Compare commits
No commits in common. "c8" and "c8s" have entirely different histories.
File diff suppressed because it is too large
Load Diff
|
@ -3,7 +3,7 @@
|
||||||
Summary: An XML parser library
|
Summary: An XML parser library
|
||||||
Name: expat
|
Name: expat
|
||||||
Version: %(echo %{unversion} | sed 's/_/./g')
|
Version: %(echo %{unversion} | sed 's/_/./g')
|
||||||
Release: 13%{?dist}
|
Release: 11%{?dist}
|
||||||
Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
|
Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
|
||||||
URL: https://libexpat.github.io/
|
URL: https://libexpat.github.io/
|
||||||
License: MIT
|
License: MIT
|
||||||
|
@ -22,7 +22,6 @@ Patch10: expat-2.2.5-Prevent-integer-overflow-in-copyString.patch
|
||||||
Patch11: expat-2.2.5-Prevent-stack-exhaustion-in-build_model.patch
|
Patch11: expat-2.2.5-Prevent-stack-exhaustion-in-build_model.patch
|
||||||
Patch12: expat-2.2.5-Ensure-raw-tagnames-are-safe-exiting-internalEntityParser.patch
|
Patch12: expat-2.2.5-Ensure-raw-tagnames-are-safe-exiting-internalEntityParser.patch
|
||||||
Patch13: expat-2.2.5-CVE-2022-43680.patch
|
Patch13: expat-2.2.5-CVE-2022-43680.patch
|
||||||
Patch14: expat-2.2.5-CVE-2023-52425.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This is expat, the C library for parsing XML, written by James Clark. Expat
|
This is expat, the C library for parsing XML, written by James Clark. Expat
|
||||||
|
@ -64,9 +63,6 @@ Install it if you need to link statically with expat.
|
||||||
%patch11 -p1 -b .CVE-2022-25313
|
%patch11 -p1 -b .CVE-2022-25313
|
||||||
%patch12 -p1 -b .CVE-2022-40674
|
%patch12 -p1 -b .CVE-2022-40674
|
||||||
%patch13 -p1 -b .CVE-2022-43680
|
%patch13 -p1 -b .CVE-2022-43680
|
||||||
pushd ..
|
|
||||||
%patch14 -p1 -b .CVE-2023-52425
|
|
||||||
popd
|
|
||||||
|
|
||||||
sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
|
sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
|
||||||
./buildconf.sh
|
./buildconf.sh
|
||||||
|
@ -83,15 +79,6 @@ make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||||
|
|
||||||
%check
|
%check
|
||||||
bash -c "for i in {1..500000}; do printf AAAAAAAAAAAAAAAAAAAA >> achars.txt; done"
|
|
||||||
for testfile in ../testdata/largefiles/aaaaaa_*; do
|
|
||||||
first_part="$(sed 's/\(.*\)ACHARS.*/\1/g' $testfile)"
|
|
||||||
second_part="$(sed 's/.*ACHARS\(.*\)/\1/g' $testfile)"
|
|
||||||
printf "$first_part" > "$testfile"
|
|
||||||
cat achars.txt >> "$testfile"
|
|
||||||
printf "$second_part" >> "$testfile"
|
|
||||||
done
|
|
||||||
|
|
||||||
make check
|
make check
|
||||||
|
|
||||||
%ldconfig_scriptlets
|
%ldconfig_scriptlets
|
||||||
|
@ -114,14 +101,6 @@ make check
|
||||||
%{_libdir}/lib*.a
|
%{_libdir}/lib*.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Mar 26 2024 Tomas Korbar <tkorbar@redhat.com - 2.2.5-13
|
|
||||||
- Fix wrongly exposed variables
|
|
||||||
- Resolves: RHEL-29321
|
|
||||||
|
|
||||||
* Thu Mar 21 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-12
|
|
||||||
- CVE-2023-52425 expat: parsing large tokens can trigger a denial of service
|
|
||||||
- Resolves: RHEL-29321
|
|
||||||
|
|
||||||
* Mon Nov 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-11
|
* Mon Nov 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-11
|
||||||
- CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
|
- CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
|
||||||
- Resolves: CVE-2022-43680
|
- Resolves: CVE-2022-43680
|
||||||
|
|
Loading…
Reference in New Issue