diff --git a/expat-2.3.0.tar.xz b/expat-2.3.0.tar.xz deleted file mode 100644 index fdc98c9..0000000 --- a/expat-2.3.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:caa34f99b6e3bcea8502507eb6549a0a84510b244a748dfb287271b2d47467a9 -size 433508 diff --git a/expat-2.3.0.tar.xz.asc b/expat-2.3.0.tar.xz.asc deleted file mode 100644 index 6c32fa9..0000000 --- a/expat-2.3.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmBb2eIACgkQliYqz/vT -rsZ1hw//RPMDuqOoVHnbIByIkT5un1oWwdMLTmLFoTfHZCVruPK8RZ44f7eyxGRn -UeLuP+MFxVrco2ZE7DbdpPkVLTWD7rRwZmi5vcGT+V78KK9H+d21lMAGZHlupSqk -Y3O2Ofj6s8Twq6q4P6UOetldpsaj58gJTwNAuklv4jFlmjppohwhxRiwvofcyuom -3gbY11Mzr36oKi0phDhmMUFx/aeG6SogZsgDAlKS+GCqqwPUtUrA6GRGPJQIswzz -2bsw9xAKhAdKtZRFx9DrW9l/fGsZ64xHkg3Z9CHq54cHpuX4ahmhjdQM1ieyHCHs -NuXO0vPPy6miaWq8Yd6l1Oo7FpTNsnZ5gmpNt1KchWTrc4BeGtFY39o4zhccf0AZ -rh1sEauxbcoo5bi0w8u1WCLKFudLvijZG78dqXn8jyVEd526PmLnluQcF8q+wfiU -Ak2tvAmqklL+B4roJj9HC/GwOYPRwBPH6p9naRprAtAyS12yy+28DDYATJemyC0T -FlrKRpv2JbpGDmMBB/z/8fJoJnlPnPkyzZdOrkwgryPR/sqaOEv/3SNcoN4BC7jT -0rbrVc93zz9i+vVTuNRrBcoiY/nkdOSPmLN4AGGt3pkhuZFA0D2Bz2E3KG4AAb+x -DeOQkAQShx7J+FY5HA4oXlQ4/rtukhAojqe4gb6THiEY1p7CLDY= -=Is1u ------END PGP SIGNATURE----- diff --git a/expat-2.4.1.tar.xz b/expat-2.4.1.tar.xz new file mode 100644 index 0000000..70d97aa --- /dev/null +++ b/expat-2.4.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cf032d0dba9b928636548e32b327a2d66b1aab63c4f4a13dd132c2d1d2f2fb6a +size 445024 diff --git a/expat-2.4.1.tar.xz.asc b/expat-2.4.1.tar.xz.asc new file mode 100644 index 0000000..90550d0 --- /dev/null +++ b/expat-2.4.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmCqgzgACgkQliYqz/vT +rsbPkxAAg/IYtwG35b0vmVAMbwQ4PPkh4mz6ZeqonakobUv2S1clObYmvwCAkqs/ +SeLwRd2LEuXFfXriIScje78/R+NaNChod8Pq8cCup+HgKuC6S3I8ZHe/0f1Zk0D2 +ofNXAEJ+vgNf3LsSAJrOnQ6wr2nx0zqWvuznh76WxbjV87x1+389JZdW7rnG9Hsw +Cd+BjsjysPk7Mt1QiNiV3FvRn/+uvfCbQwkMgo4ntQYZeia/8g2B1WLoTuU+lLtN +EmaZsQRQP4hSLiofDLYwhTJ0eeOdBD9taQrHf1cafFpI0ZXPrSHNMOa8f2PzFH0n +KNHtepdIrQZxxABF2tFOdGKUBuaRWqeRXT/dgZgbE9kZI0iRYb/4ADRh6sGXs9eP +8JW8OZxOHlGjpMPAiQBCEmfJAUKkzDxfKKuEcSi38yr3KmRK/uzLeoAgCyxIvr/i +Mx4yxsuCCi/xsCcEu0YZophYX0AJY2STzFE2PpXK/3dHUuwX50dCBasTKWTCqLXk +gFp0xJHAcSImo0VFwNsp9CKDUIL9NWafFQClIjG1SY201Z2l2uyp7iYRWiSBgQ2v +dc1nu2BH7ZnIYy/XuCjGIXaf/qLBOphSjKdy58Zp9NOCPgFiIP3W2CtyAV5sk+Nh +fg1R9LHqYr8KfofpdA+sUJ5HByyVTnB1s4xLsq2DGP6rIExrONw= +=xupO +-----END PGP SIGNATURE----- diff --git a/expat.changes b/expat.changes index 31980ec..0ac3cfd 100644 --- a/expat.changes +++ b/expat.changes @@ -1,3 +1,73 @@ +------------------------------------------------------------------- +Mon May 24 08:17:12 UTC 2021 - Pedro Monreal + +- Update to 2.4.1: + * Bug fixes: + - Autotools: Fix installed header expat_config.h for multilib + systems; regression introduced in 2.4.0 by pull request #486 + * Other changes: + - Version info bumped from 9:0:8 to 9:1:8; see + https://verbump.de/ for what these numbers do + +------------------------------------------------------------------- +Mon May 24 08:15:42 UTC 2021 - Pedro Monreal + +- Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"] + * Security fixes: + - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks + (denial-of-service; flavors targeting CPU time or RAM or both, + leveraging general entities or parameter entities or both) + by tracking and limiting the input amplification factor + ( := ( + ) / ). + By conservative default, amplification up to a factor of 100.0 + is tolerated and rejection only starts after 8 MiB of output bytes + (= + ) have been processed. + The fix adds the following to the API: + - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to + signals this specific condition. + - Two new API functions .. + - XML_SetBillionLaughsAttackProtectionMaximumAmplification and + - XML_SetBillionLaughsAttackProtectionActivationThreshold + .. to further tighten billion laughs protection parameters + when desired. Please see file "doc/reference.html" for details. + If you ever need to increase the defaults for non-attack XML + payload, please file a bug report with libexpat. + - Two new XML_FEATURE_* constants .. + - that can be queried using the XML_GetFeatureList function, and + - that are shown in "xmlwf -v" output. + - Two new environment variable switches .. + - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and + - EXPAT_ENTITY_DEBUG=(0|1) + .. for runtime debugging of accounting and entity processing. + Specific behavior of these values may change in the future. + - Two new command line arguments "-a FACTOR" and "-b BYTES" + for xmlwf to further tighten billion laughs protection + parameters when desired. + If you ever need to increase the defaults for non-attack XML + payload, please file a bug report with libexpat. + * Bug fixes: + - For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) + or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault + for UTF-16 payloads containing CDATA sections. + - Autotools: Fix generated CMake files for non-64bit and + non-Linux platforms (e.g. macOS and MinGW in particular) + that were introduced with release 2.3.0 + * Other changes: + - xmlwf: Improve help output and the xmlwf man page + - xmlwf: Improve maintainability through some refactoring + - xmlwf: Fix man page DocBook validity + - CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR + and CMAKE_INSTALL_INCLUDEDIR + - CMake: Add support for standard variable BUILD_SHARED_LIBS + - Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters + - Resolve macro HAVE_EXPAT_CONFIG_H + - Delete unused legacy helper file "conftools/PrintPath" + - doc/reference.html: Fix XHTML validity + - doc/reference.html: Replace the 90s look by OK.css + - Version info bumped from 8:0:7 to 9:0:8 due to addition of + new symbols and error codes; see https://verbump.de/ for + what these numbers do + ------------------------------------------------------------------- Tue Apr 13 06:04:38 UTC 2021 - Dominique Leuenberger diff --git a/expat.spec b/expat.spec index 148a92e..9b53a05 100644 --- a/expat.spec +++ b/expat.spec @@ -16,9 +16,9 @@ # -%global unversion 2_3_0 +%global unversion 2_4_1 Name: expat -Version: 2.3.0 +Version: 2.4.1 Release: 0 Summary: XML Parser Toolkit License: MIT @@ -96,7 +96,7 @@ chmod 0644 examples/elements.c %{_docdir}/%{name} %license COPYING %doc README.md expatfaq.html -%doc doc/expat.png doc/reference.html doc/style.css doc/valid-xhtml10.png +%doc doc/reference.html doc/style.css doc/valid-xhtml10.png %doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in %doc AUTHORS Changes %{_bindir}/xmlwf