Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libexpat-devel-2.2.5-3.6.1 RPM for x86_64

From OpenSuSE Leap 15.3 for x86_64

Name: libexpat-devel Distribution: SUSE Linux Enterprise 15
Version: 2.2.5 Vendor: SUSE LLC <https://www.suse.com/>
Release: 3.6.1 Build date: Thu Sep 5 09:04:07 2019
Group: Development/Libraries/C and C++ Build host: sheep61
Size: 52769 Source RPM: expat-2.2.5-3.6.1.src.rpm
Packager: https://www.suse.com/
Url: https://libexpat.github.io
Summary: Development files for expat, an XML parser toolkit
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).

This package contains the development headers for the library found
in libexpat.

Provides

Requires

License

MIT

Changelog

* Wed Sep 04 2019 pmonrealgonzalez@suse.com
  - Security fix (CVE-2019-15903, bsc#1149429)
    * Crafted XML input results in heap-based buffer over-read by fooling
      the parser into changing from DTD parsing to document parsing
    * Added patches:
    - expat-CVE-2019-15903.patch
    - expat-CVE-2019-15903-tests.patch
* Tue Jul 02 2019 pmonrealgonzalez@suse.com
  - Security fix (CVE-2018-20843, bsc#1139937)
    * Large number of colons in input makes parser consume high
      amount of resources
    * Added expat-CVE-2018-20843.patch
* Thu Nov 16 2017 jengelh@inai.de
  - Expand description of expat-devel.
* Thu Nov 16 2017 mpluskal@suse.com
  - Do not generate manpages from docbook
  - Temporarily disable profiling due to bug in build system
* Wed Nov 08 2017 aavindraa@gmail.com
  - Version update to 2.2.5 Tue October 31 2017
    * Bug fixes:
    - If the parser runs out of memory, make sure its internal
      state reflects the memory it actually has, not the memory
      it wanted to have.
    - The default handler wasn't being called when it should for
      a SYSTEM or PUBLIC doctype if an entity declaration handler
      was registered.
    - Fix a case of mistakenly reported parsing success where
      XML_StopParser was called from an element handler
    - Function XML_ErrorString was returning NULL rather than
      a message for code XML_ERROR_INVALID_ARGUMENT
      introduced with release 2.2.1
    * Other changes:
    - Add argument -N adding notation declarations
    - various compiler-specific fixes
    - Improve docbook2x-man detection
  - drop expat-docbook.patch
    * fixed in 0f5186c7b8e503c669e332d944712de010b265f3
  - switch to github for release tarballs and website
* Thu Oct 26 2017 pmonrealgonzalez@suse.com
  - Version update to 2.2.4 Sat August 19 2017
    * Bug fixes:
      [#115]  Fix copying of partial characters for UTF-8 input
    * Other changes:
      [#109]  Fix "make check" for non-x86 architectures that default
      to unsigned type char (-128..127 rather than 0..255)
      [#109]  coverage.sh: Cover -funsigned-char
      Autotools: Introduce --without-xmlwf argument
      [#65]  Autotools: Replace handwritten Makefile with GNU Automake
      [#43]  CMake: Auto-detect high quality entropy extractors, add new
      option USE_libbsd=ON to use arc4random_buf of libbsd
      [#74]  CMake: Add -fno-strict-aliasing only where supported
      [#114]  CMake: Always honor manually set BUILD_* options
      [#114]  CMake: Compile man page if docbook2x-man is available, only
      [#117]  Include file tests/xmltest.log.expected in source tarball
      (required for "make run-xmltest")
      [#111]  Fix some typos in documentation
      Version info bumped from 7:5:6 to 7:6:6
  - Release 2.2.3 Wed August 2 2017
    * Bug fixes:
      [#85]  Fix a dangling pointer issue related to realloc
    * Other changes:
      [#91]  Linux: Allow getrandom to fail if nonblocking pool has not
      yet been initialized and read /dev/urandom then, instead.
      This is in line with what recent Python does.
      [#86]  Check that a UTF-16 encoding in an XML declaration has the
      right endianness
    [#4] #5 #7  Recover correctly when some reallocations fail
      Repair "./configure && make" for systems without any
      provider of high quality entropy
      and try reading /dev/urandom on those
      Ensure that user-defined character encodings have converter
      functions when they are needed
      Fix mis-leading description of argument -c in xmlwf.1
      Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
      for CloudABI
      [#100]  Fix use of SIPHASH_MAIN in siphash.h
      [#23]  Test suite: Fix memory leaks
      Version info bumped from 7:4:6 to 7:5:6
  - Release 2.2.2 Wed July 12 2017
    * Security fixes:
      [#43]  Protect against compilation without any source of high
      quality entropy enabled, e.g. with CMake build system;
    * [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
      resulted in NULL dereference, previously;
    * Bug fixes:
      [#69]  Fix improper use of unsigned long long integer literals
    * Other changes:
      [#73]  Start requiring a C99 compiler
      [#49]  Fix "==" Bashism in configure script
      [#58]  Address compile warnings
      [#68]  Fix "./buildconf.sh && ./configure" for some versions
      of Dash for /bin/sh
      [#72]  CMake: Ease use of Expat in context of a parent project
      with multiple CMakeLists.txt files
      [#72]  CMake: Resolve mistaken executable permissions
      [#76]  Address compile warning with -DNDEBUG (not recommended!)
      [#77]  Address compile warning about macro redefinition
    * Added patch expat-docbook.patch to compile the man pages with
    docbook-to-man
    * Cleaned spec file with spec-cleaner
* Sat Oct 07 2017 jayvdb@gmail.com
  - Allow building when do_profiling is undefined
* Tue Jul 11 2017 mpluskal@suse.com
  - Build with profiling when possible
* Tue Jul 04 2017 meissner@suse.com
  - Version update to 2.2.1 Sat June 17 2017
    - Security fixes:
      CVE-2017-9233 / bsc#1047236 -- External entity infinite loop DoS
      Details: https://libexpat.github.io/doc/cve-2017-9233/
      Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
    - [MOX-002]      CVE-2016-9063 / bsc#1047240 -- Detect integer overflow;
      (Fixed version of existing downstream patches!)
    - (SF.net) #539  Fix regression from fix to CVE-2016-0718 cutting off
      longer tag names;
      [#25]  More integer overflow detection (function poolGrow);
    - [MOX-002]      Detect overflow from len=INT_MAX call to XML_Parse;
    - [MOX-005] #30  Use high quality entropy for hash initialization:
    * arc4random_buf on BSD, systems with libbsd
      (when configured with --with-libbsd), CloudABI
    * RtlGenRandom on Windows XP / Server 2003 and later
    * getrandom on Linux 3.17+
      In a way, that's still part of CVE-2016-5300.
      https://github.com/libexpat/libexpat/pull/30/commits
    - [MOX-005] For the low quality entropy extraction fallback code,
      the parser instance address can no longer leak,
    - [MOX-003] Prevent use of uninitialised variable; commit
    - [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
      Add missing parameter validation to public API functions
      and dedicated error code XML_ERROR_INVALID_ARGUMENT:
    - [MOX-006] * NULL checks; commits
    * Negative length (XML_Parse); commit
    - [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
    - [MOX-001] #35  Change hash algorithm to William Ahern's version of SipHash
      to go further with fixing CVE-2012-0876.
      https://github.com/libexpat/libexpat/pull/39/commits
    - Bug fixes:
      [#32] Fix sharing of hash salt across parsers;
      relevant where XML_ExternalEntityParserCreate is called
      prior to XML_Parse, in particular (e.g. FBReader)
      [#28] xmlwf: Auto-disable use of memory-mapping (and parsing
      as a single chunk) for files larger than ~1 GB (2^30 bytes)
      rather than failing with error "out of memory"
      [#3]  Fix double free after malloc failure in DTD code; commit
      7ae9c3d3af433cd4defe95234eae7dc8ed15637f
      [#17] Fix memory leak on parser error for unbound XML attribute
      prefix with new namespaces defined in the same tag;
      found by Google's OSS-Fuzz; commits
      xmlwf on Windows: Add missing calls to CloseHandle
    - New features:
      [#30] Introduced environment switch EXPAT_ENTROPY_DEBUG=1
      for runtime debugging of entropy extraction
      Bump version info from 7:2:6 to 7:3:6
* Mon Jul 18 2016 jengelh@inai.de
  - Remove pointless --with-pic (for static only)
* Thu Jul 14 2016 tchvatal@suse.com
  - Version update to 2.2.0:
    * Fixes bnc#983215 CVE-2012-6702
    * Fixes bnc#983216 CVE-2016-5300
    * Various cmake and autotools script updates
    * Fix detection of utf8 character boundaries
  - Remove all patches merged upstream:
    * expat-2.1.1-avoid_relying_on_undef_behaviour.patch
    * expat-2.1.1-parser_crashes_on_malformed_input.patch
    * expat-alloc-size.patch
    * expat-visibility.patch
* Wed May 18 2016 kstreitova@suse.com
  - add expat-2.1.1-avoid_relying_on_undef_behaviour.patch to avoid
    relying on undefined behavior in the original CVE-2015-1283 fix
    [bnc#980391], [bnc#983985], [CVE-2016-4472]
  - add expat-2.1.1-parser_crashes_on_malformed_input.patch to fix
    Expat XML parser that mishandles certain kinds of malformed input
    documents [bnc#979441], [CVE-2016-0718]
  - use spec-cleaner to clean specfile
* Fri Apr 01 2016 crrodriguez@opensuse.org
  - After simplification of expat-visibility.patch, it became
    uneffective as no symbols are getting hidden. add
    - fvisibility=hidden to CFLAGS again.
  - expat-alloc-size.patch: fix braino, realloc()-like functions
    should not take __attribute__(malloc)
* Wed Mar 23 2016 idonmez@suse.com
  - Update to version 2.1.1
    * Fixes CVE-2015-1283 — Multiple integer overflows in the
      XML_GetBuffer function
    * Fix potential null pointer dereference
    * Symbol XML_SetHashSalt was not exported
    * Output of xmlwf -h was incomplete
    * Document behavior of calling XML_SetHashSalt with salt 0
    * Minor improvements to man page xmlwf(1)
  - Simplify expat-visibility.patch, refresh expat-alloc-size.patch
  - Drop config-guess-sub-update.patch, fixed upstream.
* Sat Jul 11 2015 mpluskal@suse.com
  - Cleanup spec file with spec-cleaner
  - Remove old ppc obsoletes/provides

Files

/usr/include/expat.h
/usr/include/expat_config.h
/usr/include/expat_external.h
/usr/lib64/libexpat.so
/usr/lib64/pkgconfig/expat.pc


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 14:00:23 2024