From: Adolf Belka Date: Sat, 15 Mar 2025 12:29:26 +0000 (+0100) Subject: expat: Update to version 2.7.0 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e02a2170e245fe5c8d01a5d93a11295278a03698;p=people%2Fstevee%2Fipfire-2.x.git expat: Update to version 2.7.0 - Update from version 2.6.4 to 2.7.0 - Update of rootfile - Fix for CVE-2024-8176 - Changelog 2.7.0 Security fixes: #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ("&g1;") - general entities in attribute values ("") - parameter entities ("%p1;") Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. Other changes: #935 #937 Autotools: Make generated CMake files look for libexpat.@SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do Infrastructure: #926 tests: Increase robustness #927 #932 .. #930 #933 tests: Increase test coverage #617 #950 .. #951 #952 .. #954 #955 .. Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on #961 Google's libprotobuf-mutator ("LPM") #957 Fuzzing|CI: Start producing fuzzing code coverage reports #936 CI: Pass -q -q for LCOV >=2.1 in coverage.sh #942 CI: Small fuzzing related improvements #139 #203 .. #791 #946 CI: Make GitHub Actions build using MSVC on Windows and produce 32bit and 64bit Windows binaries #956 CI: Get off of about-to-be-removed Ubuntu 20.04 #960 #964 CI: Start uploading to Coverity Scan for static analysis #972 CI: Stop loading DTD from the internet to address flaky CI #971 CI: Adapt to breaking changes in Cppcheck Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index 0f8af4b70..012300f07 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -2,21 +2,21 @@ #usr/include/expat.h #usr/include/expat_config.h #usr/include/expat_external.h -#usr/lib/cmake/expat-2.6.4 -#usr/lib/cmake/expat-2.6.4/expat-config-version.cmake -#usr/lib/cmake/expat-2.6.4/expat-config.cmake -#usr/lib/cmake/expat-2.6.4/expat-noconfig.cmake -#usr/lib/cmake/expat-2.6.4/expat.cmake +#usr/lib/cmake/expat-2.7.0 +#usr/lib/cmake/expat-2.7.0/expat-config-version.cmake +#usr/lib/cmake/expat-2.7.0/expat-config.cmake +#usr/lib/cmake/expat-2.7.0/expat-noconfig.cmake +#usr/lib/cmake/expat-2.7.0/expat.cmake #usr/lib/libexpat.la #usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.10.0 +usr/lib/libexpat.so.1.10.1 #usr/lib/pkgconfig/expat.pc #usr/share/doc/expat -#usr/share/doc/expat-2.6.4 -#usr/share/doc/expat-2.6.4/ok.min.css -#usr/share/doc/expat-2.6.4/reference.html -#usr/share/doc/expat-2.6.4/style.css +#usr/share/doc/expat-2.7.0 +#usr/share/doc/expat-2.7.0/ok.min.css +#usr/share/doc/expat-2.7.0/reference.html +#usr/share/doc/expat-2.7.0/style.css #usr/share/doc/expat/AUTHORS #usr/share/doc/expat/changelog #usr/share/man/man1/xmlwf.1 diff --git a/lfs/expat b/lfs/expat index eec344491..8bbda330e 100644 --- a/lfs/expat +++ b/lfs/expat @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.6.4 +VER = 2.7.0 THISAPP = expat-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 70d716722358db8d0acb2c74dbbc9d2362d04a0b856eab6b6d723614b656cf6aad9f6646339e0a32b4151db2e9541439bcb81ec87791e5e6ec0bd36a3ca067cc +$(DL_FILE)_BLAKE2 = 44567e955b8cf2053665140b3557897c6e0e66c7e2ba5919970d91d55a05bb8db604afa37a441ff0a7abf4472b24b0e1e6c3964c56b4bb55358c000ccdc1459d install : $(TARGET)