commit xmlbeans for openSUSE:Factory

Source-Sync Thu, 27 Oct 2022 04:52:38 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package xmlbeans for openSUSE:Factory 
checked in at 2022-10-27 13:52:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xmlbeans (Old)
 and      /work/SRC/openSUSE:Factory/.xmlbeans.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "xmlbeans"

Thu Oct 27 13:52:17 2022 rev:33 rq:1031253 version:2.6.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/xmlbeans/xmlbeans-mini.changes   2022-03-28 
17:00:19.364949940 +0200
+++ /work/SRC/openSUSE:Factory/.xmlbeans.new.2275/xmlbeans-mini.changes 
2022-10-27 13:52:20.928012545 +0200
@@ -1,0 +2,7 @@
+Mon Oct 17 09:24:54 UTC 2022 - Pedro Monreal <pmonr...@suse.com>
+
+- Security Fix: [bsc#1180915, CVE-2021-23926]
+  * XML parsers does not protect from malicious XML input
+  * Add xmlbeans-CVE-2021-23926.patch
+
+-------------------------------------------------------------------
xmlbeans.changes: same change

New:
----
  xmlbeans-CVE-2021-23926.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ xmlbeans-mini.spec ++++++
--- /var/tmp/diff_new_pack.36t57H/_old  2022-10-27 13:52:21.888017353 +0200
+++ /var/tmp/diff_new_pack.36t57H/_new  2022-10-27 13:52:21.888017353 +0200
@@ -34,6 +34,8 @@
 #PATCH-FIX-UPSTREAM xmlbeans-2.6.0-java8.patch -- Fix build with Java 8
 Patch2:         xmlbeans-2.6.0-java8.patch
 Patch3:         xmlbeans-2.6.0-jdk9.patch
+#PATCH-FIX-UPSTREAM bsc#1180915 CVE-2021-23926 XML parsers does not protect 
from malicious XML input
+Patch4:         xmlbeans-CVE-2021-23926.patch
 BuildRequires:  ant >= 1.6
 BuildRequires:  bea-stax-api
 BuildRequires:  java-devel >= 1.8
@@ -96,6 +98,7 @@
 %patch1 -p1
 %patch2
 %patch3 -p1
+%patch4 -p1
 
 %build
 # Piccolo and jam are rebuilt from source and bundled with xbean

++++++ xmlbeans.spec ++++++
--- /var/tmp/diff_new_pack.36t57H/_old  2022-10-27 13:52:21.928017554 +0200
+++ /var/tmp/diff_new_pack.36t57H/_new  2022-10-27 13:52:21.940017614 +0200
@@ -33,6 +33,8 @@
 #PATCH-FIX-UPSTREAM xmlbeans-2.6.0-java8.patch -- Fix build with Java 8
 Patch2:         xmlbeans-2.6.0-java8.patch
 Patch3:         xmlbeans-2.6.0-jdk9.patch
+#PATCH-FIX-UPSTREAM bsc#1180915 CVE-2021-23926 XML parsers does not protect 
from malicious XML input
+Patch4:         xmlbeans-CVE-2021-23926.patch
 BuildRequires:  ant >= 1.6
 BuildRequires:  bea-stax-api
 BuildRequires:  java-devel >= 1.8
@@ -95,6 +97,7 @@
 %patch1 -p1
 %patch2
 %patch3 -p1
+%patch4 -p1
 
 %build
 # Piccolo and jam are rebuilt from source and bundled with xbean

++++++ xmlbeans-CVE-2021-23926.patch ++++++
++++ 1155 lines (skipped)

commit xmlbeans for openSUSE:Factory

Reply via email to