Overview
Request 713395 accepted
- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937)
* Security fixes:
- CVE-2018-20843 - Fix extraction of namespace prefixes from
XML names; XML names with multiple colons could end up in
the wrong namespace, and take a high amount of RAM and CPU
resources while processing, opening the door to use for
denial-of-service attacks
* Other changes:
- Autotools/CMake: Utilize -fvisibility=hidden to stop
exporting non-API symbols
- Autotools: Add --without-examples and --without-tests
- Autotools: Modernize configure.ac
- Autotools: Fix check for -fvisibility=hidden for Clang
- Autotools: Fix compilation for lack of docbook2x-man
- CMake: Make libdir of pkgconfig expat.pc support multilib
- CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
- Remove fallback to bcopy, assume that memmove(3) exists
- Removed expat-2.2.6-fix-make-clean.patch
- Created by scarabeus_iv
- In state accepted
- Supersedes 713045
expat is ring - pulling docbook into ring0 does not tempt me - especially as this would grow even more, as the cycle notification shows:
Package libgpg-error appears in cycle glibc/expat/libgpg-error Package perl-libxml-perl appears in cycle expat/perl-libxml-perl Package perl-XML-DOM appears in cycle expat/perl-XML-DOM Package tidy appears in cycle expat/tidy/libpsl Package libpsl appears in cycle expat/tidy/libpsl Package perl-XML-Parser appears in cycle expat/perl-XML-Parser Package docbook2x appears in cycle expat/docbook2x
Request History
scarabeus_iv created request
- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937)
* Security fixes:
- CVE-2018-20843 - Fix extraction of namespace prefixes from
XML names; XML names with multiple colons could end up in
the wrong namespace, and take a high amount of RAM and CPU
resources while processing, opening the door to use for
denial-of-service attacks
* Other changes:
- Autotools/CMake: Utilize -fvisibility=hidden to stop
exporting non-API symbols
- Autotools: Add --without-examples and --without-tests
- Autotools: Modernize configure.ac
- Autotools: Fix check for -fvisibility=hidden for Clang
- Autotools: Fix compilation for lack of docbook2x-man
- CMake: Make libdir of pkgconfig expat.pc support multilib
- CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
- Remove fallback to bcopy, assume that memmove(3) exists
- Removed expat-2.2.6-fix-make-clean.patch
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
namtrac accepted review
dimstar_suse set openSUSE:Factory:Staging:C as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:C"
dimstar_suse accepted review
Picked openSUSE:Factory:Staging:C
dimstar_suse accepted review
ready to accept
dimstar_suse approved review
ready to accept
dimstar_suse accepted request
Accept to openSUSE:Factory
