From a7295520a9358929c9655ac4b0a533b4e81119bd Mon Sep 17 00:00:00 2001 From: Francois Perrad Date: Tue, 13 Sep 2022 20:18:41 +0200 Subject: [PATCH] package/libxml2: security bump to version 2.10.2 COPYING was a link to Copyright, this link is now removed with 2.10.0, fix CVE-2022-2309 Signed-off-by: Francois Perrad Signed-off-by: Thomas Petazzoni --- package/libxml2/libxml2.hash | 6 +++--- package/libxml2/libxml2.mk | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package/libxml2/libxml2.hash b/package/libxml2/libxml2.hash index e67d3b0b8a..4d24c60132 100644 --- a/package/libxml2/libxml2.hash +++ b/package/libxml2/libxml2.hash @@ -1,4 +1,4 @@ -# From http://ftp.acc.umu.se/pub/gnome/sources/libxml2/2.9/libxml2-2.9.14.sha256sum -sha256 60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee libxml2-2.9.14.tar.xz +# From http://ftp.acc.umu.se/pub/gnome/sources/libxml2/2.10/libxml2-2.10.2.sha256sum +sha256 d240abe6da9c65cb1900dd9bf3a3501ccf88b3c2a1cb98317d03f272dda5b265 libxml2-2.10.2.tar.xz # License files, locally calculated -sha256 c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd COPYING +sha256 c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd Copyright diff --git a/package/libxml2/libxml2.mk b/package/libxml2/libxml2.mk index 3647549a4b..37a4396cbe 100644 --- a/package/libxml2/libxml2.mk +++ b/package/libxml2/libxml2.mk @@ -4,14 +4,14 @@ # ################################################################################ -LIBXML2_VERSION_MAJOR = 2.9 -LIBXML2_VERSION = $(LIBXML2_VERSION_MAJOR).14 +LIBXML2_VERSION_MAJOR = 2.10 +LIBXML2_VERSION = $(LIBXML2_VERSION_MAJOR).2 LIBXML2_SOURCE = libxml2-$(LIBXML2_VERSION).tar.xz LIBXML2_SITE = \ http://ftp.gnome.org/pub/gnome/sources/libxml2/$(LIBXML2_VERSION_MAJOR) LIBXML2_INSTALL_STAGING = YES LIBXML2_LICENSE = MIT -LIBXML2_LICENSE_FILES = COPYING +LIBXML2_LICENSE_FILES = Copyright LIBXML2_CPE_ID_VENDOR = xmlsoft LIBXML2_CONFIG_SCRIPTS = xml2-config