import UBI expat-2.7.1-1.el10_1.3

.expat.metadata

@@ -1 +0,0 @@
-03d9882ede56aa48919fbf50fe17614630257a82 SOURCES/expat-2.5.0.tar.gz

.gitignore

@@ -1 +1 @@
-SOURCES/expat-2.5.0.tar.gz
+expat-2.7.1.tar.gz

3176EF7DB2367F1FCA4F306B1F9B0E909AF37285

@@ -0,0 +1,233 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: 3176 EF7D B236 7F1F CA4F  306B 1F9B 0E90 9AF3 7285
+Comment: Sebastian Pipping <sping@gentoo.org>
+
+xsFNBFzUcE0BEACzkr4qR9zoM63YCJU/oQTJEtt7SR9Hcvntk351O5QQbNJS55Za
+h+XfiAl1j45yrxP+ve3xU64Cl/GctZMLgkx8Qd3JECZCUkm72cvlBF1bJ0hkvcJR
+tTyuc9XXBBQBNoRS1Tn4Gc/QE8L7669mS0FPPKpy4m7yY9SLtkauUTVkeKVz65Wo
+9jEB4cc4hJGzqeBndSmPbznOPkATSadeLX7xNFG4nM20wCGZ1+UmY4j1NTBJnbxt
+xcPQ4/OiAKvAsfAzvZrlAMhJtFAfnooP7VkIsbZyQqPeUznhGOK1nVpjl7DZ5c4g
+eJa3OLfeDM5c1mSx3VsU8SkKbBqNeog5dV9yHAKFBa10M+VAylwlRg5i6TE/5JP4
+LneWoh/dZP6216MMelDcZeXn6JCgLWmjbCmuwDgA5S7y2cewRU3hopGvCpTkgEg8
+XuXZgP8O1ZAOOqBWOt/mk71Bm6LdIe501f60aVcnODJDSb6tDwYTxkn5vGPvu8bi
+u2K+zdFqZskPTZo44qZDjLd7HpN5SigFMCCSk9LTWcwpa4eSFcezmfku+dB5T79Y
+0W0qCKJKBtNLOj5atVk9j+BA0BNTmE8e95bTdPW3UbmXPhQQt8J+6UXsUC0brn3/
+9pXTXHvPiQsYMKcMzOnbdXKvlMxF+dN3BT+uhEF5tyYgqSDaF07EnIJzdwARAQAB
+zSRTZWJhc3RpYW4gUGlwcGluZyA8c3BpbmdAZ2VudG9vLm9yZz7CwZQEEwEIAD4C
+GwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQxdu99sjZ/H8pPMGsfmw6QmvNy
+hQUCZZgh3wUJDIYYkgAKCRAfmw6QmvNyhfRcEACU3hFFTVRyZTB+/Phui6bFhhbH
+oRVMZl7llwGdtmUR76moGAnOilKK3UG4Xn+yHk0Au0kMDciDzET1KL5pTk3FYaX5
+SdhMK5P3CQIRvGVQGEyzm2riGMGBQwbMTN1cWSrW39lORPDanDKIzzu0mvAe9Ufs
+M5Ecrz6xTIxMcMfBEaYH0snwMGFLowcDETk8DIM8qn6oOrH86S2+HP3LKeCM1DOI
+uAILj438lTgaHKfOmtAMxqwXzVtknQN5upIBvfDtYXeLH/zSztt3XIcDYrBVCFd+
+7wxvelu0C6e1yG3vQ6eQt4OAeSNBOXUAcIWsCti9uGL2//pE9gQs4s1ijJYFQuuE
+er3sTTqg4JU5y9NkDo6p9roZt+uDFSyj3wgOinfxMipNLniJpjrvV+tmqGhYZY0R
+WEP757A1M/xVaf89d9rp5pJ9QawNUIDfM8gH+m0FuX5YKlSvFak+uB9/Oeu+BKy+
+wWyBiEM3fOjnFBpAGz1nKGQFYvUuRtqFAmlLUhN3EA2ixL6tMvlkWmHS0o0o+YGX
+tANGcsS3KwWILlRarfhkHuc0s+gFiTKvfS/pTbiy6XbtYTtQ0n1HkLz32zwdnFig
+/do+xYVyb9w1IZSc3HZAA2h8NlW2crMbzHr4FlSF5p/Zk5gVdfnhuKqWsE/nKAjg
+/GwACVGzFbZiD2CqsMLBlAQTAQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX
+gBYhBDF2732yNn8fyk8wax+bDpCa83KFBQJjxyuuBQkI0+7hAAoJEB+bDpCa83KF
+cesQAK0yPR7YSvy+uumbMJ02Be/7bu60yUk5O8nngpmebzQLEDAOyp1/HTcNk8VO
+zyKsQfWOsCvupAvPpdlaTfXanJQa0kOBjos1B/hoc4lQg3UwpSxUbmAml8MZfWgs
+QOexENXh3kGQBHTQS7fObCx8P96BLgOvCzq/wo7dUf4cugfg0RQSVI6yQNUIesRq
+NSDHTRAKy6hWieW3itZRs/DCD9e/aesDAIGaFlxOWb5wl0mHHbYw2IhgK/RbSY7K
+kt24SPEom7rc7dD/ToG2qNv/5uUujSQdjQu0WE+5JVVOaYsKWkWTcdKVURhhRJQt
+FmBA+CQyC/gUmrPvjfWFk9LpbFi/5cFWaqWQpMjz0pQPyKcLRNNotYMaPWpxqIpt
+0sBtVBZSVHv1emyMkYccxgP49lfHpzWIdILZwKJyJ6PPtojV3lrcXc53ILsOTGi7
+iSSQDEmxwJ6hT0lzrJ0bGnTidO4pN6VqtpQUt3HsODtivodxfkGskuSMkPVunZLG
+4OIsdco/mdKpEEc6g2+dQnYl2tYFZ8w/l0gEakLbkFVIvsYdzCJpR39OJgRWE+YD
+aWWitak50L30tu5gXcIMw4+79s0gqUBBxYRo79bx31uV1fPcj+ajovLQD9o5lwfY
+TdPIaNPmQh6oyz9CVzTovUgsHP8Ji0Yepma09p89Ov1NFPlawsGUBBMBCAA+AhsD
+BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEMXbvfbI2fx/KTzBrH5sOkJrzcoUF
+AmHSMvMFCQb/66YACgkQH5sOkJrzcoVQXQ//bVDypVzLbR1pbJKy0ZrxxHzJQVBI
+6Ji2f4NsByIGV75Eci+cFyaR3JGZE021CHCDpzfBevxffz+Oyikftzb2/2Qq8GgF
+MTj3lLzkgq5py7H/498vyK1JmwXroQ8RX0X3iwAZncT5U5QI+GYZA9SkJe3ETFIn
+fkqZUdYXR0ZH3kt5ci+PxnwmD+HXAJUx/MWAX74Hi2/i+fkirpQ2tE0Kbo484Biy
+WTtfebajNLv97Sw/8TpGKgcLJKgBL0aY5QQoJ8dE8YQn8LNRDFk79YyZRHrXGpOs
+TpzEsQZD2ZS8YC3LmyWKhm/1lzYbKs1mlVbkodU6kkaJn8p19s5bI79gajjnoMm3
+Yh7q/Fp3nC2HpIpxWKnKqMdok/u+McivV7ue4VfRrKV7mXJ/0XUtcc8KYehDlDpn
+nbqETUkQPU/DGpUIxB3BR3ihEZJ6EpIkysXfgfpBPNvPpjnaV7+uPFgAzlst44FL
+RqQH0gI7IsBLABrgX+yioF1zQzOkp8iI8PJkuBmxeA1Q/M68VIIF4Wma3ej677M2
+ATdwX5cFqgrhvbwiBSst67YJjbyehwnl/tRAexV6/lIk4NnTKHPE2domgeAR+uLk
+mMO/o/G5Gk1cYbRXG38RM3vDqAAFEznec1pLla9UV6LrugJCHErnxI9Pm9h0njwG
+NJWpgz1NDMLlyvLCwZQEEwEIAD4WIQQxdu99sjZ/H8pPMGsfmw6QmvNyhQUCXNRw
+TQIbAwUJAeEzgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAfmw6QmvNyhVgV
+EACqcR2lm9HDyjUy+ChqGicRBDQqg0rZDohBPWICUWDjeGx/ZDouPU3yBoKWu3Lk
+0ouIPF0VshDOfab8H4UlV+06WcIEsYhV7zrUUPszCDrVsZt+2XSKsSBpdPaoBIVr
+0UxbN8ls/sS6TBNaN/1wdmTOqUXr62lwoF/cu+K4BzaRT5yaKs0SYb0mcqg4MSmt
+RPAWjlwZBvHwFZYyhaQap060uV5OGizfwZ3QLFldMtsSM5juQAok4Wod1OCOHYY+
+RahRaj/Z5bPgYE3ycM84G2j9N7nJu6MJLyyt2mOW49jjkgeKJ7aPledvuuyt3EJ0
+GQiJSQgjLXG/6wjmN+XmBJkcydalpMRxk/Yt6N7VHfet46vP8mC/jNbtUb5wFSGr
+RJcyZP0elzvO6VhSh1mlRoqEUHKkb1CFVCYGorfGdUuiRhTXKwPcjIqe1ZJQaIKy
+KOcy2CoItLNkcCNHtTloN5378Y6hO+IP3BIyRtlBcD3v9RIYsQj2Tu9Vnluk/Awb
+wLkmOnC6wAsDmmmhK6y0AVn3FpAZ7m17DpFiIlNpumNkjaULfEKFL2PPHB8VbYi1
+V1IAG69X+91JKxzTU83s+B2Rz8hei2jNbtYbj/E/VsiatOucOf9Yj8g0tnS4Xfjh
+a2VPXQQShBT2uhm+hF6esBappDgjoh9/AGEKD4Jhx47vLs7BTQRc1HJNARAA4MJw
+SQR1gZysB4RCS2HouDzCJkSUo6ImGYtRJogk97vfqhFvyDsvlST8n9jsizPUaC8z
+KwkZmIuNXhWa8lrHp6cx0FT9vCmzBz/pnSTk8r1/S7fDocWv5vmRtL44VywwbERZ
+oRBQ1deALPDXCNRor56cjcUxQw1m5sQzMO800pIx/Hangf2fx011rtKXTq4V2/OY
+mTLDmQ1M5mysAUEwDl+8z7ZouM4Xj+PVVxxp93zYL1G+kLs0kDbQCkuwtqj5SDLo
+P72Ml0TTOHZwvWhmHY8F7hMjWCzdd9ZahuqvfMcT0bG3Z8w6k4DwmapNnWatN9wH
+ds4TW4cp8nMVw6cULEZ+D0HygYKa/iHTRD+FHr2jrnmlS0sLb3L13KjGLa80mCHD
+btLZ2ww2UcYYCjPt05KWXNdO6qMKuvkkj81m4OoVGO78SswwIL2IZ+Top+fbAEX6
+NCpEgDNR/P6M2MXTRskqiEBXsHI4yw6UJyNsf2QFPJ5NIZbRM4/ippCXSSSN23nH
+p7Zq3Tg8kiztH4nawps4YrpPBy6HQ0PWqWPueH1sAw1MLN98hOA7V+WNv9Z1L8Az
+aYpenUZJwFRnXNzryHvlgJ7BkfUjEsuB67j/2H/jmUghbTkpaHuDLT/qncn8dLw4
+P5i332cRPK/s0ngeSAKdAUm8FIXW3lhnflKVggsAEQEAAcLDsgQYAQgAJgIbAhYh
+BDF2732yNn8fyk8wax+bDpCa83KFBQJlmCIKBQkMhha9AkAJEB+bDpCa83KFwXQg
+BBkBCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAlzUck0ACgkQliYqz/vTrsba
+zxAAg/8wf9fNu6HPu477oUU1LuSTTTNAiYLVjTJjJ7LLZRaxIPgdR0TTkKgkIxLA
+delM3MOz9ppyROwqK8Qg1g+9PBsQY8w+q/0xUPvxPjqLBK4D5CDfYIMsCO5tvLxD
+nkNdhL+rjQJlovODs5BPwgfTd7DHOu2l0uudedg3WS3AEWiS/lmzEHkGEQl9sQcS
+p2g2TZJNC/mn8iStzkL+F58dIpdXhwlFig+St2evRkfJ68HmIa5H3MzGaQsP43Ii
+qpWrGNZA2MugR1j7Eqd7MeIhm8ZvqcfnkOixljn8geAtQmwsVxg18sVJV0DMXSnL
+4DmdjQ8lquVmm06Lba1KxJdfkQpYctNlRRyzW4GubJ1UUyxPdkL7ykfEvIoaf5/7
+z2N1QLOJ1D7njk5ic1PPFOMbK0b1j8oRUNhRYCb05JIsmMOm3hENUXrK17xwcl90
+L1ilrN63ZnYYy0ZrqDp2/s2EMX4kISGcyto9osdtacAE/jsAlnVxG9h8TaXIcHN8
+pbJYnnoFYf1J/unoPB6GogCjR6s8BycENxut+sdpKcUu9b1SkgYAa8ExdmoChk02
+xeqrs4wdG32tZlc4aR4YAg2fCVAhPd98oyi6dRL3HMszSRl1/sFLsrn7mByMk+HV
+vXK8FgCmKgEBdudpOaq93CvTcUuegaLn/TrvW3SJQZKpsXidTQ/+Ns4PriL1io26
+cpZKu7CMplwkJn5xIyoV+tFJHbrgmZ7csdo1QgLHyI0LCA/vIw22XCrT09it8anQ
+Ykbz/3JHQAnMtsJOZI8j6j/iITomNVcZZL334YxD0NB+aFJEZivIa9OCvFU5gQCg
+Ibzio1PP6Dt2PozKR63v/6hv0kp3SVlknWLRTkK3CwbtYhPmfkrN9HJVzyz+6JbU
+mTPk28AannszumPSA7fIMeIKmpgkTeDsozN6tlcqBDzRks0kQlHMzhGk5upCfgWf
+7aiqTF+clVSMyTiXLW+3xjN+AQHn4gHRB8buAoWaPV+J5vZF8xU6VL6y3fewfARk
+YLmZNy5Sp30ataBu5LPVPP61PMb0gskhAD/tYEC1oTuCSX7eWSYEA/GGjUkANXbR
+y1WL8YuDuckK5U9FHupkb3tZFtfuw/Zpz5rf+RzjBAPrAtCDkUCQD5Wg2F/KfVPr
+RxKCJ1va+21C6ngwmQKghDiIcjMUps9vnfixBOhTU2hg+woYnKnOOkg+0TD7zJPO
+0gV9s39W5B/2fdDfIprnq6dk5tJXcqIVUtnxlqUam1cMBKkgqSXQxLwvMUOjFBH6
+MxXmJwW3OVBZN+GYXFsVnDtCcHNqbEGEiQMIh+hhBbrStc+PiRCaudkiZ11ltx11
+njEdV7VbbGxepus3mTQuxVxU1GFdS3jCw7IEGAEIACYCGwIWIQQxdu99sjZ/H8pP
+MGsfmw6QmvNyhQUCY8crlAUJCNPswwJACRAfmw6QmvNyhcF0IAQZAQgAHRYhBMuN
+5wqQz79sO/XMVpYmKs/7067GBQJc1HJNAAoJEJYmKs/7067G2s8QAIP/MH/Xzbuh
+z7uO+6FFNS7kk00zQImC1Y0yYyeyy2UWsSD4HUdE05CoJCMSwHXpTNzDs/aackTs
+KivEINYPvTwbEGPMPqv9MVD78T46iwSuA+Qg32CDLAjubby8Q55DXYS/q40CZaLz
+g7OQT8IH03ewxzrtpdLrnXnYN1ktwBFokv5ZsxB5BhEJfbEHEqdoNk2STQv5p/Ik
+rc5C/hefHSKXV4cJRYoPkrdnr0ZHyevB5iGuR9zMxmkLD+NyIqqVqxjWQNjLoEdY
++xKnezHiIZvGb6nH55DosZY5/IHgLUJsLFcYNfLFSVdAzF0py+A5nY0PJarlZptO
+i22tSsSXX5EKWHLTZUUcs1uBrmydVFMsT3ZC+8pHxLyKGn+f+89jdUCzidQ+545O
+YnNTzxTjGytG9Y/KEVDYUWAm9OSSLJjDpt4RDVF6yte8cHJfdC9Ypazet2Z2GMtG
+a6g6dv7NhDF+JCEhnMraPaLHbWnABP47AJZ1cRvYfE2lyHBzfKWyWJ56BWH9Sf7p
+6DwehqIAo0erPAcnBDcbrfrHaSnFLvW9UpIGAGvBMXZqAoZNNsXqq7OMHRt9rWZX
+OGkeGAINnwlQIT3ffKMounUS9xzLM0kZdf7BS7K5+5gcjJPh1b1yvBYApioBAXbn
+aTmqvdwr03FLnoGi5/0671t0iUGSqbF4gjYP/jOOTWQ16ImKxAbQGLoStrlU3ksD
+EvgE3Ot1BHkH+jLZWIs7f/OA9SM9j8aYqcHT+UCgiAiqDoU1axEf2AefpQi+5t5K
+llg42vHT3VILkWIby6LldYZzRcPKDdis2YX78WlRCpcN6poZTcAx5z6Msvj0M3Ud
+cgjshBgqtaa2pfwpGp+pmUh3tlz4Kqp+wTrooUsytuBLE/pvSE4cgt83j1Tu0bUw
+QQpfaFrfqGWbe9RGbSRNqLxPqKyackSumGvzmOjXUrzjb25/RAbWZzC1xVQT0/E7
+HbQSNtdi8aE9NxgsEVfH9iXHuxOOkKJMqHkrmFoyrFShYsjD8OmHCes3WsEVFgtu
+6ecUPvAcrDn3STC5Q71Gkoe7slbT8vBEJoENARCo1bKl8zzgIiNiuKQ4q7D/coCT
+BEbw45QFVJV+YoDqWUbpibbHC4Ox9heHo1qkjnXHjEsTNyUp9VN2r4aKVXrWdmb2
+ec+LF0Lt8SZScoLcr/OP4bXncHcokqTh4304A7myJXkSZqiVjssdkkts4KPKkMAo
+2Wx30ZjaBDTo4oRm2iK3rXFI6LS4ClUBG10JlwPo98Dkk9yzQxCvIMIGAS/PTCm1
+osxy7kZWDpiJb4wGBq0BZiCy23k/7TkeqkC/51z7U4mGZARfQI95wwwHxLURgJzJ
+suh8G7gkTcHL01kkwsOyBBgBCAAmAhsCFiEEMXbvfbI2fx/KTzBrH5sOkJrzcoUF
+AmHSMy4FCQb/6eECQAkQH5sOkJrzcoXBdCAEGQEIAB0WIQTLjecKkM+/bDv1zFaW
+JirP+9OuxgUCXNRyTQAKCRCWJirP+9OuxtrPEACD/zB/1827oc+7jvuhRTUu5JNN
+M0CJgtWNMmMnsstlFrEg+B1HRNOQqCQjEsB16Uzcw7P2mnJE7CorxCDWD708GxBj
+zD6r/TFQ+/E+OosErgPkIN9ggywI7m28vEOeQ12Ev6uNAmWi84OzkE/CB9N3sMc6
+7aXS65152DdZLcARaJL+WbMQeQYRCX2xBxKnaDZNkk0L+afyJK3OQv4Xnx0il1eH
+CUWKD5K3Z69GR8nrweYhrkfczMZpCw/jciKqlasY1kDYy6BHWPsSp3sx4iGbxm+p
+x+eQ6LGWOfyB4C1CbCxXGDXyxUlXQMxdKcvgOZ2NDyWq5WabTottrUrEl1+RClhy
+02VFHLNbga5snVRTLE92QvvKR8S8ihp/n/vPY3VAs4nUPueOTmJzU88U4xsrRvWP
+yhFQ2FFgJvTkkiyYw6beEQ1ResrXvHByX3QvWKWs3rdmdhjLRmuoOnb+zYQxfiQh
+IZzK2j2ix21pwAT+OwCWdXEb2HxNpchwc3ylslieegVh/Un+6eg8HoaiAKNHqzwH
+JwQ3G636x2kpxS71vVKSBgBrwTF2agKGTTbF6quzjB0bfa1mVzhpHhgCDZ8JUCE9
+33yjKLp1EvccyzNJGXX+wUuyufuYHIyT4dW9crwWAKYqAQF252k5qr3cK9NxS56B
+ouf9Ou9bdIlBkqmxeLF1D/9hJ0VQU3BjaBVJTKYsfZsvSDLxgqGHFdz5TzyLnGap
+shR9ZMvoyjUZUylupYpvnbKx6ypxZEP7ML+nWZ45KYdLSsaqXHN8mCInlD6MvcqX
+XccuUNffcgQXHhlP/lE2DFqlYDjhC13m5UyAqFfhk73kPQ5MaUX9lPZCfFYW+YVA
+OJlAtlns/fbnJY8EJe9msj+0aAyENdhq61+XxUIvtZp8KiT7vMtgFHgkguw888n4
+GQvYSQ/DvCnh9N1wnn6En8QDuBx/RK9VDfU0hUs7CH7SvxuHFvF6Koe0v+bS2kZO
+/3QhnLZhDNOkm2nMImRYGD+8QJGIIOebRl/FC8VUCOCqY1z90S2sOWt0VFJvUoO/
+m0IFNYwdKsati7l6TzFpmqYl+rlsfDya1idtVzZx5nLM8Erck1gmDGh9WXHasuW1
+nvaJJSClQbrPJNiLtEZN+IZj4Ggd0xv8Mjq2lJzWXsHHMRXPZpbOaNb+PJa5uGRE
+VvXY8FCI/3glOWd327m3ZN9keRPTbzJXMXBPuUhyhSXdB9nFWT54SORvdD/3kBQJ
+JhoaRraUkPQJh/az/ivxgdSY+BjNrtyA8DIHbCYUxlHyYdVFuqYQceseVjDf568p
+Rb+1O7KYIBX0rZStwJisus0d8ZboJppinOuVwk5fyhu8LpxuVbrRPQQsZb4lSnhO
+XsLDsgQYAQgAJhYhBDF2732yNn8fyk8wax+bDpCa83KFBQJc1HJNAhsCBQkB4TOA
+AkAJEB+bDpCa83KFwXQgBBkBCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAlzU
+ck0ACgkQliYqz/vTrsbazxAAg/8wf9fNu6HPu477oUU1LuSTTTNAiYLVjTJjJ7LL
+ZRaxIPgdR0TTkKgkIxLAdelM3MOz9ppyROwqK8Qg1g+9PBsQY8w+q/0xUPvxPjqL
+BK4D5CDfYIMsCO5tvLxDnkNdhL+rjQJlovODs5BPwgfTd7DHOu2l0uudedg3WS3A
+EWiS/lmzEHkGEQl9sQcSp2g2TZJNC/mn8iStzkL+F58dIpdXhwlFig+St2evRkfJ
+68HmIa5H3MzGaQsP43IiqpWrGNZA2MugR1j7Eqd7MeIhm8ZvqcfnkOixljn8geAt
+QmwsVxg18sVJV0DMXSnL4DmdjQ8lquVmm06Lba1KxJdfkQpYctNlRRyzW4GubJ1U
+UyxPdkL7ykfEvIoaf5/7z2N1QLOJ1D7njk5ic1PPFOMbK0b1j8oRUNhRYCb05JIs
+mMOm3hENUXrK17xwcl90L1ilrN63ZnYYy0ZrqDp2/s2EMX4kISGcyto9osdtacAE
+/jsAlnVxG9h8TaXIcHN8pbJYnnoFYf1J/unoPB6GogCjR6s8BycENxut+sdpKcUu
+9b1SkgYAa8ExdmoChk02xeqrs4wdG32tZlc4aR4YAg2fCVAhPd98oyi6dRL3HMsz
+SRl1/sFLsrn7mByMk+HVvXK8FgCmKgEBdudpOaq93CvTcUuegaLn/TrvW3SJQZKp
+sXinJw/+PtR1IOXCq30k12TbLjlOwJ5cm1qVOyZfGHcX3rggnviOVt402KpY6QkR
+lgQB7RN7nQd+yVykp/Mh+9Cc10A1i/fhtcKpOYsJL7ZiqgGqcyRbmfZWDZTRmA8S
+PX6E6vfX/joXhZ0951JvCAPTdDMIxgiCeedNRzPjTvFspVaMtGPnq8W8kBgthMu2
+I1WUrgk2aNwbmIkgj/AZnfah8QiZgRkIG7QP9kAXC2fKP8/cNFN/SMLHovKGnGZ3
+FUyBZwQ7FNxNuTNXskPFXXAKiy+791BTovttMwQbPoPIwQXc11FYafkQLF5XaPIv
+6rXQ+P/dFF0+xQV5iJhrczlZs2tt7+w8quz/2bnhAKoa+77Vve1EO/mJFw2uKx4u
+B6xiQpa3cYsRMgkz6w/vkr8MQLnd4QFCmRfYTm9Hw/QO3J+txBEVYGiRgIu6fTqq
+m6p4vCTrLEBek3glBT/l950ePosvBF+LHHzei1Aev5p4aEVWdxjRMzwGYvTxnvEa
+lialDLawVVD1cXMAIH4oz5pjCFyFMmZOcrE0Hk93iVXd0d8sTkX2h0g+ZLh511sL
+Kf8mJbbCyP4QbVWvDe12Xc2fSQ0/HyFo+edeQ7H7p07ZLKzm6UXYquJcQKGKom6C
+Pi9QQh8L2k8vYIV4YaYJ8ptAyZNm5rnEWoq/emqU83WKLM3e4izOwU0EXNRwTQEQ
+AOhMwHA6FxDjdxLDnPYZZ/HRCB3j+Fn5s+c/qiK3J54G4yYP91871FjDeF7pDsmc
+QRgCz0k6GeZOzFOkpCTGg6aMPkOiBo931OqckzhlACnLSCzR5b2bILTaUGnf4t41
+D6+tCFK2dfJBdQ0yYfB3la8kg9a7vtnlaM9UO0Tr+o9NYOWysUAa5fxS9jSF2Czg
+eZ6k9Wa0bj90u8N9cfsGrMB7F6TVPG4Tf7GbCvgMwaBfSQK74hXVWd0wjTW0VGIp
+xRfAYudJyB/2da5rOsMWh5hEe6dShwEQ1tJHnjuBIJI1UZSyVtFqMj8NysftD7+V
+rd6N3Fp5umUzc6tViag+u6s8Q8TxCXMaSwoVtBV1HHbqKiCzwd4XNwHfv/h0VrgM
+0SXrYVmHwUkLUNdOlAKWRZ7ExaTMx0oNaKwjr3FhV7W5utf6kQ9lMfS8gV0dJM1n
+Zp0Zkgi/ojuIecqBQXJwTp1YQo1QmJHM0sKTu6pOOlTxizaT4Ak0etQf9SLinltM
+eYEdCoFavWkWXIIP4YM94fuD5Ekc03b2iiCMKVONSr4dKaAPFEtV3uFIoS/VwG5Q
+Q8mEhZZH9ymOeUrm+YvljFSfp1TDp9dGiYNKCx52Zj7wChqswzVEVFTqGEZqsYty
+uuDQM0JhX6TGT75zmsqiJhBGl6nigGrdaRCnWvWv0n0dABEBAAHCwXwEGAEIACYC
+GwwWIQQxdu99sjZ/H8pPMGsfmw6QmvNyhQUCZZgiCgUJDIYYvQAKCRAfmw6QmvNy
+heNyD/9uERCjRwJzBaF7eOl64Rqt27mYLgJKU9eA+4xit5ZEATPAlTuIbbqp0edY
+QLo2peMOgAADWmSYujOTUK7+e0/hHo7Mjr2RwbTnKOtKrG7tj4emqSQ4la0LGkJ4
+J1RoRHPLQw+VDOS7XHkidXwU4RJzz20nZGXVfCHmbvNOzoqbhUC36Sh6dONFcyUN
+Lk30crABh6vGVqKRL9KM2A3CH3RU9reLb4khKgTUlDWt0g9itU5V6rih2dyEkApD
+t0OOP3ksywTCqJNBSnVYopVn1IlkEGbCKEfeANJteDQpu3P5RkCu8pfvkYnOdik+
+FbmfmNCtfe67lmgT0uzdfMRzR9Pz+24Tkhruzxlt30m14n+8QHwfZqCAkedBiyG3
+vf4guOunrtn6RgeeXZHfKBgy/xhsgg/RJpDUkoGeGDSrdn0elRbSXc57WaytonIa
+2Lshl0PVIiTbQFDOtHheApiV/fZ30rXNlWV1zUsug/3zZFmzICc+7iDS9IxSAooV
+6JMAImjvst+uFjks5PzUD2XCGf35z2Typ1iEXkHzHTwB6+KVUu32L+QDBaJ0d31E
+no66F3iMmQeg4Lf79d7DgUOtRhbdJ++bF9sEpXPDb5Fyxt8acKj2eybPE2nXOxyt
+0e5LAqUcM/qyR5+rBL1WUsevkuRM08O0zVqg3nM7JkfmD2Eb3sLBfAQYAQgAJgIb
+DBYhBDF2732yNn8fyk8wax+bDpCa83KFBQJjxyuQBQkI0+7DAAoJEB+bDpCa83KF
+F14P/R8+Etr8EmteZq61t7Mg1rdGmddJaCzYt5C/WSeEPeTI+uCSke6gJM30N0O5
+sIp4v9rXQ3jIPJIOMkPnjggGIckhN3ohNE4WhZVGF5wkjVUoDsk+mLQLOhY8d6zc
+UvfieRN828gcDvE6Vr5E9o6+5SlOV2adC9UULijdAwd4tbYNHICS23RZC6+9pUKA
+2EE1TGor9yLv5nYAJOJgkp0fVERTcQmy2FlAS4R9SrQgAmw4V10n1ZxlFXNG/41U
+5x7B5vg9nNLZ/ZK2fTjWfSdtmiGUEIPNMcUs+upFtG1p84XQIHv909I6HnoGS8kT
+hE6wRWy1vkXIrdEl+hvpgoNSdxQCyLBLQfZxvWuU7pvmzC9NtcIkx/jFSx9Bj9XJ
+LQ2R/8zbkegrcS7K8Nr4C7EXdUBogfSzferCmAUBxeGLO/VeeAEgVQUyu+78XFuH
+SHdmT8YtC1Oe4y95iX+kkAVQNbNPxzWjXO67bnopWKnCJFOsKWLW7VefhuzB790c
+F5kXQNZGG3NxDP2H4xIytmxgikayuHKY6/ASH8T/x+poqE7S2alW+Tt7ou5ANdRk
+uH1l7qxizFjlT5nFQFJv5WfOiOa1/afVeOWdVYjpBiChn6uUKmb8XQ0ab/oX7aTq
+1niAgfxWQfRYZEt1kthCh2qnFpOZSraUYD3LFQ+GZNU5ZougwsF7BBgBCAAmAhsM
+FiEEMXbvfbI2fx/KTzBrH5sOkJrzcoUFAmHSMwsFCQb/674ACgkQH5sOkJrzcoVy
+uQ/4wTAgHaCVVvWouLSoDWnN7MRY67Zyz6OpRMweAF55bZAtVcFC3gy/jtyLnmAr
+e5Mka/b76IBv8v3vJKVSBrx/E3GXe9RL1JDOw3/V/PCOWz6wO/DKVgBEBhNUcbBS
+0FaacwDnol1U18v58Ev/Cyj9vFuRTRR9DPamJr043ktGGMMa+wyVOdugdCRoorOJ
+F5fNbWJ3dh+OnMdao0jJljFdHT1jG1BuYLNx7VOLuQ6QYJ+2vpJYoaZrcXm1jVdr
+zt0wqmCabPlm7wzx6VLBxaVvsGLxNFaLAfY2Cs4TkveGhs+GJe302av7ReGrQUXq
+HhEiYukSVqbzZnUkD2KybtwQBlp2E7p4lvcYR4UmJwkqx91n2Unq5lOl4gJirWQe
+V8OB8o7iYCo1A481Qzr6U0FXJ6ZAV5DncNHSGQ5OtXKvNaf0em5sRBrCJDBzacUX
+wNTzcI8qYIqCxdgsquZAdyFXPCnaVuDt12lUojH715ZL6UCZgj7cbqfCKlJoC/iC
+06iyWhzoaW2+m7IpEw3pFAvQyFefMUOR7hyNKmk6w8mbBvAiun/jsMSm1yYeUAxW
+qzOWKziB2jmgUiAkLQoAgR/yad/PCzpvK0w6khwEMafWY0Gn8iwWhh5R0dq7587X
+1dSx0vvT773p+idxY+K+Yc7SV7ilKzmfwbC8PHOw5ziNFMLBfAQYAQgAJhYhBDF2
+732yNn8fyk8wax+bDpCa83KFBQJc1HBNAhsMBQkB4TOAAAoJEB+bDpCa83KFDGMP
+/j/LjzcdTfiHWHc6E7EUM3qPWf8obSL7Ft4l77x0vUGf2G3pQcngTI1SIMTTLAKk
+Xhd6qPqCVPmM6kHK6IzwFcnMRFoMyoH/bVnZkUs0NyU3DPg3OUc1Iunvcg27nHdZ
+PLFRv8ey/qSyNiIEJu3hzyBIUO0ZDdOtUwkqnznrri+IpToD7gWoYM0CC/Aero/O
+aC20c6dU1s4zwmAjqfzb0Nqiv3CDrrvF0p3g6fn7BAyHxnYbS7ZXS8nPQEY0qp+y
+C0CR3jceXCwv9C1PhQiSfqiPBTL7CglOz02WSAxY7GInh3VitM2rruKcacpLVfji
+ZmFH4SUCys/7c1Sn+pJTfiqO/2sV4vutxfu3Q0xDYmcf7DK9BN7bZ01m3szTX/+5
+Ief0kpY+e5ZrfcRHUOAzA/dXeW8sErf+YvCU9Hyi/e5iWvbhaMg9HwMA37cEfhBm
+VwGBOS6nuFHn7TFoZrCNnFWEpfUJY++TThhNaVKlz5n3PXERFCJlfZtXf097cJJR
+JniBoA2jdfQqSJAgXArbZPxRW0ohIfgj+lnvqNwB27trdnKKpxC6k6P1k0QZ1MP3
+tDRaz/k0WrVi4Sxps78/RzA7I9nAR1ovVUx8Tw2I9ru64SyyyYuaA2M5nQs4kMzA
+3P3oeFO9t91by/d/O1lj9HtGYEn5xLzb40OyTfeDSyTp
+=gYkV
+-----END PGP PUBLIC KEY BLOCK-----

SOURCES/expat-2.5.0-CVE-2024-28757.patch

@@ -1,172 +0,0 @@
-commit cd3b344e0dbd19a812d0b4f34f9d089ed7c5c411
-Author: Tomas Korbar <tkorbar@redhat.com>
-Date:   Tue Mar 19 15:12:18 2024 +0100
-
-    Fix CVE-2024-28757
-    
-    Upstream PRs #841 and #842
-
-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
-index 2ae64e9..0896b16 100644
---- a/expat/lib/xmlparse.c
-+++ b/expat/lib/xmlparse.c
-@@ -6164,7 +6164,7 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
-           dtd->keepProcessing = dtd->standalone;
-           goto endEntityValue;
-         }
--        if (entity->open) {
-+        if (entity->open || (entity == parser->m_declEntity)) {
-           if (enc == parser->m_encoding)
-             parser->m_eventPtr = entityTextPtr;
-           result = XML_ERROR_RECURSIVE_ENTITY_REF;
-@@ -7680,6 +7680,8 @@ copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) {
- 
- static float
- accountingGetCurrentAmplification(XML_Parser rootParser) {
-+  //                                          1.........1.........12 => 22
-+  const size_t lenOfShortestInclude = sizeof("<!ENTITY a SYSTEM 'b'>") - 1;
-   const XmlBigCount countBytesOutput
-       = rootParser->m_accounting.countBytesDirect
-         + rootParser->m_accounting.countBytesIndirect;
-@@ -7687,7 +7689,9 @@ accountingGetCurrentAmplification(XML_Parser rootParser) {
-       = rootParser->m_accounting.countBytesDirect
-             ? (countBytesOutput
-                / (float)(rootParser->m_accounting.countBytesDirect))
--            : 1.0f;
-+            : ((lenOfShortestInclude
-+                + rootParser->m_accounting.countBytesIndirect)
-+               / (float)lenOfShortestInclude);
-   assert(! rootParser->m_parentParser);
-   return amplificationFactor;
- }
-diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
-index 941f61d..93adc45 100644
---- a/expat/tests/runtests.c
-+++ b/expat/tests/runtests.c
-@@ -1788,6 +1788,48 @@ START_TEST(test_wfc_no_recursive_entity_refs) {
- }
- END_TEST
- 
-+START_TEST(test_recursive_external_parameter_entity_2) {
-+  struct TestCase {
-+    const char *doc;
-+    enum XML_Status expectedStatus;
-+  };
-+
-+  struct TestCase cases[] = {
-+      {"<!ENTITY % p1 '%p1;'>", XML_STATUS_ERROR},
-+      {"<!ENTITY % p1 '%p1;'>"
-+       "<!ENTITY % p1 'first declaration wins'>",
-+       XML_STATUS_ERROR},
-+      {"<!ENTITY % p1 'first declaration wins'>"
-+       "<!ENTITY % p1 '%p1;'>",
-+       XML_STATUS_OK},
-+      {"<!ENTITY % p1 '&#37;p1;'>", XML_STATUS_OK},
-+  };
-+
-+  for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
-+    const char *const doc = cases[i].doc;
-+    const enum XML_Status expectedStatus = cases[i].expectedStatus;
-+
-+    XML_Parser parser = XML_ParserCreate(NULL);
-+    assert_true(parser != NULL);
-+
-+    XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
-+    assert_true(ext_parser != NULL);
-+
-+    const enum XML_Status actualStatus
-+        = _XML_Parse_SINGLE_BYTES(ext_parser, doc, (int)strlen(doc), XML_TRUE);
-+
-+    assert_true(actualStatus == expectedStatus);
-+    if (actualStatus != XML_STATUS_OK) {
-+      assert_true(XML_GetErrorCode(ext_parser)
-+                  == XML_ERROR_RECURSIVE_ENTITY_REF);
-+    }
-+
-+    XML_ParserFree(ext_parser);
-+    XML_ParserFree(parser);
-+  }
-+}
-+END_TEST
-+
- /* Test incomplete external entities are faulted */
- START_TEST(test_ext_entity_invalid_parse) {
-   const char *text = "<!DOCTYPE doc [\n"
-@@ -12719,6 +12761,60 @@ START_TEST(test_helper_unsigned_char_to_printable) {
-     fail("unsignedCharToPrintable result mistaken");
- }
- END_TEST
-+
-+START_TEST(test_amplification_isolated_external_parser) {
-+  // NOTE: Length 44 is precisely twice the length of "<!ENTITY a SYSTEM 'b'>"
-+  // (22) that is used in function accountingGetCurrentAmplification in
-+  // xmlparse.c.
-+  //                  1.........1.........1.........1.........1..4 => 44
-+  const char doc[] = "<!ENTITY % p1 '123456789_123456789_1234567'>";
-+  const int docLen = (int)sizeof(doc) - 1;
-+  const float maximumToleratedAmplification = 2.0f;
-+
-+  struct TestCase {
-+    int offsetOfThreshold;
-+    enum XML_Status expectedStatus;
-+  };
-+
-+  struct TestCase cases[] = {
-+      {-2, XML_STATUS_ERROR}, {-1, XML_STATUS_ERROR}, {0, XML_STATUS_ERROR},
-+      {+1, XML_STATUS_OK},    {+2, XML_STATUS_OK},
-+  };
-+
-+  for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
-+    const int offsetOfThreshold = cases[i].offsetOfThreshold;
-+    const enum XML_Status expectedStatus = cases[i].expectedStatus;
-+    const unsigned long long activationThresholdBytes
-+        = docLen + offsetOfThreshold;
-+
-+    XML_Parser parser = XML_ParserCreate(NULL);
-+    assert_true(parser != NULL);
-+
-+    assert_true(XML_SetBillionLaughsAttackProtectionMaximumAmplification(
-+                    parser, maximumToleratedAmplification)
-+                == XML_TRUE);
-+    assert_true(XML_SetBillionLaughsAttackProtectionActivationThreshold(
-+                    parser, activationThresholdBytes)
-+                == XML_TRUE);
-+
-+    XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
-+    assert_true(ext_parser != NULL);
-+
-+    const enum XML_Status actualStatus
-+        = _XML_Parse_SINGLE_BYTES(ext_parser, doc, docLen, XML_TRUE);
-+
-+    assert_true(actualStatus == expectedStatus);
-+    if (actualStatus != XML_STATUS_OK) {
-+      assert_true(XML_GetErrorCode(ext_parser)
-+                  == XML_ERROR_AMPLIFICATION_LIMIT_BREACH);
-+    }
-+
-+    XML_ParserFree(ext_parser);
-+    XML_ParserFree(parser);
-+  }
-+}
-+END_TEST
-+
- #endif // defined(XML_DTD)
- 
- static Suite *
-@@ -12871,6 +12967,8 @@ make_suite(void) {
-   tcase_add_test__ifdef_xml_dtd(tc_basic, test_skipped_parameter_entity);
-   tcase_add_test__ifdef_xml_dtd(tc_basic,
-                                 test_recursive_external_parameter_entity);
-+  tcase_add_test__ifdef_xml_dtd(tc_basic,
-+                                test_recursive_external_parameter_entity_2);
-   tcase_add_test(tc_basic, test_undefined_ext_entity_in_external_dtd);
-   tcase_add_test(tc_basic, test_suspend_xdecl);
-   tcase_add_test(tc_basic, test_abort_epilog);
-@@ -13120,6 +13218,7 @@ make_suite(void) {
-   tcase_add_test(tc_accounting, test_accounting_precision);
-   tcase_add_test(tc_accounting, test_billion_laughs_attack_protection_api);
-   tcase_add_test(tc_accounting, test_helper_unsigned_char_to_printable);
-+  tcase_add_test(tc_accounting, test_amplification_isolated_external_parser);
- #endif
- 
-   return s;

SOURCES/expat-2.5.0-CVE-2024-45490.patch

@@ -1,129 +0,0 @@
-commit 05d87eb116ddde35bfa4e4c1d2ec7bcbda38c09b
-Author: Tomas Korbar <tkorbar@redhat.com>
-Date:   Wed Sep 11 13:48:58 2024 +0200
-
-    Fix CVE-2024-45490
-    
-    https://github.com/libexpat/libexpat/pull/890
-
-diff --git a/expat/doc/reference.html b/expat/doc/reference.html
-index a10f3cb..d618bd8 100644
---- a/expat/doc/reference.html
-+++ b/expat/doc/reference.html
-@@ -1098,7 +1098,9 @@ containing part (or perhaps all) of the document. The number of bytes of s
- that are part of the document is indicated by <code>len</code>. This means
- that <code>s</code> doesn't have to be null terminated. It also means that
- if <code>len</code> is larger than the number of bytes in the block of
--memory that <code>s</code> points at, then a memory fault is likely. The
-+memory that <code>s</code> points at, then a memory fault is likely.
-+Negative values for <code>len</code> are rejected since Expat 2.2.1.
-+The
- <code>isFinal</code> parameter informs the parser that this is the last
- piece of the document. Frequently, the last piece is empty (i.e.
- <code>len</code> is zero.)
-@@ -1114,11 +1116,17 @@ XML_ParseBuffer(XML_Parser p,
-                 int isFinal);
- </pre>
- <div class="fcndef">
-+<p>
- This is just like <code><a href= "#XML_Parse" >XML_Parse</a></code>,
- except in this case Expat provides the buffer.  By obtaining the
- buffer from Expat with the <code><a href= "#XML_GetBuffer"
- >XML_GetBuffer</a></code> function, the application can avoid double
- copying of the input.
-+</p>
-+
-+<p>
-+Negative values for <code>len</code> are rejected since Expat 2.6.3.
-+</p>
- </div>
- 
- <h4 id="XML_GetBuffer">XML_GetBuffer</h4>
-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
-index 0896b16..f54e258 100644
---- a/expat/lib/xmlparse.c
-+++ b/expat/lib/xmlparse.c
-@@ -1998,6 +1998,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) {
- 
-   if (parser == NULL)
-     return XML_STATUS_ERROR;
-+
-+  if (len < 0) {
-+    parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT;
-+    return XML_STATUS_ERROR;
-+  }
-+
-   switch (parser->m_parsingStatus.parsing) {
-   case XML_SUSPENDED:
-     parser->m_errorCode = XML_ERROR_SUSPENDED;
-diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
-index 93adc45..ed88f9f 100644
---- a/expat/tests/runtests.c
-+++ b/expat/tests/runtests.c
-@@ -3856,6 +3856,57 @@ START_TEST(test_empty_parse) {
- }
- END_TEST
- 
-+/* Test XML_Parse for len < 0 */
-+START_TEST(test_negative_len_parse) {
-+  const char *const doc = "<root/>";
-+  for (int isFinal = 0; isFinal < 2; isFinal++) {
-+    XML_Parser parser = XML_ParserCreate(NULL);
-+
-+    if (XML_GetErrorCode(parser) != XML_ERROR_NONE)
-+      fail("There was not supposed to be any initial parse error.");
-+
-+    const enum XML_Status status = XML_Parse(parser, doc, -1, isFinal);
-+
-+    if (status != XML_STATUS_ERROR)
-+      fail("Negative len was expected to fail the parse but did not.");
-+
-+    if (XML_GetErrorCode(parser) != XML_ERROR_INVALID_ARGUMENT)
-+      fail("Parse error does not match XML_ERROR_INVALID_ARGUMENT.");
-+
-+    XML_ParserFree(parser);
-+  }
-+}
-+END_TEST
-+
-+/* Test XML_ParseBuffer for len < 0 */
-+START_TEST(test_negative_len_parse_buffer) {
-+  const char *const doc = "<root/>";
-+  for (int isFinal = 0; isFinal < 2; isFinal++) {
-+    XML_Parser parser = XML_ParserCreate(NULL);
-+
-+    if (XML_GetErrorCode(parser) != XML_ERROR_NONE)
-+      fail("There was not supposed to be any initial parse error.");
-+
-+    void *const buffer = XML_GetBuffer(parser, (int)strlen(doc));
-+
-+    if (buffer == NULL)
-+      fail("XML_GetBuffer failed.");
-+
-+    memcpy(buffer, doc, strlen(doc));
-+
-+    const enum XML_Status status = XML_ParseBuffer(parser, -1, isFinal);
-+
-+    if (status != XML_STATUS_ERROR)
-+      fail("Negative len was expected to fail the parse but did not.");
-+
-+    if (XML_GetErrorCode(parser) != XML_ERROR_INVALID_ARGUMENT)
-+      fail("Parse error does not match XML_ERROR_INVALID_ARGUMENT.");
-+
-+    XML_ParserFree(parser);
-+  }
-+}
-+END_TEST
-+
- /* Test odd corners of the XML_GetBuffer interface */
- static enum XML_Status
- get_feature(enum XML_FeatureEnum feature_id, long *presult) {
-@@ -12937,6 +12988,8 @@ make_suite(void) {
-   tcase_add_test__ifdef_xml_dtd(tc_basic, test_user_parameters);
-   tcase_add_test__ifdef_xml_dtd(tc_basic, test_ext_entity_ref_parameter);
-   tcase_add_test(tc_basic, test_empty_parse);
-+  tcase_add_test(tc_basic, test_negative_len_parse);
-+  tcase_add_test(tc_basic, test_negative_len_parse_buffer);
-   tcase_add_test(tc_basic, test_get_buffer_1);
-   tcase_add_test(tc_basic, test_get_buffer_2);
- #if defined(XML_CONTEXT_BYTES)

SOURCES/expat-2.5.0-CVE-2024-45491.patch

@@ -1,31 +0,0 @@
-From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Mon, 19 Aug 2024 22:34:13 +0200
-Subject: [PATCH] lib: Detect integer overflow in dtdCopy
-
-Reported by TaiYou
----
- expat/lib/xmlparse.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
-index 91682c188..e2327bdcf 100644
---- a/expat/lib/xmlparse.c
-+++ b/expat/lib/xmlparse.c
-@@ -7016,6 +7016,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd,
-     if (! newE)
-       return 0;
-     if (oldE->nDefaultAtts) {
-+      /* Detect and prevent integer overflow.
-+       * The preprocessor guard addresses the "always false" warning
-+       * from -Wtype-limits on platforms where
-+       * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
-+#if UINT_MAX >= SIZE_MAX
-+      if ((size_t)oldE->nDefaultAtts
-+          > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
-+        return 0;
-+      }
-+#endif
-       newE->defaultAtts
-           = ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
-       if (! newE->defaultAtts) {

SOURCES/expat-2.5.0-CVE-2024-45492.patch

@@ -1,30 +0,0 @@
-From 9bf0f2c16ee86f644dd1432507edff94c08dc232 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Mon, 19 Aug 2024 22:37:16 +0200
-Subject: [PATCH] lib: Detect integer overflow in function nextScaffoldPart
-
-Reported by TaiYou
----
- expat/lib/xmlparse.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
-index 91682c188..f737575ea 100644
---- a/expat/lib/xmlparse.c
-+++ b/expat/lib/xmlparse.c
-@@ -7558,6 +7558,15 @@ nextScaffoldPart(XML_Parser parser) {
-   int next;
- 
-   if (! dtd->scaffIndex) {
-+    /* Detect and prevent integer overflow.
-+     * The preprocessor guard addresses the "always false" warning
-+     * from -Wtype-limits on platforms where
-+     * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
-+#if UINT_MAX >= SIZE_MAX
-+    if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) {
-+      return -1;
-+    }
-+#endif
-     dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int));
-     if (! dtd->scaffIndex)
-       return -1;

SOURCES/expat-2.5.0-CVE-2024-50602.patch

@@ -1,108 +0,0 @@
-commit 38905b99bb78a6a691ed8358f30030116783656c
-Author: Tomas Korbar <tkorbar@redhat.com>
-Date:   Thu Nov 7 15:00:46 2024 +0100
-
-    Fix CVE-2024-50602
-    
-    See https://github.com/libexpat/libexpat/pull/915
-
-diff --git a/expat/lib/expat.h b/expat/lib/expat.h
-index 842dd70..69b0ba1 100644
---- a/expat/lib/expat.h
-+++ b/expat/lib/expat.h
-@@ -128,7 +128,9 @@ enum XML_Error {
-   /* Added in 2.3.0. */
-   XML_ERROR_NO_BUFFER,
-   /* Added in 2.4.0. */
--  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
-+  XML_ERROR_AMPLIFICATION_LIMIT_BREACH,
-+  /* Added in 2.6.4. */
-+  XML_ERROR_NOT_STARTED,
- };
- 
- enum XML_Content_Type {
-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
-index e0c2873..8b2af91 100644
---- a/expat/lib/xmlparse.c
-+++ b/expat/lib/xmlparse.c
-@@ -2193,6 +2193,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
-   if (parser == NULL)
-     return XML_STATUS_ERROR;
-   switch (parser->m_parsingStatus.parsing) {
-+  case XML_INITIALIZED:
-+    parser->m_errorCode = XML_ERROR_NOT_STARTED;
-+    return XML_STATUS_ERROR;
-   case XML_SUSPENDED:
-     if (resumable) {
-       parser->m_errorCode = XML_ERROR_SUSPENDED;
-@@ -2203,7 +2206,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
-   case XML_FINISHED:
-     parser->m_errorCode = XML_ERROR_FINISHED;
-     return XML_STATUS_ERROR;
--  default:
-+  case XML_PARSING:
-     if (resumable) {
- #ifdef XML_DTD
-       if (parser->m_isParamEntity) {
-@@ -2214,6 +2217,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
-       parser->m_parsingStatus.parsing = XML_SUSPENDED;
-     } else
-       parser->m_parsingStatus.parsing = XML_FINISHED;
-+    break;
-+  default:
-+    assert(0);
-   }
-   return XML_STATUS_OK;
- }
-@@ -2478,6 +2484,9 @@ XML_ErrorString(enum XML_Error code) {
-   case XML_ERROR_AMPLIFICATION_LIMIT_BREACH:
-     return XML_L(
-         "limit on input amplification factor (from DTD and entities) breached");
-+  /* Added in 2.6.4. */
-+  case XML_ERROR_NOT_STARTED:
-+    return XML_L("parser not started");
-   }
-   return NULL;
- }
-diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
-index ed88f9f..5769aa0 100644
---- a/expat/tests/runtests.c
-+++ b/expat/tests/runtests.c
-@@ -8711,6 +8711,28 @@ START_TEST(test_misc_tag_mismatch_reset_leak) {
- }
- END_TEST
- 
-+START_TEST(test_misc_resumeparser_not_crashing) {
-+  XML_Parser parser = XML_ParserCreate(NULL);
-+  XML_GetBuffer(parser, 1);
-+  XML_StopParser(parser, /*resumable=*/XML_TRUE);
-+  XML_ResumeParser(parser); // could crash here, previously
-+  XML_ParserFree(parser);
-+}
-+END_TEST
-+
-+START_TEST(test_misc_stopparser_rejects_unstarted_parser) {
-+  const XML_Bool cases[] = {XML_TRUE, XML_FALSE};
-+  for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
-+    const XML_Bool resumable = cases[i];
-+    XML_Parser parser = XML_ParserCreate(NULL);
-+    assert_true(XML_GetErrorCode(parser) == XML_ERROR_NONE);
-+    assert_true(XML_StopParser(parser, resumable) == XML_STATUS_ERROR);
-+    assert_true(XML_GetErrorCode(parser) == XML_ERROR_NOT_STARTED);
-+    XML_ParserFree(parser);
-+  }
-+}
-+END_TEST
-+
- static void
- alloc_setup(void) {
-   XML_Memory_Handling_Suite memsuite = {duff_allocator, duff_reallocator, free};
-@@ -13176,6 +13198,8 @@ make_suite(void) {
-   tcase_add_test__ifdef_xml_dtd(
-       tc_misc, test_misc_deny_internal_entity_closing_doctype_issue_317);
-   tcase_add_test(tc_misc, test_misc_tag_mismatch_reset_leak);
-+  tcase_add_test(tc_misc, test_misc_resumeparser_not_crashing);
-+  tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
- 
-   suite_add_tcase(s, tc_alloc);
-   tcase_add_checked_fixture(tc_alloc, alloc_setup, alloc_teardown);

SPECS/expat.spec

@@ -1,421 +0,0 @@
-%global unversion 2_5_0
-
-Summary: An XML parser library
-Name: expat
-Version: %(echo %{unversion} | sed 's/_/./g')
-Release: 1%{?dist}
-Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
-URL: https://libexpat.github.io/
-License: MIT
-BuildRequires: autoconf, libtool, xmlto, gcc-c++
-BuildRequires: make
-# https://issues.redhat.com/browse/RHEL-24227
-Patch0: expat-2.5.0-CVE-2023-52425.patch
-# https://issues.redhat.com/browse/RHEL-28700
-Patch1: expat-2.5.0-CVE-2024-28757.patch
-# https://issues.redhat.com/browse/RHEL-56761
-Patch2: expat-2.5.0-CVE-2024-45490.patch
-# https://issues.redhat.com/browse/RHEL-57520
-Patch3: expat-2.5.0-CVE-2024-45491.patch
-# https://issues.redhat.com/browse/RHEL-57511
-Patch4: expat-2.5.0-CVE-2024-45492.patch
-# https://issues.redhat.com/browse/RHEL-65066
-Patch5: expat-2.5.0-CVE-2024-50602.patch
-# https://issues.redhat.com/browse/RHEL-57489
-Patch6: expat-2.5.0-CVE-2024-8176.patch
-# https://issues.redhat.com/browse/RHEL-114618
-Patch7: expat-2.5.0-CVE-2025-59375.patch
-
-%description
-This is expat, the C library for parsing XML, written by James Clark. Expat
-is a stream oriented XML parser. This means that you register handlers with
-the parser prior to starting the parse. These handlers are called when the
-parser discovers the associated structures in the document being parsed. A
-start tag is an example of the kind of structures for which you may
-register handlers.
-
-%package devel
-Summary: Libraries and header files to develop applications using expat
-Requires: expat%{?_isa} = %{version}-%{release}
-
-%description devel
-The expat-devel package contains the libraries, include files and documentation
-to develop XML applications with expat.
-
-%package static
-Summary: expat XML parser static library
-Requires: expat-devel%{?_isa} = %{version}-%{release}
-
-%description static
-The expat-static package contains the static version of the expat library.
-Install it if you need to link statically with expat.
-
-%prep
-%setup -q -n libexpat-R_%{unversion}/expat
-pushd ..
-%patch0 -p1 -b .CVE-2023-52425
-%patch1 -p1 -b .CVE-2024-28757
-%patch2 -p1 -b .CVE-2024-45490
-%patch3 -p1 -b .CVE-2024-45491
-%patch4 -p1 -b .CVE-2024-45492
-%patch5 -p1 -b .CVE-2024-50602
-%patch6 -p1 -b .CVE-2024-8176
-%patch7 -p1 -b .CVE-2025-59375
-popd
-
-sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
-./buildconf.sh
-
-%build
-export CFLAGS="$RPM_OPT_FLAGS -fPIC"
-export DOCBOOK_TO_MAN="xmlto man --skip-validation"
-%configure
-make %{?_smp_mflags}
-
-%install
-make install DESTDIR=$RPM_BUILD_ROOT
-
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
-
-%check
-bash -c "for i in {1..500000}; do printf AAAAAAAAAAAAAAAAAAAA >> achars.txt; done"
-for testfile in ../testdata/largefiles/aaaaaa_*; do
-        first_part="$(sed 's/\(.*\)ACHARS.*/\1/g' $testfile)"
-        second_part="$(sed 's/.*ACHARS\(.*\)/\1/g' $testfile)"
-        printf "$first_part" > "$testfile"
-        cat achars.txt >> "$testfile"
-        printf "$second_part" >> "$testfile"
-done
-
-make check
-
-%ldconfig_scriptlets
-
-%files
-%{!?_licensedir:%global license %%doc}
-%doc AUTHORS Changes
-%license COPYING
-%{_bindir}/*
-%{_libdir}/lib*.so.*
-%{_mandir}/*/*
-
-%files devel
-%doc doc/reference.html doc/*.css examples/*.c
-%{_libdir}/lib*.so
-%{_libdir}/pkgconfig/*.pc
-%{_includedir}/*.h
-%{_libdir}/cmake/expat-%{version}
-
-%files static
-%{_libdir}/lib*.a
-
-%changelog
-* Wed Nov 19 2025 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-1
-- Rebase to version 2.5.0
-- Fix CVE-2025-59375
-- Resolves: RHEL-114618
-
-* Mon Apr 07 2025 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-17
-- Fix CVE-2024-8176
-- Resolves: RHEL-57477
-
-* Fri Nov 08 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-16
-- Fix CVE-2024-50602
-- Resolves: RHEL-65062
-
-* Wed Sep 11 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-15
-- Rebuild for test reconfiguration
-
-* Wed Sep 11 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-14
-- Fix multiple CVEs
-- Fix CVE-2024-45492 integer overflow
-- Fix CVE-2024-45491 Integer Overflow or Wraparound
-- Fix CVE-2024-45490 Negative Length Parsing Vulnerability
-- Resolves: RHEL-57505
-- Resolves: RHEL-57493
-- Resolves: RHEL-56751
-
-* Tue Mar 26 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-13
-- Fix wrongly exposed variables
-- Resolves: RHEL-29321
-
-* Thu Mar 21 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-12
-- CVE-2023-52425 expat: parsing large tokens can trigger a denial of service
-- Resolves: RHEL-29321
-
-* Mon Nov 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-11
-- CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
-- Resolves: CVE-2022-43680
-
-* Fri Sep 30 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-10
-- Ensure raw tagnames are safe exiting internalEntityParser
-- Resolves: CVE-2022-40674
-
-* Fri May 06 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-9
-- Fix multiple CVEs
-- Resolves: CVE-2022-25314
-- Resolves: CVE-2022-25313
-
-* Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-8
-- Improve patch for CVE-2022-25236
-- Related: CVE-2022-25236
-
-* Fri Mar 04 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-7
-- Fix patch for CVE-2022-25235
-- Resolves: CVE-2022-25235
-
-* Thu Mar 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-6
-- Fix multiple CVEs
-- CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
-- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
-- CVE-2022-25315 expat: integer overflow in storeRawNames()
-- Resolves: CVE-2022-25236
-- Resolves: CVE-2022-25235
-- Resolves: CVE-2022-25315
-
-* Fri Feb 14 2022 Tomas Korbar <tkorbar@redhat.com> -  2.2.5-5
-- Fix multiple CVEs
-- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
-- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
-- CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
-- CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c
-- CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c
-- CVE-2022-22825 Integer overflow in lookup in xmlparse.c
-- CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c
-- CVE-2022-22823 Integer overflow in build_model in xmlparse.c
-- CVE-2022-22822 Integer overflow in addBinding in xmlparse.c
-- Resolves: CVE-2022-23852
-- Resolves: CVE-2021-45960
-- Resolves: CVE-2021-46143
-- Resolves: CVE-2022-22827
-- Resolves: CVE-2022-22826
-- Resolves: CVE-2022-22825
-- Resolves: CVE-2022-22824
-- Resolves: CVE-2022-22823
-- Resolves: CVE-2022-22822
-
-* Fri Apr 24 2020 Joe Orton <jorton@redhat.com> - 2.2.5-4
-- add security fixes for CVE-2018-20843, CVE-2019-15903
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.5-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.2.5-2
-- Switch to %%ldconfig_scriptlets
-
-* Thu Nov  2 2017 Joe Orton <jorton@redhat.com> - 2.2.5-1
-- update to 2.2.5 (#1508667)
-
-* Mon Aug 21 2017 Joe Orton <jorton@redhat.com> - 2.2.4-1
-- update to 2.2.4 (#1483359)
-
-* Fri Aug  4 2017 Joe Orton <jorton@redhat.com> - 2.2.3-1
-- fix tests with unsigned char (upstream PR 109)
-- update to 2.2.3 (#1473266)
-
-* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Fri Jul 14 2017 Joe Orton <jorton@redhat.com> - 2.2.2-2
-- update to 2.2.2 (#1470891)
-
-* Fri Jul  7 2017 Joe Orton <jorton@redhat.com> - 2.2.1-2
-- trim unnecessary doc, examples content
-
-* Mon Jun 19 2017 Joe Orton <jorton@redhat.com> - 2.2.1-1
-- update to 2.2.1 (#1462474)
-
-* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Tue Jun 21 2016 Joe Orton <jorton@redhat.com> - 2.2.0-1
-- update to 2.2.0 (#1247348)
-
-* Thu Jun 16 2016 Joe Orton <jorton@redhat.com> - 2.1.1-2
-- add security fixes for CVE-2016-0718, CVE-2012-6702, CVE-2016-5300,
-  CVE-2016-4472
-
-* Mon Apr 18 2016 David Tardon <dtardon@redhat.com> - 2.1.1-1
-- new upstream release
-
-* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-12
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.1.0-11
-- Rebuilt for Fedora 23 Change
-  https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
-
-* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
-
-* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 2.1.0-9
-- fix license handling
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Mon Jun 17 2013 Joe Orton <jorton@redhat.com> - 2.1.0-6
-- fix "xmlwf -h" output (#948534)
-
-* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Fri Apr 13 2012 Joe Orton <jorton@redhat.com> - 2.1.0-3
-- add -static subpackage (#722647)
-
-* Fri Mar 30 2012 Joe Orton <jorton@redhat.com> - 2.1.0-1
-- ship .pc file, move library back to libdir (#808399)
-
-* Mon Mar 26 2012 Joe Orton <jorton@redhat.com> - 2.1.0-1
-- update to 2.1.0 (#806602)
-
-* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.1-12
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-
-* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.1-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
-
-* Mon Feb  8 2010 Joe Orton <jorton@redhat.com> - 2.0.1-10
-- revised fix for CVE-2009-3560 regression (#544996)
-
-* Sun Jan 31 2010 Joe Orton <jorton@redhat.com> - 2.0.1-9
-- drop static libraries (#556046)
-- add fix for regression in CVE-2009-3560 patch (#544996)
-
-* Tue Dec  1 2009 Joe Orton <jorton@redhat.com> - 2.0.1-8
-- add security fix for CVE-2009-3560 (#533174)
-- add security fix for CVE-2009-3720 (#531697)
-- run the test suite
-
-* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.1-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
-
-* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.1-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
-
-* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 2.0.1-5
-- Autorebuild for GCC 4.3
-
-* Wed Jan 23 2008 Joe Orton <jorton@redhat.com> 2.0.1-4
-- chmod 644 even more documentation (#429806)
-
-* Tue Jan  8 2008 Joe Orton <jorton@redhat.com> 2.0.1-3
-- chmod 644 the documentation (#427950)
-
-* Wed Aug 22 2007 Joe Orton <jorton@redhat.com> 2.0.1-2
-- rebuild
-
-* Wed Aug  8 2007 Joe Orton <jorton@redhat.com> 2.0.1-1
-- update to 2.0.1
-- fix the License tag
-- drop the .la file
-
-* Sun Feb  4 2007 Joe Orton <jorton@redhat.com> 1.95.8-10
-- remove trailing dot in Summary (#225742)
-- use preferred BuildRoot per packaging guidelines (#225742)
-
-* Tue Jan 30 2007 Joe Orton <jorton@redhat.com> 1.95.8-9
-- regenerate configure/libtool correctly (#199361)
-- strip DSP files from examples (#186889)
-- fix expat.h compilation with g++ -pedantic (#190244)
-
-* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.95.8-8.2.1
-- rebuild
-
-* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.95.8-8.2
-- bump again for double-long bug on ppc(64)
-
-* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.95.8-8.1
-- rebuilt for new gcc4.1 snapshot and glibc changes
-
-* Tue Jan 31 2006 Joe Orton <jorton@redhat.com> 1.95.8-8
-- restore .la file for apr-util
-
-* Mon Jan 30 2006 Joe Orton <jorton@redhat.com> 1.95.8-7
-- move library to /lib (#178743)
-- omit .la file (#170031)
-
-* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
-- rebuilt
-
-* Tue Mar  8 2005 Joe Orton <jorton@redhat.com> 1.95.8-6
-- rebuild
-
-* Thu Nov 25 2004 Ivana Varekova <varekova@redhat.com> 1.95.8
-- update to 1.95.8
-
-* Wed Jun 16 2004 Jeff Johnson <jbj@jbj.org> 1.95.7-4
-- add -fPIC (#125586).
-
-* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
-- rebuilt
-
-* Fri Jun 11 2004 Jeff Johnson <jbj@jbj.org> 1.95.7-2
-- fix: malloc failure from dbus test suite (#124747).
-
-* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
-- rebuilt
-
-* Sun Feb 22 2004 Joe Orton <jorton@redhat.com> 1.95.7-1
-- update to 1.95.7, include COPYING file in main package
-
-* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
-- rebuilt
-
-* Wed Sep 17 2003 Matt Wilson <msw@redhat.com> 1.95.5-6
-- rebuild again for #91211
-
-* Tue Sep 16 2003 Matt Wilson <msw@redhat.com> 1.95.5-5
-- rebuild to fix gzip'ed file md5sums (#91211)
-
-* Tue Jun 17 2003 Jeff Johnson <jbj@redhat.com> 1.95.5-4
-- rebuilt because of crt breakage on ppc64.
-
-* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
-- rebuilt
-
-* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
-- rebuilt
-
-* Mon Nov 11 2002 Jeff Johnson <jbj@redhat.com> 1.95.5-1
-- update to 1.95.5.
-
-* Mon Aug 19 2002 Trond Eivind Glomsrød <teg@redhat.com> 1,95.4-1
-- 1.95.4. 1.95.3 was withdrawn by the expat developers.
-
-* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
-- automated rebuild
-
-* Thu Jun  6 2002 Trond Eivind Glomsrød <teg@redhat.com> 1,95.3-1
-- 1.95.3
-
-* Thu May 23 2002 Tim Powers <timp@redhat.com>
-- automated rebuild
-
-* Fri Mar 22 2002 Trond Eivind Glomsrød <teg@redhat.com>
-- Change a prereq in -devel on main package to a req
-- License from MIT/X11 to BSD
-
-* Mon Mar 11 2002 Trond Eivind Glomsrød <teg@redhat.com>
-- 1.95.2
-
-* Sun Jun 24 2001 Elliot Lee <sopwith@redhat.com>
-- Bump release + rebuild.
-
-* Tue Oct 24 2000 Jeff Johnson <jbj@redhat.com>
-- update to 1.95.1
-
-* Sun Oct  8 2000 Jeff Johnson <jbj@redhat.com>
-- Create.

expat-2.7.1.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmflq3oACgkQliYqz/vT
+rsY1phAAro7vFcwzx48OT6wNkxzlQ+58oyfP+TJw7CPO/72UVmyv6D1JYqxumwIh
+Djve0rWDdxTyGvkjmFfzLQgDVZmUopBqKdvSYtkNN5zZo3FwMAgoRU8ZQbZ2B7nM
+W6q4t983tKqveazoWV8iPOBDm/tBgOsrWyLYT1dhoQTVJoo+ymFVkEEA6TnhD+jd
+u/LgRd/lu0qYjI4dKkNjv4e88UzyaYid4hN1nUT1k9aASYtvZq8Ep3MMaONG4OGM
+a6TZl2whZXgiiTxDg5fJWBGfUYHGzW1N4SM0D2c4PWAeH8SAmx9CMitqjEobhdmz
+Qk/NSEdVzmhbqY1SodPf6eqVpviPd7dZhe6WfPwxrGXvc2Siz7/6SvY7OjcnKqem
+D0H0tZybsCs17LQKVfBmofh/PPcc6aXOtCS1feDBnbyACox/B2HhPrjGtt+CSW77
+PsmIPVhn5CTHIy7ZwzPOVNPl+j0DXUEWaOGH0Hffb6JSpBU/KbtS/dgHpveN54M+
+yfhN23f3+wTzIorfwibSkGlPbqIv5vj90KcUJKDK7iYMT+N6o10CCeDLcUZceEx9
+lQU4R0LTaewBtK/JVnouLWL0I1ByORka8PWIdV19ASuFaiO6s+mpS2wrN6Gidbok
+69XXPMbrezeBzsBSq9Ne1ZEmgrwpeK+KRKS0pWd/vqXQUvwvpsI=
+=uuCt
+-----END PGP SIGNATURE-----

expat.spec

@@ -0,0 +1,495 @@
+## START: Set by rpmautospec
+## (rpmautospec version 0.6.5)
+## RPMAUTOSPEC: autorelease, autochangelog
+%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
+    release_number = 3;
+    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
+    print(release_number + base_release_number - 1);
+}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
+## END: Set by rpmautospec
+
+%global unversion 2_7_1
+
+Summary: An XML parser library
+Name: expat
+Version: %(echo %{unversion} | sed 's/_/./g')
+Release: 1%{?dist}.%{autorelease -n}
+Source0: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.gz
+Source1: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.gz.asc
+# Sebastian Pipping's PGP public key
+Source2: https://keys.openpgp.org/vks/v1/by-fingerprint/3176EF7DB2367F1FCA4F306B1F9B0E909AF37285
+
+# CVE-2025-59375
+Patch0: RHEL-114606.patch
+
+URL: https://libexpat.github.io/
+License: MIT
+BuildRequires: autoconf, libtool, xmlto, gcc-c++
+BuildRequires: make
+BuildRequires: gnupg2
+BuildRequires: git
+
+%description
+This is expat, the C library for parsing XML, written by James Clark. Expat
+is a stream oriented XML parser. This means that you register handlers with
+the parser prior to starting the parse. These handlers are called when the
+parser discovers the associated structures in the document being parsed. A
+start tag is an example of the kind of structures for which you may
+register handlers.
+
+%package devel
+Summary: Libraries and header files to develop applications using expat
+Requires: expat%{?_isa} = %{version}-%{release}
+
+%description devel
+The expat-devel package contains the libraries, include files and documentation
+to develop XML applications with expat.
+
+%package static
+Summary: expat XML parser static library
+Requires: expat-devel%{?_isa} = %{version}-%{release}
+
+%description static
+The expat-static package contains the static version of the expat library.
+Install it if you need to link statically with expat.
+
+%prep
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
+%autosetup -S git
+sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
+./buildconf.sh
+
+%build
+export CFLAGS="$RPM_OPT_FLAGS -fPIC"
+export DOCBOOK_TO_MAN="xmlto man"
+%configure
+%make_build
+
+%install
+%make_install
+
+rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
+
+%check
+make check
+
+%ldconfig_scriptlets
+
+%files
+%doc AUTHORS Changes
+%license COPYING
+%{_bindir}/*
+%{_libdir}/libexpat.so.1
+%{_libdir}/libexpat.so.1.*
+%{_mandir}/*/*
+
+%files devel
+%doc doc/reference.html doc/*.css examples/*.c
+%{_libdir}/libexpat.so
+%{_libdir}/pkgconfig/*.pc
+%{_includedir}/*.h
+%{_libdir}/cmake/expat-%{version}
+
+%files static
+%{_libdir}/libexpat.a
+
+%changelog
+## START: Generated by rpmautospec
+* Fri Oct 10 2025 RHEL Packaging Agent <jotnar@redhat.com> - 2.7.1-3
+- Fix CVE-2025-59375 - backport allocation tracking improvements
+
+* Thu Jun 05 2025 psklenar@redhat.com <psklenar@redhat.com> - 2.7.1-2
+- https://issues.redhat.com/browse/RHELMISC-13073
+
+* Fri Mar 28 2025 Tomas Korbar <tkorbar@redhat.com> - 2.7.1-1
+- Fix behavior change caused by fix for CVE-2024-8176
+
+* Fri Mar 14 2025 Tomas Korbar <tkorbar@redhat.com> - 2.7.0-1
+- Fix CVE-2024-8176
+
+* Thu Nov 07 2024 Tomas Korbar <tkorbar@redhat.com> - 2.6.4-1
+- Rebase to 2.6.4
+
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.6.2-2
+- Bump release for October 2024 mass rebuild:
+
+* Wed Jul 03 2024 Tomas Korbar <tkorbar@redhat.com> - 2.6.2-1
+- Rebase to 2.6.2
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.5.0-7
+- Bump release for June 2024 mass rebuild
+
+* Fri Jun 21 2024 František Hrdina <fhrdina@redhat.com> - 2.5.0-6
+- Update of fmf plans and gating for c10s
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Mon Oct 31 2022 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-1
+- Rebase to 2.5.0
+
+* Thu Sep 29 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.9-1
+- Rebase to 2.4.9
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.8-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Apr 28 2022 Frantisek Hrdina <fhrdina@redhat.com> - 2.4.8-4
+- Removing tests since they are in tests repo
+
+* Thu Apr 28 2022 Frantisek Hrdina <fhrdina@redhat.com> - 2.4.8-3
+- Adding gating.yaml
+
+* Thu Apr 28 2022 Frantisek Hrdina <fhrdina@redhat.com> - 2.4.8-2
+- Adding fmf plan
+
+* Fri Apr 08 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.8-1
+- Rebase to version 2.4.8
+
+* Mon Mar 07 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.7-1
+- Rebase to version 2.4.7
+
+* Mon Feb 21 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.6-1
+- Rebase to version 2.4.6
+
+* Mon Jan 31 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.4-1
+- Rebase to version 2.4.4
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Jan 18 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.3-2
+- Change specfile according to Sebastian Pippings suggestions
+
+* Mon Jan 17 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.3-1
+- Rebase to version 2.4.3
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jun 01 2021 Tomas Korbar <tkorbar@redhat.com> - 2.4.1-1
+- Rebase to 2.4.1 Resolves: rhbz#1963400
+
+* Thu Apr 15 2021 Tomas Korbar <tkorbar@redhat.com> - 2.3.0-1
+- Rebase to 2.3.0 Resolves: rhbz#1942794
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.10-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Thu Dec 24 2020 Robert Scheck <robert@fedoraproject.org> - 2.2.10-3
+- Spec file cleanup
+
+* Fri Dec 18 2020 Tom Stellard <tstellar@redhat.com> - 2.2.10-2
+- Add BuildRequires: make
+
+* Fri Nov 13 2020 Joe Orton <jorton@redhat.com> - 2.2.10-1
+- update to 2.2.10 (#1884940)
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Sep 16 2019 Joe Orton <jorton@redhat.com> - 2.2.8-1
+- update to 2.2.8 (#1752167) Resolves: rhbz#1752167
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jun 27 2019 Joe Orton <jorton@redhat.com> - 2.2.7-1
+- update to 2.2.7 (#1723724, #1722224) Resolves: rhbz#1722224 Resolves:
+  rhbz#1723724
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Aug 15 2018 Joe Orton <jorton@redhat.com> - 2.2.6-1
+- update to 2.2.6
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.2.5-2
+- Switch to %%ldconfig_scriptlets
+
+* Thu Nov 02 2017 Joe Orton <jorton@redhat.com> - 2.2.5-1
+- update to 2.2.5 (#1508667) Resolves: rhbz#1508667
+
+* Fri Oct 13 2017 Bruno Goncalves <bgoncalv@redhat.com> - 2.2.4-2
+- Add CI tests using the standard test interface
+
+* Mon Aug 21 2017 Joe Orton <jorton@redhat.com> - 2.2.4-1
+- update to 2.2.4 (#1483359) Resolves: rhbz#1483359
+
+* Fri Aug 04 2017 Joe Orton <jorton@redhat.com> - 2.2.3-3
+- Collapse changelog
+
+* Fri Aug 04 2017 Joe Orton <jorton@redhat.com> - 2.2.3-2
+- fix tests with unsigned char (upstream PR 109) Resolves: rhbz#1473266
+
+* Thu Aug 03 2017 Joe Orton <jorton@redhat.com> - 2.2.3-1
+- update to 2.2.3 (#1473266) Resolves: rhbz#1473266
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-4
+- Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Jul 14 2017 Joe Orton <jorton@redhat.com> - 2.2.2-2
+- update to 2.2.2 (#1470891) Resolves: rhbz#1470891
+
+* Fri Jul 14 2017 Joe Orton <jorton@redhat.com> - 2.2.2-1
+- trim unnecessary doc, examples content (#1470891) Resolves: rhbz#1470891
+
+* Fri Jul 07 2017 Joe Orton <jorton@redhat.com> - 2.2.1-3
+- trim unnecessary doc, examples content
+
+* Mon Jun 19 2017 Joe Orton <jorton@redhat.com> - 2.2.1-2
+- update to 2.2.1
+
+* Mon Jun 19 2017 Joe Orton <jorton@redhat.com> - 2.2.1-1
+- update to 2.2.1 (#1462474) Resolves: rhbz#1462474
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Nov 24 2016 Joe Orton <jorton@redhat.com> - 2.2.0-2
+- Revise history to fix malformed date.
+
+* Tue Jun 21 2016 Joe Orton <jorton@redhat.com> - 2.2.0-1
+- update to 2.2.0 (#1247348)
+
+* Thu Jun 16 2016 Joe Orton <jorton@redhat.com> - 2.1.1-5
+- add security fixes for CVE-2016-0718, CVE-2012-6702, CVE-2016-5300,
+
+* Mon Apr 18 2016 David Tardon <dtardon@redhat.com> - 2.1.1-4
+- make dep on expat arch-specific
+
+* Mon Apr 18 2016 David Tardon <dtardon@redhat.com> - 2.1.1-3
+- modernize spec
+
+* Mon Apr 18 2016 David Tardon <dtardon@redhat.com> - 2.1.1-2
+- drop unneeded build deps
+
+* Mon Apr 18 2016 David Tardon <dtardon@redhat.com> - 2.1.1-1
+- new upstream release 2.1.1
+
+* Wed Feb 03 2016 Dennis Gilmore <dennis@ausil.us> - 2.1.0-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jun 17 2015 Dennis Gilmore <dennis@ausil.us> - 2.1.0-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.1.0-12
+- Rebuilt for Fedora 23 Change
+
+* Sat Aug 16 2014 Peter Robinson <pbrobinson@fedoraproject.org> - 2.1.0-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 2.1.0-10
+- fix license handling
+
+* Sat Jun 07 2014 Dennis Gilmore <dennis@ausil.us> - 2.1.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sat Aug 03 2013 Dennis Gilmore <dennis@ausil.us> - 2.1.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Mon Jun 17 2013 Joe Orton <jorton@redhat.com> - 2.1.0-7
+- fix "xmlwf -h" output (#948534)
+
+* Wed Feb 13 2013 Dennis Gilmore <dennis@ausil.us> - 2.1.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Jul 19 2012 Dennis Gilmore <dennis@ausil.us> - 2.1.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Apr 13 2012 Joe Orton <jorton@redhat.com> - 2.1.0-4
+- bump build
+
+* Fri Apr 13 2012 Joe Orton <jorton@redhat.com> - 2.1.0-3
+- add -static subpackage (#722647)
+
+* Fri Mar 30 2012 Joe Orton <jorton@redhat.com> - 2.1.0-2
+- ship .pc file, move library back to libdir (#808399)
+
+* Mon Mar 26 2012 Joe Orton <jorton@redhat.com> - 2.1.0-1
+- update to 2.1.0 (#806602)
+
+* Fri Jan 13 2012 Dennis Gilmore <dennis@ausil.us> - 2.0.1-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Feb 08 2011 Dennis Gilmore <dennis@ausil.us> - 2.0.1-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Jul 28 2010 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.1-16
+- dist-git conversion
+
+* Mon Feb 08 2010 jorton <jorton@fedoraproject.org> - 2.0.1-15
+- bump release
+
+* Mon Feb 08 2010 jorton <jorton@fedoraproject.org> - 2.0.1-14
+- revised fix for CVE-2009-3560 regression (#544996)
+
+* Sun Jan 31 2010 jorton <jorton@fedoraproject.org> - 2.0.1-13
+- add patch
+
+* Sun Jan 31 2010 jorton <jorton@fedoraproject.org> - 2.0.1-12
+- drop static libraries (#556046) - add fix for regression in CVE-2009-3560
+  patch (#544996)
+
+* Wed Jan 13 2010 Štěpán Kasal <kasal@fedoraproject.org> - 2.0.1-11
+- fix sf.net url
+
+* Thu Dec 03 2009 jorton <jorton@fedoraproject.org> - 2.0.1-10
+- add security fix for CVE-2009-3560 (#533174) - add security fix for
+  CVE-2009-3720 (#531697) - run the test suite
+
+* Wed Nov 25 2009 Bill Nottingham <notting@fedoraproject.org> - 2.0.1-9
+- Fix typo that causes a failure to update the common directory. (releng
+  #2781)
+
+* Fri Jul 24 2009 Jesse Keating <jkeating@fedoraproject.org> - 2.0.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Tue Feb 24 2009 Jesse Keating <jkeating@fedoraproject.org> - 2.0.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Feb 19 2008 Jesse Keating <jkeating@fedoraproject.org> - 2.0.1-6
+- Autorebuild for GCC 4.3
+
+* Wed Jan 23 2008 jorton <jorton@fedoraproject.org> - 2.0.1-5
+- chmod 644 even more documentation (#429806)
+
+* Tue Jan 08 2008 jorton <jorton@fedoraproject.org> - 2.0.1-4
+- chmod 644 the documentation (#427950)
+
+* Mon Oct 15 2007 Bill Nottingham <notting@fedoraproject.org> - 2.0.1-3
+- makefile update to properly grab makefile.common
+
+* Wed Aug 22 2007 jorton <jorton@fedoraproject.org> - 2.0.1-2
+- rebuild
+
+* Wed Aug 08 2007 jorton <jorton@fedoraproject.org> - 2.0.1-1
+- update to 2.0.1 - fix the License tag - drop the .la file
+
+* Sun Feb 04 2007 jorton <jorton@fedoraproject.org> - 1.95.8-15
+- remove trailing dot in Summary (#225742) - use preferred BuildRoot per
+  packaging guidelines (#225742)
+
+* Tue Jan 30 2007 jorton <jorton@fedoraproject.org> - 1.95.8-14
+- add missing BRs
+
+* Tue Jan 30 2007 jorton <jorton@fedoraproject.org> - 1.95.8-13
+- regenerate configure/libtool correctly (#199361) - strip DSP files from
+  examples (#186889) - fix expat.h compilation with g++ -pedantic (#190244)
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@fedoraproject.org> - 1.95.8-12
+- bumped for rebuild
+
+* Sat Feb 11 2006 Jesse Keating <jkeating@fedoraproject.org> - 1.95.8-11
+- bump for bug in double-long on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@fedoraproject.org> - 1.95.8-10
+- bump for new gcc/glibc
+
+* Tue Jan 31 2006 jorton <jorton@fedoraproject.org> - 1.95.8-9
+- restore .la file for apr-util
+
+* Mon Jan 30 2006 jorton <jorton@fedoraproject.org> - 1.95.8-8
+- move library to /lib (#178743) - omit .la file (#170031)
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@fedoraproject.org> - 1.95.8-7
+- gcc update bump
+
+* Tue Mar 08 2005 jorton <jorton@fedoraproject.org> - 1.95.8-6
+- rebuild
+
+* Wed Dec 01 2004 Ivana Varekova <varekova@fedoraproject.org> - 1.95.8-5
+- update to 1.95.8 build and small change in spec file
+
+* Thu Nov 25 2004 Ivana Varekova <varekova@fedoraproject.org> - 1.95.8-4
+- update to 1.95.8
+
+* Thu Nov 25 2004 Ivana Varekova <varekova@fedoraproject.org> - 1.95.8-3
+- update to 1.95.8
+
+* Thu Nov 25 2004 Ivana Varekova <varekova@fedoraproject.org> - 1.95.8-2
+- update to 1.95.8
+
+* Thu Nov 25 2004 Ivana Varekova <varekova@fedoraproject.org> - 1.95.8-1
+- update to 1.95.8
+
+* Thu Sep 09 2004 cvsdist <cvsdist@fedoraproject.org> - 1.95.7-4
+- auto-import changelog data from expat-1.95.7-4.src.rpm Wed Jun 16 2004
+  Jeff Johnson <jbj@jbj.org> 1.95.7-4 - add -fPIC (#125586).
+
+* Thu Sep 09 2004 cvsdist <cvsdist@fedoraproject.org> - 1.95.7-3
+- auto-import changelog data from expat-1.95.7-3.src.rpm Tue Jun 15 2004
+  Elliot Lee <sopwith@redhat.com> - rebuilt
+
+* Thu Sep 09 2004 cvsdist <cvsdist@fedoraproject.org> - 1.95.7-2
+- auto-import changelog data from expat-1.95.7-2.src.rpm Fri Jun 11 2004
+  Jeff Johnson <jbj@jbj.org> 1.95.7-2 - fix: malloc failure from dbus test
+  suite (#124747).
+
+* Thu Sep 09 2004 cvsdist <cvsdist@fedoraproject.org> - 1.95.7-1
+- auto-import changelog data from expat-1.95.7-1.1.src.rpm Tue Mar 02 2004
+  Elliot Lee <sopwith@redhat.com> - rebuilt Sun Feb 22 2004 Joe Orton
+  <jorton@redhat.com> 1.95.7-1 - update to 1.95.7, include COPYING file in
+  main package Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> - rebuilt
+  Wed Sep 17 2003 Matt Wilson <msw@redhat.com> 1.95.5-6 - rebuild again for
+  #91211 Tue Sep 16 2003 Matt Wilson <msw@redhat.com> 1.95.5-5 - rebuild to
+  fix gzip'ed file md5sums (#91211) Tue Jun 17 2003 Jeff Johnson
+  <jbj@redhat.com> 1.95.5-4 - rebuilt because of crt breakage on ppc64.
+
+* Thu Sep 09 2004 cvsdist <cvsdist@fedoraproject.org> - 1.95.5-2
+- auto-import changelog data from expat-1.95.5-3.src.rpm Wed Jun 04 2003
+  Elliot Lee <sopwith@redhat.com> - rebuilt
+
+* Thu Sep 09 2004 cvsdist <cvsdist@fedoraproject.org> - 1.95.5-1
+- auto-import changelog data from expat-1.95.5-2.src.rpm Wed Jan 22 2003
+  Tim Powers <timp@redhat.com> - rebuilt Mon Nov 11 2002 Jeff Johnson
+  <jbj@redhat.com> 1.95.5-1 - update to 1.95.5.
+
+* Thu Sep 09 2004 cvsdist <cvsdist@fedoraproject.org> - 1.95.4-1
+- auto-import changelog data from expat-1.95.4-1.src.rpm Mon Aug 19 2002
+  Trond Eivind Glomsrød <teg@redhat.com> 1,95.4-1 - 1.95.4. 1.95.3 was
+  withdrawn by the expat developers.
+
+* Thu Sep 09 2004 cvsdist <cvsdist@fedoraproject.org> - 1.95.3-1
+- auto-import changelog data from expat-1.95.3-2.src.rpm Fri Jun 21 2002
+  Tim Powers <timp@redhat.com> - automated rebuild Thu Jun 06 2002 Trond
+  Eivind Glomsr<EFBFBD>d <teg@redhat.com> 1,95.3-1 - 1.95.3 Thu May 23 2002 Tim
+  Powers <timp@redhat.com> - automated rebuild
+
+* Thu Sep 09 2004 cvsdist <cvsdist@fedoraproject.org> - 1.95.2-1
+- auto-import changelog data from expat-1.95.2-2.src.rpm Fri Mar 22 2002
+  Trond Eivind Glomsr<EFBFBD>d <teg@redhat.com> - Change a prereq in -devel on
+  main package to a req - License from MIT/X11 to BSD Wed Mar 13 2002 Trond
+  Eivind Glomsr<EFBFBD>d <teg@redhat.com> - 1.95.2
+
+* Thu Sep 09 2004 cvsdist <cvsdist@fedoraproject.org> - 1.95.1-2
+- auto-import changelog data from expat-1.95.1-7.src.rpm Sun Jun 24 2001
+  Elliot Lee <sopwith@redhat.com> - Bump release + rebuild.
+
+* Thu Sep 09 2004 cvsdist <cvsdist@fedoraproject.org> - 1.95.1-1
+- auto-import changelog data from expat-1.95.1-1.src.rpm Tue Oct 24 2000
+  Jeff Johnson <jbj@redhat.com> - update to 1.95.1 Sun Oct 08 2000 Jeff
+  Johnson <jbj@redhat.com> - Create.
+## END: Generated by rpmautospec

sources

@@ -0,0 +1 @@
+SHA512 (expat-2.7.1.tar.gz) = 1b6b94f3253ac3ab3f8c69d1c852db2334c99cb7990b9656f5f2458198d1eb854e79cce0e39151aef0d5e01a740fc965651c6a57fda585f9a24c543f2693f78c