Date: Fri, 11 Jun 2021 12:43:49 -0400 From: Dan Langille <dan@langille.org> To: "Tobias C. Berner" <tcberner@freebsd.org> Cc: "ports-committers@freebsd.org" <ports-committers@FreeBSD.org>, "dev-commits-ports-all@freebsd.org" <dev-commits-ports-all@FreeBSD.org>, "dev-commits-ports-main@freebsd.org" <dev-commits-ports-main@FreeBSD.org> Subject: Re: git: 1454ab40206b - main - textprox/expat2: update to 2.4.1 -- fixes CVE-2013-0340/CWE-776 Message-ID: <C1318FBD-E595-449C-B628-7180DB5D4BBB@langille.org> In-Reply-To: <202105270857.14R8v5ri039237@gitrepo.freebsd.org> References: <202105270857.14R8v5ri039237@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On May 27, 2021, at 4:57 AM, Tobias C. Berner <tcberner@freebsd.org> = wrote: >=20 > The branch main has been updated by tcberner: >=20 > URL: = https://cgit.FreeBSD.org/ports/commit/?id=3D1454ab40206b85f94edb6390e0d96c= 9716a07399 >=20 > commit 1454ab40206b85f94edb6390e0d96c9716a07399 > Author: Tobias C. Berner <tcberner@FreeBSD.org> > AuthorDate: 2021-05-24 14:38:28 +0000 > Commit: Tobias C. Berner <tcberner@FreeBSD.org> > CommitDate: 2021-05-27 08:56:26 +0000 >=20 > textprox/expat2: update to 2.4.1 -- fixes CVE-2013-0340/CWE-776 >=20 > See [1] for details: > Expat 2.4.0 and follow-up release 2.4.1 have both been = released earlier > today (21-05-23). Release 2.4.0 fixes long known security = issue CVE-2013-0340 by > adding protection against so-called Billion Laughs Attacks, = a form of > denial of service against applications accepting XML input, = in all known > variations, including recent flavor Parameter Laughs. >=20 > [1] = https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expa= t-2-4-0 >=20 > PR: 256121 > Exp-run by: antoine Given this was a vuln fix, is there any reason I should not backport = this to 2021Q2? That branch still has 2.2.0 =E2=80=94=20 Dan Langille http://langille <http://langille/>.org/ > --- > textproc/expat2/Makefile | 4 +++- > textproc/expat2/distinfo | 6 +++--- > textproc/expat2/pkg-plist | 10 +++++----- > 3 files changed, 11 insertions(+), 9 deletions(-) >=20 > diff --git a/textproc/expat2/Makefile b/textproc/expat2/Makefile > index 69d0c38f232c..f24d6a60a027 100644 > --- a/textproc/expat2/Makefile > +++ b/textproc/expat2/Makefile > @@ -1,7 +1,7 @@ > # Created by: Dirk Froemberg <dirk@FreeBSD.org> >=20 > PORTNAME=3D expat > -DISTVERSION=3D 2.3.0 > +DISTVERSION=3D 2.4.1 > CATEGORIES=3D textproc > MASTER_SITES=3D = https://github.com/libexpat/libexpat/releases/download/R_${DISTVERSION:S|.= |_|g}/ >=20 > @@ -30,6 +30,8 @@ SHEBANG_FILES=3D test-driver-wrapper.sh = tests/udiffer.py tests/xmltest.sh > TEST_CONFIGURE_WITH=3D tests > TEST_TARGET=3D check >=20 > +PLIST_SUB=3D EXPAT_VERSION=3D${DISTVERSION} > + > post-install: > ${INSTALL_MAN} ${WRKSRC}/doc/xmlwf.1 = ${STAGEDIR}${MANPREFIX}/man/man1/ >=20 > diff --git a/textproc/expat2/distinfo b/textproc/expat2/distinfo > index 96d40c66930f..5c679b618856 100644 > --- a/textproc/expat2/distinfo > +++ b/textproc/expat2/distinfo > @@ -1,3 +1,3 @@ > -TIMESTAMP =3D 1616672812 > -SHA256 (expat-2.3.0.tar.xz) =3D = caa34f99b6e3bcea8502507eb6549a0a84510b244a748dfb287271b2d47467a9 > -SIZE (expat-2.3.0.tar.xz) =3D 433508 > +TIMESTAMP =3D 1621866901 > +SHA256 (expat-2.4.1.tar.xz) =3D = cf032d0dba9b928636548e32b327a2d66b1aab63c4f4a13dd132c2d1d2f2fb6a > +SIZE (expat-2.4.1.tar.xz) =3D 445024 > diff --git a/textproc/expat2/pkg-plist b/textproc/expat2/pkg-plist > index 23469f8fae33..2e7b447c5e0f 100644 > --- a/textproc/expat2/pkg-plist > +++ b/textproc/expat2/pkg-plist > @@ -2,14 +2,14 @@ bin/xmlwf > include/expat.h > include/expat_config.h > include/expat_external.h > -lib/cmake/expat-2.3.0/expat-config-version.cmake > -lib/cmake/expat-2.3.0/expat-config.cmake > -lib/cmake/expat-2.3.0/expat-noconfig.cmake > -lib/cmake/expat-2.3.0/expat.cmake > +lib/cmake/expat-%%EXPAT_VERSION%%/expat-config-version.cmake > +lib/cmake/expat-%%EXPAT_VERSION%%/expat-config.cmake > +lib/cmake/expat-%%EXPAT_VERSION%%/expat-noconfig.cmake > +lib/cmake/expat-%%EXPAT_VERSION%%/expat.cmake > %%STATIC%%lib/libexpat.a > lib/libexpat.so > lib/libexpat.so.1 > -lib/libexpat.so.1.7.0 > +lib/libexpat.so.1.8.1 > libdata/pkgconfig/expat.pc > man/man1/xmlwf.1.gz > %%PORTDOCS%%%%DOCSDIR%%/AUTHORS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C1318FBD-E595-449C-B628-7180DB5D4BBB>