mbox series

[wrynose,00/10] Pull Request (Cover letter only)

Message ID 20260710130750.2816610-1-deeratho@cisco.com
Headers show
Series Pull Request (Cover letter only) | expand

Message

From: Deepak Rathore <deeratho@cisco.com>

- wrynose contains Expat 2.7.5, that the listed CVEs affect
versions before 2.8.2, and that this series backports the
relevant upstream fixes rather than upgrading the stable-branch
recipe.
- For CVE-2026-56403, upstream pull request 1232 contains both the
storeAtts fix and the related xcsdup overflow hardening. This makes
the reason for carrying both source patches explicit, even though the
published advisory description names storeAtts specifically.

- Verified the full image build successfully after applying all the patches.

- Ran Ptest on the full image and verified that all tests passed successfully.

Deepak Rathore (10):
  expat: fix CVE-2026-56403
  expat: fix CVE-2026-56408
  expat: fix CVE-2026-56404
  expat: fix CVE-2026-56405
  expat: fix CVE-2026-56410
  expat: fix CVE-2026-56406
  expat: fix CVE-2026-56409
  expat: fix CVE-2026-56411
  expat: fix CVE-2026-56407
  expat: fix CVE-2026-56132

 .../expat/expat/CVE-2026-56132_p1.patch       | 89 +++++++++++++++++++
 .../expat/expat/CVE-2026-56132_p2.patch       | 62 +++++++++++++
 .../expat/expat/CVE-2026-56132_p3.patch       | 76 ++++++++++++++++
 .../expat/expat/CVE-2026-56132_p4.patch       | 63 +++++++++++++
 .../expat/expat/CVE-2026-56132_p5.patch       | 58 ++++++++++++
 .../expat/expat/CVE-2026-56403_p1.patch       | 83 +++++++++++++++++
 .../expat/expat/CVE-2026-56403_p2.patch       | 52 +++++++++++
 .../expat/expat/CVE-2026-56404.patch          | 46 ++++++++++
 .../expat/expat/CVE-2026-56405.patch          | 32 +++++++
 .../expat/CVE-2026-56406-dependent.patch      | 57 ++++++++++++
 .../expat/expat/CVE-2026-56406.patch          | 36 ++++++++
 .../expat/expat/CVE-2026-56407.patch          | 43 +++++++++
 .../expat/expat/CVE-2026-56408.patch          | 36 ++++++++
 .../expat/expat/CVE-2026-56409.patch          | 52 +++++++++++
 .../expat/expat/CVE-2026-56410_p1.patch       | 48 ++++++++++
 .../expat/expat/CVE-2026-56410_p2.patch       | 40 +++++++++
 .../expat/expat/CVE-2026-56411.patch          | 46 ++++++++++
 meta/recipes-core/expat/expat_2.7.5.bb        | 17 ++++
 18 files changed, 936 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56132_p1.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56132_p2.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56132_p3.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56132_p4.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56132_p5.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56403_p1.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56403_p2.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56404.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56405.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56406-dependent.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56406.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56407.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56408.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56409.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56410_p1.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56410_p2.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-56411.patch