From 562a383c04e50100febd016a4b41ce35d1fffb1f43563161ee2a43605536ef24 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Thu, 27 May 2021 15:19:18 +0000
Subject: [PATCH] Accepting request 895213 from
 home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to 2.4.1:
  * Bug fixes:
    - Autotools: Fix installed header expat_config.h for multilib
      systems; regression introduced in 2.4.0 by pull request #486
  * Other changes:
    - Version info bumped from 9:0:8 to 9:1:8; see
      https://verbump.de/ for what these numbers do

- Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"]
  * Security fixes:
    - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
      (denial-of-service; flavors targeting CPU time or RAM or both,
      leveraging general entities or parameter entities or both)
      by tracking and limiting the input amplification factor
      (<amplification> := (<direct> + <indirect>) / <direct>).
      By conservative default, amplification up to a factor of 100.0
      is tolerated and rejection only starts after 8 MiB of output bytes
      (=<direct> + <indirect>) have been processed.
      The fix adds the following to the API:
      - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
        signals this specific condition.
      - Two new API functions ..
        - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
        - XML_SetBillionLaughsAttackProtectionActivationThreshold
        .. to further tighten billion laughs protection parameters
        when desired.  Please see file "doc/reference.html" for details.
        If you ever need to increase the defaults for non-attack XML
        payload, please file a bug report with libexpat.
      - Two new XML_FEATURE_* constants ..
        - that can be queried using the XML_GetFeatureList function, and

OBS-URL: https://build.opensuse.org/request/show/895213
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=88
---
 expat-2.3.0.tar.xz     |  3 --
 expat-2.3.0.tar.xz.asc | 16 ----------
 expat-2.4.1.tar.xz     |  3 ++
 expat-2.4.1.tar.xz.asc | 16 ++++++++++
 expat.changes          | 70 ++++++++++++++++++++++++++++++++++++++++++
 expat.spec             |  6 ++--
 6 files changed, 92 insertions(+), 22 deletions(-)
 delete mode 100644 expat-2.3.0.tar.xz
 delete mode 100644 expat-2.3.0.tar.xz.asc
 create mode 100644 expat-2.4.1.tar.xz
 create mode 100644 expat-2.4.1.tar.xz.asc

diff --git a/expat-2.3.0.tar.xz b/expat-2.3.0.tar.xz
deleted file mode 100644
index fdc98c9..0000000
--- a/expat-2.3.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:caa34f99b6e3bcea8502507eb6549a0a84510b244a748dfb287271b2d47467a9
-size 433508
diff --git a/expat-2.3.0.tar.xz.asc b/expat-2.3.0.tar.xz.asc
deleted file mode 100644
index 6c32fa9..0000000
--- a/expat-2.3.0.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmBb2eIACgkQliYqz/vT
-rsZ1hw//RPMDuqOoVHnbIByIkT5un1oWwdMLTmLFoTfHZCVruPK8RZ44f7eyxGRn
-UeLuP+MFxVrco2ZE7DbdpPkVLTWD7rRwZmi5vcGT+V78KK9H+d21lMAGZHlupSqk
-Y3O2Ofj6s8Twq6q4P6UOetldpsaj58gJTwNAuklv4jFlmjppohwhxRiwvofcyuom
-3gbY11Mzr36oKi0phDhmMUFx/aeG6SogZsgDAlKS+GCqqwPUtUrA6GRGPJQIswzz
-2bsw9xAKhAdKtZRFx9DrW9l/fGsZ64xHkg3Z9CHq54cHpuX4ahmhjdQM1ieyHCHs
-NuXO0vPPy6miaWq8Yd6l1Oo7FpTNsnZ5gmpNt1KchWTrc4BeGtFY39o4zhccf0AZ
-rh1sEauxbcoo5bi0w8u1WCLKFudLvijZG78dqXn8jyVEd526PmLnluQcF8q+wfiU
-Ak2tvAmqklL+B4roJj9HC/GwOYPRwBPH6p9naRprAtAyS12yy+28DDYATJemyC0T
-FlrKRpv2JbpGDmMBB/z/8fJoJnlPnPkyzZdOrkwgryPR/sqaOEv/3SNcoN4BC7jT
-0rbrVc93zz9i+vVTuNRrBcoiY/nkdOSPmLN4AGGt3pkhuZFA0D2Bz2E3KG4AAb+x
-DeOQkAQShx7J+FY5HA4oXlQ4/rtukhAojqe4gb6THiEY1p7CLDY=
-=Is1u
------END PGP SIGNATURE-----
diff --git a/expat-2.4.1.tar.xz b/expat-2.4.1.tar.xz
new file mode 100644
index 0000000..70d97aa
--- /dev/null
+++ b/expat-2.4.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cf032d0dba9b928636548e32b327a2d66b1aab63c4f4a13dd132c2d1d2f2fb6a
+size 445024
diff --git a/expat-2.4.1.tar.xz.asc b/expat-2.4.1.tar.xz.asc
new file mode 100644
index 0000000..90550d0
--- /dev/null
+++ b/expat-2.4.1.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmCqgzgACgkQliYqz/vT
+rsbPkxAAg/IYtwG35b0vmVAMbwQ4PPkh4mz6ZeqonakobUv2S1clObYmvwCAkqs/
+SeLwRd2LEuXFfXriIScje78/R+NaNChod8Pq8cCup+HgKuC6S3I8ZHe/0f1Zk0D2
+ofNXAEJ+vgNf3LsSAJrOnQ6wr2nx0zqWvuznh76WxbjV87x1+389JZdW7rnG9Hsw
+Cd+BjsjysPk7Mt1QiNiV3FvRn/+uvfCbQwkMgo4ntQYZeia/8g2B1WLoTuU+lLtN
+EmaZsQRQP4hSLiofDLYwhTJ0eeOdBD9taQrHf1cafFpI0ZXPrSHNMOa8f2PzFH0n
+KNHtepdIrQZxxABF2tFOdGKUBuaRWqeRXT/dgZgbE9kZI0iRYb/4ADRh6sGXs9eP
+8JW8OZxOHlGjpMPAiQBCEmfJAUKkzDxfKKuEcSi38yr3KmRK/uzLeoAgCyxIvr/i
+Mx4yxsuCCi/xsCcEu0YZophYX0AJY2STzFE2PpXK/3dHUuwX50dCBasTKWTCqLXk
+gFp0xJHAcSImo0VFwNsp9CKDUIL9NWafFQClIjG1SY201Z2l2uyp7iYRWiSBgQ2v
+dc1nu2BH7ZnIYy/XuCjGIXaf/qLBOphSjKdy58Zp9NOCPgFiIP3W2CtyAV5sk+Nh
+fg1R9LHqYr8KfofpdA+sUJ5HByyVTnB1s4xLsq2DGP6rIExrONw=
+=xupO
+-----END PGP SIGNATURE-----
diff --git a/expat.changes b/expat.changes
index 31980ec..0ac3cfd 100644
--- a/expat.changes
+++ b/expat.changes
@@ -1,3 +1,73 @@
+-------------------------------------------------------------------
+Mon May 24 08:17:12 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 2.4.1:
+  * Bug fixes:
+    - Autotools: Fix installed header expat_config.h for multilib
+      systems; regression introduced in 2.4.0 by pull request #486
+  * Other changes:
+    - Version info bumped from 9:0:8 to 9:1:8; see
+      https://verbump.de/ for what these numbers do
+
+-------------------------------------------------------------------
+Mon May 24 08:15:42 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"]
+  * Security fixes:
+    - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
+      (denial-of-service; flavors targeting CPU time or RAM or both,
+      leveraging general entities or parameter entities or both)
+      by tracking and limiting the input amplification factor
+      (<amplification> := (<direct> + <indirect>) / <direct>).
+      By conservative default, amplification up to a factor of 100.0
+      is tolerated and rejection only starts after 8 MiB of output bytes
+      (=<direct> + <indirect>) have been processed.
+      The fix adds the following to the API:
+      - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
+        signals this specific condition.
+      - Two new API functions ..
+        - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
+        - XML_SetBillionLaughsAttackProtectionActivationThreshold
+        .. to further tighten billion laughs protection parameters
+        when desired.  Please see file "doc/reference.html" for details.
+        If you ever need to increase the defaults for non-attack XML
+        payload, please file a bug report with libexpat.
+      - Two new XML_FEATURE_* constants ..
+        - that can be queried using the XML_GetFeatureList function, and
+        - that are shown in "xmlwf -v" output.
+      - Two new environment variable switches ..
+        - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
+        - EXPAT_ENTITY_DEBUG=(0|1)
+        .. for runtime debugging of accounting and entity processing.
+        Specific behavior of these values may change in the future.
+      - Two new command line arguments "-a FACTOR" and "-b BYTES"
+        for xmlwf to further tighten billion laughs protection
+        parameters when desired.
+        If you ever need to increase the defaults for non-attack XML
+        payload, please file a bug report with libexpat.
+  * Bug fixes:
+    - For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
+        or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
+        for UTF-16 payloads containing CDATA sections.
+    - Autotools: Fix generated CMake files for non-64bit and
+        non-Linux platforms (e.g. macOS and MinGW in particular)
+        that were introduced with release 2.3.0
+  * Other changes:
+    - xmlwf: Improve help output and the xmlwf man page
+    - xmlwf: Improve maintainability through some refactoring
+    - xmlwf: Fix man page DocBook validity
+    - CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
+        and CMAKE_INSTALL_INCLUDEDIR
+    - CMake: Add support for standard variable BUILD_SHARED_LIBS
+    - Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
+    - Resolve macro HAVE_EXPAT_CONFIG_H
+    - Delete unused legacy helper file "conftools/PrintPath"
+    - doc/reference.html: Fix XHTML validity
+    - doc/reference.html: Replace the 90s look by OK.css
+    - Version info bumped from 8:0:7 to 9:0:8 due to addition of
+        new symbols and error codes; see https://verbump.de/ for
+        what these numbers do
+
 -------------------------------------------------------------------
 Tue Apr 13 06:04:38 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/expat.spec b/expat.spec
index 148a92e..9b53a05 100644
--- a/expat.spec
+++ b/expat.spec
@@ -16,9 +16,9 @@
 #
 
 
-%global unversion 2_3_0
+%global unversion 2_4_1
 Name:           expat
-Version:        2.3.0
+Version:        2.4.1
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT
@@ -96,7 +96,7 @@ chmod 0644 examples/elements.c
 %{_docdir}/%{name}
 %license COPYING
 %doc README.md expatfaq.html
-%doc doc/expat.png doc/reference.html doc/style.css doc/valid-xhtml10.png
+%doc doc/reference.html doc/style.css doc/valid-xhtml10.png
 %doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in
 %doc AUTHORS Changes
 %{_bindir}/xmlwf