Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xsd for openSUSE:Factory checked in at 2024-10-30 17:43:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xsd (Old) and /work/SRC/openSUSE:Factory/.xsd.new.2020 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "xsd" Wed Oct 30 17:43:43 2024 rev:11 rq:1219581 version:4.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/xsd/xsd.changes 2023-08-08 15:54:07.344688407 +0200 +++ /work/SRC/openSUSE:Factory/.xsd.new.2020/xsd.changes 2024-10-30 17:43:46.755773220 +0100 @@ -1,0 +2,6 @@ +Wed Oct 30 13:51:59 UTC 2024 - Christophe Marin <christophe@krop.fr> + +- Add patch (CVE-2024-50602, boo#1232580) + * CVE-2024-50602.patch + +------------------------------------------------------------------- New: ---- CVE-2024-50602.patch BETA DEBUG BEGIN: New:- Add patch (CVE-2024-50602, boo#1232580) * CVE-2024-50602.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xsd.spec ++++++ --- /var/tmp/diff_new_pack.YXnZcL/_old 2024-10-30 17:43:47.599808550 +0100 +++ /var/tmp/diff_new_pack.YXnZcL/_new 2024-10-30 17:43:47.603808718 +0100 @@ -30,6 +30,8 @@ Source99: xsd-rpmlintrc # Rename xsd to xsdcxx Patch0: xsdcxx-rename.patch +# PATCH-FIX-UPSTREAM -- CVE-2024-50602 +Patch1: CVE-2024-50602.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: ghostscript ++++++ CVE-2024-50602.patch ++++++ From 0552959d99413279c456e3289ad24db783f579ba Mon Sep 17 00:00:00 2001 From: Christophe Marin <christophe@krop.fr> Date: Wed, 30 Oct 2024 14:50:13 +0100 Subject: [PATCH] Backport fix for CVE-2024-50602 --- libcutl/cutl/details/expat/expat.h | 4 +++- libcutl/cutl/details/expat/xmlparse.c | 9 ++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/libcutl/cutl/details/expat/expat.h b/libcutl/cutl/details/expat/expat.h index f5dd736..85a0f8a 100644 --- a/libcutl/cutl/details/expat/expat.h +++ b/libcutl/cutl/details/expat/expat.h @@ -95,7 +95,9 @@ enum XML_Error { /* Added in 2.0. */ XML_ERROR_RESERVED_PREFIX_XML, XML_ERROR_RESERVED_PREFIX_XMLNS, - XML_ERROR_RESERVED_NAMESPACE_URI + XML_ERROR_RESERVED_NAMESPACE_URI, + /* Added in 2.6.4. */ + XML_ERROR_NOT_STARTED, }; enum XML_Content_Type { diff --git a/libcutl/cutl/details/expat/xmlparse.c b/libcutl/cutl/details/expat/xmlparse.c index d469102..fd9fc79 100644 --- a/libcutl/cutl/details/expat/xmlparse.c +++ b/libcutl/cutl/details/expat/xmlparse.c @@ -1750,6 +1750,9 @@ enum XML_Status XMLCALL XML_StopParser(XML_Parser parser, XML_Bool resumable) { switch (ps_parsing) { + case XML_INITIALIZED: + errorCode = XML_ERROR_NOT_STARTED; + return XML_STATUS_ERROR; case XML_SUSPENDED: if (resumable) { errorCode = XML_ERROR_SUSPENDED; @@ -1760,7 +1763,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) case XML_FINISHED: errorCode = XML_ERROR_FINISHED; return XML_STATUS_ERROR; - default: + case XML_PARSING: if (resumable) { #ifdef XML_DTD if (isParamEntity) { @@ -1772,6 +1775,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) } else ps_parsing = XML_FINISHED; + break; + default: + assert(0); } return XML_STATUS_OK; } @@ -1959,6 +1965,7 @@ XML_ErrorString(enum XML_Error code) XML_L("reserved prefix (xml) must not be undeclared or bound to another namespace name"), XML_L("reserved prefix (xmlns) must not be declared or undeclared"), XML_L("prefix must not be bound to one of the reserved namespace names") + XML_L("parser not started") }; if (code > 0 && code < sizeof(message)/sizeof(message[0])) return message[code]; -- 2.47.0