pool/expat
SHA256
17
0
Fork 4
Code Issues Pull Requests Activity

Compare commits

merge into: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
...
pull from: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

11 Commits
slfo-1.2 ... factory

Author SHA256 Message Date
Ana Guerrero
146d562490 Accepting request 1330687 from devel:libraries:c_c++ 
- version update to 2.7.4
  * CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
            failed to copy the encoding handler data passed to
            XML_SetUnknownEncodingHandler from the parent to the new
            subparser. This can cause a NULL dereference (CWE-476) from
            external entities that declare use of an unknown encoding.
            The expected impact is denial of service. It takes use of
            both functions XML_ExternalEntityParserCreate and
            XML_SetUnknownEncodingHandler for an application to be
            vulnerable.
  * CVE-2026-25210 -- Add missing check for integer overflow
            related to buffer size determination in function doContent
  * lib: Fix missing undoing of group size expansion in doProlog
            failure cases
  * xmlwf: Fix a memory leak
  * WASI: Fix format specifiers for 32bit WASI SDK
- fixes [bsc#1257144] and [bsc#1257496]

OBS-URL: https://build.opensuse.org/request/show/1330687
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=84
 2026-02-04 20:06:08 +00:00
Petr Gajdos
e74251336f checkin 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=134
 2026-02-03 08:36:48 +00:00
Petr Gajdos
5d66fb39fb checkin 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=133
 2026-02-03 08:21:34 +00:00
Petr Gajdos
ee7e9f0d0a checkin 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=132
 2026-02-03 08:18:49 +00:00
Ana Guerrero
94738a2d79 Accepting request 1307863 from devel:libraries:c_c++ 
- version update to 2.7.3
  * Fix alignment of internal allocations for some non-amd64
    architectures (e.g. sparc32); fixes up on the fix to
    CVE-2025-59375 (of Expat 2.7.2)
  * Fix a class of false positives where input should have been
    rejected with error XML_ERROR_ASYNC_ENTITY; regression from
    CVE-2024-8176 (of Expat 2.7.0)
  * Prove and regression-proof absence of integer overflow
    from function expat_realloc
  * Remove "harmless" cast that truncated a size_t to unsigned
  * xmlwf: Resolve use of functions XML_GetErrorLineNumber
    and XML_GetErrorColumnNumber (forwarded request 1307469 from mathletic)

OBS-URL: https://build.opensuse.org/request/show/1307863
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=83
 2025-09-30 15:34:20 +00:00
Petr Gajdos
43e00776e0 - version update to 2.7.3 
* Fix alignment of internal allocations for some non-amd64
    architectures (e.g. sparc32); fixes up on the fix to
    CVE-2025-59375 (of Expat 2.7.2)
  * Fix a class of false positives where input should have been
    rejected with error XML_ERROR_ASYNC_ENTITY; regression from
    CVE-2024-8176 (of Expat 2.7.0)
  * Prove and regression-proof absence of integer overflow
    from function expat_realloc
  * Remove "harmless" cast that truncated a size_t to unsigned
  * xmlwf: Resolve use of functions XML_GetErrorLineNumber
    and XML_GetErrorColumnNumber

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=130
 2025-09-29 12:57:58 +00:00
Ana Guerrero
147c8e1034 Accepting request 1306571 from devel:libraries:c_c++ 
- version update to 2.7.2 [bsc#1249584]
  * CVE-2025-59375 -- Disallow use of disproportional amounts of
    dynamic memory from within an Expat parser
  * xmlwf: Fix (internal) help generator
  * xmlwf: Mention supported environment variables in
    --help output
  * see Changes for details

OBS-URL: https://build.opensuse.org/request/show/1306571
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=82
 2025-09-23 14:05:27 +00:00
Petr Gajdos
912b3146fd checkin 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=128
 2025-09-22 15:04:14 +00:00
Petr Gajdos
0f7763175e checkin 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=127
 2025-09-22 15:01:17 +00:00
Ana Guerrero
ea1c613089 Accepting request 1269185 from devel:libraries:c_c++ 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1269185
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=81
 2025-04-14 14:08:06 +00:00
Petr Gajdos
17bd2e5f6e checkin 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=125
 2025-04-07 08:35:18 +00:00
6 changed files with 72 additions and 23 deletions
Expand all files Collapse all files

BIN
expat-2.7.1.tar.xz LFS
View File

Binary file not shown.

16
expat-2.7.1.tar.xz.asc
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmflq4EACgkQliYqz/vT
rsbgBw/7BnBRKM4F7dvK5aAxJHyGC4uz2r/2ETQiC2kOu5DTJVa3whaITIrzG/3w
9ikYp5st/Xgm7pDTT1Hr1po/4JDr2eDJnUfml9EHPkkqCK3NUd6NzpRArEnHnoRx
1SLTB0TKpGAdHF87WlhThujq1NGWQTXtX6IPpXHm3K/K7saFy1aGE7WR0YGV2ytt
VxR/ucey2Gh2PqvfiIipAs81Qcyt3UM5U1TpViDQ3ezRF0CpgCDhQ8MkZxgu7c/k
LyE4c5Gla8MiJqcraX3Ymz6dCH6SRiX2NY5Vpy8f9yIqDq5eyhkHi5SPRx2jG5Ua
LVZmN0orxXgOFWyFZPoz4guO7hWLNjesq3cCySOOMBxydIXFVVPgwX0rtgaUXX77
Z3b05oCECGhvFO4BdXTTnKtaNoSnb7yjwqsBK8aupZfHnHSuUVV53wAOIwkBWpJk
CfOgkvdF59pOS+yQmV/VRjVZnIF9Rt/8mrStyKPHqAYJuTAKugicfpbVOfXQXSmk
ASAuVgzddFWMaircpMsZFBDTBk7a5jum39D67sVS74pDk2imvixYqtWo+8AI7NQ5
TqWXyULVD9K3OCh47w1zhwRfTskYAvX5lV0TTYo7kXtPMCyfPa8seBOpHtoSM8bB
+zZkWd/LNWcRRdcmenPnwv2GiLO5jCgAIuJrboyJPw8E93q94jA=
=Ug7G
-----END PGP SIGNATURE-----

BIN
expat-2.7.4.tar.xz LFS Normal file
View File

Binary file not shown.

17
expat-2.7.4.tar.xz.asc Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
iQJPBAABCAA5FiEEy43nCpDPv2w79cxWliYqz/vTrsYFAml967kbFIAAAAAABAAO
bWFudTIsMi41KzEuMTIsMiwyAAoJEJYmKs/7067G7AcQALg4k9deC50LsO68nWEr
IfzQWkoglhJUK34wPrn4BiAp5YVczwWaQhtOGEBNL/sDs+g/cQ5bBFQCYpjPQes3
ksMsr6JPwwCAE9bOPPJLTx7uFyBjZfdt2J6J4fpXpBdwumo6T2k56Pcd2nMeqa5+
M/tvt/nxaD+lJVJ40opWreFW5xj+DNN3H0zHz6ulsB0p87r6mK0dAFWwazCCg6nr
oKY0zdrIYeF81Dm5vBRR4sawWt8wJUR9K/L9EnxTHUyvHsDJuuFdGzHL8nKk5TxO
eYaD2ADc8XPmK5Pd/OTkQfKr3L+ZRFf6jDbISt2jze9aCxXhiB+Xtzrw7TpXTEZv
bSJbTb2EJnDVPpq8yiuPOeJsE6HTQW7q/XLPRazvhWijrkbcydgHyFY1WEAPfmvh
tjrI90jnM9Kn5HbbsATBg6vRrjOTbJTiDolMp7f7mhZEMaDh4XZC+VhyabZMbJT+
n8KIv20vJd06IPVg2g7cnntrIklQGbUMu+CgNSzswNCakS+1FuR2nieqeOVHUWjt
7y5KI/Hsv8QfsxmBLmSmQCNd5BgmHuxO/9TYmljYOn4Ham5/WMd3evBNeN6pcHzP
XKDZhbFBsi8v+cYCEieoiFsUxLJDpEalYw0dJscqjzRxbyDc6RyMHQwrwPiW/vtd
jw59c/STHgsUbtpPa6APuyOM
=k616
-----END PGP SIGNATURE-----

50
expat.changes
View File

@@ -1,3 +1,51 @@
-------------------------------------------------------------------
Tue Feb 3 08:17:21 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
- version update to 2.7.4
* CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
failed to copy the encoding handler data passed to
XML_SetUnknownEncodingHandler from the parent to the new
subparser. This can cause a NULL dereference (CWE-476) from
external entities that declare use of an unknown encoding.
The expected impact is denial of service. It takes use of
both functions XML_ExternalEntityParserCreate and
XML_SetUnknownEncodingHandler for an application to be
vulnerable.
* CVE-2026-25210 -- Add missing check for integer overflow
related to buffer size determination in function doContent
* lib: Fix missing undoing of group size expansion in doProlog
failure cases
* xmlwf: Fix a memory leak
* WASI: Fix format specifiers for 32bit WASI SDK
- fixes [bsc#1257144] and [bsc#1257496]
-------------------------------------------------------------------
Sat Sep 27 09:21:33 UTC 2025 - Christoph G <foss@grueninger.de>
- version update to 2.7.3
* Fix alignment of internal allocations for some non-amd64
architectures (e.g. sparc32); fixes up on the fix to
CVE-2025-59375 (of Expat 2.7.2)
* Fix a class of false positives where input should have been
rejected with error XML_ERROR_ASYNC_ENTITY; regression from
CVE-2024-8176 (of Expat 2.7.0)
* Prove and regression-proof absence of integer overflow
from function expat_realloc
* Remove "harmless" cast that truncated a size_t to unsigned
* xmlwf: Resolve use of functions XML_GetErrorLineNumber
and XML_GetErrorColumnNumber
-------------------------------------------------------------------
Mon Sep 22 14:54:27 UTC 2025 - pgajdos@suse.com
- version update to 2.7.2 [bsc#1249584]
* CVE-2025-59375 -- Disallow use of disproportional amounts of
dynamic memory from within an Expat parser
* xmlwf: Fix (internal) help generator
* xmlwf: Mention supported environment variables in
--help output
* see Changes for details
-------------------------------------------------------------------
Fri Mar 28 10:22:44 UTC 2025 - pgajdos@suse.com
@@ -186,7 +234,7 @@ Mon Feb 12 20:44:14 UTC 2024 - David Anes <david.anes@suse.com>
- Update to 2.6.0:
* Security fixes:
- CVE-2023-52425 (boo#1219559)
- CVE-2023-52425 (boo#1219559, bsc#1221563)
-- Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications

6
expat.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package expat
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
#
# All modifications and additions to the file contributed by third parties
@@ -17,10 +17,10 @@
#
%global unversion 2_7_1
%global unversion 2_7_4
%define sover 1
Name: expat
Version: 2.7.1
Version: 2.7.4
Release: 0
Summary: XML Parser Toolkit
License: MIT