textproc/expat2: Update to 2.6.4

Fixes CVE-2024-50602

Changelog: https://github.com/libexpat/libexpat/blob/R_2_6_4/expat/Changes

PR:		282637
Approved by:	portmgr (maintainer timeout, 2+ weeks) and discussed with
		fluffy on Matrix

textproc/expat2: Update to 2.6.3

Fixes CVEs:
CVE-2024-45490
CVE-2024-45491
CVE-2024-45492

* Remove GNU_CONFIGURE_MANPREFIX

Changelog:
https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes

PR:		281273
Approved by:	desktop (fluffy)
Exp-run by:	antoine

textproc/expat2: Update to 2.6.2

Fixes CVE-2024-28757

Changelog
https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes

PR:		277772
Approved by:	desktop (tcberner)
Sponsored by:	Blinkinblox
Exp-run by:	antoine

textproc/expat2: Update to 2.6.1

Changelog:
https://github.com/libexpat/libexpat/blob/R_2_6_1/expat/Changes

PR:		277463
Approved by:	desktop (tcberner)
Sponsored by:	Blinkinblox
Exp-run by:	antoine

textproc/expat2: Moved man to share/man

Approved by:    portmgr (blanket)

textproc/expat2: Update to 2.6.0

Fixes CVE-2023-52425 and CVE-2023-52426

Changelog:
https://github.com/libexpat/libexpat/blob/R_2_6_0/expat/Changes

References:
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2023-52426

PR:		276946
Approved by:	desktop (tcberner)
Exp-run by:	antoine

MANPREFIX: eliminate usage of MANPREFIX

While here move some manpages to share/man

textproc/expat2: Update to 2.5.0

PR:		267398
Approved by:	tcberner, antoine

textproc/expat2: update to 2.4.9

Release 2.4.9 Tue September 20 2022
        Security fixes:
       #629 #640  CVE-2022-40674 -- Heap use-after-free vulnerability in
                    function doContent. Expected impact is denial of service
                    or potentially arbitrary code execution.

        Bug fixes:
            #634  MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
            #614  docs: Fix documentation on effect of switch XML_DTD on
                    symbol visibility in doc/reference.html

        Other changes:
            #638  MinGW: Make fix-xmltest-log.sh drop more Wine bug output

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

textproc: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  "Choe, Cheng-Dae" whitekid
  *  -
  *  <glewis@FreeBSD.org>
  *  <koshy@india.hp.com>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Aaron Dalton <aaron@daltons.ca>
  *  Aaron Straup Cope
  *  Aaron Straup Cope <ascope@cpan.org>
  *  Ache
  *  Adam Herzog <adam@herzogdesigns.com>
  *  Adam Weinberger <adamw@FreeBSD.org>

textproc/expat2: update to 2.4.8

Release 2.4.8 Mon March 28 2022
        Other changes:
            #587  pkg-config: Move "-lm" to section "Libs.private"
            #587  CMake|MSVC: Fix pkg-config section "Libs"
        #55 #582  CMake|macOS: Start using linker arguments
                    "-compatibility_version <version>" and
                    "-current_version <version>" in a way compatible with
                    GNU Libtool
       #590 #591  Version info bumped from 9:7:8 to 9:8:8;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
            #589  CI: Upgrade Clang from 13 to 14

        Special thanks to:
            evpobr
            Kai Pastor
            Sam James

Exp-run by:	antoine
PR:		262944

textproc/expat2: update to 2.4.7

From [1]:

Release 2.4.7 Fri March 4 2022
        Bug fixes:
       #572 #577  Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
                    with regard to all valid URI characters (RFC 3986),
                    i.e. the following set (excluding whitespace):
                    ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
                    0123456789 % -._~ :/?#[]@ !$&'()*+,;=

        Other changes:
  #555 #570 #581  CMake|Windows: Store Expat version in the DLL
            #577  Document consequences of namespace separator choices not just

textproc/expat2: update to 2.4.4

Release 2.4.4 Sun January 30 2022
        Security fixes:
            #550  CVE-2022-23852 -- Fix signed integer overflow
                    (undefined behavior) in function XML_GetBuffer
                    (that is also called by function XML_Parse internally)
                    for when XML_CONTEXT_BYTES is defined to >0 (which is both
                    common and default).
                    Impact is denial of service or more.
            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
                    doProlog triggered by large content in element type
                    declarations when there is an element declaration handler
                    present (from a prior call to XML_SetElementDeclHandler).
                    Impact is denial of service or more.

textproc/expat2: update to 2.4.3

From [1]:

libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one
of the most widely used software libre XML parsers written in C,
precisely C99. It is cross-platform and licensed under the MIT license.

Expat 2.4.3 has been released earlier today. Besides two minor fixes to
the build system, this release is about security fixes. There is a total
of 8 CVEs fixed, all related to fixed-size integer math (integer
overflow and invalid shifts) near memory allocation. Impact is denial of
service, or more.

  *  CVE-2021-45960

textproc/expat2: Update to 2.4.2

Changelog: https://github.com/libexpat/libexpat/blob/R_2_4_2/expat/Changes

PR:		260580
Approved by:	tcberner (mentor), desktop (tcberner)
Exp-run by:	antoine

textproc/expat2: Fix CPE information because current one is deprecated

Approved by:    portmgr (blanket)

textproc/expat2: Add CPE information

Approved by:	portmgr (blanket)

textprox/expat2: update to 2.4.1 -- fixes CVE-2013-0340/CWE-776

See [1] for details:
	Expat 2.4.0 and follow-up release 2.4.1 have both been released earlier
	today (21-05-23). Release 2.4.0 fixes long known security issue CVE-2013-0340
by
	adding protection against so-called Billion Laughs Attacks, a form of
	denial of service against applications accepting XML input, in all known
	variations, including recent flavor Parameter Laughs.

[1]
https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0

PR:		256121
Exp-run by:	antoine

textproc/expat: update to 2.3.0

- Move static libraries behind an option STATIC. This will likely
  be dropped completely in the next update.

PR:		254543
Exp-run by:	antoine

Remove # $FreeBSD$ from Makefiles.

textproc/expat2: Update to 2.2.10

- give maintainership to desktop@
- add test target

Changelog:
	https://github.com/libexpat/libexpat/blob/R_2_2_10/expat/Changes

PR:		243228
Submitted by:	daniel.engberg.lists@pyret.net
Exp-run by:	antoine
Approved by:	Sergei Vyshenski <svysh.fbsd@gmail.com> (previous maintainer)

Manual pages are not subject to DOCS option and typically installed
unconditionally, especially when they come pre-built.

textproc/expat2: upgrade 2.2.7 -> 2.2.8

PR:		240613
Submitted by:	Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer)
Exp-Run by:	antoine
Relnotes:	https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes
Security:	CVE-2019-15903

textproc/expat2: upgrade 2.2.6 -> 2.2.7

- exp-run by antoine

PR:		238864
Submitted by:	Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer)
Reviewed by:	koobs
Relnotes:	https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
Security:	https://github.com/libexpat/libexpat/issues/186
		https://github.com/libexpat/libexpat/pull/262

Add DOCS options to ports that should have one.

Also various fixes related to said option.

PR:		230864
Submitted by:	mat
exp-runs by:	antoine

textproc/expat2: configure fails when texproc/docbook-utils has been installed

- Build --without-docbook to skip XML to man page compilation
- Bump PORTREVISION

PR:		230957
Submitted by:	cpm
Approved by:	Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer)

textproc/expat2: update to 2.2.6

PR:		230653
Submitted by:	Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer)
Exp-run by:	antoine

Update to 2.2.5. Submitter becomes maintainer after consecutive and
lengthy timeouts.

PR:		221634
Submitted by:	svysh.fbsd@gmail.com
Approved by:	maintainer timeout (4 months)
Exp-run by:	antoine

Update to 2.2.1.

Security:	CVE-2017-9233

Update WWW: SF redirects to https://sourceforge.net/projects/<PROJECT_NAME>/

Remove libexpat.so.6 compatibility link that was added in r374303 to
prevent massive PORTREVISION bumps.  Bump dependent ports that have not
been bumped since.

Do not use post-stage.  Use post-install instead.

The only reason to use post-stage is because the port needs to do
"things" at a later time, like some plist manipulation.
While there, fold post-install in do-install targets when they are
defined.

PR:		214780
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	Absolight

- Add LICENSE

Approved by:	portmgr (blanket)

Update to 2.2.0.

PR:		210531
Approved by:	maintainer timeout (2 weeks)

textproc/expat2: Patch vulnerability

This patch resolves a vulnerability that may still exist due to
compiler optimizations. The previous patches for CVE-2015-1283 and
CVE-2015-2716 may not work as intended in some situations.

MFH:		2016Q2
Security:	CVE-2016-4472

With the power of USES=dos2unix, get rid of most patches and files
with CRLF.

While there, run make makepatch, rename patches to use the new scheme,
and various fixes.

With hat:	portmgr
Sponsored by:	Absolight

textproc/expat2: address two CVEs reported by upstream

PR:		210155
Reported by:	Sebastian Pipping <sebastian@pipping.org>
Approved by:	ports-secteam (with hat)
Security:	CVE-2012-6702
Security:	CVE-2016-5300
Security:	https://vuxml.FreeBSD.org/freebsd/c9c252f5-2def-11e6-ae88-002590263bf5.html
MFH:		2016Q2

textproc/expat2: update 2.1.0 -> 2.1.1

- Update USES for new release format
- Drop CVE-2015-1283 patch now included in this release
- Add patch for CVE-2016-0718

PR:		209360
Submitted by:	tijl
Approved by:	ports-secteam (with hat)
Security:	CVE-2016-0718
Security:	https://vuxml.FreeBSD.org/freebsd/57b3aba7-1e25-11e6-8dd3-002590263bf5.html

Add patch for CVE-2015-1283

Replace USES=libtool:oldver with USES=libtool or USES=libtool:keepla in
the 32 ports that still use it.  Bump PORTREVISION on their dependent
ports except the ones that depend on these:

audio/libogg
audio/libvorbis
devel/pcre
ftp/curl
graphics/jpeg
graphics/libart_lgpl
graphics/tiff
textproc/expat2
textproc/libxslt

In these cases the same trick as in the recent gettext update is used.

- Switch to USES=libtool

Approved by:	portmgr blanket

Support staging.

Sponsored by:	Absolight

Add NO_STAGE all over the place in preparation for the staging support (cat:
textproc)

Update to 2.1.0.

PR:		ports/167636
Submitted by:	sunpoet (with modifications)
Approved by:	kuriyama (maintainer)

- Remove WITH_FBSD10_FIX, is no longer needed

Apply FreeBSD 10 workaround for some high profile ports to
unbreak a lot of dependent ports.

Submitted by:   beat
Tested on:      pointyhat i386-9-exp and i386-10

Apply updated (correct) fix for xmlparse.c (r1.166 in expat CVS).

PR:             ports/157469
Submitted by:   Todd Rinaldo <toddr@cpanel.net>

-remove MD5

- Apply 2 patches from CVS.

Security:       CVE-2009-3560, CVE-2009-3720 (DoS)
Obtained from: 
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165
               
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch

- Switch SourceForge ports to the new File Release System: categories starting
with T,U,V

Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.

To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.

To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.

Changes to Mk/*:
 - Add runtime detection magic in bsd.port.mk

- Update to 2.0.1

PR:             ports/113550
Submitted by:   bf <bf2006a@yahoo.com>
Approved by:    maintainer timeout (kuriyama; 10 months)

Conversion to a single libtool environment.

Approved by:    portmgr (kris)

- Upgrade to 2.0.0 (almost bugfixes from 1.95.8).
- Bump shlib version to 6.

SHA256ify

Approved by: krion@

Mass-conversion to the USE_AUTOTOOLS New World Order.  The code present
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.

Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.

Preliminary documentation can be found at:
        http://people.FreeBSD.org/~ade/autotools.txt

which is in the process of being SGMLized before introduction into the
Porters Handbook.

Light blue touch-paper.  Run.

- Fix breakage from previous changes, incorrect libtool file was being
  installed breaking libtool-aware consumers, like php4-xml. Easiest fix
  is to not install .la file.

PR:             ports/82020
Submitted by:   pav
Approved by:    maintainer timeout (4 days - acute fix)

Avoid linking with libc.so (for supporting PTHREAD_LIBS
correctly on 4-stable).

Submitted by:   KATO Tsuguru <tkato432@yahoo.com>
PR:             ports/81730

Avoid linking with libc.so (for supporting PTHREAD_LIBS
correctly on 4-stable).

Submitted by:   KATO Tsuguru <tkato432@yahoo.com>
PR:             ports/81730

Use libtool-1.5 (with required plist fix).

PR:             ports/78291
Submitted by:   delphij

Upgrade to 1.95.8.

Apply a big libtool patch to allow porters to use the libtool installed by
the libtoolX ports instead of the one included with each port.  Ports that
set USE_LIBTOOL_VER=X will now use the ports version of libtool instead of
the included version.  To restore previous behavior, use the new macro,
USE_INC_LIBTOOL_VER.  Both macros accept the same argument: a libtool version.

For example, to use the ports version of libtool-1.5, add the following to
your Makefile:

USE_LIBTOOL_VER=        15

To use the included version of libtool with extra hacks provided by
libtool-1.5, add the following to your Makefile:

USE_INC_LIBTOOL_VER=    15

With this change, ports that had to add additional libtool hacks to prevent
.la files from being installed or to fix certain threading issues can now
delete those hacks (after appropriate testing, of course).

PR:             63944
Based on work by:eik and marcus
Approved by:    ade (autotools maintainer)
Tested by:      kris on pointyhat
Bound to be hidden problems:    You bet

Upgrade to 1.95.7 (shlib major is bumped to 5).

Whoa there, boy, that's a mighty big commit y'all have there...

Begin autotools sanitization sequence by requiring ports to explicitly
specify which version of {libtool,autoconf,automake} they need, erasing
the concept of a "system default".

For ports-in-waiting:

        USE_LIBTOOL=YES         ->      USE_LIBTOOL_VER=13
        USE_AUTOCONF=YES        ->      USE_AUTOCONF_VER=213
        USE_AUTOMAKE=YES        ->      USE_AUTOMAKE_VER=14

Ports attempting to use the old style system after June 1st 2004 will be
sorely disappointed.

de-pkg-comment.

Move declaration of enum XML_Status to more earlier place.
This patch is already included in expat repository and will be removed
after next version is released.

Pointed out by: Jordanas Kriauciunas <joskis@xxx.lt>

Upgrade to 1.95.6.

I forgot to bump shlib version.

Spotted by:     Mike Harding <mvh@ix.netcom.com>

Upgrade to 1.95.5.

PR:             ports/42749
Submitted by:   Paul Dlug <paul@aps.org>

Upgrade to 1.95.4 (shlib version bumped).

Submitted by:   Sandro Tolaini <sandro@focuseek.com> and
                KATO Tsuguru <tkato@prontomail.com>
PR:             ports/40682, ports/40798

Upgrade to 1.95.3.

PR:             ports/39993
Submitted by:   KATO Tsuguru <tkato@prontomail.com>

Force SHELL MAKE_ENV to be /bin/sh.

Submitted by:   Kent Stewart <kstewart@owt.com>

Use bmake instead of gmake - this hopefully resolves dependency deadloop
(gettext->expat->gmake->gettext->expat->...) occasionally created by yours
truly.

Reported by:            marcus
Self kick applied to:   sobomax

Upgrade to 1.95.2.    

USE_LIBTOOL implies GNU_CONFIGURE, so remove the latter where appropriate.    

Fix prototype to reduce warning.    

Fix typo (INSTALLS_SHLIBS -> INSTALLS_SHLIB).    

More style fixes for ports/textproc.    

Add MAKE_ARGS to tell libtool to use the specified shlib version.    

Bump SHLIB_MAJOR (and PORTREVISION) not to conflict with expat1.2.    

Introduce latest version of expat.   This development version will be released
as 2.0 and maintained on   sourceforge.