./textproc/expat, XML parser library written in C

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.2.1, Package name: expat-2.2.1, Maintainer: drochner

This is James Clark's expat XML parser library in C. It is a stream oriented
parser that requires setting handlers to deal with the structure that the
parser discovers in the document.


Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: f45eb724f182776a9cacec9ed70d549e87198987
RMD160: 3c8e8e8c73775706d88b4938f514d85b49eac182
Filesize: 395.938 KB

Version history: (Expand)


CVS history: (Expand)


   2017-06-20 20:53:58 by S.P.Zeidler | Files touched by this commit (2)
Log message:
use the variant upstream chose (Debian also ran into the issue)
   2017-06-20 20:31:36 by S.P.Zeidler | Files touched by this commit (3)
Log message:
build fix for OS X and Solaris from Tim Zingelman <tez@netbsd.org>:
OS X & Solaris have sys/random.h but not getrandom() so the build fails
with a missing symbol.                                                          \ 
Test linking the getrandom snippet instead of only compiling it
in configure.
   2017-06-18 08:01:33 by S.P.Zeidler | Files touched by this commit (4) | Package updated
Log message:
update of expat from 2.2.0 to 2.2.1 (mostly security fixes and cleanup)

Security issues fixed:
CVE-2017-9233, CVE-2016-9063, improve fix for CVE-2016-5300

fixed regression from fix to CVE-2016-0718

Cleanup: Drop AmigaOS 4.x, Borland C++ Builder, OpenVMS, Open Watcom,
Visual Studio 6.0 and Pre-X Mac OS support
   2016-06-22 17:39:09 by Matthias Drochner | Files touched by this commit (5) | Package removed
Log message:
update to 2.2.0
changes:
-security patches which we already had in pkgsrc are integrated
-Use more entropy for hash initialization than the original fix
 to CVE-2012-0876
-Resolve troublesome internal call to srand that was introduced
 with Expat 2.1.0 when addressing CVE-2012-0876
   2016-05-17 21:15:01 by Matthias Drochner | Files touched by this commit (6)
Log message:
add patches from upstream to fix possible crashes and memory corruption
on malformed input (CVE-2016-0718)
Description: The Expat XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overflows during processing and error
reporting. The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. The bugs allow for a denial of service
attack in many applications by an unauthenticated attacker, and could
conceivably result in remote code execution.

bump PKGREV

also add an improvement to the fix for CVE-2015-1283 which was part
of the 2.1.1 release -- don't rely on defined behaviour on overflows
of signed integer operations, from upstream git:
https://sourceforge.net/p/expat/code_gi … 785d71bde/

pkgsrc change: add a hint how to run the pkg's selftest (not enabled
permanently because this would add a dependency on C++)
   2016-03-18 10:36:26 by Thomas Klausner | Files touched by this commit (1)
Log message:
revert ABI/ABI bump for expat.

Not necessary and cuases problems.
   2016-03-16 20:55:55 by Ryo ONODERA | Files touched by this commit (5) | Package updated
Log message:
Update to 2.1.1

Changelog:
Release 2.1.1 Sat March 12 2016
        Security fixes:
            #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer

        Bug fixes:
            #502: Fix potential null pointer dereference
            #520: Symbol XML_SetHashSalt was not exported
            Output of "xmlwf -h" was incomplete

        Other changes
            #503: Document behavior of calling XML_SetHashSalt with salt 0
            Minor improvements to man page xmlwf(1)
            Improvements to the experimental CMake build system
            libtool now invoked with --verbose
   2016-01-01 02:29:30 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Do not use GNU make, bump PKGREVISION
Fix circular dependency of PREFER_PKGSRC=yes case.