Date: Mon, 14 Jun 2021 18:23:13 +0200 From: "Tobias C. Berner" <tcberner@freebsd.org> To: Dan Langille <dan@langille.org> Cc: "Tobias C. Berner" <tcberner@freebsd.org>, "ports-committers@freebsd.org" <ports-committers@freebsd.org>, "dev-commits-ports-all@freebsd.org" <dev-commits-ports-all@freebsd.org>, "dev-commits-ports-main@freebsd.org" <dev-commits-ports-main@freebsd.org> Subject: Re: git: 1454ab40206b - main - textprox/expat2: update to 2.4.1 -- fixes CVE-2013-0340/CWE-776 Message-ID: <CAOshKtduk1Gb6dXj84AHq1UeQi6BvxJqH11Z4%2B4U4HGvj7wQ_A@mail.gmail.com> In-Reply-To: <C1318FBD-E595-449C-B628-7180DB5D4BBB@langille.org> References: <202105270857.14R8v5ri039237@gitrepo.freebsd.org> <C1318FBD-E595-449C-B628-7180DB5D4BBB@langille.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Moin moin Done now in 7735cbdd131003bbbb0c9238f1468db734b89bc4 mfg Tobias On Fri, 11 Jun 2021 at 18:44, Dan Langille <dan@langille.org> wrote: > > > > > On May 27, 2021, at 4:57 AM, Tobias C. Berner <tcberner@freebsd.org> wrot= e: > > The branch main has been updated by tcberner: > > URL: https://cgit.FreeBSD.org/ports/commit/?id=3D1454ab40206b85f94edb6390= e0d96c9716a07399 > > commit 1454ab40206b85f94edb6390e0d96c9716a07399 > Author: Tobias C. Berner <tcberner@FreeBSD.org> > AuthorDate: 2021-05-24 14:38:28 +0000 > Commit: Tobias C. Berner <tcberner@FreeBSD.org> > CommitDate: 2021-05-27 08:56:26 +0000 > > textprox/expat2: update to 2.4.1 -- fixes CVE-2013-0340/CWE-776 > > See [1] for details: > Expat 2.4.0 and follow-up release 2.4.1 have both been release= d earlier > today (21-05-23). Release 2.4.0 fixes long known security issu= e CVE-2013-0340 by > adding protection against so-called Billion Laughs Attacks, a = form of > denial of service against applications accepting XML input, in= all known > variations, including recent flavor Parameter Laughs. > > [1] https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed= -in-expat-2-4-0 > > PR: 256121 > Exp-run by: antoine > > > Given this was a vuln fix, is there any reason I should not backport this= to 2021Q2? > > That branch still has 2.2.0 > > =E2=80=94 > Dan Langille > http://langille.org/ > > > > > > --- > textproc/expat2/Makefile | 4 +++- > textproc/expat2/distinfo | 6 +++--- > textproc/expat2/pkg-plist | 10 +++++----- > 3 files changed, 11 insertions(+), 9 deletions(-) > > diff --git a/textproc/expat2/Makefile b/textproc/expat2/Makefile > index 69d0c38f232c..f24d6a60a027 100644 > --- a/textproc/expat2/Makefile > +++ b/textproc/expat2/Makefile > @@ -1,7 +1,7 @@ > # Created by: Dirk Froemberg <dirk@FreeBSD.org> > > PORTNAME=3D expat > -DISTVERSION=3D 2.3.0 > +DISTVERSION=3D 2.4.1 > CATEGORIES=3D textproc > MASTER_SITES=3D https://github.com/libexpat/libexpat/releases/download/R_= ${DISTVERSION:S|.|_|g}/ > > @@ -30,6 +30,8 @@ SHEBANG_FILES=3D test-driver-wrapper.sh tests/udiffer.p= y tests/xmltest.sh > TEST_CONFIGURE_WITH=3D tests > TEST_TARGET=3D check > > +PLIST_SUB=3D EXPAT_VERSION=3D${DISTVERSION} > + > post-install: > ${INSTALL_MAN} ${WRKSRC}/doc/xmlwf.1 ${STAGEDIR}${MANPREFIX}/man/man1/ > > diff --git a/textproc/expat2/distinfo b/textproc/expat2/distinfo > index 96d40c66930f..5c679b618856 100644 > --- a/textproc/expat2/distinfo > +++ b/textproc/expat2/distinfo > @@ -1,3 +1,3 @@ > -TIMESTAMP =3D 1616672812 > -SHA256 (expat-2.3.0.tar.xz) =3D caa34f99b6e3bcea8502507eb6549a0a84510b24= 4a748dfb287271b2d47467a9 > -SIZE (expat-2.3.0.tar.xz) =3D 433508 > +TIMESTAMP =3D 1621866901 > +SHA256 (expat-2.4.1.tar.xz) =3D cf032d0dba9b928636548e32b327a2d66b1aab63= c4f4a13dd132c2d1d2f2fb6a > +SIZE (expat-2.4.1.tar.xz) =3D 445024 > diff --git a/textproc/expat2/pkg-plist b/textproc/expat2/pkg-plist > index 23469f8fae33..2e7b447c5e0f 100644 > --- a/textproc/expat2/pkg-plist > +++ b/textproc/expat2/pkg-plist > @@ -2,14 +2,14 @@ bin/xmlwf > include/expat.h > include/expat_config.h > include/expat_external.h > -lib/cmake/expat-2.3.0/expat-config-version.cmake > -lib/cmake/expat-2.3.0/expat-config.cmake > -lib/cmake/expat-2.3.0/expat-noconfig.cmake > -lib/cmake/expat-2.3.0/expat.cmake > +lib/cmake/expat-%%EXPAT_VERSION%%/expat-config-version.cmake > +lib/cmake/expat-%%EXPAT_VERSION%%/expat-config.cmake > +lib/cmake/expat-%%EXPAT_VERSION%%/expat-noconfig.cmake > +lib/cmake/expat-%%EXPAT_VERSION%%/expat.cmake > %%STATIC%%lib/libexpat.a > lib/libexpat.so > lib/libexpat.so.1 > -lib/libexpat.so.1.7.0 > +lib/libexpat.so.1.8.1 > libdata/pkgconfig/expat.pc > man/man1/xmlwf.1.gz > %%PORTDOCS%%%%DOCSDIR%%/AUTHORS > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOshKtduk1Gb6dXj84AHq1UeQi6BvxJqH11Z4%2B4U4HGvj7wQ_A>