Upgrade expat to 2.6.3 to fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492 (#10331)

SPECS/expat/expat.signatures.json

@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "expat-2.6.2.tar.bz2": "9c7c1b5dcbc3c237c500a8fb1493e14d9582146dd9b42aa8d3ffb856a3b927e0"
+  "expat-2.6.3.tar.bz2": "b8baef92f328eebcf731f4d18103951c61fa8c8ec21d5ff4202fb6f2198aeb2d"
  }
 }

SPECS/expat/expat.spec

@@ -1,7 +1,7 @@
 %define         underscore_version %(echo %{version} | cut -d. -f1-3 --output-delimiter="_")
 Summary:        An XML parser library
 Name:           expat
-Version:        2.6.2
+Version:        2.6.3
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -66,6 +66,9 @@ rm -rf %{buildroot}/%{_docdir}/%{name}
 %{_libdir}/libexpat.so.1*
 
 %changelog
+* Tue Sep 04 2024 Gary Swalling <gaswal@microsoft.com> - 2.6.3-1
+- Upgrade to 2.6.3 to fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
+
 * Wed May 22 2024 Neha Agarwal <nehaagarwal@microsoft.com> - 2.6.2-1
 - Upgrade to v2.6.2 to fix CVE-2024-28757
 

cgmanifest.json

@@ -3408,8 +3408,8 @@
         "type": "other",
         "other": {
           "name": "expat",
-          "version": "2.6.2",
-          "downloadUrl": "https://github.com/libexpat/libexpat/releases/download/R_2_6_2/expat-2.6.2.tar.bz2"
+          "version": "2.6.3",
+          "downloadUrl": "https://github.com/libexpat/libexpat/releases/download/R_2_6_3/expat-2.6.3.tar.bz2"
         }
       }
     },

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -99,9 +99,9 @@ elfutils-libelf-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-devel-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-devel-static-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-lang-0.189-3.azl3.aarch64.rpm
-expat-2.6.2-1.azl3.aarch64.rpm
-expat-devel-2.6.2-1.azl3.aarch64.rpm
-expat-libs-2.6.2-1.azl3.aarch64.rpm
+expat-2.6.3-1.azl3.aarch64.rpm
+expat-devel-2.6.3-1.azl3.aarch64.rpm
+expat-libs-2.6.3-1.azl3.aarch64.rpm
 libpipeline-1.5.7-1.azl3.aarch64.rpm
 libpipeline-devel-1.5.7-1.azl3.aarch64.rpm
 gdbm-1.23-1.azl3.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -99,9 +99,9 @@ elfutils-libelf-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-devel-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-devel-static-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-lang-0.189-3.azl3.x86_64.rpm
-expat-2.6.2-1.azl3.x86_64.rpm
-expat-devel-2.6.2-1.azl3.x86_64.rpm
-expat-libs-2.6.2-1.azl3.x86_64.rpm
+expat-2.6.3-1.azl3.x86_64.rpm
+expat-devel-2.6.3-1.azl3.x86_64.rpm
+expat-libs-2.6.3-1.azl3.x86_64.rpm
 libpipeline-1.5.7-1.azl3.x86_64.rpm
 libpipeline-devel-1.5.7-1.azl3.x86_64.rpm
 gdbm-1.23-1.azl3.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -92,10 +92,10 @@ elfutils-libelf-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-devel-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-devel-static-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-lang-0.189-3.azl3.aarch64.rpm
-expat-2.6.2-1.azl3.aarch64.rpm
-expat-debuginfo-2.6.2-1.azl3.aarch64.rpm
-expat-devel-2.6.2-1.azl3.aarch64.rpm
-expat-libs-2.6.2-1.azl3.aarch64.rpm
+expat-2.6.3-1.azl3.aarch64.rpm
+expat-debuginfo-2.6.3-1.azl3.aarch64.rpm
+expat-devel-2.6.3-1.azl3.aarch64.rpm
+expat-libs-2.6.3-1.azl3.aarch64.rpm
 file-5.45-1.azl3.aarch64.rpm
 file-debuginfo-5.45-1.azl3.aarch64.rpm
 file-devel-5.45-1.azl3.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -95,10 +95,10 @@ elfutils-libelf-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-devel-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-devel-static-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-lang-0.189-3.azl3.x86_64.rpm
-expat-2.6.2-1.azl3.x86_64.rpm
-expat-debuginfo-2.6.2-1.azl3.x86_64.rpm
-expat-devel-2.6.2-1.azl3.x86_64.rpm
-expat-libs-2.6.2-1.azl3.x86_64.rpm
+expat-2.6.3-1.azl3.x86_64.rpm
+expat-debuginfo-2.6.3-1.azl3.x86_64.rpm
+expat-devel-2.6.3-1.azl3.x86_64.rpm
+expat-libs-2.6.3-1.azl3.x86_64.rpm
 file-5.45-1.azl3.x86_64.rpm
 file-debuginfo-5.45-1.azl3.x86_64.rpm
 file-devel-5.45-1.azl3.x86_64.rpm