diff options
| author | spz <spz@pkgsrc.org> | 2022-11-26 17:01:44 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2022-11-26 17:01:44 +0000 |
| commit | 74f4ed77ed1591a81fe60ae119b5bae826daaca0 (patch) | |
| tree | 3b808708347b46ea1689f493ae1a992d337b9323 | |
| parent | d8f250acd2b1a0f70d743b16ef4470926f333d6c (diff) | |
| download | pkgsrc-74f4ed77ed1591a81fe60ae119b5bae826daaca0.tar.gz | |
Pullup ticket #6696 - requested by bsiegert
textproc/expat: security update
Revisions pulled up:
- textproc/expat/Makefile 1.54
- textproc/expat/distinfo 1.47
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 26 10:37:47 UTC 2022
Modified Files:
pkgsrc/textproc/expat: Makefile distinfo
Log Message:
expat: update to 2.5.0.
Release 2.5.0 Tue October 25 2022
Security fixes:
#616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager
destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially
arbitrary code execution.
Bug fixes:
#612 #645 Fix curruption from undefined entities
#613 #654 Fix case when parsing was suspended while processing nested
entities
#616 #652 #653 Stop leaking opening tag bindings after a closing tag
mismatch error where a parser is reset through
XML_ParserReset and then reused to parse
#656 CMake: Fix generation of pkg-config file
#658 MinGW|CMake: Fix static library name
Other changes:
#663 Protect header expat_config.h from multiple inclusion
#666 examples: Make use of XML_GetBuffer and be more
consistent across examples
#648 Address compiler warnings
#667 #668 Version info bumped from 9:9:8 to 9:10:8;
see https://verbump.de/ for what these numbers do
Special thanks to:
Jann Horn
Mark Brand
Osyotr
Rhodri James
and
Google Project Zero
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 pkgsrc/textproc/expat/Makefile
cvs rdiff -u -r1.46 -r1.47 pkgsrc/textproc/expat/distinfo
| -rw-r--r-- | textproc/expat/Makefile | 4 | ||||
| -rw-r--r-- | textproc/expat/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/textproc/expat/Makefile b/textproc/expat/Makefile index aa5c3d5c9b0..d7a0f094f94 100644 --- a/textproc/expat/Makefile +++ b/textproc/expat/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.53 2022/09/21 10:52:51 wiz Exp $ +# $NetBSD: Makefile,v 1.53.2.1 2022/11/26 17:01:44 spz Exp $ -DISTNAME= expat-2.4.9 +DISTNAME= expat-2.5.0 CATEGORIES= textproc MASTER_SITES= ${MASTER_SITE_GITHUB:=libexpat/} GITHUB_PROJECT= libexpat diff --git a/textproc/expat/distinfo b/textproc/expat/distinfo index 2675202b43b..5fa8134dbdf 100644 --- a/textproc/expat/distinfo +++ b/textproc/expat/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.46 2022/09/21 10:52:51 wiz Exp $ +$NetBSD: distinfo,v 1.46.2.1 2022/11/26 17:01:44 spz Exp $ -BLAKE2s (expat-2.4.9.tar.gz) = c728e6b315553e54adc80a83ba188aeb785c85a9976f43cb5a4bbca676d778e1 -SHA512 (expat-2.4.9.tar.gz) = 1f30e4d363cc1753137d0f3f6b6267d91fc40412cabb463d06bff9268ee7d8f34c242f02948a3450d186c0502b5e5238894ff1990c4b9440c0f9398ccb29d066 -Size (expat-2.4.9.tar.gz) = 717049 bytes +BLAKE2s (expat-2.5.0.tar.gz) = 2f284355b044c2f48b0066408c3333975e2748230afcfcd0c63cc872dc7f2c47 +SHA512 (expat-2.5.0.tar.gz) = f1ff7da5fafb47dcd6e0f0d892826aba6de76509c8497bc00382f1109ab8e2a93d396943dbb52216457044993a39d73728048adf650d8e83e28189edc7b78402 +Size (expat-2.5.0.tar.gz) = 719235 bytes |