Bug 261597 (expat-2.4.4)
| Summary: | [exp-run] update texproc/expat2 to 2.4.4 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Tobias C. Berner <tcberner> | ||||
| Component: | Individual Port(s) | Assignee: | Tobias C. Berner <tcberner> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | desktop, lwhsu | ||||
| Priority: | --- | Flags: | antoine:
exp-run+
|
||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Tobias C. Berner
2022-01-31 09:35:45 UTC
Exp-run looks fine A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=4c6bb049ab93102501743fc83ee38b45e6d974a4 commit 4c6bb049ab93102501743fc83ee38b45e6d974a4 Author: Tobias C. Berner <tcberner@FreeBSD.org> AuthorDate: 2022-01-31 09:32:43 +0000 Commit: Tobias C. Berner <tcberner@FreeBSD.org> CommitDate: 2022-02-05 06:42:34 +0000 textproc/expat2: update to 2.4.4 Release 2.4.4 Sun January 30 2022 Security fixes: #550 CVE-2022-23852 -- Fix signed integer overflow (undefined behavior) in function XML_GetBuffer (that is also called by function XML_Parse internally) for when XML_CONTEXT_BYTES is defined to >0 (which is both common and default). Impact is denial of service or more. #551 CVE-2022-23990 -- Fix unsigned integer overflow in function doProlog triggered by large content in element type declarations when there is an element declaration handler present (from a prior call to XML_SetElementDeclHandler). Impact is denial of service or more. Bug fixes: #544 #545 xmlwf: Fix a memory leak on output file opening error Other changes: #546 Autotools: Fix broken CMake support under Cygwin #554 Windows: Add missing files to the installer to fix compilation with CMake from installed sources #552 #554 Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do Special thanks to: Carlo Bramini hwt0415 Roland Illig Samanta Navarro and Clang LeakSan and the Clang team PR: 261597 Exp-run by: antoine textproc/expat2/Makefile | 2 +- textproc/expat2/distinfo | 6 +++--- textproc/expat2/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) A commit in branch 2022Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=5b411a3bafe8ffcdb44e6d709e5ae59f34801ec0 commit 5b411a3bafe8ffcdb44e6d709e5ae59f34801ec0 Author: Tobias C. Berner <tcberner@FreeBSD.org> AuthorDate: 2022-01-31 09:32:43 +0000 Commit: Tobias C. Berner <tcberner@FreeBSD.org> CommitDate: 2022-02-05 06:43:38 +0000 textproc/expat2: update to 2.4.4 Release 2.4.4 Sun January 30 2022 Security fixes: #550 CVE-2022-23852 -- Fix signed integer overflow (undefined behavior) in function XML_GetBuffer (that is also called by function XML_Parse internally) for when XML_CONTEXT_BYTES is defined to >0 (which is both common and default). Impact is denial of service or more. #551 CVE-2022-23990 -- Fix unsigned integer overflow in function doProlog triggered by large content in element type declarations when there is an element declaration handler present (from a prior call to XML_SetElementDeclHandler). Impact is denial of service or more. Bug fixes: #544 #545 xmlwf: Fix a memory leak on output file opening error Other changes: #546 Autotools: Fix broken CMake support under Cygwin #554 Windows: Add missing files to the installer to fix compilation with CMake from installed sources #552 #554 Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do Special thanks to: Carlo Bramini hwt0415 Roland Illig Samanta Navarro and Clang LeakSan and the Clang team PR: 261597 Exp-run by: antoine (cherry picked from commit 4c6bb049ab93102501743fc83ee38b45e6d974a4) textproc/expat2/Makefile | 2 +- textproc/expat2/distinfo | 6 +++--- textproc/expat2/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) |