https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276946

            Bug ID: 276946
           Summary: textproc/expat2: Update to 2.6.0
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/libexpat/libexpat/blob/R_2_6_0/expa
                    t/Changes
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: desk...@freebsd.org
          Reporter: dii...@freebsd.org
          Assignee: desk...@freebsd.org
             Flags: maintainer-feedback?(desk...@freebsd.org)

Created attachment 248311
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=248311&action=edit
Patch for expat2

Fixes CVEs: CVE-2023-52425 and CVE-2023-52426

References:
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2023-52426

Compile and runtime tested on FreeBSD 14.0-RELEASE (amd64) (make, make
check-plist, make test)
Compile and runtime tested on FreeBSD 14.0-RELEASE (aarch64) (make, make
check-plist, make test)

Poudriere testport OK 14.0-RELEASE (amd64)
Poudriere testport OK 13.2-RELEASE (amd64)

Tested with following consumers in 14.0-RELEASE (amd64) using Poudriere:
archivers/libarchive
astro/gpsbabel14
astro/opencpn
astro/osmium-tool
astro/readosm
astro/viking
audio/audacity
sysutils/procenv
astro/libosmium
audio/boca
audio/calf-lv2
audio/drumgizmo
audio/gogglesmm
audio/jack
audio/ladish
audio/mumble
audio/musicpd
audio/vst3sdk
benchmarks/flowgrind
cad/PrusaSlicer
cad/brlcad
cad/camotics
cad/freecad
cad/lepton-eda
cad/opencascade
cad/openvsp
comms/obexapp
comms/trustedqsl
converters/osm2pgrouting
converters/osm2pgsql
databases/spatialite-tools
deskutils/fbreader
deskutils/gnome-contacts
deskutils/presage
devel/anjuta
devel/apr1
devel/avr-gdb
devel/cbang
devel/cmake-core
devel/cmake-gui
devel/dbus
devel/dbus-c++
devel/dbus-glib
devel/electron25
devel/electron26
devel/electron27
devel/electron28
devel/gdb
devel/gdcm
devel/git
devel/ice
devel/ice37
devel/kdesvn
devel/libdatovka
devel/libopkele
devel/libpdel
devel/log4c
devel/log4cxx
devel/p5-subversion
devel/poco
devel/ptlib
devel/py-subversion
devel/pysvn
devel/rsvndump
devel/ruby-subversion
devel/sdbus-cpp
devel/simgear
devel/subversion
devel/subversion-lts
dns/getdns
dns/unbound
editors/libreoffice
editors/openoffice-4
editors/openoffice-devel
editors/vscode
editors/xmlcopyeditor
emulators/mame
finance/beanie
ftp/lftp
games/augustus
games/battletanks
games/dreamchess
games/easyrpg-player
games/ezquake
games/flightgear
games/liblcf
games/moonlight-embedded
games/nimuh
games/xpilot-ng-server
graphics/art
graphics/aseprite
graphics/blender        (fails, unrelated)
graphics/cegui
graphics/cloudcompare
graphics/dcp2icc
graphics/digikam
graphics/exiv2
graphics/gdal
graphics/gimp-app
graphics/glosm
graphics/graphviz
graphics/libosmesa
graphics/libwmf
graphics/libwmf-nox11
graphics/mapserver
graphics/mesa-devel
graphics/mesa-dri
graphics/mesa-gallium-va
graphics/mesa-gallium-vdpau
graphics/mesa-gallium-xa
graphics/mesa-libs
graphics/mirtk
graphics/opencolorio
graphics/opencolorio-tools
graphics/openfx-arena
graphics/py-opencolorio         (fails, unrelated)
graphics/qgis
graphics/qgis-ltr
graphics/rawtherapee
graphics/vips
graphics/vv
graphics/wayland
graphics/wdune
graphics/wxsvg
java/java-subversion
lang/clover
lang/smalltalk
mail/claws-mail
mail/libetpan
math/R-cran-units
math/vtk8
math/vtk9
misc/libcomps
misc/libmetalink
misc/libsolv
misc/owrep
multimedia/dvdauthor
multimedia/kodi
multimedia/kodi-addon-inputstream.adaptive
multimedia/libxspf
multimedia/mythtv
multimedia/snapcast
net/avahi-app
net/c3270
net/grive2
net/libarms
net/libnpupnp
net/mad_fcl
net/ntopng
net/opensips31
net/rpki-client
net/tcpflow
net/ulxmlrpcpp
net/xmlrpc-c
net/xmlrpc-epi
net/zebra-server
net-im/biboumi
net-im/ejabberd
net-im/jabberd          (fails, unrelated)
net-im/libmesode
net-im/libstrophe
net-im/signal-desktop
net-mgmt/netxms
print/miktex
science/InsightToolkit
science/InsightToolkit501
science/R-cran-udunits2
science/afni
science/dakota
science/elmerfem
science/geant4
science/gnudatalanguage
science/libkml
science/liggghts
science/massxpert
science/orthanc-dicomweb
science/orthanc-webviewer
science/paraview
science/udunits
science/vmd
science/votca           (fails, unrelated)
science/zotero
security/kdbxviewer
security/ophcrack
security/rats
security/shibboleth-sp
security/subversion-gnome-keyring
sysutils/afflib
sysutils/bulk_extractor
sysutils/eclat
sysutils/ftwin
sysutils/fusefs-httpdirfs
sysutils/fusefs-s3backer
sysutils/ganglia-monitor-core
sysutils/libdnf
sysutils/polkit
textproc/domc
textproc/exempi
textproc/fcitx5
textproc/freexl
textproc/libxode
textproc/luaexpat
textproc/modlogan       (fails, unrelated)
textproc/ocaml-expat
textproc/p5-XML-Parser
textproc/p5-XML-SAX-ExpatXS
textproc/refdb
textproc/rnv
textproc/sablotron
textproc/scew
textproc/scim-openvanilla
textproc/sphinxsearch
textproc/teckit
textproc/wbxml2
textproc/xmlppm
www/apache24
www/chromium
www/cplanet
www/htdigest
www/httest
www/iridium
www/libapreq2
www/libdom
www/libwww
www/mod_dav_svn
www/mod_security
www/neon
www/netsurf
www/osrm-backend
www/qt6-webengine
www/ungoogled-chromium
x11/x3270
x11/xforward
x11-fonts/fontconfig
x11-toolkits/wxgtk30
x11-toolkits/wxgtk32
x11-wm/echinus

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to