!21 fix CVE-2024-45490 CVE-2024-45491

From: @sherlock2010 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12

0001-Remove-trace-statements-accidentally-committed-with-.patch

@@ -1,83 +0,0 @@
-From 78e995f9f2958fc54e2a559a52c81684dc3460cf Mon Sep 17 00:00:00 2001
-From: giraffedata <giraffedata@98333e67-4a24-44d7-a75c-e53540dd3050>
-Date: Sun, 21 Jan 2018 22:27:31 +0000
-Subject: [PATCH] Remove trace statements accidentally committed with 2977
-
-git-svn-id: https://svn.code.sf.net/p/xmlrpc-c/code/trunk@2981 98333e67-4a24-44d7-a75c-e53540dd3050
----
- src/cpp/value.cpp   | 8 --------
- src/xmlrpc_string.c | 5 -----
- 2 files changed, 13 deletions(-)
-
-diff --git a/src/cpp/value.cpp b/src/cpp/value.cpp
-index e2c12372..b319430e 100644
---- a/src/cpp/value.cpp
-+++ b/src/cpp/value.cpp
-@@ -1,4 +1,3 @@
--#include <iostream>
- /*****************************************************************************
-                                 value.cpp
- ******************************************************************************
-@@ -622,13 +621,9 @@ public:
- 
-         switch (nlCode) {
-         case value_string::nlCode_all:
--            cerr << "Going to call xmlrpc_string_new_lp" << endl;
--            cerr << "length = " << cppvalue.length() << ", value = "
--                 << cppvalue.c_str() << endl;
-             this->valueP = xmlrpc_string_new_lp(&env.env_c,
-                                                 cppvalue.length(),
-                                                 cppvalue.c_str());
--            cerr << "Back from xmlrpc_string_new_lp" << endl;
-             break;
-         case value_string::nlCode_lf:
-             this->valueP = xmlrpc_string_new_lp_cr(&env.env_c,
-@@ -661,12 +656,9 @@ value_string::value_string(std::string          const& cppvalue,
- 
- value_string::value_string(std::string const& cppvalue) {
- 
--    cerr << "value_string constructor entered" << endl;
-     cNewStringWrapper wrapper(cppvalue, nlCode_all);
--    cerr << "wrapper constructed" << endl;
- 
-     this->instantiate(wrapper.valueP);
--    cerr << "value_string constructor exiting" << endl;
- }
- 
- 
-diff --git a/src/xmlrpc_string.c b/src/xmlrpc_string.c
-index 2da61e4e..e6e00716 100644
---- a/src/xmlrpc_string.c
-+++ b/src/xmlrpc_string.c
-@@ -1,4 +1,3 @@
--#include <stdio.h>
- /*=============================================================================
-                               xmlrpc_string
- ===============================================================================
-@@ -746,15 +745,12 @@ stringNew(xmlrpc_env *     const envP,
-           enum crTreatment const crTreatment,
-           xmlrpc_value **  const valPP) {
- 
--    fprintf(stderr, "stringNew entered\n");
-     xmlrpc_value * valP;
- 
-     xmlrpc_validate_utf8(envP, value, length);
- 
-     if (!envP->fault_occurred) {
--        fprintf(stderr, "Going to xmlrpc_createXmlrpcValue\n");
-         xmlrpc_createXmlrpcValue(envP, &valP);
--        fprintf(stderr, "Back from createXmlrpcValue\n");
- 
-         if (!envP->fault_occurred) {
-             valP->_type = XMLRPC_TYPE_STRING;
-@@ -774,7 +770,6 @@ stringNew(xmlrpc_env *     const envP,
-                 *valPP = valP;
-         }
-     }
--    fprintf(stderr, "stringNew exiting\n");
- }
- 
- 
--- 
-2.17.0
-

0002-chmod-x-xml-rpc-api2txt.patch

@@ -0,0 +1,16 @@
+From d97ec6e652690a321d7ce8c81aa30f87d9c0de8f Mon Sep 17 00:00:00 2001
+From: Igor Gnatenko <i.gnatenko.brain@gmail.com>
+Date: Mon, 19 Dec 2016 21:33:47 +0100
+Subject: [PATCH 2/2] chmod +x xml-rpc-api2txt
+
+It's script which is installing into $bindir, so it must be executable.
+
+Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
+---
+ tools/xml-rpc-api2txt/xml-rpc-api2txt | 0
+ 1 file changed, 0 insertions(+), 0 deletions(-)
+ mode change 100644 => 100755 tools/xml-rpc-api2txt/xml-rpc-api2txt
+
+diff --git a/tools/xml-rpc-api2txt/xml-rpc-api2txt b/tools/xml-rpc-api2txt/xml-rpc-api2txt
+old mode 100644
+new mode 100755

backport-CVE-2024-45490-lib-Reject-negative-len-for-XML_ParseBuffer.patch

@@ -0,0 +1,61 @@
+From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 19 Aug 2024 22:26:07 +0200
+Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer
+
+Reported by TaiYou
+
+Conflict:file path adapt
+add error code XML_ERROR_INVALID_ARGUMENT
+parser->m_errorCode => errorCode
+return XML_STATUS_ERROR => return 0
+context adapt
+Reference:https://github.com/libexpat/libexpat/commit/5c1a31642e243f4870c0bd1f2afc7597976521bf
+---
+ lib/expat/xmlparse/xmlparse.c | 8 +++++++-
+ lib/expat/xmlparse/xmlparse.h | 3 ++-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c
+index 8087360..d2363da 100644
+--- a/lib/expat/xmlparse/xmlparse.c
++++ b/lib/expat/xmlparse/xmlparse.c
+@@ -4810,6 +4810,11 @@ xmlrpc_XML_ParseBuffer(XML_Parser const xmlParserP,
+         return 0;
+     }
+ 
++    if (len < 0) {
++        errorCode = XML_ERROR_INVALID_ARGUMENT;
++        return 0;
++    }
++
+     parser->m_positionPtr = start;
+     parser->m_bufferEnd += len;
+     parser->m_parseEndByteIndex += len;
+@@ -5017,7 +5022,8 @@ xmlrpc_XML_ErrorString(int const code) {
+         /* UNCLOSED_CDATA_SECTION */  XML_T("unclosed CDATA section"),
+         /* EXTERNAL_ENTITY_HANDLING */
+              XML_T("error in processing external entity reference"),
+-        /* NOT_STANDALONE */          XML_T("document is not standalone")
++        /* NOT_STANDALONE */          XML_T("document is not standalone"),
++        /* INVALID_ARGUMENT */        XML_T("invalid argument")
+     };
+ 
+     const XML_LChar * retval;
+diff --git a/lib/expat/xmlparse/xmlparse.h b/lib/expat/xmlparse/xmlparse.h
+index 76cf0db..63133ba 100644
+--- a/lib/expat/xmlparse/xmlparse.h
++++ b/lib/expat/xmlparse/xmlparse.h
+@@ -518,7 +518,8 @@ enum XML_Error {
+   XML_ERROR_INCORRECT_ENCODING,
+   XML_ERROR_UNCLOSED_CDATA_SECTION,
+   XML_ERROR_EXTERNAL_ENTITY_HANDLING,
+-  XML_ERROR_NOT_STANDALONE
++  XML_ERROR_NOT_STANDALONE,
++  XML_ERROR_INVALID_ARGUMENT
+ };
+ 
+ /* If xmlrpc_XML_Parse or xmlrpc_XML_ParseBuffer have returned 0, then
+-- 
+2.33.0
+

backport-CVE-2024-45491-lib-Detect-integer-overflow-in-dtdCopy.patch

@@ -0,0 +1,37 @@
+From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 19 Aug 2024 22:34:13 +0200
+Subject: [PATCH] lib: Detect integer overflow in dtdCopy
+
+Reported by TaiYou
+
+Conflict:context adapt
+Reference:https://github.com/libexpat/libexpat/commit/8e439a9947e9dc80a395c0c7456545d8d9d9e421
+---
+ lib/expat/xmlparse/xmlparse.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c
+index 91682c18..e2327bdc 100644
+--- a/lib/expat/xmlparse/xmlparse.c
++++ b/lib/expat/xmlparse/xmlparse.c
+@@ -7016,6 +7016,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd)
+     if (!newE)
+       return 0;
+     if (oldE->nDefaultAtts) {
++      /* Detect and prevent integer overflow.
++       * The preprocessor guard addresses the "always false" warning
++       * from -Wtype-limits on platforms where
++       * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++      if ((size_t)oldE->nDefaultAtts
++          > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
++        return 0;
++      }
++#endif
+       newE->defaultAtts = (DEFAULT_ATTRIBUTE *)
+           malloc(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
+       if (!newE->defaultAtts)
+-- 
+2.33.0
+

xmlrpc-c.spec

@@ -1,37 +1,33 @@
-%bcond_with libxml2
-
 Name:		xmlrpc-c
-Version:	1.51.03
+Version:	1.51.06
 Release:        2
 Summary:	Library implementing XML-based Remote Procedure Calls
 License:	BSD and MIT
 URL:		http://xmlrpc-c.sourceforge.net/
-Source0:        https://sourceforge.net/projects/xmlrpc-c/files/Xmlrpc-c%20Super%20Stable/1.51.03/xmlrpc-c-1.51.03.tgz	
+Source0:        https://sourceforge.net/projects/xmlrpc-c/files/Xmlrpc-c%20Super%20Stable/%version/xmlrpc-c-%version.tgz	
 
 Patch0001:      0001-xmlrpc_server_abyss-use-va_args-properly.patch
-Patch0002:      0001-Remove-trace-statements-accidentally-committed-with-.patch
 Patch0003:      0001-add-meson-buildsystem-definitions.patch
+Patch0004:      0002-chmod-x-xml-rpc-api2txt.patch
+Patch0005:      backport-CVE-2024-45490-lib-Reject-negative-len-for-XML_ParseBuffer.patch
+Patch0006:      backport-CVE-2024-45491-lib-Detect-integer-overflow-in-dtdCopy.patch
 
 BuildRequires:	git-core meson >= 0.36.0 gcc gcc-c++ ncurses-devel 
 BuildRequires:  libcurl-devel readline-devel pkgconfig(openssl)
 
 Provides:       xmlrpc-c-c++ = %{version}-%{release}      xmlrpc-c-c++%{?_isa} = %{version}-%{release}
-Obsoletes:      xmlrpc-c-c++ < %{version}-%{release}      xmlrpc-c-c++%{_?isa} < %{version}-%{release}
+Obsoletes:      xmlrpc-c-c++ < %{version}-%{release}      
 
 Provides:       xmlrpc-c-client = %{version}-%{release}   xmlrpc-c-client%{?_isa} = %{version}-%{release} 
-Obsoletes:      xmlrpc-c-client < %{version}-%{release}   xmlrpc-c-client%{?_isa} < %{version}-%{release} 
+Obsoletes:      xmlrpc-c-client < %{version}-%{release}    
 
 Provides:       xmlrpc-c-client++ = %{version}-%{release} xmlrpc-c-client++%{?_isa} = %{version}-%{release}
-Obsoletes:      xmlrpc-c-client++ < %{version}-%{release} xmlrpc-c-client++%{?_isa} < %{version}-%{release}
+Obsoletes:      xmlrpc-c-client++ < %{version}-%{release} 
 
 Provides:       xmlrpc-c-apps = %{version}-%{release}     xmlrpc-c-apps%{?_isa} = %{version}-%{release}
-Obsoletes:      xmlrpc-c-apps < %{version}-%{release}     xmlrpc-c-apps%{?_isa} < %{version}-%{release}
+Obsoletes:      xmlrpc-c-apps < %{version}-%{release}     
 
-%if %{with libxml2}
-BuildRequires:  libxml2-devel
-%else
 Provides:       bundled(expat)
-%endif
 
 %description
 XML-RPC is a quick-and-easy way to make procedure calls 
@@ -52,7 +48,7 @@ Header files for xmlrpc-c.
 %autosetup -n %{name}-%{version} -p1
 
 %build
-%meson %{?with_libxml2:-Dlibxml2-backend=true}
+%meson
 %meson_build
 
 %install
@@ -65,9 +61,6 @@ Header files for xmlrpc-c.
 %{_bindir}/xml*
 %{_libdir}/*.so.*
 %exclude %{_bindir}/xmlrpc-c-config
-%if %{with libxml2}
-%exclude %{_libdir}/libxmlrpc_xml*.so.*
-%endif
 
 %files          devel
 %defattr(-,root,root)
@@ -84,6 +77,30 @@ Header files for xmlrpc-c.
 %{_mandir}/man1/*
 
 %changelog
+* Tue Sep 10 2024 zhouyihang <zhouyihang3@h-partners.com> - 1.51.06-2
+- Type:CVE
+- CVE:CVE-2024-45490 CVE-2024-45491
+- SUG:NA
+- DESC:fix CVE-2024-45490 CVE-2024-45491
+
+* Tue Jul 23 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.51.06-1
+- Type:NA
+- Id:NA
+- SUG:NA
+- DESC: update to 1.51.06
+
+* Tue Mar 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.51.03-4
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC: chmod xml-rpc-api2txt
+
+* Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.51.03-3
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:delete the isa in obsoletes
+
 * Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.51.03-2
 - Type:NA
 - ID:NA