[Bug 261285] [exp-run] update texproc/expat2 to 2.4.3

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 261285] [exp-run] update texproc/expat2 to 2.4.3"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 18 Jan 2022 08:52:27 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261285

Xin LI <delphij@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|Affects Only Me             |Affects Many People
                 CC|                            |delphij@FreeBSD.org,
                   |                            |secteam@FreeBSD.org

--- Comment #1 from Xin LI <delphij@FreeBSD.org> ---
For portmgr -- The two versions (2.4.2 and 2.4.3) are ABI and API compatible.

Code diff can be reviewed here:
https://github.com/libexpat/libexpat/compare/R_2_4_2...R_2_4_3

I've replaced my own desktop's expat2 with an independently created and almost
identical patch and didn't observed any issue (as expected).

Note that unlike the base system bundled expat2 (libbsdxml) which processes
mostly trusted data (GEOM, libmt were from kernel; the exception was
unbound-anchor, but that was signed data), vulnerabilities in port expat2 could
be a greater threat.

-- 
You are receiving this mail because:
You are on the CC list for the bug.