From aadd52c63509fd87cb46d856f322397bebfd81634bb4ed1361b5eed827ae4cc1 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Mon, 21 Feb 2022 08:59:54 +0000 Subject: [PATCH] Accepting request 956174 from home:david.anes:branches:devel:libraries:c_c++ - update to 2.4.6 (bsc#1196168, CVE-2022-25313): * Bug fixes: - Fix a regression introduced by the fix for CVE-2022-25313 in release 2.4.5 that affects applications that (1) call function XML_SetElementDeclHandler and (2) are parsing XML that contains nested element declarations (e.g. ""). - Version info bumped from 9:5:8 to 9:6:8; see https://verbump.de/ for what these numbers do. OBS-URL: https://build.opensuse.org/request/show/956174 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=94 --- expat-2.4.6.tar.xz | 3 +++ expat-2.4.6.tar.xz.asc | 16 ++++++++++++++++ expat.changes | 13 +++++++++++++ expat.spec | 4 ++-- 4 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 expat-2.4.6.tar.xz create mode 100644 expat-2.4.6.tar.xz.asc diff --git a/expat-2.4.6.tar.xz b/expat-2.4.6.tar.xz new file mode 100644 index 0000000..95debb0 --- /dev/null +++ b/expat-2.4.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:de55794b7a9bc214852fdc075beaaecd854efe1361597e6268ee87946951289b +size 452468 diff --git a/expat-2.4.6.tar.xz.asc b/expat-2.4.6.tar.xz.asc new file mode 100644 index 0000000..92b7188 --- /dev/null +++ b/expat-2.4.6.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmISdL8ACgkQliYqz/vT +rsaPBhAAlALWvVoxvGj5Sko6xbOBVXfal/c40pbAN4yFVKYW1YBNaswB6cjQDuUI +VBLqQwtZicNWHxPCLF0bldJFbNiiR3w6cm08e4C+YKHtEH4FRsLDxzWYF1n7nd0t +Yez7BozXwafD2HDgx86bJOnVhSkn2fAHPKUGLErHLvpFg7aLvIOPtWPJ+9YeGeDa +B8SrQB7YLu9EpkUmwGUCB5zZremoX8vC3+2N8RR2HLQ0dq1VPaBJrJkinGP8j/W5 +bxi/eADCIt09cD6WEinFdE6M3LBSb1K8aKdnGxpQ8A3bs+XoBy6MTXCmdtnsa07y +whUEcWvu/npxgNAsZoW3LW2DPn0B8Ym/DW1K4GrtYVhZZGo7/mvazr2+LPo1xhUZ +x5iT4m+4COk0QwEb8rXVMIQAvlObdk8vR7AzPmetLiRrC1Ht2RQ5NCPGLoAUC/9t +Lw0X34MJ9xU1tSY7bWJzTa7RCaAjo36amnINsupw83PxOnFreshnIMvCULG9u99Y +lmF3XiyARjCbzYsJTGChldtQZ1tA4A+4aKO71HM/Ajo8CGBnB3q2W/88ORclOfpe +WJ0ubUUHp/63l6uZPg4hESdSS2ID6PY9WbrS91rNBSEr8ZOrra5VWbEif2fN+mDC +sy61OGEXvgNmGK06ygr8o8T32DLc+dh/ST6BMTpUo7PXKcA4/qg= +=gI+p +-----END PGP SIGNATURE----- diff --git a/expat.changes b/expat.changes index 22892bf..bbf4e3f 100644 --- a/expat.changes +++ b/expat.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Sun Feb 20 19:48:53 UTC 2022 - David Anes + +- update to 2.4.6 (bsc#1196168, CVE-2022-25313): + * Bug fixes: + - Fix a regression introduced by the fix for CVE-2022-25313 + in release 2.4.5 that affects applications that (1) + call function XML_SetElementDeclHandler and (2) are + parsing XML that contains nested element declarations + (e.g. ""). + - Version info bumped from 9:5:8 to 9:6:8; + see https://verbump.de/ for what these numbers do. + ------------------------------------------------------------------- Sat Feb 19 09:21:21 UTC 2022 - David Anes diff --git a/expat.spec b/expat.spec index 3b34222..159742e 100644 --- a/expat.spec +++ b/expat.spec @@ -16,9 +16,9 @@ # -%global unversion 2_4_5 +%global unversion 2_4_6 Name: expat -Version: 2.4.5 +Version: 2.4.6 Release: 0 Summary: XML Parser Toolkit License: MIT