pool/expat
SHA256
17
0
Fork 4
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2 testing:main testing:factory
..
compare: testing:factory
Branches Tags
testing:main testing:factory pool:factory pool:slfo-main pool:slfo-1.2

5 Commits
slfo-main ... factory

Author SHA256 Message Date
Ana Guerrero
147c8e1034 Accepting request 1306571 from devel:libraries:c_c++ 
- version update to 2.7.2 [bsc#1249584]
  * CVE-2025-59375 -- Disallow use of disproportional amounts of
    dynamic memory from within an Expat parser
  * xmlwf: Fix (internal) help generator
  * xmlwf: Mention supported environment variables in
    --help output
  * see Changes for details

OBS-URL: https://build.opensuse.org/request/show/1306571
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=82
 2025-09-23 14:05:27 +00:00
Petr Gajdos
912b3146fd checkin 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=128
 2025-09-22 15:04:14 +00:00
Petr Gajdos
0f7763175e checkin 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=127
 2025-09-22 15:01:17 +00:00
Ana Guerrero
ea1c613089 Accepting request 1269185 from devel:libraries:c_c++ 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1269185
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=81
 2025-04-14 14:08:06 +00:00
Petr Gajdos
17bd2e5f6e checkin 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=125
 2025-04-07 08:35:18 +00:00
6 changed files with 21 additions and 60 deletions
Expand all files Collapse all files

BIN
expat-2.7.2.tar.xz LFS Normal file
View File

Binary file not shown.

16
expat-2.7.2.tar.xz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmjJjAcACgkQliYqz/vT
rsbRdRAAj9lKcun8hAC3pS3LueWJT46/Lb+yeuMbBdNLlTft6Scvb+WZGHP63lxX
B4jv+qpPF5Yz5uUwa+h3BwYvQXRH7d1fzX1TdRDHLrvbid92EFjZ2lJSJ9Ihx1ql
qfQCD7fZQyfIYV+IKIy4QrxAaQFnNc9NvXZ9runiiya9fd3Xx8u+UecPBGyqCAx+
hMfp8uilLxeVd/P3N3aOJwsLaqrEp4alXX3sa5BCCLYT6Ei5/PuxQhRq0UMK9YMV
O3hdxcAtYNRq5ZObTApnscn4APJdyF/pzUQQQCatm9MmCKPyxUpEId0X759mpJBH
ZpqQLDQMdsNEp5MLNvMufMjaEWw9WfBvx/vy2o6WZZch+ObUMTBEiSAO/MozT9qe
zKdeZaWQ8MMUP+6+t0H+Q45TP1qMIQirGqIkkgHLykes91HpumRyPyTR4+rR3siA
2/IpzD5uuw/3XVFJiqLrmh0ILp/32CkaAiBZZ3oDUridGNk3yiyAAzUZEB54pmFf
jXyX1qdN8R3xgtjNBXW+q+klJqu3Oifr1Ehl46BJAky9Ttysmh/WiHrdZaxSsTDZ
9E7DpxKtQyV7x0vQOslQVTwyX+HFPYGZntOmqM0grsQ0hMSDDCBd0UJTwrYrtazX
zE6GNDHzgd3sFaCwwJzvnxogXruQrHht0F5ZHEzcUStmtP86XRE=
=rCmF
-----END PGP SIGNATURE-----

BIN
expat-2.7.4.tar.xz LFS
View File

Binary file not shown.

17
expat-2.7.4.tar.xz.asc
View File

@@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQJPBAABCAA5FiEEy43nCpDPv2w79cxWliYqz/vTrsYFAml967kbFIAAAAAABAAO
bWFudTIsMi41KzEuMTIsMiwyAAoJEJYmKs/7067G7AcQALg4k9deC50LsO68nWEr
IfzQWkoglhJUK34wPrn4BiAp5YVczwWaQhtOGEBNL/sDs+g/cQ5bBFQCYpjPQes3
ksMsr6JPwwCAE9bOPPJLTx7uFyBjZfdt2J6J4fpXpBdwumo6T2k56Pcd2nMeqa5+
M/tvt/nxaD+lJVJ40opWreFW5xj+DNN3H0zHz6ulsB0p87r6mK0dAFWwazCCg6nr
oKY0zdrIYeF81Dm5vBRR4sawWt8wJUR9K/L9EnxTHUyvHsDJuuFdGzHL8nKk5TxO
eYaD2ADc8XPmK5Pd/OTkQfKr3L+ZRFf6jDbISt2jze9aCxXhiB+Xtzrw7TpXTEZv
bSJbTb2EJnDVPpq8yiuPOeJsE6HTQW7q/XLPRazvhWijrkbcydgHyFY1WEAPfmvh
tjrI90jnM9Kn5HbbsATBg6vRrjOTbJTiDolMp7f7mhZEMaDh4XZC+VhyabZMbJT+
n8KIv20vJd06IPVg2g7cnntrIklQGbUMu+CgNSzswNCakS+1FuR2nieqeOVHUWjt
7y5KI/Hsv8QfsxmBLmSmQCNd5BgmHuxO/9TYmljYOn4Ham5/WMd3evBNeN6pcHzP
XKDZhbFBsi8v+cYCEieoiFsUxLJDpEalYw0dJscqjzRxbyDc6RyMHQwrwPiW/vtd
jw59c/STHgsUbtpPa6APuyOM
=k616
-----END PGP SIGNATURE-----

38
expat.changes
View File

@@ -1,41 +1,3 @@
-------------------------------------------------------------------
Tue Feb 3 08:17:21 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
- version update to 2.7.4
* CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
failed to copy the encoding handler data passed to
XML_SetUnknownEncodingHandler from the parent to the new
subparser. This can cause a NULL dereference (CWE-476) from
external entities that declare use of an unknown encoding.
The expected impact is denial of service. It takes use of
both functions XML_ExternalEntityParserCreate and
XML_SetUnknownEncodingHandler for an application to be
vulnerable.
* CVE-2026-25210 -- Add missing check for integer overflow
related to buffer size determination in function doContent
* lib: Fix missing undoing of group size expansion in doProlog
failure cases
* xmlwf: Fix a memory leak
* WASI: Fix format specifiers for 32bit WASI SDK
- fixes [bsc#1257144] and [bsc#1257496]
- obsolete CVE-2025-59375.patch
-------------------------------------------------------------------
Sat Sep 27 09:21:33 UTC 2025 - Christoph G <foss@grueninger.de>
- version update to 2.7.3
* Fix alignment of internal allocations for some non-amd64
architectures (e.g. sparc32); fixes up on the fix to
CVE-2025-59375 (of Expat 2.7.2)
* Fix a class of false positives where input should have been
rejected with error XML_ERROR_ASYNC_ENTITY; regression from
CVE-2024-8176 (of Expat 2.7.0)
* Prove and regression-proof absence of integer overflow
from function expat_realloc
* Remove "harmless" cast that truncated a size_t to unsigned
* xmlwf: Resolve use of functions XML_GetErrorLineNumber
and XML_GetErrorColumnNumber
-------------------------------------------------------------------
Mon Sep 22 14:54:27 UTC 2025 - pgajdos@suse.com

4
expat.spec
View File

@@ -17,10 +17,10 @@
#
%global unversion 2_7_4
%global unversion 2_7_2
%define sover 1
Name: expat
Version: 2.7.4
Version: 2.7.2
Release: 0
Summary: XML Parser Toolkit
License: MIT