From 31e396ab0f6a4aa8529fb391603bd0347660ea1b Mon Sep 17 00:00:00 2001
From: Taichi Haradaguchi <20001722@ymail.ne.jp>
Date: Mon, 31 Oct 2022 00:20:55 +0900
Subject: upgrade Expat to 2.5.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes CVE-2022-43680

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/142205
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 74eea44c685e108fab44c85ce81609091c7be1ec)

Change-Id: I5bf8d1ab0ac352833c76a7edfc1d8eb78dd03e10
---
 download.lst                      |  4 ++--
 external/expat/expat-winapi.patch | 13 +++++++------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/download.lst b/download.lst
index 42dcf2002246..b40e877ddd15 100644
--- a/download.lst
+++ b/download.lst
@@ -40,8 +40,8 @@ export EPUBGEN_TARBALL := libepubgen-0.1.1.tar.xz
 export ETONYEK_SHA256SUM := e61677e8799ce6e55b25afc11aa5339113f6a49cff031f336e32fa58635b1a4a
 export ETONYEK_VERSION_MICRO := 9
 export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz
-export EXPAT_SHA256SUM := 6e8c0728fe5c7cd3f93a6acce43046c5e4736c7b4b68e032e9350daa0efc0354
-export EXPAT_TARBALL := expat-2.4.9.tar.xz
+export EXPAT_SHA256SUM := ef2420f0232c087801abf705e89ae65f6257df6b7931d37846a193ef2e8cdcbe
+export EXPAT_TARBALL := expat-2.5.0.tar.xz
 export FIREBIRD_SHA256SUM := 6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860
 export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2
 export FONTCONFIG_SHA256SUM := cf0c30807d08f6a28ab46c61b8dbd55c97d2f292cf88f3a07d3384687f31f017
diff --git a/external/expat/expat-winapi.patch b/external/expat/expat-winapi.patch
index 7eae7d5d6139..fed65644a732 100644
--- a/external/expat/expat-winapi.patch
+++ b/external/expat/expat-winapi.patch
@@ -1,6 +1,6 @@
---- misc/expat-2.1.0/lib/expat_external.h	2009-11-16 08:53:17.375000000 +0000
-+++ misc/build/expat-2.1.0/lib/expat_external.h	2009-11-16 08:53:34.703125000 +0000
-@@ -81,10 +81,6 @@
+--- misc/expat-2.5.0/lib/expat_external.h	2022-10-25 01:32:54.000000000 +0900
++++ misc/build/expat-2.5.0/lib/expat_external.h	2022-10-30 23:09:47.339459134 +0900
+@@ -88,10 +88,6 @@
  #  ifndef XML_BUILDING_EXPAT
  /* using Expat from an application */
  
@@ -11,12 +11,13 @@
  #  endif
  #endif /* not defined XML_STATIC */
  
---- misc/expat-2.1.0/lib/xmlparse.c	2021-05-23 16:56:25.000000000 +0100
-+++ misc/build/expat-2.1.0/lib/xmlparse.c	2021-05-25 12:42:11.997173600 +0100
-@@ -64,6 +64,8 @@
+--- misc/expat-2.5.0/lib/xmlparse.c	2022-10-26 00:09:08.000000000 +0900
++++ misc/build/expat-2.5.0/lib/xmlparse.c	2022-10-30 23:09:01.843006341 +0900
+@@ -67,6 +67,9 @@
  #endif
  
  #ifdef _WIN32
++#  undef HAVE_ARC4RANDOM_BUF
 +#  undef HAVE_GETRANDOM
 +#  undef HAVE_SYSCALL_GETRANDOM
  /* force stdlib to define rand_s() */
-- 
cgit