import expat-2.2.5-13.el8

915f9b83 · Rocky Automation · 55b14040 · 915f9b83 · 915f9b83
Commit 915f9b83 authored 1 year ago by Rocky Automation
--- a/SOURCES/expat-2.2.5-CVE-2023-52425.patch
+++ b/SOURCES/expat-2.2.5-CVE-2023-52425.patch
-commit d9904191c90476ed039ce9d33aee9ef56c807f8e
+commit 5948204b65267ef0c16c2181e4bd92c0ef50075b
 Author: Tomas Korbar <tkorbar@redhat.com>
-Date:   Mon Mar 25 14:25:24 2024 +0100
+Date:   Tue Mar 26 10:34:14 2024 +0100

    Fix CVE-2023-52425
    
@@ -87,6 +87,38 @@ index 9c9cf88..cd5b24f 100644
 Debug
 Debug-w
 Release
+diff --git a/expat/lib/Makefile.am b/expat/lib/Makefile.am
+index 5f2b71e..cef6558 100644
+--- a/expat/lib/Makefile.am
+++ b/expat/lib/Makefile.am
+@@ -34,18 +34,25 @@ include_HEADERS = \
+     expat_external.h
+ 
+ lib_LTLIBRARIES = libexpat.la
+noinst_LTLIBRARIES = libexpatinternal.la
+ 
+ libexpat_la_LDFLAGS = \
+     -no-undefined \
+     -version-info @LIBCURRENT@:@LIBREVISION@:@LIBAGE@ \
+     -rpath $(libdir)
+ 
+-libexpat_la_SOURCES = \
+-    loadlibrary.c \
+libexpat_la_SOURCES =
+
+# This layer of indirection allows
+# the test suite to access internal symbols
+# despite compiling with -fvisibility=hidden
+libexpatinternal_la_SOURCES = \
+     xmlparse.c \
+     xmltok.c \
+     xmlrole.c
+ 
+libexpat_la_LIBADD = libexpatinternal.la
+
+ doc_DATA = \
+     ../AUTHORS \
+     ../Changes
 diff --git a/expat/lib/expat.h b/expat/lib/expat.h
 index 1f608c0..afe12c5 100644
 --- a/expat/lib/expat.h
@@ -103,7 +135,7 @@ index 1f608c0..afe12c5 100644
    See http://semver.org.
 */
 diff --git a/expat/lib/internal.h b/expat/lib/internal.h
-index e33fdcb..78b5bc1 100644
+index e33fdcb..8e3d566 100644
 --- a/expat/lib/internal.h
 +++ b/expat/lib/internal.h
 @@ -109,6 +109,7 @@
@@ -118,8 +150,8 @@ index e33fdcb..78b5bc1 100644
 _INTERNAL_trim_to_complete_utf8_characters(const char * from, const char ** fromLimRef);
 
 
-+extern XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c
-+extern unsigned int g_parseAttempts;             // used for testing only
+extern __attribute__ ((visibility ("hidden"))) XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c
+extern __attribute__ ((visibility ("hidden"))) unsigned int g_parseAttempts;             // used for testing only
 +
 #ifdef __cplusplus
 }
@@ -514,6 +546,21 @@ index 3f765f7..488f63f 100644
     }
     /* If we get this token, we have the start of what might be a
        normal tag, but not a declaration (i.e. it doesn't begin with
+diff --git a/expat/tests/Makefile.am b/expat/tests/Makefile.am
+index 742ed43..4fe0e23 100644
+--- a/expat/tests/Makefile.am
+++ b/expat/tests/Makefile.am
+@@ -52,8 +52,8 @@ runtests_SOURCES = \
+ runtestspp_SOURCES = \
+     runtestspp.cpp
+ 
+-runtests_LDADD = libruntests.a ../lib/libexpat.la
+-runtestspp_LDADD = libruntests.a ../lib/libexpat.la
+runtests_LDADD = libruntests.a ../lib/libexpatinternal.la
+runtestspp_LDADD = libruntests.a ../lib/libexpatinternal.la
+ 
+ EXTRA_DIST = \
+     chardata.h \
 diff --git a/expat/tests/minicheck.c b/expat/tests/minicheck.c
 index be1e37e..6c694a0 100644
 --- a/expat/tests/minicheck.c

--- a/SPECS/expat.spec
+++ b/SPECS/expat.spec
@@ -3,7 +3,7 @@
 Summary: An XML parser library
 Name: expat
 Version: %(echo %{unversion} | sed 's/_/./g')
-Release: 12%{?dist}
+Release: 13%{?dist}
 Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
 URL: https://libexpat.github.io/
 License: MIT
@@ -114,6 +114,10 @@ make check
 %{_libdir}/lib*.a

 %changelog
+* Tue Mar 26 2024 Tomas Korbar <tkorbar@redhat.com - 2.2.5-13
+- Fix wrongly exposed variables
+- Resolves: RHEL-29321
+
 * Thu Mar 21 2024 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-12
 - CVE-2023-52425 expat: parsing large tokens can trigger a denial of service
 - Resolves: RHEL-29321