From c13978828dafebd139f1f365dd7165636f9895a5 Mon Sep 17 00:00:00 2001 From: fly_fzc <2385803914@qq.com> Date: Tue, 21 Oct 2025 15:03:55 +0800 Subject: [PATCH] backport upstream patch (cherry picked from commit fcd86c034483965d7dd58f334fd22207eb870783) --- ...ion-of-asynchronous-tags-in-entities.patch | 34 +++++++++++++++++++ expat.spec | 6 +++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-8176-CVE-2025-59375-lib-Fix-detection-of-asynchronous-tags-in-entities.patch diff --git a/backport-CVE-2024-8176-CVE-2025-59375-lib-Fix-detection-of-asynchronous-tags-in-entities.patch b/backport-CVE-2024-8176-CVE-2025-59375-lib-Fix-detection-of-asynchronous-tags-in-entities.patch new file mode 100644 index 0000000..6355179 --- /dev/null +++ b/backport-CVE-2024-8176-CVE-2025-59375-lib-Fix-detection-of-asynchronous-tags-in-entities.patch @@ -0,0 +1,34 @@ +From ba80428c2207259103b73871d447dee34755340c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Berkay=20Eren=20=C3=9Cr=C3=BCn?= +Date: Tue, 23 Sep 2025 11:22:14 +0200 +Subject: [PATCH] lib: Fix detection of asynchronous tags in entities + +According to the XML standard, tags must be closed within the same +element in which they are opened. Since the change of the entity +processing method in version 2.7.0, violations of this rule have not +been handled correctly for entities. + +This commit adds the required checks to detect any violations and +restores the correct behaviour. +--- + lib/xmlparse.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index ce29ab6f..ba4e3c48 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -6447,6 +6447,10 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end, + // process its possible inner entities (which are added to the + // m_openInternalEntities during doProlog or doContent calls above) + entity->hasMore = XML_FALSE; ++ if (! entity->is_param ++ && (openEntity->startTagLevel != parser->m_tagLevel)) { ++ return XML_ERROR_ASYNC_ENTITY; ++ } + triggerReenter(parser); + return result; + } +-- +2.33.0 + diff --git a/expat.spec b/expat.spec index b2bdf45..cefa7f0 100644 --- a/expat.spec +++ b/expat.spec @@ -1,7 +1,7 @@ %define Rversion %(echo %{version} | sed -e 's/\\./_/g' -e 's/^/R_/') Name: expat Version: 2.4.1 -Release: 18 +Release: 19 Summary: An XML parser library License: MIT URL: https://libexpat.github.io/ @@ -82,6 +82,7 @@ Patch71: backport-0010-CVE-2025-59375-lib-Exclude-XML_Mem-functions-from- Patch72: backport-0011-CVE-2025-59375-lib-Exclude-the-main-input-buffer-from-allocation-tr.patch Patch73: backport-0012-CVE-2025-59375-lib-Exclude-the-content-model-from-allocation-tracki.patch Patch74: backport-0013-CVE-2025-59375-xmlwf-Wire-allocation-tracker-config-to-existing-arg.patch +Patch75: backport-CVE-2024-8176-CVE-2025-59375-lib-Fix-detection-of-asynchronous-tags-in-entities.patch BuildRequires: sed,autoconf,automake,gcc-c++,libtool,xmlto @@ -135,6 +136,9 @@ make check %{_mandir}/man1/* %changelog +* Tue Oct 21 2025 fuanan - 2.4.1-19 +- backport upstream patch + * Wed Oct 15 2025 fuanan - 2.4.1-18 - "#if defined(XML_DTD) || XML_GE == 1" shoud be retained in earlier version. -- Gitee