From: Ross Burton <[email protected]>
Release 2.5.0 Tue October 25 2022
Security fixes:
#616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager
destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially
arbitrary code execution.
Bug fixes:
#612 #645 Fix curruption from undefined entities
#613 #654 Fix case when parsing was suspended while processing nested
entities
#616 #652 #653 Stop leaking opening tag bindings after a closing tag
mismatch error where a parser is reset through
XML_ParserReset and then reused to parse
#656 CMake: Fix generation of pkg-config file
#658 MinGW|CMake: Fix static library name
Other changes:
#663 Protect header expat_config.h from multiple inclusion
#666 examples: Make use of XML_GetBuffer and be more
consistent across examples
#648 Address compiler warnings
#667 #668 Version info bumped from 9:9:8 to 9:10:8;
see https://verbump.de/ for what these numbers do
Includes a fix for CVE-2022-43680.
Signed-off-by: Ross Burton <[email protected]>
Signed-off-by: Alexandre Belloni <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
(cherry picked from commit a257a674272dc638f09167e9b9202adfb477ef1e)
Signed-off-by: Steve Sakoman <[email protected]>
---
meta/recipes-core/expat/{expat_2.4.9.bb => expat_2.5.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-core/expat/{expat_2.4.9.bb => expat_2.5.0.bb} (91%)
diff --git a/meta/recipes-core/expat/expat_2.4.9.bb
b/meta/recipes-core/expat/expat_2.5.0.bb
similarity index 91%
rename from meta/recipes-core/expat/expat_2.4.9.bb
rename to meta/recipes-core/expat/expat_2.5.0.bb
index cb007708c7..7080f934d1 100644
--- a/meta/recipes-core/expat/expat_2.4.9.bb
+++ b/meta/recipes-core/expat/expat_2.5.0.bb
@@ -14,7 +14,7 @@ SRC_URI =
"https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/";
-SRC_URI[sha256sum] =
"7f44d1469b110773a94b0d5abeeeffaef79f8bd6406b07e52394bcf48126437a"
+SRC_URI[sha256sum] =
"6f0e6e01f7b30025fa05c85fdad1e5d0ec7fd35d9f61b22f34998de11969ff67"
EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173606):
https://lists.openembedded.org/g/openembedded-core/message/173606
Mute This Topic: https://lists.openembedded.org/mt/95151992/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
