- update to 2.4.9: (bsc#1203438)
* Security fixes:
- CVE-2022-40674 -- Heap use-after-free vulnerability in
function doContent. Expected impact is denial of service
or potentially arbitrary code execution.
* Bug fixes:
- MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
- docs: Fix documentation on effect of switch XML_DTD on
symbol visibility in doc/reference.html
* Other changes:
- MinGW: Make fix-xmltest-log.sh drop more Wine bug output
- Autotools: Sync CMake templates with CMake 3.22
- CMake: Migrate from use of CMAKE_*_POSTFIX to
dedicated variables EXPAT_*_POSTFIX to stop affecting
other projects
- Windows|CMake: Add missing -DXML_STATIC to test runners
and fuzzers
- Windows|CMake: Render .def file from a template to fix
linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
- MinGW|CMake: Apply MSVC .def file when linking
- MinGW|CMake: Sync library name with GNU Autotools,
i.e. produce libexpat-1.dll rather than libexpat.dll
by default. Filename libexpat.dll.a is unaffected.
- MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
toolchain file "cmake/mingw-toolchain.cmake" to avoid
error "windres: Command not found" on e.g. Ubuntu 20.04
- CMake: Unify inconsistent use of set() and option() in
context of public build time options to take need for
set(.. FORCE) in projects using Expat by means of
add_subdirectory(..) off Expat's users' shoulders
OBS-URL: https://build.opensuse.org/request/show/1005005
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=100