Compare commits
3 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
|
e20df55edf | ||
|
|
6543831c97 | ||
|
|
a68e501697 |
BIN
expat-2.7.1.tar.xz
LFS
BIN
expat-2.7.1.tar.xz
LFS
Binary file not shown.
@@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmflq4EACgkQliYqz/vT
|
||||
rsbgBw/7BnBRKM4F7dvK5aAxJHyGC4uz2r/2ETQiC2kOu5DTJVa3whaITIrzG/3w
|
||||
9ikYp5st/Xgm7pDTT1Hr1po/4JDr2eDJnUfml9EHPkkqCK3NUd6NzpRArEnHnoRx
|
||||
1SLTB0TKpGAdHF87WlhThujq1NGWQTXtX6IPpXHm3K/K7saFy1aGE7WR0YGV2ytt
|
||||
VxR/ucey2Gh2PqvfiIipAs81Qcyt3UM5U1TpViDQ3ezRF0CpgCDhQ8MkZxgu7c/k
|
||||
LyE4c5Gla8MiJqcraX3Ymz6dCH6SRiX2NY5Vpy8f9yIqDq5eyhkHi5SPRx2jG5Ua
|
||||
LVZmN0orxXgOFWyFZPoz4guO7hWLNjesq3cCySOOMBxydIXFVVPgwX0rtgaUXX77
|
||||
Z3b05oCECGhvFO4BdXTTnKtaNoSnb7yjwqsBK8aupZfHnHSuUVV53wAOIwkBWpJk
|
||||
CfOgkvdF59pOS+yQmV/VRjVZnIF9Rt/8mrStyKPHqAYJuTAKugicfpbVOfXQXSmk
|
||||
ASAuVgzddFWMaircpMsZFBDTBk7a5jum39D67sVS74pDk2imvixYqtWo+8AI7NQ5
|
||||
TqWXyULVD9K3OCh47w1zhwRfTskYAvX5lV0TTYo7kXtPMCyfPa8seBOpHtoSM8bB
|
||||
+zZkWd/LNWcRRdcmenPnwv2GiLO5jCgAIuJrboyJPw8E93q94jA=
|
||||
=Ug7G
|
||||
-----END PGP SIGNATURE-----
|
||||
BIN
expat-2.7.4.tar.xz
LFS
Normal file
BIN
expat-2.7.4.tar.xz
LFS
Normal file
Binary file not shown.
17
expat-2.7.4.tar.xz.asc
Normal file
17
expat-2.7.4.tar.xz.asc
Normal file
@@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJPBAABCAA5FiEEy43nCpDPv2w79cxWliYqz/vTrsYFAml967kbFIAAAAAABAAO
|
||||
bWFudTIsMi41KzEuMTIsMiwyAAoJEJYmKs/7067G7AcQALg4k9deC50LsO68nWEr
|
||||
IfzQWkoglhJUK34wPrn4BiAp5YVczwWaQhtOGEBNL/sDs+g/cQ5bBFQCYpjPQes3
|
||||
ksMsr6JPwwCAE9bOPPJLTx7uFyBjZfdt2J6J4fpXpBdwumo6T2k56Pcd2nMeqa5+
|
||||
M/tvt/nxaD+lJVJ40opWreFW5xj+DNN3H0zHz6ulsB0p87r6mK0dAFWwazCCg6nr
|
||||
oKY0zdrIYeF81Dm5vBRR4sawWt8wJUR9K/L9EnxTHUyvHsDJuuFdGzHL8nKk5TxO
|
||||
eYaD2ADc8XPmK5Pd/OTkQfKr3L+ZRFf6jDbISt2jze9aCxXhiB+Xtzrw7TpXTEZv
|
||||
bSJbTb2EJnDVPpq8yiuPOeJsE6HTQW7q/XLPRazvhWijrkbcydgHyFY1WEAPfmvh
|
||||
tjrI90jnM9Kn5HbbsATBg6vRrjOTbJTiDolMp7f7mhZEMaDh4XZC+VhyabZMbJT+
|
||||
n8KIv20vJd06IPVg2g7cnntrIklQGbUMu+CgNSzswNCakS+1FuR2nieqeOVHUWjt
|
||||
7y5KI/Hsv8QfsxmBLmSmQCNd5BgmHuxO/9TYmljYOn4Ham5/WMd3evBNeN6pcHzP
|
||||
XKDZhbFBsi8v+cYCEieoiFsUxLJDpEalYw0dJscqjzRxbyDc6RyMHQwrwPiW/vtd
|
||||
jw59c/STHgsUbtpPa6APuyOM
|
||||
=k616
|
||||
-----END PGP SIGNATURE-----
|
||||
@@ -1,3 +1,52 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 3 08:17:21 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
|
||||
|
||||
- version update to 2.7.4
|
||||
* CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
|
||||
failed to copy the encoding handler data passed to
|
||||
XML_SetUnknownEncodingHandler from the parent to the new
|
||||
subparser. This can cause a NULL dereference (CWE-476) from
|
||||
external entities that declare use of an unknown encoding.
|
||||
The expected impact is denial of service. It takes use of
|
||||
both functions XML_ExternalEntityParserCreate and
|
||||
XML_SetUnknownEncodingHandler for an application to be
|
||||
vulnerable.
|
||||
* CVE-2026-25210 -- Add missing check for integer overflow
|
||||
related to buffer size determination in function doContent
|
||||
* lib: Fix missing undoing of group size expansion in doProlog
|
||||
failure cases
|
||||
* xmlwf: Fix a memory leak
|
||||
* WASI: Fix format specifiers for 32bit WASI SDK
|
||||
- fixes [bsc#1257144] and [bsc#1257496]
|
||||
- obsolete CVE-2025-59375.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Sep 27 09:21:33 UTC 2025 - Christoph G <foss@grueninger.de>
|
||||
|
||||
- version update to 2.7.3
|
||||
* Fix alignment of internal allocations for some non-amd64
|
||||
architectures (e.g. sparc32); fixes up on the fix to
|
||||
CVE-2025-59375 (of Expat 2.7.2)
|
||||
* Fix a class of false positives where input should have been
|
||||
rejected with error XML_ERROR_ASYNC_ENTITY; regression from
|
||||
CVE-2024-8176 (of Expat 2.7.0)
|
||||
* Prove and regression-proof absence of integer overflow
|
||||
from function expat_realloc
|
||||
* Remove "harmless" cast that truncated a size_t to unsigned
|
||||
* xmlwf: Resolve use of functions XML_GetErrorLineNumber
|
||||
and XML_GetErrorColumnNumber
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 22 14:54:27 UTC 2025 - pgajdos@suse.com
|
||||
|
||||
- version update to 2.7.2 [bsc#1249584]
|
||||
* CVE-2025-59375 -- Disallow use of disproportional amounts of
|
||||
dynamic memory from within an Expat parser
|
||||
* xmlwf: Fix (internal) help generator
|
||||
* xmlwf: Mention supported environment variables in
|
||||
--help output
|
||||
* see Changes for details
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 28 10:22:44 UTC 2025 - pgajdos@suse.com
|
||||
|
||||
@@ -186,7 +235,7 @@ Mon Feb 12 20:44:14 UTC 2024 - David Anes <david.anes@suse.com>
|
||||
|
||||
- Update to 2.6.0:
|
||||
* Security fixes:
|
||||
- CVE-2023-52425 (boo#1219559)
|
||||
- CVE-2023-52425 (boo#1219559, bsc#1221563)
|
||||
-- Fix quadratic runtime issues with big tokens
|
||||
that can cause denial of service, in partial where
|
||||
dealing with compressed XML input. Applications
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package expat
|
||||
#
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC and contributors
|
||||
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
@@ -17,10 +17,10 @@
|
||||
#
|
||||
|
||||
|
||||
%global unversion 2_7_1
|
||||
%global unversion 2_7_4
|
||||
%define sover 1
|
||||
Name: expat
|
||||
Version: 2.7.1
|
||||
Version: 2.7.4
|
||||
Release: 0
|
||||
Summary: XML Parser Toolkit
|
||||
License: MIT
|
||||
|
||||
Reference in New Issue
Block a user