* [Buildroot] package/expat: please backport to 2021.11.x
@ 2022-02-22 5:21 Christian Stewart via buildroot
2022-02-22 8:32 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 3+ messages in thread
From: Christian Stewart via buildroot @ 2022-02-22 5:21 UTC (permalink / raw)
To: Buildroot Mailing List; +Cc: Fabrice Fontaine, Thomas Petazzoni
[-- Attachment #1.1: Type: text/plain, Size: 221 bytes --]
Hi all,
Expat v2.4.4 (vulnerable) download has been removed from sourceforge.
So 2021.11.x build is broken with the older expat.
Please backport the expat security fixes to 2021.11.x.
Thanks & best,
Christian Stewart
[-- Attachment #1.2: Type: text/html, Size: 368 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] package/expat: please backport to 2021.11.x
2022-02-22 5:21 [Buildroot] package/expat: please backport to 2021.11.x Christian Stewart via buildroot
@ 2022-02-22 8:32 ` Thomas Petazzoni via buildroot
2022-02-22 8:48 ` Christian Stewart via buildroot
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-02-22 8:32 UTC (permalink / raw)
To: Christian Stewart; +Cc: Fabrice Fontaine, Buildroot Mailing List
On Mon, 21 Feb 2022 21:21:16 -0800
Christian Stewart <christian@paral.in> wrote:
> Expat v2.4.4 (vulnerable) download has been removed from sourceforge.
>
> So 2021.11.x build is broken with the older expat.
This is strange: if the expat tarball is no longer available from
sourceforge, Buildroot should fallback to sources.buildroot.net, which
contains the expat-2.4.4.tar.xz tarball, at
http://sources.buildroot.net/expat/.
Of course, it is better to update since there is a security issue in
2.4.4, but I'm wondering why you're saying that the build is broken: it
should not.
Best regards,
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] package/expat: please backport to 2021.11.x
2022-02-22 8:32 ` Thomas Petazzoni via buildroot
@ 2022-02-22 8:48 ` Christian Stewart via buildroot
0 siblings, 0 replies; 3+ messages in thread
From: Christian Stewart via buildroot @ 2022-02-22 8:48 UTC (permalink / raw)
To: Thomas Petazzoni
Cc: Christian Stewart, Fabrice Fontaine, Buildroot Mailing List
Hi Thomas,
On Tue, Feb 22, 2022 at 12:33 AM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
> On Mon, 21 Feb 2022 21:21:16 -0800
> Christian Stewart <christian@paral.in> wrote:
>
> > Expat v2.4.4 (vulnerable) download has been removed from sourceforge.
> >
> > So 2021.11.x build is broken with the older expat.
>
> This is strange: if the expat tarball is no longer available from
> sourceforge, Buildroot should fallback to sources.buildroot.net, which
> contains the expat-2.4.4.tar.xz tarball, at
> http://sources.buildroot.net/expat/.
It does, my mistake, I had an alternate mirror configured.
> Of course, it is better to update since there is a security issue in
> 2.4.4,
Best regards,
Christian
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-02-22 8:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-02-22 5:21 [Buildroot] package/expat: please backport to 2021.11.x Christian Stewart via buildroot
2022-02-22 8:32 ` Thomas Petazzoni via buildroot
2022-02-22 8:48 ` Christian Stewart via buildroot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.