[PATCH] expat: Update to version 2.6.3 - Development

4 Sep 2024

- Update from version 2.6.2 to 2.6.3
- Update of rootfile
- 3 CVE Fixes in this release.
- Changelog
    2.6.3
    Security fixes:
           #887 #890  CVE-2024-45490 -- Calling function XML_ParseBuffer with
                        len < 0 without noticing and then calling XML_GetBuffer
                        will have XML_ParseBuffer fail to recognize the problem
                        and XML_GetBuffer corrupt memory.
                        With the fix, XML_ParseBuffer now complains with error
                        XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
                        has been doing since Expat 2.2.1, and now documented.
                        Impact is denial of service to potentially artitrary code
                        execution.
           #888 #891  CVE-2024-45491 -- Internal function dtdCopy can have an
                        integer overflow for nDefaultAtts on 32-bit platforms
                        (where UINT_MAX equals SIZE_MAX).
                        Impact is denial of service to potentially artitrary code
                        execution.
           #889 #892  CVE-2024-45492 -- Internal function nextScaffoldPart can
                        have an integer overflow for m_groupSize on 32-bit
                        platforms (where UINT_MAX equals SIZE_MAX).
                        Impact is denial of service to potentially artitrary code
                        execution.
    Other changes:
           #851 #879  Autotools: Sync CMake templates with CMake 3.28
                #853  Autotools: Always provide path to find(1) for portability
                #861  Autotools: Ensure that the m4 directory always exists.
                #870  Autotools: Simplify handling of SIZEOF_VOID_P
                #869  Autotools: Support non-GNU sed
                #856  Autotools|CMake: Fix main() to main(void)
                #865  Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
                #863  Autotools|CMake: Stop requiring dos2unix
           #854 #855  CMake: Fix check for symbols size_t and off_t
                #864  docs|tests: Convert README to Markdown and update
                #741  Windows: Drop support for Visual Studio <=15.0/2017
                #886  Drop needless XML_DTD guards around is_param access
                #885  Fix typo in a code comment
           #894 #896  Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
                        to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
                        for what these numbers do
    Infrastructure:
                #880  Readme: Promote the call for help
                #868  CI: Fix various issues
                #849  CI: Allow triggering GitHub Actions workflows manually
        #851 #872 ..
           #873 #879  CI: Adapt to breaking changes in GitHub Actions
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
---
 config/rootfiles/common/expat | 21 ++++++++++-----------
 lfs/expat                     |  4 ++--
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 2ab49e910..51a4de2f7 100644
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -2,22 +2,21 @@
 #usr/include/expat.h
 #usr/include/expat_config.h
 #usr/include/expat_external.h
-#usr/lib/cmake
-#usr/lib/cmake/expat-2.6.2
-#usr/lib/cmake/expat-2.6.2/expat-config-version.cmake
-#usr/lib/cmake/expat-2.6.2/expat-config.cmake
-#usr/lib/cmake/expat-2.6.2/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.6.2/expat.cmake
+#usr/lib/cmake/expat-2.6.3
+#usr/lib/cmake/expat-2.6.3/expat-config-version.cmake
+#usr/lib/cmake/expat-2.6.3/expat-config.cmake
+#usr/lib/cmake/expat-2.6.3/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.6.3/expat.cmake
 #usr/lib/libexpat.la
 #usr/lib/libexpat.so
 usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.9.2
+usr/lib/libexpat.so.1.9.3
 #usr/lib/pkgconfig/expat.pc
 #usr/share/doc/expat
-#usr/share/doc/expat-2.6.2
-#usr/share/doc/expat-2.6.2/ok.min.css
-#usr/share/doc/expat-2.6.2/reference.html
-#usr/share/doc/expat-2.6.2/style.css
+#usr/share/doc/expat-2.6.3
+#usr/share/doc/expat-2.6.3/ok.min.css
+#usr/share/doc/expat-2.6.3/reference.html
+#usr/share/doc/expat-2.6.3/style.css
 #usr/share/doc/expat/AUTHORS
 #usr/share/doc/expat/changelog
 #usr/share/man/man1/xmlwf.1
diff --git a/lfs/expat b/lfs/expat
index 3a37bf2d2..91e4f32af 100644
--- a/lfs/expat
+++ b/lfs/expat
@@ -24,7 +24,7 @@
include Config
-VER        = 2.6.2
+VER        = 2.6.3
THISAPP    = expat-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = aae019270e1ab233fe8480b7eaa77f648f23ef3383dc772dc946cb13163067431716dc5446862eb502315fd089f2f52f3d476589b74a97e462575cd54df44db4
+$(DL_FILE)_BLAKE2 = b8e0a0e779f0f136eaca91115cbbcf5a5cca457cab1cca6f8d6141151d19f8ef2dccb41b0e9134459c1e7d99cb2e0b4ce3922d2bd9221002ec43fe9d53a0084a
install : $(TARGET)
-- 
2.46.0


    