From 2ee26a1fd5b7044e31a3d5a68c1e389f41c54c4b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2020 12:03:19 +0000 Subject: import mingw-expat-2.2.4-5.el8 --- diff --git a/SOURCES/expat-2.2.5-CVE-2018-20843.patch b/SOURCES/expat-2.2.5-CVE-2018-20843.patch new file mode 100644 index 0000000..8afbfd0 --- /dev/null +++ b/SOURCES/expat-2.2.5-CVE-2018-20843.patch @@ -0,0 +1,15 @@ + +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-20843 +https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 + +--- libexpat-R_2_2_5/expat/lib/xmlparse.c.cve20843 ++++ libexpat-R_2_2_5/expat/lib/xmlparse.c +@@ -6057,7 +6057,7 @@ setElementTypePrefix(XML_Parser parser, + else + poolDiscard(&dtd->pool); + elementType->prefix = prefix; +- ++ break; + } + } + return 1; diff --git a/SPECS/mingw-expat.spec b/SPECS/mingw-expat.spec index 094f1e2..ba9a4d6 100644 --- a/SPECS/mingw-expat.spec +++ b/SPECS/mingw-expat.spec @@ -2,15 +2,16 @@ Name: mingw-expat Version: 2.2.4 -Release: 3%{?dist} +Release: 5%{?dist} Summary: MinGW Windows port of expat XML parser library License: MIT URL: http://www.libexpat.org/ Source0: http://downloads.sourceforge.net/expat/expat-%{version}.tar.bz2 +Patch1: expat-2.2.5-CVE-2018-20843.patch BuildArch: noarch -ExclusiveArch: %{ix86} x86_64 %{arm} +ExclusiveArch: %{ix86} x86_64 BuildRequires: mingw32-filesystem >= 95 BuildRequires: mingw32-gcc @@ -73,7 +74,7 @@ Static version of the MinGW Windows expat XML parser library. %prep %setup -q -n expat-%{version} - +%patch1 -p2 -b .cve20843 %build %mingw_configure @@ -122,6 +123,14 @@ rm -r $RPM_BUILD_ROOT%{mingw64_mandir}/man1 %changelog +* Wed Jun 10 2020 Uri Lublin - 2.2.4-5 +- Rebuild +- Resolves: rhbz#1773899 + +* Wed May 06 2020 Uri Lublin - 2.2.4-4 +- Fix CVE-2018-20843 +- Resolves: rhbz#1773899 + * Tue Aug 14 2018 Victor Toso - 2.2.4-3 - ExclusiveArch: i686, x86_64 - Related: rhbz#1615874