expat: upgrade to 2.7.3

Security fixes: - Fix alignment of internal allocations for some non-amd64 architectures (e.g. sparc32); fixes up on the fix to CVE-2025-59375 from #1034 (of Expat 2.7.2 and related backports) - Fix a class of false positives where input should have been rejected with error XML_ERROR_ASYNC_ENTITY; regression from CVE-2024-8176 fix pull request #973 (of Expat 2.7.0 and related backports). Please check the added unit tests for example documents. Other changes: - Prove and regression-proof absence of integer overflow from function expat_realloc - Remove "harmless" cast that truncated a size_t to unsigned - Autotools: Remove "ln -s" discovery - docs: Be consistent with use of floating point around XML_SetAllocTrackerMaximumAmplification - docs: Make it explicit that XML_GetCurrentColumnNumber starts at 0 - docs: Better integrate the effect of the activation thresholds - docs: Fix an in-comment typo in expat.h - docs: Fix a typo in README.md - docs: Improve change log of release 2.7.2 - xmlwf: Resolve use of functions XML_GetErrorLineNumber and XML_GetErrorColumnNumber - Windows: Normalize .bat files to CRLF line endings - Version info bumped from 12:0:11 (libexpat*.so.1.11.0) to 12:1:11 (libexpat*.so.1.11.1); see https://verbump.de/ for what these numbers do (From OE-Core rev: 6b1833cd2eb78be55ba03da73937358fcf25d9ec) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2025-09-26 17:32:31 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-10-01 10:52:54 +0100
commit: a41aed6295592e6afadc6ad461aaf309e41e6d66 (patch)
tree: 4680391614ae1fa83126f885783bfa32cc92a3bf
parent: 844539e848e4ff40e0ace3cf871ee53232790d8f (diff)
download: poky-a41aed6295592e6afadc6ad461aaf309e41e6d66.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/recipes-core/expat/expat_2.7.2.bb b/meta/recipes-core/expat/expat_2.7.3.bb
index 952235d7a0..069254e13c 100644
--- a/meta/recipes-core/expat/expat_2.7.2.bb
+++ b/meta/recipes-core/expat/expat_2.7.3.bb
@@ -15,7 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2  \
 GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"
 UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)"
-SRC_URI[sha256sum] = "976f6c2d358953c22398d64cd93790ba5abc62e02a1bbc204a3a264adea149b8"
+SRC_URI[sha256sum] = "59c31441fec9a66205307749eccfee551055f2d792f329f18d97099e919a3b2f"
 EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
author	Ross Burton <ross.burton@arm.com>	2025-09-26 17:32:31 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-10-01 10:52:54 +0100
commit	a41aed6295592e6afadc6ad461aaf309e41e6d66 (patch)
tree	4680391614ae1fa83126f885783bfa32cc92a3bf
parent	844539e848e4ff40e0ace3cf871ee53232790d8f (diff)
download	poky-a41aed6295592e6afadc6ad461aaf309e41e6d66.tar.gz

diff --git a/meta/recipes-core/expat/expat_2.7.2.bb b/meta/recipes-core/expat/expat_2.7.3.bb index 952235d7a0..069254e13c 100644 --- a/meta/recipes-core/expat/expat_2.7.2.bb +++ b/meta/recipes-core/expat/expat_2.7.3.bb
@@ -15,7 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \
15	GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"	15	GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"
16	UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)"	16	UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)"
17		17
18	SRC_URI[sha256sum] = "976f6c2d358953c22398d64cd93790ba5abc62e02a1bbc204a3a264adea149b8"	18	SRC_URI[sha256sum] = "59c31441fec9a66205307749eccfee551055f2d792f329f18d97099e919a3b2f"
19		19
20	EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"	20	EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
21		21