Hello community,

here is the log from the commit of package expat for openSUSE:Factory checked 
in at 2017-07-11 08:34:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/expat (Old)
 and      /work/SRC/openSUSE:Factory/.expat.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "expat"

Tue Jul 11 08:34:44 2017 rev:50 rq:508187 version:2.2.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/expat/expat.changes      2016-11-23 
13:34:46.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.expat.new/expat.changes 2017-07-11 
08:34:44.700122074 +0200
@@ -1,0 +2,51 @@
+Tue Jul  4 14:33:00 UTC 2017 - [email protected]
+
+- Version update to 2.2.1 Sat June 17 2017
+  - Security fixes:
+                    CVE-2017-9233 / bsc#1047236 -- External entity infinite 
loop DoS
+                    Details: https://libexpat.github.io/doc/cve-2017-9233/
+                    Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
+   - [MOX-002]      CVE-2016-9063 / bsc#1047240 -- Detect integer overflow; 
+                    (Fixed version of existing downstream patches!)
+   - (SF.net) #539  Fix regression from fix to CVE-2016-0718 cutting off
+                    longer tag names; 
+               #25  More integer overflow detection (function poolGrow); 
+   - [MOX-002]      Detect overflow from len=INT_MAX call to XML_Parse; 
+   - [MOX-005] #30  Use high quality entropy for hash initialization:
+                    * arc4random_buf on BSD, systems with libbsd
+                      (when configured with --with-libbsd), CloudABI
+                    * RtlGenRandom on Windows XP / Server 2003 and later
+                    * getrandom on Linux 3.17+
+                    In a way, that's still part of CVE-2016-5300.
+                    https://github.com/libexpat/libexpat/pull/30/commits
+   - [MOX-005] For the low quality entropy extraction fallback code,
+               the parser instance address can no longer leak, 
+   - [MOX-003] Prevent use of uninitialised variable; commit
+   - [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
+               Add missing parameter validation to public API functions
+               and dedicated error code XML_ERROR_INVALID_ARGUMENT:
+   - [MOX-006] * NULL checks; commits
+               * Negative length (XML_Parse); commit
+   - [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
+   - [MOX-001] #35  Change hash algorithm to William Ahern's version of SipHash
+                    to go further with fixing CVE-2012-0876.
+                    https://github.com/libexpat/libexpat/pull/39/commits
+   - Bug fixes:
+     #32 Fix sharing of hash salt across parsers;
+         relevant where XML_ExternalEntityParserCreate is called
+         prior to XML_Parse, in particular (e.g. FBReader)
+     #28 xmlwf: Auto-disable use of memory-mapping (and parsing
+         as a single chunk) for files larger than ~1 GB (2^30 bytes)
+         rather than failing with error "out of memory"
+     #3  Fix double free after malloc failure in DTD code; commit
+         7ae9c3d3af433cd4defe95234eae7dc8ed15637f
+     #17 Fix memory leak on parser error for unbound XML attribute
+         prefix with new namespaces defined in the same tag;
+         found by Google's OSS-Fuzz; commits
+         xmlwf on Windows: Add missing calls to CloseHandle
+   - New features:
+     #30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
+         for runtime debugging of entropy extraction
+         Bump version info from 7:2:6 to 7:3:6
+
+-------------------------------------------------------------------

Old:
----
  expat-2.2.0.tar.bz2

New:
----
  expat-2.2.1.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ expat.spec ++++++
--- /var/tmp/diff_new_pack.E7PoMk/_old  2017-07-11 08:34:45.504008659 +0200
+++ /var/tmp/diff_new_pack.E7PoMk/_new  2017-07-11 08:34:45.504008659 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package expat
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           expat
-Version:        2.2.0
+Version:        2.2.1
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT

++++++ expat-2.2.0.tar.bz2 -> expat-2.2.1.tar.bz2 ++++++
++++ 14861 lines of diff (skipped)


Reply via email to