forked from pool/expat
643bc0949b
- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474,
bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
* CVE-2021-45960 -- Fix issues with left shifts by >=29 places
resulting in
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
depending on architecture and precise value
for XML documents with >=2^27+1 prefixed attributes
on a single XML tag a la
"<r xmlns:a='[..]' a:a123='[..]' [..] />"
where XML_ParserCreateNS is used to create the parser
(which needs argument "-n" when running xmlwf).
Impact is denial of service, or more.
* CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
on variable m_groupSize in function doProlog leading
to realloc acting as free.
Impact is denial of service or more.
* CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
near memory allocation at multiple places. Mitre assigned
a dedicated CVE for each involved internal C function:
- CVE-2022-22822 for function addBinding
- CVE-2022-22823 for function build_model
- CVE-2022-22824 for function defineAttribute
- CVE-2022-22825 for function lookup
- CVE-2022-22826 for function nextScaffoldPart
- CVE-2022-22827 for function storeAtts
Impact is denial of service or more.
OBS-URL: https://build.opensuse.org/request/show/947286
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=91
114 lines
3.4 KiB
RPMSpec
114 lines
3.4 KiB
RPMSpec
#
|
|
# spec file for package expat
|
|
#
|
|
# Copyright (c) 2022 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%global unversion 2_4_3
|
|
Name: expat
|
|
Version: 2.4.3
|
|
Release: 0
|
|
Summary: XML Parser Toolkit
|
|
License: MIT
|
|
Group: Development/Libraries/C and C++
|
|
URL: https://libexpat.github.io
|
|
Source0: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz
|
|
Source1: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz.asc
|
|
Source2: baselibs.conf
|
|
Source3: %{name}faq.html
|
|
BuildRequires: gcc-c++
|
|
BuildRequires: libtool
|
|
BuildRequires: pkgconfig
|
|
|
|
%description
|
|
Expat is an XML parser library written in C. It is a stream-oriented
|
|
parser in which an application registers handlers for things the
|
|
parser might find in the XML document (like start tags).
|
|
|
|
%package -n libexpat1
|
|
Summary: XML Parser Toolkit
|
|
Group: System/Libraries
|
|
|
|
%description -n libexpat1
|
|
Expat is an XML parser library written in C. It is a stream-oriented
|
|
parser in which an application registers handlers for things the
|
|
parser might find in the XML document (like start tags).
|
|
|
|
%package -n libexpat-devel
|
|
Summary: Development files for expat, an XML parser toolkit
|
|
Group: Development/Libraries/C and C++
|
|
Requires: glibc-devel
|
|
Requires: libexpat1 = %{version}
|
|
|
|
%description -n libexpat-devel
|
|
Expat is an XML parser library written in C. It is a stream-oriented
|
|
parser in which an application registers handlers for things the
|
|
parser might find in the XML document (like start tags).
|
|
|
|
This package contains the development headers for the library found
|
|
in libexpat.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
cp %{SOURCE3} .
|
|
rm -f examples/*.dsp
|
|
|
|
%build
|
|
%configure \
|
|
--disable-silent-rules \
|
|
--docdir="%{_docdir}/%{name}" \
|
|
--disable-static
|
|
%if 0%{?do_profiling}
|
|
%make_build CFLAGS="%{optflags} %{cflags_profile_generate}"
|
|
%make_build CFLAGS="%{optflags} %{cflags_profile_generate}" LDFLAGS="%{optflags} %{cflags_profile_generate}" check
|
|
%make_build clean
|
|
%make_build CFLAGS="%{optflags} %{cflags_profile_feedback}"
|
|
%else
|
|
%make_build CFLAGS="%{optflags}"
|
|
%endif
|
|
|
|
%install
|
|
%make_install
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
|
# Fix permissions error: spurious-executable-perm
|
|
chmod 0644 examples/elements.c
|
|
|
|
%check
|
|
%make_build check
|
|
|
|
%post -n libexpat1 -p /sbin/ldconfig
|
|
%postun -n libexpat1 -p /sbin/ldconfig
|
|
|
|
%files
|
|
%license COPYING
|
|
%doc AUTHORS README.md expatfaq.html
|
|
%doc doc/reference.html doc/style.css doc/valid-xhtml10.png
|
|
%doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in
|
|
%doc changelog
|
|
%{_bindir}/xmlwf
|
|
|
|
%files -n libexpat1
|
|
%{_libdir}/libexpat.so.*
|
|
|
|
%files -n libexpat-devel
|
|
%{_includedir}/*
|
|
%{_libdir}/libexpat.so
|
|
%{_libdir}/pkgconfig/expat.pc
|
|
%dir %{_libdir}/cmake
|
|
%{_libdir}/cmake/expat-%{version}
|
|
|
|
%changelog
|