From 89669a10ddc623e735c8a242effe8c79a973586d Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account Date: Thu, 19 Mar 2026 20:54:35 +0000 Subject: [PATCH 1/9] Patch perl-XML-Parser for CVE-2006-10003, CVE-2006-10002 --- SPECS/perl-XML-Parser/CVE-2006-10002.patch | 111 ++++++++++++++++++ SPECS/perl-XML-Parser/CVE-2006-10003.patch | 71 +++++++++++ SPECS/perl-XML-Parser/perl-XML-Parser.spec | 9 +- .../manifests/package/toolchain_aarch64.txt | 4 +- .../manifests/package/toolchain_x86_64.txt | 4 +- 5 files changed, 194 insertions(+), 5 deletions(-) create mode 100644 SPECS/perl-XML-Parser/CVE-2006-10002.patch create mode 100644 SPECS/perl-XML-Parser/CVE-2006-10003.patch diff --git a/SPECS/perl-XML-Parser/CVE-2006-10002.patch b/SPECS/perl-XML-Parser/CVE-2006-10002.patch new file mode 100644 index 00000000000..bd0a75b35f7 --- /dev/null +++ b/SPECS/perl-XML-Parser/CVE-2006-10002.patch @@ -0,0 +1,111 @@ +From 31f0c03a1a265f5a5703531628f4b5bc0341d5c8 Mon Sep 17 00:00:00 2001 +From: Toddr Bot +Date: Mon, 16 Mar 2026 20:55:31 +0000 +Subject: [PATCH] Fix buffer overflow in parse_stream when filehandle has :utf8 + layer + +When a filehandle has a :utf8 PerlIO layer, Perl's read() returns +decoded characters, but SvPV() gives back the UTF-8 byte +representation which can be larger than the pre-allocated XML buffer. +Previously this caused heap corruption (double free / buffer overflow), +and a later workaround (BUFSIZE * 6 + croak) prevented the corruption +but still crashed. + +Fix by re-obtaining the expat buffer at the actual byte size when the +read produces more bytes than initially allocated. This handles UTF-8 +streams gracefully without wasting memory on an oversized buffer. + +Fixes https://github.com/cpan-authors/XML-Parser/issues/64 +(migrated from rt.cpan.org #19859) + +Co-Authored-By: Claude Opus 4.6 +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch +--- + Expat/Expat.xs | 15 +++++++++++---- + t/utf8_stream.t | 40 ++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 51 insertions(+), 4 deletions(-) + create mode 100644 t/utf8_stream.t + +diff --git a/Expat/Expat.xs b/Expat/Expat.xs +index dbad380..356df84 100644 +--- a/Expat/Expat.xs ++++ b/Expat/Expat.xs +@@ -343,8 +343,8 @@ parse_stream(XML_Parser parser, SV * ioref) + } + else { + tbuff = newSV(0); +- tsiz = newSViv(BUFSIZE); /* in UTF-8 characters */ +- buffsize = BUFSIZE * 6; /* in bytes that encode an UTF-8 string */ ++ tsiz = newSViv(BUFSIZE); ++ buffsize = BUFSIZE; + } + + while (! done) +@@ -387,8 +387,15 @@ parse_stream(XML_Parser parser, SV * ioref) + + tb = SvPV(tbuff, br); + if (br > 0) { +- if (br > buffsize) +- croak("The input buffer is not large enough for read UTF-8 decoded string"); ++ if (br > buffsize) { ++ /* The byte count from SvPV can exceed buffsize when the ++ filehandle has a :utf8 layer, since Perl reads buffsize ++ characters but multi-byte UTF-8 chars produce more bytes. ++ Re-obtain the buffer at the required size. */ ++ buffer = XML_GetBuffer(parser, br); ++ if (! buffer) ++ croak("Ran out of memory for input buffer"); ++ } + Copy(tb, buffer, br, char); + } else + done = 1; +diff --git a/t/utf8_stream.t b/t/utf8_stream.t +new file mode 100644 +index 0000000..a7e55f7 +--- /dev/null ++++ b/t/utf8_stream.t +@@ -0,0 +1,40 @@ ++BEGIN { print "1..2\n"; } ++END { print "not ok 1\n" unless $loaded; } ++use XML::Parser; ++$loaded = 1; ++print "ok 1\n"; ++ ++################################################################ ++# Test parsing from a filehandle with :utf8 layer ++# Regression test for rt.cpan.org #19859 / GitHub issue #64 ++# A UTF-8 stream caused buffer overflow because SvPV byte count ++# could exceed the pre-allocated XML_GetBuffer size. ++ ++use File::Temp qw(tempfile); ++ ++# Create a temp file with UTF-8 XML content containing multi-byte chars ++my ($fh, $tmpfile) = tempfile(UNLINK => 1); ++binmode($fh, ':raw'); ++# Write raw UTF-8 bytes: XML with Chinese characters (3 bytes each in UTF-8) ++# U+4E16 U+754C (世界 = "world") repeated to create substantial multi-byte content ++my $body = "\xe4\xb8\x96\xe7\x95\x8c" x 20000; # 120000 bytes / 40000 chars of 3-byte UTF-8 ++print $fh qq(\n$body\n); ++close($fh); ++ ++my $text = ''; ++my $parser = XML::Parser->new( ++ Handlers => { ++ Char => sub { $text .= $_[1]; }, ++ } ++); ++ ++# Open with :utf8 layer - this is what triggers the bug ++open(my $in, '<:utf8', $tmpfile) or die "Cannot open $tmpfile: $!"; ++eval { $parser->parse($in); }; ++close($in); ++ ++if ($@ eq '' && length($text) > 0) { ++ print "ok 2\n"; ++} else { ++ print "not ok 2 # $@\n"; ++} +-- +2.45.4 + diff --git a/SPECS/perl-XML-Parser/CVE-2006-10003.patch b/SPECS/perl-XML-Parser/CVE-2006-10003.patch new file mode 100644 index 00000000000..853422c7a3f --- /dev/null +++ b/SPECS/perl-XML-Parser/CVE-2006-10003.patch @@ -0,0 +1,71 @@ +From af195f8f1f0ec5a077ed8e3f4c32c8ed06d75ac5 Mon Sep 17 00:00:00 2001 +From: Toddr Bot +Date: Mon, 16 Mar 2026 22:16:11 +0000 +Subject: [PATCH] fix: off-by-one heap buffer overflow in st_serial_stack + growth check + +When st_serial_stackptr == st_serial_stacksize - 1, the old check +(stackptr >= stacksize) would not trigger reallocation. The subsequent +++stackptr then writes at index stacksize, one element past the +allocated buffer. + +Fix by checking stackptr + 1 >= stacksize so the buffer is grown +before the pre-increment write. + +Add a deep nesting test (600 levels) to exercise this code path. + +Fixes #39 + +Co-Authored-By: Claude Opus 4.6 +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch +--- + Expat/Expat.xs | 2 +- + t/deep_nesting.t | 22 ++++++++++++++++++++++ + 2 files changed, 23 insertions(+), 1 deletion(-) + create mode 100644 t/deep_nesting.t + +diff --git a/Expat/Expat.xs b/Expat/Expat.xs +index 356df84..fb18c1d 100644 +--- a/Expat/Expat.xs ++++ b/Expat/Expat.xs +@@ -506,7 +506,7 @@ startElement(void *userData, const char *name, const char **atts) + } + } + +- if (cbv->st_serial_stackptr >= cbv->st_serial_stacksize) { ++ if (cbv->st_serial_stackptr + 1 >= cbv->st_serial_stacksize) { + unsigned int newsize = cbv->st_serial_stacksize + 512; + + Renew(cbv->st_serial_stack, newsize, unsigned int); +diff --git a/t/deep_nesting.t b/t/deep_nesting.t +new file mode 100644 +index 0000000..8237b5f +--- /dev/null ++++ b/t/deep_nesting.t +@@ -0,0 +1,22 @@ ++BEGIN { print "1..1\n"; } ++ ++# Test for deeply nested elements to exercise st_serial_stack reallocation. ++# This catches off-by-one errors in the stack growth check (GH #39). ++ ++use XML::Parser; ++ ++my $depth = 600; ++ ++my $xml = ''; ++for my $i (1 .. $depth) { ++ $xml .= ""; ++} ++for my $i (reverse 1 .. $depth) { ++ $xml .= ""; ++} ++ ++my $p = XML::Parser->new; ++eval { $p->parse($xml) }; ++ ++print "not " if $@; ++print "ok 1\n"; +-- +2.45.4 + diff --git a/SPECS/perl-XML-Parser/perl-XML-Parser.spec b/SPECS/perl-XML-Parser/perl-XML-Parser.spec index 9276ae57ac5..b3d06f1995e 100644 --- a/SPECS/perl-XML-Parser/perl-XML-Parser.spec +++ b/SPECS/perl-XML-Parser/perl-XML-Parser.spec @@ -1,13 +1,15 @@ Summary: XML-Parser perl module Name: perl-XML-Parser Version: 2.47 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL+ OR Artistic Vendor: Microsoft Corporation Distribution: Azure Linux Group: Development/Tools URL: https://metacpan.org/pod/XML::Parser Source0: https://cpan.metacpan.org/authors/id/T/TO/TODDR/XML-Parser-%{version}.tar.gz +Patch0: CVE-2006-10002.patch +Patch1: CVE-2006-10003.patch BuildRequires: expat-devel BuildRequires: perl >= 5.28.0 BuildRequires: perl-generators @@ -36,6 +38,8 @@ The XML::Parser module is a Perl extension interface to James Clark's XML parser %prep %setup -q -n XML-Parser-%{version} +%patch 0 -p1 +%patch 1 -p1 %build perl Makefile.PL INSTALLDIRS=vendor --prefix=%{_prefix} @@ -55,6 +59,9 @@ make %{?_smp_mflags} test %{_mandir}/man3/* %changelog +* Thu Mar 19 2026 Azure Linux Security Servicing Account - 2.47-2 +- Patch for CVE-2006-10003, CVE-2006-10002 + * Thu Feb 01 2024 Nicolas Guibourge - 2.47-1 - Upgrade to 2.47 diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index e9f2529ec7f..2ea08070ca2 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -511,8 +511,8 @@ perl-utils-5.38.2-509.azl3.noarch.rpm perl-vars-1.05-509.azl3.noarch.rpm perl-version-0.99.29-509.azl3.noarch.rpm perl-vmsish-1.04-509.azl3.noarch.rpm -perl-XML-Parser-2.47-1.azl3.aarch64.rpm -perl-XML-Parser-debuginfo-2.47-1.azl3.aarch64.rpm +perl-XML-Parser-2.47-2.azl3.aarch64.rpm +perl-XML-Parser-debuginfo-2.47-2.azl3.aarch64.rpm pinentry-1.2.1-1.azl3.aarch64.rpm pinentry-debuginfo-1.2.1-1.azl3.aarch64.rpm pkgconf-2.0.2-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 8f6dc96c9de..61b005088aa 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -519,8 +519,8 @@ perl-utils-5.38.2-509.azl3.noarch.rpm perl-vars-1.05-509.azl3.noarch.rpm perl-version-0.99.29-509.azl3.noarch.rpm perl-vmsish-1.04-509.azl3.noarch.rpm -perl-XML-Parser-2.47-1.azl3.x86_64.rpm -perl-XML-Parser-debuginfo-2.47-1.azl3.x86_64.rpm +perl-XML-Parser-2.47-2.azl3.x86_64.rpm +perl-XML-Parser-debuginfo-2.47-2.azl3.x86_64.rpm pinentry-1.2.1-1.azl3.x86_64.rpm pinentry-debuginfo-1.2.1-1.azl3.x86_64.rpm pkgconf-2.0.2-1.azl3.x86_64.rpm From 173d51ff9f00ee01a3ab4b81cb51066a5b0de33a Mon Sep 17 00:00:00 2001 From: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com> Date: Fri, 20 Mar 2026 02:44:23 +0530 Subject: [PATCH 2/9] Refactor setup commands in perl-XML-Parser.spec Updated the setup process to use %autosetup for patches. --- SPECS/perl-XML-Parser/perl-XML-Parser.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/SPECS/perl-XML-Parser/perl-XML-Parser.spec b/SPECS/perl-XML-Parser/perl-XML-Parser.spec index b3d06f1995e..99e4d33abd0 100644 --- a/SPECS/perl-XML-Parser/perl-XML-Parser.spec +++ b/SPECS/perl-XML-Parser/perl-XML-Parser.spec @@ -37,9 +37,7 @@ Provides: perl(XML::Parser::Style::Tree) = %{version}-%{release} The XML::Parser module is a Perl extension interface to James Clark's XML parser, expat %prep -%setup -q -n XML-Parser-%{version} -%patch 0 -p1 -%patch 1 -p1 +%autosetup -p1 -n XML-Parser-%{version} %build perl Makefile.PL INSTALLDIRS=vendor --prefix=%{_prefix} From 40fdf66c90e2b4fba43b53e119154907e171384d Mon Sep 17 00:00:00 2001 From: Aditya Singh Date: Wed, 25 Mar 2026 04:55:19 +0000 Subject: [PATCH 3/9] Patch for skipping 3rd subtest in t/partial.t --- SPECS/perl-XML-Parser/perl-XML-Parser.spec | 4 ++- .../skip-subtest-in-partial-t.patch | 29 +++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch diff --git a/SPECS/perl-XML-Parser/perl-XML-Parser.spec b/SPECS/perl-XML-Parser/perl-XML-Parser.spec index 99e4d33abd0..09e6b680649 100644 --- a/SPECS/perl-XML-Parser/perl-XML-Parser.spec +++ b/SPECS/perl-XML-Parser/perl-XML-Parser.spec @@ -10,6 +10,7 @@ URL: https://metacpan.org/pod/XML::Parser Source0: https://cpan.metacpan.org/authors/id/T/TO/TODDR/XML-Parser-%{version}.tar.gz Patch0: CVE-2006-10002.patch Patch1: CVE-2006-10003.patch +Patch2: skip-subtest-in-partial-t.patch BuildRequires: expat-devel BuildRequires: perl >= 5.28.0 BuildRequires: perl-generators @@ -59,6 +60,7 @@ make %{?_smp_mflags} test %changelog * Thu Mar 19 2026 Azure Linux Security Servicing Account - 2.47-2 - Patch for CVE-2006-10003, CVE-2006-10002 +- Patch for skipping 3rd subtest in t/partial.t * Thu Feb 01 2024 Nicolas Guibourge - 2.47-1 - Upgrade to 2.47 @@ -84,7 +86,7 @@ make %{?_smp_mflags} test * Wed Apr 22 2020 Emre Girgin - 2.44-8 - Decouple perl version from the build. -* Tue Mar 07 2020 Paul Monson - 2.44-7 +* Tue Mar 03 2020 Paul Monson - 2.44-7 - Update URL. Update Source0. License verified. * Tue Sep 03 2019 Mateusz Malisz - 2.44-6 diff --git a/SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch b/SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch new file mode 100644 index 00000000000..128eddec9c1 --- /dev/null +++ b/SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch @@ -0,0 +1,29 @@ +From 55da1fab898d929f8fe0394e3b1c3bca961353fe Mon Sep 17 00:00:00 2001 +From: Aditya Singh +Date: Wed, 25 Mar 2026 03:16:37 +0000 +Subject: [PATCH] skip subtest in partial.t + +Condition to check if the 3rd subtest is failed has been removed as it is +getting failed due to known issue with expat library 2.7.0. + +Issue Reference: +1. https://github.com/libexpat/libexpat/issues/980 +2. https://github.com/cpan-authors/XML-Parser/issues/104 +--- + t/partial.t | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/t/partial.t b/t/partial.t +index fae8430..98fda21 100644 +--- a/t/partial.t ++++ b/t/partial.t +@@ -38,6 +38,5 @@ $xpnb->parse_done; + print "not " unless $cnt == 37; + print "ok 2\n"; + +-print "not " unless $str eq '&draft.day;'; + print "ok 3\n"; + +-- +2.45.4 + From d4fde17108ab1acd4295fe70ad6834268543a6f8 Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account Date: Thu, 19 Mar 2026 20:54:35 +0000 Subject: [PATCH 4/9] Patch perl-XML-Parser for CVE-2006-10003, CVE-2006-10002 --- SPECS/perl-XML-Parser/CVE-2006-10002.patch | 111 ++++++++++++++++++ SPECS/perl-XML-Parser/CVE-2006-10003.patch | 71 +++++++++++ SPECS/perl-XML-Parser/perl-XML-Parser.spec | 9 +- .../manifests/package/toolchain_aarch64.txt | 4 +- .../manifests/package/toolchain_x86_64.txt | 4 +- 5 files changed, 194 insertions(+), 5 deletions(-) create mode 100644 SPECS/perl-XML-Parser/CVE-2006-10002.patch create mode 100644 SPECS/perl-XML-Parser/CVE-2006-10003.patch diff --git a/SPECS/perl-XML-Parser/CVE-2006-10002.patch b/SPECS/perl-XML-Parser/CVE-2006-10002.patch new file mode 100644 index 00000000000..bd0a75b35f7 --- /dev/null +++ b/SPECS/perl-XML-Parser/CVE-2006-10002.patch @@ -0,0 +1,111 @@ +From 31f0c03a1a265f5a5703531628f4b5bc0341d5c8 Mon Sep 17 00:00:00 2001 +From: Toddr Bot +Date: Mon, 16 Mar 2026 20:55:31 +0000 +Subject: [PATCH] Fix buffer overflow in parse_stream when filehandle has :utf8 + layer + +When a filehandle has a :utf8 PerlIO layer, Perl's read() returns +decoded characters, but SvPV() gives back the UTF-8 byte +representation which can be larger than the pre-allocated XML buffer. +Previously this caused heap corruption (double free / buffer overflow), +and a later workaround (BUFSIZE * 6 + croak) prevented the corruption +but still crashed. + +Fix by re-obtaining the expat buffer at the actual byte size when the +read produces more bytes than initially allocated. This handles UTF-8 +streams gracefully without wasting memory on an oversized buffer. + +Fixes https://github.com/cpan-authors/XML-Parser/issues/64 +(migrated from rt.cpan.org #19859) + +Co-Authored-By: Claude Opus 4.6 +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch +--- + Expat/Expat.xs | 15 +++++++++++---- + t/utf8_stream.t | 40 ++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 51 insertions(+), 4 deletions(-) + create mode 100644 t/utf8_stream.t + +diff --git a/Expat/Expat.xs b/Expat/Expat.xs +index dbad380..356df84 100644 +--- a/Expat/Expat.xs ++++ b/Expat/Expat.xs +@@ -343,8 +343,8 @@ parse_stream(XML_Parser parser, SV * ioref) + } + else { + tbuff = newSV(0); +- tsiz = newSViv(BUFSIZE); /* in UTF-8 characters */ +- buffsize = BUFSIZE * 6; /* in bytes that encode an UTF-8 string */ ++ tsiz = newSViv(BUFSIZE); ++ buffsize = BUFSIZE; + } + + while (! done) +@@ -387,8 +387,15 @@ parse_stream(XML_Parser parser, SV * ioref) + + tb = SvPV(tbuff, br); + if (br > 0) { +- if (br > buffsize) +- croak("The input buffer is not large enough for read UTF-8 decoded string"); ++ if (br > buffsize) { ++ /* The byte count from SvPV can exceed buffsize when the ++ filehandle has a :utf8 layer, since Perl reads buffsize ++ characters but multi-byte UTF-8 chars produce more bytes. ++ Re-obtain the buffer at the required size. */ ++ buffer = XML_GetBuffer(parser, br); ++ if (! buffer) ++ croak("Ran out of memory for input buffer"); ++ } + Copy(tb, buffer, br, char); + } else + done = 1; +diff --git a/t/utf8_stream.t b/t/utf8_stream.t +new file mode 100644 +index 0000000..a7e55f7 +--- /dev/null ++++ b/t/utf8_stream.t +@@ -0,0 +1,40 @@ ++BEGIN { print "1..2\n"; } ++END { print "not ok 1\n" unless $loaded; } ++use XML::Parser; ++$loaded = 1; ++print "ok 1\n"; ++ ++################################################################ ++# Test parsing from a filehandle with :utf8 layer ++# Regression test for rt.cpan.org #19859 / GitHub issue #64 ++# A UTF-8 stream caused buffer overflow because SvPV byte count ++# could exceed the pre-allocated XML_GetBuffer size. ++ ++use File::Temp qw(tempfile); ++ ++# Create a temp file with UTF-8 XML content containing multi-byte chars ++my ($fh, $tmpfile) = tempfile(UNLINK => 1); ++binmode($fh, ':raw'); ++# Write raw UTF-8 bytes: XML with Chinese characters (3 bytes each in UTF-8) ++# U+4E16 U+754C (世界 = "world") repeated to create substantial multi-byte content ++my $body = "\xe4\xb8\x96\xe7\x95\x8c" x 20000; # 120000 bytes / 40000 chars of 3-byte UTF-8 ++print $fh qq(\n$body\n); ++close($fh); ++ ++my $text = ''; ++my $parser = XML::Parser->new( ++ Handlers => { ++ Char => sub { $text .= $_[1]; }, ++ } ++); ++ ++# Open with :utf8 layer - this is what triggers the bug ++open(my $in, '<:utf8', $tmpfile) or die "Cannot open $tmpfile: $!"; ++eval { $parser->parse($in); }; ++close($in); ++ ++if ($@ eq '' && length($text) > 0) { ++ print "ok 2\n"; ++} else { ++ print "not ok 2 # $@\n"; ++} +-- +2.45.4 + diff --git a/SPECS/perl-XML-Parser/CVE-2006-10003.patch b/SPECS/perl-XML-Parser/CVE-2006-10003.patch new file mode 100644 index 00000000000..853422c7a3f --- /dev/null +++ b/SPECS/perl-XML-Parser/CVE-2006-10003.patch @@ -0,0 +1,71 @@ +From af195f8f1f0ec5a077ed8e3f4c32c8ed06d75ac5 Mon Sep 17 00:00:00 2001 +From: Toddr Bot +Date: Mon, 16 Mar 2026 22:16:11 +0000 +Subject: [PATCH] fix: off-by-one heap buffer overflow in st_serial_stack + growth check + +When st_serial_stackptr == st_serial_stacksize - 1, the old check +(stackptr >= stacksize) would not trigger reallocation. The subsequent +++stackptr then writes at index stacksize, one element past the +allocated buffer. + +Fix by checking stackptr + 1 >= stacksize so the buffer is grown +before the pre-increment write. + +Add a deep nesting test (600 levels) to exercise this code path. + +Fixes #39 + +Co-Authored-By: Claude Opus 4.6 +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch +--- + Expat/Expat.xs | 2 +- + t/deep_nesting.t | 22 ++++++++++++++++++++++ + 2 files changed, 23 insertions(+), 1 deletion(-) + create mode 100644 t/deep_nesting.t + +diff --git a/Expat/Expat.xs b/Expat/Expat.xs +index 356df84..fb18c1d 100644 +--- a/Expat/Expat.xs ++++ b/Expat/Expat.xs +@@ -506,7 +506,7 @@ startElement(void *userData, const char *name, const char **atts) + } + } + +- if (cbv->st_serial_stackptr >= cbv->st_serial_stacksize) { ++ if (cbv->st_serial_stackptr + 1 >= cbv->st_serial_stacksize) { + unsigned int newsize = cbv->st_serial_stacksize + 512; + + Renew(cbv->st_serial_stack, newsize, unsigned int); +diff --git a/t/deep_nesting.t b/t/deep_nesting.t +new file mode 100644 +index 0000000..8237b5f +--- /dev/null ++++ b/t/deep_nesting.t +@@ -0,0 +1,22 @@ ++BEGIN { print "1..1\n"; } ++ ++# Test for deeply nested elements to exercise st_serial_stack reallocation. ++# This catches off-by-one errors in the stack growth check (GH #39). ++ ++use XML::Parser; ++ ++my $depth = 600; ++ ++my $xml = ''; ++for my $i (1 .. $depth) { ++ $xml .= ""; ++} ++for my $i (reverse 1 .. $depth) { ++ $xml .= ""; ++} ++ ++my $p = XML::Parser->new; ++eval { $p->parse($xml) }; ++ ++print "not " if $@; ++print "ok 1\n"; +-- +2.45.4 + diff --git a/SPECS/perl-XML-Parser/perl-XML-Parser.spec b/SPECS/perl-XML-Parser/perl-XML-Parser.spec index 9276ae57ac5..b3d06f1995e 100644 --- a/SPECS/perl-XML-Parser/perl-XML-Parser.spec +++ b/SPECS/perl-XML-Parser/perl-XML-Parser.spec @@ -1,13 +1,15 @@ Summary: XML-Parser perl module Name: perl-XML-Parser Version: 2.47 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL+ OR Artistic Vendor: Microsoft Corporation Distribution: Azure Linux Group: Development/Tools URL: https://metacpan.org/pod/XML::Parser Source0: https://cpan.metacpan.org/authors/id/T/TO/TODDR/XML-Parser-%{version}.tar.gz +Patch0: CVE-2006-10002.patch +Patch1: CVE-2006-10003.patch BuildRequires: expat-devel BuildRequires: perl >= 5.28.0 BuildRequires: perl-generators @@ -36,6 +38,8 @@ The XML::Parser module is a Perl extension interface to James Clark's XML parser %prep %setup -q -n XML-Parser-%{version} +%patch 0 -p1 +%patch 1 -p1 %build perl Makefile.PL INSTALLDIRS=vendor --prefix=%{_prefix} @@ -55,6 +59,9 @@ make %{?_smp_mflags} test %{_mandir}/man3/* %changelog +* Thu Mar 19 2026 Azure Linux Security Servicing Account - 2.47-2 +- Patch for CVE-2006-10003, CVE-2006-10002 + * Thu Feb 01 2024 Nicolas Guibourge - 2.47-1 - Upgrade to 2.47 diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 99a643d74bc..18091c7b8ae 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -511,8 +511,8 @@ perl-utils-5.38.2-509.azl3.noarch.rpm perl-vars-1.05-509.azl3.noarch.rpm perl-version-0.99.29-509.azl3.noarch.rpm perl-vmsish-1.04-509.azl3.noarch.rpm -perl-XML-Parser-2.47-1.azl3.aarch64.rpm -perl-XML-Parser-debuginfo-2.47-1.azl3.aarch64.rpm +perl-XML-Parser-2.47-2.azl3.aarch64.rpm +perl-XML-Parser-debuginfo-2.47-2.azl3.aarch64.rpm pinentry-1.2.1-1.azl3.aarch64.rpm pinentry-debuginfo-1.2.1-1.azl3.aarch64.rpm pkgconf-2.0.2-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index b8039a481ba..9c1c4a68a8a 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -519,8 +519,8 @@ perl-utils-5.38.2-509.azl3.noarch.rpm perl-vars-1.05-509.azl3.noarch.rpm perl-version-0.99.29-509.azl3.noarch.rpm perl-vmsish-1.04-509.azl3.noarch.rpm -perl-XML-Parser-2.47-1.azl3.x86_64.rpm -perl-XML-Parser-debuginfo-2.47-1.azl3.x86_64.rpm +perl-XML-Parser-2.47-2.azl3.x86_64.rpm +perl-XML-Parser-debuginfo-2.47-2.azl3.x86_64.rpm pinentry-1.2.1-1.azl3.x86_64.rpm pinentry-debuginfo-1.2.1-1.azl3.x86_64.rpm pkgconf-2.0.2-1.azl3.x86_64.rpm From d8120d288e8ef53661aa1c964844f103ad157544 Mon Sep 17 00:00:00 2001 From: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com> Date: Fri, 20 Mar 2026 02:44:23 +0530 Subject: [PATCH 5/9] Refactor setup commands in perl-XML-Parser.spec Updated the setup process to use %autosetup for patches. --- SPECS/perl-XML-Parser/perl-XML-Parser.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/SPECS/perl-XML-Parser/perl-XML-Parser.spec b/SPECS/perl-XML-Parser/perl-XML-Parser.spec index b3d06f1995e..99e4d33abd0 100644 --- a/SPECS/perl-XML-Parser/perl-XML-Parser.spec +++ b/SPECS/perl-XML-Parser/perl-XML-Parser.spec @@ -37,9 +37,7 @@ Provides: perl(XML::Parser::Style::Tree) = %{version}-%{release} The XML::Parser module is a Perl extension interface to James Clark's XML parser, expat %prep -%setup -q -n XML-Parser-%{version} -%patch 0 -p1 -%patch 1 -p1 +%autosetup -p1 -n XML-Parser-%{version} %build perl Makefile.PL INSTALLDIRS=vendor --prefix=%{_prefix} From 829a157ce6b0321606145c7726abc8ceb762f791 Mon Sep 17 00:00:00 2001 From: Aditya Singh Date: Wed, 25 Mar 2026 04:55:19 +0000 Subject: [PATCH 6/9] Patch for skipping 3rd subtest in t/partial.t --- SPECS/perl-XML-Parser/perl-XML-Parser.spec | 4 ++- .../skip-subtest-in-partial-t.patch | 29 +++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch diff --git a/SPECS/perl-XML-Parser/perl-XML-Parser.spec b/SPECS/perl-XML-Parser/perl-XML-Parser.spec index 99e4d33abd0..09e6b680649 100644 --- a/SPECS/perl-XML-Parser/perl-XML-Parser.spec +++ b/SPECS/perl-XML-Parser/perl-XML-Parser.spec @@ -10,6 +10,7 @@ URL: https://metacpan.org/pod/XML::Parser Source0: https://cpan.metacpan.org/authors/id/T/TO/TODDR/XML-Parser-%{version}.tar.gz Patch0: CVE-2006-10002.patch Patch1: CVE-2006-10003.patch +Patch2: skip-subtest-in-partial-t.patch BuildRequires: expat-devel BuildRequires: perl >= 5.28.0 BuildRequires: perl-generators @@ -59,6 +60,7 @@ make %{?_smp_mflags} test %changelog * Thu Mar 19 2026 Azure Linux Security Servicing Account - 2.47-2 - Patch for CVE-2006-10003, CVE-2006-10002 +- Patch for skipping 3rd subtest in t/partial.t * Thu Feb 01 2024 Nicolas Guibourge - 2.47-1 - Upgrade to 2.47 @@ -84,7 +86,7 @@ make %{?_smp_mflags} test * Wed Apr 22 2020 Emre Girgin - 2.44-8 - Decouple perl version from the build. -* Tue Mar 07 2020 Paul Monson - 2.44-7 +* Tue Mar 03 2020 Paul Monson - 2.44-7 - Update URL. Update Source0. License verified. * Tue Sep 03 2019 Mateusz Malisz - 2.44-6 diff --git a/SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch b/SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch new file mode 100644 index 00000000000..128eddec9c1 --- /dev/null +++ b/SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch @@ -0,0 +1,29 @@ +From 55da1fab898d929f8fe0394e3b1c3bca961353fe Mon Sep 17 00:00:00 2001 +From: Aditya Singh +Date: Wed, 25 Mar 2026 03:16:37 +0000 +Subject: [PATCH] skip subtest in partial.t + +Condition to check if the 3rd subtest is failed has been removed as it is +getting failed due to known issue with expat library 2.7.0. + +Issue Reference: +1. https://github.com/libexpat/libexpat/issues/980 +2. https://github.com/cpan-authors/XML-Parser/issues/104 +--- + t/partial.t | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/t/partial.t b/t/partial.t +index fae8430..98fda21 100644 +--- a/t/partial.t ++++ b/t/partial.t +@@ -38,6 +38,5 @@ $xpnb->parse_done; + print "not " unless $cnt == 37; + print "ok 2\n"; + +-print "not " unless $str eq '&draft.day;'; + print "ok 3\n"; + +-- +2.45.4 + From 77f8fdca650f6fa0f3df6e9d899232e736d0a636 Mon Sep 17 00:00:00 2001 From: Aditya Singh Date: Tue, 31 Mar 2026 06:29:31 +0000 Subject: [PATCH 7/9] resolved ptest failure by patching expat --- ...ng-event-pointer-on-exit-for-reentry.patch | 256 ++++++++++++++++++ SPECS/expat/expat.spec | 7 +- SPECS/perl-XML-Parser/perl-XML-Parser.spec | 2 - 3 files changed, 262 insertions(+), 3 deletions(-) create mode 100644 SPECS/expat/Stop-updating-event-pointer-on-exit-for-reentry.patch diff --git a/SPECS/expat/Stop-updating-event-pointer-on-exit-for-reentry.patch b/SPECS/expat/Stop-updating-event-pointer-on-exit-for-reentry.patch new file mode 100644 index 00000000000..6df6758fbcc --- /dev/null +++ b/SPECS/expat/Stop-updating-event-pointer-on-exit-for-reentry.patch @@ -0,0 +1,256 @@ +From 89a9c6807c982b4fa8aa806dd72771d6642dd8a1 Mon Sep 17 00:00:00 2001 +From: Berkay Eren Ürün m_parsingStatus.parsing) { + case XML_SUSPENDED: ++ *eventPP = next; + *nextPtr = next; + return XML_ERROR_NONE; + case XML_FINISHED: ++ *eventPP = next; + return XML_ERROR_ABORTED; + case XML_PARSING: + if (parser->m_reenter) { +@@ -3768,6 +3769,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, + } + /* Fall through */ + default:; ++ *eventPP = s = next; + } + } + /* not reached */ +@@ -4684,12 +4686,13 @@ doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr, + /* LCOV_EXCL_STOP */ + } + +- *eventPP = s = next; + switch (parser->m_parsingStatus.parsing) { + case XML_SUSPENDED: ++ *eventPP = next; + *nextPtr = next; + return XML_ERROR_NONE; + case XML_FINISHED: ++ *eventPP = next; + return XML_ERROR_ABORTED; + case XML_PARSING: + if (parser->m_reenter) { +@@ -4697,6 +4700,7 @@ doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr, + } + /* Fall through */ + default:; ++ *eventPP = s = next; + } + } + /* not reached */ +@@ -6307,12 +6311,13 @@ epilogProcessor(XML_Parser parser, const char *s, const char *end, + default: + return XML_ERROR_JUNK_AFTER_DOC_ELEMENT; + } +- parser->m_eventPtr = s = next; + switch (parser->m_parsingStatus.parsing) { + case XML_SUSPENDED: ++ parser->m_eventPtr = next; + *nextPtr = next; + return XML_ERROR_NONE; + case XML_FINISHED: ++ parser->m_eventPtr = next; + return XML_ERROR_ABORTED; + case XML_PARSING: + if (parser->m_reenter) { +@@ -6320,6 +6325,7 @@ epilogProcessor(XML_Parser parser, const char *s, const char *end, + } + /* Fall through */ + default:; ++ parser->m_eventPtr = s = next; + } + } + } +diff --git a/tests/common.c b/tests/common.c +index 3aea8d7..b267dbb 100644 +--- a/tests/common.c ++++ b/tests/common.c +@@ -42,6 +42,8 @@ + */ + + #include ++#include ++#include // for SIZE_MAX + #include + #include + +@@ -294,3 +296,26 @@ duff_reallocator(void *ptr, size_t size) { + g_reallocation_count--; + return realloc(ptr, size); + } ++ ++// Portable remake of strndup(3) for C99; does not care about space efficiency ++char * ++portable_strndup(const char *s, size_t n) { ++ if ((s == NULL) || (n == SIZE_MAX)) { ++ errno = EINVAL; ++ return NULL; ++ } ++ ++ char *const buffer = (char *)malloc(n + 1); ++ if (buffer == NULL) { ++ errno = ENOMEM; ++ return NULL; ++ } ++ ++ errno = 0; ++ ++ memcpy(buffer, s, n); ++ ++ buffer[n] = '\0'; ++ ++ return buffer; ++} +diff --git a/tests/common.h b/tests/common.h +index bc4c7da..8871130 100644 +--- a/tests/common.h ++++ b/tests/common.h +@@ -146,6 +146,8 @@ extern void *duff_allocator(size_t size); + + extern void *duff_reallocator(void *ptr, size_t size); + ++extern char *portable_strndup(const char *s, size_t n); ++ + #endif /* XML_COMMON_H */ + + #ifdef __cplusplus +diff --git a/tests/misc_tests.c b/tests/misc_tests.c +index f9a78f6..2b9f793 100644 +--- a/tests/misc_tests.c ++++ b/tests/misc_tests.c +@@ -561,6 +561,66 @@ START_TEST(test_renter_loop_finite_content) { + } + END_TEST + ++// Inspired by function XML_OriginalString of Perl's XML::Parser ++static char * ++dup_original_string(XML_Parser parser) { ++ const int byte_count = XML_GetCurrentByteCount(parser); ++ ++ assert_true(byte_count >= 0); ++ ++ int offset = -1; ++ int size = -1; ++ ++ const char *const context = XML_GetInputContext(parser, &offset, &size); ++ ++#if XML_CONTEXT_BYTES > 0 ++ assert_true(context != NULL); ++ assert_true(offset >= 0); ++ assert_true(size >= 0); ++ return portable_strndup(context + offset, byte_count); ++#else ++ assert_true(context == NULL); ++ return NULL; ++#endif ++} ++ ++static void ++on_characters_issue_980(void *userData, const XML_Char *s, int len) { ++ (void)s; ++ (void)len; ++ XML_Parser parser = (XML_Parser)userData; ++ ++ char *const original_string = dup_original_string(parser); ++ ++#if XML_CONTEXT_BYTES > 0 ++ assert_true(original_string != NULL); ++ assert_true(strcmp(original_string, "&draft.day;") == 0); ++ free(original_string); ++#else ++ assert_true(original_string == NULL); ++#endif ++} ++ ++START_TEST(test_misc_expected_event_ptr_issue_980) { ++ // NOTE: This is a tiny subset of sample "REC-xml-19980210.xml" ++ // from Perl's XML::Parser ++ const char *const doc = "\n" ++ "]>\n" ++ "&draft.day;\n"; ++ ++ XML_Parser parser = XML_ParserCreate(NULL); ++ XML_SetUserData(parser, parser); ++ XML_SetCharacterDataHandler(parser, on_characters_issue_980); ++ ++ assert_true(_XML_Parse_SINGLE_BYTES(parser, doc, (int)strlen(doc), ++ /*isFinal=*/XML_TRUE) ++ == XML_STATUS_OK); ++ ++ XML_ParserFree(parser); ++} ++END_TEST ++ + void + make_miscellaneous_test_case(Suite *s) { + TCase *tc_misc = tcase_create("miscellaneous tests"); +@@ -588,4 +648,5 @@ make_miscellaneous_test_case(Suite *s) { + tcase_add_test(tc_misc, test_misc_resumeparser_not_crashing); + tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser); + tcase_add_test__if_xml_ge(tc_misc, test_renter_loop_finite_content); ++ tcase_add_test(tc_misc, test_misc_expected_event_ptr_issue_980); + } +-- +2.45.4 + diff --git a/SPECS/expat/expat.spec b/SPECS/expat/expat.spec index 271161533bd..504f3d0fdc3 100644 --- a/SPECS/expat/expat.spec +++ b/SPECS/expat/expat.spec @@ -2,7 +2,7 @@ Summary: An XML parser library Name: expat Version: 2.6.4 -Release: 4%{?dist} +Release: 5%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -13,6 +13,7 @@ Patch0: CVE-2024-8176.patch Patch1: CVE-2025-59375.patch Patch2: CVE-2026-24515.patch Patch3: CVE-2026-25210.patch +Patch4: Stop-updating-event-pointer-on-exit-for-reentry.patch Requires: %{name}-libs = %{version}-%{release} %description @@ -70,6 +71,10 @@ rm -rf %{buildroot}/%{_docdir}/%{name} %{_libdir}/libexpat.so.1* %changelog +* Tue Mar 31 2026 Aditya Singh - 2.6.4-5 +- Patch to restore event pointer behavior from Expat 2.6.4 +- which was changed due to fix for CVE-2024-8176. + * Mon Feb 02 2026 Azure Linux Security Servicing Account - 2.6.4-4 - Patch for CVE-2026-25210 diff --git a/SPECS/perl-XML-Parser/perl-XML-Parser.spec b/SPECS/perl-XML-Parser/perl-XML-Parser.spec index 09e6b680649..71e1a5e67e8 100644 --- a/SPECS/perl-XML-Parser/perl-XML-Parser.spec +++ b/SPECS/perl-XML-Parser/perl-XML-Parser.spec @@ -10,7 +10,6 @@ URL: https://metacpan.org/pod/XML::Parser Source0: https://cpan.metacpan.org/authors/id/T/TO/TODDR/XML-Parser-%{version}.tar.gz Patch0: CVE-2006-10002.patch Patch1: CVE-2006-10003.patch -Patch2: skip-subtest-in-partial-t.patch BuildRequires: expat-devel BuildRequires: perl >= 5.28.0 BuildRequires: perl-generators @@ -60,7 +59,6 @@ make %{?_smp_mflags} test %changelog * Thu Mar 19 2026 Azure Linux Security Servicing Account - 2.47-2 - Patch for CVE-2006-10003, CVE-2006-10002 -- Patch for skipping 3rd subtest in t/partial.t * Thu Feb 01 2024 Nicolas Guibourge - 2.47-1 - Upgrade to 2.47 From 4a961ec1461ec45a3aae1caede6aefd4ff384fe8 Mon Sep 17 00:00:00 2001 From: Aditya Singh Date: Tue, 31 Mar 2026 06:33:09 +0000 Subject: [PATCH 8/9] Removed unnecessary patch file skip-subtest-in-partial-t.patch --- .../skip-subtest-in-partial-t.patch | 29 ------------------- 1 file changed, 29 deletions(-) delete mode 100644 SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch diff --git a/SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch b/SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch deleted file mode 100644 index 128eddec9c1..00000000000 --- a/SPECS/perl-XML-Parser/skip-subtest-in-partial-t.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 55da1fab898d929f8fe0394e3b1c3bca961353fe Mon Sep 17 00:00:00 2001 -From: Aditya Singh -Date: Wed, 25 Mar 2026 03:16:37 +0000 -Subject: [PATCH] skip subtest in partial.t - -Condition to check if the 3rd subtest is failed has been removed as it is -getting failed due to known issue with expat library 2.7.0. - -Issue Reference: -1. https://github.com/libexpat/libexpat/issues/980 -2. https://github.com/cpan-authors/XML-Parser/issues/104 ---- - t/partial.t | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/t/partial.t b/t/partial.t -index fae8430..98fda21 100644 ---- a/t/partial.t -+++ b/t/partial.t -@@ -38,6 +38,5 @@ $xpnb->parse_done; - print "not " unless $cnt == 37; - print "ok 2\n"; - --print "not " unless $str eq '&draft.day;'; - print "ok 3\n"; - --- -2.45.4 - From 6f3815cbe8acb3f237c3f864a32848d713d77117 Mon Sep 17 00:00:00 2001 From: Aditya Singh Date: Tue, 31 Mar 2026 06:39:59 +0000 Subject: [PATCH 9/9] Updated manifest files for expat --- .../resources/manifests/package/pkggen_core_aarch64.txt | 6 +++--- .../resources/manifests/package/pkggen_core_x86_64.txt | 6 +++--- toolkit/resources/manifests/package/toolchain_aarch64.txt | 8 ++++---- toolkit/resources/manifests/package/toolchain_x86_64.txt | 8 ++++---- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index b037d369bb8..73f47ed7a02 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -99,9 +99,9 @@ elfutils-libelf-0.189-6.azl3.aarch64.rpm elfutils-libelf-devel-0.189-6.azl3.aarch64.rpm elfutils-libelf-devel-static-0.189-6.azl3.aarch64.rpm elfutils-libelf-lang-0.189-6.azl3.aarch64.rpm -expat-2.6.4-4.azl3.aarch64.rpm -expat-devel-2.6.4-4.azl3.aarch64.rpm -expat-libs-2.6.4-4.azl3.aarch64.rpm +expat-2.6.4-5.azl3.aarch64.rpm +expat-devel-2.6.4-5.azl3.aarch64.rpm +expat-libs-2.6.4-5.azl3.aarch64.rpm libpipeline-1.5.7-1.azl3.aarch64.rpm libpipeline-devel-1.5.7-1.azl3.aarch64.rpm gdbm-1.23-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 645aa57f515..b89254d8b60 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -99,9 +99,9 @@ elfutils-libelf-0.189-6.azl3.x86_64.rpm elfutils-libelf-devel-0.189-6.azl3.x86_64.rpm elfutils-libelf-devel-static-0.189-6.azl3.x86_64.rpm elfutils-libelf-lang-0.189-6.azl3.x86_64.rpm -expat-2.6.4-4.azl3.x86_64.rpm -expat-devel-2.6.4-4.azl3.x86_64.rpm -expat-libs-2.6.4-4.azl3.x86_64.rpm +expat-2.6.4-5.azl3.x86_64.rpm +expat-devel-2.6.4-5.azl3.x86_64.rpm +expat-libs-2.6.4-5.azl3.x86_64.rpm libpipeline-1.5.7-1.azl3.x86_64.rpm libpipeline-devel-1.5.7-1.azl3.x86_64.rpm gdbm-1.23-1.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 3d05ab4537d..6998f70037f 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -94,10 +94,10 @@ elfutils-libelf-0.189-6.azl3.aarch64.rpm elfutils-libelf-devel-0.189-6.azl3.aarch64.rpm elfutils-libelf-devel-static-0.189-6.azl3.aarch64.rpm elfutils-libelf-lang-0.189-6.azl3.aarch64.rpm -expat-2.6.4-4.azl3.aarch64.rpm -expat-debuginfo-2.6.4-4.azl3.aarch64.rpm -expat-devel-2.6.4-4.azl3.aarch64.rpm -expat-libs-2.6.4-4.azl3.aarch64.rpm +expat-2.6.4-5.azl3.aarch64.rpm +expat-debuginfo-2.6.4-5.azl3.aarch64.rpm +expat-devel-2.6.4-5.azl3.aarch64.rpm +expat-libs-2.6.4-5.azl3.aarch64.rpm file-5.45-1.azl3.aarch64.rpm file-debuginfo-5.45-1.azl3.aarch64.rpm file-devel-5.45-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 56cd9ce76b7..99592b52dbc 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -99,10 +99,10 @@ elfutils-libelf-0.189-6.azl3.x86_64.rpm elfutils-libelf-devel-0.189-6.azl3.x86_64.rpm elfutils-libelf-devel-static-0.189-6.azl3.x86_64.rpm elfutils-libelf-lang-0.189-6.azl3.x86_64.rpm -expat-2.6.4-4.azl3.x86_64.rpm -expat-debuginfo-2.6.4-4.azl3.x86_64.rpm -expat-devel-2.6.4-4.azl3.x86_64.rpm -expat-libs-2.6.4-4.azl3.x86_64.rpm +expat-2.6.4-5.azl3.x86_64.rpm +expat-debuginfo-2.6.4-5.azl3.x86_64.rpm +expat-devel-2.6.4-5.azl3.x86_64.rpm +expat-libs-2.6.4-5.azl3.x86_64.rpm file-5.45-1.azl3.x86_64.rpm file-debuginfo-5.45-1.azl3.x86_64.rpm file-devel-5.45-1.azl3.x86_64.rpm