Created attachment 231464 [details] v1 Moin moin desktop@ would like to ask for an exp-run to update textproc/expat2 to the just releaed 2.4.4 -- the patch is attached, and can also be found here: https://people.freebsd.org/~tcberner/patches/0001-textproc-expat2-update-to-2.4.4.patch mfg Tobias
Exp-run looks fine
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=4c6bb049ab93102501743fc83ee38b45e6d974a4 commit 4c6bb049ab93102501743fc83ee38b45e6d974a4 Author: Tobias C. Berner <tcberner@FreeBSD.org> AuthorDate: 2022-01-31 09:32:43 +0000 Commit: Tobias C. Berner <tcberner@FreeBSD.org> CommitDate: 2022-02-05 06:42:34 +0000 textproc/expat2: update to 2.4.4 Release 2.4.4 Sun January 30 2022 Security fixes: #550 CVE-2022-23852 -- Fix signed integer overflow (undefined behavior) in function XML_GetBuffer (that is also called by function XML_Parse internally) for when XML_CONTEXT_BYTES is defined to >0 (which is both common and default). Impact is denial of service or more. #551 CVE-2022-23990 -- Fix unsigned integer overflow in function doProlog triggered by large content in element type declarations when there is an element declaration handler present (from a prior call to XML_SetElementDeclHandler). Impact is denial of service or more. Bug fixes: #544 #545 xmlwf: Fix a memory leak on output file opening error Other changes: #546 Autotools: Fix broken CMake support under Cygwin #554 Windows: Add missing files to the installer to fix compilation with CMake from installed sources #552 #554 Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do Special thanks to: Carlo Bramini hwt0415 Roland Illig Samanta Navarro and Clang LeakSan and the Clang team PR: 261597 Exp-run by: antoine textproc/expat2/Makefile | 2 +- textproc/expat2/distinfo | 6 +++--- textproc/expat2/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-)
A commit in branch 2022Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=5b411a3bafe8ffcdb44e6d709e5ae59f34801ec0 commit 5b411a3bafe8ffcdb44e6d709e5ae59f34801ec0 Author: Tobias C. Berner <tcberner@FreeBSD.org> AuthorDate: 2022-01-31 09:32:43 +0000 Commit: Tobias C. Berner <tcberner@FreeBSD.org> CommitDate: 2022-02-05 06:43:38 +0000 textproc/expat2: update to 2.4.4 Release 2.4.4 Sun January 30 2022 Security fixes: #550 CVE-2022-23852 -- Fix signed integer overflow (undefined behavior) in function XML_GetBuffer (that is also called by function XML_Parse internally) for when XML_CONTEXT_BYTES is defined to >0 (which is both common and default). Impact is denial of service or more. #551 CVE-2022-23990 -- Fix unsigned integer overflow in function doProlog triggered by large content in element type declarations when there is an element declaration handler present (from a prior call to XML_SetElementDeclHandler). Impact is denial of service or more. Bug fixes: #544 #545 xmlwf: Fix a memory leak on output file opening error Other changes: #546 Autotools: Fix broken CMake support under Cygwin #554 Windows: Add missing files to the installer to fix compilation with CMake from installed sources #552 #554 Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do Special thanks to: Carlo Bramini hwt0415 Roland Illig Samanta Navarro and Clang LeakSan and the Clang team PR: 261597 Exp-run by: antoine (cherry picked from commit 4c6bb049ab93102501743fc83ee38b45e6d974a4) textproc/expat2/Makefile | 2 +- textproc/expat2/distinfo | 6 +++--- textproc/expat2/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-)