* [PATCH] expat: Update to version 2.7.0
@ 2025-03-15 12:29 Adolf Belka
0 siblings, 0 replies; only message in thread
From: Adolf Belka @ 2025-03-15 12:29 UTC (permalink / raw)
To: development; +Cc: Adolf Belka
- Update from version 2.6.4 to 2.7.0
- Update of rootfile
- Fix for CVE-2024-8176
- Changelog
2.7.0
Security fixes:
#893 #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
Other changes:
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
Infrastructure:
#926 tests: Increase robustness
#927 #932 ..
#930 #933 tests: Increase test coverage
#617 #950 ..
#951 #952 ..
#954 #955 .. Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on
#961 Google's libprotobuf-mutator ("LPM")
#957 Fuzzing|CI: Start producing fuzzing code coverage reports
#936 CI: Pass -q -q for LCOV >=2.1 in coverage.sh
#942 CI: Small fuzzing related improvements
#139 #203 ..
#791 #946 CI: Make GitHub Actions build using MSVC on Windows and
produce 32bit and 64bit Windows binaries
#956 CI: Get off of about-to-be-removed Ubuntu 20.04
#960 #964 CI: Start uploading to Coverity Scan for static analysis
#972 CI: Stop loading DTD from the internet to address flaky CI
#971 CI: Adapt to breaking changes in Cppcheck
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/expat | 20 ++++++++++----------
lfs/expat | 6 +++---
2 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 0f8af4b70..012300f07 100644
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -2,21 +2,21 @@
#usr/include/expat.h
#usr/include/expat_config.h
#usr/include/expat_external.h
-#usr/lib/cmake/expat-2.6.4
-#usr/lib/cmake/expat-2.6.4/expat-config-version.cmake
-#usr/lib/cmake/expat-2.6.4/expat-config.cmake
-#usr/lib/cmake/expat-2.6.4/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.6.4/expat.cmake
+#usr/lib/cmake/expat-2.7.0
+#usr/lib/cmake/expat-2.7.0/expat-config-version.cmake
+#usr/lib/cmake/expat-2.7.0/expat-config.cmake
+#usr/lib/cmake/expat-2.7.0/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.7.0/expat.cmake
#usr/lib/libexpat.la
#usr/lib/libexpat.so
usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.10.0
+usr/lib/libexpat.so.1.10.1
#usr/lib/pkgconfig/expat.pc
#usr/share/doc/expat
-#usr/share/doc/expat-2.6.4
-#usr/share/doc/expat-2.6.4/ok.min.css
-#usr/share/doc/expat-2.6.4/reference.html
-#usr/share/doc/expat-2.6.4/style.css
+#usr/share/doc/expat-2.7.0
+#usr/share/doc/expat-2.7.0/ok.min.css
+#usr/share/doc/expat-2.7.0/reference.html
+#usr/share/doc/expat-2.7.0/style.css
#usr/share/doc/expat/AUTHORS
#usr/share/doc/expat/changelog
#usr/share/man/man1/xmlwf.1
diff --git a/lfs/expat b/lfs/expat
index eec344491..8bbda330e 100644
--- a/lfs/expat
+++ b/lfs/expat
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.6.4
+VER = 2.7.0
THISAPP = expat-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 70d716722358db8d0acb2c74dbbc9d2362d04a0b856eab6b6d723614b656cf6aad9f6646339e0a32b4151db2e9541439bcb81ec87791e5e6ec0bd36a3ca067cc
+$(DL_FILE)_BLAKE2 = 44567e955b8cf2053665140b3557897c6e0e66c7e2ba5919970d91d55a05bb8db604afa37a441ff0a7abf4472b24b0e1e6c3964c56b4bb55358c000ccdc1459d
install : $(TARGET)
--
2.48.1
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-03-15 12:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-03-15 12:29 [PATCH] expat: Update to version 2.7.0 Adolf Belka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox