* [PATCH] expat: Update to version 2.6.0
@ 2024-02-07 11:13 Adolf Belka
0 siblings, 0 replies; only message in thread
From: Adolf Belka @ 2024-02-07 11:13 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 9059 bytes --]
- Update from version 2.5.0 to 2.6.0
- Update of rootfile
- This update fixes two CVE's. Not sure if IPFire would be vulnerable or not but safer
to update anyway.
- Changelog
2.6.0
Security fixes:
#789 #814 CVE-2023-52425 -- Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request #789 and to include earlier pull request #771,
in order to not break the fix.
#777 CVE-2023-52426 -- Fix billion laughs attacks for users
compiling *without* XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).
Bug fixes:
#753 Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark
#780 Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined
#812 #813 Protect against closing entities out of order
Other changes:
#723 Improve support for arc4random/arc4random_buf
#771 #788 Improve buffer growth in XML_GetBuffer and XML_Parse
#761 #770 xmlwf: Support --help and --version
#759 #770 xmlwf: Support custom buffer size for XML_GetBuffer and read
#744 xmlwf: Improve language and URL clickability in help output
#673 examples: Add new example "element_declarations.c"
#764 Be stricter about macro XML_CONTEXT_BYTES at build time
#765 Make inclusion to expat_config.h consistent
#726 #727 Autotools: configure.ac: Support --disable-maintainer-mode
#678 #705 ..
#706 #733 #792 Autotools: Sync CMake templates with CMake 3.26
#795 Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability
#815 Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows
#724 #751 Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)
#793 Autotools|CMake: Fix PACKAGE_BUGREPORT variable
#750 #786 Autotools|CMake: Make test suite require a C++11 compiler
#749 CMake: Require CMake >=3.5.0
#672 CMake: Lowercase off_t and size_t to help a bug in Meson
#746 CMake: Sort xmlwf sources alphabetically
#785 CMake|Windows: Fix generation of DLL file version info
#790 CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON
#745 #757 docs: Document the importance of isFinal + adjust tests
accordingly
#736 docs: Improve use of "NULL" and "null"
#713 docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)
#762 docs: reference.html: Promote function XML_ParseBuffer more
#779 docs: reference.html: Add HTML anchors to XML_* macros
#760 docs: reference.html: Upgrade to OK.css 1.2.0
#763 #739 docs: Fix typos
#696 docs|CI: Use HTTPS URLs instead of HTTP at various places
#669 #670 ..
#692 #703 ..
#733 #772 Address compiler warnings
#798 #800 Address clang-tidy warnings
#775 #776 Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
for what these numbers do
Infrastructure:
#700 #701 docs: Document security policy in file SECURITY.md
#766 docs: Improve parse buffer variables in-code documentation
#674 #738 ..
#740 #747 ..
#748 #781 #782 Refactor coverage and conformance tests
#714 #716 Refactor debug level variables to unsigned long
#671 Improve handling of empty environment variable value
in function getDebugLevel (without visible user effect)
#755 #774 ..
#758 #783 ..
#784 #787 tests: Improve test coverage with regard to parse chunk size
#660 #797 #801 Fuzzing: Improve fuzzing coverage
#367 #799 Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests
#698 #721 CI: Resolve some Travis CI leftovers
#669 CI: Be robust towards absence of Git tags
#693 #694 CI: Set permissions to "contents: read" for security
#709 CI: Pin all GitHub Actions to specific commits for security
#739 CI: Reject spelling errors using codespell
#798 CI: Enforce clang-tidy clean code
#773 #808 ..
#809 #810 CI: Upgrade Clang from 15 to 18
#796 CI: Start using Clang's Control Flow Integrity sanitizer
#675 #720 #722 CI: Adapt to breaking changes in GitHub Actions Ubuntu images
#689 CI: Adapt to breaking changes in Clang/LLVM Debian packaging
#763 CI: Adapt to breaking changes in codespell
#803 CI: Adapt to breaking changes in Cppcheck
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
config/rootfiles/common/expat | 21 +++++++++++----------
lfs/expat | 8 ++++----
2 files changed, 15 insertions(+), 14 deletions(-)
diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 233c46283..499f99f8e 100644
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -3,20 +3,21 @@
#usr/include/expat_config.h
#usr/include/expat_external.h
#usr/lib/cmake
-#usr/lib/cmake/expat-2.5.0
-#usr/lib/cmake/expat-2.5.0/expat-config-version.cmake
-#usr/lib/cmake/expat-2.5.0/expat-config.cmake
-#usr/lib/cmake/expat-2.5.0/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.5.0/expat.cmake
+#usr/lib/cmake/expat-2.6.0
+#usr/lib/cmake/expat-2.6.0/expat-config-version.cmake
+#usr/lib/cmake/expat-2.6.0/expat-config.cmake
+#usr/lib/cmake/expat-2.6.0/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.6.0/expat.cmake
#usr/lib/libexpat.la
#usr/lib/libexpat.so
usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.8.10
+usr/lib/libexpat.so.1.9.0
#usr/lib/pkgconfig/expat.pc
#usr/share/doc/expat
-#usr/share/doc/expat-2.5.0
-#usr/share/doc/expat-2.5.0/ok.min.css
-#usr/share/doc/expat-2.5.0/reference.html
-#usr/share/doc/expat-2.5.0/style.css
+#usr/share/doc/expat-2.6.0
+#usr/share/doc/expat-2.6.0/ok.min.css
+#usr/share/doc/expat-2.6.0/reference.html
+#usr/share/doc/expat-2.6.0/style.css
#usr/share/doc/expat/AUTHORS
#usr/share/doc/expat/changelog
+#usr/share/man/man1/xmlwf.1
diff --git a/lfs/expat b/lfs/expat
index a89b6d114..acfdba6ea 100644
--- a/lfs/expat
+++ b/lfs/expat
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,10 +24,10 @@
include Config
-VER = 2.5.0
+VER = 2.6.0
THISAPP = expat-$(VER)
-DL_FILE = $(THISAPP).tar.bz2
+DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 15a5dcd3af17995fb4299301710b38d609c1fe7a8d6a6284581fedd96e89e0c16526d0342fb55773ac9d678cd65dc5cdb1532c764eeb3a20ccdf1e168b96e337
+$(DL_FILE)_BLAKE2 = 2f0117317bde4e03d8662bcac1ff6c2bbb1af694846b21a82ac12d11ccd43032b481af72fa35298c3cb19b7426dba6a67e703904ca7b05663ffd854a42348bd0
install : $(TARGET)
--
2.43.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-02-07 11:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-07 11:13 [PATCH] expat: Update to version 2.6.0 Adolf Belka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox