Date: Tue, 27 Sep 2022 04:09:00 +0000 From: bugzilla-noreply@freebsd.org To: desktop@FreeBSD.org Subject: [Bug 266524] [exp-run] update textproc/expat2 to 2.4.9 Message-ID: <bug-266524-39348-H7DDsVZeIh@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-266524-39348@https.bugs.freebsd.org/bugzilla/> References: <bug-266524-39348@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266524 --- Comment #4 from commit-hook@FreeBSD.org --- A commit in branch 2022Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3Dabe4eae5c809b82028300031577720e= 51790b3dd commit abe4eae5c809b82028300031577720e51790b3dd Author: Tobias C. Berner <tcberner@FreeBSD.org> AuthorDate: 2022-09-21 04:36:41 +0000 Commit: Tobias C. Berner <tcberner@FreeBSD.org> CommitDate: 2022-09-27 04:07:51 +0000 textproc/expat2: update to 2.4.9 Release 2.4.9 Tue September 20 2022 Security fixes: #629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in function doContent. Expected impact is denial of service or potentially arbitrary code execution. Bug fixes: #634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STD= IO=3D0 #614 docs: Fix documentation on effect of switch XML_DTD on symbol visibility in doc/reference.html Other changes: #638 MinGW: Make fix-xmltest-log.sh drop more Wine bug out= put #596 #625 Autotools: Sync CMake templates with CMake 3.22 #608 CMake: Migrate from use of CMAKE_*_POSTFIX to dedicated variables EXPAT_*_POSTFIX to stop affecti= ng other projects #597 #599 Windows|CMake: Add missing -DXML_STATIC to test runne= rs and fuzzers #512 #621 Windows|CMake: Render .def file from a template to fix linking with -DEXPAT_DTD=3DOFF and/or -DEXPAT_ATTR_INFO=3DON #611 #621 MinGW|CMake: Apply MSVC .def file when linking #622 #624 MinGW|CMake: Sync library name with GNU Autotools, i.e. produce libexpat-1.dll rather than libexpat.dll by default. Filename libexpat.dll.a is unaffected. #632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in toolchain file "cmake/mingw-toolchain.cmake" to avo= id error "windres: Command not found" on e.g. Ubuntu 2= 0.04 #597 #627 CMake: Unify inconsistent use of set() and option() in context of public build time options to take need f= or set(.. FORCE) in projects using Expat by means of add_subdirectory(..) off Expat's users' shoulders #626 #641 Stop exporting API symbols when building a static lib= rary #644 Resolve use of deprecated "fgrep" by "grep -F" #620 CMake: Make documentation on variables a bit more consistent #636 CMake: Drop leading whitespace from a #cmakedefine li= ne in file expat_config.h.cmake #594 xmlwf: Fix harmless variable mix-up in function nsatt= cmp #592 #593 #610 Address Cppcheck warnings #643 Address Clang 15 compiler warnings #642 #644 Version info bumped from 9:8:8 to 9:9:8; see https://verbump.de/ for what these numbers do Infrastructure: #597 #598 CI: Windows: Start covering MSVC 2022 #619 CI: macOS: Migrate off deprecated macOS 10.15 #632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work #643 CI: Upgrade Clang from 14 to 15 #637 apply-clang-format.sh: Add support for BSD find #633 coverage.sh: Exclude MinGW headers #635 coverage.sh: Fix name collision for -funsigned-char Special thanks to: David Faure Felix Wilhelm Frank Bergmann Rhodri James Rosen Penev Thijs Schreijer Vincent Torri and Google Project Zero Exp-run by: antoine PR: 266524 (cherry picked from commit 9901fd092a8c8e43f24217ebea61a6f53ad245fb) textproc/expat2/Makefile | 2 +- textproc/expat2/distinfo | 6 +++--- textproc/expat2/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-266524-39348-H7DDsVZeIh>