Created attachment 205397 [details] patch to update the port - Update 2.2.6 --> 2.2.7 Changes: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes - "portlint -AC" gives non-relevant warns. - testport of poudriere 3.3.2_1 runs ok at 12.0-release-p6, amd64. - As 222 ports depend on this one, maybe exprun is needed?
Given this also fixes a security vulnerability that should be merged to the quarterly branch, an exp-run is probably justified @Sergei Could you produce a vuxml entry for this issue?
I checked to see whether this was "just a point release", but there appear to be sufficient functional changes to warrant extra QA, in particular: - #212 CMake: Make libdir of pkgconfig expat.pc support multilib - #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop exporting non-API symbols
Created attachment 205398 [details] vuxml entry
New failure on 12.0 amd64: http://package18.nyi.freebsd.org/data/120amd64-default-PR238728/2019-06-30_15h20m34s/logs/simgear-2018.3.2_1.log
*** Bug 238715 has been marked as a duplicate of this bug. ***
@Antonie: The problem seems to be fixed now: cf PR#239282
Security fix release 2.2.8 is available: https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes Shall I wait for the commit of 2.2.7, or shall I submit a new patch with 2.2.8 now? Asking because of exp-run etc.
Created attachment 207511 [details] patch-to-2.2.8 Update to 2.2.8, probably needs a new exp-run ?
and: we need an additional vuxml entry for the new vulnerability ?
Please update the port to 2.2.7 (exp-run was already done). If you want to update to 2.2.8, open another PR but the exp-run won't happen before a few days.
A commit references this bug: Author: pi Date: Mon Sep 16 11:16:56 UTC 2019 New revision: 512162 URL: https://svnweb.freebsd.org/changeset/ports/512162 Log: textproc/expat2: upgrade 2.2.6 -> 2.2.7 - exp-run by antoine PR: 238864 Submitted by: Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer) Reviewed by: koobs Relnotes: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes Security: https://github.com/libexpat/libexpat/issues/186 https://github.com/libexpat/libexpat/pull/262 Changes: head/textproc/expat2/Makefile head/textproc/expat2/distinfo head/textproc/expat2/pkg-plist
A commit references this bug: Author: pi Date: Mon Sep 16 11:19:51 UTC 2019 New revision: 512164 URL: https://svnweb.freebsd.org/changeset/ports/512164 Log: security/vuxml: document expat2 pre-2.2.7 vulnerability PR: 238864 Submitted by: Sergei Vyshenski <svysh.fbsd@gmail.com> Changes: head/security/vuxml/vuln.xml
Committed, thanks!
A commit references this bug: Author: pi Date: Mon Sep 16 11:45:33 UTC 2019 New revision: 512172 URL: https://svnweb.freebsd.org/changeset/ports/512172 Log: security/vuxml: fix vuln.xml entry for expat PR: 238864 Submitted by: tobik Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: delphij Date: Wed Sep 25 17:45:04 UTC 2019 New revision: 512800 URL: https://svnweb.freebsd.org/changeset/ports/512800 Log: MFH: r512162, r512335 textproc/expat2: upgrade 2.2.6 -> 2.2.7 - exp-run by antoine PR: 238864 Submitted by: Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer) Reviewed by: koobs Relnotes: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes Security: https://github.com/libexpat/libexpat/issues/186 https://github.com/libexpat/libexpat/pull/262 textproc/expat2: upgrade 2.2.7 -> 2.2.8 PR: 240613 Submitted by: Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer) Exp-Run by: antoine Relnotes: https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes Security: CVE-2019-15903 Approved by: ports-secteam Changes: _U branches/2019Q3/ branches/2019Q3/textproc/expat2/Makefile branches/2019Q3/textproc/expat2/distinfo branches/2019Q3/textproc/expat2/pkg-plist