]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commitdiff
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9237ffc)
expat: upgrade to 2.5.0
authorRoss Burton <ross.burton@arm.com>
Mon, 31 Oct 2022 15:19:10 +0000 (15:19 +0000)
committerSteve Sakoman <steve@sakoman.com>
Fri, 18 Nov 2022 02:38:45 +0000 (16:38 -1000)
Release 2.5.0 Tue October 25 2022
        Security fixes:
  #616 #649 #650  CVE-2022-43680 -- Fix heap use-after-free after overeager
                    destruction of a shared DTD in function
                    XML_ExternalEntityParserCreate in out-of-memory situations.
                    Expected impact is denial of service or potentially
                    arbitrary code execution.

        Bug fixes:
       #612 #645  Fix curruption from undefined entities
       #613 #654  Fix case when parsing was suspended while processing nested
                    entities
  #616 #652 #653  Stop leaking opening tag bindings after a closing tag
                    mismatch error where a parser is reset through
                    XML_ParserReset and then reused to parse
            #656  CMake: Fix generation of pkg-config file
            #658  MinGW|CMake: Fix static library name

        Other changes:
            #663  Protect header expat_config.h from multiple inclusion
            #666  examples: Make use of XML_GetBuffer and be more
                    consistent across examples
            #648  Address compiler warnings
       #667 #668  Version info bumped from 9:9:8 to 9:10:8;
                    see https://verbump.de/ for what these numbers do

Includes a fix for CVE-2022-43680.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a257a674272dc638f09167e9b9202adfb477ef1e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/expat/expat_2.5.0.bb [moved from meta/recipes-core/expat/expat_2.4.9.bb with 91% similarity] patch | blob | blame | history

diff --git a/meta/recipes-core/expat/expat_2.4.9.bb b/meta/recipes-core/expat/expat_2.5.0.bb
similarity index 91%
rename from meta/recipes-core/expat/expat_2.4.9.bb
rename to meta/recipes-core/expat/expat_2.5.0.bb
index 9561edd84fcf44afe500c5d430e4fa18a2bf6ada..aa8d439d5fbda91a8e30bf6f6f62cdd8c72656f3 100644 (file)
--- a/meta/recipes-core/expat/expat_2.4.9.bb
+++ b/meta/recipes-core/expat/expat_2.5.0.bb
@@ -15,7 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2  \
 GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"
 UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)"
 
-SRC_URI[sha256sum] = "7f44d1469b110773a94b0d5abeeeffaef79f8bd6406b07e52394bcf48126437a"
+SRC_URI[sha256sum] = "6f0e6e01f7b30025fa05c85fdad1e5d0ec7fd35d9f61b22f34998de11969ff67"
 
 EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
 
Mirror of git://git.openembedded.org/openembedded-core