mirror of
https://git.yoctoproject.org/poky
synced 2026-01-29 21:08:42 +01:00
2421e79018
Pick patch from PR mentioning this CVE [1] It's a complex patch so I have checked diff of 2.6.4 and commit before these patches landed. There were no changes in memory allocations. Also version in scarthgap is still not that much different from current upstream master. Ptests pass. Also picked one documentation commit (-00) to resolve patch conflict. Following conflicts were resolved manually: * commit "mass-cppcheck.sh: Activate in-code suppression comments" was skipped as it only edited github actions not yet available in 2.6.4 * commit "lib: Implement tracking of dynamic memory allocations" ale had conflict in github actions not yet available in 2.6.4 * commit "fuzz: Be robust towards NULL return from XML_ExternalEntityParserCreate" edited file "expat/fuzz/xml_lpm_fuzzer.cpp" which is not present in our version yet. Since we're not using fuzzying, this is not needed. * the final changelog commit needed lot conflict resolution actions Finally picked PR fixing regression [2] together with two minor commits to have a clean cherry-picks. Also here the Changes commit needed conflict resolution. [1] https://github.com/libexpat/libexpat/pull/1034 [2] https://github.com/libexpat/libexpat/pull/1048 (From OE-Core rev: 684d3cdbc08ce41dc1f92e1f228eee34bc2bc1fe) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>