From 580484ac539bfc630a81aaddfa95aa93e92646c8 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Mon, 17 Nov 2025 22:23:18 +0000
Subject: [PATCH] import UBI lasso-2.7.0-11.el9_7.3

---
 ..._attribute_value_inside_any_attribut.patch | 51 +++++++++++++++++++
 SPECS/lasso.spec                              | 21 ++++----
 2 files changed, 60 insertions(+), 12 deletions(-)
 create mode 100644 SOURCES/0010-prevent_assignment_of_attribute_value_inside_any_attribut.patch

diff --git a/SOURCES/0010-prevent_assignment_of_attribute_value_inside_any_attribut.patch b/SOURCES/0010-prevent_assignment_of_attribute_value_inside_any_attribut.patch
new file mode 100644
index 0000000..d179aa5
--- /dev/null
+++ b/SOURCES/0010-prevent_assignment_of_attribute_value_inside_any_attribut.patch
@@ -0,0 +1,51 @@
+based on commit 8d12e6263fd6add923469bd5704e05a1ccfa8c69
+Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
+Date:   Thu May 15 15:44:58 2025 +0200
+
+    xml: prevent assignment of attribute value inside any attribute
+
+diff -up lasso-2.7.0/lasso/xml/misc_text_node.c.orig lasso-2.7.0/lasso/xml/misc_text_node.c
+--- lasso-2.7.0/lasso/xml/misc_text_node.c.orig	2021-05-17 22:00:09.223308401 +0200
++++ lasso-2.7.0/lasso/xml/misc_text_node.c	2025-11-07 10:32:08.764208427 +0100
+@@ -41,7 +41,7 @@ typedef struct {
+ static struct XmlSnippet schema_snippets[] = {
+ 	{ "content", SNIPPET_TEXT_CHILD,
+ 		G_STRUCT_OFFSET(LassoMiscTextNode, content), NULL, NULL, NULL},
+-	{ "any_attributes", SNIPPET_ATTRIBUTE | SNIPPET_ANY | SNIPPET_PRIVATE,
++	{ "", SNIPPET_ATTRIBUTE | SNIPPET_ANY | SNIPPET_PRIVATE,
+ 		G_STRUCT_OFFSET(LassoMiscTextNodePrivate, any_attributes), NULL, NULL, NULL},
+ 	{NULL, 0, 0, NULL, NULL, NULL}
+ };
+diff -up lasso-2.7.0/lasso/xml/saml-2.0/saml2_attribute_value.c.orig lasso-2.7.0/lasso/xml/saml-2.0/saml2_attribute_value.c
+--- lasso-2.7.0/lasso/xml/saml-2.0/saml2_attribute_value.c.orig	2021-05-17 22:00:09.227308355 +0200
++++ lasso-2.7.0/lasso/xml/saml-2.0/saml2_attribute_value.c	2025-11-07 10:33:52.120133710 +0100
+@@ -53,7 +53,7 @@ struct _LassoSaml2AttributeValuePrivate
+ static struct XmlSnippet schema_snippets[] = {
+ 	{ "any", SNIPPET_LIST_NODES | SNIPPET_ANY | SNIPPET_ALLOW_TEXT,
+ 		G_STRUCT_OFFSET(LassoSaml2AttributeValue, any), NULL, NULL, NULL},
+-	{ "any_attributes", SNIPPET_ATTRIBUTE | SNIPPET_ANY | SNIPPET_PRIVATE,
++	{ "", SNIPPET_ATTRIBUTE | SNIPPET_ANY | SNIPPET_PRIVATE,
+ 		G_STRUCT_OFFSET(struct _LassoSaml2AttributeValuePrivate, any_attributes), NULL,
+ 		NULL, NULL },
+ 	{NULL, 0, 0, NULL, NULL, NULL}
+diff -up lasso-2.7.0/lasso/xml/xml.c.orig lasso-2.7.0/lasso/xml/xml.c
+--- lasso-2.7.0/lasso/xml/xml.c.orig	2025-11-07 09:47:52.161152310 +0100
++++ lasso-2.7.0/lasso/xml/xml.c	2025-11-07 10:32:08.765465069 +0100
+@@ -1610,6 +1610,7 @@ lasso_node_impl_init_from_xml(LassoNode
+ 				type = snippet->type & 0xff;
+ 				/* assign attribute content if attribute has the same name as the
+ 				 * snippet and:
++				 * - the snippet is not the any attribute snippet,
+ 				 * - the snippet and the attribute have no namespace
+ 				 * - the snippet has no namespace but the attribute has the same
+ 				 *   namespace as the node
+@@ -1617,6 +1618,8 @@ lasso_node_impl_init_from_xml(LassoNode
+ 				 */
+ 				if (type != SNIPPET_ATTRIBUTE)
+ 					continue;
++				if (snippet->type & SNIPPET_ANY)
++					continue;
+ 				if (! lasso_strisequal((char*)attr->name, (char*)snippet->name))
+ 					continue;
+ 				if (attr->ns) {
+
diff --git a/SPECS/lasso.spec b/SPECS/lasso.spec
index 47c6942..1e2429c 100644
--- a/SPECS/lasso.spec
+++ b/SPECS/lasso.spec
@@ -59,7 +59,7 @@
 Summary: Liberty Alliance Single Sign On
 Name: lasso
 Version: 2.7.0
-Release: 11%{?dist}
+Release: 11%{?dist}.3
 License: GPLv2+
 URL: http://lasso.entrouvert.org/
 Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
@@ -97,6 +97,7 @@ Patch0006: 0006-python-Skip-the-DSA-key-test-unless-SHA-1-is-configu.patch
 Patch0007: 0007-test13_test_lasso_server_load_metadata-Don-t-verify-.patch
 Patch0008: autogen.noconfig
 Patch0009: 0009-lasso_saml20_login_process_response_status_and_asser.patch
+Patch0010: 0010-prevent_assignment_of_attribute_value_inside_any_attribut.patch
 
 %description
 Lasso is a library that implements the Liberty Alliance Single Sign On
@@ -323,13 +324,9 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name}
 %endif
 
 %changelog
-* Wed Nov 9 2022 Tomas Halman <thalman@redhat.com> - 2.7.0-11
-- Fixing changelog chronological order
-- Related: rhbz#2117590 - release python3-lasso pkg
-
-* Wed Nov 9 2022 Tomas Halman <thalman@redhat.com> - 2.7.0-10
-- Publishing python binding package
-- Resolves: rhbz#2117590 - release python3-lasso pkg
+* Fri Nov 14 2025 Tomas Halman <thalman@redhat.com>  - 2.7.0-11.3
+- Fix CVE-2025-47151 lasso: Type confusion in Entr'ouvert Lasso
+  Resolves: RHEL-126684
 
 * Mon Aug 16 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.7.0-9
 - Bump the test timeout again
@@ -340,15 +337,15 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name}
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688
 
-* Thu Jul 29 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.7.0-6
-- Resolves: rhbz#1984822 - lasso: FTBFS in test suite due to short test
-                           timeout (potentially OpenSSL-related)
-
 * Mon Jun 28 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.7.0-7
 - Fix dead code issue
 - Resolves: rhbz#1966606: CVE-2021-28091 lasso: XML signature wrapping
                           vulnerability when parsing SAML responses
 
+* Thu Jul 29 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.7.0-6
+- Resolves: rhbz#1984822 - lasso: FTBFS in test suite due to short test
+                           timeout (potentially OpenSSL-related)
+
 * Mon Jun 28 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.7.0-5
 - Don't run configure twice
 - Resolves: rhbz#1935987 - lasso implements and/or uses the deprecated