diff --git a/expat-2.6.1.tar.xz b/expat-2.6.1.tar.xz deleted file mode 100644 index cb0e3d8..0000000 --- a/expat-2.6.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0c00d2760ad12efef6e26efc8b363c8eb28eb8c8de719e46d5bb67b40ba904a3 -size 484000 diff --git a/expat-2.6.1.tar.xz.asc b/expat-2.6.1.tar.xz.asc deleted file mode 100644 index 848987b..0000000 --- a/expat-2.6.1.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmXg6xUACgkQliYqz/vT -rsZWrw/9H+aLw9+Wk5KXrLSf0JxXoo11hQdHeMYbP1/1u/ne5phVehjRY1ebuZmh -425/adJQvcvGBoSpFcHQOJolgv1FRf3kZ30mXuibUVxuFTcqrebV4YXt/fL+FQ4W -he1aWO9V4MSoLudkt3bNAOYvPTQutLV1HqLmc3/YqzMDmF+Qd8lrk7qVP5tQX50C -yJC7E5gxlyZxlcXDRAeK96tzfG7eJMpmu11gyzSOdIlhUtmHpgBZ/nm8j5RNB+ih -nGSw//JVsOIgvijZNIjmNMe/BIid5Kw1g2ocQPYPyK0r+jqQ3Xqb4DhZaFJ4AIl0 -UGDTQr7DMhbpL5XOXUvlpBRx9S9/KMpYK0Pabo0x7BLc1WGqw73U5kZ9kTd504Uu -72nWhd0DVJ3EnTvcReyrPDmhMy+4EF3BxyBU/zvBy72ajhgjf0DpXrmGVK46i8I5 -C2VW+K54/fhbuLmcLqJ472Q0vEZ0hoAfI8ZCGe8bnDs4NlbyHUAcr3rwPxVpPcTs -ncHv7zrd0qEMtsJd6iUF9sGe/Sb6ZXq/0Ymvm19epr+RAGECtlA6lR0vv3Lm3nGo -P8Id7vF38uvVvD7QSk64qUlhMwtk8wApvl2KphqavQK8mEt9TkrTBsJ1MlS11W+9 -4zXpgr4bGGVbKGVw/1x+n7iIMDtk8qVfMbCZVmgt4+Fj6KyuSac= -=EhJd ------END PGP SIGNATURE----- diff --git a/expat-2.6.2.tar.xz b/expat-2.6.2.tar.xz new file mode 100644 index 0000000..9e310f5 --- /dev/null +++ b/expat-2.6.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ee14b4c5d8908b1bec37ad937607eab183d4d9806a08adee472c3c3121d27364 +size 485236 diff --git a/expat-2.6.2.tar.xz.asc b/expat-2.6.2.tar.xz.asc new file mode 100644 index 0000000..d7b4a9c --- /dev/null +++ b/expat-2.6.2.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmXx2UUACgkQliYqz/vT +rsYCKw//X838HdkfERw6b0UaauHg3k5h5yzV/4gPzmVWlLhPaSFH6Ns69p7vvHz0 +xtSH0GQ4rp+l7GAjFoH5dzJxZ4g/EstYK+QJwOK7A9+gf86tbFt6pNj43u7bHqW2 +0p55xEoCcki+sZv1WX3VPe7NcCq7cs7UeOyOcqADZkmzcLkpHATh9kiA/LHe5WKp +jbAZthOCBG3S40xGib9KLZMR/fJ3RKaWsm+Jl+SABEQk5VmpOuoocboE+ZlTfEC/ +9F7czV28xHfdhfhP4nA328VgVPPP1atyVw0sO79fpnxmAFMZO31j/cGIyv4sQX1/ +2MLDbXWeEX6C2+ZCaTtNZbtxq7n+ydI9BAHWawN6BE2DNpt4w0x7m+QzrG207Y9r +jP+vFLC4winwaXoraJeZ18A7I5lOklNJ/iwzwVQHp+kLM1uGOuc5z/NWmBff1out +ErgjbAbINNIXEpjZ7AETUai0q2PJRucFsYxjYs19RKObbM8BLo7zbzL93QHm947R +46+iyemznYXQP2vsBjjQDzPhtyTk3evbRTWy5Mq0XXt8NSBrgGHGU4h35sQL3z2a +Qw6RhRRMIfrnntvDmLO2kbdBLmz4GQGfmmlUyvDtB6SivD3BWvX91lArfozad5Ve +pL8oFOu2ObHqCK6foTvwhYl05a7yaElwGX9vTBDsYT9Vqol0sKk= +=M9y2 +-----END PGP SIGNATURE----- diff --git a/expat.changes b/expat.changes index e3cf862..6af9c10 100644 --- a/expat.changes +++ b/expat.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Mar 13 22:23:20 UTC 2024 - Andreas Stieger + +- update to 2.6.2: + * CVE-2024-28757 -- Prevent billion laughs attacks with isolated + use of external parsers (boo#1221289) + * Reject direct parameter entity recursion and avoid the related + undefined behavior + ------------------------------------------------------------------- Fri Mar 1 16:45:35 UTC 2024 - Andreas Stieger diff --git a/expat.spec b/expat.spec index bec65a4..eea8c8b 100644 --- a/expat.spec +++ b/expat.spec @@ -2,6 +2,7 @@ # spec file for package expat # # Copyright (c) 2024 SUSE LLC +# Copyright (c) 2024 Andreas Stieger # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,9 +17,10 @@ # -%global unversion 2_6_1 +%global unversion 2_6_2 +%define sover 1 Name: expat -Version: 2.6.1 +Version: 2.6.2 Release: 0 Summary: XML Parser Toolkit License: MIT @@ -39,11 +41,11 @@ Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags). -%package -n libexpat1 +%package -n libexpat%{sover} Summary: XML Parser Toolkit Group: System/Libraries -%description -n libexpat1 +%description -n libexpat%{sover} Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags). @@ -52,7 +54,7 @@ parser might find in the XML document (like start tags). Summary: Development files for expat, an XML parser toolkit Group: Development/Libraries/C and C++ Requires: glibc-devel -Requires: libexpat1 = %{version} +Requires: libexpat%{sover} = %{version} %description -n libexpat-devel Expat is an XML parser library written in C. It is a stream-oriented @@ -89,8 +91,7 @@ cp %{SOURCE3} . %make_install find %{buildroot} -type f -name "*.la" -delete -print -%post -n libexpat1 -p /sbin/ldconfig -%postun -n libexpat1 -p /sbin/ldconfig +%ldconfig_scriptlets -n libexpat%{sover} %files %license COPYING @@ -102,9 +103,12 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_mandir}/man1/xmlwf.1%{?ext_man} %files -n libexpat1 -%{_libdir}/libexpat.so.* +%license COPYING +%{_libdir}/libexpat.so.%{sover} +%{_libdir}/libexpat.so.%{sover}.* %files -n libexpat-devel +%license COPYING %{_includedir}/* %{_libdir}/libexpat.so %{_libdir}/pkgconfig/expat.pc