<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/expat, branch 2017.11</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2017.11</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2017.11'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2017-09-06T20:42:14+00:00</updated>
<entry>
<title>expat: bump to version 2.2.4</title>
<updated>2017-09-06T20:42:14+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-09-04T16:51:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=bfa4428d78c67fade7160f0bf0dd358a0bc1ba44'/>
<id>urn:sha1:bfa4428d78c67fade7160f0bf0dd358a0bc1ba44</id>
<content type='text'>
Upstream migrated to automake for autotools: the "installlib" target
no longer exist, and we can use the standard "install" target, and
therefore drop the special INSTALL_STAGING_OPTS and
INSTALL_TARGET_OPTS variables.

Add license hash.

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>expat: bump to version 2.2.3</title>
<updated>2017-08-09T21:51:21+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-08-09T05:39:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=b0a7ac88739214d5d83c101c24b700d9534e831a'/>
<id>urn:sha1:b0a7ac88739214d5d83c101c24b700d9534e831a</id>
<content type='text'>
Drop the XML_POOR_ENTROPY workaround. Upstream commit fd9581a34e5665
(Never require XML_POOR_ENTROPY for "./configure &amp;&amp; make") fixes this
issue.

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) &lt;arnout@mind.be&gt;
</content>
</entry>
<entry>
<title>expat: fix build on and for kernel older than 3.17</title>
<updated>2017-07-17T07:06:23+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-07-17T04:11:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=5242701f3aa8426cdf2cc9a176ef06194db93d5f'/>
<id>urn:sha1:5242701f3aa8426cdf2cc9a176ef06194db93d5f</id>
<content type='text'>
The expat build system now fails when the getrandom() system call is not
supported. This affect both host and target builds. Define XML_POOR_ENTROPY
for target kernels older than 3.17 to fix the build. For the host package
define XML_POOR_ENTROPY unconditionally since we have no easy way to know the
host kernel version. Note that expat will still use getrandom() on the host
when it is available, we don't make security any worse.

Fixes (host):
http://autobuild.buildroot.net/results/928/928dc2b56d931da84055fdfe78929d1f956de53b/
http://autobuild.buildroot.net/results/ee9/ee90d0a456cbce4c7f22e5f61006612bd9ba30d5/
http://autobuild.buildroot.net/results/dac/dac7231242123ae3dcaa6bbdd65b44fe8d8cb20c/

Fixes (target):
http://autobuild.buildroot.net/results/308/308e830219fdfebb5aa6aef51c1dc784254998f6/
http://autobuild.buildroot.net/results/73f/73fa946b0a2205e946ad414079f88e4bdb416f00/
http://autobuild.buildroot.net/results/9d7/9d7bad22ace7fa211b31d752a2255e07cede68be/

[Peter: also use HOST_CPPFLAGS]
Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>expat: security bump to version 2.2.2</title>
<updated>2017-07-16T21:25:54+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-07-16T17:41:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=b3eca095003aecde94414fd1f01a831f1af198ec'/>
<id>urn:sha1:b3eca095003aecde94414fd1f01a831f1af198ec</id>
<content type='text'>
Changes (security fixes):

[MOX-006]      Fix non-NULL parser parameter validation in XML_Parse;
                 resulted in NULL dereference, previously

Drop upstream patch.

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>expat: fix patch that doesn't apply properly</title>
<updated>2017-06-20T05:40:25+00:00</updated>
<author>
<name>Thomas Petazzoni</name>
<email>thomas.petazzoni@free-electrons.com</email>
</author>
<published>2017-06-20T05:40:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=1940a66114bb6962dfdcee928e5c5fa5f29c0be7'/>
<id>urn:sha1:1940a66114bb6962dfdcee928e5c5fa5f29c0be7</id>
<content type='text'>
Fixes:

  http://autobuild.buildroot.net/results/23f799009ae10c5de2b06a7747a28804818204c2/

Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>expat: security bump to version 2.2.1</title>
<updated>2017-06-19T20:06:03+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-06-18T21:20:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=c0ad6ded018ffbc33f7f52a4bbcc6f08a14bfbd6'/>
<id>urn:sha1:c0ad6ded018ffbc33f7f52a4bbcc6f08a14bfbd6</id>
<content type='text'>
Fixes:

- CVE-2017-9233 - External entity infinite loop DoS. See:
  https://libexpat.github.io/doc/cve-2017-9233/

- CVE-2016-9063 -- Detect integer overflow

And further more:

- Fix regression from fix to CVE-2016-0718 cutting off longer tag names.

- Extend fix for CVE-2016-5300 (use getrandom() if available).

- Extend fix for CVE-2012-0876 (Change hash algorithm to William Ahern's
  version of SipHash).

Also add an upstream patch to fix detection of getrandom().

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>expat: add explicit dependencies for host variant</title>
<updated>2016-07-03T06:48:05+00:00</updated>
<author>
<name>Julien Floret</name>
<email>julien.floret@6wind.com</email>
</author>
<published>2016-07-02T22:20:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=3aa12cc0dadaaeba6d3ed15c85422d96a86973fe'/>
<id>urn:sha1:3aa12cc0dadaaeba6d3ed15c85422d96a86973fe</id>
<content type='text'>
Signed-off-by: Julien Floret &lt;julien.floret@6wind.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>expat: security bump to version 2.2.0</title>
<updated>2016-06-23T19:11:14+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo.zacarias@free-electrons.com</email>
</author>
<published>2016-06-23T00:56:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=c27ecf49304a4b95d438d5496a98ae8d52abbcb2'/>
<id>urn:sha1:c27ecf49304a4b95d438d5496a98ae8d52abbcb2</id>
<content type='text'>
Fixes:

CVE-2016-4472 - Improve insufficient fix to CVE-2015-1283 /
CVE-2015-2716 introduced with Expat 2.1.1

CVE-2016-5300 - Use more entropy for hash initialization than the
original fix to CVE-2012-0876

CVE-2012-6702 - Resolve troublesome internal call to srand that was
introduced with Expat 2.1.0 when addressing CVE-2012-0876

Signed-off-by: Gustavo Zacarias &lt;gustavo.zacarias@free-electrons.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>expat: add fix for CVE-2016-0718</title>
<updated>2016-05-22T21:06:41+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-05-19T12:33:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=f53b54ad115013261f8435cf005166c6b8698706'/>
<id>urn:sha1:f53b54ad115013261f8435cf005166c6b8698706</id>
<content type='text'>
Fixes:
CVE-2016-0718 - The Expat XML parser mishandles certain kinds of
malformed input documents, resulting in buffer overflows during
processing and error reporting. The overflows can manifest as a
segmentation fault or as memory corruption during a parse operation. The
bugs allow for a denial of service attack in many applications by an
unauthenticated attacker, and could conceivably result in remote code
execution.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>expat: bump to version 2.1.1</title>
<updated>2016-03-14T07:48:43+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-03-14T01:46:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=63b9681d64fc00414b3bf28306d4059239daf7db'/>
<id>urn:sha1:63b9681d64fc00414b3bf28306d4059239daf7db</id>
<content type='text'>
Drop 0001-fix-CVE-2015-1283.patch since it's upstream.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
</feed>
