commit python-wxPython for openSUSE:Factory

Tue, 12 Nov 2024 10:30:59 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-wxPython for openSUSE:Factory 
checked in at 2024-11-12 19:20:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-wxPython (Old)
 and      /work/SRC/openSUSE:Factory/.python-wxPython.new.2017 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-wxPython"

Tue Nov 12 19:20:02 2024 rev:27 rq:1223619 version:4.2.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-wxPython/python-wxPython.changes  
2024-10-17 18:38:48.096914803 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-wxPython.new.2017/python-wxPython.changes    
    2024-11-12 19:20:16.300577540 +0100
@@ -1,0 +2,7 @@
+Thu Nov  7 17:09:23 UTC 2024 - Matej Cepl <mc...@cepl.eu>
+
+- Add CVE-2024-50602-no-crash-XML_ResumeParser.patch fixing a
+  crash in the vendored libexpat’s XML_ResumeParser function
+  (bsc#1232590, CVE-2024-50602).
+
+-------------------------------------------------------------------

New:
----
  CVE-2024-50602-no-crash-XML_ResumeParser.patch

BETA DEBUG BEGIN:
  New:
- Add CVE-2024-50602-no-crash-XML_ResumeParser.patch fixing a
  crash in the vendored libexpat’s XML_ResumeParser function
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-wxPython.spec ++++++
--- /var/tmp/diff_new_pack.zYVXCi/_old  2024-11-12 19:20:18.312661842 +0100
+++ /var/tmp/diff_new_pack.zYVXCi/_new  2024-11-12 19:20:18.312661842 +0100
@@ -99,6 +99,9 @@
 Patch12:        use_stl_build.patch
 # PATCH-FIX-OPENSUSE
 Patch14:        0004-Fix-time_t-ETG-typedef-extend-DateTime.FromTimeT-tes.patch
+# PATCH-FIX-UPSTREAM CVE-2024-50602-no-crash-XML_ResumeParser.patch 
bsc#1232590 mc...@suse.com
+# prevent crashing of vendored libexpat in XML_ResumeParser
+Patch15:        CVE-2024-50602-no-crash-XML_ResumeParser.patch
 # PATCH-FIX-OPENSUSE - Test fixes/additions:
 Patch112:       0001-Check-HSV-values-in-image-test.patch
 Patch114:       wxwidgets-3.2.5.patch

++++++ CVE-2024-50602-no-crash-XML_ResumeParser.patch ++++++
---
 ext/wxWidgets/src/expat/expat/lib/expat.h    |    4 +++-
 ext/wxWidgets/src/expat/expat/lib/xmlparse.c |   11 ++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

--- a/ext/wxWidgets/src/expat/expat/lib/expat.h
+++ b/ext/wxWidgets/src/expat/expat/lib/expat.h
@@ -127,7 +127,9 @@ enum XML_Error {
   /* Added in 2.3.0. */
   XML_ERROR_NO_BUFFER,
   /* Added in 2.4.0. */
-  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
+  XML_ERROR_AMPLIFICATION_LIMIT_BREACH,
+  /* Added in 2.6.4. */
+  XML_ERROR_NOT_STARTED,
 };
 
 enum XML_Content_Type {
--- a/ext/wxWidgets/src/expat/expat/lib/xmlparse.c
+++ b/ext/wxWidgets/src/expat/expat/lib/xmlparse.c
@@ -2207,6 +2207,9 @@ XML_StopParser(XML_Parser parser, XML_Bo
   if (parser == NULL)
     return XML_STATUS_ERROR;
   switch (parser->m_parsingStatus.parsing) {
+  case XML_INITIALIZED:
+    parser->m_errorCode = XML_ERROR_NOT_STARTED;
+    return XML_STATUS_ERROR;
   case XML_SUSPENDED:
     if (resumable) {
       parser->m_errorCode = XML_ERROR_SUSPENDED;
@@ -2217,7 +2220,7 @@ XML_StopParser(XML_Parser parser, XML_Bo
   case XML_FINISHED:
     parser->m_errorCode = XML_ERROR_FINISHED;
     return XML_STATUS_ERROR;
-  default:
+  case XML_PARSING:
     if (resumable) {
 #ifdef XML_DTD
       if (parser->m_isParamEntity) {
@@ -2228,6 +2231,9 @@ XML_StopParser(XML_Parser parser, XML_Bo
       parser->m_parsingStatus.parsing = XML_SUSPENDED;
     } else
       parser->m_parsingStatus.parsing = XML_FINISHED;
+    break;
+  default:
+    assert(0);
   }
   return XML_STATUS_OK;
 }
@@ -2493,6 +2499,9 @@ XML_ErrorString(enum XML_Error code) {
     return XML_L(
         "limit on input amplification factor (from DTD and entities) 
breached");
   }
+  /* Added in 2.6.4. */
+  case XML_ERROR_NOT_STARTED:
+    return XML_L("parser not started");
   return NULL;
 }
 

++++++ wxwidgets-3.2.5.patch ++++++
--- /var/tmp/diff_new_pack.zYVXCi/_old  2024-11-12 19:20:18.480668881 +0100
+++ /var/tmp/diff_new_pack.zYVXCi/_new  2024-11-12 19:20:18.512670222 +0100
@@ -4,11 +4,13 @@
 git diff 
5622abb73deaa26dc2f6dc4cd8b4b2050396b49a..78938da1218483024b3a7acf55b5fb5513882916
 etg/
 
 
-diff --git etg/window.py etg/window.py
-index c388df76..0c035f14 100644
+---
+ etg/window.py |   17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
 --- a/etg/window.py
-+++ a/etg/window.py
-@@ -251,6 +251,23 @@ def run():
++++ b/etg/window.py
+@@ -268,6 +268,23 @@ def run():
              return NULL;
          #endif
          """)

Reply via email to