Accepting request 713395 from devel:libraries:c_c++

- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937) * Security fixes: - CVE-2018-20843 - Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks * Other changes: - Autotools/CMake: Utilize -fvisibility=hidden to stop exporting non-API symbols - Autotools: Add --without-examples and --without-tests - Autotools: Modernize configure.ac - Autotools: Fix check for -fvisibility=hidden for Clang - Autotools: Fix compilation for lack of docbook2x-man - CMake: Make libdir of pkgconfig expat.pc support multilib - CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR - Remove fallback to bcopy, assume that memmove(3) exists - Removed expat-2.2.6-fix-make-clean.patch OBS-URL: https://build.opensuse.org/request/show/713395 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=57
2019-07-08 13:00:07 +00:00 · 2019-07-08 13:00:07 +00:00 · 463e018de3
commit 463e018de3
parent 66c7d5ac26 2f8abc6cde
7 changed files with 35 additions and 35 deletions
--- a/expat-2.2.6-fix-make-clean.patch
+++ b/expat-2.2.6-fix-make-clean.patch
@ -1,19 +0,0 @@
-Author: Bernhard M. Wiedemann <bwiedemann suse de>
-Date: 2019-02-07
-
-Do not clean files that are shipped in the tarball
-and that we cannot create with 'make'
-to fix building with profile guided optimizations
-Index: expat-2.2.6/doc/Makefile.in
-===================================================================
--- expat-2.2.6.orig/doc/Makefile.in
-+++ expat-2.2.6/doc/Makefile.in
-@@ -572,7 +572,7 @@ clean-local: clean-local-check
- 
- .PHONY: clean-local-check
- clean-local-check:
-	$(RM) xmlwf.1
-+	#$(RM) xmlwf.1
- 
- # Tell versions [3.59,3.63) of GNU make to not export all variables.
- # Otherwise a system limit (for SysV at least) may be exceeded.
--- a/expat-2.2.6.tar.bz2
+++ b/expat-2.2.6.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:17b43c2716d521369f82fc2dc70f359860e90fa440bea65b3b85f0b246ea81f2
-size 513322
--- a/expat-2.2.6.tar.bz2.asc
+++ b/expat-2.2.6.tar.bz2.asc
@ -1,6 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQQ9fpWdifrP7jg3GSGwC8ZqQBoWAAUCW3Qi/wAKCRCwC8ZqQBoW
-AFThAKDKcZGKjkK91qJ/VeIp4paY6zWmngCbByWF9v7qt+PV35VYDa5Djwrmgt4=
-=z9yn
-----END PGP SIGNATURE-----
--- a/expat-2.2.7.tar.xz
+++ b/expat-2.2.7.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:30e3f40acf9a8fdbd5c379bdcc8d1178a1d9af306de29fc8ece922bc4c57bef8
+size 424264
--- a/expat-2.2.7.tar.xz.asc
+++ b/expat-2.2.7.tar.xz.asc
@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQQ9fpWdifrP7jg3GSGwC8ZqQBoWAAUCXQpmTQAKCRCwC8ZqQBoW
+AEIpAJ9+jIcvEUpNEhXku8RShzGrE5gc3gCgml4U3lnpbC7+avvh3F17U7+vSuE=
+=Jbtz
+-----END PGP SIGNATURE-----
--- a/expat.changes
+++ b/expat.changes
@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Tue Jul  2 10:33:51 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937)
+  * Security fixes:
+    - CVE-2018-20843 - Fix extraction of namespace prefixes from
+      XML names; XML names with multiple colons could end up in
+      the wrong namespace, and take a high amount of RAM and CPU
+      resources while processing, opening the door to use for
+      denial-of-service attacks
+  * Other changes:
+    - Autotools/CMake: Utilize -fvisibility=hidden to stop
+      exporting non-API symbols
+    - Autotools: Add --without-examples and --without-tests
+    - Autotools: Modernize configure.ac
+    - Autotools: Fix check for -fvisibility=hidden for Clang
+    - Autotools: Fix compilation for lack of docbook2x-man
+    - CMake: Make libdir of pkgconfig expat.pc support multilib
+    - CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
+    - Remove fallback to bcopy, assume that memmove(3) exists
+- Removed expat-2.2.6-fix-make-clean.patch
+
 -------------------------------------------------------------------
 Thu Feb  7 10:45:14 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>

--- a/expat.spec
+++ b/expat.spec
@ -16,19 +16,18 @@
 #


-%global unversion 2_2_6
+%global unversion 2_2_7
 Name:           expat
-Version:        2.2.6
+Version:        2.2.7
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT
 Group:          Development/Libraries/C and C++
 URL:            http://libexpat.github.io
-Source0:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.bz2
+Source0:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz
 Source1:        %{name}faq.html
 Source2:        baselibs.conf
-Source3:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.bz2.asc
-Patch0:         expat-2.2.6-fix-make-clean.patch
+Source3:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz.asc
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@ -63,7 +62,6 @@ in libexpat.

 %prep
 %setup -q
-%patch0 -p1

 cp %{SOURCE1} .
 rm -f examples/*.dsp
@ -99,7 +97,6 @@ make %{?_smp_mflags} check
 %doc doc/expat.png doc/reference.html doc/style.css doc/valid-xhtml10.png
 %doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in
 %doc AUTHORS Changes
-%{_mandir}/man?/*
 %{_bindir}/xmlwf

 %files -n libexpat1