Commit Graph

11 Commits

Author SHA1 Message Date
Josef Schlehofer
0591348b3d tools/expat: Update to version 2.2.9
Fixes two CVEs:
- CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber)
- CVE-2018-20843 (Fix extraction of namespace prefixes from XML names)

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit b4af2c689f)
2020-01-26 22:12:50 +01:00
Marko Ratkaj
15a023a458 tools/expat: fix docbook2man error on some systems
On some systems (Gentoo) configure stage fails because of docbook2man
working with SGML rather than with XML. We don't need xmlwf man pages so
we disable this.

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
(backported from 6e80dd58bb)
2018-12-18 11:28:13 +01:00
Daniel Engberg
3be10e3a30 tools/expat: Update to 2.2.5
Update (lib)expat to 2.2.5

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-12-16 14:41:37 +01:00
Alexander Couzens
c61a239514
add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-17 02:24:35 +01:00
Daniel Engberg
b0f26243fe tools/expat: Update to 2.2.4
Update (lib)expat to 2.2.4

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-16 22:22:44 +02:00
Daniel Engberg
1a5b7cc151 tools/expat: Update to 2.2.3
Update (lib)expat to 2.2.3
Remove poor entropy hack, 2.2.3 uses /dev/urandom in worst case

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-08-09 23:20:56 +02:00
Jo-Philipp Wich
7c727c6fa4 tools: expat: fix build on older host systems
Expat release 2.2.2 requires support for either syscall(SYS_getrandom) which
is available on Linux 3.17 or support for getrandom() which is only available
in glibc 2.25 or later.

Since some of our builders still run on Linux 3.16, we need to forcibly
disable the use of getrandom() for the host builds.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-18 23:00:45 +02:00
Ted Hess
b4ce088f06 tools/expat: Update host version to 2.2.2
Ref: CVE-2017-9233, CVE-2016-9063

Signed-off-by: Ted Hess <thess@kitschensync.net>
2017-07-17 16:42:35 -04:00
Felix Fietkau
720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
diizzyy
bf567363cd tools/expat: Update to 2.2.0
Updates expat to 2.2.0

Fixes several CVEs:
CVE-2016-0718
CVE-2016-4472
CVE-2016-5300
CVE-2012-6702

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-04 11:50:47 +02:00
Felix Fietkau
ae706ea6b6 tools: add expat library (to be used by gdb)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46297
2015-07-10 19:42:05 +00:00