Commit Graph

29 Commits

Author SHA1 Message Date
Yanase Yuki
2db7f1c67c tools/expat: update to 2.6.3
This release fixes CVE-2024-45490, CVE-2024-45491 and
CVE-2024-45492.

Changelog:
https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes

Signed-off-by: Yanase Yuki <dev@zpc.st>
Link: https://github.com/openwrt/openwrt/pull/16379
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-19 23:05:44 +02:00
Fabrice Fontaine
ff59f3f4bd tools/expat: fix PKG_CPE_ID
cpe:/a:libexpat_project:libexpat is the correct CPE ID for expat:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3🅰️libexpat:libexpat

Fixes: c61a239514 (add PKG_CPE_ID ids to package and tools)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15291
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-27 23:37:57 +02:00
Robert Marko
bab3ae2ee7 tools: prefer gz or bz2 tarballs
In the light of recent XZ events, and fundamental XZ issues lets work on
moving away from using XZ.

So, use gz compressed tarballs as sources whenever possible.

dwarves only offers bz2 compressed tarballs, so use those as size
difference is minor compared to XZ.

Signed-off-by: Robert Marko <robimarko@gmail.com>

dwarves
2024-04-06 11:24:18 +02:00
Josef Schlehofer
80b2288ea3 tools/expat: update to version 2.6.2
Release notes:
https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes

Fixes:
CVE-2024-28757

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2024-03-26 10:37:37 +01:00
Koen Vandeputte
f3cbdaec29 tools/expat: fix build error with ccache
Disable compilation of separate tests as it causes
a build error when combined with ccache

Fixes: 4a3f430d72 ("tools/expat: update to 2.6.0")
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2024-02-15 12:02:20 +01:00
Nick Hainke
4a3f430d72 tools/expat: update to 2.6.0
Changelog:
https://github.com/libexpat/libexpat/blob/R_2_6_0/expat/Changes

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-02-12 09:57:08 +01:00
Nick Hainke
23a456aef1 expat: update to 2.5.0
Fixes CVE-2022-43680.

Changes:
https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-31 21:27:48 +01:00
Nick Hainke
107f82292b tools/expat: switch to tar.xz to save bandwidth
The tar.xz download is a bit smaller. Use this download to save traffic.

Suggested-by: hardfalcon
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 16:16:07 +02:00
Nick Hainke
1b3a524e1d tools/expat: update to 2.4.9
Fixes CVE-2022-40674.

Release Notes:
https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 16:16:07 +02:00
Rosen Penev
89df3589e6
tools/expat: build with autotools again
Allows to set expat as a dependency to cmake and save on compilation
time.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-29 19:33:17 +02:00
Nick Hainke
46dc7e63c4 tools/expat: update to 2.4.8
Release Notes:
https://github.com/libexpat/libexpat/blob/R_2_4_8/expat/Changes

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-07 04:22:39 +01:00
Rosen Penev
cca5367f27 tools/expat: enable DTD
Fixes gdb usage, which depends on it.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 10:10:30 +01:00
Rosen Penev
3150e8bf3e tools/expat: update to 2.4.7
Mostly a bug fix to the bug fix to CVE-2022-25236

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 10:10:30 +01:00
Rosen Penev
4e13229dd1 tools/expat: update to 2.4.6
Switched to CMake for faster compilation and greater parallel
friendliness.

Added CMake options from the packages feed.

This release fixes various CVEs.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Hannu Nyman
a233e3a9af tools/expat: update to 2.2.10
Update expat to 2.2.10

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2020-11-21 18:48:39 +01:00
David Bauer
c5497ebb1c tools/expat: change package source to GitHub
According to the SourceForge page, the project is migrating to GitHub.
Thus, change the source of the package to GitHub.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-11-24 23:17:34 +01:00
Josef Schlehofer
b4af2c689f expat: Update to version 2.2.9
Fixes CVE-2019-15903

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-10-06 21:28:49 +02:00
Daniel Engberg
7270fdb62f expat: Update to 2.2.7
Update (lib)expat to 2.2.7

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-08-06 14:03:09 +02:00
Marko Ratkaj
6e80dd58bb tools/expat: fix docbook2man error on some systems
On some systems (Gentoo) configure stage fails because of docbook2man
working with SGML rather than with XML. We don't need xmlwf man pages so
we disable this.

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2018-09-11 15:00:09 +02:00
Daniel Engberg
3e734e822b tools/expat: Update to 2.2.6
Update (lib)expat to 2.2.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-09-10 10:01:27 +02:00
Daniel Engberg
3be10e3a30 tools/expat: Update to 2.2.5
Update (lib)expat to 2.2.5

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-12-16 14:41:37 +01:00
Alexander Couzens
c61a239514
add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-17 02:24:35 +01:00
Daniel Engberg
b0f26243fe tools/expat: Update to 2.2.4
Update (lib)expat to 2.2.4

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-16 22:22:44 +02:00
Daniel Engberg
1a5b7cc151 tools/expat: Update to 2.2.3
Update (lib)expat to 2.2.3
Remove poor entropy hack, 2.2.3 uses /dev/urandom in worst case

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-08-09 23:20:56 +02:00
Jo-Philipp Wich
7c727c6fa4 tools: expat: fix build on older host systems
Expat release 2.2.2 requires support for either syscall(SYS_getrandom) which
is available on Linux 3.17 or support for getrandom() which is only available
in glibc 2.25 or later.

Since some of our builders still run on Linux 3.16, we need to forcibly
disable the use of getrandom() for the host builds.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-18 23:00:45 +02:00
Ted Hess
b4ce088f06 tools/expat: Update host version to 2.2.2
Ref: CVE-2017-9233, CVE-2016-9063

Signed-off-by: Ted Hess <thess@kitschensync.net>
2017-07-17 16:42:35 -04:00
Felix Fietkau
720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
diizzyy
bf567363cd tools/expat: Update to 2.2.0
Updates expat to 2.2.0

Fixes several CVEs:
CVE-2016-0718
CVE-2016-4472
CVE-2016-5300
CVE-2012-6702

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-04 11:50:47 +02:00
Felix Fietkau
ae706ea6b6 tools: add expat library (to be used by gdb)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46297
2015-07-10 19:42:05 +00:00