From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZFLCM0v7Qz340c for ; Sat, 15 Mar 2025 12:29:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZFLCH3QSVz30Mt for ; Sat, 15 Mar 2025 12:29:31 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZFLCG37tgz2r4; Sat, 15 Mar 2025 12:29:30 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1742041770; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=VYhPx2831qHto4ZMqPTHwCLvQ5i2IDuflgHixMPI3k0=; b=BM9tDArU+gdhdXxy4GY7htqilryOTFHZLsB7r5Qa4Jd1+WAmtqGG2RRiR25VshlSvBGiUe sSvZzdnwj+xRxaDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1742041770; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=VYhPx2831qHto4ZMqPTHwCLvQ5i2IDuflgHixMPI3k0=; b=cLM7+5MN7WZVEVsycTGjkbTtf9CGHQOAbpeESZbhTn4dCheY1Bg7XvB73KqF43Sg5lR3QV 6ekkWDGw4Kw1nBC6aJHiKAafjd3bM7rwjoycqvl6RqFa/g2nF4L8Nk74FJxBtpSdB4Yg1G z5p/t05c/TTsUdG7gwT8PAP2zDOWrSJzNz8hZ1IzPASmZC2GmoYMgpHgbp/mi+nn3VlnxS Sdjfjaiinzwit97QJxdjiYJ6ieKrqsdlRJtW4r4cCtYhsUOf4a0smmpYLSSqhYRhEE2feZ 4EUK9BX9usdf/1GOVj+7zrf/e7us5hPmzHA4M9OhcZrsYYhsriVpSRdCNYXwUw== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] expat: Update to version 2.7.0 Date: Sat, 15 Mar 2025 13:29:26 +0100 Message-ID: <20250315122926.3243651-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit - Update from version 2.6.4 to 2.7.0 - Update of rootfile - Fix for CVE-2024-8176 - Changelog 2.7.0 Security fixes: #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ("&g1;") - general entities in attribute values ("") - parameter entities ("%p1;") Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. Other changes: #935 #937 Autotools: Make generated CMake files look for libexpat.@SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do Infrastructure: #926 tests: Increase robustness #927 #932 .. #930 #933 tests: Increase test coverage #617 #950 .. #951 #952 .. #954 #955 .. Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on #961 Google's libprotobuf-mutator ("LPM") #957 Fuzzing|CI: Start producing fuzzing code coverage reports #936 CI: Pass -q -q for LCOV >=2.1 in coverage.sh #942 CI: Small fuzzing related improvements #139 #203 .. #791 #946 CI: Make GitHub Actions build using MSVC on Windows and produce 32bit and 64bit Windows binaries #956 CI: Get off of about-to-be-removed Ubuntu 20.04 #960 #964 CI: Start uploading to Coverity Scan for static analysis #972 CI: Stop loading DTD from the internet to address flaky CI #971 CI: Adapt to breaking changes in Cppcheck Signed-off-by: Adolf Belka --- config/rootfiles/common/expat | 20 ++++++++++---------- lfs/expat | 6 +++--- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index 0f8af4b70..012300f07 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -2,21 +2,21 @@ #usr/include/expat.h #usr/include/expat_config.h #usr/include/expat_external.h -#usr/lib/cmake/expat-2.6.4 -#usr/lib/cmake/expat-2.6.4/expat-config-version.cmake -#usr/lib/cmake/expat-2.6.4/expat-config.cmake -#usr/lib/cmake/expat-2.6.4/expat-noconfig.cmake -#usr/lib/cmake/expat-2.6.4/expat.cmake +#usr/lib/cmake/expat-2.7.0 +#usr/lib/cmake/expat-2.7.0/expat-config-version.cmake +#usr/lib/cmake/expat-2.7.0/expat-config.cmake +#usr/lib/cmake/expat-2.7.0/expat-noconfig.cmake +#usr/lib/cmake/expat-2.7.0/expat.cmake #usr/lib/libexpat.la #usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.10.0 +usr/lib/libexpat.so.1.10.1 #usr/lib/pkgconfig/expat.pc #usr/share/doc/expat -#usr/share/doc/expat-2.6.4 -#usr/share/doc/expat-2.6.4/ok.min.css -#usr/share/doc/expat-2.6.4/reference.html -#usr/share/doc/expat-2.6.4/style.css +#usr/share/doc/expat-2.7.0 +#usr/share/doc/expat-2.7.0/ok.min.css +#usr/share/doc/expat-2.7.0/reference.html +#usr/share/doc/expat-2.7.0/style.css #usr/share/doc/expat/AUTHORS #usr/share/doc/expat/changelog #usr/share/man/man1/xmlwf.1 diff --git a/lfs/expat b/lfs/expat index eec344491..8bbda330e 100644 --- a/lfs/expat +++ b/lfs/expat @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.6.4 +VER = 2.7.0 THISAPP = expat-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 70d716722358db8d0acb2c74dbbc9d2362d04a0b856eab6b6d723614b656cf6aad9f6646339e0a32b4151db2e9541439bcb81ec87791e5e6ec0bd36a3ca067cc +$(DL_FILE)_BLAKE2 = 44567e955b8cf2053665140b3557897c6e0e66c7e2ba5919970d91d55a05bb8db604afa37a441ff0a7abf4472b24b0e1e6c3964c56b4bb55358c000ccdc1459d install : $(TARGET) -- 2.48.1