[PATCH] expat: Update to version 2.7.5

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Cc: Adolf Belka <adolf.belka@ipfire.org>
Subject: [PATCH] expat: Update to version 2.7.5
Date: Wed, 18 Mar 2026 15:14:01 +0100	[thread overview]
Message-ID: <20260318141401.3418400-2-adolf.belka@ipfire.org> (raw)
In-Reply-To: <20260318141401.3418400-1-adolf.belka@ipfire.org>

- Update from version 2.7.4 to 2.7.5
- Update of rootfile
- 3 CVE fixes applied.
- Changelog
    2.7.5
        Security fixes:
           #1158  CVE-2026-32776 -- Fix NULL function pointer dereference for
                    empty external parameter entities; it takes use of both
                    functions XML_ExternalEntityParserCreate and
                    XML_SetParamEntityParsing for an application to be
                    vulnerable.
     #1161 #1162  CVE-2026-32777 -- Protect from XML_TOK_INSTANCE_START
                    infinite loop in function entityValueProcessor; it takes
                    use of both functions XML_ExternalEntityParserCreate and
                    XML_SetParamEntityParsing for an application to be
                    vulnerable.
           #1163  CVE-2026-32778 -- Fix NULL dereference in function setContext
                    on retry after an earlier ouf-of-memory condition; it takes
                    use of function XML_ParserCreateNS or XML_ParserCreate_MM
                    for an application to be vulnerable.
           #1160  Three more unfixed vulnerabilities left
        Other changes:
     #1146 #1147  Autotools: Fix condition for symbol versioning check, in
                    particular when compiling with slibtool (not libtool)
           #1156  Address Cppcheck >=2.20.0 warnings
           #1153  tests: Make test_buffer_can_grow_to_max work for MinGW on
                    Ubuntu 24.04
     #1157 #1159  Version info bumped from 12:2:11 (libexpat*.so.1.11.2)
                    to 12:3:11 (libexpat*.so.1.11.3); see https://verbump.de/
                    for what these numbers do
        Infrastructure:
           #1148  CI: Fix FreeBSD and Solaris CI
           #1149  CI: Bump to WASI SDK 30
           #1153  CI: Adapt to breaking changes with Ubuntu 22.04
           #1156  CI: Adapt to breaking changes in Cppcheck

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/expat | 20 ++++++++++----------
 lfs/expat                     |  4 ++--
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 0088ac732..93b23090b 100644
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -2,21 +2,21 @@
 #usr/include/expat.h
 #usr/include/expat_config.h
 #usr/include/expat_external.h
-#usr/lib/cmake/expat-2.7.4
-#usr/lib/cmake/expat-2.7.4/expat-config-version.cmake
-#usr/lib/cmake/expat-2.7.4/expat-config.cmake
-#usr/lib/cmake/expat-2.7.4/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.7.4/expat.cmake
+#usr/lib/cmake/expat-2.7.5
+#usr/lib/cmake/expat-2.7.5/expat-config-version.cmake
+#usr/lib/cmake/expat-2.7.5/expat-config.cmake
+#usr/lib/cmake/expat-2.7.5/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.7.5/expat.cmake
 #usr/lib/libexpat.la
 #usr/lib/libexpat.so
 usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.11.2
+usr/lib/libexpat.so.1.11.3
 #usr/lib/pkgconfig/expat.pc
 #usr/share/doc/expat
-#usr/share/doc/expat-2.7.4
-#usr/share/doc/expat-2.7.4/ok.min.css
-#usr/share/doc/expat-2.7.4/reference.html
-#usr/share/doc/expat-2.7.4/style.css
+#usr/share/doc/expat-2.7.5
+#usr/share/doc/expat-2.7.5/ok.min.css
+#usr/share/doc/expat-2.7.5/reference.html
+#usr/share/doc/expat-2.7.5/style.css
 #usr/share/doc/expat/AUTHORS
 #usr/share/doc/expat/changelog
 #usr/share/man/man1/xmlwf.1
diff --git a/lfs/expat b/lfs/expat
index f0803961d..3f00072bd 100644
--- a/lfs/expat
+++ b/lfs/expat
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.7.4
+VER        = 2.7.5
 
 THISAPP    = expat-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 167518530b3e88f7ecb6aecc5eb54a41a740f7184732dd72fafe9bfdcda0b94c537331543744b8b0eaf918d5f0b82dbe311ee4192a592b74e5d65dc577ed8f6a
+$(DL_FILE)_BLAKE2 = 97adfd7cb056066e3a3ec9ef1808d298bc935eb0d17ffca23bcf75810290c8ed8377b21d67b2e1b4a27773057f49f95da9a8f2e368d02d266c980bebbeb1b009
 
 install : $(TARGET)
 
-- 
2.53.0

     prev parent reply	other threads:[~2026-03-18 14:14 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-18 14:14 [PATCH] core202: Ship expat Adolf Belka
2026-03-18 14:14 ` Adolf Belka [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260318141401.3418400-2-adolf.belka@ipfire.org \
    --to=adolf.belka@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox