textprox/expat2: update to 2.4.1 -- fixes CVE-2013-0340/CWE-776

See [1] for details: Expat 2.4.0 and follow-up release 2.4.1 have both been released earlier today (21-05-23). Release 2.4.0 fixes long known security issue CVE-2013-0340 by adding protection against so-called Billion Laughs Attacks, a form of denial of service against applications accepting XML input, in all known variations, including recent flavor Parameter Laughs. [1] https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0 PR: 256121 Exp-run by: antoine (cherry picked from commit 1454ab4020)
2021-05-24 16:38:28 +02:00 · 2021-05-24 16:38:28 +02:00 · 7735cbdd13
commit 7735cbdd13
parent 2ea11f7275
3 changed files with 18 additions and 9 deletions
--- a/textproc/expat2/Makefile
+++ b/textproc/expat2/Makefile
@ -1,9 +1,9 @@
 # Created by: Dirk Froemberg <dirk@FreeBSD.org>

 PORTNAME=	expat
-PORTVERSION=	2.2.10
+DISTVERSION=	2.4.1
 CATEGORIES=	textproc
-MASTER_SITES=	https://github.com/libexpat/libexpat/releases/download/R_${PORTVERSION:S|.|_|g}/
+MASTER_SITES=	https://github.com/libexpat/libexpat/releases/download/R_${DISTVERSION:S|.|_|g}/

 MAINTAINER=	desktop@FreeBSD.org
 COMMENT=	XML 1.0 parser written in C
@ -13,20 +13,25 @@ LICENSE_FILE=	${WRKSRC}/COPYING

 TEST_DEPENDS=	bash:shells/bash

-GNU_CONFIGURE=	yes
 USES=		libtool pathfix python:test tar:xz
 USE_LDCONFIG=	yes
+GNU_CONFIGURE=	yes
+
 CONFIGURE_ARGS=	--without-docbook --without-examples
 INSTALL_TARGET=	install-strip

-OPTIONS_DEFINE=	DOCS TEST
+OPTIONS_DEFINE=	DOCS STATIC TEST
 OPTIONS_SUB=	yes

+STATIC_CONFIGURE_ENABLE=	static
+
 TEST_USES=	shebangfix
 SHEBANG_FILES=	test-driver-wrapper.sh tests/udiffer.py tests/xmltest.sh
 TEST_CONFIGURE_WITH=	tests
 TEST_TARGET=	check

+PLIST_SUB=	EXPAT_VERSION=${DISTVERSION}
+
 post-install:
 	${INSTALL_MAN} ${WRKSRC}/doc/xmlwf.1 ${STAGEDIR}${MANPREFIX}/man/man1/

--- a/textproc/expat2/distinfo
+++ b/textproc/expat2/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1601788459
-SHA256 (expat-2.2.10.tar.xz) = 5dfe538f8b5b63f03e98edac520d7d9a6a4d22e482e5c96d4d06fcc5485c25f2
-SIZE (expat-2.2.10.tar.xz) = 425432
+TIMESTAMP = 1621866901
+SHA256 (expat-2.4.1.tar.xz) = cf032d0dba9b928636548e32b327a2d66b1aab63c4f4a13dd132c2d1d2f2fb6a
+SIZE (expat-2.4.1.tar.xz) = 445024
--- a/textproc/expat2/pkg-plist
+++ b/textproc/expat2/pkg-plist
@ -2,10 +2,14 @@ bin/xmlwf
 include/expat.h
 include/expat_config.h
 include/expat_external.h
-lib/libexpat.a
+lib/cmake/expat-%%EXPAT_VERSION%%/expat-config-version.cmake
+lib/cmake/expat-%%EXPAT_VERSION%%/expat-config.cmake
+lib/cmake/expat-%%EXPAT_VERSION%%/expat-noconfig.cmake
+lib/cmake/expat-%%EXPAT_VERSION%%/expat.cmake
+%%STATIC%%lib/libexpat.a
 lib/libexpat.so
 lib/libexpat.so.1
-lib/libexpat.so.1.6.12
+lib/libexpat.so.1.8.1
 libdata/pkgconfig/expat.pc
 man/man1/xmlwf.1.gz
 %%PORTDOCS%%%%DOCSDIR%%/AUTHORS