SHA256
1
0
forked from pool/expat
expat/baselibs.conf
David Anes 5c08cf2073 - Update to 2.6.3:
* Security fixes:
    - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with
      len < 0 without noticing and then calling XML_GetBuffer
      will have XML_ParseBuffer fail to recognize the problem
      and XML_GetBuffer corrupt memory.
      With the fix, XML_ParseBuffer now complains with error
      XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
      has been doing since Expat 2.2.1, and now documented.
      Impact is denial of service to potentially artitrary code
      execution.
    - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an
      integer overflow for nDefaultAtts on 32-bit platforms
      (where UINT_MAX equals SIZE_MAX).
      Impact is denial of service to potentially artitrary code
      execution.
    - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can
      have an integer overflow for m_groupSize on 32-bit
      platforms (where UINT_MAX equals SIZE_MAX).
      Impact is denial of service to potentially artitrary code
      execution.
  * Other changes:
    - Autotools: Sync CMake templates with CMake 3.28
    - Autotools: Always provide path to find(1) for portability
    - Autotools: Ensure that the m4 directory always exists.
    - Autotools: Simplify handling of SIZEOF_VOID_P
    - Autotools: Support non-GNU sed
    - Autotools|CMake: Fix main() to main(void)
    - Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
    - Autotools|CMake: Stop requiring dos2unix

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=114
2024-09-05 10:33:41 +00:00

8 lines
179 B
Plaintext

expat
libexpat1
obsoletes "expat-<targettype>"
provides "expat-<targettype>"
libexpat-devel
requires -libexpat-<targettype>
requires "libexpat1-<targettype> = <version>"