The NetBSD Project

CVS log for pkgsrc/textproc/expat/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / textproc / expat

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.46.2.1 / (download) - annotate - [select for diffs], Sat Nov 26 17:01:44 2022 UTC (10 months ago) by spz
Branch: pkgsrc-2022Q3
Changes since 1.46: +4 -4 lines
Diff to previous 1.46 (colored) next main 1.47 (colored)

Pullup ticket #6696 - requested by bsiegert
textproc/expat: security update

Revisions pulled up:
- textproc/expat/Makefile                                       1.54
- textproc/expat/distinfo                                       1.47

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Wed Oct 26 10:37:47 UTC 2022

   Modified Files:
           pkgsrc/textproc/expat: Makefile distinfo

   Log Message:
   expat: update to 2.5.0.

   Release 2.5.0 Tue October 25 2022
           Security fixes:
     #616 #649 #650  CVE-2022-43680 -- Fix heap use-after-free after overeager
                       destruction of a shared DTD in function
                       XML_ExternalEntityParserCreate in out-of-memory situations.
                       Expected impact is denial of service or potentially
                       arbitrary code execution.

           Bug fixes:
          #612 #645  Fix curruption from undefined entities
          #613 #654  Fix case when parsing was suspended while processing nested
                       entities
     #616 #652 #653  Stop leaking opening tag bindings after a closing tag
                       mismatch error where a parser is reset through
                       XML_ParserReset and then reused to parse
               #656  CMake: Fix generation of pkg-config file
               #658  MinGW|CMake: Fix static library name

           Other changes:
               #663  Protect header expat_config.h from multiple inclusion
               #666  examples: Make use of XML_GetBuffer and be more
                       consistent across examples
               #648  Address compiler warnings
          #667 #668  Version info bumped from 9:9:8 to 9:10:8;
                       see https://verbump.de/ for what these numbers do

           Special thanks to:
               Jann Horn
               Mark Brand
               Osyotr
               Rhodri James
                    and
               Google Project Zero


   To generate a diff of this commit:
   cvs rdiff -u -r1.53 -r1.54 pkgsrc/textproc/expat/Makefile
   cvs rdiff -u -r1.46 -r1.47 pkgsrc/textproc/expat/distinfo

Revision 1.47 / (download) - annotate - [select for diffs], Wed Oct 26 10:37:47 2022 UTC (11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, HEAD
Changes since 1.46: +4 -4 lines
Diff to previous 1.46 (colored)

expat: update to 2.5.0.

Release 2.5.0 Tue October 25 2022
        Security fixes:
  #616 #649 #650  CVE-2022-43680 -- Fix heap use-after-free after overeager
                    destruction of a shared DTD in function
                    XML_ExternalEntityParserCreate in out-of-memory situations.
                    Expected impact is denial of service or potentially
                    arbitrary code execution.

        Bug fixes:
       #612 #645  Fix curruption from undefined entities
       #613 #654  Fix case when parsing was suspended while processing nested
                    entities
  #616 #652 #653  Stop leaking opening tag bindings after a closing tag
                    mismatch error where a parser is reset through
                    XML_ParserReset and then reused to parse
            #656  CMake: Fix generation of pkg-config file
            #658  MinGW|CMake: Fix static library name

        Other changes:
            #663  Protect header expat_config.h from multiple inclusion
            #666  examples: Make use of XML_GetBuffer and be more
                    consistent across examples
            #648  Address compiler warnings
       #667 #668  Version info bumped from 9:9:8 to 9:10:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Jann Horn
            Mark Brand
            Osyotr
            Rhodri James
                 and
            Google Project Zero

Revision 1.46 / (download) - annotate - [select for diffs], Wed Sep 21 10:52:51 2022 UTC (12 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base
Branch point for: pkgsrc-2022Q3
Changes since 1.45: +4 -4 lines
Diff to previous 1.45 (colored)

expat: update to 2.4.9.

Release 2.4.9 Tue September 20 2022
        Security fixes:
       #629 #640  CVE-2022-40674 -- Heap use-after-free vulnerability in
                    function doContent. Expected impact is denial of service
                    or potentially arbitrary code execution.

        Bug fixes:
            #634  MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
            #614  docs: Fix documentation on effect of switch XML_DTD on
                    symbol visibility in doc/reference.html

        Other changes:
            #638  MinGW: Make fix-xmltest-log.sh drop more Wine bug output
       #596 #625  Autotools: Sync CMake templates with CMake 3.22
            #608  CMake: Migrate from use of CMAKE_*_POSTFIX to
                    dedicated variables EXPAT_*_POSTFIX to stop affecting
                    other projects
       #597 #599  Windows|CMake: Add missing -DXML_STATIC to test runners
                    and fuzzers
       #512 #621  Windows|CMake: Render .def file from a template to fix
                    linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
       #611 #621  MinGW|CMake: Apply MSVC .def file when linking
       #622 #624  MinGW|CMake: Sync library name with GNU Autotools,
                    i.e. produce libexpat-1.dll rather than libexpat.dll
                    by default.  Filename libexpat.dll.a is unaffected.
            #632  MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
                    toolchain file "cmake/mingw-toolchain.cmake" to avoid
                    error "windres: Command not found" on e.g. Ubuntu 20.04
       #597 #627  CMake: Unify inconsistent use of set() and option() in
                    context of public build time options to take need for
                    set(.. FORCE) in projects using Expat by means of
                    add_subdirectory(..) off Expat's users' shoulders
       #626 #641  Stop exporting API symbols when building a static library
            #644  Resolve use of deprecated "fgrep" by "grep -F"
            #620  CMake: Make documentation on variables a bit more consistent
            #636  CMake: Drop leading whitespace from a #cmakedefine line in
                    file expat_config.h.cmake
            #594  xmlwf: Fix harmless variable mix-up in function nsattcmp
  #592 #593 #610  Address Cppcheck warnings
            #643  Address Clang 15 compiler warnings
       #642 #644  Version info bumped from 9:8:8 to 9:9:8;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
       #597 #598  CI: Windows: Start covering MSVC 2022
            #619  CI: macOS: Migrate off deprecated macOS 10.15
            #632  CI: Linux: Make migration off deprecated Ubuntu 18.04 work
            #643  CI: Upgrade Clang from 14 to 15
            #637  apply-clang-format.sh: Add support for BSD find
            #633  coverage.sh: Exclude MinGW headers
            #635  coverage.sh: Fix name collision for -funsigned-char

        Special thanks to:
            David Faure
            Felix Wilhelm
            Frank Bergmann
            Rhodri James
            Rosen Penev
            Thijs Schreijer
            Vincent Torri
                 and
            Google Project Zero

Release 2.4.8 Mon March 28 2022
        Other changes:
            #587  pkg-config: Move "-lm" to section "Libs.private"
            #587  CMake|MSVC: Fix pkg-config section "Libs"
        #55 #582  CMake|macOS: Start using linker arguments
                    "-compatibility_version <version>" and
                    "-current_version <version>" in a way compatible with
                    GNU Libtool
       #590 #591  Version info bumped from 9:7:8 to 9:8:8;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
            #589  CI: Upgrade Clang from 13 to 14

        Special thanks to:
            evpobr
            Kai Pastor
            Sam James

Revision 1.45 / (download) - annotate - [select for diffs], Sat Mar 5 08:53:04 2022 UTC (18 months, 3 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1
Changes since 1.44: +4 -4 lines
Diff to previous 1.44 (colored)

expat: update to 2.4.7.

Release 2.4.7 Fri March 4 2022
        Bug fixes:
       #572 #577  Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
                    with regard to all valid URI characters (RFC 3986),
                    i.e. the following set (excluding whitespace):
                    ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
                    0123456789 % -._~ :/?#[]@ !$&'()*+,;=

        Other changes:
  #555 #570 #581  CMake|Windows: Store Expat version in the DLL
            #577  Document consequences of namespace separator choices not just
                    in doc/reference.html but also in header <expat.h>
            #577  Document Expat's lack of validation of namespace URIs against
                    RFC 3986, and that the XML 1.0r4 specification doesn't
                    require Expat to validate namespace URIs, and that Expat
                    may do more in that regard in future releases.
                    If you find need for strict RFC 3986 URI validation on
                    application level today, https://uriparser.github.io/ may
                    be of interest.
            #579  Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
            #575  Document that a call to XML_FreeContentModel can be done at
                    a later time from outside the element declaration handler
            #574  Make hardcoded namespace URIs easier to find in code
            #573  Update documentation on use of XML_POOR_ENTOPY on Solaris
       #569 #571  tests: Resolve use of macros NAN and INFINITY for GNU G++
                    4.8.2 on Solaris.
       #578 #580  Version info bumped from 9:6:8 to 9:7:8;
                    see https://verbump.de/ for what these numbers do

Revision 1.44 / (download) - annotate - [select for diffs], Thu Feb 24 02:47:00 2022 UTC (19 months ago) by gutteridge
Branch: MAIN
Changes since 1.43: +2 -3 lines
Diff to previous 1.43 (colored)

expat: regen distinfo for current checksum algorithms

Revision 1.43 / (download) - annotate - [select for diffs], Mon Feb 21 07:59:49 2022 UTC (19 months, 1 week ago) by jdolecek
Branch: MAIN
Changes since 1.42: +5 -4 lines
Diff to previous 1.42 (colored)

expat: update to 2.4.6

Release 2.4.6 Sun February 20 2022
        Bug fixes:
            #566  Fix a regression introduced by the fix for CVE-2022-25313
                    in release 2.4.5 that affects applications that (1)
                    call function XML_SetElementDeclHandler and (2) are
                    parsing XML that contains nested element declarations
                    (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").

        Other changes:
       #567 #568  Version info bumped from 9:5:8 to 9:6:8;
                    see https://verbump.de/ for what these numbers do

Revision 1.42 / (download) - annotate - [select for diffs], Sat Feb 19 17:53:43 2022 UTC (19 months, 1 week ago) by wiz
Branch: MAIN
Changes since 1.41: +4 -4 lines
Diff to previous 1.41 (colored)

expat: update to 2.4.5.

Release 2.4.5 Fri February 18 2022
        Security fixes:
            #562  CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
                    sequences (e.g. from start tag names) to the XML
                    processing application on top of Expat can cause
                    arbitrary damage (e.g. code execution) depending
                    on how invalid UTF-8 is handled inside the XML
                    processor; validation was not their job but Expat's.
                    Exploits with code execution are known to exist.
            #561  CVE-2022-25236 -- Passing (one or more) namespace separator
                    characters in "xmlns[:prefix]" attribute values
                    made Expat send malformed tag names to the XML
                    processor on top of Expat which can cause
                    arbitrary damage (e.g. code execution) depending
                    on such unexpectable cases are handled inside the XML
                    processor; validation was not their job but Expat's.
                    Exploits with code execution are known to exist.
            #558  CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
                    that could be triggered by e.g. a 2 megabytes
                    file with a large number of opening braces.
                    Expected impact is denial of service or potentially
                    arbitrary code execution.
            #560  CVE-2022-25314 -- Fix integer overflow in function copyString;
                    only affects the encoding name parameter at parser creation
                    time which is often hardcoded (rather than user input),
                    takes a value in the gigabytes to trigger, and a 64-bit
                    machine.  Expected impact is denial of service.
            #559  CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
                    needs input in the gigabytes and a 64-bit machine.
                    Expected impact is denial of service or potentially
                    arbitrary code execution.

        Other changes:
       #557 #564  Version info bumped from 9:4:8 to 9:5:8;
                    see https://verbump.de/ for what these numbers do

Revision 1.39.2.1 / (download) - annotate - [select for diffs], Mon Feb 7 07:09:18 2022 UTC (19 months, 3 weeks ago) by tm
Branch: pkgsrc-2021Q4
Changes since 1.39: +4 -4 lines
Diff to previous 1.39 (colored) next main 1.40 (colored)

Pullup ticket #6578 - requested by bsiegert
textproc/expat: security fix

Revisions pulled up:
- textproc/expat/Makefile                                       1.48-1.49
- textproc/expat/distinfo                                       1.40-1.41

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jan 17 08:49:34 UTC 2022

   Modified Files:
   	pkgsrc/textproc/expat: Makefile distinfo

   Log Message:
   expat: update to 2.4.3.

   Release 2.4.3 Sun January 16 2022
           Security fixes:
          #531 #534  CVE-2021-45960 -- Fix issues with left shifts by >=29 places
                       resulting in
                         a) realloc acting as free
                         b) realloc allocating too few bytes
                         c) undefined behavior
                       depending on architecture and precise value
                       for XML documents with >=2^27+1 prefixed attributes
                       on a single XML tag a la
                       "<r xmlns:a='[..]' a:a123='[..]' [..] />"
                       where XML_ParserCreateNS is used to create the parser
                       (which needs argument "-n" when running xmlwf).
                       Impact is denial of service, or more.
          #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
                       on variable m_groupSize in function doProlog leading
                       to realloc acting as free.
                       Impact is denial of service or more.
               #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
                       near memory allocation at multiple places.  Mitre assigned
                       a dedicated CVE for each involved internal C function:
                       - CVE-2022-22822 for function addBinding
                       - CVE-2022-22823 for function build_model
                       - CVE-2022-22824 for function defineAttribute
                       - CVE-2022-22825 for function lookup
                       - CVE-2022-22826 for function nextScaffoldPart
                       - CVE-2022-22827 for function storeAtts
                       Impact is denial of service or more.

           Other changes:
               #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
               #541  Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
                       and MSYS2 by not going through Wine on these platforms
          #527 #528  Address compiler warnings
          #533 #543  Version info bumped from 9:2:8 to 9:3:8;
                       see https://verbump.de/ for what these numbers do

           Infrastructure:
               #536  CI: Check for realistic minimum CMake version
          #529 #539  CI: Cover compilation with -m32
               #529  CI: Store coverage reports as artifacts for download
               #528  CI: Upgrade Clang from 11 to 13

   Release 2.4.2 Sun December 19 2021
           Other changes:
          #509 #510  Link againgst libm for function "isnan"
          #513 #514  Include expat_config.h as early as possible
               #498  Autotools: Include files with release archives:
                       - buildconf.sh
                       - fuzz/*.c
          #507 #519  Autotools: Sync CMake templates
          #495 #524  CMake: MinGW: Fix pkg-config section "Libs" for
                       - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
                       - multi-config CMake generators (e.g. Ninja Multi-Config)
          #502 #503  docs: Document that function XML_GetBuffer may return NULL
                       when asking for a buffer of 0 (zero) bytes size
          #522 #523  docs: Fix return value docs for both
                       XML_SetBillionLaughsAttackProtection* functions
          #525 #526  Version info bumped from 9:1:8 to 9:2:8;
                       see https://verbump.de/ for what these numbers do

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Tue Feb  1 12:10:18 UTC 2022

   Modified Files:
   	pkgsrc/textproc/expat: Makefile distinfo

   Log Message:
   expat: update to 2.4.4.

   Release 2.4.4 Sun January 30 2022
           Security fixes:
               #550  CVE-2022-23852 -- Fix signed integer overflow
                       (undefined behavior) in function XML_GetBuffer
                       (that is also called by function XML_Parse internally)
                       for when XML_CONTEXT_BYTES is defined to >0 (which is both
                       common and default).
                       Impact is denial of service or more.
               #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
                       doProlog triggered by large content in element type
                       declarations when there is an element declaration handler
                       present (from a prior call to XML_SetElementDeclHandler).
                       Impact is denial of service or more.

           Bug fixes:
          #544 #545  xmlwf: Fix a memory leak on output file opening error

           Other changes:
               #546  Autotools: Fix broken CMake support under Cygwin
               #554  Windows: Add missing files to the installer to fix
                       compilation with CMake from installed sources
          #552 #554  Version info bumped from 9:3:8 to 9:4:8;
                       see https://verbump.de/ for what these numbers do

Revision 1.41 / (download) - annotate - [select for diffs], Tue Feb 1 12:10:17 2022 UTC (19 months, 4 weeks ago) by wiz
Branch: MAIN
Changes since 1.40: +4 -4 lines
Diff to previous 1.40 (colored)

expat: update to 2.4.4.

Release 2.4.4 Sun January 30 2022
        Security fixes:
            #550  CVE-2022-23852 -- Fix signed integer overflow
                    (undefined behavior) in function XML_GetBuffer
                    (that is also called by function XML_Parse internally)
                    for when XML_CONTEXT_BYTES is defined to >0 (which is both
                    common and default).
                    Impact is denial of service or more.
            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
                    doProlog triggered by large content in element type
                    declarations when there is an element declaration handler
                    present (from a prior call to XML_SetElementDeclHandler).
                    Impact is denial of service or more.

        Bug fixes:
       #544 #545  xmlwf: Fix a memory leak on output file opening error

        Other changes:
            #546  Autotools: Fix broken CMake support under Cygwin
            #554  Windows: Add missing files to the installer to fix
                    compilation with CMake from installed sources
       #552 #554  Version info bumped from 9:3:8 to 9:4:8;
                    see https://verbump.de/ for what these numbers do

Revision 1.40 / (download) - annotate - [select for diffs], Mon Jan 17 08:49:34 2022 UTC (20 months, 1 week ago) by wiz
Branch: MAIN
Changes since 1.39: +4 -4 lines
Diff to previous 1.39 (colored)

expat: update to 2.4.3.

Release 2.4.3 Sun January 16 2022
        Security fixes:
       #531 #534  CVE-2021-45960 -- Fix issues with left shifts by >=29 places
                    resulting in
                      a) realloc acting as free
                      b) realloc allocating too few bytes
                      c) undefined behavior
                    depending on architecture and precise value
                    for XML documents with >=2^27+1 prefixed attributes
                    on a single XML tag a la
                    "<r xmlns:a='[..]' a:a123='[..]' [..] />"
                    where XML_ParserCreateNS is used to create the parser
                    (which needs argument "-n" when running xmlwf).
                    Impact is denial of service, or more.
       #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
                    on variable m_groupSize in function doProlog leading
                    to realloc acting as free.
                    Impact is denial of service or more.
            #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
                    near memory allocation at multiple places.  Mitre assigned
                    a dedicated CVE for each involved internal C function:
                    - CVE-2022-22822 for function addBinding
                    - CVE-2022-22823 for function build_model
                    - CVE-2022-22824 for function defineAttribute
                    - CVE-2022-22825 for function lookup
                    - CVE-2022-22826 for function nextScaffoldPart
                    - CVE-2022-22827 for function storeAtts
                    Impact is denial of service or more.

        Other changes:
            #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
            #541  Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
                    and MSYS2 by not going through Wine on these platforms
       #527 #528  Address compiler warnings
       #533 #543  Version info bumped from 9:2:8 to 9:3:8;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
            #536  CI: Check for realistic minimum CMake version
       #529 #539  CI: Cover compilation with -m32
            #529  CI: Store coverage reports as artifacts for download
            #528  CI: Upgrade Clang from 11 to 13

Release 2.4.2 Sun December 19 2021
        Other changes:
       #509 #510  Link againgst libm for function "isnan"
       #513 #514  Include expat_config.h as early as possible
            #498  Autotools: Include files with release archives:
                    - buildconf.sh
                    - fuzz/*.c
       #507 #519  Autotools: Sync CMake templates
       #495 #524  CMake: MinGW: Fix pkg-config section "Libs" for
                    - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
                    - multi-config CMake generators (e.g. Ninja Multi-Config)
       #502 #503  docs: Document that function XML_GetBuffer may return NULL
                    when asking for a buffer of 0 (zero) bytes size
       #522 #523  docs: Fix return value docs for both
                    XML_SetBillionLaughsAttackProtection* functions
       #525 #526  Version info bumped from 9:1:8 to 9:2:8;
                    see https://verbump.de/ for what these numbers do

Revision 1.39 / (download) - annotate - [select for diffs], Tue Oct 26 11:21:53 2021 UTC (23 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base
Branch point for: pkgsrc-2021Q4
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)

textproc: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./textproc/convertlit/distinfo clit18src.zip

Revision 1.38 / (download) - annotate - [select for diffs], Thu Oct 7 15:00:59 2021 UTC (23 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.37: +1 -2 lines
Diff to previous 1.37 (colored)

textproc: Remove SHA1 hashes for distfiles

Revision 1.37 / (download) - annotate - [select for diffs], Tue May 25 06:34:08 2021 UTC (2 years, 4 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2
Changes since 1.36: +5 -5 lines
Diff to previous 1.36 (colored)

expat: update to 2.4.1

Release 2.4.1 Sun May 23 2021
        Bug fixes:
       #488 #490  Autotools: Fix installed header expat_config.h for multilib
                    systems; regression introduced in 2.4.0 by pull request #486

        Other changes:
       #491 #492  Version info bumped from 9:0:8 to 9:1:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Gentoo's QA check "multilib_check_headers"

Release 2.4.0 Sun May 23 2021
        Security fixes:
   #34 #466 #484  CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
                    (denial-of-service; flavors targeting CPU time or RAM or both,
                    leveraging general entities or parameter entities or both)
                    by tracking and limiting the input amplification factor
                    (<amplification> := (<direct> + <indirect>) / <direct>).
                    By conservative default, amplification up to a factor of 100.0
                    is tolerated and rejection only starts after 8 MiB of output bytes
                    (=<direct> + <indirect>) have been processed.
                    The fix adds the following to the API:
                    - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
                      signals this specific condition.
                    - Two new API functions ..
                      - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
                      - XML_SetBillionLaughsAttackProtectionActivationThreshold
                      .. to further tighten billion laughs protection parameters
                      when desired.  Please see file "doc/reference.html" for details.
                      If you ever need to increase the defaults for non-attack XML
                      payload, please file a bug report with libexpat.
                    - Two new XML_FEATURE_* constants ..
                      - that can be queried using the XML_GetFeatureList function, and
                      - that are shown in "xmlwf -v" output.
                    - Two new environment variable switches ..
                      - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
                      - EXPAT_ENTITY_DEBUG=(0|1)
                      .. for runtime debugging of accounting and entity processing.
                      Specific behavior of these values may change in the future.
                    - Two new command line arguments "-a FACTOR" and "-b BYTES"
                      for xmlwf to further tighten billion laughs protection
                      parameters when desired.
                      If you ever need to increase the defaults for non-attack XML
                      payload, please file a bug report with libexpat.

        Bug fixes:
       #332 #470  For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
                    or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
                    for UTF-16 payloads containing CDATA sections.
       #485 #486  Autotools: Fix generated CMake files for non-64bit and
                    non-Linux platforms (e.g. macOS and MinGW in particular)
                    that were introduced with release 2.3.0

        Other changes:
       #468 #469  xmlwf: Improve help output and the xmlwf man page
            #463  xmlwf: Improve maintainability through some refactoring
            #477  xmlwf: Fix man page DocBook validity
       #458 #459  CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
                    and CMAKE_INSTALL_INCLUDEDIR
       #471 #481  CMake: Add support for standard variable BUILD_SHARED_LIBS
            #457  Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
            #467  Resolve macro HAVE_EXPAT_CONFIG_H
            #472  Delete unused legacy helper file "conftools/PrintPath"
       #473 #483  Improve attribution
  #464 #465 #477  doc/reference.html: Fix XHTML validity
       #475 #478  doc/reference.html: Replace the 90s look by OK.css
            #479  Version info bumped from 8:0:7 to 9:0:8
                    due to addition of new symbols and error codes;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
            #456  CI: Enable periodic runs
            #457  CI: Start covering the list of exported symbols
            #474  CI: Isolate coverage task
       #476 #482  CI: Adapt to breaking changes in image "ubuntu-18.04"
            #477  CI: Cover well-formedness and DocBook/XHTML validity
                    of doc/reference.html and doc/xmlwf.xml

        Special thanks to:
            Dimitry Andric
            Eero Helenius
            Nick Wellnhofer
            Rhodri James
            Tomas Korbar
            Yury Gribov
                 and
            Clang LeakSan
            JetBrains
            OSS-Fuzz

Revision 1.36 / (download) - annotate - [select for diffs], Mon May 10 09:33:33 2021 UTC (2 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.35: +5 -5 lines
Diff to previous 1.35 (colored)

expat: update to 2.3.0.

Release 2.3.0 Thu March 25 2021
        Bug fixes:
            #438  When calling XML_ParseBuffer without a prior successful call to
                    XML_GetBuffer as a user, no longer trigger undefined behavior
                    (by adding an integer to a NULL pointer) but rather return
                    XML_STATUS_ERROR and set the error code to (new) code
                    XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
                    of Clang 11 (but not Clang 9).
            #444  xmlwf: Exit status 2 was used for both:
                    - malformed input files (documented) and
                    - invalid command-line arguments (undocumented).
                    The case of invalid command-line arguments now
                    has its own exit status 4, resolving the ambiguity.

        Other changes:
            #439  xmlwf: Add argument -k to allow continuing after
                    non-fatal errors
            #439  xmlwf: Add section about exit status to the -h help output
  #422 #426 #447  Windows: Drop support for Visual Studio <=14.0/2015
            #434  Windows: CMake: Detect unsupported Visual Studio at
                    configure time (rather than at compile time)
       #382 #428  testrunner: Make verbose mode (argument "-v") report
                    about passed tests, and make default mode report about
                    failures, as well.
            #442  CMake: Call "enable_language(CXX)" prior to tinkering
                    with CMAKE_CXX_* variables
            #448  Document use of libexpat from a CMake-based project
            #451  Autotools: Install CMake files as generated by CMake 3.19.6
                    so that users with "find_package(expat [..] CONFIG [..])"
                    are served on distributions that are *not* using the CMake
                    build system inside for libexpat packaging
       #436 #437  Autotools: Drop obsolescent macro AC_HEADER_STDC
       #450 #452  Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
            #441  Address compiler warnings
            #443  Version info bumped from 7:12:6 to 8:0:7
                    due to addition of error code XML_ERROR_NO_BUFFER
                    (see https://verbump.de/ for what these numbers do)

        Infrastructure:
       #435 #446  Replace Travis CI by GitHub Actions

        Special thanks to:
            Alexander Richardson
            Oleksandr Popovych
            Thomas Beutlich
            Tim Bray
                 and
            Clang LeakSan, Clang 11 UBSan and the Clang team

Revision 1.35 / (download) - annotate - [select for diffs], Wed Oct 7 19:53:02 2020 UTC (2 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.34: +5 -5 lines
Diff to previous 1.34 (colored)

expat: update to 2.2.10.

Use cmake for building.

Release 2.2.10 Sat October 3 2020
        Bug fixes:
  #390 #395 #398  Fix undefined behavior during parsing caused by
                    pointer arithmetic with NULL pointers
       #404 #405  Fix reading uninitialized variable during parsing
            #406  xmlwf: Add missing check for malloc NULL return

        Other changes:
            #396  Windows: Drop support for Visual Studio <=8.0/2005
            #409  Windows: Add missing file "Changes" to the installer
                    to fix compilation with CMake from installed sources
            #403  xmlwf: Document exit codes in xmlwf manpage and
                    exit with code 3 (rather than code 1) for output errors
                    when used with "-d DIRECTORY"
       #356 #359  MinGW: Provide declaration of rand_s for mingwrt <5.3.0
       #383 #392  Autotools: Use -Werror while configure tests the compiler
                    for supported compile flags to avoid false positives
  #383 #393 #394  Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
                    e.g. ensure that they have the last word over flags added
                    while running ./configure
            #360  CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
                    on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
            #360  CMake: Detect and deny unsupported build combinations
                    involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
            #360  CMake: Install pre-compiled shipped xmlwf.1 manpage in case
                    of -DEXPAT_BUILD_DOCS=OFF
  #375 #380 #419  CMake: Fix use of Expat by means of add_subdirectory
       #407 #408  CMake: Keep expat target name constant at "expat"
                    (i.e. refrain from using the target name to control
                    build artifact filenames)
            #385  CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
                    Windows
                  CMake: Expose man page compilation as target "xmlwf-manpage"
       #413 #414  CMake: Introduce option EXPAT_BUILD_PKGCONFIG
                    to control generation of pkg-config file "expat.pc"
            #424  CMake: Add minimalistic support for building binary packages
                    with CMake target "package"; based on CPack
            #366  CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
                    default OFF to build fuzzer code against OSS-Fuzz and
                    related environment variable LIB_FUZZING_ENGINE
            #354  Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
    #354 #355 ..
       #356 #412  Address compiler warnings
       #368 #369  Address pngcheck warnings with doc/*.png images
                  Version info bumped from 7:11:6 to 7:12:6

        Special thanks to:
            asavah
            Ben Wagner
            Bhargava Shastry
            Frank Landgraf
            Jeffrey Walton
            Joe Orton
            Kleber Tarcísio
            Ma Lin
            Maciej Sroczyski
            Mohammed Khajapasha
            Vadim Zeitlin
                 and
            Cppcheck 2.0 and the Cppcheck team

Revision 1.34 / (download) - annotate - [select for diffs], Mon Mar 23 18:39:03 2020 UTC (3 years, 6 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.33: +5 -5 lines
Diff to previous 1.33 (colored)

expat: Update to 2.2.9

Release 2.2.9 Wed Septemper 25 2019
        Other changes:
                  examples: Drop executable bits from elements.c

Revision 1.33 / (download) - annotate - [select for diffs], Sun Sep 15 13:13:47 2019 UTC (4 years ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.32: +5 -5 lines
Diff to previous 1.32 (colored)

expat: Update to 2.2.8

Release 2.2.8 Fri Septemper 13 2019
        Security fixes:
       #317 #318  CVE-2019-15903 -- Fix heap overflow triggered by
                    XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
                    and deny internal entities closing the doctype;
                    fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43

        Bug fixes:
            #240  Fix cases where XML_StopParser did not have any effect
                    when called from inside of an end element handler
            #341  xmlwf: Fix exit code for operation without "-d DIRECTORY";
                    previously, only "-d DIRECTORY" would give you a proper
                    exit code:
                      # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
                      2
                      # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
                      0
                    Now both cases return exit code 2.

        Other changes:
       #299 #302  Windows: Replace LoadLibrary hack to access
                    unofficial API function SystemFunction036 (RtlGenRandom)
                    by using official API function rand_s (needs WinXP+)
            #325  Windows: Drop support for Visual Studio <=7.1/2003
                    and document supported compilers in README.md
            #286  Windows: Remove COM code from xmlwf; in case it turns
                    out needed later, there will be a dedicated repository
                    below https://github.com/libexpat/ for that code
            #322  Windows: Remove explicit MSVC solution and project files.
                    You can generate Visual Studio solution files through
                    CMake, e.g.: cmake -G"Visual Studio 15 2017" .
            #338  xmlwf: Make "xmlwf -h" help output more friendly
            #339  examples: Improve elements.c
       #244 #264  Autotools: Add argument --enable-xml-attr-info
       #239 #301  Autotools: Add arguments
                    --with-getrandom
                    --without-getrandom
                    --with-sys-getrandom
                    --without-sys-getrandom
       #312 #343  Autotools: Fix linking issues with "./configure LD=clang"
                  Autotools: Fix "make run-xmltest" for out-of-source builds
       #329 #336  CMake: Pull all options from Expat <=2.2.7 into namespace
                    prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
                    - BUILD_doc            -> EXPAT_BUILD_DOCS (plural)
                    - BUILD_examples       -> EXPAT_BUILD_EXAMPLES
                    - BUILD_shared         -> EXPAT_SHARED_LIBS
                    - BUILD_tests          -> EXPAT_BUILD_TESTS
                    - BUILD_tools          -> EXPAT_BUILD_TOOLS
                    - DOCBOOK_TO_MAN       -> DOCBOOK_TO_MAN (unchanged)
                    - INSTALL              -> EXPAT_ENABLE_INSTALL
                    - MSVC_USE_STATIC_CRT  -> EXPAT_MSVC_STATIC_CRT
                    - USE_libbsd           -> EXPAT_WITH_LIBBSD
                    - WARNINGS_AS_ERRORS   -> EXPAT_WARNINGS_AS_ERRORS
                    - XML_CONTEXT_BYTES    -> EXPAT_CONTEXT_BYTES
                    - XML_DEV_URANDOM      -> EXPAT_DEV_URANDOM
                    - XML_DTD              -> EXPAT_DTD
                    - XML_NS               -> EXPAT_NS
                    - XML_UNICODE          -> EXPAT_CHAR_TYPE=ushort (!)
                    - XML_UNICODE_WCHAR_T  -> EXPAT_CHAR_TYPE=wchar_t (!)
       #244 #264  CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
                    default OFF
            #326  CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
                    default OFF
            #328  CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
                    default OFF
       #239 #277  CMake: Add arguments
                    -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
                    -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
            #326  CMake: Install expat_config.h to include directory
            #326  CMake: Generate and install configuration files for
                    future find_package(expat [..] CONFIG [..])
                  CMake: Now produces a summary of applied configuration
                  CMake: Require C++ compiler only when tests are enabled
            #330  CMake: Fix compilation for 16bit character types,
                    i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
            #265  CMake: Fix linking with MinGW
            #330  CMake: Add full support for MinGW; to enable, use
                    -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
            #330  CMake: Port "make run-xmltest" from GNU Autotools to CMake
            #316  CMake: Windows: Make binary postfix match MSVC
                    Old: expat[d].lib
                    New: expat[w][d][MD|MT].lib
                  CMake: Migrate files from Windows to Unix line endings
            #308  CMake: Integrate OSS-Fuzz fuzzers, option
                    -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
             #14  Drop an OpenVMS support leftover
    #235 #268 ..
    #270 #310 ..
  #313 #331 #333  Address compiler warnings
    #282 #283 ..
       #284 #285  Address cppcheck warnings
       #294 #295  Address Clang Static Analyzer warnings
        #24 #293  Mass-apply clang-format 9 (and ensure conformance during CI)
                  Version info bumped from 7:9:6 to 7:10:6

        Special thanks to:
            David Loffredo
            Joonun Jang
            Khajapasha Mohammed
            Kishore Kunche
            Marco Maggi
            Mitch Phillips
            Rolf Ade
            xantares
            Zhongyuan Zhou

Revision 1.32 / (download) - annotate - [select for diffs], Sat Jun 29 22:36:04 2019 UTC (4 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.31: +5 -5 lines
Diff to previous 1.31 (colored)

expat: update to 2.2.7.

For a security fix.

Release 2.2.7 Wed June 19 2019
        Security fixes:
       #186 #262  Fix extraction of namespace prefixes from XML names;
                    XML names with multiple colons could end up in the
                    wrong namespace, and take a high amount of RAM and CPU
                    resources while processing, opening the door to
                    use for denial-of-service attacks

        Other changes:
       #195 #197  Autotools/CMake: Utilize -fvisibility=hidden to stop
                    exporting non-API symbols
            #227  Autotools: Add --without-examples and --without-tests
            #228  Autotools: Modernize configure.ac
       #245 #246  Autotools: Fix check for -fvisibility=hidden for Clang
       #247 #248  Autotools: Fix compilation for lack of docbook2x-man
       #236 #258  Autotools: Produce .tar.{gz,lz,xz} release archives
            #212  CMake: Make libdir of pkgconfig expat.pc support multilib
       #158 #263  CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
            #219  Remove fallback to bcopy, assume that memmove(3) exists
            #257  Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD)
            #243  Windows: Fix syntax of .def module definition files
                  Version info bumped from 7:8:6 to 7:9:6

        Special thanks to:
            Benjamin Peterson
            Caolán McNamara
            Hanno Böck
            KangLin
            Kishore Kunche
            Marco Maggi
            Rhodri James
            Sebastian Dröge
            userwithuid
            Yury Gribov

Revision 1.31 / (download) - annotate - [select for diffs], Mon Aug 20 05:24:49 2018 UTC (5 years, 1 month ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.30: +5 -5 lines
Diff to previous 1.30 (colored)

expat: update to 2.2.6.

Release 2.2.6 Sun August 12 2018
        Bug fixes:
       #170 #206  Avoid doing arithmetic with NULL pointers in XML_GetBuffer
       #204 #205  Fix 2.2.5 regression with suspend-resume while parsing
                    a document like '<root/>'

        Other changes:
       #165 #168  Autotools: Fix docbook-related configure syntax error
            #166  Autotools: Avoid grep option `-q` for Solaris
            #167  Autotools: Support
                    ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
       #159 #167  Autotools: Support DOCBOOK_TO_MAN command which produces
                    xmlwf.1 rather than XMLWF.1; also covers case insensitive
                    file systems
            #181  Autotools: Drop -rpath option passed to libtool
            #188  Autotools: Detect and deny SGML docbook2man as ours is XML
            #188  Autotools/CMake: Support command db2x_docbook2man as well
            #174  CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
       #184 #185  CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
       #207 #208  CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
                    both defaulting to OFF
            #175  CMake: Prefer check_symbol_exists over check_function_exists
            #176  CMake: Create the same pkg-config file as with GNU Autotools
       #178 #179  CMake: Use GNUInstallDirs module to set proper defaults for
                    install directories
            #208  CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
            #180  Windows: Fix compilation of test suite for Visual Studio 2008
  #131 #173 #202  Address compiler warnings
  #187 #190 #200  Fix miscellaneous typos
                  Version info bumped from 7:7:6 to 7:8:6

Release 2.2.5 Tue October 31 2017
        Bug fixes:
              #8  If the parser runs out of memory, make sure its internal
                    state reflects the memory it actually has, not the memory
                    it wanted to have.
             #11  The default handler wasn't being called when it should for
                    a SYSTEM or PUBLIC doctype if an entity declaration handler
                    was registered.
       #137 #138  Fix a case of mistakenly reported parsing success where
                    XML_StopParser was called from an element handler
            #162  Function XML_ErrorString was returning NULL rather than
                    a message for code XML_ERROR_INVALID_ARGUMENT
                    introduced with release 2.2.1

        Other changes:
            #106  xmlwf: Add argument -N adding notation declarations
        #75 #106  Test suite: Resolve expected failure cases where xmlwf
                    output was incomplete
            #127  Windows: Fix test suite compilation
       #126 #127  Windows: Fix compilation for Visual Studio 2012
                  Windows: Upgrade shipped project files to Visual Studio 2017
        #33 #132  tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
            #129  examples: Fix compilation for XML_UNICODE_WCHAR_T
            #130  benchmark: Fix compilation for XML_UNICODE_WCHAR_T
            #144  xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
                    Windows or MinGW for 2-byte wchar_t
              #9  Address two Clang Static Analyzer false positives
             #59  Resolve troublesome macros hiding parser struct membership
                    and dereferencing that pointer
              #6  Resolve superfluous internal malloc/realloc switch
       #153 #155  Improve docbook2x-man detection
            #160  Undefine NDEBUG in the test suite (rather than rejecting it)
            #161  Address compiler warnings
                  Version info bumped from 7:6:6 to 7:7:6

Revision 1.30 / (download) - annotate - [select for diffs], Fri Sep 8 07:55:17 2017 UTC (6 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3
Changes since 1.29: +5 -7 lines
Diff to previous 1.29 (colored)

Updated expat to 2.2.4.

Release 2.2.4 Sat Auguest 19 2017
        Bug fixes:
            #115  Fix copying of partial characters for UTF-8 input

        Other changes:
            #109  Fix "make check" for non-x86 architectures that default
                    to unsigned type char (-128..127 rather than 0..255)
            #109  coverage.sh: Cover -funsigned-char
                  Autotools: Introduce --without-xmlwf argument
             #65  Autotools: Replace handwritten Makefile with GNU Automake
             #43  CMake: Auto-detect high quality entropy extractors, add new
                    option USE_libbsd=ON to use arc4random_buf of libbsd
             #74  CMake: Add -fno-strict-aliasing only where supported
            #114  CMake: Always honor manually set BUILD_* options
            #114  CMake: Compile man page if docbook2x-man is available, only
            #117  Include file tests/xmltest.log.expected in source tarball
                    (required for "make run-xmltest")
            #117  Include (existing) Visual Studio 2013 files in source tarball
                  Improve test suite error output
            #111  Fix some typos in documentation
                  Version info bumped from 7:5:6 to 7:6:6

        Special thanks to:
            Jakub Wilk
            Joe Orton
            Lin Tian
            Rolf Eike Beer

Release 2.2.3 Wed August 2 2017
        Security fixes:
             #82  CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
                    using Steve Holme's LoadLibrary wrapper for/of cURL

        Bug fixes:
             #85  Fix a dangling pointer issue related to realloc

        Other changes:
                  Increase code coverage
             #91  Linux: Allow getrandom to fail if nonblocking pool has not
                    yet been initialized and read /dev/urandom then, instead.
                    This is in line with what recent Python does.
             #81  Pre-10.7/Lion macOS: Support entropy from arc4random
             #86  Check that a UTF-16 encoding in an XML declaration has the
                    right endianness
        #4 #5 #7  Recover correctly when some reallocations fail
                  Repair "./configure && make" for systems without any
                    provider of high quality entropy
                    and try reading /dev/urandom on those
                  Ensure that user-defined character encodings have converter
                    functions when they are needed
                  Fix mis-leading description of argument -c in xmlwf.1
                  Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
                    for CloudABI
            #100  Fix use of SIPHASH_MAIN in siphash.h
             #23  Test suite: Fix memory leaks
                  Version info bumped from 7:4:6 to 7:5:6

        Special thanks to:
            Chanho Park
            Joe Orton
            Pascal Cuoq
            Rhodri James
            Simon McVittie
            Vadim Zeitlin
            Viktor Szakats
                 and
            Core Infrastructure Initiative

Release 2.2.2 Wed July 12 2017
        Security fixes:
             #43  Protect against compilation without any source of high
                    quality entropy enabled, e.g. with CMake build system;
                    commit ff0207e6076e9828e536b8d9cd45c9c92069b895
             #60  Windows with _UNICODE:
                    Unintended use of LoadLibraryW with a non-wide string
                    resulted in failure to load advapi32.dll and degradation
                    in quality of used entropy when compiled with _UNICODE for
                    Windows; you can launch existing binaries with
                    EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
                    quality of entropy used during runtime; commits
                    * 95b95032f907ef1cd17ee7a9a1768010a825d61d
                    * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
   [MOX-006]      Fix non-NULL parser parameter validation in XML_Parse;
                    resulted in NULL dereference, previously;
                    commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe

        Bug fixes:
             #69  Fix improper use of unsigned long long integer literals

        Other changes:
             #73  Start requiring a C99 compiler
             #49  Fix "==" Bashism in configure script
             #50  Fix too eager getrandom detection for Debian GNU/kFreeBSD
             #52    and macOS
             #51  Address lack of stdint.h in Visual Studio 2003 to 2008
             #58  Address compile warnings
             #68  Fix "./buildconf.sh && ./configure" for some versions
                    of Dash for /bin/sh
             #72  CMake: Ease use of Expat in context of a parent project
                    with multiple CMakeLists.txt files
             #72  CMake: Resolve mistaken executable permissions
             #76  Address compile warning with -DNDEBUG (not recommended!)
             #77  Address compile warning about macro redefinition

        Special thanks to:
            Alexander Bluhm
            Ben Boeckel
            Ctlin Rceanu
            Kerin Millar
            László Böszörményi
            S. P. Zeidler
            Segev Finer
            Václav Slavík
            Victor Stinner
            Viktor Szakats
                 and
            Radically Open Security

Revision 1.26.8.1 / (download) - annotate - [select for diffs], Wed Jun 21 18:36:19 2017 UTC (6 years, 3 months ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.26: +7 -5 lines
Diff to previous 1.26 (colored) next main 1.27 (colored)

Pullup ticket #5486 - requested by sevan
textproc/expat: security fix

Revisions pulled up:
- textproc/expat/Makefile                                       1.34
- textproc/expat/distinfo                                       1.27
- textproc/expat/patches/patch-configure                        1.1
- textproc/expat/patches/patch-configure.ac                     1.1

---
   Module Name:    pkgsrc
   Committed By:   spz
   Date:           Sun Jun 18 06:01:33 UTC 2017

   Modified Files:
           pkgsrc/textproc/expat: Makefile distinfo
   Added Files:
           pkgsrc/textproc/expat/patches: patch-configure patch-configure.ac

   Log Message:
   update of expat from 2.2.0 to 2.2.1 (mostly security fixes and cleanup)

   Security issues fixed:
   CVE-2017-9233, CVE-2016-9063, improve fix for CVE-2016-5300

   fixed regression from fix to CVE-2016-0718

   Cleanup: Drop AmigaOS 4.x, Borland C++ Builder, OpenVMS, Open Watcom,
   Visual Studio 6.0 and Pre-X Mac OS support

Revision 1.29 / (download) - annotate - [select for diffs], Tue Jun 20 18:53:58 2017 UTC (6 years, 3 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)

use the variant upstream chose (Debian also ran into the issue)

Revision 1.28 / (download) - annotate - [select for diffs], Tue Jun 20 18:31:36 2017 UTC (6 years, 3 months ago) by spz
Branch: MAIN
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)

build fix for OS X and Solaris from Tim Zingelman <tez@netbsd.org>:
OS X & Solaris have sys/random.h but not getrandom() so the build fails
with a missing symbol.                                                          Test linking the getrandom snippet instead of only compiling it
in configure.

Revision 1.27 / (download) - annotate - [select for diffs], Sun Jun 18 06:01:33 2017 UTC (6 years, 3 months ago) by spz
Branch: MAIN
Changes since 1.26: +7 -5 lines
Diff to previous 1.26 (colored)

update of expat from 2.2.0 to 2.2.1 (mostly security fixes and cleanup)

Security issues fixed:
CVE-2017-9233, CVE-2016-9063, improve fix for CVE-2016-5300

fixed regression from fix to CVE-2016-0718

Cleanup: Drop AmigaOS 4.x, Borland C++ Builder, OpenVMS, Open Watcom,
Visual Studio 6.0 and Pre-X Mac OS support

Revision 1.26 / (download) - annotate - [select for diffs], Wed Jun 22 15:39:09 2016 UTC (7 years, 3 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2
Branch point for: pkgsrc-2017Q1
Changes since 1.25: +5 -10 lines
Diff to previous 1.25 (colored)

update to 2.2.0
changes:
-security patches which we already had in pkgsrc are integrated
-Use more entropy for hash initialization than the original fix
 to CVE-2012-0876
-Resolve troublesome internal call to srand that was introduced
 with Expat 2.1.0 when addressing CVE-2012-0876

Revision 1.24.2.1 / (download) - annotate - [select for diffs], Sat May 21 19:13:44 2016 UTC (7 years, 4 months ago) by bsiegert
Branch: pkgsrc-2016Q1
Changes since 1.24: +5 -1 lines
Diff to previous 1.24 (colored) next main 1.25 (colored)

Pullup ticket #5026 - requested by drochner
textproc/expat: security fix

Revisions pulled up:
- textproc/expat/Makefile                                       1.32
- textproc/expat/distinfo                                       1.25
- textproc/expat/patches/patch-CVE-2016-0718-1                  1.1
- textproc/expat/patches/patch-CVE-2016-0718-2                  1.1
- textproc/expat/patches/patch-CVE-2016-0718-3                  1.1
- textproc/expat/patches/patch-CVE-2016-0718-4                  1.1

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue May 17 19:15:01 UTC 2016

   Modified Files:
           pkgsrc/textproc/expat: Makefile distinfo
   Added Files:
           pkgsrc/textproc/expat/patches: patch-CVE-2016-0718-1
               patch-CVE-2016-0718-2 patch-CVE-2016-0718-3 patch-CVE-2016-0718-4

   Log Message:
   add patches from upstream to fix possible crashes and memory corruption
   on malformed input (CVE-2016-0718)
   Description: The Expat XML parser mishandles certain kinds of malformed
   input documents, resulting in buffer overflows during processing and
   error reporting. The overflows can manifest as a segmentation fault or
   as memory corruption during a parse operation. The bugs allow for a
   denial of service attack in many applications by an unauthenticated
   attacker, and could conceivably result in remote code execution.

   bump PKGREV

   also add an improvement to the fix for CVE-2015-1283 which was part
   of the 2.1.1 release -- don't rely on defined behaviour on overflows
   of signed integer operations, from upstream git:
   https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/

   pkgsrc change: add a hint how to run the pkg's selftest (not enabled
   permanently because this would add a dependency on C++)

Revision 1.25 / (download) - annotate - [select for diffs], Tue May 17 19:15:01 2016 UTC (7 years, 4 months ago) by drochner
Branch: MAIN
Changes since 1.24: +5 -1 lines
Diff to previous 1.24 (colored)

add patches from upstream to fix possible crashes and memory corruption
on malformed input (CVE-2016-0718)
Description: The Expat XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overflows during processing and error
reporting. The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. The bugs allow for a denial of service
attack in many applications by an unauthenticated attacker, and could
conceivably result in remote code execution.

bump PKGREV

also add an improvement to the fix for CVE-2015-1283 which was part
of the 2.1.1 release -- don't rely on defined behaviour on overflows
of signed integer operations, from upstream git:
https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/

pkgsrc change: add a hint how to run the pkg's selftest (not enabled
permanently because this would add a dependency on C++)

Revision 1.24 / (download) - annotate - [select for diffs], Wed Mar 16 19:55:55 2016 UTC (7 years, 6 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base
Branch point for: pkgsrc-2016Q1
Changes since 1.23: +5 -6 lines
Diff to previous 1.23 (colored)

Update to 2.1.1

Changelog:
Release 2.1.1 Sat March 12 2016
        Security fixes:
            #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer

        Bug fixes:
            #502: Fix potential null pointer dereference
            #520: Symbol XML_SetHashSalt was not exported
            Output of "xmlwf -h" was incomplete

        Other changes
            #503: Document behavior of calling XML_SetHashSalt with salt 0
            Minor improvements to man page xmlwf(1)
            Improvements to the experimental CMake build system
            libtool now invoked with --verbose

Revision 1.23 / (download) - annotate - [select for diffs], Fri Jan 1 01:29:30 2016 UTC (7 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)

Do not use GNU make, bump PKGREVISION
Fix circular dependency of PREFER_PKGSRC=yes case.

Revision 1.22 / (download) - annotate - [select for diffs], Wed Nov 4 01:59:28 2015 UTC (7 years, 10 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.21: +2 -1 lines
Diff to previous 1.21 (colored)

Add SHA512 digests for distfiles for textproc category

Problems found locating distfiles:
	Package cabocha: missing distfile cabocha-0.68.tar.bz2
	Package convertlit: missing distfile clit18src.zip
	Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.21 / (download) - annotate - [select for diffs], Tue Aug 4 08:47:19 2015 UTC (8 years, 1 month ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.20: +2 -1 lines
Diff to previous 1.20 (colored)

CVE-2015-1283 heap based buffer overflow in expat.
Patch via Debian bug#793484 and Mozilla. Bump.

Revision 1.20 / (download) - annotate - [select for diffs], Sun Apr 1 08:52:43 2012 UTC (11 years, 6 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.19: +4 -6 lines
Diff to previous 1.19 (colored)

Update expat to 2.1.0, contains security fixes.

Release 2.1.0 Sat March 24 2012
        - Bug Fixes:
          #1742315: Harmful XML_ParserCreateNS suggestion.
          #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
          #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
          #1983953, 2517952, 2517962, 2649838:
                Build modifications using autoreconf instead of buildconf.sh.
          #2815947, #2884086: OBJEXT and EXEEXT support while building.
          #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
          #2517938: xmlwf should return non-zero exit status if not well-formed.
          #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
          #2855609: Dangling positionPtr after error.
          #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
          #2958794: CVE-2012-1148 - Memory leak in poolGrow.
          #2990652: CMake support.
          #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
          #3206497: Unitialized memory returned from XML_Parse.
          #3287849: make check fails on mingw-w64.
          #3496608: CVE-2012-0876 - Hash DOS attack.
        - Patches:
          #1749198: pkg-config support.
          #3010222: Fix for bug #3010819.
          #3312568: CMake support.
          #3446384: Report byte offsets for attr names and values.
        - New Features / API changes:
          Added new API member XML_SetHashSalt() that allows setting an intial
                value (salt) for hash calculations. This is part of the fix for
                bug #3496608 to randomize hash parameters.
          When compiled with XML_ATTR_INFO defined, adds new API member
                XML_GetAttributeInfo() that allows retrieving the byte
                offsets for attribute names and values (patch #3446384).
          Added CMake build system.
                See bug #2990652 and patch #3312568.
          Added run-benchmark target to Makefile.in - relies on testdata module
                present in the same relative location as in the repository.

Revision 1.18.2.1 / (download) - annotate - [select for diffs], Thu Jan 28 15:57:25 2010 UTC (13 years, 8 months ago) by spz
Branch: pkgsrc-2009Q4
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored) next main 1.19 (colored)

Pullup ticket 2978 - requested by tron
security patch

Revisions pulled up:
- pkgsrc/textproc/expat/Makefile	1.25
- pkgsrc/textproc/expat/distinfo	1.19

Files added:
- pkgsrc/textproc/expat/patches/patch-ab

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue Jan 26 18:37:02 UTC 2010

   Modified Files:
           pkgsrc/textproc/expat: Makefile distinfo
   Added Files:
           pkgsrc/textproc/expat/patches: patch-ab

   Log Message:
   add patch from upstream CVS to fix CVE-2009-3560
   (possible DOS due to crash on bad input)
   bump PKGREVISION


   To generate a diff of this commit:
   cvs rdiff -u -r1.24 -r1.25 pkgsrc/textproc/expat/Makefile
   cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/expat/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/expat/patches/patch-ab

Revision 1.19 / (download) - annotate - [select for diffs], Tue Jan 26 18:37:01 2010 UTC (13 years, 8 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored)

add patch from upstream CVS to fix CVE-2009-3560
(possible DOS due to crash on bad input)
bump PKGREVISION

Revision 1.18 / (download) - annotate - [select for diffs], Sun Nov 8 08:34:32 2009 UTC (13 years, 10 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base
Branch point for: pkgsrc-2009Q4
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)

Note that patch-aa is for CVE-2009-3720.

Revision 1.16.22.1 / (download) - annotate - [select for diffs], Sun Sep 13 11:38:45 2009 UTC (14 years ago) by spz
Branch: pkgsrc-2009Q2
Changes since 1.16: +2 -1 lines
Diff to previous 1.16 (colored) next main 1.17 (colored)

Pullup ticket 2886 - requested by drochner
security fix

Revisions pulled up:
- pkgsrc/textproc/expat/Makefile	1.24
- pkgsrc/textproc/expat/distinfo	1.17

Files added:
pkgsrc/textproc/expat/patches/patch-aa	1.7

   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Thu Sep 10 09:59:21 UTC 2009

   Modified Files:
           pkgsrc/textproc/expat: Makefile distinfo
   Added Files:
           pkgsrc/textproc/expat/patches: patch-aa

   Log Message:
   fix SA36425: possible DoS due to an error when parsing certain
   UTF-8 sequences
   (patch from Python CVS)
   bump PKGREVISION

   To generate a diff of this commit:
   cvs rdiff -u -r1.23 -r1.24 pkgsrc/textproc/expat/Makefile
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/expat/distinfo
   cvs rdiff -u -r0 -r1.7 pkgsrc/textproc/expat/patches/patch-aa

Revision 1.17 / (download) - annotate - [select for diffs], Thu Sep 10 09:59:21 2009 UTC (14 years ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base, pkgsrc-2009Q3
Changes since 1.16: +2 -1 lines
Diff to previous 1.16 (colored)

fix SA36425: possible DoS due to an error when parsing certain
UTF-8 sequences
(patch from Python CVS)
bump PKGREVISION

Revision 1.16 / (download) - annotate - [select for diffs], Fri Jun 8 13:14:04 2007 UTC (16 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Branch point for: pkgsrc-2009Q2
Changes since 1.15: +4 -4 lines
Diff to previous 1.15 (colored)

Update to 2.0.1:

Release 2.0.1 Tue June 5 2007
        - Fixed bugs #1515266, 1515600: The character data handler's calling
          of XML_StopParser() was not handled properly; if the parser was
          stopped and the handler set to NULL, the parser would segfault.
        - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
          some character constants to be ASCII encoded.
        - Minor cleanups of the test harness.
        - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
        - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
        - Fixes and improvements for Windows platform:
          bugs #1409451, #1476160, 1548182, 1602769, 1717322.
        - Build fixes for various platforms:
          HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
          All Unix: #1554618 (refreshed config.sub/config.guess).
                    #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
                    without relying on GNU-Make specific features.
          #1647805: Patched configure.in to work better with Intel compiler.
        - Fixes to Makefile.in to have make check work correctly:
          bugs #1408143, #1535603, #1536684.
        - Added Open Watcom support: patch #1523242.

Revision 1.15 / (download) - annotate - [select for diffs], Sun Jan 22 16:46:02 2006 UTC (17 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base, pkgsrc-2007Q1, pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2, pkgsrc-2006Q1-base, pkgsrc-2006Q1
Changes since 1.14: +4 -5 lines
Diff to previous 1.14 (colored)

Update to 2.0.0:

Release 2.0.0 Wed Jan 11 2006
        - We no longer use the "check" library for C unit testing; we
          always use the (partial) internal implementation of the API.
        - Report XML_NS setting via XML_GetFeatureList().
        - Fixed headers for use from C++.
        - XML_GetCurrentLineNumber() and  XML_GetCurrentColumnNumber()
          now return unsigned integers.
        - Added XML_LARGE_SIZE switch to enable 64-bit integers for
          byte indexes and line/column numbers.
        - Updated to use libtool 1.5.22 (the most recent).
        - Added support for AmigaOS.
        - Some mostly minor bug fixes. SF issues include: 1006708,
          1021776, 1023646, 1114960, 1156398, 1221160, 1271642.

Revision 1.14 / (download) - annotate - [select for diffs], Thu Feb 24 14:48:41 2005 UTC (18 years, 7 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base, pkgsrc-2005Q4, pkgsrc-2005Q3-base, pkgsrc-2005Q3, pkgsrc-2005Q2-base, pkgsrc-2005Q2, pkgsrc-2005Q1-base, pkgsrc-2005Q1
Changes since 1.13: +2 -1 lines
Diff to previous 1.13 (colored)

Add RMD160 digests to the SHA1 ones.

Revision 1.13 / (download) - annotate - [select for diffs], Wed Sep 15 17:09:37 2004 UTC (19 years ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base, pkgsrc-2004Q4, pkgsrc-2004Q3-base, pkgsrc-2004Q3
Changes since 1.12: +2 -1 lines
Diff to previous 1.12 (colored)

Don't have a comma end an enumeration list, which is apparently not
allowed by GCC with -pedantic -ansi.  Bump the PKGREVISION.

Revision 1.12 / (download) - annotate - [select for diffs], Thu Aug 5 22:16:59 2004 UTC (19 years, 1 month ago) by recht
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)

update to expat-1.95.8

Release 1.95.8 Fri Jul 23 2004
        - Major new feature: suspend/resume.  Handlers can now request
          that a parse be suspended for later resumption or aborted
          altogether.  See "Temporarily Stopping Parsing" in the
          documentation for more details.
        - Some mostly minor bug fixes, but compilation should no
          longer generate warnings on most platforms.  SF issues
          include: 827319, 840173, 846309, 888329, 896188, 923913,
          928113, 961698, 985192.

Revision 1.11 / (download) - annotate - [select for diffs], Tue Mar 2 18:13:58 2004 UTC (19 years, 7 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base, pkgsrc-2004Q2, pkgsrc-2004Q1-base, pkgsrc-2004Q1
Changes since 1.10: +3 -4 lines
Diff to previous 1.10 (colored)

update to 1.95.7
bugfixes and compatibility improvements

Revision 1.10 / (download) - annotate - [select for diffs], Wed Feb 5 03:57:13 2003 UTC (20 years, 7 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base, pkgsrc-2003Q4, netbsd-1-6-1-base, netbsd-1-6-1
Changes since 1.9: +2 -1 lines
Diff to previous 1.9 (colored)

Bump PKGREVISION of textproc/expat to 1: fix an obvious C bug where types
should be declared/defined before they are used.  This should fix errors
of the form:

.../expat.h:657: use of enum `XML_Status' without previous declaration
.../expat.h:736: multiple definition of `enum XML_Status'

Revision 1.9 / (download) - annotate - [select for diffs], Thu Jan 30 11:20:49 2003 UTC (20 years, 8 months ago) by drochner
Branch: MAIN
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)

distfile has changed, pointed out by Martti Kuparinen

Revision 1.8 / (download) - annotate - [select for diffs], Thu Jan 30 10:49:13 2003 UTC (20 years, 8 months ago) by drochner
Branch: MAIN
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)

update to 1.95.6
changes:
-Added XML_FreeContentModel().
-Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
-Enhanced the regression test suite.
-bugfixes

Revision 1.7 / (download) - annotate - [select for diffs], Tue Sep 17 21:06:15 2002 UTC (21 years ago) by drochner
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)

update to 1.95.5
changes:
Added XML_UseForeignDTD() for improved SAX2 support.
Added XML_GetFeatureList().
Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
Use an incomplete struct instead of a void* for the parser.
Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
Finally fixed bug where default handler would report DTD events that were
  already handled by another handler. Initial patch
  contributed by Darryl Miller.
Reduced line-length for all source code and headers to be no longer than 80
  characters, to help with AS/400 support.
Reduced memory copying during parsing (SF patch #600964).
Fixed a variety of bugs.

Revision 1.6 / (download) - annotate - [select for diffs], Sun Aug 25 18:40:02 2002 UTC (21 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.5: +1 -1 lines
Diff to previous 1.5 (colored)

Merge changes in packages from the buildlink2 branch that have
buildlink2.mk files back into the main trunk.  This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.

Revision 1.4.2.1 / (download) - annotate - [select for diffs], Thu Aug 22 11:12:38 2002 UTC (21 years, 1 month ago) by jlam
Branch: buildlink2
Changes since 1.4: +3 -4 lines
Diff to previous 1.4 (colored) next main 1.5 (colored)

Merge changes from pkgsrc-current into the buildlink2 branch for the
packages that have buildlink2.mk files.

Revision 1.5 / (download) - annotate - [select for diffs], Tue Aug 20 11:46:50 2002 UTC (21 years, 1 month ago) by drochner
Branch: MAIN
CVS Tags: buildlink2-base
Changes since 1.4: +3 -4 lines
Diff to previous 1.4 (colored)

update to 1.95.4
changes since 1.95.2:
-Added the XML_ParserReset() API function
-Allow xmlwf to read from standard input
-Install a man page for xmlwf on Unix systems
-bugfixes
-unrelated portability enhancements

Revision 1.4 / (download) - annotate - [select for diffs], Thu Nov 22 00:55:48 2001 UTC (21 years, 10 months ago) by abs
Branch: MAIN
CVS Tags: pkgviews-base, pkgviews, netbsd-1-6-RELEASE-base, netbsd-1-6, netbsd-1-5-PATCH003
Branch point for: buildlink2
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored)

Handle gcc pre-2.8 - do not use -fexceptions in that case.
So I found a 1.3 box running pkgsrc and wanted to update apache...

Revision 1.3 / (download) - annotate - [select for diffs], Tue Aug 7 11:16:55 2001 UTC (22 years, 1 month ago) by drochner
Branch: MAIN
Changes since 1.2: +3 -3 lines
Diff to previous 1.2 (colored)

update to 1.95.2
changes:
        - Added compile-time constants that can be used to determine the
          Expat version
        - Removed a lot of GNU-specific dependencies to aide portability
          among the various Unix flavors.
        - Fix the UTF-8 BOM bug.
        - Cleaned up warning messages for several compilers.
        - Added the -Wall, -Wstrict-prototypes options for GCC.

Revision 1.2 / (download) - annotate - [select for diffs], Fri Apr 20 15:04:56 2001 UTC (22 years, 5 months ago) by skrll
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH001
Changes since 1.1: +3 -2 lines
Diff to previous 1.1 (colored)

Move to sha1 digests, and add distfile sizes.

Revision 1.1 / (download) - annotate - [select for diffs], Tue Apr 17 11:54:03 2001 UTC (22 years, 5 months ago) by agc
Branch: MAIN

+ move the distfile digest/checksum value from files/md5 to distinfo
+ move the patch digest/checksum values from files/patch-sum to distinfo

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>