Hello community, here is the log from the commit of package expat for openSUSE:Factory checked in at 2019-09-23 12:01:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/expat (Old) and /work/SRC/openSUSE:Factory/.expat.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "expat" Mon Sep 23 12:01:04 2019 rev:58 rq:731224 version:2.2.8 Changes: -------- --- /work/SRC/openSUSE:Factory/expat/expat.changes 2019-07-08 15:00:08.602454578 +0200 +++ /work/SRC/openSUSE:Factory/.expat.new.7948/expat.changes 2019-09-23 12:01:08.405967489 +0200 @@ -1,0 +2,46 @@ +Mon Sep 16 08:21:52 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Version update to 2.2.8 + * Security fixes: (CVE-2019-15903, bsc#1149429) + - CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber + (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype; + * Bug fixes: + - Fix cases where XML_StopParser did not have any effect + when called from inside of an end element handler + - xmlwf: Fix exit code for operation without "-d DIRECTORY"; + previously, only "-d DIRECTORY" would give you a proper exit code: + Now both cases return exit code 2. + * Other changes: + - examples: Improve elements.c + - Autotools: Add argument --enable-xml-attr-info + - Autotools: Add arguments --with-getrandom --without-getrandom --with-sys-getrandom --without-sys-getrandom + - Autotools: Fix linking issues with "./configure LD=clang" + - Autotools: Fix "make run-xmltest" for out-of-source builds + - CMake: Pull all options from Expat <=2.2.7 into namespace + - CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), default OFF + - CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), default OFF + - CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), default OFF + - CMake: Add arguments -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO + - CMake: Add arguments -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO + - CMake: Install expat_config.h to include directory + - CMake: Generate and install configuration files for future find_package(expat [..] CONFIG [..]) + - CMake: Now produces a summary of applied configuration + - CMake: Require C++ compiler only when tests are enabled + - CMake: Fix compilation for 16bit character types, i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON) + - CMake: Port "make run-xmltest" from GNU Autotools to CMake + - CMake: Integrate OSS-Fuzz fuzzers, option -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF +- Removed patches fixed in the update: + * expat-CVE-2019-15903.patch + * expat-CVE-2019-15903-tests.patch + +------------------------------------------------------------------- +Wed Sep 4 17:11:38 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Security fix (CVE-2019-15903, bsc#1149429) + * Crafted XML input results in heap-based buffer over-read by fooling + the parser into changing from DTD parsing to document parsing + * Added patches: + - expat-CVE-2019-15903.patch + - expat-CVE-2019-15903-tests.patch + +------------------------------------------------------------------- Old: ---- expat-2.2.7.tar.xz expat-2.2.7.tar.xz.asc New: ---- expat-2.2.8.tar.xz expat-2.2.8.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ expat.spec ++++++ --- /var/tmp/diff_new_pack.2t3XAF/_old 2019-09-23 12:01:09.017967388 +0200 +++ /var/tmp/diff_new_pack.2t3XAF/_new 2019-09-23 12:01:09.021967388 +0200 @@ -16,14 +16,14 @@ # -%global unversion 2_2_7 +%global unversion 2_2_8 Name: expat -Version: 2.2.7 +Version: 2.2.8 Release: 0 Summary: XML Parser Toolkit License: MIT Group: Development/Libraries/C and C++ -URL: http://libexpat.github.io +URL: https://libexpat.github.io Source0: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz Source1: %{name}faq.html Source2: baselibs.conf @@ -83,6 +83,8 @@ %install %make_install find %{buildroot} -type f -name "*.la" -delete -print +# Fix permissions error: spurious-executable-perm +chmod 0644 examples/elements.c %check make %{?_smp_mflags} check ++++++ expat-2.2.7.tar.xz -> expat-2.2.8.tar.xz ++++++ ++++ 42854 lines of diff (skipped)
