From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] expat: Update to version 2.4.4 Date: Sun, 06 Feb 2022 13:39:14 +0100 Message-ID: <20220206123914.3456476-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8869748079820091208==" List-Id: --===============8869748079820091208== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable - Update from 2.4.2 to 2.4.4 - Update of rootfile - Changelog Release 2.4.4 Sun January 30 2022 Security fixes: #550 CVE-2022-23852 -- Fix signed integer overflow (undefined behavior) in function XML_GetBuffer (that is also called by function XML_Parse internally) for when XML_CONTEXT_BYTES is defined to >0 (which is both common and default). Impact is denial of service or more. #551 CVE-2022-23990 -- Fix unsigned integer overflow in function doProlog triggered by large content in element type declarations when there is an element declaration handler present (from a prior call to XML_SetElementDeclHandler). Impact is denial of service or more. Bug fixes: #544 #545 xmlwf: Fix a memory leak on output file opening error Other changes: #546 Autotools: Fix broken CMake support under Cygwin #554 Windows: Add missing files to the installer to fix compilation with CMake from installed sources #552 #554 Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do Release 2.4.3 Sun January 16 2022 Security fixes: #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=3D2= 9 places resulting in a) realloc acting as free b) realloc allocating too few bytes c) undefined behavior depending on architecture and precise value for XML documents with >=3D2^27+1 prefixed attributes on a single XML tag a la "" where XML_ParserCreateNS is used to create the parser (which needs argument "-n" when running xmlwf). Impact is denial of service, or more. #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow on variable m_groupSize in function doProlog leading to realloc acting as free. Impact is denial of service or more. #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflo= ws near memory allocation at multiple places. Mitre assigned a dedicated CVE for each involved internal C function: - CVE-2022-22822 for function addBinding - CVE-2022-22823 for function build_model - CVE-2022-22824 for function defineAttribute - CVE-2022-22825 for function lookup - CVE-2022-22826 for function nextScaffoldPart - CVE-2022-22827 for function storeAtts Impact is denial of service or more. Other changes: #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19 #541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin and MSYS2 by not going through Wine on these platforms #527 #528 Address compiler warnings #533 #543 Version info bumped from 9:2:8 to 9:3:8; see https://verbump.de/ for what these numbers do Infrastructure: #536 CI: Check for realistic minimum CMake version #529 #539 CI: Cover compilation with -m32 #529 CI: Store coverage reports as artifacts for download #528 CI: Upgrade Clang from 11 to 13 Signed-off-by: Adolf Belka --- config/rootfiles/common/expat | 21 ++++++++++----------- lfs/expat | 6 +++--- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index ea0c2ded5..47ce600ad 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -2,22 +2,21 @@ #usr/include/expat.h #usr/include/expat_config.h #usr/include/expat_external.h -#usr/lib/cmake/expat-2.4.2 -#usr/lib/cmake/expat-2.4.2/expat-config-version.cmake -#usr/lib/cmake/expat-2.4.2/expat-config.cmake -#usr/lib/cmake/expat-2.4.2/expat-noconfig.cmake -#usr/lib/cmake/expat-2.4.2/expat.cmake +#usr/lib/cmake/expat-2.4.4 +#usr/lib/cmake/expat-2.4.4/expat-config-version.cmake +#usr/lib/cmake/expat-2.4.4/expat-config.cmake +#usr/lib/cmake/expat-2.4.4/expat-noconfig.cmake +#usr/lib/cmake/expat-2.4.4/expat.cmake #usr/lib/libexpat.a #usr/lib/libexpat.la #usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.8.2 +usr/lib/libexpat.so.1.8.4 #usr/lib/pkgconfig/expat.pc #usr/share/doc/expat -#usr/share/doc/expat-2.4.2 -#usr/share/doc/expat-2.4.2/ok.min.css -#usr/share/doc/expat-2.4.2/reference.html -#usr/share/doc/expat-2.4.2/style.css -#usr/share/doc/expat-2.4.2/valid-xhtml10.png +#usr/share/doc/expat-2.4.4 +#usr/share/doc/expat-2.4.4/ok.min.css +#usr/share/doc/expat-2.4.4/reference.html +#usr/share/doc/expat-2.4.4/style.css #usr/share/doc/expat/AUTHORS #usr/share/doc/expat/changelog diff --git a/lfs/expat b/lfs/expat index b2df59ca3..3898889ad 100644 --- a/lfs/expat +++ b/lfs/expat @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 2.4.2 +VER =3D 2.4.4 =20 THISAPP =3D expat-$(VER) DL_FILE =3D $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 58780ad6944d02f6cf6ba332838694b2 +$(DL_FILE)_MD5 =3D 99392ce3377777ab0dc8b0f14beda793 =20 install : $(TARGET) =20 @@ -76,6 +76,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install cd $(DIR_APP) && install -v -m755 -d /usr/share/doc/$(THISAPP) - cd $(DIR_APP) && install -v -m644 doc/*.{html,png,css} /usr/share/doc/$(THI= SAPP) + cd $(DIR_APP) && install -v -m644 doc/*.{html,css} /usr/share/doc/$(THISAPP) @rm -rf $(DIR_APP) @$(POSTBUILD) --=20 2.35.1 --===============8869748079820091208==--