expat: Update to version 2.6.3

- Update from version 2.6.2 to 2.6.3
- Update of rootfile
- 3 CVE Fixes in this release.
- Changelog
    2.6.3
	Security fixes:
	       #887 #890  CVE-2024-45490 -- Calling function XML_ParseBuffer with
	                    len < 0 without noticing and then calling XML_GetBuffer
	                    will have XML_ParseBuffer fail to recognize the problem
	                    and XML_GetBuffer corrupt memory.
	                    With the fix, XML_ParseBuffer now complains with error
	                    XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
	                    has been doing since Expat 2.2.1, and now documented.
	                    Impact is denial of service to potentially artitrary code
	                    execution.
	       #888 #891  CVE-2024-45491 -- Internal function dtdCopy can have an
	                    integer overflow for nDefaultAtts on 32-bit platforms
	                    (where UINT_MAX equals SIZE_MAX).
	                    Impact is denial of service to potentially artitrary code
	                    execution.
	       #889 #892  CVE-2024-45492 -- Internal function nextScaffoldPart can
	                    have an integer overflow for m_groupSize on 32-bit
	                    platforms (where UINT_MAX equals SIZE_MAX).
	                    Impact is denial of service to potentially artitrary code
	                    execution.
	Other changes:
	       #851 #879  Autotools: Sync CMake templates with CMake 3.28
	            #853  Autotools: Always provide path to find(1) for portability
	            #861  Autotools: Ensure that the m4 directory always exists.
	            #870  Autotools: Simplify handling of SIZEOF_VOID_P
	            #869  Autotools: Support non-GNU sed
	            #856  Autotools|CMake: Fix main() to main(void)
	            #865  Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
	            #863  Autotools|CMake: Stop requiring dos2unix
	       #854 #855  CMake: Fix check for symbols size_t and off_t
	            #864  docs|tests: Convert README to Markdown and update
	            #741  Windows: Drop support for Visual Studio <=15.0/2017
	            #886  Drop needless XML_DTD guards around is_param access
	            #885  Fix typo in a code comment
	       #894 #896  Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
	                    to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
	                    for what these numbers do
	Infrastructure:
	            #880  Readme: Promote the call for help
	            #868  CI: Fix various issues
	            #849  CI: Allow triggering GitHub Actions workflows manually
	    #851 #872 ..
	       #873 #879  CI: Adapt to breaking changes in GitHub Actions

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 2ab49e910ebad5fc55fa65ddeff157522629bb66..51a4de2f76f60a694054471f382d60f412463623 100644 (file)
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -2,22 +2,21 @@
 #usr/include/expat.h
 #usr/include/expat_config.h
 #usr/include/expat_external.h
-#usr/lib/cmake
-#usr/lib/cmake/expat-2.6.2
-#usr/lib/cmake/expat-2.6.2/expat-config-version.cmake
-#usr/lib/cmake/expat-2.6.2/expat-config.cmake
-#usr/lib/cmake/expat-2.6.2/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.6.2/expat.cmake
+#usr/lib/cmake/expat-2.6.3
+#usr/lib/cmake/expat-2.6.3/expat-config-version.cmake
+#usr/lib/cmake/expat-2.6.3/expat-config.cmake
+#usr/lib/cmake/expat-2.6.3/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.6.3/expat.cmake
 #usr/lib/libexpat.la
 #usr/lib/libexpat.so
 usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.9.2
+usr/lib/libexpat.so.1.9.3
 #usr/lib/pkgconfig/expat.pc
 #usr/share/doc/expat
-#usr/share/doc/expat-2.6.2
-#usr/share/doc/expat-2.6.2/ok.min.css
-#usr/share/doc/expat-2.6.2/reference.html
-#usr/share/doc/expat-2.6.2/style.css
+#usr/share/doc/expat-2.6.3
+#usr/share/doc/expat-2.6.3/ok.min.css
+#usr/share/doc/expat-2.6.3/reference.html
+#usr/share/doc/expat-2.6.3/style.css
 #usr/share/doc/expat/AUTHORS
 #usr/share/doc/expat/changelog
 #usr/share/man/man1/xmlwf.1

diff --git a/lfs/expat b/lfs/expat
index 3a37bf2d2a7ebb4759a7e0a472618f62f36d14a7..91e4f32af8c3a6bf1a167c89677eb0852214956f 100644 (file)
--- a/lfs/expat
+++ b/lfs/expat
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.6.2
+VER        = 2.6.3
 
 THISAPP    = expat-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = aae019270e1ab233fe8480b7eaa77f648f23ef3383dc772dc946cb13163067431716dc5446862eb502315fd089f2f52f3d476589b74a97e462575cd54df44db4
+$(DL_FILE)_BLAKE2 = b8e0a0e779f0f136eaca91115cbbcf5a5cca457cab1cca6f8d6141151d19f8ef2dccb41b0e9134459c1e7d99cb2e0b4ce3922d2bd9221002ec43fe9d53a0084a
 
 install : $(TARGET)