In the light of recent XZ events, and fundamental XZ issues lets work on
moving away from using XZ.
So, use gz compressed tarballs as sources whenever possible.
dwarves only offers bz2 compressed tarballs, so use those as size
difference is minor compared to XZ.
Signed-off-by: Robert Marko <robimarko@gmail.com>
dwarves
Disable compilation of separate tests as it causes
a build error when combined with ccache
Fixes: 4a3f430d72 ("tools/expat: update to 2.6.0")
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Switched to CMake for faster compilation and greater parallel
friendliness.
Added CMake options from the packages feed.
This release fixes various CVEs.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
According to the SourceForge page, the project is migrating to GitHub.
Thus, change the source of the package to GitHub.
Signed-off-by: David Bauer <mail@david-bauer.net>
On some systems (Gentoo) configure stage fails because of docbook2man
working with SGML rather than with XML. We don't need xmlwf man pages so
we disable this.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/
Thanks to swalker for CPE to package mapping and
keep tracking CVEs.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Update (lib)expat to 2.2.3
Remove poor entropy hack, 2.2.3 uses /dev/urandom in worst case
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Expat release 2.2.2 requires support for either syscall(SYS_getrandom) which
is available on Linux 3.17 or support for getrandom() which is only available
in glibc 2.25 or later.
Since some of our builders still run on Linux 3.16, we need to forcibly
disable the use of getrandom() for the host builds.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Updates expat to 2.2.0
Fixes several CVEs:
CVE-2016-0718
CVE-2016-4472
CVE-2016-5300
CVE-2012-6702
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>