From 41cd7fd67d24b869107bf211c4971618e68c4ee0c01efbed0c7d5b5290f3fbca Mon Sep 17 00:00:00 2001
From: David Anes <david.anes@suse.com>
Date: Sat, 5 Mar 2022 08:23:01 +0000
Subject: [PATCH] Accepting request 959577 from
 home:david.anes:branches:devel:libraries:c_c++

- udpate to 2.4.7 (bsc#1196784, CVE-2022-25236):
  * Bug fixes:
    - Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
      with regard to all valid URI characters (RFC 3986),
      i.e. the following set (excluding whitespace):
      ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
      0123456789 % -._~ :/?#[]@ !$&'()*+,;=
  * Other changes:
    - CMake|Windows: Store Expat version in the DLL
    - Document consequences of namespace separator choices not just
      in doc/reference.html but also in header <expat.h>
    - Document Expat's lack of validation of namespace URIs against
      RFC 3986, and that the XML 1.0r4 specification doesn't
      require Expat to validate namespace URIs, and that Expat
      may do more in that regard in future releases.
      If you find need for strict RFC 3986 URI validation on
      application level today, https://uriparser.github.io/ may
      be of interest.
    - Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
    - Document that a call to XML_FreeContentModel can be done at
      a later time from outside the element declaration handler
    - Make hardcoded namespace URIs easier to find in code
    - Update documentation on use of XML_POOR_ENTOPY on Solaris
    - tests: Resolve use of macros NAN and INFINITY for GNU G++
      4.8.2 on Solaris.
    - Version info bumped from 9:6:8 to 9:7:8;
      see https://verbump.de/ for what these numbers do

OBS-URL: https://build.opensuse.org/request/show/959577
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=96
---
 expat-2.4.6.tar.xz     |  3 ---
 expat-2.4.6.tar.xz.asc | 16 ----------------
 expat-2.4.7.tar.xz     |  3 +++
 expat-2.4.7.tar.xz.asc | 16 ++++++++++++++++
 expat.changes          | 31 +++++++++++++++++++++++++++++++
 expat.spec             |  4 ++--
 6 files changed, 52 insertions(+), 21 deletions(-)
 delete mode 100644 expat-2.4.6.tar.xz
 delete mode 100644 expat-2.4.6.tar.xz.asc
 create mode 100644 expat-2.4.7.tar.xz
 create mode 100644 expat-2.4.7.tar.xz.asc

diff --git a/expat-2.4.6.tar.xz b/expat-2.4.6.tar.xz
deleted file mode 100644
index 95debb0..0000000
--- a/expat-2.4.6.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:de55794b7a9bc214852fdc075beaaecd854efe1361597e6268ee87946951289b
-size 452468
diff --git a/expat-2.4.6.tar.xz.asc b/expat-2.4.6.tar.xz.asc
deleted file mode 100644
index 92b7188..0000000
--- a/expat-2.4.6.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmISdL8ACgkQliYqz/vT
-rsaPBhAAlALWvVoxvGj5Sko6xbOBVXfal/c40pbAN4yFVKYW1YBNaswB6cjQDuUI
-VBLqQwtZicNWHxPCLF0bldJFbNiiR3w6cm08e4C+YKHtEH4FRsLDxzWYF1n7nd0t
-Yez7BozXwafD2HDgx86bJOnVhSkn2fAHPKUGLErHLvpFg7aLvIOPtWPJ+9YeGeDa
-B8SrQB7YLu9EpkUmwGUCB5zZremoX8vC3+2N8RR2HLQ0dq1VPaBJrJkinGP8j/W5
-bxi/eADCIt09cD6WEinFdE6M3LBSb1K8aKdnGxpQ8A3bs+XoBy6MTXCmdtnsa07y
-whUEcWvu/npxgNAsZoW3LW2DPn0B8Ym/DW1K4GrtYVhZZGo7/mvazr2+LPo1xhUZ
-x5iT4m+4COk0QwEb8rXVMIQAvlObdk8vR7AzPmetLiRrC1Ht2RQ5NCPGLoAUC/9t
-Lw0X34MJ9xU1tSY7bWJzTa7RCaAjo36amnINsupw83PxOnFreshnIMvCULG9u99Y
-lmF3XiyARjCbzYsJTGChldtQZ1tA4A+4aKO71HM/Ajo8CGBnB3q2W/88ORclOfpe
-WJ0ubUUHp/63l6uZPg4hESdSS2ID6PY9WbrS91rNBSEr8ZOrra5VWbEif2fN+mDC
-sy61OGEXvgNmGK06ygr8o8T32DLc+dh/ST6BMTpUo7PXKcA4/qg=
-=gI+p
------END PGP SIGNATURE-----
diff --git a/expat-2.4.7.tar.xz b/expat-2.4.7.tar.xz
new file mode 100644
index 0000000..21a7923
--- /dev/null
+++ b/expat-2.4.7.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9875621085300591f1e64c18fd3da3a0eeca4a74f884b9abac2758ad1bd07a7d
+size 454136
diff --git a/expat-2.4.7.tar.xz.asc b/expat-2.4.7.tar.xz.asc
new file mode 100644
index 0000000..57ec03b
--- /dev/null
+++ b/expat-2.4.7.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmIihJEACgkQliYqz/vT
+rsZoCw/7BTlrxFlnqgdqXCnDX+Zc+EvBaauFNZ6NZt54vbKiNEIlFgD+cSbpVS3g
+dBJd/uQU38Z35BmNueAuT1C1vuhV0BKYBoz/S/BTMFnPx/fAf9YcZRiE1eMMuwUR
+mnuKTiu/4E+/sizdIAZQnUexn8p0+AfXnK7bXwLf9e7pgVRbkiaKXosC7R6c3KTN
+ZxVBMEfzNWSxYNxImWyxui31uTPydSgIIBdUKs7fvPinImrj2dh2oHX41AHmD+er
+sz4kx9oIuwli9dANIlbKrbVvlRx2bRuex5fXXgDtNtmbfnOiWL6AFsOmO/0RhQQ7
+f96LwJjfiJHIDNVh1Xs/1J8O5N6utQA+Jm+aeHmhfT4QCp0E3ERtZaHhgux09R6R
+lvWIPM3rIKrbExR/E4bPVIf2tR58xRzth8kJm2ep9185Dtw5cpbh11HSR38lqmn/
+ejQ5iQ0t5BgbuC0WewbgaIk7rvk0vUckYdrFZPL9xJwgLQ/H5mS1su7CsW1bAbn2
+RdCUBSjLFHjXmLrW6SOaZNrGoN8HUvqBLw3T7p5qT9kFplWMcBBYWCdva41/Uuzv
+obty1bXHZdO6ZG37OyECGpiQfsKYLQJPBc5ur3CJ5AQkVlugMeN4A0+LpK/Y+yU3
+PIafnxIKpus8KWRhd5guYL6qss8uaBCLj1J0+wSXwnd/GRDGq7k=
+=jzHN
+-----END PGP SIGNATURE-----
diff --git a/expat.changes b/expat.changes
index bbf4e3f..76f0500 100644
--- a/expat.changes
+++ b/expat.changes
@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Sat Mar  5 06:34:13 UTC 2022 - David Anes <david.anes@suse.com>
+
+- udpate to 2.4.7 (bsc#1196784, CVE-2022-25236):
+  * Bug fixes:
+    - Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
+      with regard to all valid URI characters (RFC 3986),
+      i.e. the following set (excluding whitespace):
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
+      0123456789 % -._~ :/?#[]@ !$&'()*+,;=
+  * Other changes:
+    - CMake|Windows: Store Expat version in the DLL
+    - Document consequences of namespace separator choices not just
+      in doc/reference.html but also in header <expat.h>
+    - Document Expat's lack of validation of namespace URIs against
+      RFC 3986, and that the XML 1.0r4 specification doesn't
+      require Expat to validate namespace URIs, and that Expat
+      may do more in that regard in future releases.
+      If you find need for strict RFC 3986 URI validation on
+      application level today, https://uriparser.github.io/ may
+      be of interest.
+    - Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
+    - Document that a call to XML_FreeContentModel can be done at
+      a later time from outside the element declaration handler
+    - Make hardcoded namespace URIs easier to find in code
+    - Update documentation on use of XML_POOR_ENTOPY on Solaris
+    - tests: Resolve use of macros NAN and INFINITY for GNU G++
+      4.8.2 on Solaris.
+    - Version info bumped from 9:6:8 to 9:7:8;
+      see https://verbump.de/ for what these numbers do
+
 -------------------------------------------------------------------
 Sun Feb 20 19:48:53 UTC 2022 - David Anes <david.anes@suse.com>
 
diff --git a/expat.spec b/expat.spec
index 159742e..55f6eee 100644
--- a/expat.spec
+++ b/expat.spec
@@ -16,9 +16,9 @@
 #
 
 
-%global unversion 2_4_6
+%global unversion 2_4_7
 Name:           expat
-Version:        2.4.6
+Version:        2.4.7
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT