Update 3 packages

expat (2.6.1-1 -> 2.6.2-1)
libexpat (2.6.1-1 -> 2.6.2-1)
libxml2 (2.12.5-1 -> 2.12.6-1)

Signed-off-by: Git for Windows Build Agent <[email protected]>

usr/share/doc/expat/changelog

@@ -1,6 +1,59 @@
-NOTE: We are looking for help with a few things:
-      https://github.com/libexpat/libexpat/labels/help%20wanted
-      If you can help, please get in touch.  Thanks!
+                           __  __            _
+                        ___\ \/ /_ __   __ _| |_
+                       / _ \\  /| '_ \ / _` | __|
+                      |  __//  \| |_) | (_| | |_
+                       \___/_/\_\ .__/ \__,_|\__|
+                                |_| XML parser
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! <blink>Expat is UNDERSTAFFED and WITHOUT FUNDING.</blink>                 !!
+!!                 ~~~~~~~~~~~~                                              !!
+!! The following topics need *additional skilled C developers* to progress   !!
+!! in a timely manner or at all (loosely ordered by descending priority):    !!
+!!                                                                           !!
+!! - <blink>fixing a complex non-public security issue</blink>,              !!
+!! - teaming up on researching and fixing future security reports and        !!
+!!   ClusterFuzz findings with few-days-max response times in communication  !!
+!!   in order to (1) have a sound fix ready before the end of a 90 days      !!
+!!   grace period and (2) in a sustainable manner,                           !!
+!! - implementing and auto-testing XML 1.0r5 support                         !!
+!!   (needs discussion before pull requests),                                !!
+!! - smart ideas on fixing the Autotools CMake files generation issue        !!
+!!   without breaking CI (needs discussion before pull requests),            !!
+!! - the Windows binaries topic (needs requirements engineering first),      !!
+!! - pushing migration from `int` to `size_t` further                        !!
+!!   including edge-cases test coverage (needs discussion before anything).  !!
+!!                                                                           !!
+!! For details, please reach out via e-mail to [email protected] so we   !!
+!! can schedule a voice call on the topic, in English or German.             !!
+!!                                                                           !!
+!! THANK YOU!                        Sebastian Pipping -- Berlin, 2024-03-09 !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+Release 2.6.2 Wed March 13 2024
+        Security fixes:
+       #839 #842  CVE-2024-28757 -- Prevent billion laughs attacks with
+                    isolated use of external parsers.  Please see the commit
+                    message of commit 1d50b80cf31de87750103656f6eb693746854aa8
+                    for details.
+
+        Bug fixes:
+       #839 #841  Reject direct parameter entity recursion
+                    and avoid the related undefined behavior
+
+        Other changes:
+            #847  Autotools: Fix build for DOCBOOK_TO_MAN containing spaces
+            #837  Add missing #821 and #824 to 2.6.1 change log
+       #838 #843  Version info bumped from 10:1:9 (libexpat*.so.1.9.1)
+                    to 10:2:9 (libexpat*.so.1.9.2); see https://verbump.de/
+                    for what these numbers do
+
+        Special thanks to:
+            Philippe Antoine
+            Tomas Korbar
+                 and
+            Clang UndefinedBehaviorSanitizer
+            OSS-Fuzz / ClusterFuzz
 
 Release 2.6.1 Thu February 29 2024
         Bug fixes:
@@ -11,6 +64,8 @@ Release 2.6.1 Thu February 29 2024
         Other changes:
             #829  Hide test-only code behind new internal macro
             #833  Autotools: Reject expat_config.h.in defining SIZEOF_VOID_P
+       #821 #824  Autotools: Fix "make clean" for case:
+                    ./configure --without-docbook && make clean all
             #819  Address compiler warnings
        #832 #834  Version info bumped from 10:0:9 (libexpat*.so.1.9.0)
                     to 10:1:9 (libexpat*.so.1.9.1); see https://verbump.de/

var/lib/pacman/local/expat-2.6.1-1/desc → var/lib/pacman/local/expat-2.6.2-1/desc

@@ -2,7 +2,7 @@
 expat
 
 %VERSION%
-2.6.1-1
+2.6.2-1
 
 %BASE%
 expat
@@ -17,16 +17,16 @@ https://libexpat.github.io/
 x86_64
 
 %BUILDDATE%
-1709386265
+1710363492
 
 %INSTALLDATE%
-1709523436
+1710644377
 
 %PACKAGER%
-CI (msys2/msys2-autobuild/d4515ba2/8123123118)
+CI (msys2/msys2-autobuild/dad66715/8271423783)
 
 %SIZE%
-109559
+112729
 
 %REASON%
 1

var/lib/pacman/local/libexpat-2.6.1-1/desc → var/lib/pacman/local/libexpat-2.6.2-1/desc

@@ -2,7 +2,7 @@
 libexpat
 
 %VERSION%
-2.6.1-1
+2.6.2-1
 
 %BASE%
 expat
@@ -17,16 +17,16 @@ https://libexpat.github.io/
 x86_64
 
 %BUILDDATE%
-1709386265
+1710363492
 
 %INSTALLDATE%
-1709523436
+1710644377
 
 %PACKAGER%
-CI (msys2/msys2-autobuild/d4515ba2/8123123118)
+CI (msys2/msys2-autobuild/dad66715/8271423783)
 
 %SIZE%
-153689
+154201
 
 %REASON%
 1

var/lib/pacman/local/libxml2-2.12.5-1/desc → var/lib/pacman/local/libxml2-2.12.6-1/desc

@@ -2,7 +2,7 @@
 libxml2
 
 %VERSION%
-2.12.5-1
+2.12.6-1
 
 %BASE%
 libxml2
@@ -17,16 +17,16 @@ https://gitlab.gnome.org/GNOME/libxml2/-/wikis/
 x86_64
 
 %BUILDDATE%
-1707074206
+1710517776
 
 %INSTALLDATE%
-1707188380
+1710644377
 
 %PACKAGER%
-CI (msys2/msys2-autobuild/d4515ba2/7776210986)
+CI (msys2/msys2-autobuild/dad66715/8298817800)
 
 %SIZE%
-1291747
+1291801
 
 %REASON%
 1

var/lib/pacman/local/mingw-w64-x86_64-git-extra-1.1.636.2db97b993-1/desc

@@ -20,7 +20,7 @@ any
 1682971619
 
 %INSTALLDATE%
-1710557986
+1710644385
 
 %PACKAGER%
 Johannes Schindelin <[email protected]>