiler" error message
    - GH #100 Clean up MSVC assertlib .obj files on Windows
    - GH #103 Skip -rpath on Mac OS X 10.4 and earlier
    - GH #106 Fix freeing of the content model using XML_FreeContentModel
    - GH #148 XML-escape attribute values in Stream style default output
    - GH #149 Restore Base after parsefile() to prevent context pollution on reuse
    - GH #152 Fix SYNOPSIS handler name Characters -> Text in Stream.pm
    - GH #153 Fix variable interpolation in xpcarp() and setHandlers() error messages
    - GH #157 Restore Perl 5.8 and 5.10 test compatibility
    - GH #160 Initialize st_serial_stacksize after allocation in Expat.xs
    - GH #162 Replace local $^W=0 with no warnings 'numeric' in Expat.pm
    - GH #164 Add missing ENTER/SAVETMPS scope to notationDecl callback
    - GH #165 Replace each() with keys() to avoid iterator side effects
    - GH #166 Remove no-op study() call in xml_escape

  Improvements:
    - GH #38 Add G_VOID flag to all void-context perl_call_sv/method/pv calls
    - GH #46 Add UseForeignDTD option for documents without DOCTYPE
    - GH #49 Add current_length method to XML::Parser::Expat
    - GH #54 Add hint about unescaped characters for invalid token errors
    - GH #67 Add NoLWP to expat capability probes for consistent skip logic
    - GH #70 Enhance parse exceptions with XML context when ErrorContext is set
    - GH #71 Move encoding maps from PERL5LIB to File::ShareDir
    - GH #73 XMLDecl handler now returns "yes"/"no" for standalone attribute
    - GH #101 Make LWP::UserAgent a recommended dependency, not required
    - GH #102 Expose expat security APIs: BillionLaughs and ReparseDeferral
    - GH #167 Modernize Perl pragmas across modules

  Documentation:
    - GH #55 Add ERROR HANDLING section and improve parse error documentation
    - GH #56 Clarify Char handler splitting behavior with example and docs
    - GH #74 Document predefined entity expansion in Tree style
    - GH #161 Fix Standalone parameter description in README

  Maintenance:
    - GH #25 Add Debug style multibyte character regression test
    - GH #28 Add tests for globref and lexical filehandle return values in ExternEnt handler
    - GH #31 Add encoding tests for windows-1251, koi8-r, windows-1255, and ibm866
    - GH #51 Skip external DTD tests when expat lacks parameter entity support
    - GH #150 Replace Artistic-2.0 LICENSE with correct Perl dual license
    - GH #151 Modernize xpcroak.t from Test.pm to Test::More
    - GH #155 Modernize CI workflow inspired by YAML-Syck
    - GH #159 Install libexpat1-dev in perl-tester CI containers
    - GH #163 Replace defunct Travis CI badge with GitHub Actions
    - GH #168 Update META_MERGE URLs to cpan-authors organization
    - Integrate Windows into overall CI test run


To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 pkgsrc/textproc/p5-XML-Parser/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/p5-XML-Parser/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/textproc/p5-XML-Parser/patches/patch-MANIFEST

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/p5-XML-Parser/Makefile
diff -u pkgsrc/textproc/p5-XML-Parser/Makefile:1.60 pkgsrc/textproc/p5-XML-Parser/Makefile:1.61
--- pkgsrc/textproc/p5-XML-Parser/Makefile:1.60 Fri Jul  4 08:48:40 2025
+++ pkgsrc/textproc/p5-XML-Parser/Makefile      Thu Mar 19 15:22:30 2026
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.60 2025/07/04 08:48:40 wiz Exp $
+# $NetBSD: Makefile,v 1.61 2026/03/19 15:22:30 wiz Exp $
 
-DISTNAME=      XML-Parser-2.47
+DISTNAME=      XML-Parser-2.48
 PKGNAME=       p5-${DISTNAME}
-PKGREVISION=   2
 CATEGORIES=    textproc perl5
-MASTER_SITES=  ${MASTER_SITE_PERL_CPAN:=XML/}
+MASTER_SITES=  ${MASTER_SITE_PERL_CPAN:=../../authors/id/T/TO/TODDR/}
 
 MAINTAINER=    bad%NetBSD.org@localhost
 HOMEPAGE=      https://metacpan.org/release/XML-Parser
@@ -13,11 +12,19 @@ LICENSE=    ${PERL5_LICENSE}
 
 DEPENDS+=      p5-libwww-[0-9]*:../../www/p5-libwww
 TOOL_DEPENDS+= p5-Devel-CheckLib-[0-9]*:../../devel/p5-Devel-CheckLib
+DEPENDS+=      p5-File-ShareDir-[0-9]*:../../devel/p5-File-ShareDir
+TOOL_DEPENDS+= p5-File-ShareDir-Install-[0-9]*:../../devel/p5-File-ShareDir-Install
 
 PERL5_PACKLIST=                auto/XML/Parser/.packlist
 MAKE_PARAMS+=          EXPATLIBPATH=${BUILDLINK_PREFIX.expat}/lib
 MAKE_PARAMS+=          EXPATINCPATH=${BUILDLINK_PREFIX.expat}/include
 
+# as of 2.48
+# Failed 2/42 test programs. 0/321 subtests failed.
+.if make(test)
+ALLOW_NETWORK_ACCESS=  yes
+.endif
+
 post-extract:
        ${RM} -f ${WRKSRC}/inc/Devel/CheckLib.pm
 

Index: pkgsrc/textproc/p5-XML-Parser/distinfo
diff -u pkgsrc/textproc/p5-XML-Parser/distinfo:1.18 pkgsrc/textproc/p5-XML-Parser/distinfo:1.19
--- pkgsrc/textproc/p5-XML-Parser/distinfo:1.18 Thu Apr 25 17:59:46 2024
+++ pkgsrc/textproc/p5-XML-Parser/distinfo      Thu Mar 19 15:22:30 2026
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.18 2024/04/25 17:59:46 schmonz Exp $
+$NetBSD: distinfo,v 1.19 2026/03/19 15:22:30 wiz Exp $
 
-BLAKE2s (XML-Parser-2.47.tar.gz) = 0b0aa25edc6148fa29f40ecc1e1f5573f183afa150a6144fecd9c2343b6f3c3a
-SHA512 (XML-Parser-2.47.tar.gz) = 3f9de53341bc85b87c88ad31e04b13f1f95516eec0d7e5fd1c1a3b3e66a91ca3d4de7c649978599219a4d4372f6218764ab5e1805b7155b5ca200006e1b0908f
-Size (XML-Parser-2.47.tar.gz) = 279029 bytes
-SHA1 (patch-MANIFEST) = 4978528649f510331ee50a904774a86c9a80d4af
+BLAKE2s (XML-Parser-2.48.tar.gz) = 3b832421149a33f90c6777a2bef7d9e8bf1887a7553d9ab3e2c303fe8b367a0a
+SHA512 (XML-Parser-2.48.tar.gz) = a8d67819e4e9eb278c120b31fdd59d510f71782bf7bc13153dbabbd1dbb24771c71fe59d83fa1c6c550853a5d7639922c9c44eee2cd6f7bdd5cc960161e721e2
+Size (XML-Parser-2.48.tar.gz) = 310359 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index