git: 7735cbdd1310 - 2021Q2 - textprox/expat2: update to 2.4.1 -- fixes CVE-2013-0340/CWE-776

Mon Jun 14 15:51:18 UTC 2021

The branch 2021Q2 has been updated by tcberner:

URL: https://cgit.FreeBSD.org/ports/commit/?id=7735cbdd131003bbbb0c9238f1468db734b89bc4

commit 7735cbdd131003bbbb0c9238f1468db734b89bc4
Author:     Tobias C. Berner <tcberner at FreeBSD.org>
AuthorDate: 2021-05-24 14:38:28 +0000
Commit:     Tobias C. Berner <tcberner at FreeBSD.org>
CommitDate: 2021-06-14 15:50:41 +0000

    textprox/expat2: update to 2.4.1 -- fixes CVE-2013-0340/CWE-776
    
    See [1] for details:
            Expat 2.4.0 and follow-up release 2.4.1 have both been released earlier
            today (21-05-23). Release 2.4.0 fixes long known security issue CVE-2013-0340 by
            adding protection against so-called Billion Laughs Attacks, a form of
            denial of service against applications accepting XML input, in all known
            variations, including recent flavor Parameter Laughs.
    
    [1] https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0
    
    PR:             256121
    Exp-run by:     antoine
    
    (cherry picked from commit 1454ab40206b85f94edb6390e0d96c9716a07399)
---
 textproc/expat2/Makefile  | 13 +++++++++----
 textproc/expat2/distinfo  |  6 +++---
 textproc/expat2/pkg-plist |  8 ++++++--
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/textproc/expat2/Makefile b/textproc/expat2/Makefile
index 5006d8b6c6f8..f24d6a60a027 100644
--- a/textproc/expat2/Makefile
+++ b/textproc/expat2/Makefile
@@ -1,9 +1,9 @@
 # Created by: Dirk Froemberg <dirk at FreeBSD.org>
 
 PORTNAME=	expat
-PORTVERSION=	2.2.10
+DISTVERSION=	2.4.1
 CATEGORIES=	textproc
-MASTER_SITES=	https://github.com/libexpat/libexpat/releases/download/R_${PORTVERSION:S|.|_|g}/
+MASTER_SITES=	https://github.com/libexpat/libexpat/releases/download/R_${DISTVERSION:S|.|_|g}/
 
 MAINTAINER=	desktop at FreeBSD.org
 COMMENT=	XML 1.0 parser written in C
@@ -13,20 +13,25 @@ LICENSE_FILE=	${WRKSRC}/COPYING
 
 TEST_DEPENDS=	bash:shells/bash
 
-GNU_CONFIGURE=	yes
 USES=		libtool pathfix python:test tar:xz
 USE_LDCONFIG=	yes
+GNU_CONFIGURE=	yes
+
 CONFIGURE_ARGS=	--without-docbook --without-examples
 INSTALL_TARGET=	install-strip
 
-OPTIONS_DEFINE=	DOCS TEST
+OPTIONS_DEFINE=	DOCS STATIC TEST
 OPTIONS_SUB=	yes
 
+STATIC_CONFIGURE_ENABLE=	static
+
 TEST_USES=	shebangfix
 SHEBANG_FILES=	test-driver-wrapper.sh tests/udiffer.py tests/xmltest.sh
 TEST_CONFIGURE_WITH=	tests
 TEST_TARGET=	check
 
+PLIST_SUB=	EXPAT_VERSION=${DISTVERSION}
+
 post-install:
 	${INSTALL_MAN} ${WRKSRC}/doc/xmlwf.1 ${STAGEDIR}${MANPREFIX}/man/man1/
 
diff --git a/textproc/expat2/distinfo b/textproc/expat2/distinfo
index 236e97e3d074..5c679b618856 100644
--- a/textproc/expat2/distinfo
+++ b/textproc/expat2/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1601788459
-SHA256 (expat-2.2.10.tar.xz) = 5dfe538f8b5b63f03e98edac520d7d9a6a4d22e482e5c96d4d06fcc5485c25f2
-SIZE (expat-2.2.10.tar.xz) = 425432
+TIMESTAMP = 1621866901
+SHA256 (expat-2.4.1.tar.xz) = cf032d0dba9b928636548e32b327a2d66b1aab63c4f4a13dd132c2d1d2f2fb6a
+SIZE (expat-2.4.1.tar.xz) = 445024
diff --git a/textproc/expat2/pkg-plist b/textproc/expat2/pkg-plist
index a3b033281188..2e7b447c5e0f 100644
--- a/textproc/expat2/pkg-plist
+++ b/textproc/expat2/pkg-plist
@@ -2,10 +2,14 @@ bin/xmlwf
 include/expat.h
 include/expat_config.h
 include/expat_external.h
-lib/libexpat.a
+lib/cmake/expat-%%EXPAT_VERSION%%/expat-config-version.cmake
+lib/cmake/expat-%%EXPAT_VERSION%%/expat-config.cmake
+lib/cmake/expat-%%EXPAT_VERSION%%/expat-noconfig.cmake
+lib/cmake/expat-%%EXPAT_VERSION%%/expat.cmake
+%%STATIC%%lib/libexpat.a
 lib/libexpat.so
 lib/libexpat.so.1
-lib/libexpat.so.1.6.12
+lib/libexpat.so.1.8.1
 libdata/pkgconfig/expat.pc
 man/man1/xmlwf.1.gz
 %%PORTDOCS%%%%DOCSDIR%%/AUTHORS
