From: Deepak Rathore <[email protected]> This patch applies the upstream fix shown in [1] as referenced by [2].
[1] https://github.com/libexpat/libexpat/commit/2c6c42d33689f6b266a5267b639e03cde17e53c0 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-56405 Signed-off-by: Deepak Rathore <[email protected]> diff --git a/meta/recipes-core/expat/expat/CVE-2026-56405.patch b/meta/recipes-core/expat/expat/CVE-2026-56405.patch new file mode 100644 index 0000000000..c850801c1a --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2026-56405.patch @@ -0,0 +1,32 @@ +From 73209f445f0265b203829fa7873caa78ca83cefe Mon Sep 17 00:00:00 2001 +From: netliomax25-code <[email protected]> +Date: Fri, 29 May 2026 11:45:17 +0530 +Subject: [PATCH] lib: Protect function getAttributeId from signed integer + overflow + +CVE: CVE-2026-56405 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/2c6c42d33689f6b266a5267b639e03cde17e53c0] + +(cherry picked from commit 2c6c42d33689f6b266a5267b639e03cde17e53c0) +Signed-off-by: Deepak Rathore <[email protected]> +--- + expat/lib/xmlparse.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 1b7e289f..ec707336 100644 +--- a/expat/lib/xmlparse.c ++++ b/expat/lib/xmlparse.c +@@ -7324,6 +7324,10 @@ getAttributeId(XML_Parser parser, const ENCODING *enc, const char *start, + } else { + int i; + for (i = 0; name[i]; i++) { ++ /* Detect and prevent signed integer overflow */ ++ if (i == INT_MAX) { ++ return NULL; ++ } + /* attributes without prefix are *not* in the default namespace */ + if (name[i] == XML_T(ASCII_COLON)) { + int j; +-- +2.43.7 diff --git a/meta/recipes-core/expat/expat_2.7.5.bb b/meta/recipes-core/expat/expat_2.7.5.bb index affc134285..578d745e61 100644 --- a/meta/recipes-core/expat/expat_2.7.5.bb +++ b/meta/recipes-core/expat/expat_2.7.5.bb @@ -14,6 +14,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ file://CVE-2026-56403_p2.patch;striplevel=2 \ file://CVE-2026-56408.patch;striplevel=2 \ file://CVE-2026-56404.patch;striplevel=2 \ + file://CVE-2026-56405.patch;striplevel=2 \ " GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/" -- 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#240644): https://lists.openembedded.org/g/openembedded-core/message/240644 Mute This Topic: https://lists.openembedded.org/mt/120206258/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
