Subject: CVS commit: pkgsrc/textproc/expat
From: Thomas Klausner
Date: 2022-03-05 09:53:04
Message id: 20220305085304.D16F9FB24@cvs.NetBSD.org

Log Message:
expat: update to 2.4.7.

Release 2.4.7 Fri March 4 2022
        Bug fixes:
       #572 #577  Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
                    with regard to all valid URI characters (RFC 3986),
                    i.e. the following set (excluding whitespace):
                    ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
                    0123456789 % -._~ :/?#[]@ !$&'()*+,;=

        Other changes:
  #555 #570 #581  CMake|Windows: Store Expat version in the DLL
            #577  Document consequences of namespace separator choices not just
                    in doc/reference.html but also in header <expat.h>
            #577  Document Expat's lack of validation of namespace URIs against
                    RFC 3986, and that the XML 1.0r4 specification doesn't
                    require Expat to validate namespace URIs, and that Expat
                    may do more in that regard in future releases.
                    If you find need for strict RFC 3986 URI validation on
                    application level today, https://uriparser.github.io/ may
                    be of interest.
            #579  Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
            #575  Document that a call to XML_FreeContentModel can be done at
                    a later time from outside the element declaration handler
            #574  Make hardcoded namespace URIs easier to find in code
            #573  Update documentation on use of XML_POOR_ENTOPY on Solaris
       #569 #571  tests: Resolve use of macros NAN and INFINITY for GNU G++
                    4.8.2 on Solaris.
       #578 #580  Version info bumped from 9:6:8 to 9:7:8;
                    see https://verbump.de/ for what these numbers do

Files:
RevisionActionfile
1.45modifypkgsrc/textproc/expat/distinfo
1.52modifypkgsrc/textproc/expat/Makefile