Overview Repositories Revisions Requests Users Attributes Meta

Revisions of expat

buildservice-autocommit accepted request 947286 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 9) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 8) 
- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474, 
     bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 7) 
- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474):
  * CVE-2021-45960 -- Fix issues with left shifts by >=29 places
    resulting in
       a) realloc acting as free
       b) realloc allocating too few bytes
       c) undefined behavior
    depending on architecture and precise value
    for XML documents with >=2^27+1 prefixed attributes
    on a single XML tag a la
    "<r xmlns:a='[..]' a:a123='[..]' [..] />"
    where XML_ParserCreateNS is used to create the parser
    (which needs argument "-n" when running xmlwf).
    Impact is denial of service, or more.
  * CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
    on variable m_groupSize in function doProlog leading
    to realloc acting as free.
    Impact is denial of service or more.
  * CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
    near memory allocation at multiple places.  Mitre assigned
    a dedicated CVE for each involved internal C function:
    - CVE-2022-22822 for function addBinding
    - CVE-2022-22823 for function build_model
    - CVE-2022-22824 for function defineAttribute
    - CVE-2022-22825 for function lookup
    - CVE-2022-22826 for function nextScaffoldPart
    - CVE-2022-22827 for function storeAtts
    Impact is denial of service or more.
buildservice-autocommit accepted request 942803 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 6) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 5) 
- update to 2.4.2:
  * Link againgst libm for function "isnan"
  * Include expat_config.h as early as possible
  * Autotools: Include files with release archives:
    - buildconf.sh
    - fuzz/*.c
  * Autotools: Sync CMake templates
  * docs: Document that function XML_GetBuffer may return NULL
    when asking for a buffer of 0 (zero) bytes size
  * docs: Fix return value docs for both
    XML_SetBillionLaughsAttackProtection* functions
  * Version info bumped from 9:1:8 to 9:2:8
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 4)
buildservice-autocommit accepted request 883120 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 3) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 2) 
- update to 2.3.0:
  * When calling XML_ParseBuffer without a prior successful call to
    XML_GetBuffer as a user, no longer trigger undefined behavior
    (by adding an integer to a NULL pointer) but rather return
    XML_STATUS_ERROR and set the error code to (new) code
    XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
    of Clang 11 (but not Clang 9).
  * xmlwf: Exit status 2 was used for both:
    - malformed input files (documented) and
    - invalid command-line arguments (undocumented).
    case of invalid command-line arguments now
    has its own exit status 4, resolving the ambiguity.
  * Other changes
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 1)
Displaying all 9 revisions
openSUSE Build Service is sponsored by
Places