Changelog [1]:
Security fixes:
#1131 CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
failed to copy the encoding handler data passed to
XML_SetUnknownEncodingHandler from the parent to the new
subparser. This can cause a NULL dereference (CWE-476) from
external entities that declare use of an unknown encoding.
The expected impact is denial of service. It takes use of
both functions XML_ExternalEntityParserCreate and
XML_SetUnknownEncodingHandler for an application to be
vulnerable.
#1075 CVE-2026-25210 -- Add missing check for integer overflow
related to buffer size determination in function doContent
Bug fixes:
#1073 lib: Fix missing undoing of group size expansion in doProlog
failure cases
#1107 xmlwf: Fix a memory leak
#1104 WASI: Fix format specifiers for 32bit WASI SDK
Other changes:
#1105 lib: Fix strict aliasing
#1106 lib: Leverage feature "flexible array member" of C99
#1051 lib: Swap (size_t)(-1) for C99 equivalent SIZE_MAX
#1109 lib|xmlwf: Return NULL instead of 0 for pointers
#1068 lib|Windows: Clean up use of macro _MSC_EXTENSIONS with MSVC
#1112 lib: Remove unused import
#1110 xmlwf: Warn about XXE in --help output (and man page)
#1102 #1103 WASI: Stop using getpid
... and additional docs/autotools/cmake/infrastructure changes
[1] https://github.com/libexpat/libexpat/blob/R_2_7_4/expat/Changes
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"
UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)"
-SRC_URI[sha256sum] = "59c31441fec9a66205307749eccfee551055f2d792f329f18d97099e919a3b2f"
+SRC_URI[sha256sum] = "e6af11b01e32e5ef64906a5cca8809eabc4beb7ff2f9a0e6aabbd42e825135d0"
EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
