diff --git a/expat-2.2.6-fix-make-clean.patch b/expat-2.2.6-fix-make-clean.patch deleted file mode 100644 index 5976c09..0000000 --- a/expat-2.2.6-fix-make-clean.patch +++ /dev/null @@ -1,19 +0,0 @@ -Author: Bernhard M. Wiedemann -Date: 2019-02-07 - -Do not clean files that are shipped in the tarball -and that we cannot create with 'make' -to fix building with profile guided optimizations -Index: expat-2.2.6/doc/Makefile.in -=================================================================== ---- expat-2.2.6.orig/doc/Makefile.in -+++ expat-2.2.6/doc/Makefile.in -@@ -572,7 +572,7 @@ clean-local: clean-local-check - - .PHONY: clean-local-check - clean-local-check: -- $(RM) xmlwf.1 -+ #$(RM) xmlwf.1 - - # Tell versions [3.59,3.63) of GNU make to not export all variables. - # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/expat-2.2.6.tar.bz2 b/expat-2.2.6.tar.bz2 deleted file mode 100644 index da78803..0000000 --- a/expat-2.2.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:17b43c2716d521369f82fc2dc70f359860e90fa440bea65b3b85f0b246ea81f2 -size 513322 diff --git a/expat-2.2.6.tar.bz2.asc b/expat-2.2.6.tar.bz2.asc deleted file mode 100644 index e61f8f4..0000000 --- a/expat-2.2.6.tar.bz2.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQQ9fpWdifrP7jg3GSGwC8ZqQBoWAAUCW3Qi/wAKCRCwC8ZqQBoW -AFThAKDKcZGKjkK91qJ/VeIp4paY6zWmngCbByWF9v7qt+PV35VYDa5Djwrmgt4= -=z9yn ------END PGP SIGNATURE----- diff --git a/expat-2.2.7.tar.xz b/expat-2.2.7.tar.xz new file mode 100644 index 0000000..b7b3e04 --- /dev/null +++ b/expat-2.2.7.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:30e3f40acf9a8fdbd5c379bdcc8d1178a1d9af306de29fc8ece922bc4c57bef8 +size 424264 diff --git a/expat-2.2.7.tar.xz.asc b/expat-2.2.7.tar.xz.asc new file mode 100644 index 0000000..2eee835 --- /dev/null +++ b/expat-2.2.7.tar.xz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQQ9fpWdifrP7jg3GSGwC8ZqQBoWAAUCXQpmTQAKCRCwC8ZqQBoW +AEIpAJ9+jIcvEUpNEhXku8RShzGrE5gc3gCgml4U3lnpbC7+avvh3F17U7+vSuE= +=Jbtz +-----END PGP SIGNATURE----- diff --git a/expat.changes b/expat.changes index 10eacea..3cdf302 100644 --- a/expat.changes +++ b/expat.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Tue Jul 2 10:33:51 UTC 2019 - Pedro Monreal Gonzalez + +- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937) + * Security fixes: + - CVE-2018-20843 - Fix extraction of namespace prefixes from + XML names; XML names with multiple colons could end up in + the wrong namespace, and take a high amount of RAM and CPU + resources while processing, opening the door to use for + denial-of-service attacks + * Other changes: + - Autotools/CMake: Utilize -fvisibility=hidden to stop + exporting non-API symbols + - Autotools: Add --without-examples and --without-tests + - Autotools: Modernize configure.ac + - Autotools: Fix check for -fvisibility=hidden for Clang + - Autotools: Fix compilation for lack of docbook2x-man + - CMake: Make libdir of pkgconfig expat.pc support multilib + - CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR + - Remove fallback to bcopy, assume that memmove(3) exists +- Removed expat-2.2.6-fix-make-clean.patch + ------------------------------------------------------------------- Thu Feb 7 10:45:14 UTC 2019 - Bernhard Wiedemann diff --git a/expat.spec b/expat.spec index bd3d146..a3cde2c 100644 --- a/expat.spec +++ b/expat.spec @@ -16,19 +16,18 @@ # -%global unversion 2_2_6 +%global unversion 2_2_7 Name: expat -Version: 2.2.6 +Version: 2.2.7 Release: 0 Summary: XML Parser Toolkit License: MIT Group: Development/Libraries/C and C++ URL: http://libexpat.github.io -Source0: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.bz2 +Source0: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz Source1: %{name}faq.html Source2: baselibs.conf -Source3: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.bz2.asc -Patch0: expat-2.2.6-fix-make-clean.patch +Source3: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz.asc BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: pkgconfig @@ -63,7 +62,6 @@ in libexpat. %prep %setup -q -%patch0 -p1 cp %{SOURCE1} . rm -f examples/*.dsp @@ -99,7 +97,6 @@ make %{?_smp_mflags} check %doc doc/expat.png doc/reference.html doc/style.css doc/valid-xhtml10.png %doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in %doc AUTHORS Changes -%{_mandir}/man?/* %{_bindir}/xmlwf %files -n libexpat1