pkgsrc.se | The NetBSD package collection

./textproc/expat, XML parser library written in C

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2022Q3, Version: 2.5.0, Package name: expat-2.5.0, Maintainer: pkgsrc-users

This is James Clark's expat XML parser library in C. It is a stream oriented
parser that requires setting handlers to deal with the structure that the
parser discovers in the document.

Master sites:

https://github.com/libexpat/ (Download)

Filesize: 702.378 KB

Version history: (Expand)

(2022-11-26) Updated to version: expat-2.5.0
(2022-09-26) Package added to pkgsrc.se, version expat-2.4.9 (created)

CVS history: (Expand)

2022-11-26 18:01:44 by S.P.Zeidler | Files touched by this commit (2) | Package updated

Log message:
Pullup ticket #6696 - requested by bsiegert
textproc/expat: security update

Revisions pulled up:
- textproc/expat/Makefile                                       1.54
- textproc/expat/distinfo                                       1.47

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Wed Oct 26 10:37:47 UTC 2022

   Modified Files:
           pkgsrc/textproc/expat: Makefile distinfo

   Log message:
   expat: update to 2.5.0.

   Release 2.5.0 Tue October 25 2022
           Security fixes:
     #616 #649 #650  CVE-2022-43680 -- Fix heap use-after-free after overeager
                       destruction of a shared DTD in function
                       XML_ExternalEntityParserCreate in out-of-memory situations.
                       Expected impact is denial of service or potentially
                       arbitrary code execution.

           Bug fixes:
          #612 #645  Fix curruption from undefined entities
          #613 #654  Fix case when parsing was suspended while processing nested
                       entities
     #616 #652 #653  Stop leaking opening tag bindings after a closing tag
                       mismatch error where a parser is reset through
                       XML_ParserReset and then reused to parse
               #656  CMake: Fix generation of pkg-config file
               #658  MinGW|CMake: Fix static library name

           Other changes:
               #663  Protect header expat_config.h from multiple inclusion
               #666  examples: Make use of XML_GetBuffer and be more
                       consistent across examples
               #648  Address compiler warnings
          #667 #668  Version info bumped from 9:9:8 to 9:10:8;
                       see https://verbump.de/ for what these numbers do

           Special thanks to:
               Jann Horn
               Mark Brand
               Osyotr
               Rhodri James
                    and
               Google Project Zero

   To generate a diff of this commit:
   cvs rdiff -u -r1.53 -r1.54 pkgsrc/textproc/expat/Makefile
   cvs rdiff -u -r1.46 -r1.47 pkgsrc/textproc/expat/distinfo