import expat-2.5.0-1.el9

.expat.metadata

@@ -1 +1 @@
-71bc4b192e54040b41d98e5a49aca5e18e27485b SOURCES/expat-2.4.9.tar.gz
+03d9882ede56aa48919fbf50fe17614630257a82 SOURCES/expat-2.5.0.tar.gz

.gitignore

@@ -1 +1 @@
-SOURCES/expat-2.4.9.tar.gz
+SOURCES/expat-2.5.0.tar.gz

SOURCES/expat-2.4.9-CVE-2022-43680.patch

@@ -1,92 +0,0 @@
-commit b463b1beeba2ad7f9eb456bdbdc136cbbdd1dec8
-Author: Tomas Korbar <tkorbar@redhat.com>
-Date:   Fri Nov 11 10:46:36 2022 +0100
-
-    Fix CVE-2022-43680
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index c0bece5..a73a1bf 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1068,6 +1068,14 @@ parserCreate(const XML_Char *encodingName,
-   parserInit(parser, encodingName);
- 
-   if (encodingName && ! parser->m_protocolEncodingName) {
-+    if (dtd) {
-+      // We need to stop the upcoming call to XML_ParserFree from happily
-+      // destroying parser->m_dtd because the DTD is shared with the parent
-+      // parser and the only guard that keeps XML_ParserFree from destroying
-+      // parser->m_dtd is parser->m_isParamEntity but it will be set to
-+      // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
-+      parser->m_dtd = NULL;
-+    }
-     XML_ParserFree(parser);
-     return NULL;
-   }
-diff --git a/tests/runtests.c b/tests/runtests.c
-index 530f184..cbfe420 100644
---- a/tests/runtests.c
-+++ b/tests/runtests.c
-@@ -10090,6 +10090,53 @@ START_TEST(test_alloc_long_notation) {
- }
- END_TEST
- 
-+static int XMLCALL
-+external_entity_parser_create_alloc_fail_handler(XML_Parser parser,
-+                                                 const XML_Char *context,
-+                                                 const XML_Char *base,
-+                                                 const XML_Char *systemId,
-+                                                 const XML_Char *publicId) {
-+  UNUSED_P(base);
-+  UNUSED_P(systemId);
-+  UNUSED_P(publicId);
-+
-+  if (context != NULL)
-+    fail("Unexpected non-NULL context");
-+
-+  // The following number intends to fail the upcoming allocation in line
-+  // "parser->m_protocolEncodingName = copyString(encodingName,
-+  // &(parser->m_mem));" in function parserInit.
-+  allocation_count = 3;
-+
-+  const XML_Char *const encodingName = XCS("UTF-8"); // needs something non-NULL
-+  const XML_Parser ext_parser
-+      = XML_ExternalEntityParserCreate(parser, context, encodingName);
-+  if (ext_parser != NULL)
-+    fail(
-+        "Call to XML_ExternalEntityParserCreate was expected to fail out-of-memory");
-+
-+  allocation_count = ALLOC_ALWAYS_SUCCEED;
-+  return XML_STATUS_ERROR;
-+}
-+
-+START_TEST(test_alloc_reset_after_external_entity_parser_create_fail) {
-+  const char *const text = "<!DOCTYPE doc SYSTEM 'foo'><doc/>";
-+
-+  XML_SetExternalEntityRefHandler(
-+      g_parser, external_entity_parser_create_alloc_fail_handler);
-+  XML_SetParamEntityParsing(g_parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
-+
-+  if (XML_Parse(g_parser, text, (int)strlen(text), XML_TRUE)
-+      != XML_STATUS_ERROR)
-+    fail("Call to parse was expected to fail");
-+
-+  if (XML_GetErrorCode(g_parser) != XML_ERROR_EXTERNAL_ENTITY_HANDLING)
-+    fail("Call to parse was expected to fail from the external entity handler");
-+
-+  XML_ParserReset(g_parser, NULL);
-+}
-+END_TEST
-+
- static void
- nsalloc_setup(void) {
-   XML_Memory_Handling_Suite memsuite = {duff_allocator, duff_reallocator, free};
-@@ -12279,6 +12326,8 @@ make_suite(void) {
-   tcase_add_test(tc_alloc, test_alloc_long_public_id);
-   tcase_add_test(tc_alloc, test_alloc_long_entity_value);
-   tcase_add_test(tc_alloc, test_alloc_long_notation);
-+  tcase_add_test__ifdef_xml_dtd(
-+      tc_alloc, test_alloc_reset_after_external_entity_parser_create_fail);
- 
-   suite_add_tcase(s, tc_nsalloc);
-   tcase_add_checked_fixture(tc_nsalloc, nsalloc_setup, nsalloc_teardown);

SPECS/expat.spec

@@ -1,17 +1,15 @@
-%global unversion 2_4_9
+%global unversion 2_5_0
 
 Summary: An XML parser library
 Name: expat
 Version: %(echo %{unversion} | sed 's/_/./g')
-Release: 1%{?dist}.1
+Release: 1%{?dist}
 Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
 URL: https://libexpat.github.io/
 License: MIT
 BuildRequires: autoconf, libtool, xmlto, gcc-c++
 BuildRequires: make
 
-Patch0: expat-2.4.9-CVE-2022-43680.patch
-
 %description
 This is expat, the C library for parsing XML, written by James Clark. Expat
 is a stream oriented XML parser. This means that you register handlers with
@@ -42,8 +40,6 @@ Install it if you need to link statically with expat.
 sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
 ./buildconf.sh
 
-%patch0 -p1 -b.CVE-2022-43680
-
 %build
 export CFLAGS="$RPM_OPT_FLAGS -fPIC"
 export DOCBOOK_TO_MAN="xmlto man --skip-validation"
@@ -78,8 +74,8 @@ make check
 %{_libdir}/lib*.a
 
 %changelog
-* Fri Nov 11 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.9-1.1
-- CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
+* Thu Nov 10 2022 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-1
+- Rebase to version 2.5.0
 - Resolves: CVE-2022-43680
 
 * Thu Sep 29 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.9-1