!19 fix CVE-2024-45490 CVE-2024-45491

From: @sherlock2010 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12

backport-0001-add-meson-buildsystem-definitions.patch

@@ -242,7 +242,7 @@ new file mode 100644
 index 00000000..19f04cc3
 --- /dev/null
 +++ b/lib/abyss++/meson.build
-@@ -0,0 +1,43 @@
+@@ -0,0 +1,42 @@
 +if host_machine.system() == 'windows'
 +  abysspp_chan_switch = 'AbyssChanSwitchWin.cpp'
 +else
@@ -284,7 +284,6 @@ index 00000000..19f04cc3
 +  version : meson.project_version(),
 +  requires_private : ['xmlrpc_abyss', 'xmlrpc_util', 'xmlrpc_util++'],
 +  libraries : libxmlrpc_abysspp,
-+  install : true,
 +)
 diff --git a/lib/abyss/meson.build b/lib/abyss/meson.build
 new file mode 100644
@@ -298,7 +297,7 @@ new file mode 100644
 index 00000000..daa91fce
 --- /dev/null
 +++ b/lib/abyss/src/meson.build
-@@ -0,0 +1,66 @@
+@@ -0,0 +1,65 @@
 +abyss_deps = [socket]
 +if host_machine.system() == 'windows'
 +  abyss_socket = 'socket_win.c'
@@ -363,7 +362,6 @@ index 00000000..daa91fce
 +  version : meson.project_version(),
 +  libraries : libxmlrpc_abyss,
 +  requires_private : 'xmlrpc_util',
-+  install : true,
 +)
 diff --git a/lib/curl_transport/meson.build b/lib/curl_transport/meson.build
 new file mode 100644
@@ -402,7 +400,7 @@ new file mode 100644
 index 00000000..df9ca84c
 --- /dev/null
 +++ b/lib/expat/meson.build
-@@ -0,0 +1,15 @@
+@@ -0,0 +1,14 @@
 +subdir('gennmtab')
 +subdir('xmltok')
 +subdir('xmlparse')
@@ -416,7 +414,6 @@ index 00000000..df9ca84c
 +    libxmlrpc_xmlparse,
 +    libxmlrpc_xmltok,
 +  ],
-+  install : true,
 +)
 diff --git a/lib/expat/xmlparse/meson.build b/lib/expat/xmlparse/meson.build
 new file mode 100644
@@ -488,7 +485,7 @@ new file mode 100644
 index 00000000..9764c08d
 --- /dev/null
 +++ b/lib/libutil++/meson.build
-@@ -0,0 +1,28 @@
+@@ -0,0 +1,27 @@
 +libxmlrpc_utilpp = library(
 +  'xmlrpc_util++',
 +  sources : [
@@ -515,14 +512,13 @@ index 00000000..9764c08d
 +  version : meson.project_version(),
 +  requires_private : 'xmlrpc_util',
 +  libraries : libxmlrpc_utilpp,
-+  install : true,
 +)
 diff --git a/lib/libutil/meson.build b/lib/libutil/meson.build
 new file mode 100644
 index 00000000..bb1cc67d
 --- /dev/null
 +++ b/lib/libutil/meson.build
-@@ -0,0 +1,41 @@
+@@ -0,0 +1,40 @@
 +# FIXME: it's default already to 1 in xmlrpc_config.h
 +util_lock_pthread = ['lock_pthread.c']
 +# TODO: handle mscvrt.dll properly
@@ -562,7 +558,6 @@ index 00000000..bb1cc67d
 +  description : 'Xmlrpc-c utility functions library',
 +  version : meson.project_version(),
 +  libraries : libxmlrpc_util,
-+  install : true,
 +)
 diff --git a/lib/meson.build b/lib/meson.build
 new file mode 100644
@@ -602,7 +597,7 @@ new file mode 100644
 index 00000000..f65a4dc1
 --- /dev/null
 +++ b/lib/openssl/meson.build
-@@ -0,0 +1,27 @@
+@@ -0,0 +1,26 @@
 +libxmlrpc_openssl = library(
 +  'xmlrpc_openssl',
 +  sources : [
@@ -628,7 +623,6 @@ index 00000000..f65a4dc1
 +  version : meson.project_version(),
 +  requires_private : 'xmlrpc_util',
 +  libraries : libxmlrpc_openssl,
-+  install : true,
 +)
 diff --git a/lib/util/meson.build b/lib/util/meson.build
 new file mode 100644
@@ -895,7 +889,7 @@ new file mode 100644
 index 00000000..f0fd74f6
 --- /dev/null
 +++ b/src/cpp/meson.build
-@@ -0,0 +1,223 @@
+@@ -0,0 +1,218 @@
 +libxmlrpc_cpp = library(
 +  'xmlrpc_cpp',
 +  sources : [
@@ -944,7 +938,6 @@ index 00000000..f0fd74f6
 +  version : meson.project_version(),
 +  requires_private : ['xmlrpc', 'xmlrpc_util', 'xmlrpc_util++'],
 +  libraries : libxmlrpcpp,
-+  install : true,
 +)
 +
 +libxmlrpc_serverpp = library(
@@ -972,7 +965,6 @@ index 00000000..f0fd74f6
 +  version : meson.project_version(),
 +  requires_private : ['xmlrpc', 'xmlrpc++', 'xmlrpc_server', 'xmlrpc_util', 'xmlrpc_util++'],
 +  libraries : libxmlrpc_serverpp,
-+  install : true,
 +)
 +
 +if get_option('abyss-server')
@@ -1005,7 +997,6 @@ index 00000000..f0fd74f6
 +    version : meson.project_version(),
 +    requires_private : ['xmlrpc_abyss', 'xmlrpc_abyss++', 'xmlrpc_server++', 'xmlrpc_server_abyss', 'xmlrpc_util', 'xmlrpc_util++'],
 +    libraries : libxmlrpc_server_abysspp,
-+    install : true,
 +  )
 +endif
 +
@@ -1077,7 +1068,6 @@ index 00000000..f0fd74f6
 +    version : meson.project_version(),
 +    requires_private : ['xmlrpc++', 'xmlrpc_server++', 'xmlrpc_util++'],
 +    libraries : [libxmlrpc_server_pstreampp, libxmlrpc_packetsocket],
-+    install : true,
 +  )
 +endif
 +
@@ -1116,7 +1106,6 @@ index 00000000..f0fd74f6
 +    requires_private : ['xmlrpc', 'xmlrpc++', 'xmlrpc_client', 'xmlrpc_util', 'xmlrpc_util++'],
 +    libraries : libxmlrpc_clientpp,
 +    libraries_private : libxmlrpc_packetsocket,
-+    install : true,
 +  )
 +endif
 diff --git a/src/meson.build b/src/meson.build
@@ -1124,7 +1113,7 @@ new file mode 100644
 index 00000000..8dd22486
 --- /dev/null
 +++ b/src/meson.build
-@@ -0,0 +1,190 @@
+@@ -0,0 +1,185 @@
 +xmlrpc_deps = []
 +xmlrpc_incs = []
 +xmlrpc_libs = [libxmlrpc_util]
@@ -1182,7 +1171,6 @@ index 00000000..8dd22486
 +  version : meson.project_version(),
 +  requires_private : xmlrpc_pkgconfig_req,
 +  libraries : libxmlrpc,
-+  install : true,
 +)
 +
 +libxmlrpc_server = library(
@@ -1211,7 +1199,6 @@ index 00000000..8dd22486
 +  version : meson.project_version(),
 +  requires_private : ['xmlrpc', 'xmlrpc_util'],
 +  libraries : libxmlrpc_server,
-+  install : true,
 +)
 +
 +if get_option('abyss-server')
@@ -1242,7 +1229,6 @@ index 00000000..8dd22486
 +    version : meson.project_version(),
 +    requires_private : ['xmlrpc', 'xmlrpc_server', 'xmlrpc_abyss', 'xmlrpc_util'],
 +    libraries : libxmlrpc_server_abyss,
-+    install : true,
 +  )
 +endif
 +
@@ -1272,7 +1258,6 @@ index 00000000..8dd22486
 +    version : meson.project_version(),
 +    requires_private : ['xmlrpc', 'xmlrpc_server', 'xmlrpc_util'],
 +    libraries : libxmlrpc_server_cgi,
-+    install : true,
 +  )
 +endif
 +
@@ -1308,7 +1293,6 @@ index 00000000..8dd22486
 +    version : meson.project_version(),
 +    requires_private : ['xmlrpc', 'xmlrpc_util'],
 +    libraries : libxmlrpc_client,
-+    install : true,
 +  )
 +endif
 +

backport-0001-xmlrpc_server_abyss-use-va_args-properly.patch

@@ -1,34 +0,0 @@
-From d31c2ffbf5181053330fa32e4f03c47283bd1448 Mon Sep 17 00:00:00 2001
-From: Igor Gnatenko <i.gnatenko.brain@gmail.com>
-Date: Sat, 17 Dec 2016 10:28:31 +0100
-Subject: [PATCH 1/3] xmlrpc_server_abyss: use va_args properly
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-../src/xmlrpc_server_abyss.c: In function ‘createServer’:
-../src/xmlrpc_server_abyss.c:783:13: error: format not a string literal and no format arguments [-Werror=format-security]
-             xmlrpc_faultf(envP, error);
-             ^~~~~~~~~~~~~
-
-Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
----
- src/xmlrpc_server_abyss.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/xmlrpc_server_abyss.c b/src/xmlrpc_server_abyss.c
-index 8aacb4b..58f5ba0 100644
---- a/src/xmlrpc_server_abyss.c
-+++ b/src/xmlrpc_server_abyss.c
-@@ -780,7 +780,7 @@ createServer(xmlrpc_env *                      const envP,
-         ServerInit2(abyssServerP, &error);
- 
-         if (error) {
--            xmlrpc_faultf(envP, error);
-+            xmlrpc_faultf(envP, "%s", error);
-             xmlrpc_strfree(error);
-         }
-     }
--- 
-2.13.1
-

backport-CVE-2024-45490-lib-Reject-negative-len-for-XML_ParseBuffer.patch

@@ -0,0 +1,61 @@
+From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 19 Aug 2024 22:26:07 +0200
+Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer
+
+Reported by TaiYou
+
+Conflict:file path adapt
+add error code XML_ERROR_INVALID_ARGUMENT
+parser->m_errorCode => errorCode
+return XML_STATUS_ERROR => return 0
+context adapt
+Reference:https://github.com/libexpat/libexpat/commit/5c1a31642e243f4870c0bd1f2afc7597976521bf
+---
+ lib/expat/xmlparse/xmlparse.c | 8 +++++++-
+ lib/expat/xmlparse/xmlparse.h | 3 ++-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c
+index 8087360..d2363da 100644
+--- a/lib/expat/xmlparse/xmlparse.c
++++ b/lib/expat/xmlparse/xmlparse.c
+@@ -4810,6 +4810,11 @@ xmlrpc_XML_ParseBuffer(XML_Parser const xmlParserP,
+         return 0;
+     }
+ 
++    if (len < 0) {
++        errorCode = XML_ERROR_INVALID_ARGUMENT;
++        return 0;
++    }
++
+     parser->m_positionPtr = start;
+     parser->m_bufferEnd += len;
+     parser->m_parseEndByteIndex += len;
+@@ -5017,7 +5022,8 @@ xmlrpc_XML_ErrorString(int const code) {
+         /* UNCLOSED_CDATA_SECTION */  XML_T("unclosed CDATA section"),
+         /* EXTERNAL_ENTITY_HANDLING */
+              XML_T("error in processing external entity reference"),
+-        /* NOT_STANDALONE */          XML_T("document is not standalone")
++        /* NOT_STANDALONE */          XML_T("document is not standalone"),
++        /* INVALID_ARGUMENT */        XML_T("invalid argument")
+     };
+ 
+     const XML_LChar * retval;
+diff --git a/lib/expat/xmlparse/xmlparse.h b/lib/expat/xmlparse/xmlparse.h
+index 76cf0db..63133ba 100644
+--- a/lib/expat/xmlparse/xmlparse.h
++++ b/lib/expat/xmlparse/xmlparse.h
+@@ -518,7 +518,8 @@ enum XML_Error {
+   XML_ERROR_INCORRECT_ENCODING,
+   XML_ERROR_UNCLOSED_CDATA_SECTION,
+   XML_ERROR_EXTERNAL_ENTITY_HANDLING,
+-  XML_ERROR_NOT_STANDALONE
++  XML_ERROR_NOT_STANDALONE,
++  XML_ERROR_INVALID_ARGUMENT
+ };
+ 
+ /* If xmlrpc_XML_Parse or xmlrpc_XML_ParseBuffer have returned 0, then
+-- 
+2.33.0
+

backport-CVE-2024-45491-lib-Detect-integer-overflow-in-dtdCopy.patch

@@ -0,0 +1,37 @@
+From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 19 Aug 2024 22:34:13 +0200
+Subject: [PATCH] lib: Detect integer overflow in dtdCopy
+
+Reported by TaiYou
+
+Conflict:context adapt
+Reference:https://github.com/libexpat/libexpat/commit/8e439a9947e9dc80a395c0c7456545d8d9d9e421
+---
+ lib/expat/xmlparse/xmlparse.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c
+index 91682c18..e2327bdc 100644
+--- a/lib/expat/xmlparse/xmlparse.c
++++ b/lib/expat/xmlparse/xmlparse.c
+@@ -7016,6 +7016,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd)
+     if (!newE)
+       return 0;
+     if (oldE->nDefaultAtts) {
++      /* Detect and prevent integer overflow.
++       * The preprocessor guard addresses the "always false" warning
++       * from -Wtype-limits on platforms where
++       * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++      if ((size_t)oldE->nDefaultAtts
++          > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
++        return 0;
++      }
++#endif
+       newE->defaultAtts = (DEFAULT_ATTRIBUTE *)
+           malloc(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
+       if (!newE->defaultAtts)
+-- 
+2.33.0
+

xmlrpc-c.spec

@@ -1,14 +1,15 @@
 Name:		xmlrpc-c
-Version:	1.51.08
-Release:        1	
+Version:	1.59.02
+Release:        2
 Summary:	Library implementing XML-based Remote Procedure Calls
 License:	BSD and MIT
 URL:		http://xmlrpc-c.sourceforge.net/
-Source0:        https://sourceforge.net/projects/xmlrpc-c/files/Xmlrpc-c%20Super%20Stable/%version/xmlrpc-%version.tgz	
+Source0:        https://sourceforge.net/projects/xmlrpc-c/files/Xmlrpc-c%20Super%20Stable/%version/%name-%version.tgz	
 
-Patch0001:      backport-0001-xmlrpc_server_abyss-use-va_args-properly.patch
 Patch0003:      backport-0001-add-meson-buildsystem-definitions.patch
 Patch0004:      backport-0002-chmod-x-xml-rpc-api2txt.patch
+Patch0005:      backport-CVE-2024-45490-lib-Reject-negative-len-for-XML_ParseBuffer.patch
+Patch0006:      backport-CVE-2024-45491-lib-Detect-integer-overflow-in-dtdCopy.patch
 
 BuildRequires:	git-core meson >= 0.36.0 gcc gcc-c++ ncurses-devel 
 BuildRequires:  libcurl-devel readline-devel pkgconfig(openssl)
@@ -43,7 +44,7 @@ Header files for xmlrpc-c.
 %package_help
 
 %prep
-%autosetup -n xmlrpc-%{version} -p1
+%autosetup -n %{name}-%{version} -p1
 
 %build
 %meson
@@ -75,13 +76,37 @@ Header files for xmlrpc-c.
 %{_mandir}/man1/*
 
 %changelog
+* Tue Sep 10 2024 zhouyihang <zhouyihang3@h-partners.com> - 1.59.02-2
+- Type:CVE
+- CVE:CVE-2024-45490 CVE-2024-45491
+- SUG:NA
+- DESC:fix CVE-2024-45490 CVE-2024-45491
+
+* Tue Jan 09 2024 zhouyihang <zhouyihang3@h-partners.com> - 1.59.02-1
+- Type:requirement
+- CVE:NA
+- SUG:NA
+- DESC: update xmlrpc-c to 1.59.02
+
+* Tue Nov 15 2022 zhouyihang <zhouyihang3@h-partners.com> - 1.54.06-1
+- Type:requirement
+- Id:NA
+- SUG:NA
+- DESC: update xmlrpc-c to 1.54.06
+
+* Mon Jun 20 2022 xinghe <xinghe2@h-partners.com> - 1.51.08-2
+- Type:requirement
+- Id:NA
+- SUG:NA
+- DESC: fix meson build
+
 * Wed Dec 22 2021 gaihuiying <gaihuiying1@huawei.com> - 1.51.08-1
 - Type:requirement
 - Id:NA
 - SUG:NA
 - DESC: update to 1.51.08
 
-* Tue Jul 23 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.51.06-1
+* Thu Jul 23 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.51.06-1
 - Type:NA
 - Id:NA
 - SUG:NA