[Buildroot] [PATCH 1/1] package/expat: security bump to version 2.6.2

[Buildroot] [PATCH 1/1] package/expat: security bump to version 2.6.2

[Sébastien Szymanski]

Security fixes:
	- CVE-2024-28757 -- Prevent billion laughs attacks with isolated
	  use of external parsers.  Please see the commit message of
	  commit 1d50b80cf31de87750103656f6eb693746854aa8 for details.

https://blog.hartwork.org/posts/expat-2-6-2-released/
https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
---
 package/expat/expat.hash | 8 ++++----
 package/expat/expat.mk   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/expat/expat.hash b/package/expat/expat.hash
index 980a9ab6a79d..63890b54df29 100644
--- a/package/expat/expat.hash
+++ b/package/expat/expat.hash
@@ -1,7 +1,7 @@
-# From https://sourceforge.net/projects/expat/files/expat/2.6.1/
-md5  84d0ee1c554212dc8f068e538de5b823  expat-2.6.1.tar.xz
-sha1  1a1804b7c565a8b21abbd3433ef67ed8a4476960  expat-2.6.1.tar.xz
+# From https://sourceforge.net/projects/expat/files/expat/2.6.2/
+md5  0cb75c8feb842c0794ba89666b762a2d  expat-2.6.1.tar.xz
+sha1  d9e5f953dcacda3c9e69b4886382c3d8847b81bd  expat-2.6.1.tar.xz
 
 # Locally calculated
-sha256  cb5f5a8ea211e1cabd59be0a933a52e3c02cc326e86a4d387d8d218e7ee47a3e  expat-2.6.0.tar.xz
+sha256  ee14b4c5d8908b1bec37ad937607eab183d4d9806a08adee472c3c3121d27364  expat-2.6.2.tar.xz
 sha256  122f2c27000472a201d337b9b31f7eb2b52d091b02857061a8880371612d9534  COPYING
diff --git a/package/expat/expat.mk b/package/expat/expat.mk
index e09fcc673fa5..c6b7fc8b44f0 100644
--- a/package/expat/expat.mk
+++ b/package/expat/expat.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-EXPAT_VERSION = 2.6.1
+EXPAT_VERSION = 2.6.2
 EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
 EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.xz
 EXPAT_INSTALL_STAGING = YES
-- 
2.43.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/expat: security bump to version 2.6.2

[Peter Korsgaard]

>>>>> "Sébastien" == Sébastien Szymanski <sebastien.szymanski@armadeus.com> writes:

 > Security fixes:
 > 	- CVE-2024-28757 -- Prevent billion laughs attacks with isolated
 > 	  use of external parsers.  Please see the commit message of
 > 	  commit 1d50b80cf31de87750103656f6eb693746854aa8 for details.

 > https://blog.hartwork.org/posts/expat-2-6-2-released/
 > https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes

 > Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/expat: security bump to version 2.6.2

[Peter Korsgaard]

>>>>> "Sébastien" == Sébastien Szymanski <sebastien.szymanski@armadeus.com> writes:

 > Security fixes:
 > 	- CVE-2024-28757 -- Prevent billion laughs attacks with isolated
 > 	  use of external parsers.  Please see the commit message of
 > 	  commit 1d50b80cf31de87750103656f6eb693746854aa8 for details.

 > https://blog.hartwork.org/posts/expat-2-6-2-released/
 > https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes

 > Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>

Committed to 2024.02.x, 2023.02.x and 2023.11.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot