[pkgsrc/trunk]: pkgsrc/textproc/expat expat: update to 2.4.3.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/textproc/expat expat: update to 2.4.3.
From: wiz <wiz%pkgsrc.org@localhost>
Date: Mon, 17 Jan 2022 10:55:00 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5506d2c6ddee
branches:  trunk
changeset: 371972:5506d2c6ddee
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Mon Jan 17 08:49:34 2022 +0000

description:
expat: update to 2.4.3.

Release 2.4.3 Sun January 16 2022
        Security fixes:
       #531 #534  CVE-2021-45960 -- Fix issues with left shifts by >=29 places
                    resulting in
                      a) realloc acting as free
                      b) realloc allocating too few bytes
                      c) undefined behavior
                    depending on architecture and precise value
                    for XML documents with >=2^27+1 prefixed attributes
                    on a single XML tag a la
                    "<r xmlns:a='[..]' a:a123='[..]' [..] />"
                    where XML_ParserCreateNS is used to create the parser
                    (which needs argument "-n" when running xmlwf).
                    Impact is denial of service, or more.
       #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
                    on variable m_groupSize in function doProlog leading
                    to realloc acting as free.
                    Impact is denial of service or more.
            #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
                    near memory allocation at multiple places.  Mitre assigned
                    a dedicated CVE for each involved internal C function:
                    - CVE-2022-22822 for function addBinding
                    - CVE-2022-22823 for function build_model
                    - CVE-2022-22824 for function defineAttribute
                    - CVE-2022-22825 for function lookup
                    - CVE-2022-22826 for function nextScaffoldPart
                    - CVE-2022-22827 for function storeAtts
                    Impact is denial of service or more.

        Other changes:
            #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
            #541  Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
                    and MSYS2 by not going through Wine on these platforms
       #527 #528  Address compiler warnings
       #533 #543  Version info bumped from 9:2:8 to 9:3:8;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
            #536  CI: Check for realistic minimum CMake version
       #529 #539  CI: Cover compilation with -m32
            #529  CI: Store coverage reports as artifacts for download
            #528  CI: Upgrade Clang from 11 to 13

Release 2.4.2 Sun December 19 2021
        Other changes:
       #509 #510  Link againgst libm for function "isnan"
       #513 #514  Include expat_config.h as early as possible
            #498  Autotools: Include files with release archives:
                    - buildconf.sh
                    - fuzz/*.c
       #507 #519  Autotools: Sync CMake templates
       #495 #524  CMake: MinGW: Fix pkg-config section "Libs" for
                    - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
                    - multi-config CMake generators (e.g. Ninja Multi-Config)
       #502 #503  docs: Document that function XML_GetBuffer may return NULL
                    when asking for a buffer of 0 (zero) bytes size
       #522 #523  docs: Fix return value docs for both
                    XML_SetBillionLaughsAttackProtection* functions
       #525 #526  Version info bumped from 9:1:8 to 9:2:8;
                    see https://verbump.de/ for what these numbers do

diffstat:

 textproc/expat/Makefile |  4 ++--
 textproc/expat/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (25 lines):

diff -r d7ed659cf02b -r 5506d2c6ddee textproc/expat/Makefile
--- a/textproc/expat/Makefile   Mon Jan 17 05:06:55 2022 +0000
+++ b/textproc/expat/Makefile   Mon Jan 17 08:49:34 2022 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.47 2021/05/25 06:34:08 nia Exp $
+# $NetBSD: Makefile,v 1.48 2022/01/17 08:49:34 wiz Exp $
 
-DISTNAME=      expat-2.4.1
+DISTNAME=      expat-2.4.3
 CATEGORIES=    textproc
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=libexpat/}
 GITHUB_PROJECT=        libexpat
diff -r d7ed659cf02b -r 5506d2c6ddee textproc/expat/distinfo
--- a/textproc/expat/distinfo   Mon Jan 17 05:06:55 2022 +0000
+++ b/textproc/expat/distinfo   Mon Jan 17 08:49:34 2022 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.39 2021/10/26 11:21:53 nia Exp $
+$NetBSD: distinfo,v 1.40 2022/01/17 08:49:34 wiz Exp $
 
-BLAKE2s (expat-2.4.1.tar.gz) = 200b729d0725a700afe32a43e407f57898199f6d8ef3abc5246711f9c85d7fba
-SHA512 (expat-2.4.1.tar.gz) = 7390bf8d6b3e99f3bccc5c3d92f21d02c0b8ed29f1f9556e18dbae7caa813814b4fd7bd7aa2d711da27c97141d4a627b481b18ac57cef2c2438b78bac1c31203
-Size (expat-2.4.1.tar.gz) = 697439 bytes
+BLAKE2s (expat-2.4.3.tar.gz) = d11a306dcb01b2c52bbb76e73a339af693d96103ee90c1d64fe16898a18d8bbd
+SHA512 (expat-2.4.3.tar.gz) = 263bf62f8c3f23e4c22d88a79353e11456eb1993d7d4df14ca11e4a743b2b9610b789811610bd7833777cca338fb7c1e5bf9827c72ce515b03aac1f048103f8f
+Size (expat-2.4.3.tar.gz) = 705509 bytes

Prev by Date: [pkgsrc/trunk]: pkgsrc/devel/hs-hashable Compatibility with upcoming GHC 9.0.2
Next by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated textproc/expat to 2.4.3
Previous by Thread: [pkgsrc/trunk]: pkgsrc/devel/hs-hashable Compatibility with upcoming GHC 9.0.2
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated textproc/expat to 2.4.3
Indexes:

Home | Main Index | Thread Index | Old Index