Update libexpat to version 2.6.3.

Relevant for OpenBSD are security fixes #887 #890 #888 #891 #889
#892, other changes #886 #885, infrastructure #880. No library
bump necessary. CVE-2024-45490 CVE

Update libexpat to version 2.6.3.

Relevant for OpenBSD are security fixes #887 #890 #888 #891 #889
#892, other changes #886 #885, infrastructure #880. No library
bump necessary. CVE-2024-45490 CVE-2024-45491 CVE-2024-45492

OK tb@ deraadt@

show more ...

Update libexpat to version 2.6.0.

This fixes CVE-2023-52425. OpenBSD is not affected by CVE-2023-52426.
Relevant for OpenBSD are security fixes #789 #814, bug fixes #753
#812 #813, other changes #7

Update libexpat to version 2.6.0.

This fixes CVE-2023-52425. OpenBSD is not affected by CVE-2023-52426.
Relevant for OpenBSD are security fixes #789 #814, bug fixes #753
#812 #813, other changes #771 #788 #764 #765, and examples, docs,
compiler warnings, clang-tidy, tests. Only a minor library bump
is necessary, this has been discussed with tb@ guenther@ kettenis@.

OK deraadt@

show more ...

Update libexpat to 2.4.9. This fixes CVE-2022-40674. Relevant for
OpenBSD are security fixes #629 #640 and other changes #610 #643.
No library bump necessary.
OK deraadt@

Update libexpat to 2.3.0. Relevant for OpenBSD are only bug fix
#438 and other change #443. A new error constant has been added
to a public header file. According to guenther@ this is an ABI
break

Update libexpat to 2.3.0. Relevant for OpenBSD are only bug fix
#438 and other change #443. A new error constant has been added
to a public header file. According to guenther@ this is an ABI
break that requires a major bump.
OK tb@; tested by matthieu@

show more ...

Update libexpat to 2.2.8. CVE-2019-15903 has been fixed earlier
in our tree. Relevant is only bug fix #240. Most of the upstream
diff is automated source format change.
OK deraadt@

Update libexpat to 2.2.6. Relevant for OpenBSD is
- Avoid doing arithmetic with NULL pointers in XML_GetBuffer
- Fix 2.2.5 regression with suspend-resume while parsing
a document like '<root/>'
-

Update libexpat to 2.2.6. Relevant for OpenBSD is
- Avoid doing arithmetic with NULL pointers in XML_GetBuffer
- Fix 2.2.5 regression with suspend-resume while parsing
a document like '<root/>'
- Address compiler warnings
- Fix miscellaneous typos

show more ...

Update libexpat to 2.2.3. Only few changes affect OpenBSD.
OK deraadt@

Update libexpat to 2.2.2. Fixes NULL parser dereference.
no objections deraadt@

Add ULL suffix to 64 bit constants. This avoids compiler warnings
on i386 and allows to compile the C++ test. Upstream dropped the
ULL in an insufficient attempt to make the siphash code C89 compat

Add ULL suffix to 64 bit constants. This avoids compiler warnings
on i386 and allows to compile the C++ test. Upstream dropped the
ULL in an insufficient attempt to make the siphash code C89 compatible.
Their fix will be more complicated.
No binary change.

show more ...

Update libexpat to version 2.2.1 which has some security fixes.
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have

Update libexpat to version 2.2.1 which has some security fixes.
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been
addressed. Not all of them affect OpenBSD as we had fixes before.
- Upstream uses arc4random_buf(3) now. Delete all code for other
entropy sources to make sure to compile the correct one. Our
library already used arc4random(3) before.
- The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c
have been commited upstream in a different way. Use the upstream
code to make maintenance easier.
- Although it should be ABI compatible, there is a new global
symbol align_limit_to_full_utf8_characters. As it is in
lib/internal.h, add a Symbols.map to restrict the export. Do not
bump the shared library version.
- Use the internal expat's siphash.h.
ports build ajacoutot@; move ahead deraadt@

show more ...