git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Peter Marko <peter.marko@siemens.com>
	Tue, 21 Oct 2025 19:19:57 +0000 (21:19 +0200)
committer	Steve Sakoman <steve@sakoman.com>
	Fri, 24 Oct 2025 13:41:43 +0000 (06:41 -0700)
commit	684d3cdbc08ce41dc1f92e1f228eee34bc2bc1fe
tree	1f7bff0aec2911109fbf9b4c267061b1a6ad04f9	tree \| snapshot
parent	3f2a9ad03326dc87681cf47ed5f73712ebaa624c	commit \| diff

expat: patch CVE-2025-59375

Pick patch from PR mentioning this CVE [1]

It's a complex patch so I have checked diff of 2.6.4 and commit before
these patches landed. There were no changes in memory allocations.
Also version in scarthgap is still not that much different from current
upstream master.
Ptests pass.

Also picked one documentation commit  (-00) to resolve patch conflict.

Following conflicts were resolved manually:
* commit "mass-cppcheck.sh: Activate in-code suppression comments" was
  skipped as it only edited github actions not yet available in 2.6.4
* commit "lib: Implement tracking of dynamic memory allocations"
  ale had conflict in github actions not yet available in 2.6.4
* commit "fuzz: Be robust towards NULL return from XML_ExternalEntityParserCreate"
  edited file "expat/fuzz/xml_lpm_fuzzer.cpp" which is not present in
  our version yet. Since we're not using fuzzying, this is not needed.
* the final changelog commit needed lot conflict resolution actions

Finally picked PR fixing regression [2] together with two minor commits
to have a clean cherry-picks.
Also here the Changes commit needed conflict resolution.

[1] https://github.com/libexpat/libexpat/pull/1034
[2] https://github.com/libexpat/libexpat/pull/1048

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-core/expat/expat/CVE-2025-59375-00.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-01.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-02.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-03.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-04.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-05.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-06.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-07.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-08.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-09.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-10.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-11.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-12.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-13.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-14.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-15.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-16.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-17.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-18.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-19.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-20.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-21.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-22.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-23.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat/CVE-2025-59375-24.patch	[new file with mode: 0644]	blob
meta/recipes-core/expat/expat_2.6.4.bb		diff \| blob \| blame \| history