Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package expat for openSUSE:Factory checked in at 2021-06-02 22:10:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/expat (Old) and /work/SRC/openSUSE:Factory/.expat.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "expat" Wed Jun 2 22:10:30 2021 rev:62 rq:895791 version:2.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/expat/expat.changes 2021-04-18 21:43:51.412594639 +0200 +++ /work/SRC/openSUSE:Factory/.expat.new.1898/expat.changes 2021-06-02 22:10:41.404126750 +0200 @@ -1,0 +2,70 @@ +Mon May 24 08:17:12 UTC 2021 - Pedro Monreal <pmonr...@suse.com> + +- Update to 2.4.1: + * Bug fixes: + - Autotools: Fix installed header expat_config.h for multilib + systems; regression introduced in 2.4.0 by pull request #486 + * Other changes: + - Version info bumped from 9:0:8 to 9:1:8; see + https://verbump.de/ for what these numbers do + +------------------------------------------------------------------- +Mon May 24 08:15:42 UTC 2021 - Pedro Monreal <pmonr...@suse.com> + +- Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"] + * Security fixes: + - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks + (denial-of-service; flavors targeting CPU time or RAM or both, + leveraging general entities or parameter entities or both) + by tracking and limiting the input amplification factor + (<amplification> := (<direct> + <indirect>) / <direct>). + By conservative default, amplification up to a factor of 100.0 + is tolerated and rejection only starts after 8 MiB of output bytes + (=<direct> + <indirect>) have been processed. + The fix adds the following to the API: + - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to + signals this specific condition. + - Two new API functions .. + - XML_SetBillionLaughsAttackProtectionMaximumAmplification and + - XML_SetBillionLaughsAttackProtectionActivationThreshold + .. to further tighten billion laughs protection parameters + when desired. Please see file "doc/reference.html" for details. + If you ever need to increase the defaults for non-attack XML + payload, please file a bug report with libexpat. + - Two new XML_FEATURE_* constants .. + - that can be queried using the XML_GetFeatureList function, and + - that are shown in "xmlwf -v" output. + - Two new environment variable switches .. + - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and + - EXPAT_ENTITY_DEBUG=(0|1) + .. for runtime debugging of accounting and entity processing. + Specific behavior of these values may change in the future. + - Two new command line arguments "-a FACTOR" and "-b BYTES" + for xmlwf to further tighten billion laughs protection + parameters when desired. + If you ever need to increase the defaults for non-attack XML + payload, please file a bug report with libexpat. + * Bug fixes: + - For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) + or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault + for UTF-16 payloads containing CDATA sections. + - Autotools: Fix generated CMake files for non-64bit and + non-Linux platforms (e.g. macOS and MinGW in particular) + that were introduced with release 2.3.0 + * Other changes: + - xmlwf: Improve help output and the xmlwf man page + - xmlwf: Improve maintainability through some refactoring + - xmlwf: Fix man page DocBook validity + - CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR + and CMAKE_INSTALL_INCLUDEDIR + - CMake: Add support for standard variable BUILD_SHARED_LIBS + - Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters + - Resolve macro HAVE_EXPAT_CONFIG_H + - Delete unused legacy helper file "conftools/PrintPath" + - doc/reference.html: Fix XHTML validity + - doc/reference.html: Replace the 90s look by OK.css + - Version info bumped from 8:0:7 to 9:0:8 due to addition of + new symbols and error codes; see https://verbump.de/ for + what these numbers do + +------------------------------------------------------------------- Old: ---- expat-2.3.0.tar.xz expat-2.3.0.tar.xz.asc New: ---- expat-2.4.1.tar.xz expat-2.4.1.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ expat.spec ++++++ --- /var/tmp/diff_new_pack.0q0k8t/_old 2021-06-02 22:10:42.196126686 +0200 +++ /var/tmp/diff_new_pack.0q0k8t/_new 2021-06-02 22:10:42.204126685 +0200 @@ -16,9 +16,9 @@ # -%global unversion 2_3_0 +%global unversion 2_4_1 Name: expat -Version: 2.3.0 +Version: 2.4.1 Release: 0 Summary: XML Parser Toolkit License: MIT @@ -96,7 +96,7 @@ %{_docdir}/%{name} %license COPYING %doc README.md expatfaq.html -%doc doc/expat.png doc/reference.html doc/style.css doc/valid-xhtml10.png +%doc doc/reference.html doc/style.css doc/valid-xhtml10.png %doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in %doc AUTHORS Changes %{_bindir}/xmlwf ++++++ expat-2.3.0.tar.xz -> expat-2.4.1.tar.xz ++++++ ++++ 19554 lines of diff (skipped)
