Commit Graph

96 Commits

Author SHA1 Message Date
Sébastien Szymanski b0444f7e3b package/expat: security bump to version 2.6.2
Security fixes:
	- CVE-2024-28757 -- Prevent billion laughs attacks with isolated
	  use of external parsers.  Please see the commit message of
	  commit 1d50b80cf31de87750103656f6eb693746854aa8 for details.

https://blog.hartwork.org/posts/expat-2-6-2-released/
https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1dfe980b19)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-03-21 21:26:20 +01:00
Francois Perrad 44dc77af0e package/expat: bump to version 2.6.1
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-03-02 16:24:55 +01:00
Fabrice Fontaine 9dad5e7d7f package/expat: security bump to version 2.6.0
Security fixes:
 - CVE-2023-52425: Fix quadratic runtime issues with big tokens that can
   cause denial of service, in partial where dealing with compressed XML
   input. Applications that parsed a document in one go -- a single call
   to functions XML_Parse or XML_ParseBuffer -- were not affected. The
   smaller the chunks/buffers you use for parsing previously, the bigger
   the problem prior to the fix.
 - CVE-2023-52426: Fix billion laughs attacks for users compiling
   *without* XML_DTD defined (which is not common). Users with XML_DTD
   defined have been protected since Expat >=2.4.0 (and that was
   CVE-2013-0340 back then).

https://blog.hartwork.org/posts/expat-2-6-0-released/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-02-06 21:51:59 +01:00
Fabrice Fontaine 26ec7c4d02 package/expat: security bump to version 2.5.0
Expat 2.5.0 has been released earlier today. Most importantly, this
release fixes CVE-2022-43680: a heap use-after-free vulnerability after
overeager destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations, with
expected impact of denial of service or potentially arbitrary code
execution.

https://blog.hartwork.org/posts/expat-2-5-0-released
https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-10-26 21:49:56 +02:00
Fabrice Fontaine f7772a54db package/expat: bump to version 2.4.9
- Drop patch (akready in version)
- Update hash of COPYING (year updated with
  39b2e99355)

https://blog.hartwork.org/posts/expat-2-4-9-released
https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-09-23 23:34:48 +02:00
Fabrice Fontaine d8c044f584 package/expat: fix CVE-2022-40674
libexpat before 2.4.9 (which is still not released) has a use-after-free
in the doContent function in xmlparse.c.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-09-18 14:48:11 +02:00
Fabrice Fontaine c9f7150957 package/expat: bump to version 2.4.8
https://github.com/libexpat/libexpat/blob/R_2_4_8/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-09 22:43:28 +02:00
Fabrice Fontaine 5bc935665b package/expat: drop host-pkgconf dependency
Drop host-pkgconf dependency which has been wrongly added by commit
732d94d25f. Indeed, expat doesn't use
pkgconf to retrieve dependencies

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-23 16:43:55 +02:00
Fabrice Fontaine dac5873314 package/expat: disable examples, tests and xmlwf
Disable examples and tests (enabled by default) through
--without-{examples,tests} which are available since version 2.2.7 and
1fdfd8a1b4

Also disable xmlwf (a binary that determines if an XML document is
well-formed) through --without-xmlwf which is available since version
2.2.4 and
9d950527a0

This will fix the following build failure on riscv64:

ERROR: reloc type R_RISCV_SET6 unsupported in this context

Fixes:
 - http://autobuild.buildroot.org/results/99890c9c7ebe3266dd533c81352a3cbcf4d3d738

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-04-23 16:43:52 +02:00
Fabrice Fontaine 402d85ef4e package/expat: bump to version 2.4.7
This release relaxes the fix to CVE-2022-25236 (introduced with release
2.4.5) which some of you have been waiting for, due to related
incompatibilities.

https://blog.hartwork.org/posts/expat-2-4-7-released
https://github.com/libexpat/libexpat/blob/R_2_4_7/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-03-07 11:41:38 +01:00
Fabrice Fontaine 46390b3a7c package/expat: bump to version 2.4.6
This release fixes a regression introduced by one of the security fixes
in 2.4.5.

https://blog.hartwork.org/posts/expat-2-4-6-released
https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-02-20 22:26:26 +01:00
Fabrice Fontaine 21c07c0aaa package/expat: security bump to version 2.4.5
Security fixes:
   CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
       sequences (e.g. from start tag names) to the XML
       processing application on top of Expat can cause
       arbitrary damage (e.g. code execution) depending
       on how invalid UTF-8 is handled inside the XML
       processor; validation was not their job but Expat's.
       Exploits with code execution are known to exist.
   CVE-2022-25236 -- Passing (one or more) namespace separator
       characters in "xmlns[:prefix]" attribute values
       made Expat send malformed tag names to the XML
       processor on top of Expat which can cause
       arbitrary damage (e.g. code execution) depending
       on such unexpectable cases are handled inside the XML
       processor; validation was not their job but Expat's.
       Exploits with code execution are known to exist.
   CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
       that could be triggered by e.g. a 2 megabytes
       file with a large number of opening braces.
       Expected impact is denial of service or potentially
       arbitrary code execution.
   CVE-2022-25314 -- Fix integer overflow in function copyString;
       only affects the encoding name parameter at parser creation
       time which is often hardcoded (rather than user input),
       takes a value in the gigabytes to trigger, and a 64-bit
       machine.  Expected impact is denial of service.
   CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
       needs input in the gigabytes and a 64-bit machine.
       Expected impact is denial of service or potentially
       arbitrary code execution.

https://blog.hartwork.org/posts/expat-2-4-5-released/
https://github.com/libexpat/libexpat/blob/R_2_4_5/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-02-20 10:54:38 +01:00
Fabrice Fontaine 59a813d2a8 package/expat: fix tarball sha256
Commit ab71ac15dd forgot to update sha256

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: update  hash for real ;-)]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-02-20 10:52:44 +01:00
Francois Perrad ab71ac15dd package/expat: security bump to 2.4.4
fix CVE-2022-23852, CVE-2022-23990

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-02-01 23:14:05 +01:00
Fabrice Fontaine 829bf508bb package/expat: security bump to version 2.4.3
Fix CVE-2021-45960, CVE-2021-46143 and CVE-2022-22822 to CVE-2022-22827

https://blog.hartwork.org/posts/expat-2-4-3-released
https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-01-22 15:39:32 +01:00
Fabrice Fontaine 990d0c1cd2 package/expat: security bump to version 2.4.1
Fix CVE-2013-0340 "Billion Laughs":
https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/

https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 10:24:55 +02:00
Fabrice Fontaine f2720836b7 package/expat: bump to version 2.3.0
https://github.com/libexpat/libexpat/blob/R_2_3_0/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-05 11:50:29 +02:00
Fabrice Fontaine ad97d01b84 package/expat: update CPE variables
libexpat:expat has been replaced by libexpat_project:libexpat:
  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibexpat_project%3Alibexpat

  <cpe-item name="cpe:/a:libexpat:expat:2.2.10" deprecated="true" deprecation_date="2021-01-25T15:44:50.537Z">
    <title xml:lang="en-US">libexpat Expat 2.2.10</title>
      <reference href="https://github.com/libexpat/libexpat/">Version</reference>
    <cpe-23:cpe23-item name="cpe:2.3🅰️libexpat:expat:2.2.10:*:*:*:*:*:*:*">
        <cpe-23:deprecated-by name="cpe:2.3🅰️libexpat_project:libexpat:2.2.10:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-06 11:19:03 +01:00
Matt Weber 63332c33aa package: provide CPE ID details for numerous packages
This patch adds CPE ID information for a significant number of
packages.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-04 21:43:54 +01:00
Fabrice Fontaine 6b340a2573 package/expat: bump to version 2.2.10
- Update hash of COPYING (update in year:
  8a93b41a8a)
- Update indentation in hash file (two spaces)

https://github.com/libexpat/libexpat/blob/R_2_2_10/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-10-06 21:05:54 +02:00
Bernd Kuhls 8e13f45586 package/expat: bump version to 2.2.9
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-10-20 15:17:19 +02:00
Peter Korsgaard 386794d02e package/expat: security bump to version 2.2.8
Fixes the following security vulnerability:

CVE-2019-15903: In libexpat before 2.2.8, crafted XML input could fool the
parser into changing from DTD parsing to document parsing too early; a
consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)
then resulted in a heap-based buffer over-read.

While we're at it, also change to use .tar.xz rather than the bigger
.tar.bz2.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-15 22:22:18 +02:00
Peter Korsgaard 84fd08cf4f package/expat: security bump to version 2.2.7
Fixes the following security vulnerabilites:

CVE-2018-20843: In libexpat in Expat before 2.2.7, XML input including XML
names that contain a large number of colons could make the XML parser
consume a high amount of RAM and CPU resources while processing (enough to
be usable for denial-of-service attacks).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-06-30 14:40:18 +02:00
Fabrice Fontaine 5f540c9109 expat: disable docbook
Fixes:
 - http://autobuild.buildroot.net/results/3a351ddd9b42b090e4a69ac480b7a16397699f6c
 - http://autobuild.buildroot.net/results/41402af8bd102b35083e34c53c5f2e8a266dc63e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-08-31 23:53:00 +02:00
Fabrice Fontaine ba65ca804e expat: bump to version 2.2.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-08-29 20:57:33 +02:00
Adam Duskett 78e964bc22 expat: bump to 2.2.5
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-11-22 22:29:49 +01:00
Baruch Siach bfa4428d78 expat: bump to version 2.2.4
Upstream migrated to automake for autotools: the "installlib" target
no longer exist, and we can use the standard "install" target, and
therefore drop the special INSTALL_STAGING_OPTS and
INSTALL_TARGET_OPTS variables.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-06 22:42:14 +02:00
Baruch Siach b0a7ac8873 expat: bump to version 2.2.3
Drop the XML_POOR_ENTROPY workaround. Upstream commit fd9581a34e5665
(Never require XML_POOR_ENTROPY for "./configure && make") fixes this
issue.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2017-08-09 23:51:21 +02:00
Baruch Siach 5242701f3a expat: fix build on and for kernel older than 3.17
The expat build system now fails when the getrandom() system call is not
supported. This affect both host and target builds. Define XML_POOR_ENTROPY
for target kernels older than 3.17 to fix the build. For the host package
define XML_POOR_ENTROPY unconditionally since we have no easy way to know the
host kernel version. Note that expat will still use getrandom() on the host
when it is available, we don't make security any worse.

Fixes (host):
http://autobuild.buildroot.net/results/928/928dc2b56d931da84055fdfe78929d1f956de53b/
http://autobuild.buildroot.net/results/ee9/ee90d0a456cbce4c7f22e5f61006612bd9ba30d5/
http://autobuild.buildroot.net/results/dac/dac7231242123ae3dcaa6bbdd65b44fe8d8cb20c/

Fixes (target):
http://autobuild.buildroot.net/results/308/308e830219fdfebb5aa6aef51c1dc784254998f6/
http://autobuild.buildroot.net/results/73f/73fa946b0a2205e946ad414079f88e4bdb416f00/
http://autobuild.buildroot.net/results/9d7/9d7bad22ace7fa211b31d752a2255e07cede68be/

[Peter: also use HOST_CPPFLAGS]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-17 09:06:23 +02:00
Baruch Siach b3eca09500 expat: security bump to version 2.2.2
Changes (security fixes):

[MOX-006]      Fix non-NULL parser parameter validation in XML_Parse;
                 resulted in NULL dereference, previously

Drop upstream patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-16 23:25:54 +02:00
Thomas Petazzoni 1940a66114 expat: fix patch that doesn't apply properly
Fixes:

  http://autobuild.buildroot.net/results/23f799009ae10c5de2b06a7747a28804818204c2/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-20 07:40:25 +02:00
Peter Korsgaard c0ad6ded01 expat: security bump to version 2.2.1
Fixes:

- CVE-2017-9233 - External entity infinite loop DoS. See:
  https://libexpat.github.io/doc/cve-2017-9233/

- CVE-2016-9063 -- Detect integer overflow

And further more:

- Fix regression from fix to CVE-2016-0718 cutting off longer tag names.

- Extend fix for CVE-2016-5300 (use getrandom() if available).

- Extend fix for CVE-2012-0876 (Change hash algorithm to William Ahern's
  version of SipHash).

Also add an upstream patch to fix detection of getrandom().

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-19 22:06:03 +02:00
Julien Floret 3aa12cc0da expat: add explicit dependencies for host variant
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-03 08:48:05 +02:00
Gustavo Zacarias c27ecf4930 expat: security bump to version 2.2.0
Fixes:

CVE-2016-4472 - Improve insufficient fix to CVE-2015-1283 /
CVE-2015-2716 introduced with Expat 2.1.1

CVE-2016-5300 - Use more entropy for hash initialization than the
original fix to CVE-2012-0876

CVE-2012-6702 - Resolve troublesome internal call to srand that was
introduced with Expat 2.1.0 when addressing CVE-2012-0876

Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-23 21:11:14 +02:00
Gustavo Zacarias f53b54ad11 expat: add fix for CVE-2016-0718
Fixes:
CVE-2016-0718 - The Expat XML parser mishandles certain kinds of
malformed input documents, resulting in buffer overflows during
processing and error reporting. The overflows can manifest as a
segmentation fault or as memory corruption during a parse operation. The
bugs allow for a denial of service attack in many applications by an
unauthenticated attacker, and could conceivably result in remote code
execution.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-05-22 23:06:41 +02:00
Gustavo Zacarias 63b9681d64 expat: bump to version 2.1.1
Drop 0001-fix-CVE-2015-1283.patch since it's upstream.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-14 08:48:43 +01:00
Gustavo Zacarias 67d6276c1b expat: add security patch for CVE-2015-1283
Fixes:
CVE-2015-1283 - Multiple integer overflows in the XML_GetBuffer
function.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-09-01 21:56:34 +02:00
Yann E. MORIN 2ced21f8f9 package: add hashes for SourceForge-hosted packages
Since SourceForge sometimes serves us faulty tarballs, we can tons of
autobuild failures:
    http://autobuild.buildroot.org/results/9fb/9fba5bf086a4e7a29e5f7156ec43847db7aacfc4/
    http://autobuild.buildroot.org/results/6c8/6c837b244c45ac3b3a887734a371cd6d226cf216/
    ...

Fix that by adding hash files for all SourceForge-hosted packages (thos
etht did not already have it).

We normally prefer to use hashes published by upstream, but hunting them
all one by one is a tedious task, so those hashes were all locally
computed with a script that searched for SF-hosted packages, downloades
the associated tarball, computed the hash, and stored it in the
corresponding .hash file.

Also, SF publishes sha1 hashes, while I used the stronger sha256, since
sha1 is now considered to be relatively weak.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Richard Braun <rbraun@sceen.net>
Cc: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-28 22:21:16 +01:00
Thomas De Schampheleire d6c32da881 packages: rename FOO_INSTALL_STAGING_OPT into FOO_INSTALL_STAGING_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_INSTALL_STAGING_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_INSTALL_STAGING_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:49:36 +02:00
Thomas De Schampheleire 57f2b8d255 packages: rename FOO_INSTALL_TARGET_OPT into FOO_INSTALL_TARGET_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_INSTALL_TARGET_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_INSTALL_TARGET_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:48:33 +02:00
Thomas De Schampheleire 53f74fb522 trivial: add space in 'bool"package"' construct in Config.in
In early buildroot, it apparently was customary to have following style in
Config.in files:
    bool"expat"

Nowadays, only two packages remain with this style: diffutils and expat.
This trivial patch lines them up with the style:
    bool "expat"

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-07-19 23:44:09 +02:00
Alexandre Belloni 8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Gustavo Zacarias 019a581f89 packages: switch to host-pkgconf
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-10-29 22:02:55 +01:00
Stefan Fröberg 23ef45ca1e remove rest of the BR2_SOURCEFORGE_MIRROR references
Signed-off-by: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-08-28 22:59:52 +02:00
Danomi Manchego 180c091a83 expat: Add license info
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Luca Ceresoli <luca@lucaceresoli.net>
2012-08-04 13:14:36 +02:00
Arnout Vandecappelle (Essensium/Mind) e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00
Arnout Vandecappelle (Essensium/Mind) 69e64c42b7 all packages: use new host-xxx-package macros
This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS,host))/$(eval $(host-generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS,host))/$(eval $(host-autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS,host))/$(eval $(host-cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:18:03 +02:00
Gustavo Zacarias 52201e2d11 expat: security bump to version 2.1.0
Fixes for CVE-2012-1147, CVE-2009-3720, CVE-2009-3560, CVE-2012-1148 and
CVE-2012-0876.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-04-02 23:31:04 +02:00
Gustavo Zacarias e482a430ec expat: add security patch for CVE-2009-3560
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-03-06 16:11:34 +01:00
Gustavo Zacarias bc83dd2706 expat: fix style and drop stray file
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-01-26 22:22:36 +01:00