From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 14 Mar 2024 20:57:33 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1rkrCm-006W5N-2y for lore@lore.pengutronix.de; Thu, 14 Mar 2024 20:57:32 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1rkrCm-0005vX-7s; Thu, 14 Mar 2024 20:57:32 +0100 Received: from mail-am6eur05on2096.outbound.protection.outlook.com ([40.107.22.96] helo=EUR05-AM6-obe.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rkrCR-0005vO-IN for ptxdist@pengutronix.de; Thu, 14 Mar 2024 20:57:12 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DQKAcLL5omx2paBav7rmBs0JJXszbhScJavIpRAky8juaRe2xuUfrntDCJZozm4tsSgbCWtaiqvkENjjkIy+1q2jVUzs6paZRom4BuC7V2Re/WlNxqWrvQMJznS3Lhr7sOTn7qhKgNKgLm3LKZ66lx9V0OaP5Rqz3dIsOdiE936FoKUnqLGt3KA1gvwKbS2Gz0pGmkDYpimqeHc4BDCNb9vlAZb7M/+4/jCpea7whY1mC4NMcvIq3IDMqmAqI/qR8MC0sISOBPJPuCejrkPSkrmRRBDJWLavcGSD3Z9grFJTlwSgRNTgahJWkXTbQveSPEHKcXmf9HfIr4S2FIbIxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lcrPT8TzcAtWy3Xd5y7KBymuKjJjx3JDUB5T53nkwsw=; b=CketfmxuTSq8mCsltuwW/gyb89qBLAkP8PnRGLTkRx8vTy+4yOyaGJ+U/taI7yCfoMwpgebdbRqNo+HaFUvSF/ZmTa9It2lF76YSRzAtiXKbNfXH1uBciBtmIgVwNcv0GcHzHKJw2ZNGg8dwutWAcq1eb+m74TutAddmeROzRx9tB7y14YapjOt1IP2D1/Z5qi5cvvb6f9PmMg0F+oDwoREcOoc6KsyBk5GR6AdWfRPjuUa+0nPCEFg7FYz9AOoUX8DEP6BsVawfQM4R6zzbE0CPnuToUgFXoL/5UbHjXEPZxjeUSTXOrYnzPqT6dy+0iokLUgNwxqVI85jH2gboeA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lcrPT8TzcAtWy3Xd5y7KBymuKjJjx3JDUB5T53nkwsw=; b=S7YmQ03lnXhlVdtvUcdZWcS8L3D5WuTIfjstc4VcPWlCXFxSJbYBIO8Ou1R0NidKwrgcLFNT8zXpEKs4kblolc00rd2qXbfNMI8qEWHT0DcxybLh+QJbSKH9wgQH3kTYEczDvAVZbh/IISfkFTqTa1VX9JwaLYOzjn2MYAjpov4= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by GV1P251MB0930.EURP251.PROD.OUTLOOK.COM (2603:10a6:150:9e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.36; Thu, 14 Mar 2024 19:57:07 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::ba8c:3db:3a02:7ce4]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::ba8c:3db:3a02:7ce4%6]) with mapi id 15.20.7386.020; Thu, 14 Mar 2024 19:57:07 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Thu, 14 Mar 2024 20:56:54 +0100 Message-Id: <20240314195654.1708455-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GV2PEPF000000FC.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1:0:1:0:19) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|GV1P251MB0930:EE_ X-MS-Office365-Filtering-Correlation-Id: b51490e9-a09e-47fd-503a-08dc4460ed98 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uylP8FXXkgiWoyQflxdTCtte2Y8DglrcWgeyJUOVA/ssUjTjy7KYaWaIr+w/+OvOHpRxfJXGqeURRS3aRa26BXvtk6MenjUrKutsp21Ik+Y/5tYKZkVXPt3kvi/DJpH26FtG7x9RCwVVzE58jfc8yZNGpkqqo/IBpVeC223gDx7sC5hGcghpUwBRvFpouKIejU+QuGxBNvqFtslxtPDgEC5yQHzexSPJKXZzq5m74jXPn416ztr3yX+5z37Mi4KnDVOmN98N8bheU6u5Q8q8FRl0WCtEadBAsjzkwb1o9ipOxPlZmWbkaT9JlPhWAfn4LmneHKfllepOrWyyqCgEmvn+vbgzLWCUzNCG1icQqMeeHFA/WXN4RfVWTq1qzwFI6sAUigq2sK09GrBESJPZs0miZsxVPfrVC/R+4YPaaPYOlncRg9qYQqiQ3JXxBOmdQuVxuXe2Pe+08UabwSr21lhyopVHG1QVip/THU+mwR+6d4JraUYCoEdAH3xW4X3/5bQ18sB3qTZRHPNfqfVwrg38wmuEPxERIBSEZ5fr7CudRZIg4vyazYI3NaaTyy8dTCKcBB03xCj5bCNg7/ec5G7ATXK9yF1t9qmr417lkYxVuJPbC+9SxKV13jAn/6b0/KqldnmuXiWLHmlq+3Vcpu48Zva1Qf2StFq3oOTML+k= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376005)(52116005)(1800799015)(38350700005); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?y3V74qlvzCWQ7Ym+gaHelJ3HpGaTR150A2Ar2o0BvIn5blTQtJ4FApUeC739?= =?us-ascii?Q?cHZP6s/N7Iqu5opbXbbNJSN2qx0xLc4D9oh3MuLG52qXvDR1ndf6cJpQjxEX?= =?us-ascii?Q?5w0Ea/qNWeuWUd2404UDQkZ4LeIASs+35aKg5CWLmYOAu0wZ+C6lkXCfQlFa?= =?us-ascii?Q?wkWpH3Y19ft/jReYkDvsK8FPF0ut7ONOapkzPIEKGjpZVkOwRqNGgXMHAvH2?= =?us-ascii?Q?ZoNchHoG/xVwzFkeixiREeR+/a9PuX6Zgqax+MLIv6tZWhBoNXEBHQ4qwNcs?= =?us-ascii?Q?BXCjG9J2/rKxjkMcA1rqFjyfnX50dVdQpWypEfQO+5eT86XKZO/xKgmsBZSW?= =?us-ascii?Q?qBSF7vXob3jsIg5b0ZO2B6WzPbWkMgx5GmcPOzOdj0CsGDitxw9X92cbwzjO?= =?us-ascii?Q?UblJqCsbiBNK3VbBS2LlW/XJZwx06RPG8WOpwNT7K1wM2G7N2FXrNbFdNIK6?= =?us-ascii?Q?mPdyRPj8VpAA1PsO09eAQ3FH5tH64wnmxgQfZJKan5p5Cw/5AcxR2lrqQSFI?= =?us-ascii?Q?645K/YDHEzj8gAFqEVkyYFOLeU/QH+UjU97gMSZnVw3wyHAO/HlieW+skkDW?= =?us-ascii?Q?YgD7v5PtXDhB3dboM6G1u2iCAb957C/NiRimigmwdSDvKBsLPMxC0H2phZTJ?= =?us-ascii?Q?LwxbdXR9kvX/6Fx7qLwKMD1PM0ao03eeNMIdUAh2DYH3g6ffi7EjQvIgnriE?= =?us-ascii?Q?vakSVQkQT/nFfx/P5mg2UqGgSFidLHWsNPUsAuOKBfSkoHTAIGYmnQxhApk4?= =?us-ascii?Q?s33NX3UsI+aYxsFWeg7DWjW9PuzgFIlZXRjajxht9kaIUFi1GQFe7XWxSLwD?= =?us-ascii?Q?7oqRkK4L0HhGDi3PMTq8y45nmSsmUj38KhWKg3Q5Dy0pMCbKMWxcDr+0H5K4?= =?us-ascii?Q?khm34LkYAFe5P6EMJX7Q3j9PyXtRva9scIBI5tRGYux8GKL7+sLNcEd6QCjm?= =?us-ascii?Q?Is0JQ9L0euqanePb+iKoQ4jFGW25dkkVuZf/OMtn1dc9UqXQEAq9V050F1yj?= =?us-ascii?Q?KdyFt2T5rwfHZTnOA5lVwJDPAnNIYhqFOTZXO/7PPHyk5Rtt38q3woBwZO0q?= =?us-ascii?Q?wLO4fbtu/H/aZjug//MHOvYVR7034UO/vjzFX8l3rzua24u8bmzfoig3tshH?= =?us-ascii?Q?xcCbYDauqySqarueDeWbmphrUyhY8frZB4BYeooYaBynP7rsYxZZtosocK1y?= =?us-ascii?Q?5eEZFsN0HKQTsK/f1GHnuU0+LaUOQLZay0xHKD/7XnYtqnwlLDKYe5GEoixq?= =?us-ascii?Q?CGZtZhRj9hCwiqm4nIGTJPVpbYQ29t0xzxhWEllnVY6Zl4USx11BmGAtTPsN?= =?us-ascii?Q?w+WMHEoAQLpr9e9QNq/QdSLaefbu/A7g0jQ3wH0sUZltIUHkAAIPIvkYFFOV?= =?us-ascii?Q?MVNgr7u7luxz2TtPxAq8ZPIgACGJVU2ShbcGCz0OKj5CsWeNZowGMpln43gg?= =?us-ascii?Q?V78Kl35kv3QHi7rM4Dlp5HqrYEz0QP18wyhskX/yOvajphZMoZDYOymIfjyI?= =?us-ascii?Q?ME5LO+kI9IgDAJagJZ5JMt39qM37w9x2G2BJhXvydpDtPqsndTcYoQ7qO6QG?= =?us-ascii?Q?AmxClo/Cw8GD6xYktION2SPGXkokA+HZBqiWdDi+w58Ie7BnCJLivya0IXQV?= =?us-ascii?Q?Rg=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: b51490e9-a09e-47fd-503a-08dc4460ed98 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Mar 2024 19:57:07.5469 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kXAqlbzKJGfh4nnDIjgq56DOpDDsVY9/vk2nGV4ubTDklLuObpws0LB4f27CDUEUpTF61OD2jz2W81UCv4CuIYz/52crvrNF+hxQyHuVE9A= X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1P251MB0930 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] expat: Version bump. 2.6.1 -> 2.6.2 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Minor changes https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes Plugs CVE: CVE-2024-28757: Prevent billion laughs attacks with isolated use of external parsers. Signed-off-by: Christian Melki --- rules/expat.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/expat.make b/rules/expat.make index 1c5fcf441..03f9ac6b4 100644 --- a/rules/expat.make +++ b/rules/expat.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat # # Paths and names # -EXPAT_VERSION := 2.6.1 -EXPAT_MD5 := d83bb2458956aeed4236cf45bff6eccd +EXPAT_VERSION := 2.6.2 +EXPAT_MD5 := b246f58b25a7629fca6cbd1429400cdf EXPAT := expat-$(EXPAT_VERSION) EXPAT_SUFFIX := tar.bz2 EXPAT_RELEASE := R_$(subst .,_,$(EXPAT_VERSION)) -- 2.34.1