Fix wrongly exposed variables

Resolves: RHEL-29321
2024-03-26 10:58:32 +01:00 · 2024-03-26 10:58:32 +01:00 · c237651839
commit c237651839
parent 583bb04447
2 changed files with 57 additions and 6 deletions
--- a/expat-2.2.5-CVE-2023-52425.patch
+++ b/expat-2.2.5-CVE-2023-52425.patch
@ -1,6 +1,6 @@
-commit d9904191c90476ed039ce9d33aee9ef56c807f8e
+commit 5948204b65267ef0c16c2181e4bd92c0ef50075b
 Author: Tomas Korbar <tkorbar@redhat.com>
-Date:   Mon Mar 25 14:25:24 2024 +0100
+Date:   Tue Mar 26 10:34:14 2024 +0100
    Fix CVE-2023-52425
@ -87,6 +87,38 @@ index 9c9cf88..cd5b24f 100644
 Debug
 Debug-w
 Release
 diff --git a/expat/lib/Makefile.am b/expat/lib/Makefile.am
 index 5f2b71e..cef6558 100644
 --- a/expat/lib/Makefile.am
 +++ b/expat/lib/Makefile.am
@@ -34,18 +34,25 @@ include_HEADERS = \
     expat_external.h
 lib_LTLIBRARIES = libexpat.la
 +noinst_LTLIBRARIES = libexpatinternal.la
 libexpat_la_LDFLAGS = \
     -no-undefined \
     -version-info @LIBCURRENT@:@LIBREVISION@:@LIBAGE@ \
     -rpath $(libdir)
 -libexpat_la_SOURCES = \
 -    loadlibrary.c \
 +libexpat_la_SOURCES =
 +
 +# This layer of indirection allows
 +# the test suite to access internal symbols
 +# despite compiling with -fvisibility=hidden
 +libexpatinternal_la_SOURCES = \
     xmlparse.c \
     xmltok.c \
     xmlrole.c
 +libexpat_la_LIBADD = libexpatinternal.la
 +
 doc_DATA = \
     ../AUTHORS \
     ../Changes
 diff --git a/expat/lib/expat.h b/expat/lib/expat.h
 index 1f608c0..afe12c5 100644
 --- a/expat/lib/expat.h
@ -103,7 +135,7 @@ index 1f608c0..afe12c5 100644
    See http://semver.org.
 */
 diff --git a/expat/lib/internal.h b/expat/lib/internal.h
-index e33fdcb..78b5bc1 100644
+index e33fdcb..8e3d566 100644
 --- a/expat/lib/internal.h
 +++ b/expat/lib/internal.h
@@ -109,6 +109,7 @@
@ -118,8 +150,8 @@ index e33fdcb..78b5bc1 100644
 _INTERNAL_trim_to_complete_utf8_characters(const char * from, const char ** fromLimRef);
-+extern XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c
+extern __attribute__ ((visibility ("hidden"))) XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c
-+extern unsigned int g_parseAttempts;             // used for testing only
+extern __attribute__ ((visibility ("hidden"))) unsigned int g_parseAttempts;             // used for testing only
 +
 #ifdef __cplusplus
 }
@ -514,6 +546,21 @@ index 3f765f7..488f63f 100644
     }
     /* If we get this token, we have the start of what might be a
        normal tag, but not a declaration (i.e. it doesn't begin with
 diff --git a/expat/tests/Makefile.am b/expat/tests/Makefile.am
 index 742ed43..4fe0e23 100644
 --- a/expat/tests/Makefile.am
 +++ b/expat/tests/Makefile.am
@@ -52,8 +52,8 @@ runtests_SOURCES = \
 runtestspp_SOURCES = \
     runtestspp.cpp
 -runtests_LDADD = libruntests.a ../lib/libexpat.la
 -runtestspp_LDADD = libruntests.a ../lib/libexpat.la
 +runtests_LDADD = libruntests.a ../lib/libexpatinternal.la
 +runtestspp_LDADD = libruntests.a ../lib/libexpatinternal.la
 EXTRA_DIST = \
     chardata.h \
 diff --git a/expat/tests/minicheck.c b/expat/tests/minicheck.c
 index be1e37e..6c694a0 100644
 --- a/expat/tests/minicheck.c
--- a/expat.spec
+++ b/expat.spec
@ -3,7 +3,7 @@
 Summary: An XML parser library
 Name: expat
 Version: %(echo %{unversion} | sed 's/_/./g')
-Release: 12%{?dist}
+Release: 13%{?dist}
 Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
 URL: https://libexpat.github.io/
 License: MIT
@ -114,6 +114,10 @@ make check
 %{_libdir}/lib*.a
 %changelog
 * Tue Mar 26 2024 Tomas Korbar <tkorbar@redhat.com - 2.2.5-13
 - Fix wrongly exposed variables
 - Resolves: RHEL-29321
 * Thu Mar 21 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-12
 - CVE-2023-52425 expat: parsing large tokens can trigger a denial of service
 - Resolves: RHEL-29321