Latest upstream release: 2.4.0 Current version/release in rawhide: 2.3.0-1.fc35 URL: https://libexpat.github.io/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/770/
Skipping the scratch build because an SRPM could not be built: ['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-lxdiaaz3/expat.spec'] returned 1: b'error: line 5: unclosed macro or bad line continuation\n'
Latest upstream release: 2.4.1 Current version/release in rawhide: 2.3.0-1.fc35 URL: https://libexpat.github.io/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/770/
Skipping the scratch build because an SRPM could not be built: ['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-ilrbdgcb/expat.spec'] returned 1: b'error: line 5: unclosed macro or bad line continuation\n'
(In reply to Upstream Release Monitoring from comment #2) > Latest upstream release: 2.4.1 > Current version/release in rawhide: 2.3.0-1.fc35 > URL: https://libexpat.github.io/ > Based on the information from anitya: https://release-monitoring.org/project/770/ 2.4.0, among other, fixes security bugs: Security fixes: #34 #466 #484 CVE-2013-0340/CWE-776 Protect against billion laughs attacks (denial-of-service; flavors targeting CPU time or RAM or both, leveraging general entities or parameter entities or both) by tracking and limiting the input amplification factor (<amplification> := (<direct> + <indirect>) / <direct>). By conservative default, amplification up to a factor of 100.0 is tolerated and rejection only starts after 8 MiB of output bytes (=<direct> + <indirect>) have been processed. The fix adds the following to the API: - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to signals this specific condition. - Two new API functions .. - XML_SetBillionLaughsAttackProtectionMaximumAmplification and - XML_SetBillionLaughsAttackProtectionActivationThreshold .. to further tighten billion laughs protection parameters when desired. Please see file "doc/reference.html" for details. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. - Two new XML_FEATURE_* constants .. - that can be queried using the XML_GetFeatureList function, and - that are shown in "xmlwf -v" output. - Two new environment variable switches .. - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and - EXPAT_ENTITY_DEBUG=(0|1) .. for runtime debugging of accounting and entity processing. Specific behavior of these values may change in the future. - Two new command line arguments "-a FACTOR" and "-b BYTES" for xmlwf to further tighten billion laughs protection parameters when desired. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat.
FEDORA-2021-ff00e58672 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ff00e58672
FEDORA-2021-ff00e58672 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2021-523ee0a81e has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-523ee0a81e
FEDORA-2021-523ee0a81e has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-523ee0a81e` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-523ee0a81e See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-523ee0a81e has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2021-b84d81929a has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-b84d81929a
FEDORA-2021-b84d81929a has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-b84d81929a` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-b84d81929a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-b84d81929a has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.