From 8dda30a9c64a4ad1f8eee11deb2e5143ba5fd719 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Mon, 31 Oct 2022 15:19:10 +0000
Subject: expat: upgrade to 2.5.0

Release 2.5.0 Tue October 25 2022
        Security fixes:
  #616 #649 #650  CVE-2022-43680 -- Fix heap use-after-free after overeager
                    destruction of a shared DTD in function
                    XML_ExternalEntityParserCreate in out-of-memory situations.
                    Expected impact is denial of service or potentially
                    arbitrary code execution.

        Bug fixes:
       #612 #645  Fix curruption from undefined entities
       #613 #654  Fix case when parsing was suspended while processing nested
                    entities
  #616 #652 #653  Stop leaking opening tag bindings after a closing tag
                    mismatch error where a parser is reset through
                    XML_ParserReset and then reused to parse
            #656  CMake: Fix generation of pkg-config file
            #658  MinGW|CMake: Fix static library name

        Other changes:
            #663  Protect header expat_config.h from multiple inclusion
            #666  examples: Make use of XML_GetBuffer and be more
                    consistent across examples
            #648  Address compiler warnings
       #667 #668  Version info bumped from 9:9:8 to 9:10:8;
                    see https://verbump.de/ for what these numbers do

Includes a fix for CVE-2022-43680.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a257a674272dc638f09167e9b9202adfb477ef1e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/expat/expat_2.4.9.bb | 31 -------------------------------
 meta/recipes-core/expat/expat_2.5.0.bb | 31 +++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 31 deletions(-)
 delete mode 100644 meta/recipes-core/expat/expat_2.4.9.bb
 create mode 100644 meta/recipes-core/expat/expat_2.5.0.bb

(limited to 'meta')

diff --git a/meta/recipes-core/expat/expat_2.4.9.bb b/meta/recipes-core/expat/expat_2.4.9.bb
deleted file mode 100644
index cb007708c7..0000000000
--- a/meta/recipes-core/expat/expat_2.4.9.bb
+++ /dev/null
@@ -1,31 +0,0 @@
-SUMMARY = "A stream-oriented XML parser library"
-DESCRIPTION = "Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags)"
-HOMEPAGE = "https://github.com/libexpat/libexpat"
-SECTION = "libs"
-LICENSE = "MIT"
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=7b3b078238d0901d3b339289117cb7fb"
-
-VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}"
-
-SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2  \
-           file://run-ptest \
-           "
-
-UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"
-
-SRC_URI[sha256sum] = "7f44d1469b110773a94b0d5abeeeffaef79f8bd6406b07e52394bcf48126437a"
-
-EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
-
-RDEPENDS:${PN}-ptest += "bash"
-
-inherit cmake lib_package ptest
-
-do_install_ptest:class-target() {
-	install -m 755 ${B}/tests/* ${D}${PTEST_PATH}
-}
-
-BBCLASSEXTEND += "native nativesdk"
-
-CVE_PRODUCT = "expat libexpat"
diff --git a/meta/recipes-core/expat/expat_2.5.0.bb b/meta/recipes-core/expat/expat_2.5.0.bb
new file mode 100644
index 0000000000..7080f934d1
--- /dev/null
+++ b/meta/recipes-core/expat/expat_2.5.0.bb
@@ -0,0 +1,31 @@
+SUMMARY = "A stream-oriented XML parser library"
+DESCRIPTION = "Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags)"
+HOMEPAGE = "https://github.com/libexpat/libexpat"
+SECTION = "libs"
+LICENSE = "MIT"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=7b3b078238d0901d3b339289117cb7fb"
+
+VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}"
+
+SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2  \
+           file://run-ptest \
+           "
+
+UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"
+
+SRC_URI[sha256sum] = "6f0e6e01f7b30025fa05c85fdad1e5d0ec7fd35d9f61b22f34998de11969ff67"
+
+EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
+
+RDEPENDS:${PN}-ptest += "bash"
+
+inherit cmake lib_package ptest
+
+do_install_ptest:class-target() {
+	install -m 755 ${B}/tests/* ${D}${PTEST_PATH}
+}
+
+BBCLASSEXTEND += "native nativesdk"
+
+CVE_PRODUCT = "expat libexpat"
-- 
cgit 1.2.3-korg