diff --git a/SOURCES/CVE-2017-1000061.patch b/SOURCES/CVE-2017-1000061.patch
new file mode 100644
index 0000000..3d86f10
--- /dev/null
+++ b/SOURCES/CVE-2017-1000061.patch
@@ -0,0 +1,132 @@
+diff -uPr xmlsec1-1.2.20/apps/xmlsec.c xmlsec1-1.2.20-CVE-2017-1000061/apps/xmlsec.c
+--- xmlsec1-1.2.20/apps/xmlsec.c 2017-08-09 12:45:45.246669522 -0400
++++ xmlsec1-1.2.20-CVE-2017-1000061/apps/xmlsec.c 2017-07-18 12:21:59.554749331 -0400
+@@ -528,6 +528,19 @@
+ NULL
+ };
+
++static xmlSecAppCmdLineParam xxeParam = {
++ xmlSecAppCmdLineTopicAll,
++ "--xxe",
++ NULL,
++ "--xxe"
++ "\n\tenable External Entity resolution."
++ "\n\tWARNING: this may allow the reading of arbitrary files and URLs,"
++ "\n\tcontrolled by the input XML document. Use with caution!",
++ xmlSecAppCmdLineParamTypeFlag,
++ xmlSecAppCmdLineParamFlagNone,
++ NULL
++};
++
+
+ /****************************************************************
+ *
+@@ -904,6 +917,7 @@
+ &disableErrorMsgsParam,
+ &printCryptoErrorMsgsParam,
+ &helpParam,
++ &xxeParam,
+
+ /* MUST be the last one */
+ NULL
+@@ -1087,6 +1101,11 @@
+ goto fail;
+ }
+
++ /* enable XXE? */
++ if(xmlSecAppCmdLineParamIsSet(&xxeParam)) {
++ xmlSecSetExternalEntityLoader( NULL ); // reset to libxml2's default handler
++ }
++
+ /* get the "repeats" number */
+ if(xmlSecAppCmdLineParamIsSet(&repeatParam) &&
+ (xmlSecAppCmdLineParamGetInt(&repeatParam, 1) > 0)) {
+diff -uPr xmlsec1-1.2.20/include/xmlsec/xmlsec.h xmlsec1-1.2.20-CVE-2017-1000061/include/xmlsec/xmlsec.h
+--- xmlsec1-1.2.20/include/xmlsec/xmlsec.h 2014-05-27 14:29:01.000000000 -0400
++++ xmlsec1-1.2.20-CVE-2017-1000061/include/xmlsec/xmlsec.h 2017-07-18 12:21:59.555749324 -0400
+@@ -89,6 +89,7 @@
+
+ XMLSEC_EXPORT int xmlSecInit (void);
+ XMLSEC_EXPORT int xmlSecShutdown (void);
++XMLSEC_EXPORT void xmlSecSetExternalEntityLoader (xmlExternalEntityLoader);
+
+
+
+diff -uPr xmlsec1-1.2.20/src/xmlsec.c xmlsec1-1.2.20-CVE-2017-1000061/src/xmlsec.c
+--- xmlsec1-1.2.20/src/xmlsec.c 2014-05-27 14:29:01.000000000 -0400
++++ xmlsec1-1.2.20-CVE-2017-1000061/src/xmlsec.c 2017-08-09 12:44:03.386416274 -0400
+@@ -25,6 +25,56 @@
+ #include <xmlsec/errors.h>
+
+ /**
++ * Custom external entity handler, denies all files except the initial
++ * document we're parsing (input_id == 1)
++ */
++/* default external entity loader, pointer saved during xmlInit */
++static xmlExternalEntityLoader
++xmlSecDefaultExternalEntityLoader = NULL;
++
++/*
++ * xmlSecNoXxeExternalEntityLoader:
++ * @URL: the URL for the entity to load
++ * @ID: public ID for the entity to load
++ * @ctxt: XML parser context, or NULL
++ *
++ * See libxml2's xmlLoadExternalEntity and xmlNoNetExternalEntityLoader.
++ * This function prevents any external (file or network) entities from being loaded.
++ */
++static xmlParserInputPtr
++xmlSecNoXxeExternalEntityLoader(const char *URL, const char *ID,
++ xmlParserCtxtPtr ctxt) {
++ if (ctxt == NULL) {
++ return(NULL);
++ }
++ if (ctxt->input_id == 1) {
++ return xmlSecDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
++ }
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNoXxeExternalEntityLoader",
++ XMLSEC_ERRORS_R_XML_FAILED,
++ "illegal external entity='%s'", xmlSecErrorsSafeString(URL));
++ return(NULL);
++}
++
++/*
++ * xmlSecSetExternalEntityLoader:
++ * @entityLoader: the new entity resolver function, or NULL to restore
++ * libxml2's default handler
++ *
++ * Wrapper for xmlSetExternalEntityLoader.
++ */
++void
++xmlSecSetExternalEntityLoader(xmlExternalEntityLoader entityLoader) {
++ if (entityLoader == NULL) {
++ entityLoader = xmlSecDefaultExternalEntityLoader;
++ }
++ xmlSetExternalEntityLoader(entityLoader);
++}
++
++
++/**
+ * xmlSecInit:
+ *
+ * Initializes XML Security Library. The depended libraries
+@@ -85,6 +135,12 @@
+ }
+ #endif /* XMLSEC_NO_XKMS */
+
++ /* initialise safe external entity loader */
++ if (!xmlSecDefaultExternalEntityLoader) {
++ xmlSecDefaultExternalEntityLoader = xmlGetExternalEntityLoader();
++ }
++ xmlSetExternalEntityLoader(xmlSecNoXxeExternalEntityLoader);
++
+ /* we use rand() function to generate id attributes */
+ srand(time(NULL));
+ return(0);
+@@ -182,4 +238,3 @@
+ return(1);
+ }
+
+-
diff --git a/SPECS/xmlsec1.spec b/SPECS/xmlsec1.spec
index 1696256..6662cde 100644
--- a/SPECS/xmlsec1.spec
+++ b/SPECS/xmlsec1.spec
@@ -1,7 +1,7 @@
Summary: Library providing support for "XML Signature" and "XML Encryption" standards
Name: xmlsec1
Version: 1.2.20
-Release: 5%{?dist}%{?extra_release}
+Release: 7%{?dist}%{?extra_release}
License: MIT
Group: System Environment/Libraries
Source0: http://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
@@ -23,6 +23,7 @@ BuildRequires: gettext-devel
BuildRequires: libtool
Patch3: xmlsec1-1.2.20-covscan-fixes.patch
+Patch10: CVE-2017-1000061.patch
%description
XML Security Library is a C library based on LibXML2 and OpenSSL.
@@ -126,6 +127,7 @@ Libraries, includes, etc. for developing XML Security applications with NSS.
%prep
%setup -q
%patch3 -p1 -b .covscan
+%patch10 -p1 -b .CVE-2017-1000061
%build
autoreconf -if
@@ -219,6 +221,15 @@ rm -fr ${RPM_BUILD_ROOT}
%{_libdir}/pkgconfig/xmlsec1-nss.pc
%changelog
+* Wed Aug 9 2017 Simo Sorce <simo@redhat.com> - 1.2.20-7
+- CVE-2017-1000061
+- Related: #1472092
+- Fix mis-applied patch hunk
+
+* Tue Jul 18 2017 Simo Sorce <simo@redhat.com> - 1.2.20-6
+- CVE-2017-1000061
+- Resolves: #1472092
+
* Fri Sep 5 2014 Simo Sorce <simo@redhat.com> - 1.2.20-5
- Add package to RHEL7
- Resolves: #1118038