From 34180476ecd5dfe2efd46ed60bad51d76ad765f8 Mon Sep 17 00:00:00 2001 From: Toshaan Bharvani Date: Mon, 28 Aug 2023 01:51:48 +0200 Subject: [PATCH] update to version 2.5.0 Signed-off-by: Toshaan Bharvani --- SPECS/expat.spec | 49 ++++++++++++++++-------------------------------- 1 file changed, 16 insertions(+), 33 deletions(-) diff --git a/SPECS/expat.spec b/SPECS/expat.spec index 8752e1e..db2a285 100644 --- a/SPECS/expat.spec +++ b/SPECS/expat.spec @@ -1,24 +1,14 @@ -%global unversion 2_2_10 +%global unversion 2_5_0 Summary: An XML parser library Name: expat Version: %(echo %{unversion} | sed 's/_/./g') -Release: 12%{?dist}.2 +Release: 1%{?dist} Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz URL: https://libexpat.github.io/ License: MIT BuildRequires: autoconf, libtool, xmlto, gcc-c++ BuildRequires: make -Patch0: expat-2.2.10-prevent-integer-overflow-in-doProlog.patch -Patch1: expat-2.2.10-Prevent-more-integer-overflows.patch -Patch2: expat-2.2.10-Prevent-integer-overflow-on-m_groupSize-in-function.patch -Patch3: expat-2.2.10-Detect-and-prevent-troublesome-left-shifts.patch -Patch4: expat-2.2.10-Detect-and-prevent-integer-overflow-in-XML_GetBuffer.patch -Patch5: expat-2.2.10-Protect-against-malicious-namespace-declarations.patch -Patch6: expat-2.2.10-Add-missing-validation-of-encoding.patch -Patch7: expat-2.2.10-Prevent-integer-overflow-in-storeRawNames.patch -Patch8: expat-2.2.10-Prevent-integer-overflow-in-copyString.patch -Patch9: expat-2.2.10-Prevent-stack-exhaustion-in-build_model.patch %description This is expat, the C library for parsing XML, written by James Clark. Expat @@ -46,16 +36,6 @@ Install it if you need to link statically with expat. %prep %setup -q -n libexpat-R_%{unversion}/expat -%patch0 -p1 -b .CVE-2022-23990 -%patch1 -p1 -b .CVE-2022-22822-CVE-2022-22827 -%patch2 -p1 -b .CVE-2021-46143 -%patch3 -p1 -b .CVE-2021-45960 -%patch4 -p1 -b .CVE-2022-23852 -%patch5 -p1 -b .CVE-2022-25236 -%patch6 -p1 -b .CVE-2022-25235 -%patch7 -p1 -b .CVE-2022-25315 -%patch8 -p1 -b .CVE-2022-25314 -%patch9 -p1 -b .CVE-2022-25313 sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am ./buildconf.sh @@ -84,27 +64,30 @@ make check %{_mandir}/*/* %files devel -%doc doc/reference.html doc/*.png doc/*.css examples/*.c +%doc doc/reference.html doc/*.css examples/*.c %{_libdir}/lib*.so %{_libdir}/pkgconfig/*.pc %{_includedir}/*.h +%{_libdir}/cmake/expat-%{version} %files static %{_libdir}/lib*.a %changelog -* Tue May 03 2022 Tomas Korbar - 2.2.10-12.2 -- Improve fix for CVE-2022-25313 -- Related: CVE-2022-25313 +* Thu Nov 10 2022 Tomas Korbar - 2.5.0-1 +- Rebase to version 2.5.0 +- Resolves: CVE-2022-43680 -* Tue Apr 26 2022 Tomas Korbar - 2.2.10-12.1 -- Fix multiple CVEs -- Resolves: CVE-2022-25314 -- Resolves: CVE-2022-25313 +* Thu Sep 29 2022 Tomas Korbar - 2.4.9-1 +- Rebase to version 2.4.9 +- Resolves: CVE-2022-40674 -* Wed Mar 16 2022 Tomas Korbar - 2.2.10-12 -- Build fix for CVE-2022-25236 in rhel-9.0.0 -- Related: CVE-2022-25236 +* Tue Apr 26 2022 Tomas Korbar - 2.4.7-1 +- Rebase to version 2.4.7 +- Resolves: rhbz#2067201 +- Resolves: CVE-2022-25313 +- Resolves: CVE-2022-25314 +- Resolves: CVE-2022-25236 * Mon Mar 14 2022 Tomas Korbar - 2.2.10-11 - Improve fix for CVE-2022-25236