<pre style='margin:0'>
Ryan Schmidt (ryandesign) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/2fdbf2eab6504d7f29f6062400bdab499d41b699">https://github.com/macports/macports-ports/commit/2fdbf2eab6504d7f29f6062400bdab499d41b699</a></p>
<pre style="white-space: pre; background: #F8F8F8"><span style='display:block; white-space:pre;color:#808000;'>commit 2fdbf2eab6504d7f29f6062400bdab499d41b699
</span>Author: Ryan Schmidt <ryandesign@macports.org>
AuthorDate: Sun Jan 30 22:12:08 2022 -0600
<span style='display:block; white-space:pre;color:#404040;'> expat: Update to 2.4.4
</span>---
textproc/expat/Portfile | 14 +++----
.../847a645152f5ebc10ac63b74b604d0c1a79fae40.patch | 27 --------------
.../ede41d1e186ed2aba88a06e84cac839b770af3a1.patch | 43 ----------------------
3 files changed, 5 insertions(+), 79 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/textproc/expat/Portfile b/textproc/expat/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 86210814175..ac55d0d3b4a 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/textproc/expat/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/textproc/expat/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -6,11 +6,11 @@ PortSystem 1.0
</span> PortGroup muniversal 1.0
name expat
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version 2.4.3
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums rmd160 c313bd1e965fdf6325e395412cfecd7b7a5051f0 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 6f262e216a494fbf42d8c22bc841b3e117c21f2467a19dc4c27c991b5622f986 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- size 559674
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 2.4.4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums rmd160 7ded02859517cd17ddef8c0900f34875911b024c \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 14c58c2a0b5b8b31836514dfab41bd191836db7aa7b84ae5c47bc0327a20d64a \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 556452
</span>
categories textproc devel
platforms darwin freebsd
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -31,10 +31,6 @@ master_sites sourceforge:project/${name}/${name}/${version}
</span> # e.g. clang-3.4 depends on python27-bootstrap which depends on expat.
use_bzip2 yes
<span style='display:block; white-space:pre;background:#ffe0e0;'>-patch.pre_args -p2
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-patchfiles 847a645152f5ebc10ac63b74b604d0c1a79fae40.patch \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ede41d1e186ed2aba88a06e84cac839b770af3a1.patch
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span> if {${os.platform} eq "darwin" && ${os.major} < 11} {
# Having the stdlib set to libc++ on 10.6 causes a dependency on a
# macports-clang compiler to be added, which would be a dep cycle.
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/textproc/expat/files/847a645152f5ebc10ac63b74b604d0c1a79fae40.patch b/textproc/expat/files/847a645152f5ebc10ac63b74b604d0c1a79fae40.patch
</span>deleted file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index aab1e763fbf..00000000000
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/textproc/expat/files/847a645152f5ebc10ac63b74b604d0c1a79fae40.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,27 +0,0 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-From 847a645152f5ebc10ac63b74b604d0c1a79fae40 Mon Sep 17 00:00:00 2001
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-From: Samanta Navarro <ferivoz@riseup.net>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Date: Sat, 22 Jan 2022 17:48:00 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Subject: [PATCH] lib: Detect and prevent integer overflow in XML_GetBuffer
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- (CVE-2022-23852)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>----
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- expat/lib/xmlparse.c | 5 +++++
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 1 file changed, 5 insertions(+)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-index d54af683..5ce31402 100644
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- ./expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ ./expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -2067,6 +2067,11 @@ XML_GetBuffer(XML_Parser parser, int len) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- keep = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (keep > XML_CONTEXT_BYTES)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- keep = XML_CONTEXT_BYTES;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /* Detect and prevent integer overflow */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (keep > INT_MAX - neededSize) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ parser->m_errorCode = XML_ERROR_NO_MEMORY;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- neededSize += keep;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #endif /* defined XML_CONTEXT_BYTES */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (neededSize
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/textproc/expat/files/ede41d1e186ed2aba88a06e84cac839b770af3a1.patch b/textproc/expat/files/ede41d1e186ed2aba88a06e84cac839b770af3a1.patch
</span>deleted file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 3806a1ce22a..00000000000
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/textproc/expat/files/ede41d1e186ed2aba88a06e84cac839b770af3a1.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,43 +0,0 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-From ede41d1e186ed2aba88a06e84cac839b770af3a1 Mon Sep 17 00:00:00 2001
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-From: Sebastian Pipping <sebastian@pipping.org>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Date: Wed, 26 Jan 2022 02:36:43 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Subject: [PATCH] lib: Prevent integer overflow in doProlog (CVE-2022-23990)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-The change from "int nameLen" to "size_t nameLen"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-addresses the overflow on "nameLen++" in code
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-"for (; name[nameLen++];)" right above the second
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-change in the patch.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>----
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- expat/lib/xmlparse.c | 10 ++++++++--
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 1 file changed, 8 insertions(+), 2 deletions(-)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-index 5ce31402..d1d17005 100644
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- ./expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ ./expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -5372,7 +5372,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (dtd->in_eldecl) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ELEMENT_TYPE *el;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- const XML_Char *name;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- int nameLen;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ size_t nameLen;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- const char *nxt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- = (quant == XML_CQUANT_NONE ? next : next - enc->minBytesPerChar);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- int myindex = nextScaffoldPart(parser);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -5388,7 +5388,13 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- nameLen = 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- for (; name[nameLen++];)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- dtd->contentStringLen += nameLen;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /* Detect and prevent integer overflow */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (nameLen > UINT_MAX - dtd->contentStringLen) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return XML_ERROR_NO_MEMORY;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ dtd->contentStringLen += (unsigned)nameLen;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (parser->m_elementDeclHandler)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- handleDefault = XML_FALSE;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span></pre><pre style='margin:0'>
</pre>