From c847592a56bcaa01aa8d17e0fcf1b060209be7171b44189d69fa9f2447a1120e Mon Sep 17 00:00:00 2001 From: David Anes Date: Mon, 31 Jan 2022 06:34:36 +0000 Subject: [PATCH] Accepting request 950089 from home:david.anes:branches:devel:libraries:c_c++ - update to 2.4.4 (bsc#1195217, bsc#1195054): * Security fixes: - CVE-2022-23852 -- Fix signed integer overflow (undefined behavior) in function XML_GetBuffer that is also called by function XML_Parse internally) for when XML_CONTEXT_BYTES is defined to >0 (which is both common and default). Impact is denial of service or more. - CVE-2022-23990 -- Fix unsigned integer overflow in function doProlog triggered by large content in element type declarations when there is an element declaration handler present (from a prior call to XML_SetElementDeclHandler). Impact is denial of service or more. * Bug fixes: - xmlwf: Fix a memory leak on output file opening error * Other changes: - Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do * Drop unused file valid-xhtml10.png OBS-URL: https://build.opensuse.org/request/show/950089 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=92 --- expat-2.4.3.tar.xz | 3 --- expat-2.4.3.tar.xz.asc | 16 ---------------- expat-2.4.4.tar.xz | 3 +++ expat-2.4.4.tar.xz.asc | 16 ++++++++++++++++ expat.changes | 23 +++++++++++++++++++++++ expat.spec | 6 +++--- 6 files changed, 45 insertions(+), 22 deletions(-) delete mode 100644 expat-2.4.3.tar.xz delete mode 100644 expat-2.4.3.tar.xz.asc create mode 100644 expat-2.4.4.tar.xz create mode 100644 expat-2.4.4.tar.xz.asc diff --git a/expat-2.4.3.tar.xz b/expat-2.4.3.tar.xz deleted file mode 100644 index b88aae0..0000000 --- a/expat-2.4.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b1f9f1b1a5ebb0acaa88c9ff79bfa4e145823b78aa5185e5c5d85f060824778a -size 451012 diff --git a/expat-2.4.3.tar.xz.asc b/expat-2.4.3.tar.xz.asc deleted file mode 100644 index 41ffd27..0000000 --- a/expat-2.4.3.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmHkI5AACgkQliYqz/vT -rsaDyg//Uz2cyoYU79ndQt2jI+zaq58KGhyqHt1CfjPp8jCjhTlkTcFsmE8ftzaa -1IpI+CKyGatiFh8mIy7Pq+V9nOJkyfmp6t0QCaa/eE7ngOHAz8PDEwj4ievY1aBx -2dvvwLLrtXaIYhj48v1/xmpCCXUL0os0BIqs6WWl6l0mE3ba1J6AITnZytp1zPy9 -NfaVxRirqA6z8n3TpMZ0FvLXGC0e9aRkE6vR+EQvHmTzdbvJhi0kXhjVIL72QR2R -9MrpoBD+Wyq+c4wE2otqJWj5Cazb2Ri5uVsoCHGHOGRSFPW4g+7dQC+dK9O+pzQ9 -c/BlmLQTkmgkSLQbKSsFAociaKEe7ef1tXqxTEpsqqbfC9GqVKGfkDzSoigQfJbl -sKXXZvXVj/6LxhioKTEEAHZ21Z8a2qG3Q+g4Trd7uAPIrz2wQwwkB+TF1i8HAeRy -q8nNTPbbAmtFe2NuetyZeTaUbPHZAuxl7hH8JnsFs5vTUdP5C9xxGXU7c6xXRL1H -qKH60WPSxNUxtaiprTrWsyaKX4z3cQRp2pp0wf1M9m4jPWPSpi8SSkZu/C3xhNIz -U+cs3Ile+ctQSpx8R1nV3VE71NecjW7dkgnU29JkmCohpobAfWPJJMBopTNzPRCW -JxRLuQ//kpt7OnuNsaI/Ko3MTyvmP82Ynup1u8HrfTnLTFCT3Ic= -=26Td ------END PGP SIGNATURE----- diff --git a/expat-2.4.4.tar.xz b/expat-2.4.4.tar.xz new file mode 100644 index 0000000..1feebe8 --- /dev/null +++ b/expat-2.4.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b5d25d6e373351c2ed19b562b4732d01d2589ac8c8e9e7962d8df1207cc311b8 +size 449448 diff --git a/expat-2.4.4.tar.xz.asc b/expat-2.4.4.tar.xz.asc new file mode 100644 index 0000000..e64e933 --- /dev/null +++ b/expat-2.4.4.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmH11+gACgkQliYqz/vT +rsYnng/+PctRB7klFTZ8BhmZXw7p3zasX9j17kY1/a24LT79mBNz+jSlxHI1nhwQ +ML9Tn3H/YdyriqYYVngjqrNoUFxGmTvF/VHE92AZ1AoDyqDUmzj061hcAIJvFevz +Ucn3f4dgBZJ8qsys0Y3SIaEZNLdTkOz4wT2czSdWHxwaGS/FCa28wJ3ed5Sr8dSS +KMzt6WG6nkqPUNMnlgX24wmg+Y5wcdGipTD/hbDoSkSWK5s2qUhNDs8Nuq8MLKu4 +PAawLOg/TyZAN36nX7/WZiaPB5pOgLsgP94DOyQBtF4+O/tGTADKazhV7e5pOwTb +dzdGBzpgbhIa70V/iSLX0TcE8NlFEp3RLMd9Yv19w/S7Dhju3ZrcjVVpwlwnR16w +nWr5vNMw+HiF0QrtKt1swSex5GuMHbzGAQqAfOQZwGPe/kDfC6TSwKvJwWOjVzuF +JYoFMAM2vIT6zf0l5HvmysFEx9Z0hFuV9/R2cv5ADqWLj88L4sQGaVQrmJDuYxao +swYRHqOkl2T36prwQPpHXs8B1GovuMTJqBf3WwBx00TC+/slvM04HCx02p6zk2HV +awfYf93A8HiywTmlQCOoSBve7tvpluNulICCAOHmxeE4DpZvjjHqEtfUeyiKrtnN +pTWzdnmoxC95gBKxft3VAx6RNk144kNQUYIJ+N6SulBI72O2hVI= +=vDlI +-----END PGP SIGNATURE----- diff --git a/expat.changes b/expat.changes index d1e5e6e..f05e199 100644 --- a/expat.changes +++ b/expat.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Mon Jan 31 06:13:13 UTC 2022 - David Anes + +- update to 2.4.4 (bsc#1195217, bsc#1195054): + * Security fixes: + - CVE-2022-23852 -- Fix signed integer overflow + (undefined behavior) in function XML_GetBuffer + that is also called by function XML_Parse internally) + for when XML_CONTEXT_BYTES is defined to >0 (which is both + common and default). + Impact is denial of service or more. + - CVE-2022-23990 -- Fix unsigned integer overflow in function + doProlog triggered by large content in element type + declarations when there is an element declaration handler + present (from a prior call to XML_SetElementDeclHandler). + Impact is denial of service or more. + * Bug fixes: + - xmlwf: Fix a memory leak on output file opening error + * Other changes: + - Version info bumped from 9:3:8 to 9:4:8; + see https://verbump.de/ for what these numbers do + * Drop unused file valid-xhtml10.png + ------------------------------------------------------------------- Mon Jan 17 09:14:10 UTC 2022 - Dirk Müller diff --git a/expat.spec b/expat.spec index b58c7b0..fdd3a1e 100644 --- a/expat.spec +++ b/expat.spec @@ -16,9 +16,9 @@ # -%global unversion 2_4_3 +%global unversion 2_4_4 Name: expat -Version: 2.4.3 +Version: 2.4.4 Release: 0 Summary: XML Parser Toolkit License: MIT @@ -95,7 +95,7 @@ chmod 0644 examples/elements.c %files %license COPYING %doc AUTHORS README.md expatfaq.html -%doc doc/reference.html doc/style.css doc/valid-xhtml10.png +%doc doc/reference.html doc/style.css %doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in %doc changelog %{_bindir}/xmlwf