version update to 2.7.4

expat-2.7.3.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:71df8f40706a7bb0a80a5367079ea75d91da4f8c65c58ec59bcdfbf7decdab9f
-size 504744

expat-2.7.3.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmjURhUACgkQliYqz/vT
-rsaA6BAAjrS0g0AV8Bx6ecnl3aVBdGX79qXeIbmpwL9TJfJitBjQEWzcGQnvOwLZ
-b9HPLhpU2wVglX/syZF5xQ3ohMPbJ7dXtOXnNkxZP9+vhUBTt0zmohIvnJ9oRsHC
-rAHioyPypWGOKVH1MwxzkAWtomBkea888Um+NnE9wJvFJ6rXBUhcJS0vEDz3OwJI
-oHpD01Ovyg8ebdQBW95k3DOMuvXEpGhDY/TZ3hnDacHQ98g5+YKExb0f8QVxyQmU
-TkHz1tgfx8wzWmeur3+T8pz8NSUlM++EpYV0o1WGuJstSU7zHBqopTGOtdHC9gmt
-z7OxDX1KssFowMY/OJ+6+jF9wTlkmRZv8jfbLJY5cKHolgbfEG6LvELDtBGRRBWl
-OKd1W4gkxzCftroTPenhHT9nmas9ihsPa7+XIrkLrUJHw+x24i6zyUQRAzbzK9GN
-ziaZ8ZPUNHG1S99LPS6IdxFf061YOYAv0NoXk+bnhAj89pwAoi75la0S1NFpib1y
-4/6hKFJ4sA9ffqWECSMXRX1VN1M3AF1oiU+4kAgxwMaAiU1ro4AvMqauDzCr44/2
-FQ5tGTUyL3erWQtxfY5G3Sf5ti9S/NLrqf/Qiprrv7kAOKQPPaRYAdAZ+yqioAnL
-enbz2+h2HY1OhEAIBOpmrufstRdLvCWRsdTdxaVqmNFeDJVc1Xg=
-=jaIk
------END PGP SIGNATURE-----

expat-2.7.4.tar.xz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCAA5FiEEy43nCpDPv2w79cxWliYqz/vTrsYFAml967kbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMiwyAAoJEJYmKs/7067G7AcQALg4k9deC50LsO68nWEr
+IfzQWkoglhJUK34wPrn4BiAp5YVczwWaQhtOGEBNL/sDs+g/cQ5bBFQCYpjPQes3
+ksMsr6JPwwCAE9bOPPJLTx7uFyBjZfdt2J6J4fpXpBdwumo6T2k56Pcd2nMeqa5+
+M/tvt/nxaD+lJVJ40opWreFW5xj+DNN3H0zHz6ulsB0p87r6mK0dAFWwazCCg6nr
+oKY0zdrIYeF81Dm5vBRR4sawWt8wJUR9K/L9EnxTHUyvHsDJuuFdGzHL8nKk5TxO
+eYaD2ADc8XPmK5Pd/OTkQfKr3L+ZRFf6jDbISt2jze9aCxXhiB+Xtzrw7TpXTEZv
+bSJbTb2EJnDVPpq8yiuPOeJsE6HTQW7q/XLPRazvhWijrkbcydgHyFY1WEAPfmvh
+tjrI90jnM9Kn5HbbsATBg6vRrjOTbJTiDolMp7f7mhZEMaDh4XZC+VhyabZMbJT+
+n8KIv20vJd06IPVg2g7cnntrIklQGbUMu+CgNSzswNCakS+1FuR2nieqeOVHUWjt
+7y5KI/Hsv8QfsxmBLmSmQCNd5BgmHuxO/9TYmljYOn4Ham5/WMd3evBNeN6pcHzP
+XKDZhbFBsi8v+cYCEieoiFsUxLJDpEalYw0dJscqjzRxbyDc6RyMHQwrwPiW/vtd
+jw59c/STHgsUbtpPa6APuyOM
+=k616
+-----END PGP SIGNATURE-----

expat.changes

@@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Tue Feb  3 08:17:21 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
+
+- version update to 2.7.4
+  * CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
+            failed to copy the encoding handler data passed to
+            XML_SetUnknownEncodingHandler from the parent to the new
+            subparser. This can cause a NULL dereference (CWE-476) from
+            external entities that declare use of an unknown encoding.
+            The expected impact is denial of service. It takes use of
+            both functions XML_ExternalEntityParserCreate and
+            XML_SetUnknownEncodingHandler for an application to be
+            vulnerable.
+  * CVE-2026-25210 -- Add missing check for integer overflow
+            related to buffer size determination in function doContent
+  * lib: Fix missing undoing of group size expansion in doProlog
+            failure cases
+  * xmlwf: Fix a memory leak
+  * WASI: Fix format specifiers for 32bit WASI SDK
+- fixes [bsc#1257144] and [bsc#1257496]
+- obsolete CVE-2025-59375.patch
+
 -------------------------------------------------------------------
 Sat Sep 27 09:21:33 UTC 2025 - Christoph G <foss@grueninger.de>
 

expat.spec

@@ -17,10 +17,10 @@
 #
 
 
-%global unversion 2_7_3
+%global unversion 2_7_4
 %define sover 1
 Name:           expat
-Version:        2.7.3
+Version:        2.7.4
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT