[Buildroot] [PATCH] expat: security bump to version 2.2.1

xlcwu xlcwu.taiwan at gmail.com
Tue Jun 20 05:12:23 UTC 2017


Hi Thomas and Peter,

patch failed need a little cosmetic:

a/expat/configure.ac -> a/configure.ac
b/expat/configure.ac -> b/configure.ac

$ git diff package/expat/0001-configure.ac-Fix-mis-detection-of-getrandom-on-Debia.patch
diff --git a/package/expat/0001-configure.ac-Fix-mis-detection-of-getrandom-on-Debia.patch
b/package/expat/000
index a302553..e4fd7e8 100644
--- a/package/expat/0001-configure.ac-Fix-mis-detection-of-getrandom-on-Debia.patch
+++ b/package/expat/0001-configure.ac-Fix-mis-detection-of-getrandom-on-Debia.patch
@@ -8,13 +8,13 @@ There is no such thing but we need to link (not just
compile) to realize.

 Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
 ---
- expat/configure.ac | 2 +-
+ configure.ac | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

-diff --git a/expat/configure.ac b/expat/configure.ac
+diff --git a/configure.ac b/configure.ac
 index 1357c9a..444c002 100644
---- a/expat/configure.ac
-+++ b/expat/configure.ac
+--- a/configure.ac
++++ b/configure.ac
 @@ -130,7 +130,7 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([


xlcwu


On Tue, Jun 20, 2017 at 4:09 AM, Thomas Petazzoni
<thomas.petazzoni at free-electrons.com> wrote:
> Hello,
>
> On Sun, 18 Jun 2017 23:20:04 +0200, Peter Korsgaard wrote:
>> Fixes:
>>
>> - CVE-2017-9233 - External entity infinite loop DoS. See:
>>   https://libexpat.github.io/doc/cve-2017-9233/
>>
>> - CVE-2016-9063 -- Detect integer overflow
>>
>> And further more:
>>
>> - Fix regression from fix to CVE-2016-0718 cutting off longer tag names.
>>
>> - Extend fix for CVE-2016-5300 (use getrandom() if available).
>>
>> - Extend fix for CVE-2012-0876 (Change hash algorithm to William Ahern's
>>   version of SipHash).
>>
>> Also add an upstream patch to fix detection of getrandom().
>>
>> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
>> ---
>>  ...c-Fix-mis-detection-of-getrandom-on-Debia.patch | 29 ++++++++++++++++++++++
>>  package/expat/expat.hash                           |  8 +++---
>>  package/expat/expat.mk                             |  4 ++-
>>  3 files changed, 36 insertions(+), 5 deletions(-)
>>  create mode 100644 package/expat/0001-configure.ac-Fix-mis-detection-of-getrandom-on-Debia.patch
>
> Applied to master, thanks.
>
> Thomas
> --
> Thomas Petazzoni, CTO, Free Electrons
> Embedded Linux, Kernel and Android engineering
> http://free-electrons.com
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot



More information about the buildroot mailing list