From 1b1a9c71778e78ef0f6d1285b1f013e1c5a42a9d Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 3 Nov 2020 07:03:19 -0500 Subject: [PATCH] import mingw-expat-2.2.4-5.el8 --- SOURCES/expat-2.2.5-CVE-2018-20843.patch | 15 +++++++++++++++ SPECS/mingw-expat.spec | 13 +++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 SOURCES/expat-2.2.5-CVE-2018-20843.patch diff --git a/SOURCES/expat-2.2.5-CVE-2018-20843.patch b/SOURCES/expat-2.2.5-CVE-2018-20843.patch new file mode 100644 index 0000000..8afbfd0 --- /dev/null +++ b/SOURCES/expat-2.2.5-CVE-2018-20843.patch @@ -0,0 +1,15 @@ + +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-20843 +https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 + +--- libexpat-R_2_2_5/expat/lib/xmlparse.c.cve20843 ++++ libexpat-R_2_2_5/expat/lib/xmlparse.c +@@ -6057,7 +6057,7 @@ setElementTypePrefix(XML_Parser parser, + else + poolDiscard(&dtd->pool); + elementType->prefix = prefix; +- ++ break; + } + } + return 1; diff --git a/SPECS/mingw-expat.spec b/SPECS/mingw-expat.spec index 961a5d8..ba9a4d6 100644 --- a/SPECS/mingw-expat.spec +++ b/SPECS/mingw-expat.spec @@ -2,12 +2,13 @@ Name: mingw-expat Version: 2.2.4 -Release: 3%{?dist} +Release: 5%{?dist} Summary: MinGW Windows port of expat XML parser library License: MIT URL: http://www.libexpat.org/ Source0: http://downloads.sourceforge.net/expat/expat-%{version}.tar.bz2 +Patch1: expat-2.2.5-CVE-2018-20843.patch BuildArch: noarch ExclusiveArch: %{ix86} x86_64 @@ -73,7 +74,7 @@ Static version of the MinGW Windows expat XML parser library. %prep %setup -q -n expat-%{version} - +%patch1 -p2 -b .cve20843 %build %mingw_configure @@ -122,6 +123,14 @@ rm -r $RPM_BUILD_ROOT%{mingw64_mandir}/man1 %changelog +* Wed Jun 10 2020 Uri Lublin - 2.2.4-5 +- Rebuild +- Resolves: rhbz#1773899 + +* Wed May 06 2020 Uri Lublin - 2.2.4-4 +- Fix CVE-2018-20843 +- Resolves: rhbz#1773899 + * Tue Aug 14 2018 Victor Toso - 2.2.4-3 - ExclusiveArch: i686, x86_64 - Related: rhbz#1615874