drop patches, upgrade expat to version 2.6.3

microsoft · Sep 4, 2024 · 52c3fbf · 52c3fbf
1 parent 036f6a8
commit 52c3fbf
Show file tree

Hide file tree

Showing 10 changed files with 21 additions and 245 deletions.
diff --git a/SPECS/expat/0-lib-Reject-negative-len-for-XML_ParseBuffer.patch b/SPECS/expat/0-lib-Reject-negative-len-for-XML_ParseBuffer.patch
diff --git a/SPECS/expat/1-lib-Detect-integer-overflow-in-dtdCopy.patch b/SPECS/expat/1-lib-Detect-integer-overflow-in-dtdCopy.patch
diff --git a/SPECS/expat/2-lib-Detect-integer-overflow-in-function-nextScaffoldPart.patch b/SPECS/expat/2-lib-Detect-integer-overflow-in-function-nextScaffoldPart.patch
diff --git a/SPECS/expat/expat.signatures.json b/SPECS/expat/expat.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "expat-2.6.2.tar.bz2": "9c7c1b5dcbc3c237c500a8fb1493e14d9582146dd9b42aa8d3ffb856a3b927e0"
+  "expat-2.6.3.tar.bz2": "b8baef92f328eebcf731f4d18103951c61fa8c8ec21d5ff4202fb6f2198aeb2d"
  }
 }
diff --git a/SPECS/expat/expat.spec b/SPECS/expat/expat.spec
@@ -1,20 +1,14 @@
 %define         underscore_version %(echo %{version} | cut -d. -f1-3 --output-delimiter="_")
 Summary:        An XML parser library
 Name:           expat
-Version:        2.6.2
-Release:        2%{?dist}
+Version:        2.6.3
+Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System Environment/GeneralLibraries
 URL:            https://libexpat.github.io/
 Source0:        https://github.com/libexpat/libexpat/releases/download/R_%{underscore_version}/%{name}-%{version}.tar.bz2
-# CVE-2024-45490
-Patch0:         0-lib-Reject-negative-len-for-XML_ParseBuffer.patch
-# CVE-2024-45491
-Patch1:         1-lib-Detect-integer-overflow-in-dtdCopy.patch
-# CVE-2024-45492
-Patch2:         2-lib-Detect-integer-overflow-in-function-nextScaffoldPart.patch
 Requires:       %{name}-libs = %{version}-%{release}
 
 %description
@@ -72,8 +66,8 @@ rm -rf %{buildroot}/%{_docdir}/%{name}
 %{_libdir}/libexpat.so.1*
 
 %changelog
-* Tue Sep 03 2024 Gary Swalling <[email protected]> - 2.6.2-2
-- Add patches to fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
+* Tue Sep 04 2024 Gary Swalling <[email protected]> - 2.6.3-1
+- Upgrade to 2.6.3 to fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
 
 * Wed May 22 2024 Neha Agarwal <[email protected]> - 2.6.2-1
 - Upgrade to v2.6.2 to fix CVE-2024-28757

diff --git a/cgmanifest.json b/cgmanifest.json
@@ -3408,8 +3408,8 @@
         "type": "other",
         "other": {
           "name": "expat",
-          "version": "2.6.2",
-          "downloadUrl": "https://github.com/libexpat/libexpat/releases/download/R_2_6_2/expat-2.6.2.tar.bz2"
+          "version": "2.6.3",
+          "downloadUrl": "https://github.com/libexpat/libexpat/releases/download/R_2_6_3/expat-2.6.3.tar.bz2"
         }
       }
     },

diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -99,9 +99,9 @@ elfutils-libelf-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-devel-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-devel-static-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-lang-0.189-3.azl3.aarch64.rpm
-expat-2.6.2-1.azl3.aarch64.rpm
-expat-devel-2.6.2-1.azl3.aarch64.rpm
-expat-libs-2.6.2-1.azl3.aarch64.rpm
+expat-2.6.3-1.azl3.aarch64.rpm
+expat-devel-2.6.3-1.azl3.aarch64.rpm
+expat-libs-2.6.3-1.azl3.aarch64.rpm
 libpipeline-1.5.7-1.azl3.aarch64.rpm
 libpipeline-devel-1.5.7-1.azl3.aarch64.rpm
 gdbm-1.23-1.azl3.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -99,9 +99,9 @@ elfutils-libelf-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-devel-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-devel-static-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-lang-0.189-3.azl3.x86_64.rpm
-expat-2.6.2-1.azl3.x86_64.rpm
-expat-devel-2.6.2-1.azl3.x86_64.rpm
-expat-libs-2.6.2-1.azl3.x86_64.rpm
+expat-2.6.3-1.azl3.x86_64.rpm
+expat-devel-2.6.3-1.azl3.x86_64.rpm
+expat-libs-2.6.3-1.azl3.x86_64.rpm
 libpipeline-1.5.7-1.azl3.x86_64.rpm
 libpipeline-devel-1.5.7-1.azl3.x86_64.rpm
 gdbm-1.23-1.azl3.x86_64.rpm

diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -92,10 +92,10 @@ elfutils-libelf-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-devel-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-devel-static-0.189-3.azl3.aarch64.rpm
 elfutils-libelf-lang-0.189-3.azl3.aarch64.rpm
-expat-2.6.2-1.azl3.aarch64.rpm
-expat-debuginfo-2.6.2-1.azl3.aarch64.rpm
-expat-devel-2.6.2-1.azl3.aarch64.rpm
-expat-libs-2.6.2-1.azl3.aarch64.rpm
+expat-2.6.3-1.azl3.aarch64.rpm
+expat-debuginfo-2.6.3-1.azl3.aarch64.rpm
+expat-devel-2.6.3-1.azl3.aarch64.rpm
+expat-libs-2.6.3-1.azl3.aarch64.rpm
 file-5.45-1.azl3.aarch64.rpm
 file-debuginfo-5.45-1.azl3.aarch64.rpm
 file-devel-5.45-1.azl3.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -95,10 +95,10 @@ elfutils-libelf-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-devel-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-devel-static-0.189-3.azl3.x86_64.rpm
 elfutils-libelf-lang-0.189-3.azl3.x86_64.rpm
-expat-2.6.2-1.azl3.x86_64.rpm
-expat-debuginfo-2.6.2-1.azl3.x86_64.rpm
-expat-devel-2.6.2-1.azl3.x86_64.rpm
-expat-libs-2.6.2-1.azl3.x86_64.rpm
+expat-2.6.3-1.azl3.x86_64.rpm
+expat-debuginfo-2.6.3-1.azl3.x86_64.rpm
+expat-devel-2.6.3-1.azl3.x86_64.rpm
+expat-libs-2.6.3-1.azl3.x86_64.rpm
 file-5.45-1.azl3.x86_64.rpm
 file-debuginfo-5.45-1.azl3.x86_64.rpm
 file-devel-5.45-1.azl3.x86_64.rpm