From a500dfe07829dcd087071ff56a51b51f681d2491675443c84a4721bafbe0c8f1 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Tue, 12 Nov 2024 10:03:18 +0000
Subject: [PATCH] Accepting request 1222590 from
 home:mcepl:branches:X11:wxWidgets
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add CVE-2024-50602-no-crash-XML_ResumeParser.patch fixing a
  crash in the vendored libexpat’s XML_ResumeParser function
  (bsc#1232590, CVE-2024-50602).

OBS-URL: https://build.opensuse.org/request/show/1222590
OBS-URL: https://build.opensuse.org/package/show/X11:wxWidgets/python-wxPython?expand=0&rev=61
---
 ...2024-50602-no-crash-XML_ResumeParser.patch | 59 +++++++++++++++++++
 python-wxPython.changes                       |  7 +++
 python-wxPython.spec                          |  3 +
 wxwidgets-3.2.5.patch                         | 10 ++--
 4 files changed, 75 insertions(+), 4 deletions(-)
 create mode 100644 CVE-2024-50602-no-crash-XML_ResumeParser.patch

diff --git a/CVE-2024-50602-no-crash-XML_ResumeParser.patch b/CVE-2024-50602-no-crash-XML_ResumeParser.patch
new file mode 100644
index 0000000..f009d17
--- /dev/null
+++ b/CVE-2024-50602-no-crash-XML_ResumeParser.patch
@@ -0,0 +1,59 @@
+---
+ ext/wxWidgets/src/expat/expat/lib/expat.h    |    4 +++-
+ ext/wxWidgets/src/expat/expat/lib/xmlparse.c |   11 ++++++++++-
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+--- a/ext/wxWidgets/src/expat/expat/lib/expat.h
++++ b/ext/wxWidgets/src/expat/expat/lib/expat.h
+@@ -127,7 +127,9 @@ enum XML_Error {
+   /* Added in 2.3.0. */
+   XML_ERROR_NO_BUFFER,
+   /* Added in 2.4.0. */
+-  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
++  XML_ERROR_AMPLIFICATION_LIMIT_BREACH,
++  /* Added in 2.6.4. */
++  XML_ERROR_NOT_STARTED,
+ };
+ 
+ enum XML_Content_Type {
+--- a/ext/wxWidgets/src/expat/expat/lib/xmlparse.c
++++ b/ext/wxWidgets/src/expat/expat/lib/xmlparse.c
+@@ -2207,6 +2207,9 @@ XML_StopParser(XML_Parser parser, XML_Bo
+   if (parser == NULL)
+     return XML_STATUS_ERROR;
+   switch (parser->m_parsingStatus.parsing) {
++  case XML_INITIALIZED:
++    parser->m_errorCode = XML_ERROR_NOT_STARTED;
++    return XML_STATUS_ERROR;
+   case XML_SUSPENDED:
+     if (resumable) {
+       parser->m_errorCode = XML_ERROR_SUSPENDED;
+@@ -2217,7 +2220,7 @@ XML_StopParser(XML_Parser parser, XML_Bo
+   case XML_FINISHED:
+     parser->m_errorCode = XML_ERROR_FINISHED;
+     return XML_STATUS_ERROR;
+-  default:
++  case XML_PARSING:
+     if (resumable) {
+ #ifdef XML_DTD
+       if (parser->m_isParamEntity) {
+@@ -2228,6 +2231,9 @@ XML_StopParser(XML_Parser parser, XML_Bo
+       parser->m_parsingStatus.parsing = XML_SUSPENDED;
+     } else
+       parser->m_parsingStatus.parsing = XML_FINISHED;
++    break;
++  default:
++    assert(0);
+   }
+   return XML_STATUS_OK;
+ }
+@@ -2493,6 +2499,9 @@ XML_ErrorString(enum XML_Error code) {
+     return XML_L(
+         "limit on input amplification factor (from DTD and entities) breached");
+   }
++  /* Added in 2.6.4. */
++  case XML_ERROR_NOT_STARTED:
++    return XML_L("parser not started");
+   return NULL;
+ }
+ 
diff --git a/python-wxPython.changes b/python-wxPython.changes
index 78305a2..4d036f8 100644
--- a/python-wxPython.changes
+++ b/python-wxPython.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Nov  7 17:09:23 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Add CVE-2024-50602-no-crash-XML_ResumeParser.patch fixing a
+  crash in the vendored libexpat’s XML_ResumeParser function
+  (bsc#1232590, CVE-2024-50602).
+
 -------------------------------------------------------------------
 Fri Oct  4 11:02:43 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/python-wxPython.spec b/python-wxPython.spec
index 026141b..e145786 100644
--- a/python-wxPython.spec
+++ b/python-wxPython.spec
@@ -99,6 +99,9 @@ Source2:        repack
 Patch12:        use_stl_build.patch
 # PATCH-FIX-OPENSUSE
 Patch14:        0004-Fix-time_t-ETG-typedef-extend-DateTime.FromTimeT-tes.patch
+# PATCH-FIX-UPSTREAM CVE-2024-50602-no-crash-XML_ResumeParser.patch bsc#1232590 mcepl@suse.com
+# prevent crashing of vendored libexpat in XML_ResumeParser
+Patch15:        CVE-2024-50602-no-crash-XML_ResumeParser.patch
 # PATCH-FIX-OPENSUSE - Test fixes/additions:
 Patch112:       0001-Check-HSV-values-in-image-test.patch
 Patch114:       wxwidgets-3.2.5.patch
diff --git a/wxwidgets-3.2.5.patch b/wxwidgets-3.2.5.patch
index a004ebb..b748dc2 100644
--- a/wxwidgets-3.2.5.patch
+++ b/wxwidgets-3.2.5.patch
@@ -4,11 +4,13 @@ Generated by:
 git diff 5622abb73deaa26dc2f6dc4cd8b4b2050396b49a..78938da1218483024b3a7acf55b5fb5513882916 etg/
 
 
-diff --git etg/window.py etg/window.py
-index c388df76..0c035f14 100644
+---
+ etg/window.py |   17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
 --- a/etg/window.py
-+++ a/etg/window.py
-@@ -251,6 +251,23 @@ def run():
++++ b/etg/window.py
+@@ -268,6 +268,23 @@ def run():
              return NULL;
          #endif
          """)