From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 05 Sep 2024 19:06:32 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1smFwG-001cL6-3C for lore@lore.pengutronix.de; Thu, 05 Sep 2024 19:06:32 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1smFwF-00070w-Ty; Thu, 05 Sep 2024 19:06:31 +0200 Received: from mail-vi1eur05on2105.outbound.protection.outlook.com ([40.107.21.105] helo=EUR05-VI1-obe.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1smFvt-0006zW-IW for ptxdist@pengutronix.de; Thu, 05 Sep 2024 19:06:10 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=NcbEJwl7k9bB0FWPSxJyYVWhOrLHrwR7uCmDSvspuyJGwMPZnvR3yPw5V6pPPrYt+ZGBFlcbNsXP8wFMBGW0OwSEvNIgFwbgg9VsXqaLXP5KL4i2cNKaqVT5+C1iWuODHMzcej5ub+MLYGYdOx1Uv4+AxEeEx9WNaiSQcT5tVOwCljbnqBQ2H5Ikts5Z/9YD4JogknRiO2iuvPWy2tvwcp7Op+K8JRrPJCjLrqeniaBp5X+wJGGUtclF/JA31JlMS6AEbDX9bx8LbuY5k8Mmw3pKr6G2H5NFdCQxM8pPnsXc0G010IDhQxIgw4APySxe6KLtxSd8Sv+/pwxUsMkR6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=X4jiXYx851BMTTPwtgQLh1wia9Jsri6eoJldtSH97EU=; b=Q395txi2HK3t1j93pxG34HBnYuMDY0dgdS+1D/Ygmlu/e8ioT/d8Wh2suyzBZDpb5sCC7NcbTfdEESjh0oQPSsnNVJkUCbAJRq52gvD4qQJof0ckVtT6SuJBG8f9AiGwAbHBiSxRqtwaQTa4ZiueysTs1qu49lohlgfMT4m8EFJrZTj08v6QC85tmCuwLRnyO7vjebE4gt+1mmcUl/TJM8HOSCTpUMJ1SRL64QN+hDM2DNgjEJ+u3pdd5tJj931qqfl+JBFe3T/VYVfFZbGo3+NstvaT2HQ/HydLUhijngwe5lx7bwVna+wA7R+NJLrhvof/w+k4cuNnGcgOiVj7ww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X4jiXYx851BMTTPwtgQLh1wia9Jsri6eoJldtSH97EU=; b=lgIDKxmjKsQlx32YE1RywtZuerqsPIa/CFgy4EOf3EaTlcGeT5Y+I8mrowAinTeTP9fZxXfHLgvMEfkuQQKIaU8JrFWGqGrn/0iWUNQS9BkGRErRQ/6d5pMQY6CR5Sl2xO5mXEzmShy1e06tMTusDrPxLFSZx74D3Cu+jfwtBpk= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by AM9P251MB0255.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:411::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.28; Thu, 5 Sep 2024 17:06:06 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::fe8d:f825:5b29:2903]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::fe8d:f825:5b29:2903%7]) with mapi id 15.20.7918.024; Thu, 5 Sep 2024 17:06:05 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Thu, 5 Sep 2024 19:05:58 +0200 Message-Id: <20240905170558.3529176-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GVX0EPF0000FA7E.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1:0:4:0:f) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|AM9P251MB0255:EE_ X-MS-Office365-Filtering-Correlation-Id: 405cbbee-9781-4d6a-7c04-08dccdcd0761 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|376014|52116014|1800799024|366016|38350700014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?GBokLkCQJfdcA9eQPX9wqI38uDhZDmMJ2r5wFwjy/azpNwwdcM8cpotXXnF+?= =?us-ascii?Q?lDnxZsfPPfBmvQzpelZqdOBEDwlfRY/obOiXEvSc1rIZlpMbMVQoBEZhg+JJ?= =?us-ascii?Q?LjfAY240oA9LVgczJZLzbFu7TiocvOcwA/uatz4e1hyqSEl+SzovhJlhXTLL?= =?us-ascii?Q?kdb2+V2Vu2a1xFOhxKNMmv2HgeUtZ4VMdKG/2oxfo7cvSuwpE2YzKpzTI2/B?= =?us-ascii?Q?7EnFfb6AQ9uooim32wc/h3oQefU5dyDsFiBpdyGlvWrXCopRik50Vbh1vdnp?= =?us-ascii?Q?IaazznPhermWEh90D9Ya574Emv4DUJja/YMT+/X7h3Lnk6QcMDmPdPXrTmYp?= =?us-ascii?Q?JyrSbpYY7s/LYw/JXSbjVwaXdhdVbYiz+WkUNR50dEQGXfB63eLXnTVMaZtl?= =?us-ascii?Q?GypwR7r9cz8OXruH6s69dNVyjEFpT4u/ImfxmPPmHBf6X7gKYyU8CoebcIF6?= =?us-ascii?Q?yUjPz/98W3nmuC+j20AAzjLJm5AnD9qowlkikgTXEID46Kx7bAVeX6pf/UId?= =?us-ascii?Q?BWclafySoelWnStSgWU2REKdAXPzv0g9nYTnzeVmToMtaLK/nxj3QTHWK6Xb?= =?us-ascii?Q?E/50SP5d2scRyyKY3kM1xtFjYWmet6QfJDt2DYkUdnLiJfs/VBlV84ahLnNY?= =?us-ascii?Q?u/cNGug3NKNNH+3ranJoXj4XZrPtM50wnxbz1bxDnnpdX96SEiRO6hlblJoS?= =?us-ascii?Q?zkxn70SCmebuOJzzCAA5tj8Ft2+xrFX9KCZxuXzpz8jSrWZvd3LigzdAqL8M?= =?us-ascii?Q?sgSEhN05Tkbb8cCX8xM0CuQkIl/WE3ZrAOQyjKwMuL8suhklkq8cle5ItOI2?= =?us-ascii?Q?kWFPjM7Om2BJKNCK4uJ8IxO9eKbPUpEx1wrWn6aEtLqN80JZ+rMiYRB3WD/N?= =?us-ascii?Q?DDd4pveW35ufeaGGS8fyEvFNjQ9dSEKya4XAnQZrNJYHsBb5IL1tMQpDwjN4?= =?us-ascii?Q?4kYwMQIP7AtUnlZDXaiUEfHS9Ef17muOgbT/01x/5Bjex4cYoFvv8TiIgkZw?= =?us-ascii?Q?tR5ky0nvxctW1QMN6o09/QxeVH0bEiNhuQ8Yw4r7EXNCLaI3ErGwQi9+17FN?= =?us-ascii?Q?NWJhlxrA1x6kU7q4Tsu7FK2acX3W6Hp9+KR0FZS52LvTl5UbINkg6FtaYaOR?= =?us-ascii?Q?OClKrSYbKocQymZvW/UkBWisA0A2VXioj2q0kvbpvPQlobuw8aOVJt6YUGHP?= =?us-ascii?Q?ujjSPDkagoppoxcZVLL9U7Jj4OnZ6JFIKDjycRck0svq86myC4Q8yYl+oYGM?= =?us-ascii?Q?fEdvIebz3lKohxZCHeNm4KrFpnjga7OIy2z6AXzw9E8gchxxbDNEVef5SqqJ?= =?us-ascii?Q?3EtSxTlOXU8g1FBikHvi4aoxTgsUfiAn7ra3jfqnYLIIwmn55LhipPSJqi4z?= =?us-ascii?Q?nQQ2hGQ=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230040)(376014)(52116014)(1800799024)(366016)(38350700014); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?zyO/QT9NazU4KGhcViO+z9xTykiXPYxNhJNQEe5RdIIuOZxgqBlBB+yC3Jv2?= =?us-ascii?Q?wOxLGIFjxFOBeBtK/8LWlxbmw5Tdz0TLHYadW1ar05gCkW+TkCrmeM050+zT?= =?us-ascii?Q?x5z4hstZ/u6hBpnr6YGhevFW9mfG14GQRrGJ9cA8lh3GgvPTFWzs69Fmv0Tw?= =?us-ascii?Q?dxQOu+Jnk/g4fBvg8SBGNnCtM98fIUQGbLoOIdWU7YB9bQSQrQrz402n0q12?= =?us-ascii?Q?2HUt+Lacq4vIuJ3xr0HLzlbDBCbBuVguH/jkxuWIW/rP772HQzlAc4z9ViOy?= =?us-ascii?Q?MttoFNwJwulVfV5IMNK3W7+gmxqPsFmkkzCFX8tR4HEMXUxNrbEoiK7b4YQs?= =?us-ascii?Q?L7RoROqpaO0CFD0OOJ2VHKvcD/8tMNHQZ2qLempd8Z1Ae6NaF/Rsm9PtaN1W?= =?us-ascii?Q?knCCnNRweCraKbFUAkyd/MDtNv1jTWGUIGZ45rTAwRgp+e2AvYDOeCw4b71B?= =?us-ascii?Q?VHJFW78M2adobiWv4TzLXnJvpEZvbUov8p+KpUCzgvkZFN0g2LZvom7RSGpi?= =?us-ascii?Q?6epNu5T84j2pvpye3Qh8iBxPmWLfLJqJbvI5ORI8Tm8GiGHtwNE0gdxnbmEh?= =?us-ascii?Q?Wu+8VTJiO9osS84xBweZ6m+jmBNy6t0FPirrAjn/Rq5mPPkoAWN5Ft3gZZgB?= =?us-ascii?Q?t3sZ7Rc4rzLntvVolqoqE7pDFwEZaSSzH0KUzmoaYUjQVYi04KDduN2ld6qo?= =?us-ascii?Q?aQQW8bZM7AkWHx8I0QJ+VJuvL3G6oxRV8JlPFPPC9y4CN7hVhUiMVpw2eu9x?= =?us-ascii?Q?DkdieGTqECNG9zFrngpMGxXsLKOm377QHzJu3fKMkO3INcOjT9/0txl95Q3w?= =?us-ascii?Q?98UYjYRy/OAKaYv5ZX13WZ7IGY8RLns23oirNdLHO4BGTRnsl+hjOJ0SLR+D?= =?us-ascii?Q?PjyDG+PqteY+hrsOQqDl5SetGva6Ok9WllwibQcPh2DF09u4iu6SrMjZXbem?= =?us-ascii?Q?ShnPY8Zy5BhzJDA3C11YbgakzobZZt9oEv15b+4U4XmjD9HrkCBVVLRlKozK?= =?us-ascii?Q?QBYBE4BQzArYsWEDurRWs/61MJZ0nbabR0OadOgEuEoJY2YBsjEyF524UH41?= =?us-ascii?Q?IfroztuRfj4zFo8AA4wr/K2jw19kTfzvvPTMfBdBuqZbTRj8iwGvtPvsmua7?= =?us-ascii?Q?UqZjH7+KZbbpwIX3GhxuQjdCmy7YIb/ffva8QMt/NrSNIy3b4av3+B70hIlX?= =?us-ascii?Q?fx5ixK0DRBlqdq0saK+nqQqbDxQBKPN96HK9At7OsBuq89hijIFkCjOmzxqk?= =?us-ascii?Q?3AiOMJCX/rILDSgb0xgN9pxMCHs5c45vYsMrukQnj9Rum8Pz2WxFmkqd2LDd?= =?us-ascii?Q?sfKn8kHTss10c54uEwK+mClGquLgHZzJX0RiG0vWi22vjZjBZiIN4O3HvEx2?= =?us-ascii?Q?lZJpTEbMd0qUIZeREUSmr5hWSBhvHSIZwy+cExo69r0Dwt7pIP4gobYKptTj?= =?us-ascii?Q?o4E7TL4rUhRV5r0XEYo1zWNm72lEmhZrR9Syx2aiA71asZqSEVUaVPiEHtd2?= =?us-ascii?Q?P5ZlDUM4BUbVXYoBXr8qeao7SjwQ7aqUJ2Qie4U+c5RsFjfXPYh7P+Zzhjz1?= =?us-ascii?Q?BQpcSCeoulHmsmnDHjIaLH3M0MpE5GJ0j+WdV10YMfGlXE/eAR5xHPPLcC+2?= =?us-ascii?Q?bA=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 405cbbee-9781-4d6a-7c04-08dccdcd0761 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Sep 2024 17:06:05.8090 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: IT40JHSyNwpoLfI8mlhgKXcJc54r0kpBGIqr3hlbFT4/QopxgewG/qcYdety2tyy3xVvXLpLWn1eEvriMtDJY3LUaQZ2m6031l8IngaRfJE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P251MB0255 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED, RCVD_IN_VALIDITY_RPBL_BLOCKED,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] expat: Version bump. 2.6.2 -> 2.6.3 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Mainly security fixes. https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes Plugs CVEs: CVE-2024-45490 - An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. CVE-2024-45491 - Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms. CVE-2024-45492 - Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms. Signed-off-by: Christian Melki --- rules/expat.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/expat.make b/rules/expat.make index 03f9ac6b4..31afb8604 100644 --- a/rules/expat.make +++ b/rules/expat.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat # # Paths and names # -EXPAT_VERSION := 2.6.2 -EXPAT_MD5 := b246f58b25a7629fca6cbd1429400cdf +EXPAT_VERSION := 2.6.3 +EXPAT_MD5 := c70040a3f2743d9645cb029d3c9a7c89 EXPAT := expat-$(EXPAT_VERSION) EXPAT_SUFFIX := tar.bz2 EXPAT_RELEASE := R_$(subst .,_,$(EXPAT_VERSION)) -- 2.34.1