From d033ab7be9cb380f7eada98d47759bec203376b8 Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Tue, 29 Oct 2024 13:57:11 +0800
Subject: [PATCH] fix CVE-2024-50602

---
 backport-CVE-2024-50602.patch | 70 +++++++++++++++++++++++++++++++++++
 expat.spec                    |  6 ++-
 2 files changed, 75 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-50602.patch

diff --git a/backport-CVE-2024-50602.patch b/backport-CVE-2024-50602.patch
new file mode 100644
index 0000000..e5e9307
--- /dev/null
+++ b/backport-CVE-2024-50602.patch
@@ -0,0 +1,70 @@
+From 51c7019069b862e88d94ed228659e70bddd5de09 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 21 Oct 2024 01:42:54 +0200
+Subject: [PATCH 1/3] lib: Make XML_StopParser refuse to stop/suspend an
+ unstarted parser
+---
+ lib/expat.h    |  4 +++-
+ lib/xmlparse.c | 11 ++++++++++-
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/lib/expat.h b/lib/expat.h
+index 504727a..3a9ac2c 100644
+--- a/lib/expat.h
++++ b/lib/expat.h
+@@ -127,7 +127,9 @@ enum XML_Error {
+   /* Added in 2.3.0. */
+   XML_ERROR_NO_BUFFER,
+   /* Added in 2.4.0. */
+-  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
++  XML_ERROR_AMPLIFICATION_LIMIT_BREACH,
++  /* Added in 2.6.4. */
++  XML_ERROR_NOT_STARTED,
+ };
+ 
+ enum XML_Content_Type {
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 75cb51d..e13b2bf 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -2208,6 +2208,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
+   if (parser == NULL)
+     return XML_STATUS_ERROR;
+   switch (parser->m_parsingStatus.parsing) {
++  case XML_INITIALIZED:
++    parser->m_errorCode = XML_ERROR_NOT_STARTED;
++    return XML_STATUS_ERROR;
+   case XML_SUSPENDED:
+     if (resumable) {
+       parser->m_errorCode = XML_ERROR_SUSPENDED;
+@@ -2218,7 +2221,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
+   case XML_FINISHED:
+     parser->m_errorCode = XML_ERROR_FINISHED;
+     return XML_STATUS_ERROR;
+-  default:
++  case XML_PARSING:
+     if (resumable) {
+ #ifdef XML_DTD
+       if (parser->m_isParamEntity) {
+@@ -2229,6 +2232,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
+       parser->m_parsingStatus.parsing = XML_SUSPENDED;
+     } else
+       parser->m_parsingStatus.parsing = XML_FINISHED;
++    break;
++  default:
++    assert(0);
+   }
+   return XML_STATUS_OK;
+ }
+@@ -2493,6 +2499,9 @@ XML_ErrorString(enum XML_Error code) {
+   case XML_ERROR_AMPLIFICATION_LIMIT_BREACH:
+     return XML_L(
+         "limit on input amplification factor (from DTD and entities) breached");
++  /* Added in 2.6.4. */
++  case XML_ERROR_NOT_STARTED:
++    return XML_L("parser not started");
+   }
+   return NULL;
+ }
+-- 
+2.27.0
diff --git a/expat.spec b/expat.spec
index d60238e..37ed903 100644
--- a/expat.spec
+++ b/expat.spec
@@ -1,7 +1,7 @@
 %define Rversion %(echo %{version} | sed -e 's/\\./_/g' -e 's/^/R_/')
 Name:           expat
 Version:        2.5.0
-Release:        5
+Release:        6
 Summary:        An XML parser library
 License:        MIT
 URL:            https://libexpat.github.io/
@@ -29,6 +29,7 @@ Patch19:        backport-002-CVE-2024-45490.patch
 Patch20:        backport-003-CVE-2024-45490.patch
 Patch21:        backport-CVE-2024-45491.patch
 Patch22:        backport-CVE-2024-45492.patch
+Patch23:        backport-CVE-2024-50602.patch
 
 BuildRequires:  sed,autoconf,automake,gcc-c++,libtool,xmlto
 
@@ -77,6 +78,9 @@ find %{buildroot} -type f -name changelog -delete
 %{_mandir}/man1/*
 
 %changelog
+* Tue Oct 29 2024 liningjie <liningjie@xfusion.com> - 2.5.0-6
+- fix CVE-2024-50602
+
 * Wed Sep 04 2024 Funda Wang <fundawang@yeah.net> - 2.5.0-5
 - fix CVE-2024-45491, CVE-2024-45492
 
-- 
Gitee