[scarthgap,1/3] expat: patch CVE-2026-32776

Return-Path: <hsimeliere.opensource@witekio.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0AAACF589B0
	for <webhook@archiver.kernel.org>; Thu, 23 Apr 2026 12:39:45 +0000 (UTC)
Received: from mx-relay31-hz12-if1.hornetsecurity.com
 (mx-relay31-hz12-if1.hornetsecurity.com [94.100.139.231])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.18355.1776947976243655370
 for <openembedded-core@lists.openembedded.org>;
 Thu, 23 Apr 2026 05:39:37 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@witekio.com header.s=selector1 header.b=Aw29+07z;
 spf=permerror,
 err=parse error for token &{10 18 spf.hornetsecurity.com}: limit exceeded
 (domain: witekio.com, ip: 94.100.139.231, mailfrom: hsimeliere@witekio.com)
ARC-Authentication-Results: i=2; mx-gate31-hz12.hornetsecurity.com 1;
 spf=pass reason=mailfrom (ip=52.101.72.109, headerfrom=witekio.com)
 smtp.mailfrom=witekio.com
 smtp.helo=am0pr02cu008.outbound.protection.outlook.com; dkim=pass
 header.d=witekio.com header.s=selector1 header.a=rsa-sha256; dmarc=pass
 header.from=witekio.com orig.disposition=pass
ARC-Message-Signature: a=rsa-sha256;
 bh=WI6fy0ms9Nw8jI8nXWBzQmi4fOVTDeTExcORrHEQe24=; c=relaxed/relaxed;
 d=hornetsecurity.com; h=from:to:date:subject:mime-version:; i=2; s=hse1;
 t=1776947973;
 b=iYJsRUrKkga9v9dJgpgcrarX1sT/G3wlStAH9OrJFIliJEgDuJeT/EqtRvw7aVIybMkFR5Xb
 0VPiIVzPDTE1ENMvpniwe/7Rr32z1mVCW/0uKv6FlDW0UbJq0bugSQIfi/BowEM60RrgGICcVk8
 rQ7Wf29iDjgpGRR/c8ZbBqlYxZCbRxlI8iyFcupAekM75o3VFHRWGE++XS2dT1Y1ihba66LWYzs
 8WIwj3UrZPIzoZHqwY63PMwGZQN9u8pYQ06smAGGPI/UD9Ydri9PgI3SogV9BYUa5uhN4T5AfqC
 6n6D4l6Za+jFCK2hzEnzMDZuRLLPrmocJrXblr8aAQAiw==
ARC-Seal: a=rsa-sha256; cv=pass; d=hornetsecurity.com; i=2; s=hse1;
 t=1776947973;
 b=IOeWk1KU+9ImLCPgqXhUTq7iGKEFvqtGwWRfGK2klV98Mv6098SQIcmvHpysYLgOYqUBiow7
 6Mp+vdD24YRzJO0flKhoM0wMFFU7IrQeV3hGTlFVjnBxnz9cbCockkg0/U1IwzzcfNB18srvRR9
 yolLmR2+BnpiVdQX0r9IzW72hVg4E7KpaT+N2Gq99b2D1f9DYaqVgyQiD8wMwP8gih9DkQAhCsu
 uNpNWMee/NYNfQZfHchpWmaQHAU09cjRuItcimytvtYYk9zBM5ObfZ/Nuwjiu0dto6DN9eSU4OO
 ETaiqa9/52tYz2Mf0551zEytCw1MS2AgWFaDGq8drQFHw==
Received: from mail-westeuropeazon11023109.outbound.protection.outlook.com
 ([52.101.72.109]) by mx-gate31-hz12;
 Thu, 23 Apr 2026 14:39:33 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=u1JpZ4v+nw432zIBKq6w5twW5uI6Tx0/1m1rbD0jAkWloNnxyD7THf24zuIaXmXTIKdTrL0WizsLv+++krcRHaDYG8ONTPBiT9yV7a4XZqCXqQGqlhwMipxGPoq95GW1lKQgK6MmX6kv3Ba2R+i+bfl+UAIbfL1JQb3lZNFSzJ9dHqpWWw/BV1QghNm0Ns6CyMKzJ7UC+ZRCDuxgftpTLYIygBssWCJ+0MBch9DochkN+geJdGUfOvz/yhaYTeqgyVQ3ye6+9BgxkqpZHhcpRoc0bM8Vu+CNDuThkVXH2Zi9wpUPBAWf2Qr2fXHoFAsgaBJpc/sUNxt4vVcHbXYXtA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=WI6fy0ms9Nw8jI8nXWBzQmi4fOVTDeTExcORrHEQe24=;
 b=cnOrfTApfqe4HIcISoE/CuIpBjv1jE4F6ie6fyyvMj/Z5DcUWkuL1AyxvOT4OAQKWxeBbT9eJxhUjOnlxofR7bezSOpl26yX1BBhgDHxyr4UgDq+G1RbHNPB4+5ryloyOYQj/OX0SPpx3dJ/ojDWEKug20H8/oGNjG3JhwpIk5fq72Vp/lHrdR0Z2OThNBE+xFVC57XRvo5Dyre318BcRa+zyYs2ZyhwHfnMMug2T2e+ZzdABgtT5d3KR8L5H5ns+rPDcsTPugOJBUM8layQAhXy3pq0DtCp4CEYh5mJvsA+8Zg7OEPbkRxMtXzMe0JWZVhVRVpYc90l8qmSeBdBjw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=witekio.com; dmarc=pass action=none header.from=witekio.com;
 dkim=pass header.d=witekio.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=witekio.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=WI6fy0ms9Nw8jI8nXWBzQmi4fOVTDeTExcORrHEQe24=;
 b=Aw29+07zwFpKLIdu9WCbAeTfmenZ2vfNYRwr7VOFGnURH4m0hYrrO0lBWc/tDcuJX6dYyklA7z6nV1vrSJzAlaq7HcxZ+SmOghWS0b5uDU4QeSOISxPzXohZpPZZvE1Tw7ekM8u2P/8JJhX429Ev2KuJIEA9+V5E2W8MX1MMdTz0q/opdkzSDXG3Zvc+B0+mZIyuOgQSYZuVgeb8Rs8n92790s4nvU1UQk9cZkk6+lTmfq+LgqXbrrUfIeGvIvTe2WgiQqsGuFmWUOnXW1f2his6hecrOZaGj6Im+rSxsw19CLvNNwFmdlFL9izCiYwY5sm5JHTq9EZXfi+ALXJCxg==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=witekio.com;
Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM (2603:10a6:501:87::6) by
 DB9P192MB1563.EURP192.PROD.OUTLOOK.COM (2603:10a6:10:33b::8) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.9846.18; Thu, 23 Apr 2026 12:39:25 +0000
Received: from MRWP192MB3504.EURP192.PROD.OUTLOOK.COM
 ([fe80::e437:672a:5abc:a0f4]) by MRWP192MB3504.EURP192.PROD.OUTLOOK.COM
 ([fe80::e437:672a:5abc:a0f4%6]) with mapi id 15.20.9818.032; Thu, 23 Apr 2026
 12:39:25 +0000
From: hsimeliere.opensource@witekio.com
To: openembedded-core@lists.openembedded.org
Cc: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>,
	Bruno VERNAY <bruno.vernay@se.com>
Subject: [OE-core][scarthgap][PATCH 1/3] expat: patch CVE-2026-32776
Date: Thu, 23 Apr 2026 14:37:05 +0200
Message-ID: <20260423123854.388088-1-hsimeliere.opensource@witekio.com>
X-Mailer: git-send-email 2.43.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-ClientProxiedBy: LO2P265CA0448.GBRP265.PROD.OUTLOOK.COM
 (2603:10a6:600:e::28) To MRWP192MB3504.EURP192.PROD.OUTLOOK.COM
 (2603:10a6:501:87::6)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MRWP192MB3504:EE_|DB9P192MB1563:EE_
X-MS-Office365-Filtering-Correlation-Id: b96e5647-4a74-43d6-d920-08dea1355a3c
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|1800799024|52116014|376014|366016|10070799003|18002099003|56012099003;
X-Microsoft-Antispam-Message-Info: 
	BkWTEB27etXnlvs1BMIaLSAt0cVxwHXypsNg1MrJAW9dU9tBOwR54czRTAY2ImvaM8VuKthothuTYTxLZ6Nt7LvUILRyayneh0sgahJQGFDznF3ruhiZ62YMvZ5orR3DTQMVx5d8Z0jy0aV6ZZvvEZS7Oxf524u6Ntvt/1aogv9l3DAzro2U5GvUzWzHfLkk/E3hgLxeh2ufHEp1dRg7+x0NVL35cVMkxLisdw4VDpwxjKiZD52DRTsNlVOlW4VhVe9ebl/MNHuqfqhBORHNhn6C3TiAVnVImsZPGa0+OKJBQklUXHb4WR6FCn1QMbPtQ+O3dj576QMUDmraK3k3q4KwYn6wkcdi9yDKEQCFWvf+1ZhVFIZDV7NYA47d0MxoUH3s0LMoVz0MI9xX3eQ8H3rr3/B7p5WFHU3a9gDIT9lqrTM5g8AdCh75GSCsTYeFGumQnbpgYLl0xAuYpje7Yhj6LFgm2XdIngE+e4doemoy8Vxdi8dthlTDoAotnGydUMTnzP1Uez07aYcrljMFmp4hIQykcEHShU1mvxX6t/QTNMi8ETxDZ+7ZYtegSP6+OjnTmhQxeHjc4TFGV0R6GoOiWEZMdeRbl0a1mW8F8ok4ZMbChKMnlf8QkmMc5qTt78qcun1abXXjayKAmJ+UeRZkYso5oQr1MkFCG2TBrCzfyIAOAZaf/K/Wpl5i3iwt
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MRWP192MB3504.EURP192.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(52116014)(376014)(366016)(10070799003)(18002099003)(56012099003);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: 
 Kt4nzpYviBVOImZX9GrgYfajYYKvgzwZnpVffqicvqXA7d1CNoUdWXHqHpwUAcSw5R6W3IfivUdVpJYEyLsS/5mJBYKqXMEhejz2LpuaCkl8fBigodOtAEejZOWEnfFmMPX/ClL7/TmcvaDPbnY4JYxQMG5zXLPQ+qmMy107LxnZB3vMMSKnVy8oqA7G8ndmfwzmHmTW326OLgC2yCQ3ukbQnf5WpJ9xfSMaLZROwkR2JcFBrbFbaxk1YwTk10hX0BzXI8+/xto+tI80ISrJsOtyNXtqSyXOUC4Y40u8Z6+6k3Fvhgi1WIblAh1EYhWE8arVRKorcsKrHkt48YX0AeDufFythc7oMZn3nsWhgAcrXFPcVcVPHGEq6bO9n01LnmB+E0gOPiQZ1rglirCPZMHMhQB4vxN+SCbYfc09mL7heoRQw2OFOM/9ifp5nkbaScIb6zOOMJp4TIDgD4imtUtIMWKk9va9B2/j0p1LX7juv0Pcs+sSLYRoxCKxgiHMAfN4BDdCpooRca/55V4KULMfiRFKSWhCy+hEOagkhuyW9oTJE0iYL6yW3vL8tArlLsZhe4gGkLlHPM4v8DYMPAfwKJfjWwBr3f9MW65PERiNKozjdKOYnVZuMNUj1rZmQsBjRiLi8AnFZTQxWs7kxV9LejwgGcHlo2dmsVwzx+U+dtD4PvU+I7qY59x/Cz9HuTkcyKBOGQoJU8+RzJEUsuQSJA/9BYxyRC0eSuXmjTB+N/+ZqeXhG2ocbKvueOPw+zCJOca7feaf6eROR+A3Ybp8ZxACBJD8tFNncAqROYL2T1Ae4Vxh4fYWHvY4uA0dUw1Ofl61NW4DlmnMhTGHCwusS7Rnv5QNyT/sOs5Nf5YS/mA/oJDJrrqoAf0ZE4HpEnzaFkAFsgZQv39gJ+HHuJiYdX4HaFMeyH6koOUKjwFuCu938qf+c1Ipk4gC4yb0U2cE9+S7fW8cZdiUcJc9rJ0y/4kkpYE+xOJ6QftHe75SgetmkvbCl8bbHQz9x/RilaAym7GevQ6GONFqkTwunDp+Ro8UZIhMSrJgPfwLhWlh6l88MoJSpNUfjyXEcSDod5GtI1zKqWLhLezQzebqTQzBXn5rPcm4H/L9BAt2JxaIhexOZLyiuoaPL4vkUXzfysGXlFjy26Jq/Hidcf3GV6l3cYq0wqlHV7vdoYDCxiy5tqC/pRWYGmyx6OKgCDwWHlvragoKwITwvI22nIhntoSV1QIUbqDu5VA7ESxFEp4hK0c3BQOcOU236TYsjqPliExTsXg2Wo8am2CnJxuAjOTRCgNCkmDgcQd6ccTyq2zVO8Si0krF/WNkQW7CYUnC8nCrN90AmCo6egwk+257aS9qTnB1Jem6E6GXvV+GbhbLoOVek5ksSdt6frtB87hUDc8nQYYqBjWhtQ+LQf4bNKaO1eRSSxcl4V8kiHYuaT0jFMtdWHU2EB8l5aGcMLNLE5QZBdu5Ami1HgTFgHSmXm6GRAhbtUOAs5ZYKvYn3V+O+zMXgQOMhlfyFTJaO/BmefnH/RRVZTP15ioagXawf1bBmhBjobDGos4O7n9q27ykF7xrmW7csxTmHC9wOzmlGzHuB+55rK6X4uc8O0aYH321VG9lAs0USFWmRo+9YnLS96cq84pl7y3F32alpYYa38PoLVJ53KnjO6yA5xv4bdUEt4gZsbAFTHk4FRNhGJe5j55pudYVxewsGv4yYjAiqhUo9h/zNXKh2Huh3pucGjIzRFlZ0YMfAAKln8/eB6nhmDgSpAH33no/QzkC/o1eo4wQNIY0
X-MS-Exchange-AntiSpam-MessageData-1: TG7/52lXGod50Q==
X-Exchange-RoutingPolicyChecked: 
	JvmgtRM7sCt4igBUp3zyeiVAAAY0ew0p35T0aFFDt/1NAwAM65BzFWqV+OUhmZ/crwf73yh86/8VBvp/4yVZ5uK3VNFAZuY4H/5xaSqWFPO6HVnNuztCkTGBHGHU49GUHI073TsBQhNEsvwXCca1tWbHXaUNTefth51nD9LEEFA/rZByrByRv6TkGmSnZGNF9c8tAlCxp+g01nVGi5KhNZ1RqPUcS+yH6CDQXE0frpWnchYnLPISeMy36rmSjqBOP6v0rs4tTm6XT+jt17KO+CxT5zqRsxPP+St+Wv4/7K3o1NM6oOTTvLXNtl5FI2qnaGT1ebB4rCmTAVsTfJIqEg==
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: 
	yuXuEKpD5HbLxFlzayuukWGUMA+1xdNMbHv0BBawFnr050XFJwuB0OI8RGn89aHCTCoV8Y2RqSfg28Lk+ak7gAxC4NaKP3T0SneN2poTN4KnR/OlLkPr9cpgmmYggkVp/2kuRvpXt8sPawx/8yuzN34W0NYcKEvWW+w9aBVHjSMqu1RBsyg0JDS88rAYK3TXDphxLkVrAtAKLIRboYvmEd1MeAESGx/KRBQev1OSbfk/JRGrBPoqzkTAwpPiOrZWFk/80q7uesIny1/9PrGqdYW9UD7gGGUCx6y/PszbaQJhPoNurg7C/jKSWfC7aZG8eRzhsOWWdSPD99KiKwFgRkLyJyM2kk1/aGnvQQfxpDPK4yE1Uc6ysOf+ubudqOJJFQynRYEhOHkdg/QJaRYpGdF+wqCkhiOZPHhnPQOjSCQdxXB3K3dMvCjtBfXxxMz0Kq7LgNlgnjynJr2LoQjFpS0369aMDAk2rtbDaSzB/I3tSwkPfmgMg5lXXS7MTj+fI2ZUNMdNKjXmQ0s+UD/FP4PBDe+Zr/CTh6fvGBaSaDYdho8vtyE0K10vocjxsrlyrP+d9hhBDNjl8qkQW7OTa/YdA4A19w8JtAQhWBp1MI3C/ZqSdJ9vslrw/6XhUlRB
X-OriginatorOrg: witekio.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b96e5647-4a74-43d6-d920-08dea1355a3c
X-MS-Exchange-CrossTenant-AuthSource: MRWP192MB3504.EURP192.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Apr 2026 12:39:25.3779
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 317e086a-301a-49af-9ea4-48a1c458b903
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 oKdSfdqkkphmHqRCd2ZIeGXUT/0N4vIhN1RE87yr9vnh9efwtDRwE4fY8FpVhm+IrecPjozOzgfV1+uM4clxdQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P192MB1563
X-cloud-security-sender: hsimeliere@witekio.com
X-cloud-security-recipient: openembedded-core@lists.openembedded.org
X-cloud-security-crypt: load encryption module
X-cloud-security-Mailarchiv: E-Mail archived for:
 hsimeliere.opensource@witekio.com
X-cloud-security-Mailarchivtype: outbound
X-cloud-security-Virusscan: CLEAN
X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on
 mx-gate31-hz12 with 4g1bJK2YdNz2TWxh
X-cloud-security-connect: 
 mail-westeuropeazon11023109.outbound.protection.outlook.com[52.101.72.109],
 TLS=1, IP=52.101.72.109
X-cloud-security-Digest: b498b17ca388eeee1db3f33ca5e631df
X-cloud-security: scantime:1.461
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 23 Apr 2026 12:39:45 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/235763