import expat-2.2.5-8.el8

This commit is contained in:
CentOS Sources 2022-05-10 03:20:36 -04:00 committed by Stepan Oksanichenko
parent c63431ee37
commit 3a5027d247

View File

@ -3,7 +3,7 @@
Summary: An XML parser library
Name: expat
Version: %(echo %{unversion} | sed 's/_/./g')
Release: 4%{?dist}.3
Release: 8%{?dist}
Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
URL: https://libexpat.github.io/
License: MIT
@ -11,10 +11,10 @@ BuildRequires: autoconf, libtool, xmlto, gcc-c++
Patch0: expat-2.2.5-doc2man.patch
Patch1: expat-2.2.5-CVE-2018-20843.patch
Patch2: expat-2.2.5-CVE-2019-15903.patch
Patch3: expat-2.2.5-Detect-and-prevent-integer-overflow-in-XML_GetBuffer.patch
Patch4: expat-2.2.5-Detect-and-prevent-troublesome-left-shifts.patch
Patch5: expat-2.2.5-Prevent-integer-overflow-on-m_groupSize-in-function.patch
Patch6: expat-2.2.5-Prevent-more-integer-overflows.patch
Patch3: expat-2.2.5-Detect-and-prevent-integer-overflow-in-XML_GetBuffer.patch
Patch4: expat-2.2.5-Detect-and-prevent-troublesome-left-shifts.patch
Patch5: expat-2.2.5-Prevent-integer-overflow-on-m_groupSize-in-function.patch
Patch6: expat-2.2.5-Prevent-more-integer-overflows.patch
Patch7: expat-2.2.5-Protect-against-malicious-namespace-declarations.patch
Patch8: expat-2.2.5-Add-missing-validation-of-encoding.patch
Patch9: expat-2.2.5-Prevent-integer-overflow-in-storeRawNames.patch
@ -93,17 +93,24 @@ make check
%{_libdir}/lib*.a
%changelog
* Tue Mar 15 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-4.3
- Improve fix for CVE-2022-25236
* Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-8
- Improve patch for CVE-2022-25236
- Related: CVE-2022-25236
* Mon Mar 07 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-4.2
* Fri Mar 04 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-7
- Fix patch for CVE-2022-25235
- Resolves: CVE-2022-25235
* Thu Mar 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-6
- Fix multiple CVEs
- CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- CVE-2022-25315 expat: integer overflow in storeRawNames()
- Resolves: CVE-2022-25236
- Resolves: CVE-2022-25235
- Resolves: CVE-2022-25315
* Wed Feb 16 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-4.1
* Fri Feb 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-5
- Fix multiple CVEs
- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat