[Bug 266524] [exp-run] update textproc/expat2 to 2.4.9
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 266524] [exp-run] update textproc/expat2 to 2.4.9"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 27 Sep 2022 04:09:00 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266524
--- Comment #4 from commit-hook@FreeBSD.org ---
A commit in branch 2022Q3 references this bug:
URL:
https://cgit.FreeBSD.org/ports/commit/?id=abe4eae5c809b82028300031577720e51790b3dd
commit abe4eae5c809b82028300031577720e51790b3dd
Author: Tobias C. Berner <tcberner@FreeBSD.org>
AuthorDate: 2022-09-21 04:36:41 +0000
Commit: Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2022-09-27 04:07:51 +0000
textproc/expat2: update to 2.4.9
Release 2.4.9 Tue September 20 2022
Security fixes:
#629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in
function doContent. Expected impact is denial of
service
or potentially arbitrary code execution.
Bug fixes:
#634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
#614 docs: Fix documentation on effect of switch XML_DTD on
symbol visibility in doc/reference.html
Other changes:
#638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output
#596 #625 Autotools: Sync CMake templates with CMake 3.22
#608 CMake: Migrate from use of CMAKE_*_POSTFIX to
dedicated variables EXPAT_*_POSTFIX to stop affecting
other projects
#597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners
and fuzzers
#512 #621 Windows|CMake: Render .def file from a template to fix
linking with -DEXPAT_DTD=OFF and/or
-DEXPAT_ATTR_INFO=ON
#611 #621 MinGW|CMake: Apply MSVC .def file when linking
#622 #624 MinGW|CMake: Sync library name with GNU Autotools,
i.e. produce libexpat-1.dll rather than libexpat.dll
by default. Filename libexpat.dll.a is unaffected.
#632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
toolchain file "cmake/mingw-toolchain.cmake" to avoid
error "windres: Command not found" on e.g. Ubuntu 20.04
#597 #627 CMake: Unify inconsistent use of set() and option() in
context of public build time options to take need for
set(.. FORCE) in projects using Expat by means of
add_subdirectory(..) off Expat's users' shoulders
#626 #641 Stop exporting API symbols when building a static library
#644 Resolve use of deprecated "fgrep" by "grep -F"
#620 CMake: Make documentation on variables a bit more
consistent
#636 CMake: Drop leading whitespace from a #cmakedefine line
in
file expat_config.h.cmake
#594 xmlwf: Fix harmless variable mix-up in function nsattcmp
#592 #593 #610 Address Cppcheck warnings
#643 Address Clang 15 compiler warnings
#642 #644 Version info bumped from 9:8:8 to 9:9:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#597 #598 CI: Windows: Start covering MSVC 2022
#619 CI: macOS: Migrate off deprecated macOS 10.15
#632 CI: Linux: Make migration off deprecated Ubuntu 18.04
work
#643 CI: Upgrade Clang from 14 to 15
#637 apply-clang-format.sh: Add support for BSD find
#633 coverage.sh: Exclude MinGW headers
#635 coverage.sh: Fix name collision for -funsigned-char
Special thanks to:
David Faure
Felix Wilhelm
Frank Bergmann
Rhodri James
Rosen Penev
Thijs Schreijer
Vincent Torri
and
Google Project Zero
Exp-run by: antoine
PR: 266524
(cherry picked from commit 9901fd092a8c8e43f24217ebea61a6f53ad245fb)
textproc/expat2/Makefile | 2 +-
textproc/expat2/distinfo | 6 +++---
textproc/expat2/pkg-plist | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.