| non port: textproc/expat2/distinfo |
Number of commits found: 33 |
|
Saturday, 23 Mar 2024
|
11:13 Daniel Engberg (diizzy) 
textproc/expat2: Update to 2.6.2
Fixes CVE-2024-28757
Changelog
https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes
PR: 277772
Approved by: desktop (tcberner)
Sponsored by: Blinkinblox
Exp-run by: antoine
    bf99270 |
|
Friday, 8 Mar 2024
|
20:19 Daniel Engberg (diizzy)
textproc/expat2: Update to 2.6.1
Changelog:
https://github.com/libexpat/libexpat/blob/R_2_6_1/expat/Changes
PR: 277463
Approved by: desktop (tcberner)
Sponsored by: Blinkinblox
Exp-run by: antoine
6e1ffc0 |
|
Sunday, 18 Feb 2024
|
16:16 Daniel Engberg (diizzy)
textproc/expat2: Update to 2.6.0
Fixes CVE-2023-52425 and CVE-2023-52426
Changelog:
https://github.com/libexpat/libexpat/blob/R_2_6_0/expat/Changes
References:
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2023-52426
PR: 276946
Approved by: desktop (tcberner)
Exp-run by: antoine
bc99518 |
|
Wednesday, 2 Nov 2022
|
13:25 Olivier Cochard (olivier)
textproc/expat2: Update to 2.5.0
PR: 267398
Approved by: tcberner, antoine
59c13e4 |
|
Tuesday, 27 Sep 2022
|
04:06 Tobias C. Berner (tcberner)
textproc/expat2: update to 2.4.9
Release 2.4.9 Tue September 20 2022
Security fixes:
#629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in
function doContent. Expected impact is denial of service
or potentially arbitrary code execution.
Bug fixes:
#634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
#614 docs: Fix documentation on effect of switch XML_DTD on
symbol visibility in doc/reference.html
Other changes:
#638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output
#596 #625 Autotools: Sync CMake templates with CMake 3.22
#608 CMake: Migrate from use of CMAKE_*_POSTFIX to
dedicated variables EXPAT_*_POSTFIX to stop affecting
other projects
#597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners
and fuzzers
#512 #621 Windows|CMake: Render .def file from a template to fix
linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
#611 #621 MinGW|CMake: Apply MSVC .def file when linking
#622 #624 MinGW|CMake: Sync library name with GNU Autotools,
i.e. produce libexpat-1.dll rather than libexpat.dll
by default. Filename libexpat.dll.a is unaffected.
#632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
toolchain file "cmake/mingw-toolchain.cmake" to avoid
error "windres: Command not found" on e.g. Ubuntu 20.04
#597 #627 CMake: Unify inconsistent use of set() and option() in
context of public build time options to take need for
set(.. FORCE) in projects using Expat by means of
add_subdirectory(..) off Expat's users' shoulders
#626 #641 Stop exporting API symbols when building a static library
#644 Resolve use of deprecated "fgrep" by "grep -F"
#620 CMake: Make documentation on variables a bit more consistent
#636 CMake: Drop leading whitespace from a #cmakedefine line in
file expat_config.h.cmake
#594 xmlwf: Fix harmless variable mix-up in function nsattcmp
#592 #593 #610 Address Cppcheck warnings
#643 Address Clang 15 compiler warnings
#642 #644 Version info bumped from 9:8:8 to 9:9:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#597 #598 CI: Windows: Start covering MSVC 2022
#619 CI: macOS: Migrate off deprecated macOS 10.15
#632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work
#643 CI: Upgrade Clang from 14 to 15
#637 apply-clang-format.sh: Add support for BSD find
#633 coverage.sh: Exclude MinGW headers
#635 coverage.sh: Fix name collision for -funsigned-char
Special thanks to:
David Faure
Felix Wilhelm
Frank Bergmann
Rhodri James
Rosen Penev
Thijs Schreijer
Vincent Torri
and
Google Project Zero
Exp-run by: antoine
PR: 266524
9901fd0 |
|
Monday, 4 Apr 2022
|
13:07 Tobias C. Berner (tcberner)
textproc/expat2: update to 2.4.8
Release 2.4.8 Mon March 28 2022
Other changes:
#587 pkg-config: Move "-lm" to section "Libs.private"
#587 CMake|MSVC: Fix pkg-config section "Libs"
#55 #582 CMake|macOS: Start using linker arguments
"-compatibility_version <version>" and
"-current_version <version>" in a way compatible with
GNU Libtool
#590 #591 Version info bumped from 9:7:8 to 9:8:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#589 CI: Upgrade Clang from 13 to 14
Special thanks to:
evpobr
Kai Pastor
Sam James
Exp-run by: antoine
PR: 262944
709f05a |
|
Thursday, 10 Mar 2022
|
05:14 Tobias C. Berner (tcberner)
textproc/expat2: update to 2.4.7
From [1]:
Release 2.4.7 Fri March 4 2022
Bug fixes:
#572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
with regard to all valid URI characters (RFC 3986),
i.e. the following set (excluding whitespace):
ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
0123456789 % -._~ :/?#[]@ !$&'()*+,;=
Other changes:
#555 #570 #581 CMake|Windows: Store Expat version in the DLL
#577 Document consequences of namespace separator choices not just
in doc/reference.html but also in header <expat.h>
#577 Document Expat's lack of validation of namespace URIs against
RFC 3986, and that the XML 1.0r4 specification doesn't
require Expat to validate namespace URIs, and that Expat
may do more in that regard in future releases.
If you find need for strict RFC 3986 URI validation on
application level today, https://uriparser.github.io/ may
be of interest.
#579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
#575 Document that a call to XML_FreeContentModel can be done at
a later time from outside the element declaration handler
#574 Make hardcoded namespace URIs easier to find in code
#573 Update documentation on use of XML_POOR_ENTOPY on Solaris
#569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++
4.8.2 on Solaris.
#578 #580 Version info bumped from 9:6:8 to 9:7:8;
see https://verbump.de/ for what these numbers do
Special thanks to:
Jeffrey Walton
Johnny Jazeix
Thijs Schreijer
Release 2.4.6 Sun February 20 2022
Bug fixes:
#566 Fix a regression introduced by the fix for CVE-2022-25313
in release 2.4.5 that affects applications that (1)
call function XML_SetElementDeclHandler and (2) are
parsing XML that contains nested element declarations
(e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
Other changes:
#567 #568 Version info bumped from 9:5:8 to 9:6:8;
see https://verbump.de/ for what these numbers do
Special thanks to:
Matt Sergeant
Samanta Navarro
Sergei Trofimovich
and
NixOS
Perl XML::Parser
Release 2.4.5 Fri February 18 2022
Security fixes:
#562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
sequences (e.g. from start tag names) to the XML
processing application on top of Expat can cause
arbitrary damage (e.g. code execution) depending
on how invalid UTF-8 is handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
#561 CVE-2022-25236 -- Passing (one or more) namespace separator
characters in "xmlns[:prefix]" attribute values
made Expat send malformed tag names to the XML
processor on top of Expat which can cause
arbitrary damage (e.g. code execution) depending
on such unexpectable cases are handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
#558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
that could be triggered by e.g. a 2 megabytes
file with a large number of opening braces.
Expected impact is denial of service or potentially
arbitrary code execution.
#560 CVE-2022-25314 -- Fix integer overflow in function copyString;
only affects the encoding name parameter at parser creation
time which is often hardcoded (rather than user input),
takes a value in the gigabytes to trigger, and a 64-bit
machine. Expected impact is denial of service.
#559 CVE-2022-25315 -- Fix integer overflow in function
storeRawNames;
needs input in the gigabytes and a 64-bit machine.
Expected impact is denial of service or potentially
arbitrary code execution.
Other changes:
#557 #564 Version info bumped from 9:4:8 to 9:5:8;
see https://verbump.de/ for what these numbers do
Special thanks to:
Ivan Fratric
Samanta Navarro
and
Google Project Zero
JetBrains
[1] Changelog:
https://github.com/libexpat/libexpat/blob/R_2_4_7/expat/Changes
Exp-run by: antoine
PR: 262381
Security: CVE-2022-25235
Security: CVE-2022-25236
Security: CVE-2022-25313
Security: CVE-2022-25314
Security: CVE-2022-25315
5a4db4d |
|
Saturday, 5 Feb 2022
|
06:42 Tobias C. Berner (tcberner)
textproc/expat2: update to 2.4.4
Release 2.4.4 Sun January 30 2022
Security fixes:
#550 CVE-2022-23852 -- Fix signed integer overflow
(undefined behavior) in function XML_GetBuffer
(that is also called by function XML_Parse internally)
for when XML_CONTEXT_BYTES is defined to >0 (which is both
common and default).
Impact is denial of service or more.
#551 CVE-2022-23990 -- Fix unsigned integer overflow in function
doProlog triggered by large content in element type
declarations when there is an element declaration handler
present (from a prior call to XML_SetElementDeclHandler).
Impact is denial of service or more.
Bug fixes:
#544 #545 xmlwf: Fix a memory leak on output file opening error
Other changes:
#546 Autotools: Fix broken CMake support under Cygwin
#554 Windows: Add missing files to the installer to fix
compilation with CMake from installed sources
#552 #554 Version info bumped from 9:3:8 to 9:4:8;
see https://verbump.de/ for what these numbers do
Special thanks to:
Carlo Bramini
hwt0415
Roland Illig
Samanta Navarro
and
Clang LeakSan and the Clang team
PR: 261597
Exp-run by: antoine
4c6bb04 |
|
Friday, 21 Jan 2022
|
08:04 Tobias C. Berner (tcberner)
textproc/expat2: update to 2.4.3
From [1]:
libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one
of the most widely used software libre XML parsers written in C,
precisely C99. It is cross-platform and licensed under the MIT license.
Expat 2.4.3 has been released earlier today. Besides two minor fixes to
the build system, this release is about security fixes. There is a total
of 8 CVEs fixed, all related to fixed-size integer math (integer
overflow and invalid shifts) near memory allocation. Impact is denial of
service, or more.
* CVE-2021-45960
* CVE-2021-46143
* CVE-2022-22822
* CVE-2022-22823
* CVE-2022-22824
* CVE-2022-22825
* CVE-2022-22826
* CVE-2022-22827
For more details, please check out the change log [2].
[1] https://blog.hartwork.org/posts/expat-2-4-3-released/
[2] https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes
Exp-run by: antoine
PR: 261285
97d40c6 |
|
Monday, 27 Dec 2021
|
13:08 Daniel Engberg (diizzy)
textproc/expat2: Update to 2.4.2
Changelog: https://github.com/libexpat/libexpat/blob/R_2_4_2/expat/Changes
PR: 260580
Approved by: tcberner (mentor), desktop (tcberner)
Exp-run by: antoine
18a7d3d |
|
Thursday, 27 May 2021
|
08:56 Tobias C. Berner (tcberner)
textprox/expat2: update to 2.4.1 -- fixes CVE-2013-0340/CWE-776
See [1] for details:
Expat 2.4.0 and follow-up release 2.4.1 have both been released earlier
today (21-05-23). Release 2.4.0 fixes long known security issue CVE-2013-0340
by
adding protection against so-called Billion Laughs Attacks, a form of
denial of service against applications accepting XML input, in all known
variations, including recent flavor Parameter Laughs.
[1]
https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0
PR: 256121
Exp-run by: antoine
1454ab4 |
|
Wednesday, 14 Apr 2021
|
17:38 Tobias C. Berner (tcberner) Author: Daniel Engberg
textproc/expat: update to 2.3.0
- Move static libraries behind an option STATIC. This will likely
be dropped completely in the next update.
PR: 254543
Exp-run by: antoine
d06d718 |
|
Monday, 16 Nov 2020
|
18:15 tcberner
textproc/expat2: Update to 2.2.10
- give maintainership to desktop@
- add test target
Changelog:
https://github.com/libexpat/libexpat/blob/R_2_2_10/expat/Changes
PR: 243228
Submitted by: daniel.engberg.lists@pyret.net
Exp-run by: antoine
Approved by: Sergei Vyshenski <svysh.fbsd@gmail.com> (previous maintainer)
  |
|
Thursday, 19 Sep 2019
|
12:37 pi
textproc/expat2: upgrade 2.2.7 -> 2.2.8
PR: 240613
Submitted by: Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer)
Exp-Run by: antoine
Relnotes: https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes
Security: CVE-2019-15903
|
|
Monday, 16 Sep 2019
|
11:16 pi
textproc/expat2: upgrade 2.2.6 -> 2.2.7
- exp-run by antoine
PR: 238864
Submitted by: Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer)
Reviewed by: koobs
Relnotes: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
Security: https://github.com/libexpat/libexpat/issues/186
https://github.com/libexpat/libexpat/pull/262
|
|
Monday, 27 Aug 2018
|
15:11 swills
textproc/expat2: update to 2.2.6
PR: 230653
Submitted by: Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer)
Exp-run by: antoine
|
|
Wednesday, 20 Dec 2017
|
19:58 adamw
Update to 2.2.5. Submitter becomes maintainer after consecutive and
lengthy timeouts.
PR: 221634
Submitted by: svysh.fbsd@gmail.com
Approved by: maintainer timeout (4 months)
Exp-run by: antoine
|
|
Thursday, 29 Jun 2017
|
08:39 tijl
Update to 2.2.1.
Security: CVE-2017-9233
|
|
Friday, 8 Jul 2016
|
10:03 tijl
Update to 2.2.0.
PR: 210531
Approved by: maintainer timeout (2 weeks)
|
|
Friday, 20 May 2016
|
01:07 junovitch
textproc/expat2: update 2.1.0 -> 2.1.1
- Update USES for new release format
- Drop CVE-2015-1283 patch now included in this release
- Add patch for CVE-2016-0718
PR: 209360
Submitted by: tijl
Approved by: ports-secteam (with hat)
Security: CVE-2016-0718
Security: https://vuxml.FreeBSD.org/freebsd/57b3aba7-1e25-11e6-8dd3-002590263bf5.html
|
|
Monday, 29 Jul 2013
|
17:12 tijl
Update to 2.1.0.
PR: ports/167636
Submitted by: sunpoet (with modifications)
Approved by: kuriyama (maintainer)
|
|
Sunday, 3 Jul 2011
|
14:40 ohauer
-remove MD5
|
|
Friday, 11 Apr 2008
|
13:57 pav
- Update to 2.0.1
PR: ports/113550
Submitted by: bf <bf2006a@yahoo.com>
Approved by: maintainer timeout (kuriyama; 10 months)
|
|
Monday, 30 Jan 2006
|
23:18 kuriyama
- Upgrade to 2.0.0 (almost bugfixes from 1.95.8).
- Bump shlib version to 6.
|
|
Tuesday, 24 Jan 2006
|
03:10 edwin
SHA256ify
Approved by: krion@
|
|
Wednesday, 4 Aug 2004
|
04:46 kuriyama
Upgrade to 1.95.8.
|
|
Sunday, 14 Mar 2004
|
07:57 kuriyama
Upgrade to 1.95.7 (shlib major is bumped to 5).
|
|
Monday, 3 Feb 2003
|
22:27 kuriyama
Upgrade to 1.95.6.
|
|
Tuesday, 17 Sep 2002
|
02:26 kuriyama
Upgrade to 1.95.5.
PR: ports/42749
Submitted by: Paul Dlug <paul@aps.org>
|
|
Sunday, 21 Jul 2002
|
02:16 kuriyama
Upgrade to 1.95.4 (shlib version bumped).
Submitted by: Sandro Tolaini <sandro@focuseek.com> and
KATO Tsuguru <tkato@prontomail.com>
PR: ports/40682, ports/40798
|
|
Saturday, 6 Jul 2002
|
08:10 kuriyama
Upgrade to 1.95.3.
PR: ports/39993
Submitted by: KATO Tsuguru <tkato@prontomail.com>
|
|
Monday, 26 Nov 2001
|
06:27 kuriyama
Upgrade to 1.95.2.
|
|
Tuesday, 24 Oct 2000
|
10:51 kuriyama
Introduce latest version of expat. This development version will be released
as 2.0 and maintained on sourceforge.
|
Number of commits found: 33 |
As an Amazon Associate I earn from qualifying purchases.