From patchwork Sat May 29 16:41:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 4380 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FsnPv5Rybz3wbs for ; Sat, 29 May 2021 16:41:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FsnPt50slzsN; Sat, 29 May 2021 16:41:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FsnPt3fFdz2yNJ; Sat, 29 May 2021 16:41:38 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FsnPr75f1z2x9h for ; Sat, 29 May 2021 16:41:36 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FsnPr4TQWz1l; Sat, 29 May 2021 16:41:36 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1622306496; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=+3KB9NsPIQaPUqeB+ASHghdLtrNhINoNlZI7BZxKxTA=; b=O6p/1JZDlG5KXvOUkU/k88N1O2uujGjLnkcSBxTkzRh0GQ/N+wm3q5QMaKkQaVo2cgM292 GTAHy+U3XcaiJYBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1622306496; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=+3KB9NsPIQaPUqeB+ASHghdLtrNhINoNlZI7BZxKxTA=; b=UKysAKs4zCFS0i1JpTCGa6i11AS0d+vqeO1fB5rHVU9JW04UFtqUmmpoH/OOky6ZVIZNj0 7PFP+CT4DnFKSN+sG3cLrN6uGOj1/ruw/++lKpHgd0ql/6XGpEUvQDoesCIPCT37dr7KKI nVJsWPeaKV2mAWMTGPdiJ48YDjS+C7DcWC02u7K8de4uP559DrkIwkSSzEUwAGL0VoC8QF UvZi15BF4jAlUr/A+txqeUyZHKhQIlP9CIb8Q++1lr5pgM1VsOBgtsVVh+2DBdva3o1Vnp YPRaiIa7fqCT9fQTH1vg/Eg5/iK/P0mYiZywGK5ZAKB5JSKetWsPlLny4UwL8w== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] expat: Update to 2.4.1 Date: Sat, 29 May 2021 18:41:31 +0200 Message-Id: <20210529164131.83335-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from 2.3.0 to 2.4.1 - Update rootfile - Changelog (URL in changelog changed to https://verbump(dot)de as mail was rejected by IPFire mail system due to policy violation because URL was highlighted as a blacklisted addresss Release 2.4.1 Sun May 23 2021 Bug fixes: #488 #490 Autotools: Fix installed header expat_config.h for multilib systems; regression introduced in 2.4.0 by pull request #486 Other changes: #491 #492 Version info bumped from 9:0:8 to 9:1:8; see https://verbump(dot)de/ for what these numbers do Special thanks to: Gentoo's QA check "multilib_check_headers" Release 2.4.0 Sun May 23 2021 Security fixes: #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks (denial-of-service; flavors targeting CPU time or RAM or both, leveraging general entities or parameter entities or both) by tracking and limiting the input amplification factor ( := ( + ) / ). By conservative default, amplification up to a factor of 100.0 is tolerated and rejection only starts after 8 MiB of output bytes (= + ) have been processed. The fix adds the following to the API: - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to signals this specific condition. - Two new API functions .. - XML_SetBillionLaughsAttackProtectionMaximumAmplification and - XML_SetBillionLaughsAttackProtectionActivationThreshold .. to further tighten billion laughs protection parameters when desired. Please see file "doc/reference.html" for details. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. - Two new XML_FEATURE_* constants .. - that can be queried using the XML_GetFeatureList function, and - that are shown in "xmlwf -v" output. - Two new environment variable switches .. - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and - EXPAT_ENTITY_DEBUG=(0|1) .. for runtime debugging of accounting and entity processing. Specific behavior of these values may change in the future. - Two new command line arguments "-a FACTOR" and "-b BYTES" for xmlwf to further tighten billion laughs protection parameters when desired. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. Bug fixes: #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault for UTF-16 payloads containing CDATA sections. #485 #486 Autotools: Fix generated CMake files for non-64bit and non-Linux platforms (e.g. macOS and MinGW in particular) that were introduced with release 2.3.0 Other changes: #468 #469 xmlwf: Improve help output and the xmlwf man page #463 xmlwf: Improve maintainability through some refactoring #477 xmlwf: Fix man page DocBook validity #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters #467 Resolve macro HAVE_EXPAT_CONFIG_H #472 Delete unused legacy helper file "conftools/PrintPath" #473 #483 Improve attribution #464 #465 #477 doc/reference.html: Fix XHTML validity #475 #478 doc/reference.html: Replace the 90s look by OK.css #479 Version info bumped from 8:0:7 to 9:0:8 due to addition of new symbols and error codes; see https://verbump(dot)de/ for what these numbers do Infrastructure: #456 CI: Enable periodic runs #457 CI: Start covering the list of exported symbols #474 CI: Isolate coverage task #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04" #477 CI: Cover well-formedness and DocBook/XHTML validity of doc/reference.html and doc/xmlwf.xml Special thanks to: Dimitry Andric Eero Helenius Nick Wellnhofer Rhodri James Tomas Korbar Yury Gribov and Clang LeakSan JetBrains OSS-Fuzz Signed-off-by: Adolf Belka --- config/rootfiles/common/expat | 22 +++++++++++----------- lfs/expat | 4 ++-- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index 365286f85..4dcfe4a7d 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -2,22 +2,22 @@ #usr/include/expat.h #usr/include/expat_config.h #usr/include/expat_external.h -#usr/lib/cmake/expat-2.3.0 -#usr/lib/cmake/expat-2.3.0/expat-config-version.cmake -#usr/lib/cmake/expat-2.3.0/expat-config.cmake -#usr/lib/cmake/expat-2.3.0/expat-noconfig.cmake -#usr/lib/cmake/expat-2.3.0/expat.cmake +#usr/lib/cmake/expat-2.4.1 +#usr/lib/cmake/expat-2.4.1/expat-config-version.cmake +#usr/lib/cmake/expat-2.4.1/expat-config.cmake +#usr/lib/cmake/expat-2.4.1/expat-noconfig.cmake +#usr/lib/cmake/expat-2.4.1/expat.cmake #usr/lib/libexpat.a #usr/lib/libexpat.la #usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.7.0 +usr/lib/libexpat.so.1.8.1 #usr/lib/pkgconfig/expat.pc #usr/share/doc/expat -#usr/share/doc/expat-2.3.0 -#usr/share/doc/expat-2.3.0/expat.png -#usr/share/doc/expat-2.3.0/reference.html -#usr/share/doc/expat-2.3.0/style.css -#usr/share/doc/expat-2.3.0/valid-xhtml10.png +#usr/share/doc/expat-2.4.1 +#usr/share/doc/expat-2.4.1/ok.min.css +#usr/share/doc/expat-2.4.1/reference.html +#usr/share/doc/expat-2.4.1/style.css +#usr/share/doc/expat-2.4.1/valid-xhtml10.png #usr/share/doc/expat/AUTHORS #usr/share/doc/expat/changelog diff --git a/lfs/expat b/lfs/expat index 92c42bf82..7627447f3 100644 --- a/lfs/expat +++ b/lfs/expat @@ -24,7 +24,7 @@ include Config -VER = 2.3.0 +VER = 2.4.1 THISAPP = expat-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 54ea624caca3f9003cebcab4f0a75c8f +$(DL_FILE)_MD5 = 476cdf4b5e40280316fff36b2086a390 install : $(TARGET)