package/expat: security bump to version 2.6.0
Security fixes: - CVE-2023-52425: Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. - CVE-2023-52426: Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). https://blog.hartwork.org/posts/expat-2-6-0-released/ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
1e472e0872
commit
9dad5e7d7f
@ -1,7 +1,7 @@
|
||||
# From https://sourceforge.net/projects/expat/files/expat/2.5.0/
|
||||
md5 ac6677b6d1b95d209ab697ce8b688704 expat-2.5.0.tar.xz
|
||||
sha1 5178e13c1e34f4643d5118d5758babfe0e836fe2 expat-2.5.0.tar.xz
|
||||
# From https://sourceforge.net/projects/expat/files/expat/2.6.0/
|
||||
md5 bd169cb11f4b9bdfddadf9e88a5c4d4b expat-2.6.0.tar.xz
|
||||
sha1 d87e8ab2a3c1deb858c6b22e5ade9d5673086004 expat-2.6.0.tar.xz
|
||||
|
||||
# Locally calculated
|
||||
sha256 ef2420f0232c087801abf705e89ae65f6257df6b7931d37846a193ef2e8cdcbe expat-2.5.0.tar.xz
|
||||
sha256 cb5f5a8ea211e1cabd59be0a933a52e3c02cc326e86a4d387d8d218e7ee47a3e expat-2.6.0.tar.xz
|
||||
sha256 122f2c27000472a201d337b9b31f7eb2b52d091b02857061a8880371612d9534 COPYING
|
||||
|
@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
EXPAT_VERSION = 2.5.0
|
||||
EXPAT_VERSION = 2.6.0
|
||||
EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
|
||||
EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.xz
|
||||
EXPAT_INSTALL_STAGING = YES
|
||||
|
Loading…
Reference in New Issue
Block a user