.expat.metadata

@@ -1 +0,0 @@
-03d9882ede56aa48919fbf50fe17614630257a82 SOURCES/expat-2.5.0.tar.gz

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1 +1,23 @@
-SOURCES/expat-2.5.0.tar.gz
+expat-1.95.8.tar.gz
+i386
+*.rpm
+clog
+expat-2.0.1.tar.gz
+/results_expat
+/expat-2.?.?
+/expat-2.1.0.tar.gz
+/expat-2.1.1.tar.bz2
+/expat-2.2.0.tar.bz2
+/expat-2.2.1.tar.gz
+/expat-2.2.2.tar.gz
+/libexpat-R_*
+/expat-2.2.3.tar.gz
+/expat-2.2.4.tar.gz
+/expat-2.2.5.tar.gz
+/expat-2.2.6.tar.gz
+/expat-2.2.7.tar.gz
+/expat-2.2.8.tar.gz
+/expat-2.2.10.tar.gz
+/expat-2.4.7.tar.gz
+/expat-2.4.9.tar.gz
+/expat-2.5.0.tar.gz

ci.fmf

@@ -0,0 +1 @@
+resultsdb-testcase: separate

expat.spec

@@ -3,7 +3,7 @@
 Summary: An XML parser library
 Name: expat
 Version: %(echo %{unversion} | sed 's/_/./g')
-Release: 1%{?dist}
+Release: 5%{?dist}
 Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
 URL: https://libexpat.github.io/
 License: MIT
@@ -23,8 +23,6 @@ Patch4: expat-2.5.0-CVE-2024-45492.patch
 Patch5: expat-2.5.0-CVE-2024-50602.patch
 # https://issues.redhat.com/browse/RHEL-57489
 Patch6: expat-2.5.0-CVE-2024-8176.patch
-# https://issues.redhat.com/browse/RHEL-114618
-Patch7: expat-2.5.0-CVE-2025-59375.patch
 
 %description
 This is expat, the C library for parsing XML, written by James Clark. Expat
@@ -60,7 +58,6 @@ pushd ..
 %patch4 -p1 -b .CVE-2024-45492
 %patch5 -p1 -b .CVE-2024-50602
 %patch6 -p1 -b .CVE-2024-8176
-%patch7 -p1 -b .CVE-2025-59375
 popd
 
 sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
@@ -70,21 +67,21 @@ sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
 export CFLAGS="$RPM_OPT_FLAGS -fPIC"
 export DOCBOOK_TO_MAN="xmlto man --skip-validation"
 %configure
-make %{?_smp_mflags}
+%make_build
 
 %install
-make install DESTDIR=$RPM_BUILD_ROOT
+%make_install
 
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 
 %check
 bash -c "for i in {1..500000}; do printf AAAAAAAAAAAAAAAAAAAA >> achars.txt; done"
 for testfile in ../testdata/largefiles/aaaaaa_*; do
-        first_part="$(sed 's/\(.*\)ACHARS.*/\1/g' $testfile)"
-        second_part="$(sed 's/.*ACHARS\(.*\)/\1/g' $testfile)"
-        printf "$first_part" > "$testfile"
-        cat achars.txt >> "$testfile"
-        printf "$second_part" >> "$testfile"
+	first_part="$(sed 's/\(.*\)ACHARS.*/\1/g' $testfile)"
+	second_part="$(sed 's/.*ACHARS\(.*\)/\1/g' $testfile)"
+	printf "$first_part" > "$testfile"
+	cat achars.txt >> "$testfile"
+	printf "$second_part" >> "$testfile"
 done
 
 make check
@@ -92,7 +89,6 @@ make check
 %ldconfig_scriptlets
 
 %files
-%{!?_licensedir:%global license %%doc}
 %doc AUTHORS Changes
 %license COPYING
 %{_bindir}/*
@@ -110,61 +106,46 @@ make check
 %{_libdir}/lib*.a
 
 %changelog
-* Wed Nov 19 2025 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-1
-- Rebase to version 2.5.0
-- Fix CVE-2025-59375
-- Resolves: RHEL-114618
-
-* Mon Apr 07 2025 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-17
+* Mon Mar 31 2025 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-5
 - Fix CVE-2024-8176
-- Resolves: RHEL-57477
+- Resolves: RHEL-57489
 
-* Fri Nov 08 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-16
+* Thu Nov 07 2024 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-4
 - Fix CVE-2024-50602
-- Resolves: RHEL-65062
+- Resolves: RHEL-65066
 
-* Wed Sep 11 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-15
-- Rebuild for test reconfiguration
+* Wed Oct 09 2024 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-3
+- Fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
+- Resolves: RHEL-56761
+- Resolves: RHEL-57520
+- Resolves: RHEL-57511
 
-* Wed Sep 11 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-14
-- Fix multiple CVEs
-- Fix CVE-2024-45492 integer overflow
-- Fix CVE-2024-45491 Integer Overflow or Wraparound
-- Fix CVE-2024-45490 Negative Length Parsing Vulnerability
-- Resolves: RHEL-57505
-- Resolves: RHEL-57493
-- Resolves: RHEL-56751
+* Tue Feb 13 2024 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-2
+- Fix parsing of large tokens
+- Reject direct parameter entity recursion
+- Resolves: RHEL-29699
+- Resolves: RHEL-29696
 
-* Tue Mar 26 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-13
-- Fix wrongly exposed variables
-- Resolves: RHEL-29321
-
-* Thu Mar 21 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-12
-- CVE-2023-52425 expat: parsing large tokens can trigger a denial of service
-- Resolves: RHEL-29321
-
-* Mon Nov 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-11
-- CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
+* Thu Nov 10 2022 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-1
+- Rebase to version 2.5.0
 - Resolves: CVE-2022-43680
 
-* Fri Sep 30 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-10
-- Ensure raw tagnames are safe exiting internalEntityParser
+* Thu Sep 29 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.9-1
+- Rebase to version 2.4.9
 - Resolves: CVE-2022-40674
 
-* Fri May 06 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-9
-- Fix multiple CVEs
-- Resolves: CVE-2022-25314
+* Tue Apr 26 2022 Tomas Korbar <tkorbar@redhat.com> -  2.4.7-1
+- Rebase to version 2.4.7
+- Resolves: rhbz#2067201
 - Resolves: CVE-2022-25313
+- Resolves: CVE-2022-25314
+- Resolves: CVE-2022-25236
 
-* Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-8
-- Improve patch for CVE-2022-25236
+* Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> -  2.2.10-11
+- Improve fix for CVE-2022-25236
 - Related: CVE-2022-25236
 
-* Fri Mar 04 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-7
-- Fix patch for CVE-2022-25235
-- Resolves: CVE-2022-25235
-
-* Thu Mar 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-6
+* Mon Feb 28 2022 Tomas Korbar <tkorbar@redhat.com> -  2.2.10-10
 - Fix multiple CVEs
 - CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
 - CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
@@ -173,20 +154,25 @@ make check
 - Resolves: CVE-2022-25235
 - Resolves: CVE-2022-25315
 
-* Fri Feb 14 2022 Tomas Korbar <tkorbar@redhat.com> -  2.2.5-5
-- Fix multiple CVEs
+* Thu Feb 10 2022 Tomas Korbar <tkorbar@redhat.com> -  2.2.10-9
 - CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
+- Resolves: CVE-2022-23852
+
+* Thu Feb 10 2022 Tomas Korbar <tkorbar@redhat.com> -  2.2.10-8
 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
+- Resolves: CVE-2021-45960
+
+* Wed Feb 09 2022 Tomas Korbar <tkorbar@redhat.com> -  2.2.10-7
 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
+- Resolves: CVE-2021-46143
+
+* Wed Feb 09 2022 Tomas Korbar <tkorbar@redhat.com> -  2.2.10-6
 - CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c
 - CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c
 - CVE-2022-22825 Integer overflow in lookup in xmlparse.c
 - CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c
 - CVE-2022-22823 Integer overflow in build_model in xmlparse.c
 - CVE-2022-22822 Integer overflow in addBinding in xmlparse.c
-- Resolves: CVE-2022-23852
-- Resolves: CVE-2021-45960
-- Resolves: CVE-2021-46143
 - Resolves: CVE-2022-22827
 - Resolves: CVE-2022-22826
 - Resolves: CVE-2022-22825
@@ -194,8 +180,46 @@ make check
 - Resolves: CVE-2022-22823
 - Resolves: CVE-2022-22822
 
-* Fri Apr 24 2020 Joe Orton <jorton@redhat.com> - 2.2.5-4
-- add security fixes for CVE-2018-20843, CVE-2019-15903
+* Mon Feb 07 2022 Tomas Korbar <tkorbar@redhat.com> -  2.2.10-5
+- CVE-2022-23990 expat: integer overflow in the doProlog function
+- Resolve: rhbz#2050503
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.10-4
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.10-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Nov 13 2020 Joe Orton <jorton@redhat.com> - 2.2.10-1
+- update to 2.2.10 (#1884940)
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Sep 16 2019 Joe Orton <jorton@redhat.com> - 2.2.8-1
+- update to 2.2.8 (#1752167)
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jun 27 2019 Joe Orton <jorton@redhat.com> - 2.2.7-1
+- update to 2.2.7 (#1723724, #1722224)
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Aug 15 2018 Joe Orton <jorton@redhat.com> - 2.2.6-1
+- update to 2.2.6
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.5-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

gating.yaml

@@ -0,0 +1,25 @@
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_testing
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
+ 
+#Rawhide
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_stable
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
+ 
+#gating rhel
+--- !Policy
+product_versions:
+  - rhel-*
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}

plans.fmf

@@ -0,0 +1,36 @@
+/tier1-internal:
+  plan:
+    import:
+      url: https://src.fedoraproject.org/tests/expat.git
+      name: /plans/tier1/internal
+
+/tier1-public:
+  plan:
+    import:
+      url: https://src.fedoraproject.org/tests/expat.git
+      name: /plans/tier1/public
+
+/tier2-tier3-internal:
+  plan:
+    import:
+      url: https://src.fedoraproject.org/tests/expat.git
+      name: /plans/tier2-tier3/internal
+
+/tier2-tier3-public:
+  plan:
+    import:
+      url: https://src.fedoraproject.org/tests/expat.git
+      name: /plans/tier2-tier3/public
+
+/others-internal:
+  plan:
+    import:
+      url: https://src.fedoraproject.org/tests/expat.git
+      name: /plans/others/internal
+
+/others-public:
+  plan:
+    import:
+      url: https://src.fedoraproject.org/tests/expat.git
+      name: /plans/others/public
+

sources

@@ -0,0 +1 @@
+SHA512 (expat-2.5.0.tar.gz) = 779f0d0f3f2d8b33db0fd044864ab5ab1a40f20501f792fe90ad0d18de536c4765c3749f120e21fec11a0e6c89af1dc576d1fe261c871ca44a594f7b61fd1d9e