From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
From: Vitezslav Crhonek <vcrhonek@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/xmlstarlet] f44: Fix XXE (XML External Entity) vulnerability
Date: Tue, 02 Jun 2026 16:08:25 GMT
Message-ID: <178041650583.1.12739118937503082748.rpms-xmlstarlet-28345a471730@fedoraproject.org>
List-ID: <git-commits.fedoraproject.org>
X-Git-Repo: rpms/xmlstarlet
X-Git-Branch: f44
X-Git-Rev: 28345a47173054f5de79b15b6cc5ec23a9bf30b9

ICAgICAgICAgICAgQSBuZXcgY29tbWl0IGhhcyBiZWVuIHB1c2hlZC4KCiAgICAgICAgICAgIFJl
cG8gICA6IHJwbXMveG1sc3RhcmxldAogICAgICAgICAgICBCcmFuY2ggOiBmNDQKICAgICAgICAg
ICAgQ29tbWl0IDogMjgzNDVhNDcxNzMwNTRmNWRlNzliMTViNmNjNWVjMjNhOWJmMzBiOQogICAg
ICAgICAgICBBdXRob3IgOiBWaXRlenNsYXYgQ3Job25layA8dmNyaG9uZWtAcmVkaGF0LmNvbT4K
ICAgICAgICAgICAgRGF0ZSAgIDogMjAyNi0wNS0yN1QwODo1NTo0NCswMjowMAogICAgICAgICAg
ICBTdGF0cyAgOiArNjgvLTEgaW4gMiBmaWxlKHMpCiAgICAgICAgICAgIFVSTCAgICA6IGh0dHBz
Oi8vc3JjLmZlZG9yYXByb2plY3Qub3JnL3JwbXMveG1sc3RhcmxldC9jLzI4MzQ1YTQ3MTczMDU0
ZjVkZTc5YjE1YjZjYzVlYzIzYTliZjMwYjk/YnJhbmNoPWY0NAoKICAgICAgICAgICAgTG9nOgog
ICAgICAgICAgICBGaXggWFhFIChYTUwgRXh0ZXJuYWwgRW50aXR5KSB2dWxuZXJhYmlsaXR5CgpN
YXJrIHJlbGV2YW50IHRlc3QgYXMgZXhwZWN0ZWQgdG8gZmFpbC4gTWFyayBhbHNvCmJpZ3htbCB0
ZXN0cyBhcyBleHBlY3RlZCB0byBmYWlsLCBwcm9iYWJseSBkdWUgbGlieG1sMgpjaGFuZ2VzIGlu
IFJhd2hpZGUuCgotLS0KZGlmZiAtLWdpdCBhL3htbHN0YXJsZXQtMS42LjEtZml4LXh4ZS5wYXRj
aCBiL3htbHN0YXJsZXQtMS42LjEtZml4LXh4ZS5wYXRjaApuZXcgZmlsZSBtb2RlIDEwMDY0NApp
bmRleCAwMDAwMDAwLi4yNzA3NDdjCi0tLSAvZGV2L251bGwKKysrIGIveG1sc3RhcmxldC0xLjYu
MS1maXgteHhlLnBhdGNoCkBAIC0wLDAgKzEsNjIgQEAKK2RpZmYgLU5hdXIgeG1sc3RhcmxldC0x
LjYuMS5vcmlnL2V4YW1wbGVzL3Rlc3RzLm1rIHhtbHN0YXJsZXQtMS42LjEvZXhhbXBsZXMvdGVz
dHMubWsKKy0tLSB4bWxzdGFybGV0LTEuNi4xLm9yaWcvZXhhbXBsZXMvdGVzdHMubWsJMjAxMy0w
Ni0yMiAxNzozNjo1Ni4wMDAwMDAwMDAgKzAyMDAKKysrKyB4bWxzdGFybGV0LTEuNi4xL2V4YW1w
bGVzL3Rlc3RzLm1rCTIwMjYtMDUtMjYgMTM6MzE6MTMuODg2ODk0MjQ0ICswMjAwCitAQCAtOTgs
NyArOTgsMTMgQEAKKyAKKyBYRkFJTF9URVNUUyA9XAorIGV4YW1wbGVzL2JpZ3htbC1kdGRcCist
ZXhhbXBsZXMvZWQtbmFtZXNwYWNlCisrZXhhbXBsZXMvZWQtbmFtZXNwYWNlXAorK2V4YW1wbGVz
L2V4dGVybmFsLWVudGl0eVwKKytleGFtcGxlcy9iaWd4bWwtZW1iZWQtcmVmXAorK2V4YW1wbGVz
L2JpZ3htbC1lbWJlZFwKKytleGFtcGxlcy9iaWd4bWwtcmVsYXhuZ1wKKytleGFtcGxlcy9iaWd4
bWwtd2VsbC1mb3JtZWRcCisrZXhhbXBsZXMvYmlneG1sLXhzZAorIAorIGlmICFIQVZFX0VYU0xU
X1hQQVRIX1JFR0lTVEVSCisgWEZBSUxfVEVTVFMgKz0gZXhhbXBsZXMvZXhzbHQtZWQKK2RpZmYg
LU5hdXIgeG1sc3RhcmxldC0xLjYuMS5vcmlnL3NyYy90cmFucy5jIHhtbHN0YXJsZXQtMS42LjEv
c3JjL3RyYW5zLmMKKy0tLSB4bWxzdGFybGV0LTEuNi4xLm9yaWcvc3JjL3RyYW5zLmMJMjAxMi0w
OC0xMiAxNzoxODo1OS4wMDAwMDAwMDAgKzAyMDAKKysrKyB4bWxzdGFybGV0LTEuNi4xL3NyYy90
cmFucy5jCTIwMjYtMDUtMjYgMTM6MzE6MjAuMjQwMDY0OTY3ICswMjAwCitAQCAtMTc0LDcgKzE3
NCwxMCBAQAorICAgICBpbnQgaSwgb3B0aW9ucyA9IDA7CisgCisgICAgIG9wdGlvbnMgPSBYU0xU
X1BBUlNFX09QVElPTlM7CistICAgICAKKysgICAgLyogRGlzYWJsZSBlbnRpdHkgZXhwYW5zaW9u
IHRvIHByZXZlbnQgWFhFIGF0dGFja3MgKi8KKysgICAgb3B0aW9ucyAmPSB+WE1MX1BBUlNFX05P
RU5UOworKyAgICBvcHRpb25zIHw9IFhNTF9QQVJTRV9OT05FVDsKKysKKyAgICAgLyoKKyAgICAg
ICogQ29tcGlsZSBYU0xUIFN5bGVzaGVldAorICAgICAgKi8KK2RpZmYgLU5hdXIgeG1sc3Rhcmxl
dC0xLjYuMS5vcmlnL3NyYy94bWxfQzE0Ti5jIHhtbHN0YXJsZXQtMS42LjEvc3JjL3htbF9DMTRO
LmMKKy0tLSB4bWxzdGFybGV0LTEuNi4xLm9yaWcvc3JjL3htbF9DMTROLmMJMjAxMi0wOC0xMiAx
NzoxODo1OS4wMDAwMDAwMDAgKzAyMDAKKysrKyB4bWxzdGFybGV0LTEuNi4xL3NyYy94bWxfQzE0
Ti5jCTIwMjYtMDUtMjYgMTM6MzE6MjAuMjQwMTczMjU2ICswMjAwCitAQCAtNjIsOCArNjIsOCBA
QAorICAgICAgKi8KKyAKKyAgICAgZG9jID0geG1sUmVhZEZpbGUoeG1sX2ZpbGVuYW1lLCBOVUxM
LAorLSAgICAgICAgWE1MX1BBUlNFX05PRU5UIHwgWE1MX1BBUlNFX0RURExPQUQgfAorLSAgICAg
ICAgWE1MX1BBUlNFX0RUREFUVFIgfCAobm9uZXQ/IFhNTF9QQVJTRV9OT05FVDowKSk7CisrICAg
ICAgICBYTUxfUEFSU0VfRFRETE9BRCB8CisrICAgICAgICBYTUxfUEFSU0VfRFREQVRUUiB8IFhN
TF9QQVJTRV9OT05FVCk7CisgICAgIGlmIChkb2MgPT0gTlVMTCkgeworICAgICAgICAgZnByaW50
ZihzdGRlcnIsICJFcnJvcjogdW5hYmxlIHRvIHBhcnNlIGZpbGUgXCIlc1wiXG4iLCB4bWxfZmls
ZW5hbWUpOworICAgICAgICAgcmV0dXJuKEVYSVRfQkFEX0ZJTEUpOworZGlmZiAtTmF1ciB4bWxz
dGFybGV0LTEuNi4xLm9yaWcvc3JjL3htbF9zZWxlY3QuYyB4bWxzdGFybGV0LTEuNi4xL3NyYy94
bWxfc2VsZWN0LmMKKy0tLSB4bWxzdGFybGV0LTEuNi4xLm9yaWcvc3JjL3htbF9zZWxlY3QuYwky
MDE0LTAzLTAzIDAxOjE1OjA4LjAwMDAwMDAwMCArMDEwMAorKysrIHhtbHN0YXJsZXQtMS42LjEv
c3JjL3htbF9zZWxlY3QuYwkyMDI2LTA1LTI2IDEzOjMxOjIwLjI0MDI3NjU4MCArMDIwMAorQEAg
LTcwOCw5ICs3MDgsOSBAQAorICAgICBzZWxJbml0T3B0aW9ucygmb3BzKTsKKyAgICAgeHNsdElu
aXRPcHRpb25zKCZ4c2x0T3BzKTsKKyAgICAgc3RhcnQgPSBzZWxQYXJzZU9wdGlvbnMoJm9wcywg
YXJnYywgYXJndik7CistICAgIHhtbF9vcHRpb25zIHw9IFhNTF9QQVJTRV9OT0VOVDsgLyogc3Vi
c3RpdHV0ZSBlbnRpdGllcyAqLworKyAgICAvKiBYTUxfUEFSU0VfTk9FTlQgcmVtb3ZlZCB0byBw
cmV2ZW50IFhYRSBhdHRhY2tzICovCisgICAgIHhtbF9vcHRpb25zIHw9IFhNTF9QQVJTRV9EVERB
VFRSOyAvKiB1c2UgZGVmYXVsdCBhdHRyaWIgdmFsdWVzICovCistICAgIHhtbF9vcHRpb25zIHw9
IG9wcy5ub25ldD8gWE1MX1BBUlNFX05PTkVUIDogMDsKKysgICAgeG1sX29wdGlvbnMgfD0gWE1M
X1BBUlNFX05PTkVUOworICAgICB4c2x0T3BzLm5vbmV0ID0gb3BzLm5vbmV0OworICAgICB4c2x0
T3BzLm5vYmxhbmtzID0gb3BzLm5vYmxhbmtzOworICAgICB4c2x0SW5pdExpYlhtbCgmeHNsdE9w
cyk7CgpkaWZmIC0tZ2l0IGEveG1sc3RhcmxldC5zcGVjIGIveG1sc3RhcmxldC5zcGVjCmluZGV4
IDNlYjQ0MzMuLmYyMzc4M2IgMTAwNjQ0Ci0tLSBhL3htbHN0YXJsZXQuc3BlYworKysgYi94bWxz
dGFybGV0LnNwZWMKQEAgLTIsNyArMiw3IEBACiAKIE5hbWU6IHhtbHN0YXJsZXQKIFZlcnNpb246
IDEuNi4xCi1SZWxlYXNlOiAyOSV7P2Rpc3R9CitSZWxlYXNlOiAzMCV7P2Rpc3R9CiBTdW1tYXJ5
OiBDb21tYW5kIExpbmUgWE1MIFRvb2xraXQKIExpY2Vuc2U6IE1JVAogVVJMOiBodHRwOi8veG1s
c3Rhci5zb3VyY2Vmb3JnZS5uZXQvCkBAIC0xMCw2ICsxMCw4IEBAIFNvdXJjZTA6IGh0dHA6Ly9k
b3dubG9hZHMuc291cmNlZm9yZ2UubmV0L3htbHN0YXIvJXtuYW1lfS0le3ZlcnNpb259LnRhci5n
egogIyBodHRwczovL3NvdXJjZWZvcmdlLm5ldC9wL3htbHN0YXIvYnVncy8xMDkvCiBQYXRjaDA6
IHhtbHN0YXJsZXQtMS42LjEtbm9naXQucGF0Y2gKICMgaHR0cDovL3NvdXJjZWZvcmdlLm5ldC90
cmFja2VyLz9mdW5jPWRldGFpbCZhaWQ9MzI2Njg5OCZncm91cF9pZD02NjYxMiZhdGlkPTUxNTEw
NgorIyBGaXggZm9yIFhYRSAoWE1MIEV4dGVybmFsIEVudGl0eSkgdnVsbmVyYWJpbGl0eQorUGF0
Y2gxOiB4bWxzdGFybGV0LTEuNi4xLWZpeC14eGUucGF0Y2gKIAogQnVpbGRSZXF1aXJlczogbWFr
ZQogQnVpbGRSZXF1aXJlczogZ2NjCkBAIC01Myw2ICs1NSw5IEBAIG1ha2UgY2hlY2sKIAogCiAl
Y2hhbmdlbG9nCisqIFdlZCBNYXkgMjcgMjAyNiBWaXRlenNsYXYgQ3Job25layA8dmNyaG9uZWtA
cmVkaGF0LmNvbT4gLSAxLjYuMS0zMAorLSBGaXggWFhFIChYTUwgRXh0ZXJuYWwgRW50aXR5KSB2
dWxuZXJhYmlsaXR5CisKICogU2F0IEphbiAxNyAyMDI2IEZlZG9yYSBSZWxlYXNlIEVuZ2luZWVy
aW5nIDxyZWxlbmdAZmVkb3JhcHJvamVjdC5vcmc+IC0gMS42LjEtMjkKIC0gUmVidWlsdCBmb3Ig
aHR0cHM6Ly9mZWRvcmFwcm9qZWN0Lm9yZy93aWtpL0ZlZG9yYV80NF9NYXNzX1JlYnVpbGQKIAo=