1 files changed, 0 insertions, 75 deletions
diff --git a/source/l/expat/5c168279c5ad4668e5e48fe13374fe7a7de4b573.patch b/source/l/expat/5c168279c5ad4668e5e48fe13374fe7a7de4b573.patch
deleted file mode 100644
index da0875ab7..000000000
--- a/source/l/expat/5c168279c5ad4668e5e48fe13374fe7a7de4b573.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From ede41d1e186ed2aba88a06e84cac839b770af3a1 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Wed, 26 Jan 2022 02:36:43 +0100
-Subject: [PATCH 1/2] lib: Prevent integer overflow in doProlog
- (CVE-2022-23990)
-
-The change from "int nameLen" to "size_t nameLen"
-addresses the overflow on "nameLen++" in code
-"for (; name[nameLen++];)" right above the second
-change in the patch.
----
- expat/lib/xmlparse.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
-index 5ce31402..d1d17005 100644
---- a/expat/lib/xmlparse.c
-+++ b/expat/lib/xmlparse.c
-@@ -5372,7 +5372,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
-       if (dtd->in_eldecl) {
-         ELEMENT_TYPE *el;
-         const XML_Char *name;
--        int nameLen;
-+        size_t nameLen;
-         const char *nxt
-             = (quant == XML_CQUANT_NONE ? next : next - enc->minBytesPerChar);
-         int myindex = nextScaffoldPart(parser);
-@@ -5388,7 +5388,13 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
-         nameLen = 0;
-         for (; name[nameLen++];)
-           ;
--        dtd->contentStringLen += nameLen;
-+
-+        /* Detect and prevent integer overflow */
-+        if (nameLen > UINT_MAX - dtd->contentStringLen) {
-+          return XML_ERROR_NO_MEMORY;
-+        }
-+
-+        dtd->contentStringLen += (unsigned)nameLen;
-         if (parser->m_elementDeclHandler)
-           handleDefault = XML_FALSE;
-       }
-
-From 6e3449594fb2f61c92fc561f51f82196fdd15d63 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Wed, 26 Jan 2022 02:51:39 +0100
-Subject: [PATCH 2/2] Changes: Document CVE-2022-23990
-
----
- expat/Changes | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/expat/Changes b/expat/Changes
-index 5ff5da5e..ec1f7604 100644
---- a/expat/Changes
-+++ b/expat/Changes
-@@ -10,12 +10,18 @@ Release x.x.x xxx xxxxxxx xx xxxx
-                     for when XML_CONTEXT_BYTES is defined to >0 (which is both
-                     common and default).
-                     Impact is denial of service or more.
-+            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
-+                    doProlog triggered by large content in element type
-+                    declarations when there is an element declaration handler
-+                    present (from a prior call to XML_SetElementDeclHandler).
-+                    Impact is denial of service or more.
- 
-         Bug fixes:
-        #544 #545  xmlwf: Fix a memory leak on output file opening error
- 
-         Special thanks to:
-             hwt0415
-+            Roland Illig
-             Samanta Navarro
-                  and
-             Clang LeakSan and the Clang team