libs: expat bump from 2.6.0 to 2.7.1

[LeSuisse]

Fixes #8557

CVE-2024-50602, CVE-2024-28757 and CVE-2024-8176.

https://github.com/libexpat/libexpat/blob/R_2_7_1/expat/Changes

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: LeSuisse / name: Thomas Gerbet (87722e9)

[zwass]

Thanks @LeSuisse! Did you do any testing to verify things are still working as expected? We just discussed in office hours and think the relevant tables are systemd_units and startup_items.

[LeSuisse]

I did make a quick functional tests with systemd_units which seemed fine. In any case a new expat release is expected to be cut by the end of the week to include a regression fix. At a glance I do not think it directly affects osquery but waiting until then is probably the safe play.

libexpat/libexpat#980 (comment)

I'm putting the PR in draft until then and I will test again with the new version.

[hartwork]

FYI the bump from 2.6.0 to 2.7.0 also fixes CVE-2024-50602.

[zwass]

I see they merged the linked PR in the expat repo. Please lmk when this is ready for review again!

[hartwork]

@zwass FYI release Expat 2.7.1 is coming up in the next few hours

[hartwork]

Expat 2.7.1 with a fix has been released.

[LeSuisse]

Bumped to 2.7.1, I played a bit with startup_items and systemd_units with no issue. This should be good to go.

[zwass]

@LeSuisse can you please merge/rebase master? That will fix the mdfind CI issue.

[LeSuisse]

Sorry for the noise, it looks like I failed to push the appropriate branch and it closed the PR without giving me the possibility to re-open it. See #8595 for the rebased change.