Accepting request 959577 from home:david.anes:branches:devel:libraries:c_c++

- udpate to 2.4.7 (bsc#1196784, CVE-2022-25236):
  * Bug fixes:
    - Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
      with regard to all valid URI characters (RFC 3986),
      i.e. the following set (excluding whitespace):
      ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
      0123456789 % -._~ :/?#[]@ !$&'()*+,;=
  * Other changes:
    - CMake|Windows: Store Expat version in the DLL
    - Document consequences of namespace separator choices not just
      in doc/reference.html but also in header <expat.h>
    - Document Expat's lack of validation of namespace URIs against
      RFC 3986, and that the XML 1.0r4 specification doesn't
      require Expat to validate namespace URIs, and that Expat
      may do more in that regard in future releases.
      If you find need for strict RFC 3986 URI validation on
      application level today, https://uriparser.github.io/ may
      be of interest.
    - Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
    - Document that a call to XML_FreeContentModel can be done at
      a later time from outside the element declaration handler
    - Make hardcoded namespace URIs easier to find in code
    - Update documentation on use of XML_POOR_ENTOPY on Solaris
    - tests: Resolve use of macros NAN and INFINITY for GNU G++
      4.8.2 on Solaris.
    - Version info bumped from 9:6:8 to 9:7:8;
      see https://verbump.de/ for what these numbers do

OBS-URL: https://build.opensuse.org/request/show/959577
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=96

expat-2.4.6.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:de55794b7a9bc214852fdc075beaaecd854efe1361597e6268ee87946951289b
-size 452468

expat-2.4.6.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmISdL8ACgkQliYqz/vT
-rsaPBhAAlALWvVoxvGj5Sko6xbOBVXfal/c40pbAN4yFVKYW1YBNaswB6cjQDuUI
-VBLqQwtZicNWHxPCLF0bldJFbNiiR3w6cm08e4C+YKHtEH4FRsLDxzWYF1n7nd0t
-Yez7BozXwafD2HDgx86bJOnVhSkn2fAHPKUGLErHLvpFg7aLvIOPtWPJ+9YeGeDa
-B8SrQB7YLu9EpkUmwGUCB5zZremoX8vC3+2N8RR2HLQ0dq1VPaBJrJkinGP8j/W5
-bxi/eADCIt09cD6WEinFdE6M3LBSb1K8aKdnGxpQ8A3bs+XoBy6MTXCmdtnsa07y
-whUEcWvu/npxgNAsZoW3LW2DPn0B8Ym/DW1K4GrtYVhZZGo7/mvazr2+LPo1xhUZ
-x5iT4m+4COk0QwEb8rXVMIQAvlObdk8vR7AzPmetLiRrC1Ht2RQ5NCPGLoAUC/9t
-Lw0X34MJ9xU1tSY7bWJzTa7RCaAjo36amnINsupw83PxOnFreshnIMvCULG9u99Y
-lmF3XiyARjCbzYsJTGChldtQZ1tA4A+4aKO71HM/Ajo8CGBnB3q2W/88ORclOfpe
-WJ0ubUUHp/63l6uZPg4hESdSS2ID6PY9WbrS91rNBSEr8ZOrra5VWbEif2fN+mDC
-sy61OGEXvgNmGK06ygr8o8T32DLc+dh/ST6BMTpUo7PXKcA4/qg=
-=gI+p
------END PGP SIGNATURE-----

expat-2.4.7.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9875621085300591f1e64c18fd3da3a0eeca4a74f884b9abac2758ad1bd07a7d
+size 454136

expat-2.4.7.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmIihJEACgkQliYqz/vT
+rsZoCw/7BTlrxFlnqgdqXCnDX+Zc+EvBaauFNZ6NZt54vbKiNEIlFgD+cSbpVS3g
+dBJd/uQU38Z35BmNueAuT1C1vuhV0BKYBoz/S/BTMFnPx/fAf9YcZRiE1eMMuwUR
+mnuKTiu/4E+/sizdIAZQnUexn8p0+AfXnK7bXwLf9e7pgVRbkiaKXosC7R6c3KTN
+ZxVBMEfzNWSxYNxImWyxui31uTPydSgIIBdUKs7fvPinImrj2dh2oHX41AHmD+er
+sz4kx9oIuwli9dANIlbKrbVvlRx2bRuex5fXXgDtNtmbfnOiWL6AFsOmO/0RhQQ7
+f96LwJjfiJHIDNVh1Xs/1J8O5N6utQA+Jm+aeHmhfT4QCp0E3ERtZaHhgux09R6R
+lvWIPM3rIKrbExR/E4bPVIf2tR58xRzth8kJm2ep9185Dtw5cpbh11HSR38lqmn/
+ejQ5iQ0t5BgbuC0WewbgaIk7rvk0vUckYdrFZPL9xJwgLQ/H5mS1su7CsW1bAbn2
+RdCUBSjLFHjXmLrW6SOaZNrGoN8HUvqBLw3T7p5qT9kFplWMcBBYWCdva41/Uuzv
+obty1bXHZdO6ZG37OyECGpiQfsKYLQJPBc5ur3CJ5AQkVlugMeN4A0+LpK/Y+yU3
+PIafnxIKpus8KWRhd5guYL6qss8uaBCLj1J0+wSXwnd/GRDGq7k=
+=jzHN
+-----END PGP SIGNATURE-----

expat.changes

@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Sat Mar  5 06:34:13 UTC 2022 - David Anes <david.anes@suse.com>
+
+- udpate to 2.4.7 (bsc#1196784, CVE-2022-25236):
+  * Bug fixes:
+    - Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
+      with regard to all valid URI characters (RFC 3986),
+      i.e. the following set (excluding whitespace):
+      ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
+      0123456789 % -._~ :/?#[]@ !$&'()*+,;=
+  * Other changes:
+    - CMake|Windows: Store Expat version in the DLL
+    - Document consequences of namespace separator choices not just
+      in doc/reference.html but also in header <expat.h>
+    - Document Expat's lack of validation of namespace URIs against
+      RFC 3986, and that the XML 1.0r4 specification doesn't
+      require Expat to validate namespace URIs, and that Expat
+      may do more in that regard in future releases.
+      If you find need for strict RFC 3986 URI validation on
+      application level today, https://uriparser.github.io/ may
+      be of interest.
+    - Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
+    - Document that a call to XML_FreeContentModel can be done at
+      a later time from outside the element declaration handler
+    - Make hardcoded namespace URIs easier to find in code
+    - Update documentation on use of XML_POOR_ENTOPY on Solaris
+    - tests: Resolve use of macros NAN and INFINITY for GNU G++
+      4.8.2 on Solaris.
+    - Version info bumped from 9:6:8 to 9:7:8;
+      see https://verbump.de/ for what these numbers do
+
 -------------------------------------------------------------------
 Sun Feb 20 19:48:53 UTC 2022 - David Anes <david.anes@suse.com>
 

expat.spec

@@ -16,9 +16,9 @@
 #
 
 
-%global unversion 2_4_6
+%global unversion 2_4_7
 Name:           expat
-Version:        2.4.6
+Version:        2.4.7
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT