From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [OE-core][PATCH] expat: upgrade 2.7.3 -> 2.7.4
Date: Sat, 31 Jan 2026 15:53:06 +0100 [thread overview]
Message-ID: <20260131145306.3770983-1-peter.marko@siemens.com> (raw)
From: Peter Marko <peter.marko@siemens.com>
Changelog [1]:
Security fixes:
#1131 CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
failed to copy the encoding handler data passed to
XML_SetUnknownEncodingHandler from the parent to the new
subparser. This can cause a NULL dereference (CWE-476) from
external entities that declare use of an unknown encoding.
The expected impact is denial of service. It takes use of
both functions XML_ExternalEntityParserCreate and
XML_SetUnknownEncodingHandler for an application to be
vulnerable.
#1075 CVE-2026-25210 -- Add missing check for integer overflow
related to buffer size determination in function doContent
Bug fixes:
#1073 lib: Fix missing undoing of group size expansion in doProlog
failure cases
#1107 xmlwf: Fix a memory leak
#1104 WASI: Fix format specifiers for 32bit WASI SDK
Other changes:
#1105 lib: Fix strict aliasing
#1106 lib: Leverage feature "flexible array member" of C99
#1051 lib: Swap (size_t)(-1) for C99 equivalent SIZE_MAX
#1109 lib|xmlwf: Return NULL instead of 0 for pointers
#1068 lib|Windows: Clean up use of macro _MSC_EXTENSIONS with MSVC
#1112 lib: Remove unused import
#1110 xmlwf: Warn about XXE in --help output (and man page)
#1102 #1103 WASI: Stop using getpid
... and additional docs/autotools/cmake/infrastructure changes
[1] https://github.com/libexpat/libexpat/blob/R_2_7_4/expat/Changes
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
meta/recipes-core/expat/{expat_2.7.3.bb => expat_2.7.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-core/expat/{expat_2.7.3.bb => expat_2.7.4.bb} (92%)
diff --git a/meta/recipes-core/expat/expat_2.7.3.bb b/meta/recipes-core/expat/expat_2.7.4.bb
similarity index 92%
rename from meta/recipes-core/expat/expat_2.7.3.bb
rename to meta/recipes-core/expat/expat_2.7.4.bb
index 069254e13c..95a1ed52c4 100644
--- a/meta/recipes-core/expat/expat_2.7.3.bb
+++ b/meta/recipes-core/expat/expat_2.7.4.bb
@@ -15,7 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \
GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"
UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)"
-SRC_URI[sha256sum] = "59c31441fec9a66205307749eccfee551055f2d792f329f18d97099e919a3b2f"
+SRC_URI[sha256sum] = "e6af11b01e32e5ef64906a5cca8809eabc4beb7ff2f9a0e6aabbd42e825135d0"
EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
next reply other threads:[~2026-01-31 14:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-31 14:53 Peter Marko [this message]
2026-02-04 14:01 ` [OE-core][PATCH] expat: upgrade 2.7.3 -> 2.7.4 Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260131145306.3770983-1-peter.marko@siemens.com \
--to=peter.marko@siemens.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox