From 27020d8454b4b262a68bbd718c02aaad4bd980c48286b4724288354bba921801 Mon Sep 17 00:00:00 2001 From: David Anes Date: Wed, 26 Oct 2022 06:27:39 +0000 Subject: [PATCH] Accepting request 1031256 from home:david.anes:branches:devel:libraries:c_c++ - Update to 2.5.0: (bsc#1204708) * Security fixes: - CVE-2022-43680 -- Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations. Expected impact is denial of service or potentially arbitrary code execution. * Bug fixes: - Fix curruption from undefined entities - Fix case when parsing was suspended while processing nested entities - Stop leaking opening tag bindings after a closing tag mismatch error where a parser is reset through XML_ParserReset and then reused to parse - CMake: Fix generation of pkg-config file - MinGW|CMake: Fix static library name * Other changes: - Protect header expat_config.h from multiple inclusion - examples: Make use of XML_GetBuffer and be more consistent across examples - Address compiler warnings - Version info bumped from 9:9:8 to 9:10:8; see https://verbump.de/ for what these numbers do OBS-URL: https://build.opensuse.org/request/show/1031256 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=102 --- expat-2.4.9.tar.xz | 3 --- expat-2.4.9.tar.xz.asc | 16 ---------------- expat-2.5.0.tar.xz | 3 +++ expat-2.5.0.tar.xz.asc | 16 ++++++++++++++++ expat.changes | 27 +++++++++++++++++++++++++++ expat.spec | 4 ++-- 6 files changed, 48 insertions(+), 21 deletions(-) delete mode 100644 expat-2.4.9.tar.xz delete mode 100644 expat-2.4.9.tar.xz.asc create mode 100644 expat-2.5.0.tar.xz create mode 100644 expat-2.5.0.tar.xz.asc diff --git a/expat-2.4.9.tar.xz b/expat-2.4.9.tar.xz deleted file mode 100644 index f899838..0000000 --- a/expat-2.4.9.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6e8c0728fe5c7cd3f93a6acce43046c5e4736c7b4b68e032e9350daa0efc0354 -size 459284 diff --git a/expat-2.4.9.tar.xz.asc b/expat-2.4.9.tar.xz.asc deleted file mode 100644 index 104376f..0000000 --- a/expat-2.4.9.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmMp1wEACgkQliYqz/vT -rsaXDxAAqRARLP+yOmmhEyTA88yGemIPQnZ+7dYiOLBCxIlTOTwxGAIRHZqiJnG/ -yZte1IE80b7RVGsoEo+bumRBio8RB1B+kLmfWU/KmKsGKoarTGXj9KjCwybDLwo5 -VFEbYLfsVc6BdrXeTs3gwYM11e95p+y5HQiIBOYr6dXkgzg+NRyfj0o7hjg8gbhN -fDES6MgWhtZQyIvBLGCoU9juFYefvrshmvSh4q2wzzfpw9COH6zOcmh0rqtHsvRT -GR1YwQGl0v+vlFcRBpLIadw3/0mjjrl1gBcmdqL7wIsFVajMcV50sk6C5kSlKYe4 -37tKo2Kc8Ci687m9wfS5fdBN/oj11LG24xwBeJILrZbUxwE6lX071uy81qqv9NiJ -RrbupIfXJXas/h16/2HdwkI4yWt+AoVmiZAYApF1xXyfiLHiOEyzQ2wSwYTb3GH0 -OaWLsUk6RWPDK1a/MNHIgX5PFDC5LH5/MlNS59MscvOQHkdrvOIjNw7pg93Zh2jY -wLWdxDqiZUMGj3Q8f0iRksl4lAkg+xRT7mCBqRMXxZs6/iq7cgRaMBRqwyLHZOUB -/9w97mLHM+hHLzCDMCGj4kcanPhWaNtdiPNyhxGT+pMAc7czNVxIALCuzX6ntwfn -9Fr1aJJ5B5tUMGXohqL4ltHt75gSL+LgxRojwJSSLIN24WSXJJk= -=7F5I ------END PGP SIGNATURE----- diff --git a/expat-2.5.0.tar.xz b/expat-2.5.0.tar.xz new file mode 100644 index 0000000..8493364 --- /dev/null +++ b/expat-2.5.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ef2420f0232c087801abf705e89ae65f6257df6b7931d37846a193ef2e8cdcbe +size 460560 diff --git a/expat-2.5.0.tar.xz.asc b/expat-2.5.0.tar.xz.asc new file mode 100644 index 0000000..057be16 --- /dev/null +++ b/expat-2.5.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmNYAlAACgkQliYqz/vT +rsYnzw/+Nn8rFvElM2th9ex3Yt6UkNtx/hZWITig7URH7wHtShHA957xMcJiby4R +/RoKbtcb3+RNeOtDMycT4wFy2p/tmuJ3mPL0ewFkKkfw1Uk489AbYukzSbg/YmNZ +3+r6DFAd+kJOpe+6m4Nhxg2iohVQoXjQPBK02njkuKN66thrFGxnQDfi62qAbIm+ +7Ac+McmOypDuG1H+E2eeRIMwgGyU2yiCvqtleKfRaF596wdfbv/gIFcETKI7wMnV +ExAhZSVDgiojGqwhW7vZOvrwmuDsZOazVSMyasntJazCynWLZ5hAkRtpNvsvIR3i +cUd904PPjrr5VFQmDQxI4HieeloI5aipl7y4wR+g7WE1JjKs4ScVA8llIsLvZie/ +fZh+Fz/TS4B8hJpnkRGXc7IpovXyFDb+C0WkBxy77OvdEu7QgXaIh1+AT10FkQsF +HbJT3vHk71D3D5JlUv9DPL8YZ3gFTQF7LwpvfJVDUiYe3hn+f4u4XAt6F3zVnXok +NEs8fflALfgtIC46nPbhcrxQdO/CyWGIWhisDwoB6FHloZc8EWuWidg7SOdApK1W +s2ycdH7XLEBXCriIpKWHS9ebkWyPQHe/Ezi2pv0ieZU1TVtV6nVv5YlH2QHBoZJK +VPlgb5u2zVp9y/bthnZPgRId53kdnZCXezKLQ+wc27Taojpnzws= +=UAN0 +-----END PGP SIGNATURE----- diff --git a/expat.changes b/expat.changes index ff3b826..e9a90dc 100644 --- a/expat.changes +++ b/expat.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Wed Oct 26 06:19:38 UTC 2022 - David Anes + +- Update to 2.5.0: (bsc#1204708) + * Security fixes: + - CVE-2022-43680 -- Fix heap use-after-free after overeager + destruction of a shared DTD in function + XML_ExternalEntityParserCreate in out-of-memory situations. + Expected impact is denial of service or potentially arbitrary + code execution. + * Bug fixes: + - Fix curruption from undefined entities + - Fix case when parsing was suspended while processing nested + entities + - Stop leaking opening tag bindings after a closing tag mismatch + error where a parser is reset through XML_ParserReset and then + reused to parse + - CMake: Fix generation of pkg-config file + - MinGW|CMake: Fix static library name + * Other changes: + - Protect header expat_config.h from multiple inclusion + - examples: Make use of XML_GetBuffer and be more consistent + across examples + - Address compiler warnings + - Version info bumped from 9:9:8 to 9:10:8; see + https://verbump.de/ for what these numbers do + ------------------------------------------------------------------- Tue Sep 20 15:54:12 UTC 2022 - David Anes diff --git a/expat.spec b/expat.spec index 62b716d..3612f2e 100644 --- a/expat.spec +++ b/expat.spec @@ -16,9 +16,9 @@ # -%global unversion 2_4_9 +%global unversion 2_5_0 Name: expat -Version: 2.4.9 +Version: 2.5.0 Release: 0 Summary: XML Parser Toolkit License: MIT