]> git.ipfire.org Git - ipfire-2.x.git/commit
projects / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f91d2f4) | patch
expat: Update to version 2.6.3
authorAdolf Belka <adolf.belka@ipfire.org>
Wed, 4 Sep 2024 21:49:24 +0000 (23:49 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 5 Sep 2024 08:50:35 +0000 (08:50 +0000)
commitdbaba25987706f0fe451705a908b5e6b98b95809
tree942982385060400194bc9f5ba661df78200a86ddtree
parentf91d2f48c032221a9cc4ce5d9ca0aea9334ab1c1commit | diff
expat: Update to version 2.6.3

- Update from version 2.6.2 to 2.6.3
- Update of rootfile
- 3 CVE Fixes in this release.
- Changelog
    2.6.3
Security fixes:
       #887 #890  CVE-2024-45490 -- Calling function XML_ParseBuffer with
                    len < 0 without noticing and then calling XML_GetBuffer
                    will have XML_ParseBuffer fail to recognize the problem
                    and XML_GetBuffer corrupt memory.
                    With the fix, XML_ParseBuffer now complains with error
                    XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
                    has been doing since Expat 2.2.1, and now documented.
                    Impact is denial of service to potentially artitrary code
                    execution.
       #888 #891  CVE-2024-45491 -- Internal function dtdCopy can have an
                    integer overflow for nDefaultAtts on 32-bit platforms
                    (where UINT_MAX equals SIZE_MAX).
                    Impact is denial of service to potentially artitrary code
                    execution.
       #889 #892  CVE-2024-45492 -- Internal function nextScaffoldPart can
                    have an integer overflow for m_groupSize on 32-bit
                    platforms (where UINT_MAX equals SIZE_MAX).
                    Impact is denial of service to potentially artitrary code
                    execution.
Other changes:
       #851 #879  Autotools: Sync CMake templates with CMake 3.28
            #853  Autotools: Always provide path to find(1) for portability
            #861  Autotools: Ensure that the m4 directory always exists.
            #870  Autotools: Simplify handling of SIZEOF_VOID_P
            #869  Autotools: Support non-GNU sed
            #856  Autotools|CMake: Fix main() to main(void)
            #865  Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
            #863  Autotools|CMake: Stop requiring dos2unix
       #854 #855  CMake: Fix check for symbols size_t and off_t
            #864  docs|tests: Convert README to Markdown and update
            #741  Windows: Drop support for Visual Studio <=15.0/2017
            #886  Drop needless XML_DTD guards around is_param access
            #885  Fix typo in a code comment
       #894 #896  Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
                    to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
                    for what these numbers do
Infrastructure:
            #880  Readme: Promote the call for help
            #868  CI: Fix various issues
            #849  CI: Allow triggering GitHub Actions workflows manually
    #851 #872 ..
       #873 #879  CI: Adapt to breaking changes in GitHub Actions

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/rootfiles/common/expat diff | blob | blame | history
lfs/expat diff | blob | blame | history
IPFire 2.x development tree