From 6077e76fb4609e5b20843ae0a4f860c3aff7c288 Mon Sep 17 00:00:00 2001 From: Florin Diaconescu Date: Wed, 21 Sep 2022 11:16:12 +0300 Subject: expat: upgrade 2.4.8 -> 2.4.9 License change is due to copyright year changes only. Changelog: ========= Security fixes: #629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in function doContent. Expected impact is denial of service or potentially arbitrary code execution. Bug fixes: #634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0 #614 docs: Fix documentation on effect of switch XML_DTD on symbol visibility in doc/reference.html Other changes: #638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output #596 #625 Autotools: Sync CMake templates with CMake 3.22 #608 CMake: Migrate from use of CMAKE_*_POSTFIX to dedicated variables EXPAT_*_POSTFIX to stop affecting other projects #597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners and fuzzers #512 #621 Windows|CMake: Render .def file from a template to fix linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON #611 #621 MinGW|CMake: Apply MSVC .def file when linking #622 #624 MinGW|CMake: Sync library name with GNU Autotools, i.e. produce libexpat-1.dll rather than libexpat.dll by default. Filename libexpat.dll.a is unaffected. #632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in toolchain file "cmake/mingw-toolchain.cmake" to avoid error "windres: Command not found" on e.g. Ubuntu 20.04 #597 #627 CMake: Unify inconsistent use of set() and option() in context of public build time options to take need for set(.. FORCE) in projects using Expat by means of add_subdirectory(..) off Expat's users' shoulders #626 #641 Stop exporting API symbols when building a static library #644 Resolve use of deprecated "fgrep" by "grep -F" #620 CMake: Make documentation on variables a bit more consistent #636 CMake: Drop leading whitespace from a #cmakedefine line in file expat_config.h.cmake #594 xmlwf: Fix harmless variable mix-up in function nsattcmp #592 #593 #610 Address Cppcheck warnings #643 Address Clang 15 compiler warnings #642 #644 Version info bumped from 9:8:8 to 9:9:8; see https://verbump.de/ for what these numbers do Infrastructure: #597 #598 CI: Windows: Start covering MSVC 2022 #619 CI: macOS: Migrate off deprecated macOS 10.15 #632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work #643 CI: Upgrade Clang from 14 to 15 #637 apply-clang-format.sh: Add support for BSD find #633 coverage.sh: Exclude MinGW headers #635 coverage.sh: Fix name collision for -funsigned-char Special thanks to: David Faure Felix Wilhelm Frank Bergmann Rhodri James Rosen Penev Thijs Schreijer Vincent Torri and Google Project Zero (From OE-Core rev: 93c3f0e8dca180fd2dddf88bd0cfd68c0a70ec4c) Signed-off-by: Florin Diaconescu Signed-off-by: Richard Purdie --- meta/recipes-core/expat/expat_2.4.8.bb | 31 ------------------------------- meta/recipes-core/expat/expat_2.4.9.bb | 31 +++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 31 deletions(-) delete mode 100644 meta/recipes-core/expat/expat_2.4.8.bb create mode 100644 meta/recipes-core/expat/expat_2.4.9.bb (limited to 'meta/recipes-core/expat') diff --git a/meta/recipes-core/expat/expat_2.4.8.bb b/meta/recipes-core/expat/expat_2.4.8.bb deleted file mode 100644 index 980c488640..0000000000 --- a/meta/recipes-core/expat/expat_2.4.8.bb +++ /dev/null @@ -1,31 +0,0 @@ -SUMMARY = "A stream-oriented XML parser library" -DESCRIPTION = "Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags)" -HOMEPAGE = "https://github.com/libexpat/libexpat" -SECTION = "libs" -LICENSE = "MIT" - -LIC_FILES_CHKSUM = "file://COPYING;md5=9e2ce3b3c4c0f2670883a23bbd7c37a9" - -VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}" - -SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ - file://run-ptest \ - " - -UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" - -SRC_URI[sha256sum] = "a247a7f6bbb21cf2ca81ea4cbb916bfb9717ca523631675f99b3d4a5678dcd16" - -EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" - -RDEPENDS:${PN}-ptest += "bash" - -inherit cmake lib_package ptest - -do_install_ptest:class-target() { - install -m 755 ${B}/tests/* ${D}${PTEST_PATH} -} - -BBCLASSEXTEND += "native nativesdk" - -CVE_PRODUCT = "expat libexpat" diff --git a/meta/recipes-core/expat/expat_2.4.9.bb b/meta/recipes-core/expat/expat_2.4.9.bb new file mode 100644 index 0000000000..cb007708c7 --- /dev/null +++ b/meta/recipes-core/expat/expat_2.4.9.bb @@ -0,0 +1,31 @@ +SUMMARY = "A stream-oriented XML parser library" +DESCRIPTION = "Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags)" +HOMEPAGE = "https://github.com/libexpat/libexpat" +SECTION = "libs" +LICENSE = "MIT" + +LIC_FILES_CHKSUM = "file://COPYING;md5=7b3b078238d0901d3b339289117cb7fb" + +VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}" + +SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ + file://run-ptest \ + " + +UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" + +SRC_URI[sha256sum] = "7f44d1469b110773a94b0d5abeeeffaef79f8bd6406b07e52394bcf48126437a" + +EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" + +RDEPENDS:${PN}-ptest += "bash" + +inherit cmake lib_package ptest + +do_install_ptest:class-target() { + install -m 755 ${B}/tests/* ${D}${PTEST_PATH} +} + +BBCLASSEXTEND += "native nativesdk" + +CVE_PRODUCT = "expat libexpat" -- cgit v1.2.3-54-g00ecf