������expat-2.2.5-150000.3.25.1�������������������������������������������������������������������������<���>�������,���������������������������������������������������I�����cYNp9|�����Mϯ͛=ʎ�[V[Xv^I�]gI�)�bM{-�}�I&�LO $z3&VD����ѳ��"dD.eD�$Z\l�mf�
ܼͥ�t»�?P�XkFuea"��qTe��A.��p��VM:k8z�06��xs.Ջ5�E e>{8LA2>%�>g)H3AU�{Н�cyn瀫V�8�W&h:s[�}w"ı���>��������������������>��@p���?������@`�������d��������������������������������������������������������������� �������������� ���/���������������������������������������������������������������������������������������>��������������B���������� ���X��������������x����������������������������������������������������������������� ���������������
�������4���������������|����������������������
�������������������������������������B�����������������������������������������������������������������������������8����������������������(������ ��������8������ ��������9������ \�������:������
�������F������9<�������G������9P�������H������9�������I������9�������X������9�������Y������9�������\������:$�������]������:l�������^������;%�������b������;�������c�������MIT�https://www.suse.com/�Development/Libraries/C and C++�https://libexpat.github.io�linux�ppc64le������
h���������o �����M����P��o ��
��������-��
���uU���<�� B�������x��
A큤A큤������������������������������������cYNcYNY��cYNY��YYcYNYkX�qcYNYȅcYNX�qX�qcYNY��cYN30d865e13152a9469011a62a71562cf6df05cdc1b3b9d2fb070835c85eba28a7��59f14371c6b75912cfebb46e6247ee5146766e803a0365b124e5d3011e7d0877�88b00a657d1c00bdf731963f1de2f238d0cdba845ebafaf6fd0acade4f6e2b86�cbc4120628e6284653815eb544b8b38c43270e67abd4fc34fcbc0f12c046d3a4�b9d221770de63d446eec824d3b1c56198f1d697c26a5984476c65713bd771a75�e73ac0ee5ae5ac19247e3cf4db4c93e04a2221588e1437cf74c2983b0463a84b�88b00a657d1c00bdf731963f1de2f238d0cdba845ebafaf6fd0acade4f6e2b86�68155aaf4e157692f060ea9890b41c0c3d3a939c16b97235e4505edfa4f2f834�8424a5b7dd7bca4cc47ff2463d37ee98aa4294a316f9217a7c13fb3d197ba42a�33d8dc1940e34d91b9c051089540c37e054b091a4a8db756ea93b9fb9f26a538�17bf1974f1868338dd4cee688329ea1bc89dbf783159f1df91e2c00008684307�6c17d918605f7c36b6163e805cf05313ea1f51cbbd9ab74d2be79d9355bf2d2c�3171c274cf2164b65aabeb3e0951afe2f7b2a7f630607c8f38e4513aab308fdb�b7dd5a49f775784c3b1cce797a4d860e544b92bf0ca56a1fdd9f363b67a61799��46336ab2fec900803e2f1a4253e325ac01d998efb09bc6906651f7259e636f76�ee831ca3bad458825fed64464b015741773645daa144ac42b8cf756f5c91c370������������������������������������������������������������������������������������������root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�expat-2.2.5-150000.3.25.1.src.rpm�����������expat�expat(ppc-64)���@���@���@����
���
���
���
libc.so.6()(64bit)�libc.so.6(GLIBC_2.17)(64bit)�libexpat.so.1()(64bit)�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)����3.0.4-1�4.6.0-1�4.0-1�5.2-1�4.14.1�cY!@c1@b#Pb�~aaZ@]o@]�G@Z
}Z
}Z�Y@YYdY[@WW~W=2.4.5] Fix to CVE-2022-25236
breaks biboumi, ClairMeta, jxmlease, libwbxml,
openleadr-python, rnv, xmltodict
- Added expat-CVE-2022-25236-relax-fix.patch�- Security fixes:
* (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs
- Added expat-CVE-2022-25236.patch
* (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
2.4.5 does not check whether a UTF-8 character is valid in a
certain context.
- Added expat-CVE-2022-25235.patch
* (CVE-2022-25313, bsc#1196168) Stack exhaustion in
build_model() via uncontrolled recursion
- Added expat-CVE-2022-25313.patch
- The fix upstream introduced a regression that was later
amended in 2.4.6 version
+ Added expat-CVE-2022-25313-fix-regression.patch
* (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
- Added expat-CVE-2022-25314.patch
* (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
- Added expat-CVE-2022-25315.patch�- Security fix (CVE-2022-23852, bsc#1195054)
* Expat (aka libexpat) before 2.4.4 has a signed integer overflow
in XML_GetBuffer, for configurations with a nonzero
XML_CONTEXT_BYTES
* Add tests for CVE-2022-23852.
* Added expat-CVE-2022-23852.patch
- Security fix (CVE-2022-23990, bsc#1195217)
* Fix unsigned integer overflow in function doProlog triggered
by large content in element type declarations when there is
an element declaration handler present (from a prior call to
XML_SetElementDeclHandler).
* Add expat-CVE-2022-23990.patch�- Security fix (CVE-2021-45960, bsc#1194251)
* A left shift by 29 (or more) places in the storeAtts function
in xmlparse.c can lead to realloc misbehavior.
* Added expat-CVE-2021-45960.patch
- Security fix (CVE-2021-46143, bsc#1194362)
* Integer overflow exists for m_groupSize in doProlog
* Added expat-CVE-2021-46143.patch
- Security fix (CVE-2022-22822, bsc#1194474)
* Integer overflow in addBinding in xmlparse.c
* Added expat-CVE-2022-22822.patch
- Security fix (CVE-2022-22823, bsc#1194476)
* Integer overflow in build_model in xmlparse.c
* Added expat-CVE-2022-22823.patch
- Security fix (CVE-2022-22824, bsc#1194477)
* Integer overflow in defineAttribute in xmlparse.c
* Added expat-CVE-2022-22824.patch
- Security fix (CVE-2022-22825, bsc#1194478)
* Integer overflow in lookup in xmlparse.c
* Added expat-CVE-2022-22825.patch
- Security fix (CVE-2022-22826, bsc#1194479)
* Integer overflow in nextScaffoldPart in xmlparse.c
* Added expat-CVE-2022-22826.patch
- Security fix (CVE-2022-22827, bsc#1194480)
* Integer overflow in storeAtts in xmlparse.c
* Added expat-CVE-2022-22827.patch
- Refresh expat-CVE-2018-20843.patch as a p1 patch.
- Use %autosetup macro�- Security fix (CVE-2019-15903, bsc#1149429)
* Crafted XML input results in heap-based buffer over-read by fooling
the parser into changing from DTD parsing to document parsing
* Added patches:
- expat-CVE-2019-15903.patch
- expat-CVE-2019-15903-tests.patch�- Security fix (CVE-2018-20843, bsc#1139937)
* Large number of colons in input makes parser consume high
amount of resources
* Added expat-CVE-2018-20843.patch�- Expand description of expat-devel.�- Do not generate manpages from docbook
- Temporarily disable profiling due to bug in build system�- Version update to 2.2.5 Tue October 31 2017
* Bug fixes:
- If the parser runs out of memory, make sure its internal
state reflects the memory it actually has, not the memory
it wanted to have.
- The default handler wasn't being called when it should for
a SYSTEM or PUBLIC doctype if an entity declaration handler
was registered.
- Fix a case of mistakenly reported parsing success where
XML_StopParser was called from an element handler
- Function XML_ErrorString was returning NULL rather than
a message for code XML_ERROR_INVALID_ARGUMENT
introduced with release 2.2.1
* Other changes:
- Add argument -N adding notation declarations
- various compiler-specific fixes
- Improve docbook2x-man detection
- drop expat-docbook.patch
* fixed in 0f5186c7b8e503c669e332d944712de010b265f3
- switch to github for release tarballs and website�- Version update to 2.2.4 Sat August 19 2017
* Bug fixes:
[#115] Fix copying of partial characters for UTF-8 input
* Other changes:
[#109] Fix "make check" for non-x86 architectures that default
to unsigned type char (-128..127 rather than 0..255)
[#109] coverage.sh: Cover -funsigned-char
Autotools: Introduce --without-xmlwf argument
[#65] Autotools: Replace handwritten Makefile with GNU Automake
[#43] CMake: Auto-detect high quality entropy extractors, add new
option USE_libbsd=ON to use arc4random_buf of libbsd
[#74] CMake: Add -fno-strict-aliasing only where supported
[#114] CMake: Always honor manually set BUILD_* options
[#114] CMake: Compile man page if docbook2x-man is available, only
[#117] Include file tests/xmltest.log.expected in source tarball
(required for "make run-xmltest")
[#111] Fix some typos in documentation
Version info bumped from 7:5:6 to 7:6:6
- Release 2.2.3 Wed August 2 2017
* Bug fixes:
[#85] Fix a dangling pointer issue related to realloc
* Other changes:
[#91] Linux: Allow getrandom to fail if nonblocking pool has not
yet been initialized and read /dev/urandom then, instead.
This is in line with what recent Python does.
[#86] Check that a UTF-16 encoding in an XML declaration has the
right endianness
[#4] #5 #7 Recover correctly when some reallocations fail
Repair "./configure && make" for systems without any
provider of high quality entropy
and try reading /dev/urandom on those
Ensure that user-defined character encodings have converter
functions when they are needed
Fix mis-leading description of argument -c in xmlwf.1
Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
for CloudABI
[#100] Fix use of SIPHASH_MAIN in siphash.h
[#23] Test suite: Fix memory leaks
Version info bumped from 7:4:6 to 7:5:6
- Release 2.2.2 Wed July 12 2017
* Security fixes:
[#43] Protect against compilation without any source of high
quality entropy enabled, e.g. with CMake build system;
* [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
resulted in NULL dereference, previously;
* Bug fixes:
[#69] Fix improper use of unsigned long long integer literals
* Other changes:
[#73] Start requiring a C99 compiler
[#49] Fix "==" Bashism in configure script
[#58] Address compile warnings
[#68] Fix "./buildconf.sh && ./configure" for some versions
of Dash for /bin/sh
[#72] CMake: Ease use of Expat in context of a parent project
with multiple CMakeLists.txt files
[#72] CMake: Resolve mistaken executable permissions
[#76] Address compile warning with -DNDEBUG (not recommended!)
[#77] Address compile warning about macro redefinition
* Added patch expat-docbook.patch to compile the man pages with
docbook-to-man
* Cleaned spec file with spec-cleaner�- Allow building when do_profiling is undefined�- Build with profiling when possible�- Version update to 2.2.1 Sat June 17 2017
- Security fixes:
CVE-2017-9233 / bsc#1047236 -- External entity infinite loop DoS
Details: https://libexpat.github.io/doc/cve-2017-9233/
Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
- [MOX-002] CVE-2016-9063 / bsc#1047240 -- Detect integer overflow;
(Fixed version of existing downstream patches!)
- (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
longer tag names;
[#25] More integer overflow detection (function poolGrow);
- [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse;
- [MOX-005] #30 Use high quality entropy for hash initialization:
* arc4random_buf on BSD, systems with libbsd
(when configured with --with-libbsd), CloudABI
* RtlGenRandom on Windows XP / Server 2003 and later
* getrandom on Linux 3.17+
In a way, that's still part of CVE-2016-5300.
https://github.com/libexpat/libexpat/pull/30/commits
- [MOX-005] For the low quality entropy extraction fallback code,
the parser instance address can no longer leak,
- [MOX-003] Prevent use of uninitialised variable; commit
- [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
Add missing parameter validation to public API functions
and dedicated error code XML_ERROR_INVALID_ARGUMENT:
- [MOX-006] * NULL checks; commits
* Negative length (XML_Parse); commit
- [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
- [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
to go further with fixing CVE-2012-0876.
https://github.com/libexpat/libexpat/pull/39/commits
- Bug fixes:
[#32] Fix sharing of hash salt across parsers;
relevant where XML_ExternalEntityParserCreate is called
prior to XML_Parse, in particular (e.g. FBReader)
[#28] xmlwf: Auto-disable use of memory-mapping (and parsing
as a single chunk) for files larger than ~1 GB (2^30 bytes)
rather than failing with error "out of memory"
[#3] Fix double free after malloc failure in DTD code; commit
7ae9c3d3af433cd4defe95234eae7dc8ed15637f
[#17] Fix memory leak on parser error for unbound XML attribute
prefix with new namespaces defined in the same tag;
found by Google's OSS-Fuzz; commits
xmlwf on Windows: Add missing calls to CloseHandle
- New features:
[#30] Introduced environment switch EXPAT_ENTROPY_DEBUG=1
for runtime debugging of entropy extraction
Bump version info from 7:2:6 to 7:3:6�- Remove pointless --with-pic (for static only)�- Version update to 2.2.0:
* Fixes bnc#983215 CVE-2012-6702
* Fixes bnc#983216 CVE-2016-5300
* Various cmake and autotools script updates
* Fix detection of utf8 character boundaries
- Remove all patches merged upstream:
* expat-2.1.1-avoid_relying_on_undef_behaviour.patch
* expat-2.1.1-parser_crashes_on_malformed_input.patch
* expat-alloc-size.patch
* expat-visibility.patch�- add expat-2.1.1-avoid_relying_on_undef_behaviour.patch to avoid
relying on undefined behavior in the original CVE-2015-1283 fix
[bnc#980391], [bnc#983985], [CVE-2016-4472]
- add expat-2.1.1-parser_crashes_on_malformed_input.patch to fix
Expat XML parser that mishandles certain kinds of malformed input
documents [bnc#979441], [CVE-2016-0718]
- use spec-cleaner to clean specfile�- After simplification of expat-visibility.patch, it became
uneffective as no symbols are getting hidden. add
- fvisibility=hidden to CFLAGS again.
- expat-alloc-size.patch: fix braino, realloc()-like functions
should not take __attribute__(malloc)�- Update to version 2.1.1
* Fixes CVE-2015-1283 — Multiple integer overflows in the
XML_GetBuffer function
* Fix potential null pointer dereference
* Symbol XML_SetHashSalt was not exported
* Output of xmlwf -h was incomplete
* Document behavior of calling XML_SetHashSalt with salt 0
* Minor improvements to man page xmlwf(1)
- Simplify expat-visibility.patch, refresh expat-alloc-size.patch
- Drop config-guess-sub-update.patch, fixed upstream.�- Cleanup spec file with spec-cleaner
- Remove old ppc obsoletes/provides�nebbiolo 1666797303���������������������������������������������������������������������������������������������������� ���
�����������
��������������������������������������������������������2.2.5-150000.3.25.1�2.2.5-150000.3.25.1�������������������������������������������������������������������������xmlwf�expat�AUTHORS�Changes�Makefile.am�Makefile.in�README.md�changelog�elements.c�expat.png�expatfaq.html�outline.c�reference.html�style.css�valid-xhtml10.png�expat�COPYING�xmlwf.1.gz�/usr/bin/�/usr/share/doc/packages/�/usr/share/doc/packages/expat/�/usr/share/licenses/�/usr/share/licenses/expat/�/usr/share/man/man1/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:26587/SUSE_SLE-15_Update/6646677e968933187df31f8454f69d53-expat.SUSE_SLE-15_Update�drpm�xz�5�ppc64le-suse-linux�������������������������������������������������������������� �����������
ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=3a5ad0146c0c5093d6b3fc79e046816434184a44, for GNU/Linux 3.10.0, stripped�directory�ASCII text�UTF-8 Unicode text�Algol 68 source, ASCII text�C source, ASCII text�PNG image data, 190 x 70, 8-bit grayscale, non-interlaced�HTML document, ASCII text�XML 1.0 document, ASCII text�PNG image data, 88 x 31, 8-bit colormap, interlaced�troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)�������������������������������������������������������������������������������������������������������������������������������������������������R���R���R���9&!Ȩ�jj���q�P����utf-8�2d02052a8643fca108c27567a7dff18e66d76ef82e380f4d7a5413051749cdb1���������?���� ����7zXZ��
���!�����t/�>�B]�"��k%r
k���agrZ�!弢�7�X(�+XeAћ-�Ksʼn"��T�QcJ��uP?ocW[�-:h/�9@��LG�F5uW�E*%qoE�!
p!l`Qcњr9{ ]_�^N�t,
3*,��nai_z�
:{��Yy�bcA�XDx}y-K���k%}~�˿�aRݓdI=3ru|2cD|j$#���&v��4Hv��0{}&��
}!&o&Khnӏ�}!(Ry�Q�H$e8/�[Kjer���R(3F�l�g=-
�T?t?{2�
RBa��)0�}].a8>b߸qNxC�f�h.ד�l?�AuͶ�}Iz0u:0!�}qks*v֛(Ek}Gg �� �g8y销*-HE�P3d5z�R��x�emi?,�-�7Bd.S%�h;JXx\栣�_x"q-=��
pZ"[E/W�3ZkC�;<װ.,ntrAزssd?>�����ت�qm��(NZ�.*
/
52nkA
>qM>h)X[*zQ�/á��Jo;g⮀Y9<�hi*nj
6Mƚ/a?;D%r'fS{>9A��pk�遲��tЙ#S]1!OJYxWy91"`pΟ��MG7�?'i&�\�vb4�7�)M{3= !�]zVnm�Ovo\3ڮ�|䩥~ϿP�Eu'_�f5/k6�{,_o+!YO,ە!�Vpbioe�e5*I�)+�f!s
2%16~$,VQa�]�2�DUi�v^x7,"`q@*2�Ľ7��afZy�
aǬn..BTfN{I�װC^ucJAj�o}~�^a9=b#qV�L
_ͮ��O+�-pU���_ڂf.$=��ޫ�?[%pA"����sAbI`tkS�7��A-O;-��
.��^�=������
YZ