From patchwork Sat Jan 31 20:40:13 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9479 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1 raw public key) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4f3Ps10zxvz3wjW for ; Sat, 31 Jan 2026 20:40:21 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4f3Ps03Sbtz5bJ for ; Sat, 31 Jan 2026 20:40:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4f3Ps02d8pz2yBj for ; Sat, 31 Jan 2026 20:40:20 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4f3Prx4sLmz30Jj for ; Sat, 31 Jan 2026 20:40:17 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4f3Prw6J7xz3qx; Sat, 31 Jan 2026 20:40:16 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1769892016; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AY0I2eDi27X1obIZ3OFKXe2BGZNuIbfQwETigW8ZJks=; b=PS1w1fdr2Vu7KUwe2JKBB7hqC0xuaCgIAM0lPG1n36804/xd9igCvoKIxm0YSIc9b9lquS dsNliY+tS2yFRVCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1769892016; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AY0I2eDi27X1obIZ3OFKXe2BGZNuIbfQwETigW8ZJks=; b=WAiI4NWr1awpWG30S+VEHuRGXsThAlW/e2ypuZ1dh7TRv+AabdvBNVgT1En3OtP75H2iMu +WpvBA1OKvtlawDrWf6QgjvpSYce974mF9Onwg29jcVvD231ICIESVyASNuZFteB/zX37L okiLDyBC8v5O66GAwcHjfBDd/wShl4F1Qj4QLBqP7Npk0/y85N55DvfoZj8g6gV6dbYTGd 0KViDfPP7ll5ke5CmD5U40tfFLFYt6aeNXkBNViRVYiBSOxWhKOvH3BtJGqbe6OtqWZwqv ajYo2U7lHRu3Q3NPq3eaF8PjJElkdofckEY+UHw3vitH5EFJFCGr/fIRMm7BHg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] expat: Update to version 2.7.4 Date: Sat, 31 Jan 2026 21:40:13 +0100 Message-ID: <20260131204013.3701815-2-adolf.belka@ipfire.org> In-Reply-To: <20260131204013.3701815-1-adolf.belka@ipfire.org> References: <20260131204013.3701815-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 2.7.3 to 2.7.4 - Update of rootfile - 2 CVE fixes are in this release. - Changelog 2.7.4 Security fixes: #1131 CVE-2026-24515 -- Function XML_ExternalEntityParserCreate failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference (CWE-476) from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions XML_ExternalEntityParserCreate and XML_SetUnknownEncodingHandler for an application to be vulnerable. #1075 CVE-2026-25210 -- Add missing check for integer overflow related to buffer size determination in function doContent Bug fixes: #1073 lib: Fix missing undoing of group size expansion in doProlog failure cases #1107 xmlwf: Fix a memory leak #1104 WASI: Fix format specifiers for 32bit WASI SDK Other changes: #1105 lib: Fix strict aliasing #1106 lib: Leverage feature "flexible array member" of C99 #1051 lib: Swap (size_t)(-1) for C99 equivalent SIZE_MAX #1109 lib|xmlwf: Return NULL instead of 0 for pointers #1068 lib|Windows: Clean up use of macro _MSC_EXTENSIONS with MSVC #1112 lib: Remove unused import #1110 xmlwf: Warn about XXE in --help output (and man page) #1102 #1103 WASI: Stop using getpid #1113 #1130 Autotools: Drop file expat.m4 that provided obsolete Autoconf macro AM_WITH_EXPAT #1123 Autotools: Limit -Wno-pedantic-ms-format to MinGW #1129 #1134 .. #1087 Autotools|macOS: Sync CMake templates with CMake 4.0 #1139 #1140 Autotools|CMake: Introduce off-by-default symbol versioning The related build system flags are: - For Autotools, configure with --enable-symbol-versioning - For CMake, configure with -DEXPAT_SYMBOL_VERSIONING=ON Please double-check for consequences before activating this inside distro packaging. Bug reports welcome! #1117 Autotools|CMake: Remove libbsd support #1105 Autotools|CMake: Stop using -fno-strict-aliasing, and use -Wstrict-aliasing=3 instead #1124 Autotools|CMake: Prefer command gsed (GNU sed) over sed (e.g. for Solaris) inside fix-xmltest-log.sh #1067 CMake: Detect and warn about unusable check_c_compiler_flag #1137 CMake: Drop support for CMake <3.17 #1138 CMake|Windows: Fix libexpat.def.cmake version comments #1086 #1110 docs: Add warning about external reference handlers and XXE #1066 docs: Be explicit that parent parsers need to outlive subparsers #1089 .. #1090 #1091 .. #1092 #1093 .. #1094 #1098 .. #1115 #1116 docs: Misc non-content improvements to doc/reference.html #1132 #1133 Version info bumped from 12:1:11 (libexpat*.so.1.11.1) to 12:2:11 (libexpat*.so.1.11.2); see https://verbump.de/ for what these numbers do Infrastructure: #1119 #1121 Document guidelines for contributing to Expat #1120 Introduce a pull request template #1074 CI: Stop using about-to-be-removed image "macos-13" #1083 #1088 CI: Mitigate random Wine crashes #1104 CI: Cover compilation with WASI SDK #1116 CI: Enforce clean doc XML formatting #1124 .. #1135 #1136 CI: Cover Solaris 11.4 #1125 CI: Extend CI coverage of FreeBSD #1139 #1140 CI: Cover symbol versioning #1114 xmlwf: Reformat helpgen code (using Black 25.12.0) #1071 .gitignore: Add files CPackConfig.cmake and CPackSourceConfig.cmake Signed-off-by: Adolf Belka --- config/rootfiles/common/expat | 20 ++++++++++---------- lfs/expat | 6 +++--- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index 000261ca9..0088ac732 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -2,21 +2,21 @@ #usr/include/expat.h #usr/include/expat_config.h #usr/include/expat_external.h -#usr/lib/cmake/expat-2.7.3 -#usr/lib/cmake/expat-2.7.3/expat-config-version.cmake -#usr/lib/cmake/expat-2.7.3/expat-config.cmake -#usr/lib/cmake/expat-2.7.3/expat-noconfig.cmake -#usr/lib/cmake/expat-2.7.3/expat.cmake +#usr/lib/cmake/expat-2.7.4 +#usr/lib/cmake/expat-2.7.4/expat-config-version.cmake +#usr/lib/cmake/expat-2.7.4/expat-config.cmake +#usr/lib/cmake/expat-2.7.4/expat-noconfig.cmake +#usr/lib/cmake/expat-2.7.4/expat.cmake #usr/lib/libexpat.la #usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.11.1 +usr/lib/libexpat.so.1.11.2 #usr/lib/pkgconfig/expat.pc #usr/share/doc/expat -#usr/share/doc/expat-2.7.3 -#usr/share/doc/expat-2.7.3/ok.min.css -#usr/share/doc/expat-2.7.3/reference.html -#usr/share/doc/expat-2.7.3/style.css +#usr/share/doc/expat-2.7.4 +#usr/share/doc/expat-2.7.4/ok.min.css +#usr/share/doc/expat-2.7.4/reference.html +#usr/share/doc/expat-2.7.4/style.css #usr/share/doc/expat/AUTHORS #usr/share/doc/expat/changelog #usr/share/man/man1/xmlwf.1 diff --git a/lfs/expat b/lfs/expat index c61a4e5bc..f0803961d 100644 --- a/lfs/expat +++ b/lfs/expat @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2025 IPFire Team # +# Copyright (C) 2007-2026 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.7.3 +VER = 2.7.4 THISAPP = expat-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 26d4c9cb2c9b2a5b9ca9a86e9ea754e832f397bdb8ef266587b146591ff1358b2f439153f2eadb584180be6aee85050f19987565bbedf215993061ce5c85c5c9 +$(DL_FILE)_BLAKE2 = 167518530b3e88f7ecb6aecc5eb54a41a740f7184732dd72fafe9bfdcda0b94c537331543744b8b0eaf918d5f0b82dbe311ee4192a592b74e5d65dc577ed8f6a install : $(TARGET)