pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2025Q4] pkgsrc/textproc/expat



To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2025Q4] pkgsrc/textproc/expat
From: "Maya Rashish" <maya%netbsd.org@localhost>
Date: Sun, 1 Feb 2026 19:20:12 +0000
 
Module Name:    pkgsrc
Committed By:   maya
Date:           Sun Feb  1 19:20:12 UTC 2026

Modified Files:
        pkgsrc/textproc/expat [pkgsrc-2025Q4]: Makefile distinfo

Log Message:
Pullup ticket #7049 - requested by bsiegert
textproc/expat: Security fix

Revisions pulled up:
- textproc/expat/Makefile                                       1.62
- textproc/expat/distinfo                                       1.56

---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Jan 31 17:39:43 UTC 2026

   Modified Files:
            pkgsrc/textproc/expat: Makefile distinfo

   Log Message:
   expat: update to 2.7.4.

   Release 2.7.4 Sat January 31 2026
            Security fixes:
               #1131  CVE-2026-24515 -- Function
   XML_ExternalEntityParserCreate
                        failed to copy the encoding handler data passed to
                        XML_SetUnknownEncodingHandler from the parent to the
   new
                        subparser. This can cause a NULL dereference (CWE-476)
   from
                        external entities that declare use of an unknown
   encoding.
                        The expected impact is denial of service. It takes use
   of
                        both functions XML_ExternalEntityParserCreate and
                        XML_SetUnknownEncodingHandler for an application to be
                        vulnerable.
               #1075  CVE-2026-25210 -- Add missing check for integer overflow
                        related to buffer size determination in function
   doContent

            Bug fixes:
               #1073  lib: Fix missing undoing of group size expansion in
   doProlog
                        failure cases
               #1107  xmlwf: Fix a memory leak
               #1104  WASI: Fix format specifiers for 32bit WASI SDK

            Other changes:
               #1105  lib: Fix strict aliasing
               #1106  lib: Leverage feature "flexible array member" of C99
               #1051  lib: Swap (size_t)(-1) for C99 equivalent SIZE_MAX
               #1109  lib|xmlwf: Return NULL instead of 0 for pointers
               #1068  lib|Windows: Clean up use of macro _MSC_EXTENSIONS with
   MSVC
               #1112  lib: Remove unused import
               #1110  xmlwf: Warn about XXE in --help output (and man page)
         #1102 #1103  WASI: Stop using getpid
         #1113 #1130  Autotools: Drop file expat.m4 that provided obsolete
   Autoconf
                        macro AM_WITH_EXPAT
               #1123  Autotools: Limit -Wno-pedantic-ms-format to MinGW
      #1129 #1134 ..
               #1087  Autotools|macOS: Sync CMake templates with CMake 4.0
         #1139 #1140  Autotools|CMake: Introduce off-by-default symbol
   versioning
                        The related build system flags are:
                        - For Autotools, configure with
   --enable-symbol-versioning
                        - For CMake, configure with
   -DEXPAT_SYMBOL_VERSIONING=ON
                        Please double-check for consequences before activating
                        this inside distro packaging. Bug reports welcome!
               #1117  Autotools|CMake: Remove libbsd support
               #1105  Autotools|CMake: Stop using -fno-strict-aliasing, and
   use
                        -Wstrict-aliasing=3 instead
               #1124  Autotools|CMake: Prefer command gsed (GNU sed) over sed
                        (e.g. for Solaris) inside fix-xmltest-log.sh
               #1067  CMake: Detect and warn about unusable
   check_c_compiler_flag
               #1137  CMake: Drop support for CMake <3.17
               #1138  CMake|Windows: Fix libexpat.def.cmake version comments

         #1086 #1110  docs: Add warning about external reference handlers and
   XXE
               #1066  docs: Be explicit that parent parsers need to outlive
                        subparsers
            #1089 ..
      #1090 #1091 ..
      #1092 #1093 ..
      #1094 #1098 ..
         #1115 #1116  docs: Misc non-content improvements to
   doc/reference.html
         #1132 #1133  Version info bumped from 12:1:11 (libexpat*.so.1.11.1)
                        to 12:2:11 (libexpat*.so.1.11.2); see
   https://verbump.de/
                        for what these numbers do

            Infrastructure:
         #1119 #1121  Document guidelines for contributing to Expat
               #1120  Introduce a pull request template
               #1074  CI: Stop using about-to-be-removed image "macos-13"
         #1083 #1088  CI: Mitigate random Wine crashes
               #1104  CI: Cover compilation with WASI SDK
               #1116  CI: Enforce clean doc XML formatting
            #1124 ..
         #1135 #1136  CI: Cover Solaris 11.4
               #1125  CI: Extend CI coverage of FreeBSD
         #1139 #1140  CI: Cover symbol versioning
               #1114  xmlwf: Reformat helpgen code (using Black 25.12.0)
               #1071  .gitignore: Add files CPackConfig.cmake and
                        CPackSourceConfig.cmake


To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.61.2.1 pkgsrc/textproc/expat/Makefile
cvs rdiff -u -r1.55 -r1.55.2.1 pkgsrc/textproc/expat/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: pkgsrc/textproc/expat/Makefile
diff -u pkgsrc/textproc/expat/Makefile:1.61 pkgsrc/textproc/expat/Makefile:1.61.2.1
--- pkgsrc/textproc/expat/Makefile:1.61 Thu Sep 25 07:03:33 2025
+++ pkgsrc/textproc/expat/Makefile      Sun Feb  1 19:20:12 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.61 2025/09/25 07:03:33 adam Exp $
+# $NetBSD: Makefile,v 1.61.2.1 2026/02/01 19:20:12 maya Exp $
 
-DISTNAME=      expat-2.7.3
+DISTNAME=      expat-2.7.4
 CATEGORIES=    textproc
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=libexpat/}
 GITHUB_PROJECT=        libexpat

Index: pkgsrc/textproc/expat/distinfo
diff -u pkgsrc/textproc/expat/distinfo:1.55 pkgsrc/textproc/expat/distinfo:1.55.2.1
--- pkgsrc/textproc/expat/distinfo:1.55 Thu Sep 25 07:03:33 2025
+++ pkgsrc/textproc/expat/distinfo      Sun Feb  1 19:20:12 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.55 2025/09/25 07:03:33 adam Exp $
+$NetBSD: distinfo,v 1.55.2.1 2026/02/01 19:20:12 maya Exp $
 
-BLAKE2s (expat-2.7.3.tar.gz) = c92c4f8433c201577399c1b3151bbcf2c10e7ff790544f1890e1303ab52f78d0
-SHA512 (expat-2.7.3.tar.gz) = 274546c0755a7ad5db43a3b723274ba213482d68677ba3ff0f5ea1de63cdd66032214f6e8e167cc8482f7d056a31f3871c26329545d6565fee8661647e9877ce
-Size (expat-2.7.3.tar.gz) = 800387 bytes
+BLAKE2s (expat-2.7.4.tar.gz) = 27646dba84b1caf2c783051d7937bd00e1b8a8eb85c08f892bcfec8b60f4f8f2
+SHA512 (expat-2.7.4.tar.gz) = 3fa9d9092f85f585351ee3f9e46009e289faa1288401e59e93513e2661f70742dfc3daee8639d2db2d8dc8348c01846ad5040ad8baf56f964778b075c3296bdf
+Size (expat-2.7.4.tar.gz) = 804806 bytes


Prev by Date: CVS commit: pkgsrc/doc

Next by Date: CVS commit: [pkgsrc-2025Q4] pkgsrc/doc

Previous by Thread: CVS commit: pkgsrc/doc

Next by Thread: CVS commit: [pkgsrc-2025Q4] pkgsrc/doc

Indexes:

reverse Date
reverse Thread
Old Index


Home | Main Index | Thread Index | Old Index