rpms/xmlrpc-c
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c8s
rpms:c10s
rpms:c9s
rpms:c8-beta
rpms:c9
rpms:c9-beta
rpms:imports/c8/xmlrpc-c-1.51.0-9.el8_10
rpms:imports/c10s/xmlrpc-c-1.59.02-3.el10
rpms:imports/c8/xmlrpc-c-1.51.0-8.el8
rpms:imports/c8-beta/xmlrpc-c-1.51.0-8.el8
rpms:imports/c9/xmlrpc-c-1.51.0-16.el9_0
rpms:imports/c8/xmlrpc-c-1.51.0-6.el8
rpms:imports/c8/xmlrpc-c-1.51.0-5.el8_5.1
rpms:imports/c8s/xmlrpc-c-1.51.0-8.el8
rpms:imports/c9-beta/xmlrpc-c-1.51.0-16.el9
rpms:imports/c9-beta/xmlrpc-c-1.51.0-16.el9_0
rpms:imports/c9-beta/xmlrpc-c-1.51.0-15.el9
rpms:imports/c8-beta/xmlrpc-c-1.51.0-5.el8
rpms:imports/c8/xmlrpc-c-1.51.0-5.el8
...
pull from: rpms:c8s
Branches Tags
rpms:c8s
rpms:c10s
rpms:c8
rpms:c9s
rpms:c8-beta
rpms:c9
rpms:c9-beta
rpms:imports/c8/xmlrpc-c-1.51.0-9.el8_10
rpms:imports/c10s/xmlrpc-c-1.59.02-3.el10
rpms:imports/c8/xmlrpc-c-1.51.0-8.el8
rpms:imports/c8-beta/xmlrpc-c-1.51.0-8.el8
rpms:imports/c9/xmlrpc-c-1.51.0-16.el9_0
rpms:imports/c8/xmlrpc-c-1.51.0-6.el8
rpms:imports/c8/xmlrpc-c-1.51.0-5.el8_5.1
rpms:imports/c8s/xmlrpc-c-1.51.0-8.el8
rpms:imports/c9-beta/xmlrpc-c-1.51.0-16.el9
rpms:imports/c9-beta/xmlrpc-c-1.51.0-16.el9_0
rpms:imports/c9-beta/xmlrpc-c-1.51.0-15.el9
rpms:imports/c8-beta/xmlrpc-c-1.51.0-5.el8
rpms:imports/c8/xmlrpc-c-1.51.0-5.el8

No commits in common. "c8" and "c8s" have entirely different histories.
c8 ... c8s

15 changed files with 49 additions and 5 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/xmlrpc-c-1.51.0.tar.xz
SOURCES/benchmark-tests.tar.xz
/xmlrpc-c-1.51.0.tar.xz
/benchmark-tests.tar.xz

2
.xmlrpc-c.metadata
View File

@ -1,2 +0,0 @@
b4fb65d500c1af5fe83917ab2976a47ae6268fdd SOURCES/benchmark-tests.tar.xz
784a3e74971f3b7d992d768c732daa891ffd2412 SOURCES/xmlrpc-c-1.51.0.tar.xz

0
SOURCES/0001-Remove-trace-statements-accidentally-committed-with-.patch → 0001-Remove-trace-statements-accidentally-committed-with-.patch
View File

0
SOURCES/0001-add-meson-buildsystem-definitions.patch → 0001-add-meson-buildsystem-definitions.patch
View File

0
SOURCES/0001-xmlrpc_server_abyss-use-va_args-properly.patch → 0001-xmlrpc_server_abyss-use-va_args-properly.patch
View File

0
SOURCES/0002-Use-proper-datatypes-for-long-long.patch → 0002-Use-proper-datatypes-for-long-long.patch
View File

0
SOURCES/0002-chmod-x-xml-rpc-api2txt.patch → 0002-chmod-x-xml-rpc-api2txt.patch
View File

0
SOURCES/0003-allow-30x-redirections.patch → 0003-allow-30x-redirections.patch
View File

0
SOURCES/0004-Add-missing-validation-of-encoding-CVE-2022-25235.patch → 0004-Add-missing-validation-of-encoding-CVE-2022-25235.patch
View File

0
SOURCES/0005-lib-Prevent-more-integer-overflows-CVE-2022-22822-to.patch → 0005-lib-Prevent-more-integer-overflows-CVE-2022-22822-to.patch
View File

0
SOURCES/0006-Prevent-integer-overflow-on-m_groupSize-in-doProlog-.patch → 0006-Prevent-integer-overflow-on-m_groupSize-in-doProlog-.patch
View File

0
SOURCES/0007-Address-segfault-found-in-CVE-2023-52425.patch → 0007-Address-segfault-found-in-CVE-2023-52425.patch
View File

40
0008-Prevent-integer-overflow-or-wraparound-CVE-2024-4549.patch Normal file
View File

@ -0,0 +1,40 @@
From d15ba056c15db75c9153fda27a62b1a6cfb8196e Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 9 Sep 2024 14:35:28 -0400
Subject: [PATCH] Prevent integer overflow or wraparound CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in
xmlparse.c can have an integer overflow for nDefaultAtts on
32-bit platforms (where UINT_MAX equals SIZE_MAX).
Backported from upstream https://github.com/libexpat/libexpat/pull/891
Resolves: RHEL-57519
---
lib/expat/xmlparse/xmlparse.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c
index 359267a..40f753b 100644
--- a/lib/expat/xmlparse/xmlparse.c
+++ b/lib/expat/xmlparse/xmlparse.c
@@ -1020,6 +1020,16 @@ static int dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd)
if (!newE)
return 0;
if (oldE->nDefaultAtts) {
+ /* Detect and prevent integer overflow.
+ * The preprocessor guard addresses the "always false" warning
+ * from -Wtype-limits on platforms where
+ * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
+#if UINT_MAX >= SIZE_MAX
+ if ((size_t)oldE->nDefaultAtts
+ > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
+ return 0;
+ }
+#endif
newE->defaultAtts = (DEFAULT_ATTRIBUTE *)
malloc(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
if (!newE->defaultAtts)
--
2.45.0

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (benchmark-tests.tar.xz) = 1c15947e0b9ab8d8698ae1ca716b6a87506bf4ca468d863e50d0d96d8a4127055acf1ef6f64d9a91d037bd07640827bdab31c93e567d9e65fad526f5a56e8c15
SHA512 (xmlrpc-c-1.51.0.tar.xz) = 23b0a2fd15ee8ee48d19ed2e329d1a81d3f5ed9b9c0948da736202dddcada1c0fdd378013392ef8e1a2380a2e83ea779d4d3f4f925ca7aab82d335f5c74c211e

6
SPECS/xmlrpc-c.spec → xmlrpc-c.spec
View File

@ -6,7 +6,7 @@
Name: xmlrpc-c
Version: 1.51.0
Release: 9%{?dist}
Release: 10%{?dist}
Summary: Lightweight RPC library based on XML and HTTP
# See doc/COPYING for details.
# The Python 1.5.2 license used by a few files is just BSD.
@ -29,6 +29,7 @@ Patch104: 0004-Add-missing-validation-of-encoding-CVE-2022-25235.patch
Patch105: 0005-lib-Prevent-more-integer-overflows-CVE-2022-22822-to.patch
Patch106: 0006-Prevent-integer-overflow-on-m_groupSize-in-doProlog-.patch
Patch107: 0007-Address-segfault-found-in-CVE-2023-52425.patch
Patch108: 0008-Prevent-integer-overflow-or-wraparound-CVE-2024-4549.patch
# Backported patches
# https://sourceforge.net/p/xmlrpc-c/code/2981/
@ -197,6 +198,9 @@ tar xf %{SOURCE1}
%{_bindir}/xmlrpc_dumpserver
%changelog
* Thu Sep 19 2024 Rob Crittenden <rcritten@redhat.com> - 1.51.0-10
- Prevent integer overflow or wraparound, CVE-2024-4549 (RHEL-57519)
* Thu Apr 25 2024 Rob Crittenden <rcritten@redhat.com> - 1.51.0-9
- Address segfault found in CVE-2023-52425 (RHEL-24226)