From patchwork Sun Feb  6 12:39:14 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 5094
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Js83Z4XnKz3wgk
	for <patchwork@web04.haj.ipfire.org>; Sun,  6 Feb 2022 12:39:22 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4Js83Z01BFz4k4;
	Sun,  6 Feb 2022 12:39:22 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Js83Y6gY2z2ynv;
	Sun,  6 Feb 2022 12:39:21 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Js83Y1SFXz2xxL
 for <development@lists.ipfire.org>; Sun,  6 Feb 2022 12:39:21 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4Js83X5wk1z4fT;
 Sun,  6 Feb 2022 12:39:20 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1644151160;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=ndvGYVkR+m5seizIlDy8nLZ6dhRcJkueVMIOqyLXjF0=;
 b=gnjynEtjybQjqI5mY2J0EeWzW3zSn+KPx790v5URk8SawmWgjeB1CzjhcAZLO3vJdGsKRN
 h+1W9d0QdxKqp/CQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1644151160;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=ndvGYVkR+m5seizIlDy8nLZ6dhRcJkueVMIOqyLXjF0=;
 b=ovHBX2aAt7pJe0YmX1HKVjIpCuwUSDO66yjLnz7/VhBflmtLuJXyjwxsNUcuNb/7qGlXSe
 19gLFf6Y7QfFb9SDqlj9C+zBdDkmS5Vgp26OAEEc/o/F7BzIDufm22Sxoui1GKoxIQHCVn
 Ai3m9MzMEKOaJDrsyVhAVqX3JjZtidjwlsR9fKm3yjLbyGroiXbjt8VnV/rS9QyWAs8LWP
 EaKWoIV+/B7D6so8twGVgF6l3Y9NfWxkT3FNH4MxGoChog0BS0c1nzA4BK0egLzvIIuiPx
 1KJgUcFsSaLZn1cXnv9EpxMN/o4G9iZ965tW+cu6r/e61op758RgagDjTq9IFA==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] expat: Update to version 2.4.4
Date: Sun,  6 Feb 2022 13:39:14 +0100
Message-Id: <20220206123914.3456476-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

- Update from 2.4.2 to 2.4.4
- Update of rootfile
- Changelog
   Release 2.4.4 Sun January 30 2022
        Security fixes:
            #550  CVE-2022-23852 -- Fix signed integer overflow
                    (undefined behavior) in function XML_GetBuffer
                    (that is also called by function XML_Parse internally)
                    for when XML_CONTEXT_BYTES is defined to >0 (which is both
                    common and default).
                    Impact is denial of service or more.
            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
                    doProlog triggered by large content in element type
                    declarations when there is an element declaration handler
                    present (from a prior call to XML_SetElementDeclHandler).
                    Impact is denial of service or more.
        Bug fixes:
            #544 #545  xmlwf: Fix a memory leak on output file opening error
        Other changes:
            #546  Autotools: Fix broken CMake support under Cygwin
            #554  Windows: Add missing files to the installer to fix
                    compilation with CMake from installed sources
            #552 #554  Version info bumped from 9:3:8 to 9:4:8;
                    see https://verbump.de/ for what these numbers do
   Release 2.4.3 Sun January 16 2022
        Security fixes:
            #531 #534  CVE-2021-45960 -- Fix issues with left shifts by >=29 places
                    resulting in
                      a) realloc acting as free
                      b) realloc allocating too few bytes
                      c) undefined behavior
                    depending on architecture and precise value
                    for XML documents with >=2^27+1 prefixed attributes
                    on a single XML tag a la
                    "<r xmlns:a='[..]' a:a123='[..]' [..] />"
                    where XML_ParserCreateNS is used to create the parser
                    (which needs argument "-n" when running xmlwf).
                    Impact is denial of service, or more.
            #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
                    on variable m_groupSize in function doProlog leading
                    to realloc acting as free.
                    Impact is denial of service or more.
            #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
                    near memory allocation at multiple places.  Mitre assigned
                    a dedicated CVE for each involved internal C function:
                    - CVE-2022-22822 for function addBinding
                    - CVE-2022-22823 for function build_model
                    - CVE-2022-22824 for function defineAttribute
                    - CVE-2022-22825 for function lookup
                    - CVE-2022-22826 for function nextScaffoldPart
                    - CVE-2022-22827 for function storeAtts
                    Impact is denial of service or more.
        Other changes:
            #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
            #541  Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
                    and MSYS2 by not going through Wine on these platforms
            #527 #528  Address compiler warnings
            #533 #543  Version info bumped from 9:2:8 to 9:3:8;
                    see https://verbump.de/ for what these numbers do
        Infrastructure:
            #536  CI: Check for realistic minimum CMake version
            #529 #539  CI: Cover compilation with -m32
            #529  CI: Store coverage reports as artifacts for download
            #528  CI: Upgrade Clang from 11 to 13

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/rootfiles/common/expat | 21 ++++++++++-----------
 lfs/expat                     |  6 +++---
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index ea0c2ded5..47ce600ad 100644
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -2,22 +2,21 @@
 #usr/include/expat.h
 #usr/include/expat_config.h
 #usr/include/expat_external.h
-#usr/lib/cmake/expat-2.4.2
-#usr/lib/cmake/expat-2.4.2/expat-config-version.cmake
-#usr/lib/cmake/expat-2.4.2/expat-config.cmake
-#usr/lib/cmake/expat-2.4.2/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.4.2/expat.cmake
+#usr/lib/cmake/expat-2.4.4
+#usr/lib/cmake/expat-2.4.4/expat-config-version.cmake
+#usr/lib/cmake/expat-2.4.4/expat-config.cmake
+#usr/lib/cmake/expat-2.4.4/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.4.4/expat.cmake
 #usr/lib/libexpat.a
 #usr/lib/libexpat.la
 #usr/lib/libexpat.so
 usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.8.2
+usr/lib/libexpat.so.1.8.4
 #usr/lib/pkgconfig/expat.pc
 #usr/share/doc/expat
-#usr/share/doc/expat-2.4.2
-#usr/share/doc/expat-2.4.2/ok.min.css
-#usr/share/doc/expat-2.4.2/reference.html
-#usr/share/doc/expat-2.4.2/style.css
-#usr/share/doc/expat-2.4.2/valid-xhtml10.png
+#usr/share/doc/expat-2.4.4
+#usr/share/doc/expat-2.4.4/ok.min.css
+#usr/share/doc/expat-2.4.4/reference.html
+#usr/share/doc/expat-2.4.4/style.css
 #usr/share/doc/expat/AUTHORS
 #usr/share/doc/expat/changelog
diff --git a/lfs/expat b/lfs/expat
index b2df59ca3..3898889ad 100644
--- a/lfs/expat
+++ b/lfs/expat
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.4.2
+VER        = 2.4.4
 
 THISAPP    = expat-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 58780ad6944d02f6cf6ba332838694b2
+$(DL_FILE)_MD5 = 99392ce3377777ab0dc8b0f14beda793
 
 install : $(TARGET)
 
@@ -76,6 +76,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 	cd $(DIR_APP) && install -v -m755 -d /usr/share/doc/$(THISAPP)
-	cd $(DIR_APP) && install -v -m644 doc/*.{html,png,css} /usr/share/doc/$(THISAPP)
+	cd $(DIR_APP) && install -v -m644 doc/*.{html,css} /usr/share/doc/$(THISAPP)
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)