CVS commit: pkgsrc/textproc/expat

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/textproc/expat
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Wed, 4 Sep 2024 13:08:26 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed Sep  4 13:08:26 UTC 2024

Modified Files:
        pkgsrc/textproc/expat: Makefile distinfo

Log Message:
expat: updated to 2.6.3

Release 2.6.3 Wed September 4 2024
 Security fixes:
 CVE-2024-45490 -- Calling function XML_ParseBuffer with
             len < 0 without noticing and then calling XML_GetBuffer
             will have XML_ParseBuffer fail to recognize the problem
             and XML_GetBuffer corrupt memory.
             With the fix, XML_ParseBuffer now complains with error
             XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
             has been doing since Expat 2.2.1, and now documented.
             Impact is denial of service to potentially artitrary code
             execution.
 CVE-2024-45491 -- Internal function dtdCopy can have an
             integer overflow for nDefaultAtts on 32-bit platforms
             (where UINT_MAX equals SIZE_MAX).
             Impact is denial of service to potentially artitrary code
             execution.
 CVE-2024-45492 -- Internal function nextScaffoldPart can
             have an integer overflow for m_groupSize on 32-bit
             platforms (where UINT_MAX equals SIZE_MAX).
             Impact is denial of service to potentially artitrary code
             execution.

 Other changes:
 Autotools: Sync CMake templates with CMake 3.28
      Autotools: Always provide path to find(1) for portability
      Autotools: Ensure that the m4 directory always exists.
      Autotools: Simplify handling of SIZEOF_VOID_P
      Autotools: Support non-GNU sed
      Autotools|CMake: Fix main() to main(void)
      Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
      Autotools|CMake: Stop requiring dos2unix
 CMake: Fix check for symbols size_t and off_t
      docs|tests: Convert README to Markdown and update
      Windows: Drop support for Visual Studio <=15.0/2017
      Drop needless XML_DTD guards around is_param access
      Fix typo in a code comment
 Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
             to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
             for what these numbers do

 Infrastructure:
      Readme: Promote the call for help
      CI: Fix various issues
      CI: Allow triggering GitHub Actions workflows manually
    ..
 CI: Adapt to breaking changes in GitHub Actions


To generate a diff of this commit:
cvs rdiff -u -r1.57 -r1.58 pkgsrc/textproc/expat/Makefile
cvs rdiff -u -r1.50 -r1.51 pkgsrc/textproc/expat/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/expat/Makefile
diff -u pkgsrc/textproc/expat/Makefile:1.57 pkgsrc/textproc/expat/Makefile:1.58
--- pkgsrc/textproc/expat/Makefile:1.57 Thu Mar 14 09:15:57 2024
+++ pkgsrc/textproc/expat/Makefile      Wed Sep  4 13:08:26 2024
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.57 2024/03/14 09:15:57 wiz Exp $
+# $NetBSD: Makefile,v 1.58 2024/09/04 13:08:26 adam Exp $
 
-DISTNAME=      expat-2.6.2
+DISTNAME=      expat-2.6.3
 CATEGORIES=    textproc
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=libexpat/}
 GITHUB_PROJECT=        libexpat
@@ -15,11 +15,11 @@ USE_LANGUAGES=              c c++
 USE_LIBTOOL=           yes
 USE_TOOLS+=            bash:test
 GNU_CONFIGURE=         yes
+CONFIGURE_ARGS+=       --without-docbook
 CONFIGURE_ARGS+=       --without-examples
 CONFIGURE_ARGS+=       --without-tests
 # workaround suggested by upstream; xmlwf.1 is in tarball, so docbook not needed
 CONFIGURE_ENV+=                DOCBOOK_TO_MAN=false
-CONFIGURE_ARGS+=       --without-docbook
 
 TEST_TARGET=   check
 REPLACE_BASH=  test-driver-wrapper.sh

Index: pkgsrc/textproc/expat/distinfo
diff -u pkgsrc/textproc/expat/distinfo:1.50 pkgsrc/textproc/expat/distinfo:1.51
--- pkgsrc/textproc/expat/distinfo:1.50 Thu Mar 14 09:15:57 2024
+++ pkgsrc/textproc/expat/distinfo      Wed Sep  4 13:08:26 2024
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.50 2024/03/14 09:15:57 wiz Exp $
+$NetBSD: distinfo,v 1.51 2024/09/04 13:08:26 adam Exp $
 
-BLAKE2s (expat-2.6.2.tar.gz) = 72c3492d392007d75e8263d09df4fd24d2e98ee8700d18eb937966f33e725095
-SHA512 (expat-2.6.2.tar.gz) = aab95f567bfe4e09b7776be9cdc0d4c1f9df262762f22eed79e211d4f608df0168b0212f885926b7e0150afc39eb36c79e1702e8d08552e37202b9b0d8e4bc40
-Size (expat-2.6.2.tar.gz) = 764009 bytes
+BLAKE2s (expat-2.6.3.tar.gz) = fcc81c1c25ef679e6c93fe93c7c1b0cc5a306f94163d3e53b506917cb6537185
+SHA512 (expat-2.6.3.tar.gz) = 0c0f0df947bbe7084ba2bffce082bc40e061cbf02363f3043e8e6be33b71277dbf13fd54dcc0f641b704293e3faea5b8c1d3c752737db4c908097bf5df8bd02d
+Size (expat-2.6.3.tar.gz) = 764617 bytes

Prev by Date: CVS commit: pkgsrc/comms/kermit
Next by Date: CVS commit: pkgsrc/print/py-pikepdf
Previous by Thread: CVS commit: pkgsrc/comms/kermit
Next by Thread: CVS commit: pkgsrc/print/py-pikepdf
Indexes:

Home | Main Index | Thread Index | Old Index