Rebase to version 2.4.7

Resolves: rhbz#2067201 Resolves: CVE-2022-25313 Resolves: CVE-2022-25314 Resolves: CVE-2022-25236
2022-04-26 10:34:22 +02:00 · 2022-04-26 10:34:22 +02:00 · 0947457fd1
commit 0947457fd1
parent f23fd2fa9c
3 changed files with 13 additions and 20 deletions
--- a/.gitignore
+++ b/.gitignore
@ -18,3 +18,4 @@ expat-2.0.1.tar.gz
 /expat-2.2.7.tar.gz
 /expat-2.2.8.tar.gz
 /expat-2.2.10.tar.gz
+/expat-2.4.7.tar.gz
--- a/expat.spec
+++ b/expat.spec
@ -1,22 +1,14 @@
-%global unversion 2_2_10
+%global unversion 2_4_7

 Summary: An XML parser library
 Name: expat
 Version: %(echo %{unversion} | sed 's/_/./g')
-Release: 11%{?dist}
+Release: 1%{?dist}
 Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
 URL: https://libexpat.github.io/
 License: MIT
 BuildRequires: autoconf, libtool, xmlto, gcc-c++
 BuildRequires: make
-Patch0:	expat-2.2.10-prevent-integer-overflow-in-doProlog.patch
-Patch1:	expat-2.2.10-Prevent-more-integer-overflows.patch
-Patch2:	expat-2.2.10-Prevent-integer-overflow-on-m_groupSize-in-function.patch
-Patch3:	expat-2.2.10-Detect-and-prevent-troublesome-left-shifts.patch
-Patch4:	expat-2.2.10-Detect-and-prevent-integer-overflow-in-XML_GetBuffer.patch
-Patch5: expat-2.2.10-Protect-against-malicious-namespace-declarations.patch
-Patch6: expat-2.2.10-Add-missing-validation-of-encoding.patch
-Patch7: expat-2.2.10-Prevent-integer-overflow-in-storeRawNames.patch

 %description
 This is expat, the C library for parsing XML, written by James Clark. Expat
@ -44,14 +36,6 @@ Install it if you need to link statically with expat.

 %prep
 %setup -q -n libexpat-R_%{unversion}/expat
-%patch0 -p1 -b .CVE-2022-23990
-%patch1 -p1 -b .CVE-2022-22822-CVE-2022-22827
-%patch2 -p1 -b .CVE-2021-46143
-%patch3 -p1 -b .CVE-2021-45960
-%patch4 -p1 -b .CVE-2022-23852
-%patch5 -p1 -b .CVE-2022-25236
-%patch6 -p1 -b .CVE-2022-25235
-%patch7 -p1 -b .CVE-2022-25315

 sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
 ./buildconf.sh
@ -80,15 +64,23 @@ make check
 %{_mandir}/*/*

 %files devel
-%doc doc/reference.html doc/*.png doc/*.css examples/*.c
+%doc doc/reference.html doc/*.css examples/*.c
 %{_libdir}/lib*.so
 %{_libdir}/pkgconfig/*.pc
 %{_includedir}/*.h
+%{_libdir}/cmake/expat-%{version}

 %files static
 %{_libdir}/lib*.a

 %changelog
+* Tue Apr 26 2022 Tomas Korbar <tkorbar@redhat.com> -  2.4.7-1
+- Rebase to version 2.4.7
+- Resolves: rhbz#2067201
+- Resolves: CVE-2022-25313
+- Resolves: CVE-2022-25314
+- Resolves: CVE-2022-25236
+
 * Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> -  2.2.10-11
 - Improve fix for CVE-2022-25236
 - Related: CVE-2022-25236
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (expat-2.2.10.tar.gz) = 5f2d00ead20139aae89910cc08246cf15f7562af2a4fe1b37ebe4c1500a71d9f0a655ebc43f10164ac846be3186ff43f2b94287b18d2a3af882cbd0a1de41a36
+SHA512 (expat-2.4.7.tar.gz) = 91bc9792c4ba1d0ad835f633d8cfa62130692f48308eea8932ec5e13a01542120561b0f255b4adc58b1adae6f83632cbabf428b5b5c0d2ac6de542478a951232