Rebase to version 2.4.7

Resolves: rhbz#2067201
Resolves: CVE-2022-25313
Resolves: CVE-2022-25314
Resolves: CVE-2022-25236
This commit is contained in:
Tomas Korbar 2022-04-26 10:34:22 +02:00
parent f23fd2fa9c
commit 0947457fd1
3 changed files with 13 additions and 20 deletions

1
.gitignore vendored
View File

@ -18,3 +18,4 @@ expat-2.0.1.tar.gz
/expat-2.2.7.tar.gz /expat-2.2.7.tar.gz
/expat-2.2.8.tar.gz /expat-2.2.8.tar.gz
/expat-2.2.10.tar.gz /expat-2.2.10.tar.gz
/expat-2.4.7.tar.gz

View File

@ -1,22 +1,14 @@
%global unversion 2_2_10 %global unversion 2_4_7
Summary: An XML parser library Summary: An XML parser library
Name: expat Name: expat
Version: %(echo %{unversion} | sed 's/_/./g') Version: %(echo %{unversion} | sed 's/_/./g')
Release: 11%{?dist} Release: 1%{?dist}
Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
URL: https://libexpat.github.io/ URL: https://libexpat.github.io/
License: MIT License: MIT
BuildRequires: autoconf, libtool, xmlto, gcc-c++ BuildRequires: autoconf, libtool, xmlto, gcc-c++
BuildRequires: make BuildRequires: make
Patch0: expat-2.2.10-prevent-integer-overflow-in-doProlog.patch
Patch1: expat-2.2.10-Prevent-more-integer-overflows.patch
Patch2: expat-2.2.10-Prevent-integer-overflow-on-m_groupSize-in-function.patch
Patch3: expat-2.2.10-Detect-and-prevent-troublesome-left-shifts.patch
Patch4: expat-2.2.10-Detect-and-prevent-integer-overflow-in-XML_GetBuffer.patch
Patch5: expat-2.2.10-Protect-against-malicious-namespace-declarations.patch
Patch6: expat-2.2.10-Add-missing-validation-of-encoding.patch
Patch7: expat-2.2.10-Prevent-integer-overflow-in-storeRawNames.patch
%description %description
This is expat, the C library for parsing XML, written by James Clark. Expat This is expat, the C library for parsing XML, written by James Clark. Expat
@ -44,14 +36,6 @@ Install it if you need to link statically with expat.
%prep %prep
%setup -q -n libexpat-R_%{unversion}/expat %setup -q -n libexpat-R_%{unversion}/expat
%patch0 -p1 -b .CVE-2022-23990
%patch1 -p1 -b .CVE-2022-22822-CVE-2022-22827
%patch2 -p1 -b .CVE-2021-46143
%patch3 -p1 -b .CVE-2021-45960
%patch4 -p1 -b .CVE-2022-23852
%patch5 -p1 -b .CVE-2022-25236
%patch6 -p1 -b .CVE-2022-25235
%patch7 -p1 -b .CVE-2022-25315
sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
./buildconf.sh ./buildconf.sh
@ -80,15 +64,23 @@ make check
%{_mandir}/*/* %{_mandir}/*/*
%files devel %files devel
%doc doc/reference.html doc/*.png doc/*.css examples/*.c %doc doc/reference.html doc/*.css examples/*.c
%{_libdir}/lib*.so %{_libdir}/lib*.so
%{_libdir}/pkgconfig/*.pc %{_libdir}/pkgconfig/*.pc
%{_includedir}/*.h %{_includedir}/*.h
%{_libdir}/cmake/expat-%{version}
%files static %files static
%{_libdir}/lib*.a %{_libdir}/lib*.a
%changelog %changelog
* Tue Apr 26 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.7-1
- Rebase to version 2.4.7
- Resolves: rhbz#2067201
- Resolves: CVE-2022-25313
- Resolves: CVE-2022-25314
- Resolves: CVE-2022-25236
* Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-11 * Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-11
- Improve fix for CVE-2022-25236 - Improve fix for CVE-2022-25236
- Related: CVE-2022-25236 - Related: CVE-2022-25236

View File

@ -1 +1 @@
SHA512 (expat-2.2.10.tar.gz) = 5f2d00ead20139aae89910cc08246cf15f7562af2a4fe1b37ebe4c1500a71d9f0a655ebc43f10164ac846be3186ff43f2b94287b18d2a3af882cbd0a1de41a36 SHA512 (expat-2.4.7.tar.gz) = 91bc9792c4ba1d0ad835f633d8cfa62130692f48308eea8932ec5e13a01542120561b0f255b4adc58b1adae6f83632cbabf428b5b5c0d2ac6de542478a951232