From fff2a6793d201c45e08657c1ca0f409b94773c4e61bd6f8f56dc4bcdd4f41922 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Thu, 7 Nov 2024 11:57:21 +0000 Subject: [PATCH] - version update to 2.6.4 * Security fixes: [bsc#1232601] #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: #903 CMake: Add alias target "expat::expat" #905 docs: Document use via CMake >=3.18 with FetchContent and SOURCE_SUBDIR and its consequences #902 tests: Reduce use of global parser instance #904 tests: Resolve duplicate handler #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903) #914 Fix signedness of format strings #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=118 --- expat-2.6.3.tar.xz | 3 --- expat-2.6.3.tar.xz.asc | 16 ---------------- expat-2.6.4.tar.xz | 3 +++ expat-2.6.4.tar.xz.asc | 16 ++++++++++++++++ expat.changes | 22 ++++++++++++++++++++++ expat.spec | 4 ++-- 6 files changed, 43 insertions(+), 21 deletions(-) delete mode 100644 expat-2.6.3.tar.xz delete mode 100644 expat-2.6.3.tar.xz.asc create mode 100644 expat-2.6.4.tar.xz create mode 100644 expat-2.6.4.tar.xz.asc diff --git a/expat-2.6.3.tar.xz b/expat-2.6.3.tar.xz deleted file mode 100644 index f5e56b4..0000000 --- a/expat-2.6.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:274db254a6979bde5aad404763a704956940e465843f2a9bd9ed7af22e2c0efc -size 485600 diff --git a/expat-2.6.3.tar.xz.asc b/expat-2.6.3.tar.xz.asc deleted file mode 100644 index 0637b44..0000000 --- a/expat-2.6.3.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmbYOcIACgkQliYqz/vT -rsZJHxAAkyGU93XA8OhhJoheuXaPPNbXD6KbIfGZeAOsENS0zOSar2FHTo3+3VLV -lD3gS3S4eyo6tJ99E1iG0KLPm20mzwZIRA/vC9Vt3aVj43jnof7DjXij8QlV56Rh -6i30mavwdSPlU7f0GoVPchYB6wKl+rzKCJkAUzMlkbbFyLx/9o6/ryA3VsGXGBam -97is8R7I8Kt+dDbZGs+//W1OHR5VJO5kFQ7VcowhrLexh1fTJIu/cy3KJNpFyzDP -u402CUTUkpwxbbZHXz9WoiZrAIIkiGtKjtyss8OwloPcFS1SHXuNnkPPiQE1r2ow -pvKE/mKA384IG1890c402xjj8DwZ2Ck172rnFikSctFNGmUf0Mx0N+tSs7nTV7/q -yiBX0+aaedWVxQnhKffg2erjDxb56Uo0AwxylHbgI6F6I710JPTQC5pHt6Ka4FJm -lvDKGp6wGd9Y9biQvO74H0EOgkwd+8JHS7m4VLBraxKghfGuWXdZMGFGs5H8o6El -JzqCjhVnH7j55MVPBntuamifxh2c99FNglUhLGkV7dmash1wKX5Thwzc8fady9oH -KE1by5zh6A2Eu6KFE2/YvWQ56C8GgAY8Efe99IRz7XunCUzetxcfRDw6PcyCCOAa -Jx9B5SZMIfmVdYWuQRKhti7QxR9zuuvpA93GiUEzWZZ2AcJldoc= -=5Z0B ------END PGP SIGNATURE----- diff --git a/expat-2.6.4.tar.xz b/expat-2.6.4.tar.xz new file mode 100644 index 0000000..79dce87 --- /dev/null +++ b/expat-2.6.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a695629dae047055b37d50a0ff4776d1d45d0a4c842cf4ccee158441f55ff7ee +size 486732 diff --git a/expat-2.6.4.tar.xz.asc b/expat-2.6.4.tar.xz.asc new file mode 100644 index 0000000..a7f4e0a --- /dev/null +++ b/expat-2.6.4.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmcsGa8ACgkQliYqz/vT +rsYJMA/+NxOVa+kCFEzhMHD9RCumwFj7lfmJDPM6rroLi9GqnKc8165Ub7e+o3bq +fdPCIFiZkYTGpliU3Q9zlMEBTZ1TtsaqVGgjabK9YKf8ZTK1MUR2z/B6gWLfjo8F +knhj0KonqeRxtcKPSYs9xP+/sNlGkEQjZgrfo2Z9oX8Q7eNGn/fAxmbjhBhvILwG +mKmwwc8PSi7RCNLgaoyikhcddohclApXU1Qid1g6FwnxQ5aKXSeoPgu1bGrDiz6k +/RkO+KR1Yfkcty97CwVV5+4EHTB1aa/fk3gHgprHD9qx+NLeKyD4+44AxseCMiSS +FXP8S5Z2qaopIS6tvuKXiyH1mTCJQugFsxk3GnQBlgkvj4rypr8MnUAALam13OMh +ziRndeMR2ieJ1ASJYfkjLeXVi4pz/pnRECAUAxly5z8Zx5N+IX9bOgjpwhd6QtOt +rVbq3wgLKmlEch8KcsL4RpGGkiK5gchsqXDM/g0cCu8vNC8+pDO3sNIQJDsmySYt +X3ewzOv+Vj3LCoeospnyLjNBOh5upgm1s6iq6bsxr29FU1MfaP1awm7jtYmr7ch9 +wr24fPhXopp5emWnJP3O4GQj8Q1mcPFLmGy0wmVdnr8tzKzyHx9Q2WNhQUcYdnR1 +0qmKBSttGXPK4o+/7Q5zALapx+jYlUcQ0dKxhAPuBPGYxPTm5h8= +=jbKR +-----END PGP SIGNATURE----- diff --git a/expat.changes b/expat.changes index 432ac67..51ce0e5 100644 --- a/expat.changes +++ b/expat.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Thu Nov 7 11:39:56 UTC 2024 - pgajdos@suse.com + +- version update to 2.6.4 + * Security fixes: [bsc#1232601] + #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser + from a NULL pointer dereference by disallowing function + XML_StopParser to (stop or) suspend an unstarted parser. + A new error code XML_ERROR_NOT_STARTED was introduced to + properly communicate this situation. // CWE-476 CWE-754 + * Other changes: + #903 CMake: Add alias target "expat::expat" + #905 docs: Document use via CMake >=3.18 with FetchContent + and SOURCE_SUBDIR and its consequences + #902 tests: Reduce use of global parser instance + #904 tests: Resolve duplicate handler + #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903) + #914 Fix signedness of format strings + #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3) + to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ + for what these numbers do + ------------------------------------------------------------------- Thu Sep 26 08:29:45 UTC 2024 - pgajdos@suse.com diff --git a/expat.spec b/expat.spec index d10ae2d..4e6e587 100644 --- a/expat.spec +++ b/expat.spec @@ -17,10 +17,10 @@ # -%global unversion 2_6_3 +%global unversion 2_6_4 %define sover 1 Name: expat -Version: 2.6.3 +Version: 2.6.4 Release: 0 Summary: XML Parser Toolkit License: MIT