Accepting request 1307863 from devel:libraries:c_c++

- version update to 2.7.3
  * Fix alignment of internal allocations for some non-amd64
    architectures (e.g. sparc32); fixes up on the fix to
    CVE-2025-59375 (of Expat 2.7.2)
  * Fix a class of false positives where input should have been
    rejected with error XML_ERROR_ASYNC_ENTITY; regression from
    CVE-2024-8176 (of Expat 2.7.0)
  * Prove and regression-proof absence of integer overflow
    from function expat_realloc
  * Remove "harmless" cast that truncated a size_t to unsigned
  * xmlwf: Resolve use of functions XML_GetErrorLineNumber
    and XML_GetErrorColumnNumber (forwarded request 1307469 from mathletic)

OBS-URL: https://build.opensuse.org/request/show/1307863
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=83

expat-2.7.1.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmflq4EACgkQliYqz/vT
-rsbgBw/7BnBRKM4F7dvK5aAxJHyGC4uz2r/2ETQiC2kOu5DTJVa3whaITIrzG/3w
-9ikYp5st/Xgm7pDTT1Hr1po/4JDr2eDJnUfml9EHPkkqCK3NUd6NzpRArEnHnoRx
-1SLTB0TKpGAdHF87WlhThujq1NGWQTXtX6IPpXHm3K/K7saFy1aGE7WR0YGV2ytt
-VxR/ucey2Gh2PqvfiIipAs81Qcyt3UM5U1TpViDQ3ezRF0CpgCDhQ8MkZxgu7c/k
-LyE4c5Gla8MiJqcraX3Ymz6dCH6SRiX2NY5Vpy8f9yIqDq5eyhkHi5SPRx2jG5Ua
-LVZmN0orxXgOFWyFZPoz4guO7hWLNjesq3cCySOOMBxydIXFVVPgwX0rtgaUXX77
-Z3b05oCECGhvFO4BdXTTnKtaNoSnb7yjwqsBK8aupZfHnHSuUVV53wAOIwkBWpJk
-CfOgkvdF59pOS+yQmV/VRjVZnIF9Rt/8mrStyKPHqAYJuTAKugicfpbVOfXQXSmk
-ASAuVgzddFWMaircpMsZFBDTBk7a5jum39D67sVS74pDk2imvixYqtWo+8AI7NQ5
-TqWXyULVD9K3OCh47w1zhwRfTskYAvX5lV0TTYo7kXtPMCyfPa8seBOpHtoSM8bB
-+zZkWd/LNWcRRdcmenPnwv2GiLO5jCgAIuJrboyJPw8E93q94jA=
-=Ug7G
------END PGP SIGNATURE-----

expat-2.7.3.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:71df8f40706a7bb0a80a5367079ea75d91da4f8c65c58ec59bcdfbf7decdab9f
+size 504744

expat-2.7.3.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmjURhUACgkQliYqz/vT
+rsaA6BAAjrS0g0AV8Bx6ecnl3aVBdGX79qXeIbmpwL9TJfJitBjQEWzcGQnvOwLZ
+b9HPLhpU2wVglX/syZF5xQ3ohMPbJ7dXtOXnNkxZP9+vhUBTt0zmohIvnJ9oRsHC
+rAHioyPypWGOKVH1MwxzkAWtomBkea888Um+NnE9wJvFJ6rXBUhcJS0vEDz3OwJI
+oHpD01Ovyg8ebdQBW95k3DOMuvXEpGhDY/TZ3hnDacHQ98g5+YKExb0f8QVxyQmU
+TkHz1tgfx8wzWmeur3+T8pz8NSUlM++EpYV0o1WGuJstSU7zHBqopTGOtdHC9gmt
+z7OxDX1KssFowMY/OJ+6+jF9wTlkmRZv8jfbLJY5cKHolgbfEG6LvELDtBGRRBWl
+OKd1W4gkxzCftroTPenhHT9nmas9ihsPa7+XIrkLrUJHw+x24i6zyUQRAzbzK9GN
+ziaZ8ZPUNHG1S99LPS6IdxFf061YOYAv0NoXk+bnhAj89pwAoi75la0S1NFpib1y
+4/6hKFJ4sA9ffqWECSMXRX1VN1M3AF1oiU+4kAgxwMaAiU1ro4AvMqauDzCr44/2
+FQ5tGTUyL3erWQtxfY5G3Sf5ti9S/NLrqf/Qiprrv7kAOKQPPaRYAdAZ+yqioAnL
+enbz2+h2HY1OhEAIBOpmrufstRdLvCWRsdTdxaVqmNFeDJVc1Xg=
+=jaIk
+-----END PGP SIGNATURE-----

expat.changes

@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Sat Sep 27 09:21:33 UTC 2025 - Christoph G <foss@grueninger.de>
+
+- version update to 2.7.3
+  * Fix alignment of internal allocations for some non-amd64
+    architectures (e.g. sparc32); fixes up on the fix to
+    CVE-2025-59375 (of Expat 2.7.2)
+  * Fix a class of false positives where input should have been
+    rejected with error XML_ERROR_ASYNC_ENTITY; regression from
+    CVE-2024-8176 (of Expat 2.7.0)
+  * Prove and regression-proof absence of integer overflow
+    from function expat_realloc
+  * Remove "harmless" cast that truncated a size_t to unsigned
+  * xmlwf: Resolve use of functions XML_GetErrorLineNumber
+    and XML_GetErrorColumnNumber
+
+-------------------------------------------------------------------
+Mon Sep 22 14:54:27 UTC 2025 - pgajdos@suse.com
+
+- version update to 2.7.2 [bsc#1249584]
+  * CVE-2025-59375 -- Disallow use of disproportional amounts of
+    dynamic memory from within an Expat parser
+  * xmlwf: Fix (internal) help generator
+  * xmlwf: Mention supported environment variables in
+    --help output
+  * see Changes for details
+
 -------------------------------------------------------------------
 Fri Mar 28 10:22:44 UTC 2025 - pgajdos@suse.com
 
@@ -186,7 +213,7 @@ Mon Feb 12 20:44:14 UTC 2024 - David Anes <david.anes@suse.com>
 
 - Update to 2.6.0: 
   * Security fixes:
-    - CVE-2023-52425 (boo#1219559)  
+    - CVE-2023-52425 (boo#1219559, bsc#1221563)  
       -- Fix quadratic runtime issues with big tokens
       that can cause denial of service, in partial where
       dealing with compressed XML input.  Applications

expat.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package expat
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 # Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
@@ -17,10 +17,10 @@
 #
 
 
-%global unversion 2_7_1
+%global unversion 2_7_3
 %define sover 1
 Name:           expat
-Version:        2.7.1
+Version:        2.7.3
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT