From: Yorgos Thessalonikefs Date: Wed, 26 Mar 2025 13:58:54 +0000 (+0100) Subject: - Fix #1255: Multiple pinnings to vulnerable copies of libexpat. X-Git-Tag: release-1.23.0rc1~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d03e4b1884a6a75169db56d16c13ca1be8a808b6;p=thirdparty%2Funbound.git - Fix #1255: Multiple pinnings to vulnerable copies of libexpat. --- diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index 85b723912..f843eeb5e 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -196,6 +196,9 @@ jobs: persist-credentials: false - name: test_windows if: ${{ matrix.test_windows == 'yes' }} + env: + LIBEXPAT_FNAME: expat-2.7.0 + LIBEXPAT_VERSION_DIR: R_2_7_0 shell: bash run: | export unboundpath=`pwd` @@ -238,9 +241,9 @@ jobs: cd .. mkdir expat echo "curl expat" - curl -L -k -s -S -o expat-2.2.10.tar.gz https://github.com/libexpat/libexpat/releases/download/R_2_2_10/expat-2.2.10.tar.gz - tar xzf expat-2.2.10.tar.gz - cd expat-2.2.10 + curl -L -k -s -S -o $LIBEXPAT_FNAME.tar.gz https://github.com/libexpat/libexpat/releases/download/$LIBEXPAT_VERSION_DIR/$LIBEXPAT_FNAME.tar.gz + tar xzf $LIBEXPAT_FNAME.tar.gz + cd $LIBEXPAT_FNAME echo "./configure SHELL=/usr/bin/bash CONFIG_SHELL=/usr/bin/bash --prefix=\"$prepath/expat\" --exec-prefix=\"$prepath/expat\" --bindir=\"$prepath/expat/bin\" --includedir=\"$prepath/expat/include\" --mandir=\"$prepath/expat/man\" --libdir=\"$prepath/expat/lib\"" ./configure SHELL=/usr/bin/bash CONFIG_SHELL=/usr/bin/bash --prefix="$prepath/expat" --exec-prefix="$prepath/expat" --bindir="$prepath/expat/bin" --includedir="$prepath/expat/include" --mandir="$prepath/expat/man" --libdir="$prepath/expat/lib" # fixup SHELL is treated specially, but SHELZZ is not by make. diff --git a/contrib/android/install_expat.sh b/contrib/android/install_expat.sh index ffb22322c..5d736b8b9 100755 --- a/contrib/android/install_expat.sh +++ b/contrib/android/install_expat.sh @@ -1,21 +1,24 @@ #!/usr/bin/env bash +LIBEXPAT_FNAME=expat-2.7.0 +LIBEXPAT_VERSION_DIR=R_2_7_0 + echo "Downloading Expat" -if ! curl -L -k -s -o expat-2.2.9.tar.gz https://github.com/libexpat/libexpat/releases/download/R_2_2_9/expat-2.2.9.tar.gz; +if ! curl -L -k -s -o $LIBEXPAT_FNAME.tar.gz https://github.com/libexpat/libexpat/releases/download/$LIBEXPAT_VERSION_DIR/$LIBEXPAT_FNAME.tar.gz; then echo "Failed to download Expat" exit 1 fi echo "Unpacking Expat" -rm -rf ./expat-2.2.9 -if ! tar -xf expat-2.2.9.tar.gz; +rm -rf ./$LIBEXPAT_FNAME +if ! tar -xf $LIBEXPAT_FNAME.tar.gz; then echo "Failed to unpack Expat" exit 1 fi -cd expat-2.2.9 || exit 1 +cd $LIBEXPAT_FNAME || exit 1 echo "Configuring Expat" if ! ./configure --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" --prefix="$ANDROID_PREFIX"; then diff --git a/contrib/ios/install_expat.sh b/contrib/ios/install_expat.sh index 9471b5aff..b8e3a9046 100755 --- a/contrib/ios/install_expat.sh +++ b/contrib/ios/install_expat.sh @@ -1,21 +1,24 @@ #!/usr/bin/env bash +LIBEXPAT_FNAME=expat-2.7.0 +LIBEXPAT_VERSION_DIR=R_2_7_0 + echo "Downloading Expat" -if ! curl -L -k -s -o expat-2.2.9.tar.gz https://github.com/libexpat/libexpat/releases/download/R_2_2_9/expat-2.2.9.tar.gz; +if ! curl -L -k -s -o $LIBEXPAT_FNAME.tar.gz https://github.com/libexpat/libexpat/releases/download/$LIBEXPAT_VERSION_DIR/$LIBEXPAT_FNAME.tar.gz; then echo "Failed to download Expat" exit 1 fi echo "Unpacking Expat" -rm -rf ./expat-2.2.9 -if ! tar -xf expat-2.2.9.tar.gz; +rm -rf ./$LIBEXPAT_FNAME +if ! tar -xf $LIBEXPAT_FNAME.tar.gz; then echo "Failed to unpack Expat" exit 1 fi -cd expat-2.2.9 || exit 1 +cd $LIBEXPAT_FNAME || exit 1 export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig" diff --git a/doc/Changelog b/doc/Changelog index 6e90373aa..3a8a4024b 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +26 March 2025: Yorgos + - Fix #1255: Multiple pinnings to vulnerable copies of libexpat. + 24 March 2025: Wouter - Fix #1254: `send failed: Socket is not connected` and `remote address is 0.0.0.0 port 53`.