From ce7df1b42ab74fa76dda6d7ec77089470b38f3e01f46eff5fb29934f69b75885 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Tue, 2 Jul 2019 11:47:21 +0000
Subject: [PATCH] Accepting request 713044 from
 home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937)
  * Security fixes:
    - CVE-2018-20843 - Fix extraction of namespace prefixes from
      XML names; XML names with multiple colons could end up in
      the wrong namespace, and take a high amount of RAM and CPU
      resources while processing, opening the door to use for
      denial-of-service attacks
  * Other changes:
    - Autotools/CMake: Utilize -fvisibility=hidden to stop
      exporting non-API symbols
    - Autotools: Add --without-examples and --without-tests
    - Autotools: Modernize configure.ac
    - Autotools: Fix check for -fvisibility=hidden for Clang
    - Autotools: Fix compilation for lack of docbook2x-man
    - CMake: Make libdir of pkgconfig expat.pc support multilib
    - CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
    - Remove fallback to bcopy, assume that memmove(3) exists
- Use docbook2x to build the man pages
- Removed expat-2.2.6-fix-make-clean.patch

OBS-URL: https://build.opensuse.org/request/show/713044
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=75
---
 expat-2.2.6-fix-make-clean.patch | 19 -------------------
 expat-2.2.6.tar.bz2              |  3 ---
 expat-2.2.6.tar.bz2.asc          |  6 ------
 expat-2.2.7.tar.xz               |  3 +++
 expat-2.2.7.tar.xz.asc           |  6 ++++++
 expat.changes                    | 23 +++++++++++++++++++++++
 expat.spec                       | 20 ++++++++++++--------
 7 files changed, 44 insertions(+), 36 deletions(-)
 delete mode 100644 expat-2.2.6-fix-make-clean.patch
 delete mode 100644 expat-2.2.6.tar.bz2
 delete mode 100644 expat-2.2.6.tar.bz2.asc
 create mode 100644 expat-2.2.7.tar.xz
 create mode 100644 expat-2.2.7.tar.xz.asc

diff --git a/expat-2.2.6-fix-make-clean.patch b/expat-2.2.6-fix-make-clean.patch
deleted file mode 100644
index 5976c09..0000000
--- a/expat-2.2.6-fix-make-clean.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Author: Bernhard M. Wiedemann <bwiedemann suse de>
-Date: 2019-02-07
-
-Do not clean files that are shipped in the tarball
-and that we cannot create with 'make'
-to fix building with profile guided optimizations
-Index: expat-2.2.6/doc/Makefile.in
-===================================================================
---- expat-2.2.6.orig/doc/Makefile.in
-+++ expat-2.2.6/doc/Makefile.in
-@@ -572,7 +572,7 @@ clean-local: clean-local-check
- 
- .PHONY: clean-local-check
- clean-local-check:
--	$(RM) xmlwf.1
-+	#$(RM) xmlwf.1
- 
- # Tell versions [3.59,3.63) of GNU make to not export all variables.
- # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/expat-2.2.6.tar.bz2 b/expat-2.2.6.tar.bz2
deleted file mode 100644
index da78803..0000000
--- a/expat-2.2.6.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:17b43c2716d521369f82fc2dc70f359860e90fa440bea65b3b85f0b246ea81f2
-size 513322
diff --git a/expat-2.2.6.tar.bz2.asc b/expat-2.2.6.tar.bz2.asc
deleted file mode 100644
index e61f8f4..0000000
--- a/expat-2.2.6.tar.bz2.asc
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQQ9fpWdifrP7jg3GSGwC8ZqQBoWAAUCW3Qi/wAKCRCwC8ZqQBoW
-AFThAKDKcZGKjkK91qJ/VeIp4paY6zWmngCbByWF9v7qt+PV35VYDa5Djwrmgt4=
-=z9yn
------END PGP SIGNATURE-----
diff --git a/expat-2.2.7.tar.xz b/expat-2.2.7.tar.xz
new file mode 100644
index 0000000..b7b3e04
--- /dev/null
+++ b/expat-2.2.7.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:30e3f40acf9a8fdbd5c379bdcc8d1178a1d9af306de29fc8ece922bc4c57bef8
+size 424264
diff --git a/expat-2.2.7.tar.xz.asc b/expat-2.2.7.tar.xz.asc
new file mode 100644
index 0000000..2eee835
--- /dev/null
+++ b/expat-2.2.7.tar.xz.asc
@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQQ9fpWdifrP7jg3GSGwC8ZqQBoWAAUCXQpmTQAKCRCwC8ZqQBoW
+AEIpAJ9+jIcvEUpNEhXku8RShzGrE5gc3gCgml4U3lnpbC7+avvh3F17U7+vSuE=
+=Jbtz
+-----END PGP SIGNATURE-----
diff --git a/expat.changes b/expat.changes
index 10eacea..e3ba656 100644
--- a/expat.changes
+++ b/expat.changes
@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Tue Jul  2 10:33:51 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937)
+  * Security fixes:
+    - CVE-2018-20843 - Fix extraction of namespace prefixes from
+      XML names; XML names with multiple colons could end up in
+      the wrong namespace, and take a high amount of RAM and CPU
+      resources while processing, opening the door to use for
+      denial-of-service attacks
+  * Other changes:
+    - Autotools/CMake: Utilize -fvisibility=hidden to stop
+      exporting non-API symbols
+    - Autotools: Add --without-examples and --without-tests
+    - Autotools: Modernize configure.ac
+    - Autotools: Fix check for -fvisibility=hidden for Clang
+    - Autotools: Fix compilation for lack of docbook2x-man
+    - CMake: Make libdir of pkgconfig expat.pc support multilib
+    - CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
+    - Remove fallback to bcopy, assume that memmove(3) exists
+- Use docbook2x to build the man pages
+- Removed expat-2.2.6-fix-make-clean.patch
+
 -------------------------------------------------------------------
 Thu Feb  7 10:45:14 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
 
diff --git a/expat.spec b/expat.spec
index bd3d146..3afc154 100644
--- a/expat.spec
+++ b/expat.spec
@@ -16,19 +16,19 @@
 #
 
 
-%global unversion 2_2_6
+%global unversion 2_2_7
 Name:           expat
-Version:        2.2.6
+Version:        2.2.7
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT
 Group:          Development/Libraries/C and C++
 URL:            http://libexpat.github.io
-Source0:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.bz2
+Source0:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz
 Source1:        %{name}faq.html
 Source2:        baselibs.conf
-Source3:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.bz2.asc
-Patch0:         expat-2.2.6-fix-make-clean.patch
+Source3:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz.asc
+BuildRequires:  docbook2x
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -63,7 +63,6 @@ in libexpat.
 
 %prep
 %setup -q
-%patch0 -p1
 
 cp %{SOURCE1} .
 rm -f examples/*.dsp
@@ -72,7 +71,8 @@ rm -f examples/*.dsp
 %configure \
   --disable-silent-rules \
   --docdir="%{_docdir}/%{name}" \
-  --disable-static
+  --disable-static \
+  --with-docbook
 %if 0%{?do_profiling}
   make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}"
   make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" LDFLAGS="%{optflags} %{cflags_profile_generate}" check
@@ -94,7 +94,11 @@ make %{?_smp_mflags} check
 
 %files
 %{_docdir}/%{name}
-%license COPYING
+%if 0%{?suse_version} > 1315
+ %license COPYING
+%else
+ %doc COPYING
+%endif
 %doc README.md expatfaq.html
 %doc doc/expat.png doc/reference.html doc/style.css doc/valid-xhtml10.png
 %doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in