Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
E
expat
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
staging
rpms
expat
Commits
b31d1d02
Commit
b31d1d02
authored
2 years ago
by
Rocky Automation
Browse files
Options
Downloads
Patches
Plain Diff
import expat-2.2.5-8.el8
parent
47c8f69b
Branches
r9
Tags
imports/r9/ocaml-4.11.1-5.el9.2
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
SPECS/expat.spec
+16
-9
16 additions, 9 deletions
SPECS/expat.spec
with
16 additions
and
9 deletions
SPECS/expat.spec
+
16
−
9
View file @
b31d1d02
...
...
@@ -3,7 +3,7 @@
Summary: An XML parser library
Name: expat
Version: %(echo %{unversion} | sed 's/_/./g')
Release:
4
%{?dist}
.3
Release:
8
%{?dist}
Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
URL: https://libexpat.github.io/
License: MIT
...
...
@@ -11,10 +11,10 @@ BuildRequires: autoconf, libtool, xmlto, gcc-c++
Patch0: expat-2.2.5-doc2man.patch
Patch1: expat-2.2.5-CVE-2018-20843.patch
Patch2: expat-2.2.5-CVE-2019-15903.patch
Patch3:
expat-2.2.5-Detect-and-prevent-integer-overflow-in-XML_GetBuffer.patch
Patch4:
expat-2.2.5-Detect-and-prevent-troublesome-left-shifts.patch
Patch5:
expat-2.2.5-Prevent-integer-overflow-on-m_groupSize-in-function.patch
Patch6:
expat-2.2.5-Prevent-more-integer-overflows.patch
Patch3:
expat-2.2.5-Detect-and-prevent-integer-overflow-in-XML_GetBuffer.patch
Patch4:
expat-2.2.5-Detect-and-prevent-troublesome-left-shifts.patch
Patch5:
expat-2.2.5-Prevent-integer-overflow-on-m_groupSize-in-function.patch
Patch6:
expat-2.2.5-Prevent-more-integer-overflows.patch
Patch7: expat-2.2.5-Protect-against-malicious-namespace-declarations.patch
Patch8: expat-2.2.5-Add-missing-validation-of-encoding.patch
Patch9: expat-2.2.5-Prevent-integer-overflow-in-storeRawNames.patch
...
...
@@ -93,17 +93,24 @@ make check
%{_libdir}/lib*.a
%changelog
*
Tue
Mar 1
5
2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-
4.3
- Improve
fix
for CVE-2022-25236
*
Mon
Mar 1
4
2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-
8
- Improve
patch
for CVE-2022-25236
- Related: CVE-2022-25236
* Mon Mar 07 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-4.2
* Fri Mar 04 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-7
- Fix patch for CVE-2022-25235
- Resolves: CVE-2022-25235
* Thu Mar 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-6
- Fix multiple CVEs
- CVE-2022-25236 expat: namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- CVE-2022-25315 expat: integer overflow in storeRawNames()
- Resolves: CVE-2022-25236
- Resolves: CVE-2022-25235
- Resolves: CVE-2022-25315
*
Wed
Feb 1
6
2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.5-
4.1
*
Fri
Feb 1
4
2022 Tomas Korbar <tkorbar@redhat.com> -
2.2.5-
5
- Fix multiple CVEs
- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
