1 files changed, 45 insertions, 0 deletions

diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-011.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-011.patch
new file mode 100644
index 0000000000..d1b0be2aff
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52426-011.patch
@@ -0,0 +1,45 @@
+From 8a6c61de4a425977e357cafd8667a0d7771ce292 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Thu, 26 Oct 2023 01:29:03 +0200
+Subject: [PATCH] lib: Add XML_GE to XML_GetFeatureList and XML_FeatureEnum
+ Co-authored-by: Snild Dolkow <snild@sony.com>
+
+CVE: CVE-2023-52426
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/8a6c61de4a425977e357cafd8667a0d7771ce292]
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ lib/expat.h    | 4 +++-
+ lib/xmlparse.c | 2 ++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lib/expat.h b/lib/expat.h
+index fa2eb45..9e64174 100644
+--- a/lib/expat.h
++++ b/lib/expat.h
+@@ -1025,7 +1025,9 @@ enum XML_FeatureEnum {
+   XML_FEATURE_ATTR_INFO,
+   /* Added in Expat 2.4.0. */
+   XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT,
+-  XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT
++  XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT,
++  /* Added in Expat 2.6.0. */
++  XML_FEATURE_GE
+   /* Additional features must be added to the end of this enum. */
+ };
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 82a8006..0627d6c 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -2544,6 +2544,8 @@ XML_GetFeatureList(void) {
+       {XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT,
+        XML_L("XML_BLAP_ACT_THRES"),
+        EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT},
++      /* Added in Expat 2.6.0. */
++    {XML_FEATURE_GE, XML_L("XML_GE"), 0},
+ #endif
+       {XML_FEATURE_END, NULL, 0}};
+
+--
+2.40.0