forked from pool/expat
Compare commits
1 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
|
c70f70b8b5 |
3545
CVE-2025-59375.patch
Normal file
3545
CVE-2025-59375.patch
Normal file
File diff suppressed because it is too large
Load Diff
BIN
expat-2.7.1.tar.xz
LFS
Normal file
BIN
expat-2.7.1.tar.xz
LFS
Normal file
Binary file not shown.
16
expat-2.7.1.tar.xz.asc
Normal file
16
expat-2.7.1.tar.xz.asc
Normal file
@@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmflq4EACgkQliYqz/vT
|
||||
rsbgBw/7BnBRKM4F7dvK5aAxJHyGC4uz2r/2ETQiC2kOu5DTJVa3whaITIrzG/3w
|
||||
9ikYp5st/Xgm7pDTT1Hr1po/4JDr2eDJnUfml9EHPkkqCK3NUd6NzpRArEnHnoRx
|
||||
1SLTB0TKpGAdHF87WlhThujq1NGWQTXtX6IPpXHm3K/K7saFy1aGE7WR0YGV2ytt
|
||||
VxR/ucey2Gh2PqvfiIipAs81Qcyt3UM5U1TpViDQ3ezRF0CpgCDhQ8MkZxgu7c/k
|
||||
LyE4c5Gla8MiJqcraX3Ymz6dCH6SRiX2NY5Vpy8f9yIqDq5eyhkHi5SPRx2jG5Ua
|
||||
LVZmN0orxXgOFWyFZPoz4guO7hWLNjesq3cCySOOMBxydIXFVVPgwX0rtgaUXX77
|
||||
Z3b05oCECGhvFO4BdXTTnKtaNoSnb7yjwqsBK8aupZfHnHSuUVV53wAOIwkBWpJk
|
||||
CfOgkvdF59pOS+yQmV/VRjVZnIF9Rt/8mrStyKPHqAYJuTAKugicfpbVOfXQXSmk
|
||||
ASAuVgzddFWMaircpMsZFBDTBk7a5jum39D67sVS74pDk2imvixYqtWo+8AI7NQ5
|
||||
TqWXyULVD9K3OCh47w1zhwRfTskYAvX5lV0TTYo7kXtPMCyfPa8seBOpHtoSM8bB
|
||||
+zZkWd/LNWcRRdcmenPnwv2GiLO5jCgAIuJrboyJPw8E93q94jA=
|
||||
=Ug7G
|
||||
-----END PGP SIGNATURE-----
|
||||
@@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:71df8f40706a7bb0a80a5367079ea75d91da4f8c65c58ec59bcdfbf7decdab9f
|
||||
size 504744
|
||||
@@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmjURhUACgkQliYqz/vT
|
||||
rsaA6BAAjrS0g0AV8Bx6ecnl3aVBdGX79qXeIbmpwL9TJfJitBjQEWzcGQnvOwLZ
|
||||
b9HPLhpU2wVglX/syZF5xQ3ohMPbJ7dXtOXnNkxZP9+vhUBTt0zmohIvnJ9oRsHC
|
||||
rAHioyPypWGOKVH1MwxzkAWtomBkea888Um+NnE9wJvFJ6rXBUhcJS0vEDz3OwJI
|
||||
oHpD01Ovyg8ebdQBW95k3DOMuvXEpGhDY/TZ3hnDacHQ98g5+YKExb0f8QVxyQmU
|
||||
TkHz1tgfx8wzWmeur3+T8pz8NSUlM++EpYV0o1WGuJstSU7zHBqopTGOtdHC9gmt
|
||||
z7OxDX1KssFowMY/OJ+6+jF9wTlkmRZv8jfbLJY5cKHolgbfEG6LvELDtBGRRBWl
|
||||
OKd1W4gkxzCftroTPenhHT9nmas9ihsPa7+XIrkLrUJHw+x24i6zyUQRAzbzK9GN
|
||||
ziaZ8ZPUNHG1S99LPS6IdxFf061YOYAv0NoXk+bnhAj89pwAoi75la0S1NFpib1y
|
||||
4/6hKFJ4sA9ffqWECSMXRX1VN1M3AF1oiU+4kAgxwMaAiU1ro4AvMqauDzCr44/2
|
||||
FQ5tGTUyL3erWQtxfY5G3Sf5ti9S/NLrqf/Qiprrv7kAOKQPPaRYAdAZ+yqioAnL
|
||||
enbz2+h2HY1OhEAIBOpmrufstRdLvCWRsdTdxaVqmNFeDJVc1Xg=
|
||||
=jaIk
|
||||
-----END PGP SIGNATURE-----
|
||||
@@ -1,29 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Sep 27 09:21:33 UTC 2025 - Christoph G <foss@grueninger.de>
|
||||
Mon Sep 29 13:38:51 UTC 2025 - Martin Schreiner <martin.schreiner@suse.com>
|
||||
|
||||
- version update to 2.7.3
|
||||
* Fix alignment of internal allocations for some non-amd64
|
||||
architectures (e.g. sparc32); fixes up on the fix to
|
||||
CVE-2025-59375 (of Expat 2.7.2)
|
||||
* Fix a class of false positives where input should have been
|
||||
rejected with error XML_ERROR_ASYNC_ENTITY; regression from
|
||||
CVE-2024-8176 (of Expat 2.7.0)
|
||||
* Prove and regression-proof absence of integer overflow
|
||||
from function expat_realloc
|
||||
* Remove "harmless" cast that truncated a size_t to unsigned
|
||||
* xmlwf: Resolve use of functions XML_GetErrorLineNumber
|
||||
and XML_GetErrorColumnNumber
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 22 14:54:27 UTC 2025 - pgajdos@suse.com
|
||||
|
||||
- version update to 2.7.2 [bsc#1249584]
|
||||
* CVE-2025-59375 -- Disallow use of disproportional amounts of
|
||||
dynamic memory from within an Expat parser
|
||||
* xmlwf: Fix (internal) help generator
|
||||
* xmlwf: Mention supported environment variables in
|
||||
--help output
|
||||
* see Changes for details
|
||||
- Fix CVE-2025-59375 / bsc#1249584.
|
||||
- Add patch file:
|
||||
* CVE-2025-59375.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 28 10:22:44 UTC 2025 - pgajdos@suse.com
|
||||
@@ -213,7 +193,7 @@ Mon Feb 12 20:44:14 UTC 2024 - David Anes <david.anes@suse.com>
|
||||
|
||||
- Update to 2.6.0:
|
||||
* Security fixes:
|
||||
- CVE-2023-52425 (boo#1219559, bsc#1221563)
|
||||
- CVE-2023-52425 (boo#1219559)
|
||||
-- Fix quadratic runtime issues with big tokens
|
||||
that can cause denial of service, in partial where
|
||||
dealing with compressed XML input. Applications
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package expat
|
||||
#
|
||||
# Copyright (c) 2025 SUSE LLC and contributors
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
@@ -17,10 +17,10 @@
|
||||
#
|
||||
|
||||
|
||||
%global unversion 2_7_3
|
||||
%global unversion 2_7_1
|
||||
%define sover 1
|
||||
Name: expat
|
||||
Version: 2.7.3
|
||||
Version: 2.7.1
|
||||
Release: 0
|
||||
Summary: XML Parser Toolkit
|
||||
License: MIT
|
||||
@@ -33,6 +33,7 @@ Source3: %{name}faq.html
|
||||
# https://www.gentoo.org/inside-gentoo/developers/index.html#sping
|
||||
# https://github.com/libexpat/libexpat/issues/537#issuecomment-1003796884
|
||||
Source4: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3176ef7db2367f1fca4f306b1f9b0e909af37285#/expat.keyring
|
||||
Patch0: CVE-2025-59375.patch
|
||||
BuildRequires: c++_compiler
|
||||
BuildRequires: pkgconfig
|
||||
|
||||
|
||||
Reference in New Issue
Block a user