Subject: CVS commit: pkgsrc/textproc/expat
From: Thomas Klausner
Date: 2022-02-01 13:10:18
Message id:

Log Message:
expat: update to 2.4.4.

Release 2.4.4 Sun January 30 2022
        Security fixes:
            #550  CVE-2022-23852 -- Fix signed integer overflow
                    (undefined behavior) in function XML_GetBuffer
                    (that is also called by function XML_Parse internally)
                    for when XML_CONTEXT_BYTES is defined to >0 (which is both
                    common and default).
                    Impact is denial of service or more.
            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
                    doProlog triggered by large content in element type
                    declarations when there is an element declaration handler
                    present (from a prior call to XML_SetElementDeclHandler).
                    Impact is denial of service or more.

        Bug fixes:
       #544 #545  xmlwf: Fix a memory leak on output file opening error

        Other changes:
            #546  Autotools: Fix broken CMake support under Cygwin
            #554  Windows: Add missing files to the installer to fix
                    compilation with CMake from installed sources
       #552 #554  Version info bumped from 9:3:8 to 9:4:8;
                    see for what these numbers do