282637 – textproc/expat2: Update to 2.6.4

Bug 282637 - textproc/expat2: Update to 2.6.4

Summary: textproc/expat2: Update to 2.6.4

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Daniel Engberg

URL:	https://github.com/libexpat/libexpat/...
Keywords:

Depends on:
Blocks:

Reported:	2024-11-08 22:10 UTC by Daniel Engberg
Modified:	2024-12-01 10:58 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (desktop) diizzy: exp-run?

Attachments
Patch for expat2 (1.49 KB, patch) 2024-11-08 22:10 UTC, Daniel Engberg	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Engberg freebsd_committer

2024-11-08 22:10:17 UTC

Created attachment 255040 [details]
Patch for expat2

Fixes CVE-2024-50602

Compile and runtime tested on FreeBSD 14.1-RELEASE (amd64) (make, make check-plist, make test)

Poudriere testport OK 13.3-RELEASE (amd64)
Poudriere testport OK 14.1-RELEASE (amd64)

Comment 1 Daniel Engberg freebsd_committer

2024-11-08 22:11:33 UTC

Hi,

I'd like to require an exp-run

Best regards,
Daniel

Comment 2 Daniel Engberg freebsd_committer

2024-11-08 22:12:06 UTC

require --> request

Sorry :/

Comment 3 Antoine Brodin freebsd_committer

2024-11-12 08:27:05 UTC

I see those new failures but I am not sure they are related to the update:

https://pkg-status.freebsd.org/gohan04/data/141amd64-default-foo/2024-11-09_09h17m18s/logs/openjdk11-11.0.24+8.1_1.log
https://pkg-status.freebsd.org/gohan04/data/141amd64-default-foo/2024-11-09_09h17m18s/logs/openjdk11-jre-11.0.24+8.1_1.log
https://pkg-status.freebsd.org/gohan04/data/141amd64-default-foo/2024-11-09_09h17m18s/logs/dotnet-8.0.6.log
https://pkg-status.freebsd.org/gohan04/data/141amd64-default-foo/2024-11-09_09h17m18s/logs/lxqt-wayland-session-0.1.0.log

Comment 4 commit-hook freebsd_committer

2024-12-01 10:56:31 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=228c77f4f8f40583cec85b5ac838c941414dbc67

commit 228c77f4f8f40583cec85b5ac838c941414dbc67
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2024-12-01 10:52:22 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2024-12-01 10:52:27 +0000

    textproc/expat2: Update to 2.6.4

    Fixes CVE-2024-50602

    Changelog: https://github.com/libexpat/libexpat/blob/R_2_6_4/expat/Changes

    PR:             282637
    Approved by:    portmgr (maintainer timeout, 2+ weeks) and discussed with
                    fluffy on Matrix

 textproc/expat2/Makefile  | 4 ++--
 textproc/expat2/distinfo  | 6 +++---
 textproc/expat2/pkg-plist | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

Comment 5 Daniel Engberg freebsd_committer

2024-12-01 10:58:18 UTC

Antoine, thanks for the exp-run! I forgot to add that to the commit msg.