Staging tree of Stijn Tintel https://git.openwrt.org/openwrt/staging/stintel/atom?h=master 2026-04-20T06:50:19Z 2026-04-20T06:50:19Z Nick Hainke 2026-04-19T09:37:10Z urn:sha1:76928eb34a2bcf3c9784c4117663785caf9a05a2 Changelog: https://github.com/libexpat/libexpat/blob/R_2_7_5/expat/Changes Fixes: CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 Link: https://github.com/openwrt/openwrt/pull/23007 Signed-off-by: Nick Hainke <vincent@systemli.org> 2026-03-14T19:34:36Z Fabrice Fontaine 2026-03-13T19:57:11Z urn:sha1:3c3e56afca1e2b2c3e0c091da77bc9774c788ae3 cpe:/a:libexpat_project:libexpat is the correct CPE ID for expat: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:libexpat_project:libexpat Fixes: ff59f3f4bdb56c779579aaa11b815f4c83abbac5 (tools/expat: fix PKG_CPE_ID) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Link: https://github.com/openwrt/openwrt/pull/22406 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 2026-02-07T08:06:52Z Nick Hainke 2026-02-06T22:00:25Z urn:sha1:274e9aff7c1575750f999e0d5af339ece61729b1 Changelog: https://github.com/libexpat/libexpat/blob/R_2_7_4/expat/Changes Fixes: CVE-2026-24515 CVE-2026-25210 Link: https://github.com/openwrt/openwrt/pull/21907 Signed-off-by: Nick Hainke <vincent@systemli.org> 2025-09-27T21:49:44Z Ted Hess 2025-09-27T21:46:18Z urn:sha1:842623a4f82411821f8632f7f04511332bb6d47a Fixes: CVE-2025-59375 Regression from: CVE-2024-8176 Changelog: https://github.com/libexpat/libexpat/blob/R_2_7_3/expat/Changes Signed-off-by: Ted Hess <thess@kitschensync.net> 2025-07-29T19:33:12Z Rosen Penev 2025-07-27T18:37:27Z urn:sha1:b0650c50c8f040cf3f94af0f9b07e65c14f36045 Even though expat is a C library, the configure script tests both C and C++ compilers so a fix is needed for the latter. Signed-off-by: Rosen Penev <rosenp@gmail.com> Link: https://github.com/openwrt/openwrt/pull/19594 Signed-off-by: Robert Marko <robimarko@gmail.com> 2025-04-06T18:01:46Z George Sapkin 2025-04-04T22:37:32Z urn:sha1:14a88ba520b44cf22216d1819d936cea1ec509a9 Addresses CVE-2024-8176 and CVE-2024-50602. Changelog: https://github.com/libexpat/libexpat/blob/R_2_7_1/expat/Changes Fixes: https://github.com/openwrt/packages/issues/26255 Fixes: https://github.com/advisories/GHSA-9hcv-xw76-m4h6 Fixes: https://github.com/advisories/GHSA-79wf-qgrg-2p6c Signed-off-by: George Sapkin <george@sapk.in> Link: https://github.com/openwrt/openwrt/pull/18421 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 2024-09-19T21:05:44Z Yanase Yuki 2024-09-13T10:22:28Z urn:sha1:2db7f1c67c007bf6548d24a04c81c862a55e566b This release fixes CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492. Changelog: https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes Signed-off-by: Yanase Yuki <dev@zpc.st> Link: https://github.com/openwrt/openwrt/pull/16379 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 2024-04-27T21:37:57Z Fabrice Fontaine 2024-04-26T09:24:41Z urn:sha1:ff59f3f4bdb56c779579aaa11b815f4c83abbac5 cpe:/a:libexpat_project:libexpat is the correct CPE ID for expat: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:libexpat:libexpat Fixes: c61a2395140d92cdd37d3d6ee43a765427e8e318 (add PKG_CPE_ID ids to package and tools) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Link: https://github.com/openwrt/openwrt/pull/15291 Signed-off-by: Robert Marko <robimarko@gmail.com> 2024-04-06T09:24:18Z Robert Marko 2024-04-03T17:12:57Z urn:sha1:bab3ae2ee7656600a185f4cef11cef94389023af In the light of recent XZ events, and fundamental XZ issues lets work on moving away from using XZ. So, use gz compressed tarballs as sources whenever possible. dwarves only offers bz2 compressed tarballs, so use those as size difference is minor compared to XZ. Signed-off-by: Robert Marko <robimarko@gmail.com> dwarves 2024-03-26T09:37:37Z Josef Schlehofer 2024-03-26T09:37:37Z urn:sha1:80b2288ea3234958e78761cc4720c03d4072d830 Release notes: https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes Fixes: CVE-2024-28757 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>