Summary: | textproc/expat2: Update to 2.2.7 | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Sergei Vyshenski <svysh.fbsd> | ||||||||
Component: | Individual Port(s) | Assignee: | Kurt Jaeger <pi> | ||||||||
Status: | Closed FIXED | ||||||||||
Severity: | Affects Some People | CC: | luzpaz, pi, svysh.fbsd, swills | ||||||||
Priority: | --- | Keywords: | security | ||||||||
Version: | Latest | Flags: | svysh.fbsd:
maintainer-feedback+
antoine: merge-quarterly- |
||||||||
Hardware: | Any | ||||||||||
OS: | Any | ||||||||||
URL: | https://github.com/libexpat/libexpat | ||||||||||
Bug Depends on: | 239282 | ||||||||||
Bug Blocks: | |||||||||||
Attachments: |
|
Description
Sergei Vyshenski
2019-06-28 11:50:11 UTC
Given this also fixes a security vulnerability that should be merged to the quarterly branch, an exp-run is probably justified @Sergei Could you produce a vuxml entry for this issue? I checked to see whether this was "just a point release", but there appear to be sufficient functional changes to warrant extra QA, in particular: - #212 CMake: Make libdir of pkgconfig expat.pc support multilib - #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop exporting non-API symbols Created attachment 205398 [details]
vuxml entry
New failure on 12.0 amd64: http://package18.nyi.freebsd.org/data/120amd64-default-PR238728/2019-06-30_15h20m34s/logs/simgear-2018.3.2_1.log *** Bug 238715 has been marked as a duplicate of this bug. *** @Antonie: The problem seems to be fixed now: cf PR#239282 Security fix release 2.2.8 is available: https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes Shall I wait for the commit of 2.2.7, or shall I submit a new patch with 2.2.8 now? Asking because of exp-run etc. Created attachment 207511 [details]
patch-to-2.2.8
Update to 2.2.8, probably needs a new exp-run ?
and: we need an additional vuxml entry for the new vulnerability ? Please update the port to 2.2.7 (exp-run was already done). If you want to update to 2.2.8, open another PR but the exp-run won't happen before a few days. A commit references this bug: Author: pi Date: Mon Sep 16 11:16:56 UTC 2019 New revision: 512162 URL: https://svnweb.freebsd.org/changeset/ports/512162 Log: textproc/expat2: upgrade 2.2.6 -> 2.2.7 - exp-run by antoine PR: 238864 Submitted by: Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer) Reviewed by: koobs Relnotes: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes Security: https://github.com/libexpat/libexpat/issues/186 https://github.com/libexpat/libexpat/pull/262 Changes: head/textproc/expat2/Makefile head/textproc/expat2/distinfo head/textproc/expat2/pkg-plist A commit references this bug: Author: pi Date: Mon Sep 16 11:19:51 UTC 2019 New revision: 512164 URL: https://svnweb.freebsd.org/changeset/ports/512164 Log: security/vuxml: document expat2 pre-2.2.7 vulnerability PR: 238864 Submitted by: Sergei Vyshenski <svysh.fbsd@gmail.com> Changes: head/security/vuxml/vuln.xml Committed, thanks! A commit references this bug: Author: pi Date: Mon Sep 16 11:45:33 UTC 2019 New revision: 512172 URL: https://svnweb.freebsd.org/changeset/ports/512172 Log: security/vuxml: fix vuln.xml entry for expat PR: 238864 Submitted by: tobik Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: delphij Date: Wed Sep 25 17:45:04 UTC 2019 New revision: 512800 URL: https://svnweb.freebsd.org/changeset/ports/512800 Log: MFH: r512162, r512335 textproc/expat2: upgrade 2.2.6 -> 2.2.7 - exp-run by antoine PR: 238864 Submitted by: Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer) Reviewed by: koobs Relnotes: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes Security: https://github.com/libexpat/libexpat/issues/186 https://github.com/libexpat/libexpat/pull/262 textproc/expat2: upgrade 2.2.7 -> 2.2.8 PR: 240613 Submitted by: Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer) Exp-Run by: antoine Relnotes: https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes Security: CVE-2019-15903 Approved by: ports-secteam Changes: _U branches/2019Q3/ branches/2019Q3/textproc/expat2/Makefile branches/2019Q3/textproc/expat2/distinfo branches/2019Q3/textproc/expat2/pkg-plist |