[Buildroot] [PATCH 1/1] package/expat: bump to version 2.4.9

* [Buildroot] [PATCH 1/1] package/expat: bump to version 2.4.9
@ 2022-09-21 21:07 Fabrice Fontaine
  2022-09-23 21:35 ` Thomas Petazzoni
  0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2022-09-21 21:07 UTC (permalink / raw)
  To: buildroot; +Cc: Fabrice Fontaine

- Drop patch (akready in version)
- Update hash of COPYING (year updated with
  https://github.com/libexpat/libexpat/commit/39b2e99355039626438d48a4eca6aacba2b44d5e)

https://blog.hartwork.org/posts/expat-2-4-9-released
https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 ...re-safe-exiting-internalEntityParser.patch | 53 -------------------
 package/expat/expat.hash                      | 10 ++--
 package/expat/expat.mk                        |  5 +-
 3 files changed, 6 insertions(+), 62 deletions(-)
 delete mode 100644 package/expat/0001-Ensure-raw-tagnames-are-safe-exiting-internalEntityParser.patch

diff --git a/package/expat/0001-Ensure-raw-tagnames-are-safe-exiting-internalEntityParser.patch b/package/expat/0001-Ensure-raw-tagnames-are-safe-exiting-internalEntityParser.patch
deleted file mode 100644
index ca86e85115..0000000000
--- a/package/expat/0001-Ensure-raw-tagnames-are-safe-exiting-internalEntityParser.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 4a32da87e931ba54393d465bb77c40b5c33d343b Mon Sep 17 00:00:00 2001
-From: Rhodri James <rhodri@wildebeest.org.uk>
-Date: Wed, 17 Aug 2022 18:26:18 +0100
-Subject: [PATCH] Ensure raw tagnames are safe exiting internalEntityParser
-
-It is possible to concoct a situation in which parsing is
-suspended while substituting in an internal entity, so that
-XML_ResumeParser directly uses internalEntityProcessor as
-its processor.  If the subsequent parse includes some unclosed
-tags, this will return without calling storeRawNames to ensure
-that the raw versions of the tag names are stored in memory other
-than the parse buffer itself.  If the parse buffer is then changed
-or reallocated (for example if processing a file line by line),
-badness will ensue.
-
-This patch ensures storeRawNames is always called when needed
-after calling doContent.  The earlier call do doContent does
-not need the same protection; it only deals with entity
-substitution, which cannot leave unbalanced tags, and in any
-case the raw names will be pointing into the stored entity
-value not the parse buffer.
-
-[Retrieved from:
-https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- expat/lib/xmlparse.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 7bcabf7f4..d73f419cf 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -5826,10 +5826,15 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
-   {
-     parser->m_processor = contentProcessor;
-     /* see externalEntityContentProcessor vs contentProcessor */
--    return doContent(parser, parser->m_parentParser ? 1 : 0, parser->m_encoding,
--                     s, end, nextPtr,
--                     (XML_Bool)! parser->m_parsingStatus.finalBuffer,
--                     XML_ACCOUNT_DIRECT);
-+    result = doContent(parser, parser->m_parentParser ? 1 : 0,
-+                       parser->m_encoding, s, end, nextPtr,
-+                       (XML_Bool)! parser->m_parsingStatus.finalBuffer,
-+                       XML_ACCOUNT_DIRECT);
-+    if (result == XML_ERROR_NONE) {
-+      if (! storeRawNames(parser))
-+        return XML_ERROR_NO_MEMORY;
-+    }
-+    return result;
-   }
- }
- 
diff --git a/package/expat/expat.hash b/package/expat/expat.hash
index b8e7aa27f1..15e64a4dc8 100644
--- a/package/expat/expat.hash
+++ b/package/expat/expat.hash
@@ -1,7 +1,7 @@
-# From https://sourceforge.net/projects/expat/files/expat/2.4.8/
-md5  0584a7318a4c007f7ec94778799d72fe  expat-2.4.8.tar.xz
-sha1  e30345a20d0cc29a0c307eb3703e7a9bb62afa90  expat-2.4.8.tar.xz
+# From https://sourceforge.net/projects/expat/files/expat/2.4.9/
+md5  8d7fcf7d02d08bf79d9ae5c21cc72c03  expat-2.4.9.tar.xz
+sha1  be91118bc495ce49b04a3fd0f27df2fb5a843e9b  expat-2.4.9.tar.xz
 
 # Locally calculated
-sha256  f79b8f904b749e3e0d20afeadecf8249c55b2e32d4ebb089ae378df479dcaf25  expat-2.4.8.tar.xz
-sha256  8c6b5b6de8fae20b317f4992729abc0e520bfba4c7606cd1e9eeb87418eebdec  COPYING
+sha256  6e8c0728fe5c7cd3f93a6acce43046c5e4736c7b4b68e032e9350daa0efc0354  expat-2.4.9.tar.xz
+sha256  122f2c27000472a201d337b9b31f7eb2b52d091b02857061a8880371612d9534  COPYING
diff --git a/package/expat/expat.mk b/package/expat/expat.mk
index 61735a5fdb..59854d0ee8 100644
--- a/package/expat/expat.mk
+++ b/package/expat/expat.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-EXPAT_VERSION = 2.4.8
+EXPAT_VERSION = 2.4.9
 EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
 EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.xz
 EXPAT_INSTALL_STAGING = YES
@@ -13,9 +13,6 @@ EXPAT_LICENSE_FILES = COPYING
 EXPAT_CPE_ID_VENDOR = libexpat_project
 EXPAT_CPE_ID_PRODUCT = libexpat
 
-# 0001-Ensure-raw-tagnames-are-safe-exiting-internalEntityParser.patch
-EXPAT_IGNORE_CVES += CVE-2022-40674
-
 EXPAT_CONF_OPTS = \
 	--without-docbook --without-examples --without-tests --without-xmlwf
 HOST_EXPAT_CONF_OPTS = --without-docbook --without-examples --without-tests
-- 
2.35.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 2+ messages in thread