./textproc/expat, XML parser library written in C

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.1.0, Package name: expat-2.1.0, Maintainer: drochner

This is James Clark's expat XML parser library in C. It is a stream oriented
parser that requires setting handlers to deal with the structure that the
parser discovers in the document.


Master sites:

SHA1: b08197d146930a5543a7b99e871cba3da614f6f0
RMD160: bffca083d29fe7688f106a902ef9b909c3321c5d
Filesize: 549.43 KB

Version history: (Expand)


CVS history: (Expand)


   2014-10-09 16:07:17 by Thomas Klausner | Files touched by this commit (1163)
Log message:
Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles.
   2013-11-23 13:36:34 by OBATA Akio | Files touched by this commit (1)
Log message:
Use find-headers instead of find-files to detect builtin header files.
   2012-10-25 08:57:09 by Aleksej Saushev | Files touched by this commit (587)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
   2012-04-01 10:52:43 by OBATA Akio | Files touched by this commit (5) | Package updated
Log message:
Update expat to 2.1.0, contains security fixes.

Release 2.1.0 Sat March 24 2012
        - Bug Fixes:
          #1742315: Harmful XML_ParserCreateNS suggestion.
          #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
          #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
          #1983953, 2517952, 2517962, 2649838:
                Build modifications using autoreconf instead of buildconf.sh.
          #2815947, #2884086: OBJEXT and EXEEXT support while building.
          #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
          #2517938: xmlwf should return non-zero exit status if not well-formed.
          #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
          #2855609: Dangling positionPtr after error.
          #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
          #2958794: CVE-2012-1148 - Memory leak in poolGrow.
          #2990652: CMake support.
          #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
          #3206497: Unitialized memory returned from XML_Parse.
          #3287849: make check fails on mingw-w64.
          #3496608: CVE-2012-0876 - Hash DOS attack.
        - Patches:
          #1749198: pkg-config support.
          #3010222: Fix for bug #3010819.
          #3312568: CMake support.
          #3446384: Report byte offsets for attr names and values.
        - New Features / API changes:
          Added new API member XML_SetHashSalt() that allows setting an intial
                value (salt) for hash calculations. This is part of the fix for
                bug #3496608 to randomize hash parameters.
          When compiled with XML_ATTR_INFO defined, adds new API member
                XML_GetAttributeInfo() that allows retrieving the byte
                offsets for attribute names and values (patch #3446384).
          Added CMake build system.
                See bug #2990652 and patch #3312568.
          Added run-benchmark target to Makefile.in - relies on testdata module
                present in the same relative location as in the repository.
   2012-03-19 13:34:25 by Joerg Sonnenberger | Files touched by this commit (23)
Log message:
Drop imake-check logic from X11 components' builtin.mk.
Always use xorg-cf-files and imake from pkgsrc, replacing xpkgwedge.
Always install man pages, not cat pages when using imake.
Unify the various imake PLIST variables in preparation for dropping.
Adjust xbattbar for the new expectations.
   2010-07-04 18:34:46 by OBATA Akio | Files touched by this commit (1)
Log message:
Support buitin expat for Haiku.
   2010-01-26 19:37:02 by Matthias Drochner | Files touched by this commit (3) | Package updated
Log message:
add patch from upstream CVS to fix CVE-2009-3560
(possible DOS due to crash on bad input)
bump PKGREVISION
   2009-11-08 09:34:32 by OBATA Akio | Files touched by this commit (2)
Log message:
Note that patch-aa is for CVE-2009-3720.