Accepting request 1222170 from devel:libraries:c_c++

- version update to 2.6.4 * Security fixes: [bsc#1232601] #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: #903 CMake: Add alias target "expat::expat" #905 docs: Document use via CMake >=3.18 with FetchContent and SOURCE_SUBDIR and its consequences #902 tests: Reduce use of global parser instance #904 tests: Resolve duplicate handler #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903) #914 Fix signedness of format strings #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do (forwarded request 1222166 from pgajdos) OBS-URL: https://build.opensuse.org/request/show/1222170 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=78
2024-11-08 10:53:43 +00:00 · 2024-11-08 10:53:43 +00:00 · dc62179049
commit dc62179049
parent 1a5e6ac868 fff2a6793d
6 changed files with 43 additions and 21 deletions
--- a/expat-2.6.3.tar.xz
+++ b/expat-2.6.3.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:274db254a6979bde5aad404763a704956940e465843f2a9bd9ed7af22e2c0efc
-size 485600
--- a/expat-2.6.3.tar.xz.asc
+++ b/expat-2.6.3.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmbYOcIACgkQliYqz/vT
-rsZJHxAAkyGU93XA8OhhJoheuXaPPNbXD6KbIfGZeAOsENS0zOSar2FHTo3+3VLV
-lD3gS3S4eyo6tJ99E1iG0KLPm20mzwZIRA/vC9Vt3aVj43jnof7DjXij8QlV56Rh
-6i30mavwdSPlU7f0GoVPchYB6wKl+rzKCJkAUzMlkbbFyLx/9o6/ryA3VsGXGBam
-97is8R7I8Kt+dDbZGs+//W1OHR5VJO5kFQ7VcowhrLexh1fTJIu/cy3KJNpFyzDP
-u402CUTUkpwxbbZHXz9WoiZrAIIkiGtKjtyss8OwloPcFS1SHXuNnkPPiQE1r2ow
-pvKE/mKA384IG1890c402xjj8DwZ2Ck172rnFikSctFNGmUf0Mx0N+tSs7nTV7/q
-yiBX0+aaedWVxQnhKffg2erjDxb56Uo0AwxylHbgI6F6I710JPTQC5pHt6Ka4FJm
-lvDKGp6wGd9Y9biQvO74H0EOgkwd+8JHS7m4VLBraxKghfGuWXdZMGFGs5H8o6El
-JzqCjhVnH7j55MVPBntuamifxh2c99FNglUhLGkV7dmash1wKX5Thwzc8fady9oH
-KE1by5zh6A2Eu6KFE2/YvWQ56C8GgAY8Efe99IRz7XunCUzetxcfRDw6PcyCCOAa
-Jx9B5SZMIfmVdYWuQRKhti7QxR9zuuvpA93GiUEzWZZ2AcJldoc=
-=5Z0B
-----END PGP SIGNATURE-----
--- a/expat-2.6.4.tar.xz
+++ b/expat-2.6.4.tar.xz
--- a/expat-2.6.4.tar.xz.asc
+++ b/expat-2.6.4.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmcsGa8ACgkQliYqz/vT
+rsYJMA/+NxOVa+kCFEzhMHD9RCumwFj7lfmJDPM6rroLi9GqnKc8165Ub7e+o3bq
+fdPCIFiZkYTGpliU3Q9zlMEBTZ1TtsaqVGgjabK9YKf8ZTK1MUR2z/B6gWLfjo8F
+knhj0KonqeRxtcKPSYs9xP+/sNlGkEQjZgrfo2Z9oX8Q7eNGn/fAxmbjhBhvILwG
+mKmwwc8PSi7RCNLgaoyikhcddohclApXU1Qid1g6FwnxQ5aKXSeoPgu1bGrDiz6k
+/RkO+KR1Yfkcty97CwVV5+4EHTB1aa/fk3gHgprHD9qx+NLeKyD4+44AxseCMiSS
+FXP8S5Z2qaopIS6tvuKXiyH1mTCJQugFsxk3GnQBlgkvj4rypr8MnUAALam13OMh
+ziRndeMR2ieJ1ASJYfkjLeXVi4pz/pnRECAUAxly5z8Zx5N+IX9bOgjpwhd6QtOt
+rVbq3wgLKmlEch8KcsL4RpGGkiK5gchsqXDM/g0cCu8vNC8+pDO3sNIQJDsmySYt
+X3ewzOv+Vj3LCoeospnyLjNBOh5upgm1s6iq6bsxr29FU1MfaP1awm7jtYmr7ch9
+wr24fPhXopp5emWnJP3O4GQj8Q1mcPFLmGy0wmVdnr8tzKzyHx9Q2WNhQUcYdnR1
+0qmKBSttGXPK4o+/7Q5zALapx+jYlUcQ0dKxhAPuBPGYxPTm5h8=
+=jbKR
+-----END PGP SIGNATURE-----
--- a/expat.changes
+++ b/expat.changes
@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Thu Nov  7 11:39:56 UTC 2024 - pgajdos@suse.com
+
+- version update to 2.6.4 
+  * Security fixes: [bsc#1232601]
+        #915  CVE-2024-50602 -- Fix crash within function XML_ResumeParser
+                from a NULL pointer dereference by disallowing function
+                XML_StopParser to (stop or) suspend an unstarted parser.
+                A new error code XML_ERROR_NOT_STARTED was introduced to
+                properly communicate this situation.  // CWE-476 CWE-754
+  * Other changes:
+        #903  CMake: Add alias target "expat::expat"
+        #905  docs: Document use via CMake >=3.18 with FetchContent
+                and SOURCE_SUBDIR and its consequences
+        #902  tests: Reduce use of global parser instance
+        #904  tests: Resolve duplicate handler
+   #317 #918  tests: Improve tests on doctype closing (ex CVE-2019-15903)
+        #914  Fix signedness of format strings
+   #919 #920  Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
+                to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
+                for what these numbers do
+
 -------------------------------------------------------------------
 Thu Sep 26 08:29:45 UTC 2024 - pgajdos@suse.com

--- a/expat.spec
+++ b/expat.spec
@ -17,10 +17,10 @@
 #


-%global unversion 2_6_3
+%global unversion 2_6_4
 %define sover 1
 Name:           expat
-Version:        2.6.3
+Version:        2.6.4
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT