Log Message:
Pullup ticket #5026 - requested by drochner
textproc/expat: security fix

Revisions pulled up:
- textproc/expat/Makefile                                       1.32
- textproc/expat/distinfo                                       1.25
- textproc/expat/patches/patch-CVE-2016-0718-1                  1.1
- textproc/expat/patches/patch-CVE-2016-0718-2                  1.1
- textproc/expat/patches/patch-CVE-2016-0718-3                  1.1
- textproc/expat/patches/patch-CVE-2016-0718-4                  1.1

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue May 17 19:15:01 UTC 2016

   Modified Files:
           pkgsrc/textproc/expat: Makefile distinfo
   Added Files:
           pkgsrc/textproc/expat/patches: patch-CVE-2016-0718-1
               patch-CVE-2016-0718-2 patch-CVE-2016-0718-3 patch-CVE-2016-0718-4

   Log Message:
   add patches from upstream to fix possible crashes and memory corruption
   on malformed input (CVE-2016-0718)
   Description: The Expat XML parser mishandles certain kinds of malformed
   input documents, resulting in buffer overflows during processing and
   error reporting. The overflows can manifest as a segmentation fault or
   as memory corruption during a parse operation. The bugs allow for a
   denial of service attack in many applications by an unauthenticated
   attacker, and could conceivably result in remote code execution.

   bump PKGREV

   also add an improvement to the fix for CVE-2015-1283 which was part
   of the 2.1.1 release -- don't rely on defined behaviour on overflows
   of signed integer operations, from upstream git:
   \ 
https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/

   pkgsrc change: add a hint how to run the pkg's selftest (not enabled
   permanently because this would add a dependency on C++)