diff mbox series

expat: Update to version 2.8.0

Message ID 20260426213741.2816601-1-adolf.belka@ipfire.org
State Staged
Commit afe44031d1278c7a5fbb9f48b6bc9bfa0401f809
Headers
Series expat: Update to version 2.8.0 |

Commit Message

Adolf Belka 26 Apr 2026, 9:37 p.m. UTC 
- Update from version 2.7.5 to 2.8.0
- Update of rootfile
- CVE fix
- Changelog
2.8.0
Security fixes:
       47 1183  CVE-2026-41080 -- The existing hash flooding protection
                    (based on SipHash) only used 4 to 8 bytes of entropy for
                    a salt, when 16 bytes of salt are supported by the
                    implementation of SipHash used by Expat. Now full 16 bytes
                    of entropy are used to improve protection against hash
                    flooding attacks.
                      Existing API function XML_SetHashSalt is now deprecated
                    because of its limitations, and its use should be
                    considered a vulnerability. Please either use the new API
                    function XML_SetHashSalt16Bytes (with known-high-quality
                    entropy input only!) instead, or leave the derivation of
                    a 16-bytes hash salt from high quality entropy to Expat's
                    internal machinery (by *not* calling either of the two
                    XML_SetHashSalt* functions).
Bug fixes:
           1188  Avoid propagating /dev/urandom file descriptor to child
                    processes
           1193  Fix interpretation of `errno` after randomization calls
           1195  Avoid assuming uint8_t is a character type
Other changes:
     1180 1199  Add support for `getentropy(3)` as a source of entropy;
                    this helps with protecting against hash flooding attacks,
                    in particular with WASI SDK (where none of the other
                    entropy sources supported by libexpat are available).
           1200  Autotools: Add `--without-arc4random` and
                    `--without-arc4random-buf`
           1200  Autotools: Make `./configure` output report on available
                    high quality entropy sources
           1173  Autotools|macOS: Sync CMake templates with CMake 4.3.0
           1201  Autotools|CMake: Improve checks for `arc4random` and
                    `arc4random_buf` e.g. with modern glibc
           1201  CMake: Report on availability of functions `arc4random` and
                    `arc4random_buf`
           1201  CMake: Mark entropy related build switches as advanced
        1189 ..
     1203 1204  Extract new files from entropy extraction code
           1194  Stop duplicating C tests 1:1 as C++ ("runtests_cxx")
           1202  Fix a comment typo in expat_external.h
           1187  Fix grammar in compile error message
           1192  examples: Build warning-free with -Wwrite-strings
           1171  tests: Address harmless warning from Coverity
     1170 1176  Sync file headers
     1190 1206  Version info bumped from 12:3:11 (libexpat*.so.1.11.3)
                    to 13:0:12 (libexpat*.so.1.12.0); see https://verbump.de/
                    for what these numbers do
Infrastructure:
  1166 1167 ..
  1172 1175 ..
  1178 1179 ..
     1185 1205  CI: Make Perl XML::Parser integration tests run against
                    both version 2.47 and the latest release 2.58
           1169  CI: Adapt to breaking changes regarding Inno Setup
           1173  CI: Adapt to breaking changes regarding CMake
           1174  CI: Include public corpus of fuzzer `xml_lpm_fuzzer` with
                    regression testing
     1181 1182  CI: Bump WASI SDK from 30 to 32

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/expat | 20 ++++++++++----------
 lfs/expat                     |  4 ++--
 2 files changed, 12 insertions(+), 12 deletions(-)
diff mbox series

Patch

diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 93b23090b..611c2a203 100644
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -2,21 +2,21 @@ 
 #usr/include/expat.h
 #usr/include/expat_config.h
 #usr/include/expat_external.h
-#usr/lib/cmake/expat-2.7.5
-#usr/lib/cmake/expat-2.7.5/expat-config-version.cmake
-#usr/lib/cmake/expat-2.7.5/expat-config.cmake
-#usr/lib/cmake/expat-2.7.5/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.7.5/expat.cmake
+#usr/lib/cmake/expat-2.8.0
+#usr/lib/cmake/expat-2.8.0/expat-config-version.cmake
+#usr/lib/cmake/expat-2.8.0/expat-config.cmake
+#usr/lib/cmake/expat-2.8.0/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.8.0/expat.cmake
 #usr/lib/libexpat.la
 #usr/lib/libexpat.so
 usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.11.3
+usr/lib/libexpat.so.1.12.0
 #usr/lib/pkgconfig/expat.pc
 #usr/share/doc/expat
-#usr/share/doc/expat-2.7.5
-#usr/share/doc/expat-2.7.5/ok.min.css
-#usr/share/doc/expat-2.7.5/reference.html
-#usr/share/doc/expat-2.7.5/style.css
+#usr/share/doc/expat-2.8.0
+#usr/share/doc/expat-2.8.0/ok.min.css
+#usr/share/doc/expat-2.8.0/reference.html
+#usr/share/doc/expat-2.8.0/style.css
 #usr/share/doc/expat/AUTHORS
 #usr/share/doc/expat/changelog
 #usr/share/man/man1/xmlwf.1
diff --git a/lfs/expat b/lfs/expat
index 3f00072bd..f14e48ab5 100644
--- a/lfs/expat
+++ b/lfs/expat
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 2.7.5
+VER        = 2.8.0
 
 THISAPP    = expat-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 97adfd7cb056066e3a3ec9ef1808d298bc935eb0d17ffca23bcf75810290c8ed8377b21d67b2e1b4a27773057f49f95da9a8f2e368d02d266c980bebbeb1b009
+$(DL_FILE)_BLAKE2 = e7b5f20e9960085d2bcfd88ac590e70a9aaebcc4b1411064d008af638bdf4189730d6fd9772d518dc4c38c3cefc649ed31c1e3ad7de64125377dba8c6d2e01b8
 
 install : $(TARGET)