summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/recipes-core/expat/expat/CVE-2023-52426-001.patch35
-rw-r--r--meta/recipes-core/expat/expat/CVE-2023-52426-002.patch72
-rw-r--r--meta/recipes-core/expat/expat/CVE-2023-52426-003.patch28
-rw-r--r--meta/recipes-core/expat/expat/CVE-2023-52426-004.patch429
-rw-r--r--meta/recipes-core/expat/expat/CVE-2023-52426-005.patch34
-rw-r--r--meta/recipes-core/expat/expat/CVE-2023-52426-006.patch174
-rw-r--r--meta/recipes-core/expat/expat/CVE-2023-52426-007.patch53
-rw-r--r--meta/recipes-core/expat/expat/CVE-2023-52426-008.patch37
-rw-r--r--meta/recipes-core/expat/expat/CVE-2023-52426-009.patch354
-rw-r--r--meta/recipes-core/expat/expat/CVE-2023-52426-010.patch50
-rw-r--r--meta/recipes-core/expat/expat/CVE-2023-52426-011.patch45
-rw-r--r--meta/recipes-core/expat/expat_2.5.0.bb11
12 files changed, 1322 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-001.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-001.patch
new file mode 100644
index 0000000000..c38a334540
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-001.patch
@@ -0,0 +1,35 @@
1From cdead241d4f1136c2f38d1b28e95073c59753d30 Mon Sep 17 00:00:00 2001
2From: Sebastian Pipping <sebastian@pipping.org>
3Date: Thu, 26 Oct 2023 01:40:05 +0200
4Subject: [PATCH] doc/reference.html: Clarify effect of XML_DTD on external
5 entities
6
7Defining XML_DTD emnables support for external parameter(!)
8entities. External general(!) entities have been supported
9even with XML_DTD undefined. (Only now with Expat 2.6.0
10defining XML_GE as 0 can take that away.)
11
12CVE: CVE-2023-52426
13Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/cdead241d4f1136c2f38d1b28e95073c59753d30]
14
15Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
16---
17 doc/reference.html | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-)
19
20diff --git a/doc/reference.html b/doc/reference.html
21index 8b0d47d..a30e462 100644
22--- a/doc/reference.html
23+++ b/doc/reference.html
24@@ -365,7 +365,7 @@ this is defined, default attribute values from an external DTD subset
25 are reported and attribute value normalization occurs based on the
26 type of attributes defined in the external subset. Without
27 this, Expat has a smaller memory footprint and can be faster, but will
28-not load external entities or process conditional sections. If defined, makes
29+not load external parameter entities or process conditional sections. If defined, makes
30 the functions <code><a
31 href="#XML_SetBillionLaughsAttackProtectionMaximumAmplification">
32 XML_SetBillionLaughsAttackProtectionMaximumAmplification</a></code> and <code>
33--
342.40.0
35
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-002.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-002.patch
new file mode 100644
index 0000000000..9aedc3010a
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-002.patch
@@ -0,0 +1,72 @@
1From daa89e42c005cc7f4f7af9eee271ae0723d30300 Mon Sep 17 00:00:00 2001
2From: Sebastian Pipping <sebastian@pipping.org>
3Date: Thu, 26 Oct 2023 00:59:52 +0200
4
5Subject: [PATCH] cmake: Introduce option EXPAT_GE to control macro XML_GE
6
7CVE: CVE-2023-52426
8Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/daa89e42c005cc7f4f7af9eee271ae0723d30300]
9
10Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
11---
12 CMakeLists.txt | 9 +++++++++
13 expat_config.h.cmake | 3 +++
14 2 files changed, 12 insertions(+)
15
16diff --git a/CMakeLists.txt b/CMakeLists.txt
17index 2b4c13c..416fe96 100644
18--- a/CMakeLists.txt
19+++ b/CMakeLists.txt
20@@ -140,6 +140,8 @@ expat_shy_set(EXPAT_CONTEXT_BYTES 1024 CACHE STRING "Define to specify how much
21 mark_as_advanced(EXPAT_CONTEXT_BYTES)
22 expat_shy_set(EXPAT_DTD ON CACHE BOOL "Define to make parameter entity parsing functionality available")
23 mark_as_advanced(EXPAT_DTD)
24+expat_shy_set(EXPAT_GE ON CACHE BOOL "Define to make general entity parsing functionality available")
25+mark_as_advanced(EXPAT_GE)
26 expat_shy_set(EXPAT_NS ON CACHE BOOL "Define to make XML Namespaces functionality available")
27 mark_as_advanced(EXPAT_NS)
28 expat_shy_set(EXPAT_WARNINGS_AS_ERRORS OFF CACHE BOOL "Treat all compiler warnings as errors")
29@@ -172,6 +174,11 @@ endif()
30 #
31 # Environment checks
32 #
33+if(EXPAT_DTD AND NOT EXPAT_GE)
34+ message(SEND_ERROR "Option EXPAT_DTD requires that EXPAT_GE is also enabled.")
35+ message(SEND_ERROR "Please either enable option EXPAT_GE (recommended) or disable EXPAT_DTD also.")
36+endif()
37+
38 if(EXPAT_WITH_LIBBSD)
39 find_library(LIB_BSD NAMES bsd)
40 if(NOT LIB_BSD)
41@@ -274,6 +281,7 @@ endif()
42
43 _expat_copy_bool_int(EXPAT_ATTR_INFO XML_ATTR_INFO)
44 _expat_copy_bool_int(EXPAT_DTD XML_DTD)
45+_expat_copy_bool_int(EXPAT_GE XML_GE)
46 _expat_copy_bool_int(EXPAT_LARGE_SIZE XML_LARGE_SIZE)
47 _expat_copy_bool_int(EXPAT_MIN_SIZE XML_MIN_SIZE)
48 _expat_copy_bool_int(EXPAT_NS XML_NS)
49@@ -893,6 +901,7 @@ message(STATUS " // Advanced options, changes not advised")
50 message(STATUS " Attributes info .......... ${EXPAT_ATTR_INFO}")
51 message(STATUS " Context bytes ............ ${EXPAT_CONTEXT_BYTES}")
52 message(STATUS " DTD support .............. ${EXPAT_DTD}")
53+message(STATUS " General entities ......... ${EXPAT_GE}")
54 message(STATUS " Large size ............... ${EXPAT_LARGE_SIZE}")
55 message(STATUS " Minimum size ............. ${EXPAT_MIN_SIZE}")
56 message(STATUS " Namespace support ........ ${EXPAT_NS}")
57diff --git a/expat_config.h.cmake b/expat_config.h.cmake
58index 78fcb4c..330945e 100644
59--- a/expat_config.h.cmake
60+++ b/expat_config.h.cmake
61@@ -103,6 +103,9 @@
62 /* Define to make parameter entity parsing functionality available. */
63 #cmakedefine XML_DTD
64
65+/* Define as 1/0 to enable/disable support for general entities. */
66+#define XML_GE @XML_GE@
67+
68 /* Define to make XML Namespaces functionality available. */
69 #cmakedefine XML_NS
70
71--
722.40.0
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-003.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-003.patch
new file mode 100644
index 0000000000..96a62dcffc
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-003.patch
@@ -0,0 +1,28 @@
1From ed87a4793404e91c0cc0c81435fcfcc64a8be9f4 Mon Sep 17 00:00:00 2001
2From: Sebastian Pipping <sebastian@pipping.org>
3Date: Thu, 26 Oct 2023 00:45:23 +0200
4Subject: [PATCH] configure.ac: Define macro XML_GE as 1
5
6CVE: CVE-2023-52426
7Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/ed87a4793404e91c0cc0c81435fcfcc64a8be9f4]
8
9Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
10---
11 configure.ac | 2 ++
12 1 file changed, 2 insertions(+)
13
14diff --git a/configure.ac b/configure.ac
15index d3642de..153bb8e 100644
16--- a/configure.ac
17+++ b/configure.ac
18@@ -295,6 +295,8 @@ AC_SUBST(FILEMAP)
19 dnl Some basic configuration:
20 AC_DEFINE([XML_NS], 1,
21 [Define to make XML Namespaces functionality available.])
22+AC_DEFINE([XML_GE], 1,
23+ [Define as 1/0 to enable/disable support for general entities.])
24 AC_DEFINE([XML_DTD], 1,
25 [Define to make parameter entity parsing functionality available.])
26 AC_DEFINE([XML_DEV_URANDOM], 1,
27--
282.40.0
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-004.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-004.patch
new file mode 100644
index 0000000000..460113caf7
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-004.patch
@@ -0,0 +1,429 @@
1From 0f075ec8ecb5e43f8fdca5182f8cca4703da0404 Mon Sep 17 00:00:00 2001
2From: Sebastian Pipping <sebastian@pipping.org>
3Date: Thu, 26 Oct 2023 00:43:22 +0200
4Subject: [PATCH] lib|xmlwf|cmake: Extend scope of billion laughs attack
5 protection
6
7.. from "defined(XML_DTD)" to "defined(XML_DTD) || XML_GE==1".
8
9CVE: CVE-2023-52426
10Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404]
11
12Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
13---
14 CMakeLists.txt | 8 ++++-
15 lib/expat.h | 8 +++--
16 lib/internal.h | 2 +-
17 lib/libexpat.def.cmake | 4 +--
18 lib/xmlparse.c | 71 ++++++++++++++++++++++--------------------
19 xmlwf/xmlwf.c | 18 ++++++-----
20 6 files changed, 62 insertions(+), 49 deletions(-)
21
22diff --git a/CMakeLists.txt b/CMakeLists.txt
23index 416fe96..e6939e2 100644
24--- a/CMakeLists.txt
25+++ b/CMakeLists.txt
26@@ -389,7 +389,13 @@ if(EXPAT_SHARED_LIBS)
27 endif()
28 endmacro()
29
30- _expat_def_file_toggle(EXPAT_DTD _EXPAT_COMMENT_DTD)
31+ if(EXPAT_DTD OR EXPAT_GE)
32+ set(_EXPAT_DTD_OR_GE TRUE)
33+ else()
34+ set(_EXPAT_DTD_OR_GE FALSE)
35+ endif()
36+
37+ _expat_def_file_toggle(_EXPAT_DTD_OR_GE _EXPAT_COMMENT_DTD_OR_GE)
38 _expat_def_file_toggle(EXPAT_ATTR_INFO _EXPAT_COMMENT_ATTR_INFO)
39
40 configure_file("${CMAKE_CURRENT_SOURCE_DIR}/lib/libexpat.def.cmake" "${CMAKE_CURRENT_BINARY_DIR}/lib/libexpat.def")
41diff --git a/lib/expat.h b/lib/expat.h
42index 1c83563..33c94af 100644
43--- a/lib/expat.h
44+++ b/lib/expat.h
45@@ -1038,13 +1038,15 @@ typedef struct {
46 XMLPARSEAPI(const XML_Feature *)
47 XML_GetFeatureList(void);
48
49-#ifdef XML_DTD
50-/* Added in Expat 2.4.0. */
51+#if defined(XML_DTD) || XML_GE == 1
52+/* Added in Expat 2.4.0 for XML_DTD defined and
53+ * added in Expat 2.6.0 for XML_GE == 1. */
54 XMLPARSEAPI(XML_Bool)
55 XML_SetBillionLaughsAttackProtectionMaximumAmplification(
56 XML_Parser parser, float maximumAmplificationFactor);
57
58-/* Added in Expat 2.4.0. */
59+/* Added in Expat 2.4.0 for XML_DTD defined and
60+ * added in Expat 2.6.0 for XML_GE == 1. */
61 XMLPARSEAPI(XML_Bool)
62 XML_SetBillionLaughsAttackProtectionActivationThreshold(
63 XML_Parser parser, unsigned long long activationThresholdBytes);
64diff --git a/lib/internal.h b/lib/internal.h
65index e09f533..1851925 100644
66--- a/lib/internal.h
67+++ b/lib/internal.h
68@@ -154,7 +154,7 @@ extern "C" {
69 void _INTERNAL_trim_to_complete_utf8_characters(const char *from,
70 const char **fromLimRef);
71
72-#if defined(XML_DTD)
73+#if defined(XML_DTD) || XML_GE == 1
74 unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser);
75 unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser);
76 const char *unsignedCharToPrintable(unsigned char c);
77diff --git a/lib/libexpat.def.cmake b/lib/libexpat.def.cmake
78index cf434a2..61a4f00 100644
79--- a/lib/libexpat.def.cmake
80+++ b/lib/libexpat.def.cmake
81@@ -75,5 +75,5 @@ EXPORTS
82 XML_SetHashSalt @67
83 ; internal @68 removed with version 2.3.1
84 ; added with version 2.4.0
85-@_EXPAT_COMMENT_DTD@ XML_SetBillionLaughsAttackProtectionActivationThreshold @69
86-@_EXPAT_COMMENT_DTD@ XML_SetBillionLaughsAttackProtectionMaximumAmplification @70
87+@_EXPAT_COMMENT_DTD_OR_GE@ XML_SetBillionLaughsAttackProtectionActivationThreshold @69
88+@_EXPAT_COMMENT_DTD_OR_GE@ XML_SetBillionLaughsAttackProtectionMaximumAmplification @70
89diff --git a/lib/xmlparse.c b/lib/xmlparse.c
90index b6c2eca..e23441e 100644
91--- a/lib/xmlparse.c
92+++ b/lib/xmlparse.c
93@@ -408,7 +408,7 @@ enum XML_Account {
94 XML_ACCOUNT_NONE /* i.e. do not account, was accounted already */
95 };
96
97-#ifdef XML_DTD
98+#if defined(XML_DTD) || XML_GE == 1
99 typedef unsigned long long XmlBigCount;
100 typedef struct accounting {
101 XmlBigCount countBytesDirect;
102@@ -424,7 +424,7 @@ typedef struct entity_stats {
103 unsigned int maximumDepthSeen;
104 int debugLevel;
105 } ENTITY_STATS;
106-#endif /* XML_DTD */
107+#endif /* defined(XML_DTD) || XML_GE == 1 */
108
109 typedef enum XML_Error PTRCALL Processor(XML_Parser parser, const char *start,
110 const char *end, const char **endPtr);
111@@ -562,7 +562,7 @@ static XML_Parser parserCreate(const XML_Char *encodingName,
112
113 static void parserInit(XML_Parser parser, const XML_Char *encodingName);
114
115-#ifdef XML_DTD
116+#if defined(XML_DTD) || XML_GE == 1
117 static float accountingGetCurrentAmplification(XML_Parser rootParser);
118 static void accountingReportStats(XML_Parser originParser, const char *epilog);
119 static void accountingOnAbort(XML_Parser originParser);
120@@ -585,7 +585,7 @@ static void entityTrackingOnClose(XML_Parser parser, ENTITY *entity,
121
122 static XML_Parser getRootParserOf(XML_Parser parser,
123 unsigned int *outLevelDiff);
124-#endif /* XML_DTD */
125+#endif /* defined(XML_DTD) || XML_GE == 1 */
126
127 static unsigned long getDebugLevel(const char *variableName,
128 unsigned long defaultDebugLevel);
129@@ -703,7 +703,7 @@ struct XML_ParserStruct {
130 enum XML_ParamEntityParsing m_paramEntityParsing;
131 #endif
132 unsigned long m_hash_secret_salt;
133-#ifdef XML_DTD
134+#if defined(XML_DTD) || XML_GE == 1
135 ACCOUNTING m_accounting;
136 ENTITY_STATS m_entity_stats;
137 #endif
138@@ -1163,7 +1163,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
139 #endif
140 parser->m_hash_secret_salt = 0;
141
142-#ifdef XML_DTD
143+#if defined(XML_DTD) || XML_GE == 1
144 memset(&parser->m_accounting, 0, sizeof(ACCOUNTING));
145 parser->m_accounting.debugLevel = getDebugLevel("EXPAT_ACCOUNTING_DEBUG", 0u);
146 parser->m_accounting.maximumAmplificationFactor
147@@ -2522,8 +2522,9 @@ XML_GetFeatureList(void) {
148 #ifdef XML_ATTR_INFO
149 {XML_FEATURE_ATTR_INFO, XML_L("XML_ATTR_INFO"), 0},
150 #endif
151-#ifdef XML_DTD
152- /* Added in Expat 2.4.0. */
153+#if defined(XML_DTD) || XML_GE == 1
154+ /* Added in Expat 2.4.0 for XML_DTD defined and
155+ * added in Expat 2.6.0 for XML_GE == 1. */
156 {XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT,
157 XML_L("XML_BLAP_MAX_AMP"),
158 (long int)
159@@ -2537,7 +2538,7 @@ XML_GetFeatureList(void) {
160 return features;
161 }
162
163-#ifdef XML_DTD
164+#if defined(XML_DTD) || XML_GE == 1
165 XML_Bool XMLCALL
166 XML_SetBillionLaughsAttackProtectionMaximumAmplification(
167 XML_Parser parser, float maximumAmplificationFactor) {
168@@ -2559,7 +2560,7 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
169 parser->m_accounting.activationThresholdBytes = activationThresholdBytes;
170 return XML_TRUE;
171 }
172-#endif /* XML_DTD */
173+#endif /* defined(XML_DTD) || XML_GE == 1 */
174
175 /* Initially tag->rawName always points into the parse buffer;
176 for those TAG instances opened while the current parse buffer was
177@@ -2645,13 +2646,13 @@ externalEntityInitProcessor2(XML_Parser parser, const char *start,
178 int tok = XmlContentTok(parser->m_encoding, start, end, &next);
179 switch (tok) {
180 case XML_TOK_BOM:
181-#ifdef XML_DTD
182+#if defined(XML_DTD) || XML_GE == 1
183 if (! accountingDiffTolerated(parser, tok, start, next, __LINE__,
184 XML_ACCOUNT_DIRECT)) {
185 accountingOnAbort(parser);
186 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH;
187 }
188-#endif /* XML_DTD */
189+#endif /* defined(XML_DTD) || XML_GE == 1 */
190
191 /* If we are at the end of the buffer, this would cause the next stage,
192 i.e. externalEntityInitProcessor3, to pass control directly to
193@@ -2765,7 +2766,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
194 for (;;) {
195 const char *next = s; /* XmlContentTok doesn't always set the last arg */
196 int tok = XmlContentTok(enc, s, end, &next);
197-#ifdef XML_DTD
198+#if defined(XML_DTD) || XML_GE == 1
199 const char *accountAfter
200 = ((tok == XML_TOK_TRAILING_RSQB) || (tok == XML_TOK_TRAILING_CR))
201 ? (haveMore ? s /* i.e. 0 bytes */ : end)
202@@ -2831,14 +2832,14 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
203 XML_Char ch = (XML_Char)XmlPredefinedEntityName(
204 enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar);
205 if (ch) {
206-#ifdef XML_DTD
207+#if defined(XML_DTD) || XML_GE == 1
208 /* NOTE: We are replacing 4-6 characters original input for 1 character
209 * so there is no amplification and hence recording without
210 * protection. */
211 accountingDiffTolerated(parser, tok, (char *)&ch,
212 ((char *)&ch) + sizeof(XML_Char), __LINE__,
213 XML_ACCOUNT_ENTITY_EXPANSION);
214-#endif /* XML_DTD */
215+#endif /* defined(XML_DTD) || XML_GE == 1 */
216 if (parser->m_characterDataHandler)
217 parser->m_characterDataHandler(parser->m_handlerArg, &ch, 1);
218 else if (parser->m_defaultHandler)
219@@ -4040,7 +4041,7 @@ doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr,
220 for (;;) {
221 const char *next = s; /* in case of XML_TOK_NONE or XML_TOK_PARTIAL */
222 int tok = XmlCdataSectionTok(enc, s, end, &next);
223-#ifdef XML_DTD
224+#if defined(XML_DTD) || XML_GE == 1
225 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, account)) {
226 accountingOnAbort(parser);
227 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH;
228@@ -4192,7 +4193,7 @@ doIgnoreSection(XML_Parser parser, const ENCODING *enc, const char **startPtr,
229 *eventPP = s;
230 *startPtr = NULL;
231 tok = XmlIgnoreSectionTok(enc, s, end, &next);
232-# ifdef XML_DTD
233+#if defined(XML_DTD) || XML_GE == 1
234 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__,
235 XML_ACCOUNT_DIRECT)) {
236 accountingOnAbort(parser);
237@@ -4284,7 +4285,7 @@ processXmlDecl(XML_Parser parser, int isGeneralTextEntity, const char *s,
238 const XML_Char *storedversion = NULL;
239 int standalone = -1;
240
241-#ifdef XML_DTD
242+#if defined(XML_DTD) || XML_GE == 1
243 if (! accountingDiffTolerated(parser, XML_TOK_XML_DECL, s, next, __LINE__,
244 XML_ACCOUNT_DIRECT)) {
245 accountingOnAbort(parser);
246@@ -4491,7 +4492,7 @@ entityValueInitProcessor(XML_Parser parser, const char *s, const char *end,
247 */
248 else if (tok == XML_TOK_BOM && next == end
249 && ! parser->m_parsingStatus.finalBuffer) {
250-# ifdef XML_DTD
251+# if defined(XML_DTD) || XML_GE == 1
252 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__,
253 XML_ACCOUNT_DIRECT)) {
254 accountingOnAbort(parser);
255@@ -4707,11 +4708,13 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
256 }
257 }
258 role = XmlTokenRole(&parser->m_prologState, tok, s, next, enc);
259-#ifdef XML_DTD
260+#if defined(XML_DTD) || XML_GE == 1
261 switch (role) {
262 case XML_ROLE_INSTANCE_START: // bytes accounted in contentProcessor
263 case XML_ROLE_XML_DECL: // bytes accounted in processXmlDecl
264- case XML_ROLE_TEXT_DECL: // bytes accounted in processXmlDecl
265+ # ifdef XML_DTD
266+ case XML_ROLE_TEXT_DECL: // bytes accounted in processXmlDecl
267+# endif
268 break;
269 default:
270 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, account)) {
271@@ -5648,7 +5651,7 @@ epilogProcessor(XML_Parser parser, const char *s, const char *end,
272 for (;;) {
273 const char *next = NULL;
274 int tok = XmlPrologTok(parser->m_encoding, s, end, &next);
275-#ifdef XML_DTD
276+#if defined(XML_DTD) || XML_GE == 1
277 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__,
278 XML_ACCOUNT_DIRECT)) {
279 accountingOnAbort(parser);
280@@ -5728,7 +5731,7 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) {
281 return XML_ERROR_NO_MEMORY;
282 }
283 entity->open = XML_TRUE;
284-#ifdef XML_DTD
285+#if defined(XML_DTD) || XML_GE == 1
286 entityTrackingOnOpen(parser, entity, __LINE__);
287 #endif
288 entity->processed = 0;
289@@ -5762,9 +5765,9 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) {
290 entity->processed = (int)(next - textStart);
291 parser->m_processor = internalEntityProcessor;
292 } else {
293-#ifdef XML_DTD
294+#if defined(XML_DTD) || XML_GE == 1
295 entityTrackingOnClose(parser, entity, __LINE__);
296-#endif /* XML_DTD */
297+#endif /* defined(XML_DTD) || XML_GE == 1 */
298 entity->open = XML_FALSE;
299 parser->m_openInternalEntities = openEntity->next;
300 /* put openEntity back in list of free instances */
301@@ -5813,7 +5816,7 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
302 return result;
303 }
304
305-#ifdef XML_DTD
306+#if defined(XML_DTD) || XML_GE == 1
307 entityTrackingOnClose(parser, entity, __LINE__);
308 #endif
309 entity->open = XML_FALSE;
310@@ -5892,7 +5895,7 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
311 const char *next
312 = ptr; /* XmlAttributeValueTok doesn't always set the last arg */
313 int tok = XmlAttributeValueTok(enc, ptr, end, &next);
314-#ifdef XML_DTD
315+#if defined(XML_DTD) || XML_GE == 1
316 if (! accountingDiffTolerated(parser, tok, ptr, next, __LINE__, account)) {
317 accountingOnAbort(parser);
318 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH;
319@@ -5957,14 +5960,14 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
320 XML_Char ch = (XML_Char)XmlPredefinedEntityName(
321 enc, ptr + enc->minBytesPerChar, next - enc->minBytesPerChar);
322 if (ch) {
323-#ifdef XML_DTD
324+#if defined(XML_DTD) || XML_GE == 1
325 /* NOTE: We are replacing 4-6 characters original input for 1 character
326 * so there is no amplification and hence recording without
327 * protection. */
328 accountingDiffTolerated(parser, tok, (char *)&ch,
329 ((char *)&ch) + sizeof(XML_Char), __LINE__,
330 XML_ACCOUNT_ENTITY_EXPANSION);
331-#endif /* XML_DTD */
332+#endif /* defined(XML_DTD) || XML_GE == 1 */
333 if (! poolAppendChar(pool, ch))
334 return XML_ERROR_NO_MEMORY;
335 break;
336@@ -6042,14 +6045,14 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
337 enum XML_Error result;
338 const XML_Char *textEnd = entity->textPtr + entity->textLen;
339 entity->open = XML_TRUE;
340-#ifdef XML_DTD
341+#if defined(XML_DTD) || XML_GE == 1
342 entityTrackingOnOpen(parser, entity, __LINE__);
343 #endif
344 result = appendAttributeValue(parser, parser->m_internalEncoding,
345 isCdata, (const char *)entity->textPtr,
346 (const char *)textEnd, pool,
347 XML_ACCOUNT_ENTITY_EXPANSION);
348-#ifdef XML_DTD
349+#if defined(XML_DTD) || XML_GE == 1
350 entityTrackingOnClose(parser, entity, __LINE__);
351 #endif
352 entity->open = XML_FALSE;
353@@ -6105,7 +6108,7 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
354 = entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */
355 int tok = XmlEntityValueTok(enc, entityTextPtr, entityTextEnd, &next);
356
357-#ifdef XML_DTD
358+#if defined(XML_DTD) || XML_GE == 1
359 if (! accountingDiffTolerated(parser, tok, entityTextPtr, next, __LINE__,
360 account)) {
361 accountingOnAbort(parser);
362@@ -7651,7 +7654,7 @@ copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) {
363 return result;
364 }
365
366-#ifdef XML_DTD
367+#if defined(XML_DTD) || XML_GE == 1
368
369 static float
370 accountingGetCurrentAmplification(XML_Parser rootParser) {
371@@ -8382,7 +8385,7 @@ unsignedCharToPrintable(unsigned char c) {
372 assert(0); /* never gets here */
373 }
374
375-#endif /* XML_DTD */
376+#endif /* defined(XML_DTD) || XML_GE == 1 */
377
378 static unsigned long
379 getDebugLevel(const char *variableName, unsigned long defaultDebugLevel) {
380diff --git a/xmlwf/xmlwf.c b/xmlwf/xmlwf.c
381index 471f2a2..be23f5a 100644
382--- a/xmlwf/xmlwf.c
383+++ b/xmlwf/xmlwf.c
384@@ -1062,9 +1062,10 @@ tmain(int argc, XML_Char **argv) {
385 " (needs a floating point number greater or equal than 1.0)"));
386 exit(XMLWF_EXIT_USAGE_ERROR);
387 }
388-#ifndef XML_DTD
389- ftprintf(stderr, T("Warning: Given amplification limit ignored") T(
390- ", xmlwf has been compiled without DTD support.\n"));
391+#if ! defined(XML_DTD) && XML_GE == 0
392+ ftprintf(stderr,
393+ T("Warning: Given amplification limit ignored")
394+ T(", xmlwf has been compiled without DTD/GE support.\n"));
395 #endif
396 break;
397 }
398@@ -1083,9 +1084,10 @@ tmain(int argc, XML_Char **argv) {
399 exit(XMLWF_EXIT_USAGE_ERROR);
400 }
401 attackThresholdGiven = XML_TRUE;
402-#ifndef XML_DTD
403- ftprintf(stderr, T("Warning: Given attack threshold ignored") T(
404- ", xmlwf has been compiled without DTD support.\n"));
405+#if ! defined(XML_DTD) && XML_GE == 0
406+ ftprintf(stderr,
407+ T("Warning: Given attack threshold ignored")
408+ T(", xmlwf has been compiled without DTD/GE support.\n"));
409 #endif
410 break;
411 }
412@@ -1120,13 +1122,13 @@ tmain(int argc, XML_Char **argv) {
413 }
414
415 if (attackMaximumAmplification != -1.0f) {
416-#ifdef XML_DTD
417+#if defined(XML_DTD) || XML_GE == 1
418 XML_SetBillionLaughsAttackProtectionMaximumAmplification(
419 parser, attackMaximumAmplification);
420 #endif
421 }
422 if (attackThresholdGiven) {
423-#ifdef XML_DTD
424+#if defined(XML_DTD) || XML_GE == 1
425 XML_SetBillionLaughsAttackProtectionActivationThreshold(
426 parser, attackThresholdBytes);
427 #else
428--
4292.40.0
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-005.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-005.patch
new file mode 100644
index 0000000000..1e8223fff0
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-005.patch
@@ -0,0 +1,34 @@
1From b0975cb73a41869fbecf0fa55afd35b69b64cc50 Mon Sep 17 00:00:00 2001
2From: Sebastian Pipping <sebastian@pipping.org>
3Date: Thu, 26 Oct 2023 00:47:52 +0200
4Subject: [PATCH] lib: Fail the build if XML_GE is not set to 1 or 0
5
6CVE: CVE-2023-52426
7Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/b0975cb73a41869fbecf0fa55afd35b69b64cc50]
8
9Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
10---
11 lib/xmlparse.c | 8 ++++++++
12 1 file changed, 8 insertions(+)
13
14diff --git a/lib/xmlparse.c b/lib/xmlparse.c
15index e23441e..ac3efe1 100644
16--- a/lib/xmlparse.c
17+++ b/lib/xmlparse.c
18@@ -62,6 +62,14 @@
19
20 #include <expat_config.h>
21
22+#if ! defined(XML_GE) || (1 - XML_GE - 1 == 2) || (XML_GE < 0) || (XML_GE > 1)
23+# error XML_GE (for general entities) must be defined, non-empty, either 1 or 0 (0 to disable, 1 to enable; 1 is a common default)
24+#endif
25+
26+#if defined(XML_DTD) && XML_GE == 0
27+# error Either undefine XML_DTD or define XML_GE to 1.
28+#endif
29+
30 #if ! defined(_GNU_SOURCE)
31 # define _GNU_SOURCE 1 /* syscall prototype */
32 #endif
33--
342.40.0
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-006.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-006.patch
new file mode 100644
index 0000000000..d1ab52fa32
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-006.patch
@@ -0,0 +1,174 @@
1From 2b127c20b220b673cf52c6be8bef725bf04cbeaf Mon Sep 17 00:00:00 2001
2From: Sebastian Pipping <sebastian@pipping.org>
3Date: Thu, 26 Oct 2023 18:32:11 +0200
4Subject: [PATCH] lib: Make XML_GE==0 use self-references as entity replacement
5 text
6
7CVE: CVE-2023-52426
8Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/2b127c20b220b673cf52c6be8bef725bf04cbeaf]
9
10Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
11---
12 lib/xmlparse.c | 79 +++++++++++++++++++++++++++++++++++++++++++++-----
13 1 file changed, 71 insertions(+), 8 deletions(-)
14
15diff --git a/lib/xmlparse.c b/lib/xmlparse.c
16index ac3efe1..c479174 100644
17--- a/lib/xmlparse.c
18+++ b/lib/xmlparse.c
19@@ -504,9 +504,13 @@ static enum XML_Error appendAttributeValue(XML_Parser parser, const ENCODING *,
20 static ATTRIBUTE_ID *getAttributeId(XML_Parser parser, const ENCODING *enc,
21 const char *start, const char *end);
22 static int setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *);
23+#if XML_GE == 1
24 static enum XML_Error storeEntityValue(XML_Parser parser, const ENCODING *enc,
25 const char *start, const char *end,
26 enum XML_Account account);
27+#else
28+static enum XML_Error storeSelfEntityValue(XML_Parser parser, ENTITY *entity);
29+#endif
30 static int reportProcessingInstruction(XML_Parser parser, const ENCODING *enc,
31 const char *start, const char *end);
32 static int reportComment(XML_Parser parser, const ENCODING *enc,
33@@ -5040,6 +5044,9 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
34 break;
35 case XML_ROLE_ENTITY_VALUE:
36 if (dtd->keepProcessing) {
37+#if defined(XML_DTD) || XML_GE == 1
38+ // This will store the given replacement text in
39+ // parser->m_declEntity->textPtr.
40 enum XML_Error result
41 = storeEntityValue(parser, enc, s + enc->minBytesPerChar,
42 next - enc->minBytesPerChar, XML_ACCOUNT_NONE);
43@@ -5060,6 +5067,25 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
44 poolDiscard(&dtd->entityValuePool);
45 if (result != XML_ERROR_NONE)
46 return result;
47+#else
48+ // This will store "&amp;entity123;" in parser->m_declEntity->textPtr
49+ // to end up as "&entity123;" in the handler.
50+ if (parser->m_declEntity != NULL) {
51+ const enum XML_Error result
52+ = storeSelfEntityValue(parser, parser->m_declEntity);
53+ if (result != XML_ERROR_NONE)
54+ return result;
55+
56+ if (parser->m_entityDeclHandler) {
57+ *eventEndPP = s;
58+ parser->m_entityDeclHandler(
59+ parser->m_handlerArg, parser->m_declEntity->name,
60+ parser->m_declEntity->is_param, parser->m_declEntity->textPtr,
61+ parser->m_declEntity->textLen, parser->m_curBase, 0, 0, 0);
62+ handleDefault = XML_FALSE;
63+ }
64+ }
65+#endif
66 }
67 break;
68 case XML_ROLE_DOCTYPE_SYSTEM_ID:
69@@ -5102,6 +5128,16 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
70 #endif /* XML_DTD */
71 /* fall through */
72 case XML_ROLE_ENTITY_SYSTEM_ID:
73+#if XML_GE == 0
74+ // This will store "&amp;entity123;" in entity->textPtr
75+ // to end up as "&entity123;" in the handler.
76+ if (parser->m_declEntity != NULL) {
77+ const enum XML_Error result
78+ = storeSelfEntityValue(parser, parser->m_declEntity);
79+ if (result != XML_ERROR_NONE)
80+ return result;
81+ }
82+#endif
83 if (dtd->keepProcessing && parser->m_declEntity) {
84 parser->m_declEntity->systemId
85 = poolStoreString(&dtd->pool, enc, s + enc->minBytesPerChar,
86@@ -6090,6 +6126,7 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
87 /* not reached */
88 }
89
90+#if XML_GE == 1
91 static enum XML_Error
92 storeEntityValue(XML_Parser parser, const ENCODING *enc,
93 const char *entityTextPtr, const char *entityTextEnd,
94@@ -6097,12 +6134,12 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
95 DTD *const dtd = parser->m_dtd; /* save one level of indirection */
96 STRING_POOL *pool = &(dtd->entityValuePool);
97 enum XML_Error result = XML_ERROR_NONE;
98-#ifdef XML_DTD
99+# ifdef XML_DTD
100 int oldInEntityValue = parser->m_prologState.inEntityValue;
101 parser->m_prologState.inEntityValue = 1;
102-#else
103+# else
104 UNUSED_P(account);
105-#endif /* XML_DTD */
106+# endif /* XML_DTD */
107 /* never return Null for the value argument in EntityDeclHandler,
108 since this would indicate an external entity; therefore we
109 have to make sure that entityValuePool.start is not null */
110@@ -6116,18 +6153,18 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
111 = entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */
112 int tok = XmlEntityValueTok(enc, entityTextPtr, entityTextEnd, &next);
113
114-#if defined(XML_DTD) || XML_GE == 1
115+# if defined(XML_DTD) || XML_GE == 1
116 if (! accountingDiffTolerated(parser, tok, entityTextPtr, next, __LINE__,
117 account)) {
118 accountingOnAbort(parser);
119 result = XML_ERROR_AMPLIFICATION_LIMIT_BREACH;
120 goto endEntityValue;
121 }
122-#endif
123+# endif
124
125 switch (tok) {
126 case XML_TOK_PARAM_ENTITY_REF:
127-#ifdef XML_DTD
128+# ifdef XML_DTD
129 if (parser->m_isParamEntity || enc != parser->m_encoding) {
130 const XML_Char *name;
131 ENTITY *entity;
132@@ -6270,12 +6307,38 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
133 entityTextPtr = next;
134 }
135 endEntityValue:
136-#ifdef XML_DTD
137+# ifdef XML_DTD
138 parser->m_prologState.inEntityValue = oldInEntityValue;
139-#endif /* XML_DTD */
140+# endif /* XML_DTD */
141 return result;
142 }
143
144+#else /* XML_GE == 0 */
145+
146+static enum XML_Error
147+storeSelfEntityValue(XML_Parser parser, ENTITY *entity) {
148+ // This will store "&amp;entity123;" in entity->textPtr
149+ // to end up as "&entity123;" in the handler.
150+ const char *const entity_start = "&amp;";
151+ const char *const entity_end = ";";
152+
153+ STRING_POOL *const pool = &(parser->m_dtd->entityValuePool);
154+ if (! poolAppendString(pool, entity_start)
155+ || ! poolAppendString(pool, entity->name)
156+ || ! poolAppendString(pool, entity_end)) {
157+ poolDiscard(pool);
158+ return XML_ERROR_NO_MEMORY;
159+ }
160+
161+ entity->textPtr = poolStart(pool);
162+ entity->textLen = (int)(poolLength(pool));
163+ poolFinish(pool);
164+
165+ return XML_ERROR_NONE;
166+}
167+
168+#endif /* XML_GE == 0 */
169+
170 static void FASTCALL
171 normalizeLines(XML_Char *s) {
172 XML_Char *p;
173--
1742.40.0
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-007.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-007.patch
new file mode 100644
index 0000000000..a141bbf915
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-007.patch
@@ -0,0 +1,53 @@
1From d3f7bbd37bef2565d64f31b549e197a3a414574e Mon Sep 17 00:00:00 2001
2From: Sebastian Pipping <sebastian@pipping.org>
3Date: Thu, 26 Oct 2023 01:39:39 +0200
4Subject: [PATCH] doc/reference.html: Document build time macro XML_GE
5
6CVE: CVE-2023-52426
7Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/d3f7bbd37bef2565d64f31b549e197a3a414574e]
8
9Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
10---
11 doc/reference.html | 27 +++++++++++++++++++++++++++
12 1 file changed, 27 insertions(+)
13
14diff --git a/doc/reference.html b/doc/reference.html
15index 8b0d47d..74ba012 100644
16--- a/doc/reference.html
17+++ b/doc/reference.html
18@@ -359,6 +359,33 @@ and the definition of character types in the case of
19 <code>XML_UNICODE_WCHAR_T</code>. The symbols are:</p>
20
21 <dl class="cpp-symbols">
22+<dt><a name="XML_GE">XML_GE</a></dt>
23+<dd>
24+Added in Expat 2.6.0.
25+Include support for
26+<a href="https://www.w3.org/TR/2006/REC-xml-20060816/#sec-physical-struct">general entities</a>
27+(syntax <code>&amp;e1;</code> to reference and
28+syntax <code>&lt;!ENTITY e1 'value1'&gt;</code> (an internal general entity) or
29+<code>&lt;!ENTITY e2 SYSTEM 'file2'&gt;</code> (an external general entity) to declare).
30+With <code>XML_GE</code> enabled, general entities will be replaced by their declared replacement text;
31+for this to work for <em>external</em> general entities, in addition an
32+<code><a href="#XML_SetExternalEntityRefHandler">XML_ExternalEntityRefHandler</a></code> must be set using
33+<code><a href="#XML_SetExternalEntityRefHandler">XML_SetExternalEntityRefHandler</a></code>.
34+Also, enabling <code>XML_GE</code> makes
35+the functions <code><a href="#XML_SetBillionLaughsAttackProtectionMaximumAmplification">
36+XML_SetBillionLaughsAttackProtectionMaximumAmplification</a></code> and <code>
37+<a href="#XML_SetBillionLaughsAttackProtectionActivationThreshold">
38+XML_SetBillionLaughsAttackProtectionActivationThreshold</a></code> available.
39+<br/>
40+With <code>XML_GE</code> disabled, Expat has a smaller memory footprint and can be faster, but will
41+not load external general entities and will replace all general entities
42+(except the <a href="https://www.w3.org/TR/2006/REC-xml-20060816/#sec-predefined-ent">predefined five</a>:
43+<code>amp</code>, <code>apos</code>, <code>gt</code>, <code>lt</code>, <code>quot</code>)
44+with a self-reference:
45+for example, referencing an entity <code>e1</code> via <code>&amp;e1;</code> will be replaced
46+by text <code>&amp;e1;</code>.
47+</dd>
48+
49 <dt>XML_DTD</dt>
50 <dd>Include support for using and reporting DTD-based content. If
51 this is defined, default attribute values from an external DTD subset
52--
532.40.0
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-008.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-008.patch
new file mode 100644
index 0000000000..d07c62ccf0
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-008.patch
@@ -0,0 +1,37 @@
1From 2848dc4e7067de503934b388717e7a3d8d0c5bca Mon Sep 17 00:00:00 2001
2From: Sebastian Pipping <sebastian@pipping.org>
3Date: Fri, 27 Oct 2023 18:45:50 +0200
4Subject: [PATCH] Simplify "! defined(XML_DTD) && XML_GE == 0" to "XML_GE == 0"
5
6CVE: CVE-2023-52426
7Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/2848dc4e7067de503934b388717e7a3d8d0c5bca]
8
9Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
10---
11 xmlwf/xmlwf.c | 4 ++--
12 1 file changed, 2 insertions(+), 2 deletions(-)
13
14diff --git a/xmlwf/xmlwf.c b/xmlwf/xmlwf.c
15index be23f5a..04ca759 100644
16--- a/xmlwf/xmlwf.c
17+++ b/xmlwf/xmlwf.c
18@@ -1062,7 +1062,7 @@ tmain(int argc, XML_Char **argv) {
19 " (needs a floating point number greater or equal than 1.0)"));
20 exit(XMLWF_EXIT_USAGE_ERROR);
21 }
22-#if ! defined(XML_DTD) && XML_GE == 0
23+#if XML_GE == 0
24 ftprintf(stderr,
25 T("Warning: Given amplification limit ignored")
26 T(", xmlwf has been compiled without DTD/GE support.\n"));
27@@ -1084,7 +1084,7 @@ tmain(int argc, XML_Char **argv) {
28 exit(XMLWF_EXIT_USAGE_ERROR);
29 }
30 attackThresholdGiven = XML_TRUE;
31-#if ! defined(XML_DTD) && XML_GE == 0
32+#if XML_GE == 0
33 ftprintf(stderr,
34 T("Warning: Given attack threshold ignored")
35 T(", xmlwf has been compiled without DTD/GE support.\n"));
36--
372.40.0
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-009.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-009.patch
new file mode 100644
index 0000000000..99460249c0
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-009.patch
@@ -0,0 +1,354 @@
1From caa27198637683b15d810737bb8a6a81af19bfa5 Mon Sep 17 00:00:00 2001
2From: Sebastian Pipping <sebastian@pipping.org>
3Date: Fri, 27 Oct 2023 18:47:37 +0200
4Subject: [PATCH] Simplify "defined(XML_DTD) || XML_GE == 1" to "XML_GE == 1"
5
6CVE: CVE-2023-52426
7Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/caa27198637683b15d810737bb8a6a81af19bfa5]
8
9Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
10---
11 lib/expat.h | 2 +-
12 lib/internal.h | 2 +-
13 lib/xmlparse.c | 66 +++++++++++++++++++++++++-------------------------
14 xmlwf/xmlwf.c | 4 +--
15 4 files changed, 37 insertions(+), 37 deletions(-)
16
17diff --git a/lib/expat.h b/lib/expat.h
18index 33c94af..fa2eb45 100644
19--- a/lib/expat.h
20+++ b/lib/expat.h
21@@ -1038,7 +1038,7 @@ typedef struct {
22 XMLPARSEAPI(const XML_Feature *)
23 XML_GetFeatureList(void);
24
25-#if defined(XML_DTD) || XML_GE == 1
26+#if XML_GE == 1
27 /* Added in Expat 2.4.0 for XML_DTD defined and
28 * added in Expat 2.6.0 for XML_GE == 1. */
29 XMLPARSEAPI(XML_Bool)
30diff --git a/lib/internal.h b/lib/internal.h
31index 1851925..03c8fde 100644
32--- a/lib/internal.h
33+++ b/lib/internal.h
34@@ -154,7 +154,7 @@ extern "C" {
35 void _INTERNAL_trim_to_complete_utf8_characters(const char *from,
36 const char **fromLimRef);
37
38-#if defined(XML_DTD) || XML_GE == 1
39+#if XML_GE == 1
40 unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser);
41 unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser);
42 const char *unsignedCharToPrintable(unsigned char c);
43diff --git a/lib/xmlparse.c b/lib/xmlparse.c
44index c479174..2d8f4c0 100644
45--- a/lib/xmlparse.c
46+++ b/lib/xmlparse.c
47@@ -416,7 +416,7 @@ enum XML_Account {
48 XML_ACCOUNT_NONE /* i.e. do not account, was accounted already */
49 };
50
51-#if defined(XML_DTD) || XML_GE == 1
52+#if XML_GE == 1
53 typedef unsigned long long XmlBigCount;
54 typedef struct accounting {
55 XmlBigCount countBytesDirect;
56@@ -432,7 +432,7 @@ typedef struct entity_stats {
57 unsigned int maximumDepthSeen;
58 int debugLevel;
59 } ENTITY_STATS;
60-#endif /* defined(XML_DTD) || XML_GE == 1 */
61+#endif /* XML_GE == 1 */
62
63 typedef enum XML_Error PTRCALL Processor(XML_Parser parser, const char *start,
64 const char *end, const char **endPtr);
65@@ -574,7 +574,7 @@ static XML_Parser parserCreate(const XML_Char *encodingName,
66
67 static void parserInit(XML_Parser parser, const XML_Char *encodingName);
68
69-#if defined(XML_DTD) || XML_GE == 1
70+#if XML_GE == 1
71 static float accountingGetCurrentAmplification(XML_Parser rootParser);
72 static void accountingReportStats(XML_Parser originParser, const char *epilog);
73 static void accountingOnAbort(XML_Parser originParser);
74@@ -597,7 +597,7 @@ static void entityTrackingOnClose(XML_Parser parser, ENTITY *entity,
75
76 static XML_Parser getRootParserOf(XML_Parser parser,
77 unsigned int *outLevelDiff);
78-#endif /* defined(XML_DTD) || XML_GE == 1 */
79+#endif /* XML_GE == 1 */
80
81 static unsigned long getDebugLevel(const char *variableName,
82 unsigned long defaultDebugLevel);
83@@ -715,7 +715,7 @@ struct XML_ParserStruct {
84 enum XML_ParamEntityParsing m_paramEntityParsing;
85 #endif
86 unsigned long m_hash_secret_salt;
87-#if defined(XML_DTD) || XML_GE == 1
88+#if XML_GE == 1
89 ACCOUNTING m_accounting;
90 ENTITY_STATS m_entity_stats;
91 #endif
92@@ -1175,7 +1175,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
93 #endif
94 parser->m_hash_secret_salt = 0;
95
96-#if defined(XML_DTD) || XML_GE == 1
97+#if XML_GE == 1
98 memset(&parser->m_accounting, 0, sizeof(ACCOUNTING));
99 parser->m_accounting.debugLevel = getDebugLevel("EXPAT_ACCOUNTING_DEBUG", 0u);
100 parser->m_accounting.maximumAmplificationFactor
101@@ -2534,7 +2534,7 @@ XML_GetFeatureList(void) {
102 #ifdef XML_ATTR_INFO
103 {XML_FEATURE_ATTR_INFO, XML_L("XML_ATTR_INFO"), 0},
104 #endif
105-#if defined(XML_DTD) || XML_GE == 1
106+#if XML_GE == 1
107 /* Added in Expat 2.4.0 for XML_DTD defined and
108 * added in Expat 2.6.0 for XML_GE == 1. */
109 {XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT,
110@@ -2550,7 +2550,7 @@ XML_GetFeatureList(void) {
111 return features;
112 }
113
114-#if defined(XML_DTD) || XML_GE == 1
115+#if XML_GE == 1
116 XML_Bool XMLCALL
117 XML_SetBillionLaughsAttackProtectionMaximumAmplification(
118 XML_Parser parser, float maximumAmplificationFactor) {
119@@ -2572,7 +2572,7 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
120 parser->m_accounting.activationThresholdBytes = activationThresholdBytes;
121 return XML_TRUE;
122 }
123-#endif /* defined(XML_DTD) || XML_GE == 1 */
124+#endif /* XML_GE == 1 */
125
126 /* Initially tag->rawName always points into the parse buffer;
127 for those TAG instances opened while the current parse buffer was
128@@ -2658,13 +2658,13 @@ externalEntityInitProcessor2(XML_Parser parser, const char *start,
129 int tok = XmlContentTok(parser->m_encoding, start, end, &next);
130 switch (tok) {
131 case XML_TOK_BOM:
132-#if defined(XML_DTD) || XML_GE == 1
133+#if XML_GE == 1
134 if (! accountingDiffTolerated(parser, tok, start, next, __LINE__,
135 XML_ACCOUNT_DIRECT)) {
136 accountingOnAbort(parser);
137 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH;
138 }
139-#endif /* defined(XML_DTD) || XML_GE == 1 */
140+#endif /* XML_GE == 1 */
141
142 /* If we are at the end of the buffer, this would cause the next stage,
143 i.e. externalEntityInitProcessor3, to pass control directly to
144@@ -2778,7 +2778,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
145 for (;;) {
146 const char *next = s; /* XmlContentTok doesn't always set the last arg */
147 int tok = XmlContentTok(enc, s, end, &next);
148-#if defined(XML_DTD) || XML_GE == 1
149+#if XML_GE == 1
150 const char *accountAfter
151 = ((tok == XML_TOK_TRAILING_RSQB) || (tok == XML_TOK_TRAILING_CR))
152 ? (haveMore ? s /* i.e. 0 bytes */ : end)
153@@ -2844,14 +2844,14 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
154 XML_Char ch = (XML_Char)XmlPredefinedEntityName(
155 enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar);
156 if (ch) {
157-#if defined(XML_DTD) || XML_GE == 1
158+#if XML_GE == 1
159 /* NOTE: We are replacing 4-6 characters original input for 1 character
160 * so there is no amplification and hence recording without
161 * protection. */
162 accountingDiffTolerated(parser, tok, (char *)&ch,
163 ((char *)&ch) + sizeof(XML_Char), __LINE__,
164 XML_ACCOUNT_ENTITY_EXPANSION);
165-#endif /* defined(XML_DTD) || XML_GE == 1 */
166+#endif /* XML_GE == 1 */
167 if (parser->m_characterDataHandler)
168 parser->m_characterDataHandler(parser->m_handlerArg, &ch, 1);
169 else if (parser->m_defaultHandler)
170@@ -4053,7 +4053,7 @@ doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr,
171 for (;;) {
172 const char *next = s; /* in case of XML_TOK_NONE or XML_TOK_PARTIAL */
173 int tok = XmlCdataSectionTok(enc, s, end, &next);
174-#if defined(XML_DTD) || XML_GE == 1
175+# if XML_GE == 1
176 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, account)) {
177 accountingOnAbort(parser);
178 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH;
179@@ -4205,7 +4205,7 @@ doIgnoreSection(XML_Parser parser, const ENCODING *enc, const char **startPtr,
180 *eventPP = s;
181 *startPtr = NULL;
182 tok = XmlIgnoreSectionTok(enc, s, end, &next);
183-#if defined(XML_DTD) || XML_GE == 1
184+# if XML_GE == 1
185 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__,
186 XML_ACCOUNT_DIRECT)) {
187 accountingOnAbort(parser);
188@@ -4297,7 +4297,7 @@ processXmlDecl(XML_Parser parser, int isGeneralTextEntity, const char *s,
189 const XML_Char *storedversion = NULL;
190 int standalone = -1;
191
192-#if defined(XML_DTD) || XML_GE == 1
193+#if XML_GE == 1
194 if (! accountingDiffTolerated(parser, XML_TOK_XML_DECL, s, next, __LINE__,
195 XML_ACCOUNT_DIRECT)) {
196 accountingOnAbort(parser);
197@@ -4504,7 +4504,7 @@ entityValueInitProcessor(XML_Parser parser, const char *s, const char *end,
198 */
199 else if (tok == XML_TOK_BOM && next == end
200 && ! parser->m_parsingStatus.finalBuffer) {
201-# if defined(XML_DTD) || XML_GE == 1
202+# if XML_GE == 1
203 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__,
204 XML_ACCOUNT_DIRECT)) {
205 accountingOnAbort(parser);
206@@ -4720,7 +4720,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
207 }
208 }
209 role = XmlTokenRole(&parser->m_prologState, tok, s, next, enc);
210-#if defined(XML_DTD) || XML_GE == 1
211+#if XML_GE == 1
212 switch (role) {
213 case XML_ROLE_INSTANCE_START: // bytes accounted in contentProcessor
214 case XML_ROLE_XML_DECL: // bytes accounted in processXmlDecl
215@@ -5044,7 +5044,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
216 break;
217 case XML_ROLE_ENTITY_VALUE:
218 if (dtd->keepProcessing) {
219-#if defined(XML_DTD) || XML_GE == 1
220+#if XML_GE == 1
221 // This will store the given replacement text in
222 // parser->m_declEntity->textPtr.
223 enum XML_Error result
224@@ -5695,7 +5695,7 @@ epilogProcessor(XML_Parser parser, const char *s, const char *end,
225 for (;;) {
226 const char *next = NULL;
227 int tok = XmlPrologTok(parser->m_encoding, s, end, &next);
228-#if defined(XML_DTD) || XML_GE == 1
229+#if XML_GE == 1
230 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__,
231 XML_ACCOUNT_DIRECT)) {
232 accountingOnAbort(parser);
233@@ -5775,7 +5775,7 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) {
234 return XML_ERROR_NO_MEMORY;
235 }
236 entity->open = XML_TRUE;
237-#if defined(XML_DTD) || XML_GE == 1
238+#if XML_GE == 1
239 entityTrackingOnOpen(parser, entity, __LINE__);
240 #endif
241 entity->processed = 0;
242@@ -5809,9 +5809,9 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) {
243 entity->processed = (int)(next - textStart);
244 parser->m_processor = internalEntityProcessor;
245 } else {
246-#if defined(XML_DTD) || XML_GE == 1
247+#if XML_GE == 1
248 entityTrackingOnClose(parser, entity, __LINE__);
249-#endif /* defined(XML_DTD) || XML_GE == 1 */
250+#endif /* XML_GE == 1 */
251 entity->open = XML_FALSE;
252 parser->m_openInternalEntities = openEntity->next;
253 /* put openEntity back in list of free instances */
254@@ -5860,7 +5860,7 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
255 return result;
256 }
257
258-#if defined(XML_DTD) || XML_GE == 1
259+#if XML_GE == 1
260 entityTrackingOnClose(parser, entity, __LINE__);
261 #endif
262 entity->open = XML_FALSE;
263@@ -5939,7 +5939,7 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
264 const char *next
265 = ptr; /* XmlAttributeValueTok doesn't always set the last arg */
266 int tok = XmlAttributeValueTok(enc, ptr, end, &next);
267-#if defined(XML_DTD) || XML_GE == 1
268+#if XML_GE == 1
269 if (! accountingDiffTolerated(parser, tok, ptr, next, __LINE__, account)) {
270 accountingOnAbort(parser);
271 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH;
272@@ -6004,14 +6004,14 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
273 XML_Char ch = (XML_Char)XmlPredefinedEntityName(
274 enc, ptr + enc->minBytesPerChar, next - enc->minBytesPerChar);
275 if (ch) {
276-#if defined(XML_DTD) || XML_GE == 1
277+#if XML_GE == 1
278 /* NOTE: We are replacing 4-6 characters original input for 1 character
279 * so there is no amplification and hence recording without
280 * protection. */
281 accountingDiffTolerated(parser, tok, (char *)&ch,
282 ((char *)&ch) + sizeof(XML_Char), __LINE__,
283 XML_ACCOUNT_ENTITY_EXPANSION);
284-#endif /* defined(XML_DTD) || XML_GE == 1 */
285+#endif /* XML_GE == 1 */
286 if (! poolAppendChar(pool, ch))
287 return XML_ERROR_NO_MEMORY;
288 break;
289@@ -6089,14 +6089,14 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
290 enum XML_Error result;
291 const XML_Char *textEnd = entity->textPtr + entity->textLen;
292 entity->open = XML_TRUE;
293-#if defined(XML_DTD) || XML_GE == 1
294+#if XML_GE == 1
295 entityTrackingOnOpen(parser, entity, __LINE__);
296 #endif
297 result = appendAttributeValue(parser, parser->m_internalEncoding,
298 isCdata, (const char *)entity->textPtr,
299 (const char *)textEnd, pool,
300 XML_ACCOUNT_ENTITY_EXPANSION);
301-#if defined(XML_DTD) || XML_GE == 1
302+#if XML_GE == 1
303 entityTrackingOnClose(parser, entity, __LINE__);
304 #endif
305 entity->open = XML_FALSE;
306@@ -6153,7 +6153,7 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
307 = entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */
308 int tok = XmlEntityValueTok(enc, entityTextPtr, entityTextEnd, &next);
309
310-# if defined(XML_DTD) || XML_GE == 1
311+# if XML_GE == 1
312 if (! accountingDiffTolerated(parser, tok, entityTextPtr, next, __LINE__,
313 account)) {
314 accountingOnAbort(parser);
315@@ -7725,7 +7725,7 @@ copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) {
316 return result;
317 }
318
319-#if defined(XML_DTD) || XML_GE == 1
320+#if XML_GE == 1
321
322 static float
323 accountingGetCurrentAmplification(XML_Parser rootParser) {
324@@ -8456,7 +8456,7 @@ unsignedCharToPrintable(unsigned char c) {
325 assert(0); /* never gets here */
326 }
327
328-#endif /* defined(XML_DTD) || XML_GE == 1 */
329+#endif /* XML_GE == 1 */
330
331 static unsigned long
332 getDebugLevel(const char *variableName, unsigned long defaultDebugLevel) {
333diff --git a/xmlwf/xmlwf.c b/xmlwf/xmlwf.c
334index 04ca759..dd023a9 100644
335--- a/xmlwf/xmlwf.c
336+++ b/xmlwf/xmlwf.c
337@@ -1122,13 +1122,13 @@ tmain(int argc, XML_Char **argv) {
338 }
339
340 if (attackMaximumAmplification != -1.0f) {
341-#if defined(XML_DTD) || XML_GE == 1
342+#if XML_GE == 1
343 XML_SetBillionLaughsAttackProtectionMaximumAmplification(
344 parser, attackMaximumAmplification);
345 #endif
346 }
347 if (attackThresholdGiven) {
348-#if defined(XML_DTD) || XML_GE == 1
349+#if XML_GE == 1
350 XML_SetBillionLaughsAttackProtectionActivationThreshold(
351 parser, attackThresholdBytes);
352 #else
353--
3542.40.0
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-010.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-010.patch
new file mode 100644
index 0000000000..4b5c5cb2e1
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-010.patch
@@ -0,0 +1,50 @@
1From 55fecd6aa4af4a540812b81234679cd6b5714f1b Mon Sep 17 00:00:00 2001
2From: Sebastian Pipping <sebastian@pipping.org>
3Date: Wed, 1 Nov 2023 18:24:55 +0100
4Subject: [PATCH] Drop redundant "XML_GE == 1" guards
5
6These are redundant because further out there is a guard
7for "XML_GE == 1" already. In the visual world, the pattern
8is this:
9
10> #if XML_GE == 1
11> [..]
12> # if XML_GE == 1
13> [..]
14> # endif
15> [..]
16> #endif
17
18Spotted by Snild Dolkow, thanks!
19
20Co-authored-by: Snild Dolkow <snild@sony.com>
21
22CVE: CVE-2023-52426
23Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/55fecd6aa4af4a540812b81234679cd6b5714f1b]
24
25Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
26---
27 lib/xmlparse.c | 2 --
28 1 file changed, 2 deletions(-)
29
30diff --git a/lib/xmlparse.c b/lib/xmlparse.c
31index 2d8f4c0..82a8006 100644
32--- a/lib/xmlparse.c
33+++ b/lib/xmlparse.c
34@@ -6153,14 +6153,12 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
35 = entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */
36 int tok = XmlEntityValueTok(enc, entityTextPtr, entityTextEnd, &next);
37
38-# if XML_GE == 1
39 if (! accountingDiffTolerated(parser, tok, entityTextPtr, next, __LINE__,
40 account)) {
41 accountingOnAbort(parser);
42 result = XML_ERROR_AMPLIFICATION_LIMIT_BREACH;
43 goto endEntityValue;
44 }
45-# endif
46
47 switch (tok) {
48 case XML_TOK_PARAM_ENTITY_REF:
49--
502.40.0
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-011.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-011.patch
new file mode 100644
index 0000000000..d1b0be2aff
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-011.patch
@@ -0,0 +1,45 @@
1From 8a6c61de4a425977e357cafd8667a0d7771ce292 Mon Sep 17 00:00:00 2001
2From: Sebastian Pipping <sebastian@pipping.org>
3Date: Thu, 26 Oct 2023 01:29:03 +0200
4Subject: [PATCH] lib: Add XML_GE to XML_GetFeatureList and XML_FeatureEnum
5 Co-authored-by: Snild Dolkow <snild@sony.com>
6
7CVE: CVE-2023-52426
8Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/8a6c61de4a425977e357cafd8667a0d7771ce292]
9
10Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
11---
12 lib/expat.h | 4 +++-
13 lib/xmlparse.c | 2 ++
14 2 files changed, 5 insertions(+), 1 deletion(-)
15
16diff --git a/lib/expat.h b/lib/expat.h
17index fa2eb45..9e64174 100644
18--- a/lib/expat.h
19+++ b/lib/expat.h
20@@ -1025,7 +1025,9 @@ enum XML_FeatureEnum {
21 XML_FEATURE_ATTR_INFO,
22 /* Added in Expat 2.4.0. */
23 XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT,
24- XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT
25+ XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT,
26+ /* Added in Expat 2.6.0. */
27+ XML_FEATURE_GE
28 /* Additional features must be added to the end of this enum. */
29 };
30
31diff --git a/lib/xmlparse.c b/lib/xmlparse.c
32index 82a8006..0627d6c 100644
33--- a/lib/xmlparse.c
34+++ b/lib/xmlparse.c
35@@ -2544,6 +2544,8 @@ XML_GetFeatureList(void) {
36 {XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT,
37 XML_L("XML_BLAP_ACT_THRES"),
38 EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT},
39+ /* Added in Expat 2.6.0. */
40+ {XML_FEATURE_GE, XML_L("XML_GE"), 0},
41 #endif
42 {XML_FEATURE_END, NULL, 0}};
43
44--
452.40.0
diff --git a/meta/recipes-core/expat/expat_2.5.0.bb b/meta/recipes-core/expat/expat_2.5.0.bb
index eb7ce1436e..31e989cfe2 100644
--- a/meta/recipes-core/expat/expat_2.5.0.bb
+++ b/meta/recipes-core/expat/expat_2.5.0.bb
@@ -11,6 +11,17 @@ VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}"
11SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ 11SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \
12 file://run-ptest \ 12 file://run-ptest \
13 file://CVE-2024-28757.patch \ 13 file://CVE-2024-28757.patch \
14 file://CVE-2023-52426-001.patch \
15 file://CVE-2023-52426-002.patch \
16 file://CVE-2023-52426-003.patch \
17 file://CVE-2023-52426-004.patch \
18 file://CVE-2023-52426-005.patch \
19 file://CVE-2023-52426-006.patch \
20 file://CVE-2023-52426-007.patch \
21 file://CVE-2023-52426-008.patch \
22 file://CVE-2023-52426-009.patch \
23 file://CVE-2023-52426-010.patch \
24 file://CVE-2023-52426-011.patch \
14 " 25 "
15 26
16UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" 27UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-21 19:29:00 +0000