* [Buildroot] package/expat: please backport to 2021.11.x
@ 2022-02-22 5:21 Christian Stewart via buildroot
2022-02-22 8:32 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 3+ messages in thread
From: Christian Stewart via buildroot @ 2022-02-22 5:21 UTC (permalink / raw)
To: Buildroot Mailing List; +Cc: Fabrice Fontaine, Thomas Petazzoni
[-- Attachment #1.1: Type: text/plain, Size: 221 bytes --]
Hi all,
Expat v2.4.4 (vulnerable) download has been removed from sourceforge.
So 2021.11.x build is broken with the older expat.
Please backport the expat security fixes to 2021.11.x.
Thanks & best,
Christian Stewart
[-- Attachment #1.2: Type: text/html, Size: 368 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] package/expat: please backport to 2021.11.x
2022-02-22 5:21 [Buildroot] package/expat: please backport to 2021.11.x Christian Stewart via buildroot
@ 2022-02-22 8:32 ` Thomas Petazzoni via buildroot
2022-02-22 8:48 ` Christian Stewart via buildroot
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-02-22 8:32 UTC (permalink / raw)
To: Christian Stewart; +Cc: Fabrice Fontaine, Buildroot Mailing List
On Mon, 21 Feb 2022 21:21:16 -0800
Christian Stewart <christian@paral.in> wrote:
> Expat v2.4.4 (vulnerable) download has been removed from sourceforge.
>
> So 2021.11.x build is broken with the older expat.
This is strange: if the expat tarball is no longer available from
sourceforge, Buildroot should fallback to sources.buildroot.net, which
contains the expat-2.4.4.tar.xz tarball, at
http://sources.buildroot.net/expat/.
Of course, it is better to update since there is a security issue in
2.4.4, but I'm wondering why you're saying that the build is broken: it
should not.
Best regards,
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] package/expat: please backport to 2021.11.x
2022-02-22 8:32 ` Thomas Petazzoni via buildroot
@ 2022-02-22 8:48 ` Christian Stewart via buildroot
0 siblings, 0 replies; 3+ messages in thread
From: Christian Stewart via buildroot @ 2022-02-22 8:48 UTC (permalink / raw)
To: Thomas Petazzoni
Cc: Christian Stewart, Fabrice Fontaine, Buildroot Mailing List
Hi Thomas,
On Tue, Feb 22, 2022 at 12:33 AM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
> On Mon, 21 Feb 2022 21:21:16 -0800
> Christian Stewart <christian@paral.in> wrote:
>
> > Expat v2.4.4 (vulnerable) download has been removed from sourceforge.
> >
> > So 2021.11.x build is broken with the older expat.
>
> This is strange: if the expat tarball is no longer available from
> sourceforge, Buildroot should fallback to sources.buildroot.net, which
> contains the expat-2.4.4.tar.xz tarball, at
> http://sources.buildroot.net/expat/.
It does, my mistake, I had an alternate mirror configured.
> Of course, it is better to update since there is a security issue in
> 2.4.4,
Best regards,
Christian
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-02-22 8:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-02-22 5:21 [Buildroot] package/expat: please backport to 2021.11.x Christian Stewart via buildroot
2022-02-22 8:32 ` Thomas Petazzoni via buildroot
2022-02-22 8:48 ` Christian Stewart via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox