expat: patch CVE-2026-24515

Pick fix commit from PR linked in NVD report. (From OE-Core rev: e3c0ac137e50d35e83e8e4ed2c4e09f2eb9d3bca) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
author: Peter Marko <peter.marko@siemens.com> 2026-01-25 21:35:11 +0100
committer: Paul Barker <paul@pbarker.dev> 2026-02-27 15:54:01 +0000
commit: 3a7aa79ca2afff9d72bf59f92c82f49d0631ba4b (patch)
tree: 3a0f68d505f70982976cfb500bcb1d3ba00989b4
parent: a8c5e5e5734567d1216cde25eb98098479c8152a (diff)
download: poky-3a7aa79ca2afff9d72bf59f92c82f49d0631ba4b.tar.gz
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat/CVE-2026-24515.patch b/meta/recipes-core/expat/expat/CVE-2026-24515.patch
new file mode 100644
index 0000000000..da11cf81cf
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2026-24515.patch
@@ -0,0 +1,43 @@
+From 86fc914a7acc49246d5fde0ab6ed97eb8a0f15f9 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 18 Jan 2026 17:53:37 +0100
+Subject: [PATCH] lib: Make XML_ExternalEntityParserCreate copy unknown
+ encoding handler user data
+Patch suggested by Artiphishell Inc.
+CVE: CVE-2026-24515
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/86fc914a7acc49246d5fde0ab6ed97eb8a0f15f9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/xmlparse.c | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 593cd90d..18577ee3 100644
+--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
+@@ -1289,6 +1289,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
+   XML_ExternalEntityRefHandler oldExternalEntityRefHandler;
+   XML_SkippedEntityHandler oldSkippedEntityHandler;
+   XML_UnknownEncodingHandler oldUnknownEncodingHandler;
+  void *oldUnknownEncodingHandlerData;
+   XML_ElementDeclHandler oldElementDeclHandler;
+   XML_AttlistDeclHandler oldAttlistDeclHandler;
+   XML_EntityDeclHandler oldEntityDeclHandler;
+@@ -1333,6 +1334,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
+   oldExternalEntityRefHandler = parser->m_externalEntityRefHandler;
+   oldSkippedEntityHandler = parser->m_skippedEntityHandler;
+   oldUnknownEncodingHandler = parser->m_unknownEncodingHandler;
+  oldUnknownEncodingHandlerData = parser->m_unknownEncodingHandlerData;
+   oldElementDeclHandler = parser->m_elementDeclHandler;
+   oldAttlistDeclHandler = parser->m_attlistDeclHandler;
+   oldEntityDeclHandler = parser->m_entityDeclHandler;
+@@ -1391,6 +1393,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
+   parser->m_externalEntityRefHandler = oldExternalEntityRefHandler;
+   parser->m_skippedEntityHandler = oldSkippedEntityHandler;
+   parser->m_unknownEncodingHandler = oldUnknownEncodingHandler;
+  parser->m_unknownEncodingHandlerData = oldUnknownEncodingHandlerData;
+   parser->m_elementDeclHandler = oldElementDeclHandler;
+   parser->m_attlistDeclHandler = oldAttlistDeclHandler;
+   parser->m_entityDeclHandler = oldEntityDeclHandler;
diff --git a/meta/recipes-core/expat/expat_2.5.0.bb b/meta/recipes-core/expat/expat_2.5.0.bb
index 33207ff0da..ae661947c3 100644
--- a/meta/recipes-core/expat/expat_2.5.0.bb
+++ b/meta/recipes-core/expat/expat_2.5.0.bb
@@ -30,6 +30,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
           file://CVE-2024-45492.patch \
           file://CVE-2024-50602-01.patch \
           file://CVE-2024-50602-02.patch \
+           file://CVE-2026-24515.patch \
           "
 UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"
author	Peter Marko <peter.marko@siemens.com>	2026-01-25 21:35:11 +0100
committer	Paul Barker <paul@pbarker.dev>	2026-02-27 15:54:01 +0000
commit	3a7aa79ca2afff9d72bf59f92c82f49d0631ba4b (patch)
tree	3a0f68d505f70982976cfb500bcb1d3ba00989b4
parent	a8c5e5e5734567d1216cde25eb98098479c8152a (diff)
download	poky-3a7aa79ca2afff9d72bf59f92c82f49d0631ba4b.tar.gz

diff --git a/meta/recipes-core/expat/expat/CVE-2026-24515.patch b/meta/recipes-core/expat/expat/CVE-2026-24515.patch new file mode 100644 index 0000000000..da11cf81cf --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2026-24515.patch
@@ -0,0 +1,43 @@
		1	From 86fc914a7acc49246d5fde0ab6ed97eb8a0f15f9 Mon Sep 17 00:00:00 2001
		2	From: Sebastian Pipping <sebastian@pipping.org>
		3	Date: Sun, 18 Jan 2026 17:53:37 +0100
		4	Subject: [PATCH] lib: Make XML_ExternalEntityParserCreate copy unknown
		5	encoding handler user data
		6
		7	Patch suggested by Artiphishell Inc.
		8
		9	CVE: CVE-2026-24515
		10	Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/86fc914a7acc49246d5fde0ab6ed97eb8a0f15f9]
		11	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		12	---
		13	lib/xmlparse.c \| 3 +++
		14	1 file changed, 3 insertions(+)
		15
		16	diff --git a/lib/xmlparse.c b/lib/xmlparse.c
		17	index 593cd90d..18577ee3 100644
		18	--- a/lib/xmlparse.c
		19	+++ b/lib/xmlparse.c
		20	@@ -1289,6 +1289,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
		21	XML_ExternalEntityRefHandler oldExternalEntityRefHandler;
		22	XML_SkippedEntityHandler oldSkippedEntityHandler;
		23	XML_UnknownEncodingHandler oldUnknownEncodingHandler;
		24	+ void *oldUnknownEncodingHandlerData;
		25	XML_ElementDeclHandler oldElementDeclHandler;
		26	XML_AttlistDeclHandler oldAttlistDeclHandler;
		27	XML_EntityDeclHandler oldEntityDeclHandler;
		28	@@ -1333,6 +1334,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
		29	oldExternalEntityRefHandler = parser->m_externalEntityRefHandler;
		30	oldSkippedEntityHandler = parser->m_skippedEntityHandler;
		31	oldUnknownEncodingHandler = parser->m_unknownEncodingHandler;
		32	+ oldUnknownEncodingHandlerData = parser->m_unknownEncodingHandlerData;
		33	oldElementDeclHandler = parser->m_elementDeclHandler;
		34	oldAttlistDeclHandler = parser->m_attlistDeclHandler;
		35	oldEntityDeclHandler = parser->m_entityDeclHandler;
		36	@@ -1391,6 +1393,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
		37	parser->m_externalEntityRefHandler = oldExternalEntityRefHandler;
		38	parser->m_skippedEntityHandler = oldSkippedEntityHandler;
		39	parser->m_unknownEncodingHandler = oldUnknownEncodingHandler;
		40	+ parser->m_unknownEncodingHandlerData = oldUnknownEncodingHandlerData;
		41	parser->m_elementDeclHandler = oldElementDeclHandler;
		42	parser->m_attlistDeclHandler = oldAttlistDeclHandler;
		43	parser->m_entityDeclHandler = oldEntityDeclHandler;


diff --git a/meta/recipes-core/expat/expat_2.5.0.bb b/meta/recipes-core/expat/expat_2.5.0.bb index 33207ff0da..ae661947c3 100644 --- a/meta/recipes-core/expat/expat_2.5.0.bb +++ b/meta/recipes-core/expat/expat_2.5.0.bb
@@ -30,6 +30,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
30	file://CVE-2024-45492.patch \	30	file://CVE-2024-45492.patch \
31	file://CVE-2024-50602-01.patch \	31	file://CVE-2024-50602-01.patch \
32	file://CVE-2024-50602-02.patch \	32	file://CVE-2024-50602-02.patch \
		33	file://CVE-2026-24515.patch \
33	"	34	"
34		35
35	UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"	36	UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"