Sync from SUSE:SLFO:Main perl-XML-Twig revision 3c607f746e4ae868a09809cc2725fa9f
This commit is contained in:
commit
1dc3986b65
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
|
@ -0,0 +1,23 @@
|
|||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
BIN
XML-Twig-3.52.tar.gz
(Stored with Git LFS)
Normal file
BIN
XML-Twig-3.52.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
28
cpanspec.yml
Normal file
28
cpanspec.yml
Normal file
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
#description_paragraphs: 3
|
||||
#no_testing: broken upstream
|
||||
#sources:
|
||||
# - source1
|
||||
# - source2
|
||||
patches:
|
||||
perl-XML-Twig-CVE-2016-9180.patch: -p1
|
||||
preamble: |-
|
||||
BuildRequires: expat
|
||||
BuildRequires: perl-HTML-Tidy
|
||||
BuildRequires: perl-IO-CaptureOutput
|
||||
BuildRequires: perl-Test-Exception
|
||||
BuildRequires: perl-Test-Pod
|
||||
BuildRequires: perl-Text-Iconv
|
||||
BuildRequires: perl-Text-Wrapper
|
||||
BuildRequires: perl-Tie-IxHash
|
||||
BuildRequires: perl-Unicode-Map8
|
||||
BuildRequires: perl-XML-Filter-BufferText
|
||||
BuildRequires: perl-XML-Handler-YAWriter
|
||||
BuildRequires: perl-XML-Parser
|
||||
BuildRequires: perl-XML-SAX-Writer
|
||||
BuildRequires: perl-XML-Simple
|
||||
BuildRequires: perl-XML-XPath
|
||||
BuildRequires: perl-XML-XPathEngine
|
||||
Requires: expat
|
||||
Requires: perl-XML-Parser
|
||||
Requires: perl(Encode)
|
85
perl-XML-Twig-CVE-2016-9180.patch
Normal file
85
perl-XML-Twig-CVE-2016-9180.patch
Normal file
|
@ -0,0 +1,85 @@
|
|||
Description: Update documentation for XML::Twig.
|
||||
Mention problems with expand_external_ents and add
|
||||
information about new no_xxe argument.
|
||||
.
|
||||
Additionally add tests for both expand_external_ents and no_xxe.
|
||||
Origin: vendor
|
||||
Bug: https://rt.cpan.org/Public/Bug/Display.html?id=118097
|
||||
Bug-Debian: https://bugs.debian.org/842893
|
||||
Author: gregor herrmann <gregoa@debian.org>
|
||||
Last-Update: 2019-03-30
|
||||
|
||||
--- a/Twig_pm.slow
|
||||
+++ b/Twig_pm.slow
|
||||
@@ -10454,6 +10454,15 @@
|
||||
pubid => <pubid> }). Yes, this is a bit of a hack, but it's useful in some
|
||||
cases.
|
||||
|
||||
+B<WARNING>: setting expand_external_ents to 0 or -1 currently doesn't work
|
||||
+as expected; cf. L<https://rt.cpan.org/Public/Bug/Display.html?id=118097>.
|
||||
+To completely turn off expanding external entities use C<no_xxe>.
|
||||
+
|
||||
+=item no_xxe
|
||||
+
|
||||
+If this argument is set to a true value, expanding of external entities is
|
||||
+turned off.
|
||||
+
|
||||
=item load_DTD
|
||||
|
||||
If this argument is set to a true value, C<parse> or C<parsefile> on the twig
|
||||
--- /dev/null
|
||||
+++ b/t/CVE-2016-9180.t
|
||||
@@ -0,0 +1,41 @@
|
||||
+#!/usr/bin/perl
|
||||
+
|
||||
+use strict;
|
||||
+use warnings;
|
||||
+use Test::More;
|
||||
+use Test::Exception;
|
||||
+
|
||||
+BEGIN { use_ok('XML::Twig'); }
|
||||
+
|
||||
+my $twig = XML::Twig->new( expand_external_ents => 1 );
|
||||
+$twig->parsefile('t/CVE-2016-9180.xml');
|
||||
+my $result = $twig->sprint;
|
||||
+like( $result, qr/Boom/, 'external entity expanded (expand_external_ents 1)' );
|
||||
+
|
||||
+TODO: {
|
||||
+ local $TODO = 'This test currently fails: https://rt.cpan.org/Public/Bug/Display.html?id=118097';
|
||||
+
|
||||
+$twig = XML::Twig->new( expand_external_ents => 0 );
|
||||
+$twig->parsefile('t/CVE-2016-9180.xml');
|
||||
+$result = $twig->sprint;
|
||||
+unlike( $result, qr/Boom/,
|
||||
+ 'external entity not expanded (expand_external_ents 0)' );
|
||||
+
|
||||
+$twig = XML::Twig->new( expand_external_ents => -1 );
|
||||
+$twig->parsefile('t/CVE-2016-9180.xml');
|
||||
+$result = $twig->sprint;
|
||||
+unlike( $result, qr/Boom/,
|
||||
+ 'external entity not expanded and no fail (expand_external_ents -1)' );
|
||||
+
|
||||
+}
|
||||
+
|
||||
+$twig = XML::Twig->new( no_xxe => 1 );
|
||||
+throws_ok { $twig->parsefile('t/CVE-2016-9180.xml') } qr/cannot expand &xxe;/,
|
||||
+ 'external entity not expanded (no_xxe 1)';
|
||||
+
|
||||
+$twig = XML::Twig->new( no_xxe => 0 );
|
||||
+$twig->parsefile('t/CVE-2016-9180.xml');
|
||||
+$result = $twig->sprint;
|
||||
+like( $result, qr/Boom/, 'external entity expanded (no_xxe 0)' );
|
||||
+
|
||||
+done_testing();
|
||||
--- /dev/null
|
||||
+++ b/t/CVE-2016-9180.txt
|
||||
@@ -0,0 +1 @@
|
||||
+Boom
|
||||
--- /dev/null
|
||||
+++ b/t/CVE-2016-9180.xml
|
||||
@@ -0,0 +1,5 @@
|
||||
+<?xml version="1.0"?>
|
||||
+<!DOCTYPE foo [
|
||||
+ <!ENTITY xxe PUBLIC "bar" "CVE-2016-9180.txt">
|
||||
+]>
|
||||
+<root>&xxe;</root>
|
236
perl-XML-Twig.changes
Normal file
236
perl-XML-Twig.changes
Normal file
|
@ -0,0 +1,236 @@
|
|||
-------------------------------------------------------------------
|
||||
Mon Jul 13 17:35:09 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||
|
||||
- Security fix [bsc#1008644, CVE-2016-9180]
|
||||
* Setting expand_external_ents to 0 or -1 currently doesn't work
|
||||
as expected; To completely turn off expanding external entities
|
||||
use no_xxe.
|
||||
* Update documentation for XML::Twig to mention problems with
|
||||
expand_external_ents and add information about new no_xxe argument
|
||||
* Add test CVE-2016-9180.t
|
||||
* Add test build-requirements:
|
||||
perl-Test-Exception, perl-Text-Iconv, perl-Unicode-Map8
|
||||
- Add perl-XML-Twig-CVE-2016-9180.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 24 07:28:15 UTC 2016 - coolo@suse.com
|
||||
|
||||
- updated to 3.52
|
||||
see /usr/share/doc/packages/perl-XML-Twig/Changes
|
||||
|
||||
3.52 - 2016-11-23 - minor maintenance release
|
||||
|
||||
- fixed: the previous fix was buggy...
|
||||
|
||||
3.51 - 2016-11-23 - minor maintenance release
|
||||
|
||||
- fixed: failing tests when XML::XPathEngine and XML::XPath not available
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 23 07:26:06 UTC 2016 - coolo@suse.com
|
||||
|
||||
- updated to 3.50
|
||||
see /usr/share/doc/packages/perl-XML-Twig/Changes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 14 19:18:33 UTC 2015 - coolo@suse.com
|
||||
|
||||
- updated to 3.49
|
||||
see /usr/share/doc/packages/perl-XML-Twig/Changes
|
||||
|
||||
3.49 - 2015-03-24
|
||||
|
||||
- added: the DTD_base option to XML::Twig new, that forces XML::Twig to look
|
||||
for the DTD in a given directory
|
||||
thanks to Arun lakhana for the idea
|
||||
|
||||
- fixed: XML::Parser 2.43 caused a failure in the tests due to a change in
|
||||
its behaviour when die-ing.
|
||||
|
||||
- fixed: prevent PAUSE from trying to index packages that are only used
|
||||
for monkey patching (to re-use XML::XPath as the XPath engine for
|
||||
XML::Twig::XPath). Will also prevent UNAUTHORIZED flag on metacpan.
|
||||
patch sent by Graham Knop
|
||||
|
||||
- fixed: RT #96009
|
||||
keep_atts_order => 0 behaviour. Spotted by Dolmen
|
||||
https://rt.cpan.org/Public/Bug/Display.html?id=96009
|
||||
|
||||
- fixed bug RT #97461
|
||||
wrong error message was returned calling parse on an invalid filehandle
|
||||
Thanks to Slaven Rezic for the bug report and test case
|
||||
https://rt.cpan.org/Public/Bug/Display.html?id=97461
|
||||
|
||||
- fixed: RT #98801
|
||||
COMPATIBILITY WARNING
|
||||
inconsistency between simplify and XML::Simple for empty elements (including
|
||||
elements with start and end tags but no contents)
|
||||
the XML::Simple behaviour is to map them to an empty hash, not an
|
||||
empty/undef scalar (depending of whether the element is a PCDATA or not)
|
||||
as was the case in previous versions of the module.
|
||||
This has the potential to break some existing code, but simplify should be
|
||||
strictly the same as XML::Simple's XMLin
|
||||
Thanks to Vangelis Katsikaros for the bug report and test case
|
||||
https://rt.cpan.org/Public/Bug/Display.html?id=98801
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 15 15:15:20 UTC 2014 - coolo@suse.com
|
||||
|
||||
- updated to 3.48
|
||||
- fixed: missing entities when parsing HTML
|
||||
RT #93604 https://rt.cpan.org/Public/Bug/Display.html?id=93604
|
||||
|
||||
- fixed: tests failed when using a version of HTML::TreeBuilder with a non-numeric version
|
||||
|
||||
- fixed in twig_handlers, '=' in regexps on attributes are turned into 'eq'
|
||||
RT #94295 https://rt.cpan.org/Public/Bug/Display.html?id=94295
|
||||
|
||||
- fixed: test failed on Windows
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Mar 15 13:03:31 UTC 2014 - coolo@suse.com
|
||||
|
||||
- updated to 3.46
|
||||
- fixed: link to idented_a format description
|
||||
RT #85400 https://rt.cpan.org/Public/Bug/Display.html?id=85400
|
||||
fixed by Martin McGrath
|
||||
|
||||
- fixed: code that gave a warning in 5.19.9
|
||||
|
||||
- fixed: RT #86651 https://rt.cpan.org/Ticket/Display.html?id=86773
|
||||
xml_pp, quote not escaped in attribute values
|
||||
|
||||
- fixed various typos in docs RT#87660
|
||||
thanks to David Steinbrunner
|
||||
|
||||
- fixed: RT #86773 https://rt.cpan.org/Ticket/Display.html?id=86773
|
||||
CDATA sections in HTML were not properly escaped when using the
|
||||
(default) HTML::TreeBuilder conversion
|
||||
spotted by Marco Pessotto
|
||||
|
||||
- fixed: RT #85933 https://rt.cpan.org/Ticket/Display.html?id=85933
|
||||
quotes in attributes were not properly escaped
|
||||
dpotted by Arun Lakhana
|
||||
|
||||
- added: docs for tools and safe_print_to_file
|
||||
|
||||
- added: support for XPath variables
|
||||
thanks to Nathan Glenn for the initial implementation
|
||||
|
||||
- updated: Changes to conform to CPAN::Changes + test
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 4 17:10:56 UTC 2013 - coolo@suse.com
|
||||
|
||||
- updated to 3.44
|
||||
# minor maintenance release
|
||||
added: XML::Twig::Elt new method now acccepts literal content, eg
|
||||
my $e= XML::Twig::Elt->new( '<div><p>foo</p><p>bar</p></div>');
|
||||
fixed: merge had some problems dealing with embedded comments
|
||||
improved: more tests
|
||||
|
||||
improved: docs for parse, see RT #78877
|
||||
https://rt.cpan.org/Ticket/Display.html?id=78877
|
||||
fixed: xml_pp -i now preserves the permissions of the
|
||||
original file, see RT #81165
|
||||
https://rt.cpan.org/Ticket/Display.html?id=81165
|
||||
reported by Alberto Simoes
|
||||
fixed: RT #80503 Newlines in attribute values
|
||||
https://rt.cpan.org/Ticket/Display.html?id=80503
|
||||
reported (and explained) by Ambrus Zsban: \r, \n
|
||||
and \n explicitely set in attribute values should
|
||||
be escaped (with &#x<nb>;) when output
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 15 10:29:16 UTC 2013 - idonmez@suse.com
|
||||
|
||||
- Add Source URL, see https://en.opensuse.org/SourceUrls
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 27 08:29:14 UTC 2012 - dap.darkness@gmail.com
|
||||
|
||||
- update to 3.42
|
||||
* fixed: bug, elements created with XML::Twig::Elt
|
||||
* added: some tests
|
||||
- passed the spec file through spec cleaner
|
||||
- strip %clean section (not needed on BS)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 23 16:33:24 UTC 2011 - vcizek@suse.com
|
||||
|
||||
- update to 3.39
|
||||
- no upstream changelog,
|
||||
see https://github.com/mirod/xmltwig/commits/master
|
||||
for individual commits
|
||||
- licence correction
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Feb 27 23:43:46 UTC 2011 - pascal.bleser@opensuse.org
|
||||
|
||||
- update to 3.38:
|
||||
* fixed: RT#65865: _ should be allowed at the start on an XML name
|
||||
* removed: making att and class lvalues created problems: in certain context
|
||||
they made regular calls to the method create empty attributes. I
|
||||
could find no satisfactory fix,they were either incompletes, or to complex
|
||||
for often used methods. So att and class are back to being regular, non
|
||||
l-value methods. latt and lclass are the l-value versions.
|
||||
* added: documented the -html option for xml_grep, that allows processing
|
||||
HTML input
|
||||
* added: the -Tidy option to xml_grep, that uses HTML::Tidy to convert HTML
|
||||
to XML
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 16 13:39:34 CET 2010 - anicka@suse.cz
|
||||
|
||||
- update to 3.37
|
||||
*fixed: more tests fixed for HTML::TreeBuilder, hopefully
|
||||
will pass now
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 1 13:36:22 UTC 2010 - coolo@novell.com
|
||||
|
||||
- switch to perl_requires macro
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 29 18:32:30 UTC 2010 - coolo@novell.com
|
||||
|
||||
- remove /var/adm/perl-modules
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 7 18:13:15 CEST 2010 - anicka@suse.cz
|
||||
|
||||
- update to 3.36
|
||||
* bugfixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 16 15:13:02 CEST 2010 - anicka@suse.cz
|
||||
|
||||
- update to 3.35
|
||||
* bugfixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 25 13:41:30 CET 2010 - anicka@suse.cz
|
||||
|
||||
- update to 3.34
|
||||
* bugfixes, test suite fixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 21 10:57:58 CET 2007 - anicka@suse.cz
|
||||
|
||||
- update to 3.32
|
||||
* bugfixes, test fixes
|
||||
* fixed a couple of bugs in namespace handling
|
||||
* added the XML::Twig::Elt fields method which returns a list of
|
||||
fields
|
||||
* added the normalize method in XML::Twig and XML::Twig::Elt
|
||||
* added the indented_a / cvs format for pretty_print,
|
||||
* Added the XML::Twig method finish_now that terminates parsing
|
||||
immediately, without checking the rest of the XML.
|
||||
* HTML parsing improved: XML::Twig now tries to find the proper
|
||||
encoding for the document
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 18 16:55:24 CEST 2007 - anicka@suse.cz
|
||||
|
||||
- package created (version 3.29) [#297511]
|
||||
|
96
perl-XML-Twig.spec
Normal file
96
perl-XML-Twig.spec
Normal file
|
@ -0,0 +1,96 @@
|
|||
#
|
||||
# spec file for package perl-XML-Twig
|
||||
#
|
||||
# Copyright (c) 2020 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
Name: perl-XML-Twig
|
||||
Version: 3.52
|
||||
Release: 0
|
||||
%define cpan_name XML-Twig
|
||||
Summary: Perl Module for Processing Huge Xml Documents in Tree Mode
|
||||
License: Artistic-1.0 OR GPL-1.0-or-later
|
||||
Group: Development/Libraries/Perl
|
||||
URL: https://metacpan.org/release/%{cpan_name}
|
||||
Source0: https://www.cpan.org/authors/id/M/MI/MIROD/%{cpan_name}-%{version}.tar.gz
|
||||
Source1: cpanspec.yml
|
||||
Patch0: perl-XML-Twig-CVE-2016-9180.patch
|
||||
BuildArch: noarch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: perl
|
||||
BuildRequires: perl-macros
|
||||
BuildRequires: perl(XML::Parser) >= 2.23
|
||||
Requires: perl(XML::Parser) >= 2.23
|
||||
%{perl_requires}
|
||||
# MANUAL BEGIN
|
||||
BuildRequires: expat
|
||||
BuildRequires: perl-HTML-Tidy
|
||||
BuildRequires: perl-IO-CaptureOutput
|
||||
BuildRequires: perl-Test-Exception
|
||||
BuildRequires: perl-Test-Pod
|
||||
BuildRequires: perl-Text-Iconv
|
||||
BuildRequires: perl-Text-Wrapper
|
||||
BuildRequires: perl-Tie-IxHash
|
||||
BuildRequires: perl-Unicode-Map8
|
||||
BuildRequires: perl-XML-Filter-BufferText
|
||||
BuildRequires: perl-XML-Handler-YAWriter
|
||||
BuildRequires: perl-XML-Parser
|
||||
BuildRequires: perl-XML-SAX-Writer
|
||||
BuildRequires: perl-XML-Simple
|
||||
BuildRequires: perl-XML-XPath
|
||||
BuildRequires: perl-XML-XPathEngine
|
||||
Requires: expat
|
||||
Requires: perl-XML-Parser
|
||||
Requires: perl(Encode)
|
||||
# MANUAL END
|
||||
|
||||
%description
|
||||
This module provides a way to process XML documents. It is build on top of
|
||||
'XML::Parser'.
|
||||
|
||||
The module offers a tree interface to the document, while allowing you to
|
||||
output the parts of it that have been completely processed.
|
||||
|
||||
It allows minimal resource (CPU and memory) usage by building the tree only
|
||||
for the parts of the documents that need actual processing, through the use
|
||||
of the 'twig_roots ' and 'twig_print_outside_roots ' options. The 'finish '
|
||||
and 'finish_print ' methods also help to increase performances.
|
||||
|
||||
XML::Twig tries to make simple things easy so it tries its best to takes
|
||||
care of a lot of the (usually) annoying (but sometimes necessary) features
|
||||
that come with XML and XML::Parser.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{cpan_name}-%{version}
|
||||
find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
perl Makefile.PL INSTALLDIRS=vendor
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%check
|
||||
make test
|
||||
|
||||
%install
|
||||
%perl_make_install
|
||||
%perl_process_packlist
|
||||
%perl_gen_filelist
|
||||
|
||||
%files -f %{name}.files
|
||||
%defattr(-,root,root,755)
|
||||
%doc Changes check_optional_modules filter_for_5.005 README speedup Twig_pm.slow
|
||||
|
||||
%changelog
|
Loading…
Reference in New Issue
Block a user