Hello community, here is the log from the commit of package expat for openSUSE:Factory checked in at 2016-03-31 13:01:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/expat (Old) and /work/SRC/openSUSE:Factory/.expat.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "expat" Changes: -------- --- /work/SRC/openSUSE:Factory/expat/expat.changes 2015-07-21 13:24:47.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.expat.new/expat.changes 2016-03-31 13:01:50.000000000 +0200 @@ -1,0 +2,14 @@ +Wed Mar 23 08:31:29 UTC 2016 - [email protected] + +- Update to version 2.1.1 + * Fixes CVE-2015-1283 — Multiple integer overflows in the + XML_GetBuffer function + * Fix potential null pointer dereference + * Symbol XML_SetHashSalt was not exported + * Output of xmlwf -h was incomplete + * Document behavior of calling XML_SetHashSalt with salt 0 + * Minor improvements to man page xmlwf(1) +- Simplify expat-visibility.patch, refresh expat-alloc-size.patch +- Drop config-guess-sub-update.patch, fixed upstream. + +------------------------------------------------------------------- Old: ---- config-guess-sub-update.patch expat-2.1.0.tar.gz New: ---- expat-2.1.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ expat.spec ++++++ --- /var/tmp/diff_new_pack.mM1BVQ/_old 2016-03-31 13:01:52.000000000 +0200 +++ /var/tmp/diff_new_pack.mM1BVQ/_new 2016-03-31 13:01:52.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package expat # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,18 +17,17 @@ Name: expat -Version: 2.1.0 +Version: 2.1.1 Release: 0 Summary: XML Parser Toolkit License: MIT Group: Development/Libraries/C and C++ Url: http://expat.sourceforge.net/ -Source0: http://downloads.sourceforge.net/project/%{name}/%{name}/%{version}/%{name}-%{version}.tar.gz +Source0: http://downloads.sourceforge.net/project/expat/expat/%{version}/expat-%{version}.tar.bz2 Source1: %{name}faq.html Source2: baselibs.conf -Patch2: expat-visibility.patch -Patch3: expat-alloc-size.patch -Patch4: config-guess-sub-update.patch +Patch1: expat-visibility.patch +Patch2: expat-alloc-size.patch BuildRequires: autoconf >= 2.58 BuildRequires: automake BuildRequires: gcc-c++ @@ -65,21 +64,22 @@ in libexpat. %prep -%setup -q -n expat-2.1.0 +%setup -q +%patch1 -p1 %patch2 -p1 -%patch3 -%patch4 + cp %{SOURCE1} . rm -f examples/*.dsp %build -autoreconf -fi -%configure --disable-static --with-pic +%configure --disable-static \ + --with-pic make %{?_smp_mflags} %install make DESTDIR=%{buildroot} install %{?_smp_mflags} rm doc/xmlwf.1 + # remove .la file rm -f %{buildroot}%{_libdir}/libexpat.la ++++++ expat-2.1.0.tar.gz -> expat-2.1.1.tar.bz2 ++++++ ++++ 13668 lines of diff (skipped) ++++++ expat-alloc-size.patch ++++++ --- /var/tmp/diff_new_pack.mM1BVQ/_old 2016-03-31 13:01:52.000000000 +0200 +++ /var/tmp/diff_new_pack.mM1BVQ/_new 2016-03-31 13:01:52.000000000 +0200 @@ -1,6 +1,8 @@ ---- lib/expat.h.orig -+++ lib/expat.h -@@ -941,9 +941,13 @@ XML_FreeContentModel(XML_Parser parser, +Index: expat-2.1.1/lib/expat.h +=================================================================== +--- expat-2.1.1.orig/lib/expat.h ++++ expat-2.1.1/lib/expat.h +@@ -973,9 +973,13 @@ XML_FreeContentModel(XML_Parser parser, /* Exposing the memory handling functions used in Expat */ XMLPARSEAPI(void *) @@ -14,10 +16,12 @@ XML_MemRealloc(XML_Parser parser, void *ptr, size_t size); XMLPARSEAPI(void) ---- lib/expat_external.h.orig -+++ lib/expat_external.h -@@ -74,6 +74,17 @@ - #define XMLIMPORT +Index: expat-2.1.1/lib/expat_external.h +=================================================================== +--- expat-2.1.1.orig/lib/expat_external.h ++++ expat-2.1.1/lib/expat_external.h +@@ -70,6 +70,17 @@ + #define XMLIMPORT __attribute__ ((visibility ("default"))) #endif +#if defined(__GNUC__) && (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96)) ++++++ expat-visibility.patch ++++++ --- /var/tmp/diff_new_pack.mM1BVQ/_old 2016-03-31 13:01:52.000000000 +0200 +++ /var/tmp/diff_new_pack.mM1BVQ/_new 2016-03-31 13:01:52.000000000 +0200 @@ -1,141 +1,15 @@ -Index: expat-2.1.0/configure.in +Index: expat-2.1.1/lib/expat_external.h =================================================================== ---- expat-2.1.0.orig/configure.in -+++ expat-2.1.0/configure.in -@@ -53,15 +53,19 @@ AC_CONFIG_HEADER(expat_config.h) - - sinclude(conftools/ac_c_bigendian_cross.m4) - --AC_LIBTOOL_WIN32_DLL --AC_PROG_LIBTOOL -+sinclude(conftools/visibility.m4) - - AC_SUBST(LIBCURRENT) - AC_SUBST(LIBREVISION) - AC_SUBST(LIBAGE) - - dnl Checks for programs. --AC_PROG_CC -+AC_PROG_CC_STDC -+AC_USE_SYSTEM_EXTENSIONS -+AC_SYS_LARGEFILE -+gl_VISIBILITY -+AC_LIBTOOL_WIN32_DLL -+AC_PROG_LIBTOOL - AC_PROG_CXX - AC_PROG_INSTALL - -Index: expat-2.1.0/conftools/visibility.m4 -=================================================================== ---- /dev/null -+++ expat-2.1.0/conftools/visibility.m4 -@@ -0,0 +1,77 @@ -+# visibility.m4 serial 4 (gettext-0.18.2) -+dnl Copyright (C) 2005, 2008, 2010-2011 Free Software Foundation, Inc. -+dnl This file is free software; the Free Software Foundation -+dnl gives unlimited permission to copy and/or distribute it, -+dnl with or without modifications, as long as this notice is preserved. -+ -+dnl From Bruno Haible. -+ -+dnl Tests whether the compiler supports the command-line option -+dnl -fvisibility=hidden and the function and variable attributes -+dnl __attribute__((__visibility__("hidden"))) and -+dnl __attribute__((__visibility__("default"))). -+dnl Does *not* test for __visibility__("protected") - which has tricky -+dnl semantics (see the 'vismain' test in glibc) and does not exist e.g. on -+dnl MacOS X. -+dnl Does *not* test for __visibility__("internal") - which has processor -+dnl dependent semantics. -+dnl Does *not* test for #pragma GCC visibility push(hidden) - which is -+dnl "really only recommended for legacy code". -+dnl Set the variable CFLAG_VISIBILITY. -+dnl Defines and sets the variable HAVE_VISIBILITY. -+ -+AC_DEFUN([gl_VISIBILITY], -+[ -+ AC_REQUIRE([AC_PROG_CC]) -+ CFLAG_VISIBILITY= -+ HAVE_VISIBILITY=0 -+ if test -n "$GCC"; then -+ dnl First, check whether -Werror can be added to the command line, or -+ dnl whether it leads to an error because of some other option that the -+ dnl user has put into $CC $CFLAGS $CPPFLAGS. -+ AC_MSG_CHECKING([whether the -Werror option is usable]) -+ AC_CACHE_VAL([gl_cv_cc_vis_werror], [ -+ gl_save_CFLAGS="$CFLAGS" -+ CFLAGS="$CFLAGS -Werror" -+ AC_COMPILE_IFELSE( -+ [AC_LANG_PROGRAM([[]], [[]])], -+ [gl_cv_cc_vis_werror=yes], -+ [gl_cv_cc_vis_werror=no]) -+ CFLAGS="$gl_save_CFLAGS"]) -+ AC_MSG_RESULT([$gl_cv_cc_vis_werror]) -+ dnl Now check whether visibility declarations are supported. -+ AC_MSG_CHECKING([for simple visibility declarations]) -+ AC_CACHE_VAL([gl_cv_cc_visibility], [ -+ gl_save_CFLAGS="$CFLAGS" -+ CFLAGS="$CFLAGS -fvisibility=hidden" -+ dnl We use the option -Werror and a function dummyfunc, because on some -+ dnl platforms (Cygwin 1.7) the use of -fvisibility triggers a warning -+ dnl "visibility attribute not supported in this configuration; ignored" -+ dnl at the first function definition in every compilation unit, and we -+ dnl don't want to use the option in this case. -+ if test $gl_cv_cc_vis_werror = yes; then -+ CFLAGS="$CFLAGS -Werror" -+ fi -+ AC_COMPILE_IFELSE( -+ [AC_LANG_PROGRAM( -+ [[extern __attribute__((__visibility__("hidden"))) int hiddenvar; -+ extern __attribute__((__visibility__("default"))) int exportedvar; -+ extern __attribute__((__visibility__("hidden"))) int hiddenfunc (void); -+ extern __attribute__((__visibility__("default"))) int exportedfunc (void); -+ void dummyfunc (void) {} -+ ]], -+ [[]])], -+ [gl_cv_cc_visibility=yes], -+ [gl_cv_cc_visibility=no]) -+ CFLAGS="$gl_save_CFLAGS"]) -+ AC_MSG_RESULT([$gl_cv_cc_visibility]) -+ if test $gl_cv_cc_visibility = yes; then -+ CFLAG_VISIBILITY="-fvisibility=hidden -DXML_HAVE_VISIBILITY=1" -+ HAVE_VISIBILITY=1 -+ fi -+ fi -+ AC_SUBST([CFLAG_VISIBILITY]) -+ AC_SUBST([HAVE_VISIBILITY]) -+ AC_DEFINE_UNQUOTED([HAVE_VISIBILITY], [$HAVE_VISIBILITY], -+ [Define to 1 or 0, depending whether the compiler supports simple visibility declarations.]) -+]) -Index: expat-2.1.0/lib/expat_external.h -=================================================================== ---- expat-2.1.0.orig/lib/expat_external.h -+++ expat-2.1.0/lib/expat_external.h -@@ -65,6 +65,9 @@ - #endif +--- expat-2.1.1.orig/lib/expat_external.h ++++ expat-2.1.1/lib/expat_external.h +@@ -66,9 +66,8 @@ #endif /* not defined XML_STATIC */ -+#if XML_HAVE_VISIBILITY -+#define XMLIMPORT __attribute__ ((visibility ("default"))) -+#endif - /* If we didn't define it above, define it away: */ +-/* If we didn't define it above, define it away: */ #ifndef XMLIMPORT -Index: expat-2.1.0/Makefile.in -=================================================================== ---- expat-2.1.0.orig/Makefile.in -+++ expat-2.1.0/Makefile.in -@@ -114,11 +114,12 @@ CPPFLAGS = @CPPFLAGS@ -DHAVE_EXPAT_CONFI - CFLAGS = @CFLAGS@ - CXXFLAGS = @CXXFLAGS@ - VSNFLAG = -version-info @LIBCURRENT@:@LIBREVISION@:@LIBAGE@ -+CFLAG_VISIBILITY=@CFLAG_VISIBILITY@ +-#define XMLIMPORT ++#define XMLIMPORT __attribute__ ((visibility ("default"))) + #endif - ### autoconf this? - LTFLAGS = --silent --COMPILE = $(CC) $(INCLUDES) $(CFLAGS) $(DEFS) $(CPPFLAGS) -+COMPILE = $(CC) $(CFLAG_VISIBILITY) $(INCLUDES) $(CFLAGS) $(DEFS) $(CPPFLAGS) - CXXCOMPILE = $(CXX) $(INCLUDES) $(CXXFLAGS) $(DEFS) $(CPPFLAGS) - LTCOMPILE = $(LIBTOOL) $(LTFLAGS) --mode=compile $(COMPILE) - LINK_LIB = $(LIBTOOL) $(LTFLAGS) --mode=link $(COMPILE) -no-undefined $(VSNFLAG) -rpath $(libdir) $(LDFLAGS) -o $@
