]> rtime.felk.cvut.cz Git - coffee/buildroot.git/commit
projects / coffee / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 29e4615) | patch
expat: security bump to version 2.2.1
authorPeter Korsgaard <peter@korsgaard.com>
Sun, 18 Jun 2017 21:20:04 +0000 (23:20 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 26 Jun 2017 07:43:28 +0000 (09:43 +0200)
commitab5db57cc3449a38623c4e0797dcf2515443fbdd
treee1415ac4c89e6d20052cca975c6d94bc96dc7f60tree | snapshot
parent29e46157f70678f0a5b5c545e029beb54b4ef9ffcommit | diff
expat: security bump to version 2.2.1

Fixes:

- CVE-2017-9233 - External entity infinite loop DoS. See:
  https://libexpat.github.io/doc/cve-2017-9233/

- CVE-2016-9063 -- Detect integer overflow

And further more:

- Fix regression from fix to CVE-2016-0718 cutting off longer tag names.

- Extend fix for CVE-2016-5300 (use getrandom() if available).

- Extend fix for CVE-2012-0876 (Change hash algorithm to William Ahern's
  version of SipHash).

Also add an upstream patch to fix detection of getrandom().

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c0ad6ded018ffbc33f7f52a4bbcc6f08a14bfbd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/expat/0001-configure.ac-Fix-mis-detection-of-getrandom-on-Debia.patch [new file with mode: 0644] blob
package/expat/expat.hash diff | blob | history
package/expat/expat.mk diff | blob | history