281273 – textproc/expat2: Update to 2.6.3

Bug 281273 - textproc/expat2: Update to 2.6.3

Summary: textproc/expat2: Update to 2.6.3

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Daniel Engberg

URL:	https://github.com/libexpat/libexpat/...
Keywords:

Depends on:
Blocks:

Reported:	2024-09-04 18:46 UTC by Daniel Engberg
Modified:	2024-09-15 11:56 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	antoine: exp-run+

Attachments
Patch for expat2 (3.35 KB, patch) 2024-09-04 18:46 UTC, Daniel Engberg	no flags	Details \| Diff
Patch for expat2 v2 (1.50 KB, patch) 2024-09-08 14:55 UTC, Daniel Engberg	fluffy: maintainer-approval+	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Engberg freebsd_committer

2024-09-04 18:46:26 UTC

Created attachment 253331 [details]
Patch for expat2

Fixes CVEs:
CVE-2024-45490
CVE-2024-45491
CVE-2024-45492

Compile and runtime tested on FreeBSD 14.1-RELEASE (amd64) (make, make check-plist, make test)

Poudriere testport OK 13.3-RELEASE (amd64)
Poudriere testport OK 14.0-RELEASE (i386)
Poudriere testport OK 14.0-RELEASE (amd64)
Poudriere testport OK 14.1-RELEASE (amd64)

Comment 1 Daniel Engberg freebsd_committer

2024-09-04 18:46:59 UTC

Hi,

I'd like to request an exp-run

Best regards,
Daniel

Comment 2 Daniel Engberg freebsd_committer

2024-09-04 18:47:30 UTC

It would be appreciated if someone could create vuxml entries

Comment 3 Antoine Brodin freebsd_committer

2024-09-07 08:40:47 UTC

Exp-run looks fine

Comment 4 Daniel Engberg freebsd_committer

2024-09-08 14:55:46 UTC

Created attachment 253427 [details]
Patch for expat2 v2

Remove additional patch for fooyin

Comment 5 Dima Panov freebsd_committer

2024-09-08 22:34:29 UTC

Comment on attachment 253427 [details]
Patch for expat2 v2

LGTM

Comment 6 commit-hook freebsd_committer

2024-09-15 11:55:40 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f5cfb7ec00272ec123fab636dea68b561b536a82

commit f5cfb7ec00272ec123fab636dea68b561b536a82
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2024-09-15 11:40:32 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2024-09-15 11:54:31 +0000

    textproc/expat2: Update to 2.6.3

    Fixes CVEs:
    CVE-2024-45490
    CVE-2024-45491
    CVE-2024-45492

    * Remove GNU_CONFIGURE_MANPREFIX

    Changelog:
    https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes

    PR:             281273
    Approved by:    desktop (fluffy)
    Exp-run by:     antoine

 textproc/expat2/Makefile  | 4 ++--
 textproc/expat2/distinfo  | 6 +++---
 textproc/expat2/pkg-plist | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)