[PATCH] expat: Update to 2.4.1

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH] expat: Update to 2.4.1
@ 2021-05-29 16:41 Adolf Belka
  0 siblings, 0 replies; only message in thread
From: Adolf Belka @ 2021-05-29 16:41 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 7314 bytes --]

- Update from 2.3.0 to 2.4.1
- Update rootfile
- Changelog (URL in changelog changed to https://verbump(dot)de as mail was
   rejected by IPFire mail system due to policy violation because URL was
   highlighted as a blacklisted addresss
   Release 2.4.1 Sun May 23 2021
        Bug fixes:
         #488 #490  Autotools: Fix installed header expat_config.h for multilib
                    systems; regression introduced in 2.4.0 by pull request #486
        Other changes:
         #491 #492  Version info bumped from 9:0:8 to 9:1:8;
                    see https://verbump(dot)de/ for what these numbers do
        Special thanks to:
            Gentoo's QA check "multilib_check_headers"
   Release 2.4.0 Sun May 23 2021
        Security fixes:
         #34 #466 #484  CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
                    (denial-of-service; flavors targeting CPU time or RAM or both,
                    leveraging general entities or parameter entities or both)
                    by tracking and limiting the input amplification factor
                    (<amplification> := (<direct> + <indirect>) / <direct>).
                    By conservative default, amplification up to a factor of 100.0
                    is tolerated and rejection only starts after 8 MiB of output bytes
                    (=<direct> + <indirect>) have been processed.
                    The fix adds the following to the API:
                    - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
                      signals this specific condition.
                    - Two new API functions ..
                      - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
                      - XML_SetBillionLaughsAttackProtectionActivationThreshold
                      .. to further tighten billion laughs protection parameters
                      when desired.  Please see file "doc/reference.html" for details.
                      If you ever need to increase the defaults for non-attack XML
                      payload, please file a bug report with libexpat.
                    - Two new XML_FEATURE_* constants ..
                      - that can be queried using the XML_GetFeatureList function, and
                      - that are shown in "xmlwf -v" output.
                    - Two new environment variable switches ..
                      - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
                      - EXPAT_ENTITY_DEBUG=(0|1)
                      .. for runtime debugging of accounting and entity processing.
                      Specific behavior of these values may change in the future.
                    - Two new command line arguments "-a FACTOR" and "-b BYTES"
                      for xmlwf to further tighten billion laughs protection
                      parameters when desired.
                      If you ever need to increase the defaults for non-attack XML
                      payload, please file a bug report with libexpat.
        Bug fixes:
         #332 #470  For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
                    or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
                    for UTF-16 payloads containing CDATA sections.
         #485 #486  Autotools: Fix generated CMake files for non-64bit and
                    non-Linux platforms (e.g. macOS and MinGW in particular)
                    that were introduced with release 2.3.0
        Other changes:
         #468 #469  xmlwf: Improve help output and the xmlwf man page
              #463  xmlwf: Improve maintainability through some refactoring
              #477  xmlwf: Fix man page DocBook validity
         #458 #459  CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
                    and CMAKE_INSTALL_INCLUDEDIR
         #471 #481  CMake: Add support for standard variable BUILD_SHARED_LIBS
              #457  Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
              #467  Resolve macro HAVE_EXPAT_CONFIG_H
              #472  Delete unused legacy helper file "conftools/PrintPath"
         #473 #483  Improve attribution
         #464 #465 #477  doc/reference.html: Fix XHTML validity
         #475 #478  doc/reference.html: Replace the 90s look by OK.css
              #479  Version info bumped from 8:0:7 to 9:0:8
                    due to addition of new symbols and error codes;
                    see https://verbump(dot)de/ for what these numbers do
        Infrastructure:
              #456  CI: Enable periodic runs
              #457  CI: Start covering the list of exported symbols
              #474  CI: Isolate coverage task
         #476 #482  CI: Adapt to breaking changes in image "ubuntu-18.04"
              #477  CI: Cover well-formedness and DocBook/XHTML validity
                    of doc/reference.html and doc/xmlwf.xml
        Special thanks to:
            Dimitry Andric
            Eero Helenius
            Nick Wellnhofer
            Rhodri James
            Tomas Korbar
            Yury Gribov and Clang LeakSan
            JetBrains
            OSS-Fuzz

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/common/expat | 22 +++++++++++-----------
 lfs/expat                     |  4 ++--
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 365286f85..4dcfe4a7d 100644
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -2,22 +2,22 @@
 #usr/include/expat.h
 #usr/include/expat_config.h
 #usr/include/expat_external.h
-#usr/lib/cmake/expat-2.3.0
-#usr/lib/cmake/expat-2.3.0/expat-config-version.cmake
-#usr/lib/cmake/expat-2.3.0/expat-config.cmake
-#usr/lib/cmake/expat-2.3.0/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.3.0/expat.cmake
+#usr/lib/cmake/expat-2.4.1
+#usr/lib/cmake/expat-2.4.1/expat-config-version.cmake
+#usr/lib/cmake/expat-2.4.1/expat-config.cmake
+#usr/lib/cmake/expat-2.4.1/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.4.1/expat.cmake
 #usr/lib/libexpat.a
 #usr/lib/libexpat.la
 #usr/lib/libexpat.so
 usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.7.0
+usr/lib/libexpat.so.1.8.1
 #usr/lib/pkgconfig/expat.pc
 #usr/share/doc/expat
-#usr/share/doc/expat-2.3.0
-#usr/share/doc/expat-2.3.0/expat.png
-#usr/share/doc/expat-2.3.0/reference.html
-#usr/share/doc/expat-2.3.0/style.css
-#usr/share/doc/expat-2.3.0/valid-xhtml10.png
+#usr/share/doc/expat-2.4.1
+#usr/share/doc/expat-2.4.1/ok.min.css
+#usr/share/doc/expat-2.4.1/reference.html
+#usr/share/doc/expat-2.4.1/style.css
+#usr/share/doc/expat-2.4.1/valid-xhtml10.png
 #usr/share/doc/expat/AUTHORS
 #usr/share/doc/expat/changelog
diff --git a/lfs/expat b/lfs/expat
index 92c42bf82..7627447f3 100644
--- a/lfs/expat
+++ b/lfs/expat
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.3.0
+VER        = 2.4.1
 
 THISAPP    = expat-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 54ea624caca3f9003cebcab4f0a75c8f
+$(DL_FILE)_MD5 = 476cdf4b5e40280316fff36b2086a390
 
 install : $(TARGET)
 
-- 
2.31.1


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-05-29 16:41 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-29 16:41 [PATCH] expat: Update to 2.4.1 Adolf Belka

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox