From cfe9e78c0b40c582c115bbea2b245ccdb84e5e07 Mon Sep 17 00:00:00 2001 From: Michel Thebeau Date: Mon, 16 Nov 2020 16:31:00 -0500 Subject: [PATCH] expat: CVE-2018-20843: XML input leads to high RAM Crafted XML input leads to high RAM and CPU. Fix is provided by Centos RPMs: expat-2.1.0-12.el7.x86_64.rpm expat-devel-2.1.0-12.el7.x86_64.rpm Test: Build. Deploy AIO-SX. Run reproducer. Closes-Bug: 1902997 Change-Id: Ia56722d7c0c71e22139f2b1b8c4d5174b04414fc Signed-off-by: Michel Thebeau --- centos-mirror-tools/config/centos/compiler/rpms_3rdparties.lst | 2 ++ centos-mirror-tools/config/centos/compiler/rpms_centos.lst | 2 -- centos-mirror-tools/config/centos/distro/rpms_3rdparties.lst | 2 ++ centos-mirror-tools/config/centos/distro/rpms_centos.lst | 2 -- centos-mirror-tools/config/centos/flock/rpms_3rdparties.lst | 1 + centos-mirror-tools/config/centos/flock/rpms_centos.lst | 1 - centos-mirror-tools/config/centos/mock/rpms_3rdparties.lst | 1 + centos-mirror-tools/config/centos/mock/rpms_centos.lst | 1 - 8 files changed, 6 insertions(+), 6 deletions(-) diff --git a/centos-mirror-tools/config/centos/compiler/rpms_3rdparties.lst b/centos-mirror-tools/config/centos/compiler/rpms_3rdparties.lst index f819ad56..3faf8e70 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_3rdparties.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_3rdparties.lst @@ -1,3 +1,5 @@ +# expat-2.1.0-12.el7.x86_64.rpm provided by mock +expat-devel-2.1.0-12.el7.x86_64.rpm#http://mirror.centos.org/centos/7/os/x86_64/Packages/expat-devel-2.1.0-12.el7.x86_64.rpm # glib2-2.56.1-7.el7.x86_64.rpm provided by mock kernel-headers-4.18.0-147.3.1.el8_1.x86_64.rpm#http://mirror.centos.org/centos/8.1.1911/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-147.3.1.el8_1.x86_64.rpm libpng-1.5.13-8.el7.x86_64.rpm#http://mirror.centos.org/centos/7/os/x86_64/Packages/libpng-1.5.13-8.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst index c94f924e..c57ae24d 100644 --- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst @@ -40,8 +40,6 @@ device-mapper-multipath-libs-0.4.9-119.el7.x86_64.rpm device-mapper-persistent-data-0.7.3-3.el7.x86_64.rpm # diffutils-3.3-4.el7.x86_64.rpm provided by mock # dracut-033-554.el7.x86_64.rpm provided by mock -# expat-2.1.0-11.el7.x86_64.rpm provided by mock -expat-devel-2.1.0-11.el7.x86_64.rpm file-devel-5.11-35.el7.x86_64.rpm # filesystem-3.2-25.el7.x86_64.rpm provided by mock # findutils-4.5.11-6.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/distro/rpms_3rdparties.lst b/centos-mirror-tools/config/centos/distro/rpms_3rdparties.lst index 5ef492bd..fba16ff5 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_3rdparties.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_3rdparties.lst @@ -1,3 +1,5 @@ +# expat-2.1.0-12.el7.x86_64.rpm provided by mock +expat-devel-2.1.0-12.el7.x86_64.rpm#http://mirror.centos.org/centos/7/os/x86_64/Packages/expat-devel-2.1.0-12.el7.x86_64.rpm # glib2-2.56.1-7.el7.x86_64.rpm provided by mock glib2-devel-2.56.1-7.el7.x86_64.rpm#http://mirror.centos.org/centos/7/os/x86_64/Packages/glib2-devel-2.56.1-7.el7.x86_64.rpm glib2-doc-2.56.1-7.el7.noarch.rpm#http://mirror.centos.org/centos/7/os/x86_64/Packages/glib2-doc-2.56.1-7.el7.noarch.rpm diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst index c9947980..ce1cc203 100644 --- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst @@ -186,8 +186,6 @@ erlang-stdlib-18.3.4.4-2.el7.x86_64.rpm erlang-syntax_tools-18.3.4.4-2.el7.x86_64.rpm erlang-tools-18.3.4.4-2.el7.x86_64.rpm erlang-xmerl-18.3.4.4-2.el7.x86_64.rpm -# expat-2.1.0-11.el7.x86_64.rpm provided by mock -expat-devel-2.1.0-11.el7.x86_64.rpm expect-5.45-14.el7_1.x86_64.rpm # file-5.11-35.el7.x86_64.rpm provided by mock # file-libs-5.11-35.el7.x86_64.rpm provided by mock diff --git a/centos-mirror-tools/config/centos/flock/rpms_3rdparties.lst b/centos-mirror-tools/config/centos/flock/rpms_3rdparties.lst index e9d4c895..48a1375f 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_3rdparties.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_3rdparties.lst @@ -1,4 +1,5 @@ ansible-2.7.5-1.el7.ans.noarch.rpm#https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.7.5-1.el7.ans.noarch.rpm +# expat-2.1.0-12.el7.x86_64.rpm provided by mock # glib2-2.56.1-7.el7.x86_64.rpm provided by mock glib2-devel-2.56.1-7.el7.x86_64.rpm#http://mirror.centos.org/centos/7/os/x86_64/Packages/glib2-devel-2.56.1-7.el7.x86_64.rpm influxdb-0.9.5.1-1.x86_64.rpm#https://s3.amazonaws.com/influxdb/influxdb-0.9.5.1-1.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 9d45cc5f..82ce0321 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -173,7 +173,6 @@ erlang-xmerl-18.3.4.4-2.el7.x86_64.rpm ethtool-4.8-9.el7.x86_64.rpm eventlog-0.2.13-4.el7.x86_64.rpm eventlog-devel-0.2.13-4.el7.x86_64.rpm -# expat-2.1.0-11.el7.x86_64.rpm provided by mock expect-5.45-14.el7_1.x86_64.rpm fcgi-2.4.0-25.el7.x86_64.rpm fcgi-devel-2.4.0-25.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_3rdparties.lst b/centos-mirror-tools/config/centos/mock/rpms_3rdparties.lst index 5eced613..fb130b31 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_3rdparties.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_3rdparties.lst @@ -1 +1,2 @@ +expat-2.1.0-12.el7.x86_64.rpm#http://mirror.centos.org/centos/7/os/x86_64/Packages/expat-2.1.0-12.el7.x86_64.rpm glib2-2.56.1-7.el7.x86_64.rpm#http://mirror.centos.org/centos/7/os/x86_64/Packages/glib2-2.56.1-7.el7.x86_64.rpm diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst index 9a02a897..498fb221 100644 --- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst @@ -25,7 +25,6 @@ dracut-033-554.el7.x86_64.rpm dwz-0.11-3.el7.x86_64.rpm epel-release-7-11.noarch.rpm epel-rpm-macros-7-21.noarch.rpm -expat-2.1.0-11.el7.x86_64.rpm file-5.11-35.el7.x86_64.rpm file-libs-5.11-35.el7.x86_64.rpm filesystem-3.2-25.el7.x86_64.rpm