package/expat: security bump to version 2.5.0

Expat 2.5.0 has been released earlier today. Most importantly, this release fixes CVE-2022-43680: a heap use-after-free vulnerability after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations, with expected impact of denial of service or potentially arbitrary code execution. https://blog.hartwork.org/posts/expat-2-5-0-released https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 26ec7c4d02) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-12-02 18:03:39 +08:00 · 2022-10-26 21:36:58 +02:00 · 2022-10-26 21:36:58 +02:00 · 9a80348a5d
commit 9a80348a5d
parent fccf4a6a42
2 changed files with 5 additions and 5 deletions
--- a/package/expat/expat.hash
+++ b/package/expat/expat.hash
@ -1,7 +1,7 @@
-# From https://sourceforge.net/projects/expat/files/expat/2.4.9/
-md5  8d7fcf7d02d08bf79d9ae5c21cc72c03  expat-2.4.9.tar.xz
-sha1  be91118bc495ce49b04a3fd0f27df2fb5a843e9b  expat-2.4.9.tar.xz
+# From https://sourceforge.net/projects/expat/files/expat/2.5.0/
+md5  ac6677b6d1b95d209ab697ce8b688704  expat-2.5.0.tar.xz
+sha1  5178e13c1e34f4643d5118d5758babfe0e836fe2  expat-2.5.0.tar.xz

 # Locally calculated
-sha256  6e8c0728fe5c7cd3f93a6acce43046c5e4736c7b4b68e032e9350daa0efc0354  expat-2.4.9.tar.xz
+sha256  ef2420f0232c087801abf705e89ae65f6257df6b7931d37846a193ef2e8cdcbe  expat-2.5.0.tar.xz
 sha256  122f2c27000472a201d337b9b31f7eb2b52d091b02857061a8880371612d9534  COPYING
--- a/package/expat/expat.mk
+++ b/package/expat/expat.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-EXPAT_VERSION = 2.4.9
+EXPAT_VERSION = 2.5.0
 EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
 EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.xz
 EXPAT_INSTALL_STAGING = YES