Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xsd for openSUSE:Factory checked in
at 2024-10-30 17:43:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xsd (Old)
and /work/SRC/openSUSE:Factory/.xsd.new.2020 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xsd"
Wed Oct 30 17:43:43 2024 rev:11 rq:1219581 version:4.1.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/xsd/xsd.changes 2023-08-08 15:54:07.344688407
+0200
+++ /work/SRC/openSUSE:Factory/.xsd.new.2020/xsd.changes 2024-10-30
17:43:46.755773220 +0100
@@ -1,0 +2,6 @@
+Wed Oct 30 13:51:59 UTC 2024 - Christophe Marin <christo...@krop.fr>
+
+- Add patch (CVE-2024-50602, boo#1232580)
+ * CVE-2024-50602.patch
+
+-------------------------------------------------------------------
New:
----
CVE-2024-50602.patch
BETA DEBUG BEGIN:
New:- Add patch (CVE-2024-50602, boo#1232580)
* CVE-2024-50602.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xsd.spec ++++++
--- /var/tmp/diff_new_pack.YXnZcL/_old 2024-10-30 17:43:47.599808550 +0100
+++ /var/tmp/diff_new_pack.YXnZcL/_new 2024-10-30 17:43:47.603808718 +0100
@@ -30,6 +30,8 @@
Source99: xsd-rpmlintrc
# Rename xsd to xsdcxx
Patch0: xsdcxx-rename.patch
+# PATCH-FIX-UPSTREAM -- CVE-2024-50602
+Patch1: CVE-2024-50602.patch
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: ghostscript
++++++ CVE-2024-50602.patch ++++++
>From 0552959d99413279c456e3289ad24db783f579ba Mon Sep 17 00:00:00 2001
From: Christophe Marin <christo...@krop.fr>
Date: Wed, 30 Oct 2024 14:50:13 +0100
Subject: [PATCH] Backport fix for CVE-2024-50602
---
libcutl/cutl/details/expat/expat.h | 4 +++-
libcutl/cutl/details/expat/xmlparse.c | 9 ++++++++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/libcutl/cutl/details/expat/expat.h
b/libcutl/cutl/details/expat/expat.h
index f5dd736..85a0f8a 100644
--- a/libcutl/cutl/details/expat/expat.h
+++ b/libcutl/cutl/details/expat/expat.h
@@ -95,7 +95,9 @@ enum XML_Error {
/* Added in 2.0. */
XML_ERROR_RESERVED_PREFIX_XML,
XML_ERROR_RESERVED_PREFIX_XMLNS,
- XML_ERROR_RESERVED_NAMESPACE_URI
+ XML_ERROR_RESERVED_NAMESPACE_URI,
+ /* Added in 2.6.4. */
+ XML_ERROR_NOT_STARTED,
};
enum XML_Content_Type {
diff --git a/libcutl/cutl/details/expat/xmlparse.c
b/libcutl/cutl/details/expat/xmlparse.c
index d469102..fd9fc79 100644
--- a/libcutl/cutl/details/expat/xmlparse.c
+++ b/libcutl/cutl/details/expat/xmlparse.c
@@ -1750,6 +1750,9 @@ enum XML_Status XMLCALL
XML_StopParser(XML_Parser parser, XML_Bool resumable)
{
switch (ps_parsing) {
+ case XML_INITIALIZED:
+ errorCode = XML_ERROR_NOT_STARTED;
+ return XML_STATUS_ERROR;
case XML_SUSPENDED:
if (resumable) {
errorCode = XML_ERROR_SUSPENDED;
@@ -1760,7 +1763,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable)
case XML_FINISHED:
errorCode = XML_ERROR_FINISHED;
return XML_STATUS_ERROR;
- default:
+ case XML_PARSING:
if (resumable) {
#ifdef XML_DTD
if (isParamEntity) {
@@ -1772,6 +1775,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable)
}
else
ps_parsing = XML_FINISHED;
+ break;
+ default:
+ assert(0);
}
return XML_STATUS_OK;
}
@@ -1959,6 +1965,7 @@ XML_ErrorString(enum XML_Error code)
XML_L("reserved prefix (xml) must not be undeclared or bound to another
namespace name"),
XML_L("reserved prefix (xmlns) must not be declared or undeclared"),
XML_L("prefix must not be bound to one of the reserved namespace names")
+ XML_L("parser not started")
};
if (code > 0 && code < sizeof(message)/sizeof(message[0]))
return message[code];
--
2.47.0
