import UBI expat-2.5.0-3.el9_5.3

2025-04-02 14:56:31 +00:00 · 2025-04-02 14:56:31 +00:00 · d0ff995a21
commit d0ff995a21
parent aae52ed837
2 changed files with 1547 additions and 1 deletions
--- a/SOURCES/expat-2.5.0-CVE-2024-8176.patch
+++ b/SOURCES/expat-2.5.0-CVE-2024-8176.patch
--- a/SPECS/expat.spec
+++ b/SPECS/expat.spec
@ -3,7 +3,7 @@
 Summary: An XML parser library
 Name: expat
 Version: %(echo %{unversion} | sed 's/_/./g')
-Release: 3%{?dist}.1
+Release: 3%{?dist}.3
 Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
 URL: https://libexpat.github.io/
 License: MIT
@ -21,6 +21,8 @@ Patch3: expat-2.5.0-CVE-2024-45491.patch
 Patch4: expat-2.5.0-CVE-2024-45492.patch
 # https://issues.redhat.com/browse/RHEL-65064
 Patch5: expat-2.5.0-CVE-2024-50602.patch
+# https://github.com/libexpat/libexpat/pull/973
+Patch6: expat-2.5.0-CVE-2024-8176.patch

 %description
 This is expat, the C library for parsing XML, written by James Clark. Expat
@ -55,6 +57,7 @@ pushd ..
 %patch3 -p1 -b .CVE-2024-45491
 %patch4 -p1 -b .CVE-2024-45492
 %patch5 -p1 -b .CVE-2024-50602
+%patch6 -p1 -b .CVE-2024-8176
 popd

 sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
@ -103,6 +106,14 @@ make check
 %{_libdir}/lib*.a

 %changelog
+* Mon Mar 31 2025 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-3.3
+- Improve fix for CVE-2024-8176
+- Resolves: RHEL-57488
+
+* Mon Mar 24 2025 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-3.2
+- Fix CVE-2024-8176
+- Resolves: RHEL-57488
+
 * Thu Nov 07 2024 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-3.1
 - Fix CVE-2024-50602
 - Resolves: RHEL-65064