Wed Sep 21 10:52:51 2022 UTC ()
expat: update to 2.4.9.

Release 2.4.9 Tue September 20 2022
        Security fixes:
       #629 #640  CVE-2022-40674 -- Heap use-after-free vulnerability in
                    function doContent. Expected impact is denial of service
                    or potentially arbitrary code execution.

        Bug fixes:
            #634  MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
            #614  docs: Fix documentation on effect of switch XML_DTD on
                    symbol visibility in doc/reference.html

        Other changes:
            #638  MinGW: Make fix-xmltest-log.sh drop more Wine bug output
       #596 #625  Autotools: Sync CMake templates with CMake 3.22
            #608  CMake: Migrate from use of CMAKE_*_POSTFIX to
                    dedicated variables EXPAT_*_POSTFIX to stop affecting
                    other projects
       #597 #599  Windows|CMake: Add missing -DXML_STATIC to test runners
                    and fuzzers
       #512 #621  Windows|CMake: Render .def file from a template to fix
                    linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
       #611 #621  MinGW|CMake: Apply MSVC .def file when linking
       #622 #624  MinGW|CMake: Sync library name with GNU Autotools,
                    i.e. produce libexpat-1.dll rather than libexpat.dll
                    by default.  Filename libexpat.dll.a is unaffected.
            #632  MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
                    toolchain file "cmake/mingw-toolchain.cmake" to avoid
                    error "windres: Command not found" on e.g. Ubuntu 20.04
       #597 #627  CMake: Unify inconsistent use of set() and option() in
                    context of public build time options to take need for
                    set(.. FORCE) in projects using Expat by means of
                    add_subdirectory(..) off Expat's users' shoulders
       #626 #641  Stop exporting API symbols when building a static library
            #644  Resolve use of deprecated "fgrep" by "grep -F"
            #620  CMake: Make documentation on variables a bit more consistent
            #636  CMake: Drop leading whitespace from a #cmakedefine line in
                    file expat_config.h.cmake
            #594  xmlwf: Fix harmless variable mix-up in function nsattcmp
  #592 #593 #610  Address Cppcheck warnings
            #643  Address Clang 15 compiler warnings
       #642 #644  Version info bumped from 9:8:8 to 9:9:8;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
       #597 #598  CI: Windows: Start covering MSVC 2022
            #619  CI: macOS: Migrate off deprecated macOS 10.15
            #632  CI: Linux: Make migration off deprecated Ubuntu 18.04 work
            #643  CI: Upgrade Clang from 14 to 15
            #637  apply-clang-format.sh: Add support for BSD find
            #633  coverage.sh: Exclude MinGW headers
            #635  coverage.sh: Fix name collision for -funsigned-char

        Special thanks to:
            David Faure
            Felix Wilhelm
            Frank Bergmann
            Rhodri James
            Rosen Penev
            Thijs Schreijer
            Vincent Torri
                 and
            Google Project Zero

Release 2.4.8 Mon March 28 2022
        Other changes:
            #587  pkg-config: Move "-lm" to section "Libs.private"
            #587  CMake|MSVC: Fix pkg-config section "Libs"
        #55 #582  CMake|macOS: Start using linker arguments
                    "-compatibility_version <version>" and
                    "-current_version <version>" in a way compatible with
                    GNU Libtool
       #590 #591  Version info bumped from 9:7:8 to 9:8:8;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
            #589  CI: Upgrade Clang from 13 to 14

        Special thanks to:
            evpobr
            Kai Pastor
            Sam James


(wiz)
diff -r1.52 -r1.53 pkgsrc/textproc/expat/Makefile
diff -r1.45 -r1.46 pkgsrc/textproc/expat/distinfo
cvs diff -r1.52 -r1.53 pkgsrc/textproc/expat/Makefile (expand / switch to unified diff)

--- pkgsrc/textproc/expat/Makefile 2022/03/05 08:53:04 1.52
+++ pkgsrc/textproc/expat/Makefile 2022/09/21 10:52:51 1.53
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.52 2022/03/05 08:53:04 wiz Exp $ 1# $NetBSD: Makefile,v 1.53 2022/09/21 10:52:51 wiz Exp $
2 2
3DISTNAME= expat-2.4.7 3DISTNAME= expat-2.4.9
4CATEGORIES= textproc 4CATEGORIES= textproc
5MASTER_SITES= ${MASTER_SITE_GITHUB:=libexpat/} 5MASTER_SITES= ${MASTER_SITE_GITHUB:=libexpat/}
6GITHUB_PROJECT= libexpat 6GITHUB_PROJECT= libexpat
7GITHUB_RELEASE= R_${PKGVERSION_NOREV:S/./_/g} 7GITHUB_RELEASE= R_${PKGVERSION_NOREV:S/./_/g}
8 8
9MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://libexpat.github.io/ 10HOMEPAGE= https://libexpat.github.io/
11COMMENT= XML parser library written in C 11COMMENT= XML parser library written in C
12LICENSE= mit 12LICENSE= mit
13 13
14GNU_CONFIGURE= yes 14GNU_CONFIGURE= yes
15USE_LIBTOOL= yes 15USE_LIBTOOL= yes
16 16
cvs diff -r1.45 -r1.46 pkgsrc/textproc/expat/distinfo (expand / switch to unified diff)

--- pkgsrc/textproc/expat/distinfo 2022/03/05 08:53:04 1.45
+++ pkgsrc/textproc/expat/distinfo 2022/09/21 10:52:51 1.46
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.45 2022/03/05 08:53:04 wiz Exp $ 1$NetBSD: distinfo,v 1.46 2022/09/21 10:52:51 wiz Exp $
2 2
3BLAKE2s (expat-2.4.7.tar.gz) = 78792b120d63010d63a12dddc99f1f94d6b003324e5f64921d5a9631958c01d5 3BLAKE2s (expat-2.4.9.tar.gz) = c728e6b315553e54adc80a83ba188aeb785c85a9976f43cb5a4bbca676d778e1
4SHA512 (expat-2.4.7.tar.gz) = d83f631e90b4baee02a2279e69729260ba152e8e1274562183dc07b0dabf2c42481f5b2a48963b59a3d1b2ccee48f61f821b254461efbb4afad8abeb175df088 4SHA512 (expat-2.4.9.tar.gz) = 1f30e4d363cc1753137d0f3f6b6267d91fc40412cabb463d06bff9268ee7d8f34c242f02948a3450d186c0502b5e5238894ff1990c4b9440c0f9398ccb29d066
5Size (expat-2.4.7.tar.gz) = 710430 bytes 5Size (expat-2.4.9.tar.gz) = 717049 bytes