diff --git a/backport-0008-CVE-2025-59375-lib-Implement-tracking-of-dynamic-memory-allocations.patch b/backport-0008-CVE-2025-59375-lib-Implement-tracking-of-dynamic-memory-allocations.patch index 806f133a2ce464066b6d29f34cc43f9b0450c2ae..d034f73c5bdb8e55c9c33a6e2f0d33bcafd97a94 100644 --- a/backport-0008-CVE-2025-59375-lib-Implement-tracking-of-dynamic-memory-allocations.patch +++ b/backport-0008-CVE-2025-59375-lib-Implement-tracking-of-dynamic-memory-allocations.patch @@ -109,7 +109,7 @@ index 9f0a8b3e..fcf1cfdd 100644 @@ -769,14 +778,220 @@ struct XML_ParserStruct { unsigned long m_hash_secret_salt; - #if XML_GE == 1 + #if defined(XML_DTD) || XML_GE == 1 ACCOUNTING m_accounting; + MALLOC_TRACKER m_alloc_tracker; ENTITY_STATS m_entity_stats; @@ -120,7 +120,7 @@ index 9f0a8b3e..fcf1cfdd 100644 -#define MALLOC(parser, s) (parser->m_mem.malloc_fcn((s))) -#define REALLOC(parser, p, s) (parser->m_mem.realloc_fcn((p), (s))) -#define FREE(parser, p) (parser->m_mem.free_fcn((p))) -+#if XML_GE == 1 ++#if defined(XML_DTD) || XML_GE == 1 +# define MALLOC(parser, s) (expat_malloc((parser), (s), __LINE__)) +# define REALLOC(parser, p, s) (expat_realloc((parser), (p), (s), __LINE__)) +# define FREE(parser, p) (expat_free((parser), (p), __LINE__)) @@ -130,7 +130,7 @@ index 9f0a8b3e..fcf1cfdd 100644 +# define FREE(parser, p) (parser->m_mem.free_fcn((p))) +#endif + -+#if XML_GE == 1 ++#if defined(XML_DTD) || XML_GE == 1 +static void +expat_heap_stat(XML_Parser rootParser, char operator, XmlBigCount absDiff, + XmlBigCount newTotal, XmlBigCount peakTotal, int sourceLine) { @@ -327,7 +327,7 @@ index 9f0a8b3e..fcf1cfdd 100644 + + return (char *)mallocedPtr + sizeof(size_t); +} -+#endif // XML_GE == 1 ++#endif // defined(XML_DTD) || XML_GE == 1 XML_Parser XMLCALL XML_ParserCreate(const XML_Char *encodingName) { @@ -347,7 +347,7 @@ index 9f0a8b3e..fcf1cfdd 100644 + DTD *dtd, XML_Parser parentParser) { + XML_Parser parser = NULL; + -+#if XML_GE == 1 ++#if defined(XML_DTD) || XML_GE == 1 + const size_t increase = sizeof(size_t) + sizeof(struct XML_ParserStruct); + + if (parentParser != NULL) { @@ -362,7 +362,7 @@ index 9f0a8b3e..fcf1cfdd 100644 if (memsuite) { XML_Memory_Handling_Suite *mtemp; -+#if XML_GE == 1 ++#if defined(XML_DTD) || XML_GE == 1 + void *const sizeAndParser = memsuite->malloc_fcn( + sizeof(size_t) + sizeof(struct XML_ParserStruct)); + if (sizeAndParser != NULL) { @@ -379,7 +379,7 @@ index 9f0a8b3e..fcf1cfdd 100644 } } else { XML_Memory_Handling_Suite *mtemp; -+#if XML_GE == 1 ++#if defined(XML_DTD) || XML_GE == 1 + void *const sizeAndParser + = (XML_Parser)malloc(sizeof(size_t) + sizeof(struct XML_ParserStruct)); + if (sizeAndParser != NULL) { @@ -400,7 +400,7 @@ index 9f0a8b3e..fcf1cfdd 100644 if (! parser) return parser; -+#if XML_GE == 1 ++#if defined(XML_DTD) || XML_GE == 1 + // Initialize .m_alloc_tracker + memset(&parser->m_alloc_tracker, 0, sizeof(MALLOC_TRACKER)); + if (parentParser == NULL) { @@ -439,7 +439,7 @@ index 9f0a8b3e..fcf1cfdd 100644 + } +#else + parser->m_parentParser = NULL; -+#endif // XML_GE == 1 ++#endif // defined(XML_DTD) || XML_GE == 1 + parser->m_buffer = NULL; parser->m_bufferLim = NULL; @@ -506,7 +506,7 @@ index 9f0a8b3e..fcf1cfdd 100644 + parser->m_alloc_tracker.activationThresholdBytes = activationThresholdBytes; + return XML_TRUE; +} - #endif /* XML_GE == 1 */ + #endif /* defined(XML_DTD) || XML_GE == 1 */ XML_Bool XMLCALL diff --git a/tests/runtests.c b/tests/runtests.c @@ -559,7 +559,7 @@ index 3683394..6e3fa18 100644 nsalloc_teardown(); nsalloc_setup(); } -+#if XML_GE == 1 ++#if defined(XML_DTD) || XML_GE == 1 + assert_true( + i == 0); // because expat_realloc relies on expat_malloc to some extent +#else diff --git a/backport-0013-CVE-2025-59375-xmlwf-Wire-allocation-tracker-config-to-existing-arg.patch b/backport-0013-CVE-2025-59375-xmlwf-Wire-allocation-tracker-config-to-existing-arg.patch index f1176942be2c8ef18e0612e54d3beeea102c8b86..d1a407b60be9ff64f8537a9e98edcaca9e06b1bb 100644 --- a/backport-0013-CVE-2025-59375-xmlwf-Wire-allocation-tracker-config-to-existing-arg.patch +++ b/backport-0013-CVE-2025-59375-xmlwf-Wire-allocation-tracker-config-to-existing-arg.patch @@ -28,7 +28,7 @@ index b9d0a7fc..14206d9e 100644 T("info arguments:\n") T(" -h show this [h]elp message and exit\n") @@ -1181,12 +1181,15 @@ tmain(int argc, XML_Char **argv) { - #if XML_GE == 1 + #if defined(XML_DTD) || XML_GE == 1 XML_SetBillionLaughsAttackProtectionMaximumAmplification( parser, attackMaximumAmplification); + XML_SetAllocTrackerMaximumAmplification(parser, @@ -36,7 +36,7 @@ index b9d0a7fc..14206d9e 100644 #endif } if (attackThresholdGiven) { - #if XML_GE == 1 + #if defined(XML_DTD) || XML_GE == 1 XML_SetBillionLaughsAttackProtectionActivationThreshold( parser, attackThresholdBytes); + XML_SetAllocTrackerActivationThreshold(parser, attackThresholdBytes); diff --git a/backport-pre-0008-CVE-2025-59375-Simplify-defined-XML_DTD-XML_GE-1-to-XML_GE-1.patch b/backport-pre-0008-CVE-2025-59375-Simplify-defined-XML_DTD-XML_GE-1-to-XML_GE-1.patch deleted file mode 100644 index dcb2b4daea4ad4044b6c7d8f5b7a0e7fac8a859a..0000000000000000000000000000000000000000 --- a/backport-pre-0008-CVE-2025-59375-Simplify-defined-XML_DTD-XML_GE-1-to-XML_GE-1.patch +++ /dev/null @@ -1,313 +0,0 @@ -From caa27198637683b15d810737bb8a6a81af19bfa5 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Fri, 27 Oct 2023 18:47:37 +0200 -Subject: [PATCH] Simplify "defined(XML_DTD) || XML_GE == 1" to "XML_GE == 1" - ---- - lib/expat.h | 2 +- - lib/internal.h | 2 +- - lib/xmlparse.c | 56 ++++++++++++++++++++--------------------- - xmlwf/xmlwf.c | 4 +-- - 4 files changed, 32 insertions(+), 32 deletions(-) - -diff --git a/lib/expat.h b/lib/expat.h -index 99113247..b794892d 100644 ---- a/lib/expat.h -+++ b/lib/expat.h -@@ -1038,7 +1038,7 @@ typedef struct { - XMLPARSEAPI(const XML_Feature *) - XML_GetFeatureList(void); - --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - /* Added in Expat 2.4.0 for XML_DTD defined and - * added in Expat 2.6.0 for XML_GE == 1. */ - XMLPARSEAPI(XML_Bool) -diff --git a/lib/internal.h b/lib/internal.h -index 1851925c..03c8fdec 100644 ---- a/lib/internal.h -+++ b/lib/internal.h -@@ -154,7 +154,7 @@ extern "C" { - void _INTERNAL_trim_to_complete_utf8_characters(const char *from, - const char **fromLimRef); - --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser); - unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser); - const char *unsignedCharToPrintable(unsigned char c); -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 6a38dbe2..ea976017 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -424,7 +424,7 @@ enum XML_Account { - XML_ACCOUNT_NONE /* i.e. do not account, was accounted already */ - }; - --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - typedef unsigned long long XmlBigCount; - typedef struct accounting { - XmlBigCount countBytesDirect; -@@ -440,7 +440,7 @@ typedef struct entity_stats { - unsigned int maximumDepthSeen; - int debugLevel; - } ENTITY_STATS; --#endif /* defined(XML_DTD) || XML_GE == 1 */ -+#endif /* XML_GE == 1 */ - - typedef enum XML_Error PTRCALL Processor(XML_Parser parser, const char *start, - const char *end, const char **endPtr); -@@ -582,7 +582,7 @@ static XML_Parser parserCreate(const XML_Char *encodingName, - - static void parserInit(XML_Parser parser, const XML_Char *encodingName); - --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - static float accountingGetCurrentAmplification(XML_Parser rootParser); - static void accountingReportStats(XML_Parser originParser, const char *epilog); - static void accountingOnAbort(XML_Parser originParser); -@@ -605,7 +605,7 @@ static void entityTrackingOnClose(XML_Parser parser, ENTITY *entity, - - static XML_Parser getRootParserOf(XML_Parser parser, - unsigned int *outLevelDiff); --#endif /* defined(XML_DTD) || XML_GE == 1 */ -+#endif /* XML_GE == 1 */ - - static unsigned long getDebugLevel(const char *variableName, - unsigned long defaultDebugLevel); -@@ -730,7 +730,7 @@ struct XML_ParserStruct { - enum XML_ParamEntityParsing m_paramEntityParsing; - #endif - unsigned long m_hash_secret_salt; --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - ACCOUNTING m_accounting; - ENTITY_STATS m_entity_stats; - #endif -@@ -1190,7 +1190,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) { - #endif - parser->m_hash_secret_salt = 0; - --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - memset(&parser->m_accounting, 0, sizeof(ACCOUNTING)); - parser->m_accounting.debugLevel = getDebugLevel("EXPAT_ACCOUNTING_DEBUG", 0u); - parser->m_accounting.maximumAmplificationFactor -@@ -2546,7 +2546,7 @@ XML_GetFeatureList(void) { - #ifdef XML_ATTR_INFO - {XML_FEATURE_ATTR_INFO, XML_L("XML_ATTR_INFO"), 0}, - #endif --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - /* Added in Expat 2.4.0 for XML_DTD defined and - * added in Expat 2.6.0 for XML_GE == 1. */ - {XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT, -@@ -2563,7 +2563,7 @@ XML_GetFeatureList(void) { - return features; - } - --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - XML_Bool XMLCALL - XML_SetBillionLaughsAttackProtectionMaximumAmplification( - XML_Parser parser, float maximumAmplificationFactor) { -@@ -2585,7 +2585,7 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold( - parser->m_accounting.activationThresholdBytes = activationThresholdBytes; - return XML_TRUE; - } --#endif /* defined(XML_DTD) || XML_GE == 1 */ -+#endif /* XML_GE == 1 */ - - XML_Bool XMLCALL - XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled) { -@@ -2671,13 +2671,13 @@ externalEntityInitProcessor2(XML_Parser parser, const char *start, - int tok = XmlContentTok(parser->m_encoding, start, end, &next); - switch (tok) { - case XML_TOK_BOM: --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - if (! accountingDiffTolerated(parser, tok, start, next, __LINE__, - XML_ACCOUNT_DIRECT)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - } --#endif /* defined(XML_DTD) || XML_GE == 1 */ -+#endif /* XML_GE == 1 */ - - /* If we are at the end of the buffer, this would cause the next stage, - i.e. externalEntityInitProcessor3, to pass control directly to -@@ -2791,7 +2791,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, - for (;;) { - const char *next = s; /* XmlContentTok doesn't always set the last arg */ - int tok = XmlContentTok(enc, s, end, &next); --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - const char *accountAfter - = ((tok == XML_TOK_TRAILING_RSQB) || (tok == XML_TOK_TRAILING_CR)) - ? (haveMore ? s /* i.e. 0 bytes */ : end) -@@ -2857,14 +2857,14 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, - XML_Char ch = (XML_Char)XmlPredefinedEntityName( - enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); - if (ch) { --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - /* NOTE: We are replacing 4-6 characters original input for 1 character - * so there is no amplification and hence recording without - * protection. */ - accountingDiffTolerated(parser, tok, (char *)&ch, - ((char *)&ch) + sizeof(XML_Char), __LINE__, - XML_ACCOUNT_ENTITY_EXPANSION); --#endif /* defined(XML_DTD) || XML_GE == 1 */ -+#endif /* XML_GE == 1 */ - if (parser->m_characterDataHandler) - parser->m_characterDataHandler(parser->m_handlerArg, &ch, 1); - else if (parser->m_defaultHandler) -@@ -4066,7 +4066,7 @@ doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr, - for (;;) { - const char *next = s; /* in case of XML_TOK_NONE or XML_TOK_PARTIAL */ - int tok = XmlCdataSectionTok(enc, s, end, &next); --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, account)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; -@@ -4218,7 +4218,7 @@ doIgnoreSection(XML_Parser parser, const ENCODING *enc, const char **startPtr, - *eventPP = s; - *startPtr = NULL; - tok = XmlIgnoreSectionTok(enc, s, end, &next); --# if defined(XML_DTD) || XML_GE == 1 -+# if XML_GE == 1 - if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, - XML_ACCOUNT_DIRECT)) { - accountingOnAbort(parser); -@@ -4310,7 +4310,7 @@ processXmlDecl(XML_Parser parser, int isGeneralTextEntity, const char *s, - const XML_Char *storedversion = NULL; - int standalone = -1; - --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - if (! accountingDiffTolerated(parser, XML_TOK_XML_DECL, s, next, __LINE__, - XML_ACCOUNT_DIRECT)) { - accountingOnAbort(parser); -@@ -4517,7 +4517,7 @@ entityValueInitProcessor(XML_Parser parser, const char *s, const char *end, - is not valid to have multiple BOMs. - */ - else if (tok == XML_TOK_BOM) { --# if defined(XML_DTD) || XML_GE == 1 -+# if XML_GE == 1 - if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, - XML_ACCOUNT_DIRECT)) { - accountingOnAbort(parser); -@@ -4733,7 +4733,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, - } - } - role = XmlTokenRole(&parser->m_prologState, tok, s, next, enc); --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - switch (role) { - case XML_ROLE_INSTANCE_START: // bytes accounted in contentProcessor - case XML_ROLE_XML_DECL: // bytes accounted in processXmlDecl -@@ -5057,7 +5057,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, - break; - case XML_ROLE_ENTITY_VALUE: - if (dtd->keepProcessing) { --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - // This will store the given replacement text in - // parser->m_declEntity->textPtr. - enum XML_Error result = callStoreEntityValue( -@@ -5708,7 +5708,7 @@ epilogProcessor(XML_Parser parser, const char *s, const char *end, - for (;;) { - const char *next = NULL; - int tok = XmlPrologTok(parser->m_encoding, s, end, &next); --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, - XML_ACCOUNT_DIRECT)) { - accountingOnAbort(parser); -@@ -5873,7 +5873,7 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end, - return result; - } - --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - entityTrackingOnClose(parser, entity, __LINE__); - #endif - entity->open = XML_FALSE; -@@ -5952,7 +5952,7 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata, - const char *next - = ptr; /* XmlAttributeValueTok doesn't always set the last arg */ - int tok = XmlAttributeValueTok(enc, ptr, end, &next); --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - if (! accountingDiffTolerated(parser, tok, ptr, next, __LINE__, account)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; -@@ -6017,14 +6017,14 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata, - XML_Char ch = (XML_Char)XmlPredefinedEntityName( - enc, ptr + enc->minBytesPerChar, next - enc->minBytesPerChar); - if (ch) { --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - /* NOTE: We are replacing 4-6 characters original input for 1 character - * so there is no amplification and hence recording without - * protection. */ - accountingDiffTolerated(parser, tok, (char *)&ch, - ((char *)&ch) + sizeof(XML_Char), __LINE__, - XML_ACCOUNT_ENTITY_EXPANSION); --#endif /* defined(XML_DTD) || XML_GE == 1 */ -+#endif /* XML_GE == 1 */ - if (! poolAppendChar(pool, ch)) - return XML_ERROR_NO_MEMORY; - break; -@@ -6166,7 +6166,7 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc, - = entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */ - int tok = XmlEntityValueTok(enc, entityTextPtr, entityTextEnd, &next); - --# if defined(XML_DTD) || XML_GE == 1 -+# if XML_GE == 1 - if (! accountingDiffTolerated(parser, tok, entityTextPtr, next, __LINE__, - account)) { - accountingOnAbort(parser); -@@ -7743,7 +7743,7 @@ copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) { - return result; - } - --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - - static float - accountingGetCurrentAmplification(XML_Parser rootParser) { -@@ -8474,7 +8474,7 @@ unsignedCharToPrintable(unsigned char c) { - assert(0); /* never gets here */ - } - --#endif /* defined(XML_DTD) || XML_GE == 1 */ -+#endif /* XML_GE == 1 */ - - static unsigned long - getDebugLevel(const char *variableName, unsigned long defaultDebugLevel) { -diff --git a/xmlwf/xmlwf.c b/xmlwf/xmlwf.c -index dfce51fa..2b1cf5ff 100644 ---- a/xmlwf/xmlwf.c -+++ b/xmlwf/xmlwf.c -@@ -1157,13 +1157,13 @@ tmain(int argc, XML_Char **argv) { - } - - if (attackMaximumAmplification != -1.0f) { --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - XML_SetBillionLaughsAttackProtectionMaximumAmplification( - parser, attackMaximumAmplification); - #endif - } - if (attackThresholdGiven) { --#if defined(XML_DTD) || XML_GE == 1 -+#if XML_GE == 1 - XML_SetBillionLaughsAttackProtectionActivationThreshold( - parser, attackThresholdBytes); - #else --- -2.33.0 - diff --git a/expat.spec b/expat.spec index 6f7f8948059084c0cb8a1f0d2166bdae5663b905..21f00a8f5bc3085eeb15746e6c70648ce2cc0e0d 100644 --- a/expat.spec +++ b/expat.spec @@ -1,7 +1,7 @@ %define Rversion %(echo %{version} | sed -e 's/\\./_/g' -e 's/^/R_/') Name: expat Version: 2.5.0 -Release: 10 +Release: 11 Summary: An XML parser library License: MIT URL: https://libexpat.github.io/ @@ -52,13 +52,12 @@ Patch42: backport-0005-CVE-2025-59375-lib-Make-function-dtdReset-use-macr Patch43: backport-0006-CVE-2025-59375-lib-Make-function-dtdDestroy-use-macro-FREE.patch Patch44: backport-0007-CVE-2025-59375-lib-Make-function-dtdCopy-use-macro-MALLOC.patch Patch45: backport-pre-0008-CVE-2025-59375-lib-Add-XML_GE-to-XML_GetFeatureList-and-XML_Feature.patch -Patch46: backport-pre-0008-CVE-2025-59375-Simplify-defined-XML_DTD-XML_GE-1-to-XML_GE-1.patch -Patch47: backport-0008-CVE-2025-59375-lib-Implement-tracking-of-dynamic-memory-allocations.patch -Patch48: backport-0009-CVE-2025-59375-lib-Make-XML_MemFree-and-XML_FreeContentModel-match-.patch -Patch49: backport-0010-CVE-2025-59375-lib-Exclude-XML_Mem-functions-from-allocation-tracki.patch -Patch50: backport-0011-CVE-2025-59375-lib-Exclude-the-main-input-buffer-from-allocation-tr.patch -Patch51: backport-0012-CVE-2025-59375-lib-Exclude-the-content-model-from-allocation-tracki.patch -Patch52: backport-0013-CVE-2025-59375-xmlwf-Wire-allocation-tracker-config-to-existing-arg.patch +Patch46: backport-0008-CVE-2025-59375-lib-Implement-tracking-of-dynamic-memory-allocations.patch +Patch47: backport-0009-CVE-2025-59375-lib-Make-XML_MemFree-and-XML_FreeContentModel-match-.patch +Patch48: backport-0010-CVE-2025-59375-lib-Exclude-XML_Mem-functions-from-allocation-tracki.patch +Patch49: backport-0011-CVE-2025-59375-lib-Exclude-the-main-input-buffer-from-allocation-tr.patch +Patch50: backport-0012-CVE-2025-59375-lib-Exclude-the-content-model-from-allocation-tracki.patch +Patch51: backport-0013-CVE-2025-59375-xmlwf-Wire-allocation-tracker-config-to-existing-arg.patch BuildRequires: sed,autoconf,automake,gcc-c++,libtool,xmlto @@ -107,6 +106,9 @@ find %{buildroot} -type f -name changelog -delete %{_mandir}/man1/* %changelog +* Wed Oct 15 2025 fuanan - 2.5.0-11 +- "#if defined(XML_DTD) || XML_GE == 1" shoud be retained in earlier version. + * Fri Oct 10 2025 fuanan - 2.5.0-10 - fix CVE-2025-59375