- Update from version 2.6.2 to 2.6.3 - Update of rootfile - 3 CVE Fixes in this release. - Changelog 2.6.3 Security fixes: #887 #890 CVE-2024-45490 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. #888 #891 CVE-2024-45491 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. #889 #892 CVE-2024-45492 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. Other changes: #851 #879 Autotools: Sync CMake templates with CMake 3.28 #853 Autotools: Always provide path to find(1) for portability #861 Autotools: Ensure that the m4 directory always exists. #870 Autotools: Simplify handling of SIZEOF_VOID_P #869 Autotools: Support non-GNU sed #856 Autotools|CMake: Fix main() to main(void) #865 Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM #863 Autotools|CMake: Stop requiring dos2unix #854 #855 CMake: Fix check for symbols size_t and off_t #864 docs|tests: Convert README to Markdown and update #741 Windows: Drop support for Visual Studio <=15.0/2017 #886 Drop needless XML_DTD guards around is_param access #885 Fix typo in a code comment #894 #896 Version info bumped from 10:2:9 (libexpat*.so.1.9.2) to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/ for what these numbers do Infrastructure: #880 Readme: Promote the call for help #868 CI: Fix various issues #849 CI: Allow triggering GitHub Actions workflows manually #851 #872 .. #873 #879 CI: Adapt to breaking changes in GitHub Actions
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/expat | 21 ++++++++++----------- lfs/expat | 4 ++-- 2 files changed, 12 insertions(+), 13 deletions(-)
diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index 2ab49e910..51a4de2f7 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -2,22 +2,21 @@ #usr/include/expat.h #usr/include/expat_config.h #usr/include/expat_external.h -#usr/lib/cmake -#usr/lib/cmake/expat-2.6.2 -#usr/lib/cmake/expat-2.6.2/expat-config-version.cmake -#usr/lib/cmake/expat-2.6.2/expat-config.cmake -#usr/lib/cmake/expat-2.6.2/expat-noconfig.cmake -#usr/lib/cmake/expat-2.6.2/expat.cmake +#usr/lib/cmake/expat-2.6.3 +#usr/lib/cmake/expat-2.6.3/expat-config-version.cmake +#usr/lib/cmake/expat-2.6.3/expat-config.cmake +#usr/lib/cmake/expat-2.6.3/expat-noconfig.cmake +#usr/lib/cmake/expat-2.6.3/expat.cmake #usr/lib/libexpat.la #usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.9.2 +usr/lib/libexpat.so.1.9.3 #usr/lib/pkgconfig/expat.pc #usr/share/doc/expat -#usr/share/doc/expat-2.6.2 -#usr/share/doc/expat-2.6.2/ok.min.css -#usr/share/doc/expat-2.6.2/reference.html -#usr/share/doc/expat-2.6.2/style.css +#usr/share/doc/expat-2.6.3 +#usr/share/doc/expat-2.6.3/ok.min.css +#usr/share/doc/expat-2.6.3/reference.html +#usr/share/doc/expat-2.6.3/style.css #usr/share/doc/expat/AUTHORS #usr/share/doc/expat/changelog #usr/share/man/man1/xmlwf.1 diff --git a/lfs/expat b/lfs/expat index 3a37bf2d2..91e4f32af 100644 --- a/lfs/expat +++ b/lfs/expat @@ -24,7 +24,7 @@
include Config
-VER = 2.6.2 +VER = 2.6.3
THISAPP = expat-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = aae019270e1ab233fe8480b7eaa77f648f23ef3383dc772dc946cb13163067431716dc5446862eb502315fd089f2f52f3d476589b74a97e462575cd54df44db4 +$(DL_FILE)_BLAKE2 = b8e0a0e779f0f136eaca91115cbbcf5a5cca457cab1cca6f8d6141151d19f8ef2dccb41b0e9134459c1e7d99cb2e0b4ce3922d2bd9221002ec43fe9d53a0084a
install : $(TARGET)