esp-open-sdk icon indicating copy to clipboard operation
esp-open-sdk copied to clipboard

Published 20 hours ago verified publisher icon pfalcon

Make error: Expat-2.1.0 renamed on sourceforge

Open emailbsuv opened this issue 3 years ago • 4 comments

emailbsuv avatar Jun 20 '21 23:06 emailbsuv

I had no luck with modifying config files to adapt to rename. Easiest solution I've found.

Download "expat2.3.0-RENAMED-VULNERABLE-PLEASE-USE-2.4.1-INSTEAD.tar.gz" from: https://sourceforge.net/projects/expat/files/expat/

rename to expat2.3.0.tar.gz and move to /esp-open-sdk/crosstool-NG/.build/tarballs/

cd /esp_open_sdk/ make

scubasteve1488 avatar Jul 20 '21 04:07 scubasteve1488

Not very smart - expat 2.3 has serious security holes and was deliberately moved. Your build is now totally vulnerable to attack. The better fix is to use expat 2.4.1 or later like it tells you to.

EtchedPixels avatar Aug 05 '21 10:08 EtchedPixels

For completeness:

  • edit crosstool-NG/config/companion_libs/expat.in

  • replace all occurrences of 2.1.0 with 2.4.1 (This includes the underscore ones like: "EXPAT_V_2_4_1")

  • run make and everything will be fine

derbroti avatar Aug 11 '21 16:08 derbroti

And since expat 2.4.1 is now also vulnerable it must be changed to 2.4.7.

jose1711 avatar Aug 08 '22 12:08 jose1711