Accepting request 1265155 from devel:libraries:c_c++
- version update to 2.7.1
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
OBS-URL: https://build.opensuse.org/request/show/1265155
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=80
This commit is contained in:
Git OBS Bridge
BIN
expat-2.6.4.tar.xz
(Stored with Git LFS)
BIN
expat-2.6.4.tar.xz
(Stored with Git LFS)
Binary file not shown.
@@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmcsGa8ACgkQliYqz/vT
|
||||
rsYJMA/+NxOVa+kCFEzhMHD9RCumwFj7lfmJDPM6rroLi9GqnKc8165Ub7e+o3bq
|
||||
fdPCIFiZkYTGpliU3Q9zlMEBTZ1TtsaqVGgjabK9YKf8ZTK1MUR2z/B6gWLfjo8F
|
||||
knhj0KonqeRxtcKPSYs9xP+/sNlGkEQjZgrfo2Z9oX8Q7eNGn/fAxmbjhBhvILwG
|
||||
mKmwwc8PSi7RCNLgaoyikhcddohclApXU1Qid1g6FwnxQ5aKXSeoPgu1bGrDiz6k
|
||||
/RkO+KR1Yfkcty97CwVV5+4EHTB1aa/fk3gHgprHD9qx+NLeKyD4+44AxseCMiSS
|
||||
FXP8S5Z2qaopIS6tvuKXiyH1mTCJQugFsxk3GnQBlgkvj4rypr8MnUAALam13OMh
|
||||
ziRndeMR2ieJ1ASJYfkjLeXVi4pz/pnRECAUAxly5z8Zx5N+IX9bOgjpwhd6QtOt
|
||||
rVbq3wgLKmlEch8KcsL4RpGGkiK5gchsqXDM/g0cCu8vNC8+pDO3sNIQJDsmySYt
|
||||
X3ewzOv+Vj3LCoeospnyLjNBOh5upgm1s6iq6bsxr29FU1MfaP1awm7jtYmr7ch9
|
||||
wr24fPhXopp5emWnJP3O4GQj8Q1mcPFLmGy0wmVdnr8tzKzyHx9Q2WNhQUcYdnR1
|
||||
0qmKBSttGXPK4o+/7Q5zALapx+jYlUcQ0dKxhAPuBPGYxPTm5h8=
|
||||
=jbKR
|
||||
-----END PGP SIGNATURE-----
|
||||
BIN
expat-2.7.1.tar.xz
(Stored with Git LFS)
Normal file
BIN
expat-2.7.1.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
expat-2.7.1.tar.xz.asc
Normal file
16
expat-2.7.1.tar.xz.asc
Normal file
@@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmflq4EACgkQliYqz/vT
|
||||
rsbgBw/7BnBRKM4F7dvK5aAxJHyGC4uz2r/2ETQiC2kOu5DTJVa3whaITIrzG/3w
|
||||
9ikYp5st/Xgm7pDTT1Hr1po/4JDr2eDJnUfml9EHPkkqCK3NUd6NzpRArEnHnoRx
|
||||
1SLTB0TKpGAdHF87WlhThujq1NGWQTXtX6IPpXHm3K/K7saFy1aGE7WR0YGV2ytt
|
||||
VxR/ucey2Gh2PqvfiIipAs81Qcyt3UM5U1TpViDQ3ezRF0CpgCDhQ8MkZxgu7c/k
|
||||
LyE4c5Gla8MiJqcraX3Ymz6dCH6SRiX2NY5Vpy8f9yIqDq5eyhkHi5SPRx2jG5Ua
|
||||
LVZmN0orxXgOFWyFZPoz4guO7hWLNjesq3cCySOOMBxydIXFVVPgwX0rtgaUXX77
|
||||
Z3b05oCECGhvFO4BdXTTnKtaNoSnb7yjwqsBK8aupZfHnHSuUVV53wAOIwkBWpJk
|
||||
CfOgkvdF59pOS+yQmV/VRjVZnIF9Rt/8mrStyKPHqAYJuTAKugicfpbVOfXQXSmk
|
||||
ASAuVgzddFWMaircpMsZFBDTBk7a5jum39D67sVS74pDk2imvixYqtWo+8AI7NQ5
|
||||
TqWXyULVD9K3OCh47w1zhwRfTskYAvX5lV0TTYo7kXtPMCyfPa8seBOpHtoSM8bB
|
||||
+zZkWd/LNWcRRdcmenPnwv2GiLO5jCgAIuJrboyJPw8E93q94jA=
|
||||
=Ug7G
|
||||
-----END PGP SIGNATURE-----
|
||||
@@ -1,3 +1,77 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 28 10:22:44 UTC 2025 - pgajdos@suse.com
|
||||
|
||||
- version update to 2.7.1
|
||||
Bug fixes:
|
||||
#980 #989 Restore event pointer behavior from Expat 2.6.4
|
||||
(that the fix to CVE-2024-8176 changed in 2.7.0);
|
||||
affected API functions are:
|
||||
- XML_GetCurrentByteCount
|
||||
- XML_GetCurrentByteIndex
|
||||
- XML_GetCurrentColumnNumber
|
||||
- XML_GetCurrentLineNumber
|
||||
- XML_GetInputContext
|
||||
|
||||
Other changes:
|
||||
#976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
|
||||
with Automake that were missing from 2.7.0 release tarballs
|
||||
#983 #984 Fix printf format specifiers for 32bit Emscripten
|
||||
#992 docs: Promote OpenSSF Best Practices self-certification
|
||||
#978 tests/benchmark: Resolve mistaken double close
|
||||
#986 Address compiler warnings
|
||||
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
|
||||
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
|
||||
for what these numbers do
|
||||
|
||||
Infrastructure:
|
||||
#982 CI: Start running Perl XML::Parser integration tests
|
||||
#987 CI: Enforce Clang Static Analyzer clean code
|
||||
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
|
||||
for clang-tidy
|
||||
#981 CI: Cover compilation with musl
|
||||
#983 #984 CI: Cover compilation with 32bit Emscripten
|
||||
#976 #977 CI: Protect against fuzzer files missing from future
|
||||
release archives
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 14 10:25:24 UTC 2025 - pgajdos@suse.com
|
||||
|
||||
- version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])
|
||||
* Security fixes:
|
||||
#893 #973 CVE-2024-8176 -- Fix crash from chaining a large number
|
||||
of entities caused by stack overflow by resolving use of
|
||||
recursion, for all three uses of entities:
|
||||
- general entities in character data ("<e>&g1;</e>")
|
||||
- general entities in attribute values ("<e k1='&g1;'/>")
|
||||
- parameter entities ("%p1;")
|
||||
Known impact is (reliable and easy) denial of service:
|
||||
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
|
||||
(Base Score: 7.5, Temporal Score: 7.2)
|
||||
Please note that a layer of compression around XML can
|
||||
significantly reduce the minimum attack payload size.
|
||||
|
||||
* Other changes:
|
||||
#935 #937 Autotools: Make generated CMake files look for
|
||||
libexpat.@SO_MAJOR@.dylib on macOS
|
||||
#925 Autotools: Sync CMake templates with CMake 3.29
|
||||
#945 #962 #966 CMake: Drop support for CMake <3.13
|
||||
#942 CMake: Small fuzzing related improvements
|
||||
#921 docs: Add missing documentation of error code
|
||||
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
|
||||
#941 docs: Document need for C++11 compiler for use from C++
|
||||
#959 tests/benchmark: Fix a (harmless) TOCTTOU
|
||||
#944 Windows: Fix installer target location of file xmlwf.xml
|
||||
for CMake
|
||||
#953 Windows: Address warning -Wunknown-warning-option
|
||||
about -Wno-pedantic-ms-format from LLVM MinGW
|
||||
#971 Address Cppcheck warnings
|
||||
#969 #970 Mass-migrate links from http:// to https://
|
||||
#947 #958 ..
|
||||
#974 #975 Document changes since the previous release
|
||||
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
|
||||
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
|
||||
for what these numbers do
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 12 15:43:19 UTC 2024 - pgajdos@suse.com
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package expat
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
@@ -17,10 +17,10 @@
|
||||
#
|
||||
|
||||
|
||||
%global unversion 2_6_4
|
||||
%global unversion 2_7_1
|
||||
%define sover 1
|
||||
Name: expat
|
||||
Version: 2.6.4
|
||||
Version: 2.7.1
|
||||
Release: 0
|
||||
Summary: XML Parser Toolkit
|
||||
License: MIT
|
||||
|
||||
Reference in New Issue
Block a user