diff --git a/backport-CVE-2024-8176-CVE-2025-59375-lib-Fix-detection-of-asynchronous-tags-in-entities.patch b/backport-CVE-2024-8176-CVE-2025-59375-lib-Fix-detection-of-asynchronous-tags-in-entities.patch new file mode 100644 index 0000000000000000000000000000000000000000..6355179f8e9e7a821e30a6d9a13069b135401c55 --- /dev/null +++ b/backport-CVE-2024-8176-CVE-2025-59375-lib-Fix-detection-of-asynchronous-tags-in-entities.patch @@ -0,0 +1,34 @@ +From ba80428c2207259103b73871d447dee34755340c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Berkay=20Eren=20=C3=9Cr=C3=BCn?= +Date: Tue, 23 Sep 2025 11:22:14 +0200 +Subject: [PATCH] lib: Fix detection of asynchronous tags in entities + +According to the XML standard, tags must be closed within the same +element in which they are opened. Since the change of the entity +processing method in version 2.7.0, violations of this rule have not +been handled correctly for entities. + +This commit adds the required checks to detect any violations and +restores the correct behaviour. +--- + lib/xmlparse.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index ce29ab6f..ba4e3c48 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -6447,6 +6447,10 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end, + // process its possible inner entities (which are added to the + // m_openInternalEntities during doProlog or doContent calls above) + entity->hasMore = XML_FALSE; ++ if (! entity->is_param ++ && (openEntity->startTagLevel != parser->m_tagLevel)) { ++ return XML_ERROR_ASYNC_ENTITY; ++ } + triggerReenter(parser); + return result; + } +-- +2.33.0 + diff --git a/expat.spec b/expat.spec index 21f00a8f5bc3085eeb15746e6c70648ce2cc0e0d..53e703c3091dd36c967928a44ee0b5a49c413ac8 100644 --- a/expat.spec +++ b/expat.spec @@ -1,7 +1,7 @@ %define Rversion %(echo %{version} | sed -e 's/\\./_/g' -e 's/^/R_/') Name: expat Version: 2.5.0 -Release: 11 +Release: 12 Summary: An XML parser library License: MIT URL: https://libexpat.github.io/ @@ -58,6 +58,7 @@ Patch48: backport-0010-CVE-2025-59375-lib-Exclude-XML_Mem-functions-from- Patch49: backport-0011-CVE-2025-59375-lib-Exclude-the-main-input-buffer-from-allocation-tr.patch Patch50: backport-0012-CVE-2025-59375-lib-Exclude-the-content-model-from-allocation-tracki.patch Patch51: backport-0013-CVE-2025-59375-xmlwf-Wire-allocation-tracker-config-to-existing-arg.patch +Patch52: backport-CVE-2024-8176-CVE-2025-59375-lib-Fix-detection-of-asynchronous-tags-in-entities.patch BuildRequires: sed,autoconf,automake,gcc-c++,libtool,xmlto @@ -106,6 +107,9 @@ find %{buildroot} -type f -name changelog -delete %{_mandir}/man1/* %changelog +* Tue Oct 21 2025 fuanan - 2.5.0-12 +- backport upstream patch + * Wed Oct 15 2025 fuanan - 2.5.0-11 - "#if defined(XML_DTD) || XML_GE == 1" shoud be retained in earlier version.