testing/expat
SHA256
3
0
Fork 0
forked from pool/expat
Code Pull Requests Activity
4587d04dec
expat/expat.spec
Dirk Mueller 4587d04dec Accepting request 956000 from home:david.anes:branches:devel:libraries:c_c++ 
- update to 2.4.5 (bsc#1196171, bsc#1196169, bsc#1196168, 
  bsc#1196026, bsc#1196025):
    * Security fixes:
      - CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
        sequences (e.g. from start tag names) to the XML
        processing application on top of Expat can cause
        arbitrary damage (e.g. code execution) depending
        on how invalid UTF-8 is handled inside the XML
        processor; validation was not their job but Expat's.
        Exploits with code execution are known to exist.
      - CVE-2022-25236 -- Passing (one or more) namespace separator
        characters in "xmlns[:prefix]" attribute values
        made Expat send malformed tag names to the XML
        processor on top of Expat which can cause
        arbitrary damage (e.g. code execution) depending
        on such unexpectable cases are handled inside the XML
        processor; validation was not their job but Expat's.
        Exploits with code execution are known to exist.
      - CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
        that could be triggered by e.g. a 2 megabytes
        file with a large number of opening braces.
        Expected impact is denial of service or potentially
        arbitrary code execution.
      - CVE-2022-25314 -- Fix integer overflow in function copyString;
        only affects the encoding name parameter at parser creation
        time which is often hardcoded (rather than user input),
        takes a value in the gigabytes to trigger, and a 64-bit
        machine.  Expected impact is denial of service.
      - CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
        needs input in the gigabytes and a 64-bit machine.

OBS-URL: https://build.opensuse.org/request/show/956000
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=93
2022-02-20 16:05:20 +00:00

114 lines
3.4 KiB
RPMSpec
Raw Blame History

#
# spec file for package expat
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%global unversion 2_4_5
Name: expat
Version: 2.4.5
Release: 0
Summary: XML Parser Toolkit
License: MIT
Group: Development/Libraries/C and C++
URL: https://libexpat.github.io
Source0: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz
Source1: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz.asc
Source2: baselibs.conf
Source3: %{name}faq.html
BuildRequires: gcc-c++
BuildRequires: libtool
BuildRequires: pkgconfig
%description
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).
%package -n libexpat1
Summary: XML Parser Toolkit
Group: System/Libraries
%description -n libexpat1
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).
%package -n libexpat-devel
Summary: Development files for expat, an XML parser toolkit
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libexpat1 = %{version}
%description -n libexpat-devel
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).
This package contains the development headers for the library found
in libexpat.
%prep
%setup -q
cp %{SOURCE3} .
rm -f examples/*.dsp
%build
%configure \
--disable-silent-rules \
--docdir="%{_docdir}/%{name}" \
--disable-static
%if 0%{?do_profiling}
%make_build CFLAGS="%{optflags} %{cflags_profile_generate}"
%make_build CFLAGS="%{optflags} %{cflags_profile_generate}" LDFLAGS="%{optflags} %{cflags_profile_generate}" check
%make_build clean
%make_build CFLAGS="%{optflags} %{cflags_profile_feedback}"
%else
%make_build CFLAGS="%{optflags}"
%endif
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
# Fix permissions error: spurious-executable-perm
chmod 0644 examples/elements.c
%check
%make_build check
%post -n libexpat1 -p /sbin/ldconfig
%postun -n libexpat1 -p /sbin/ldconfig
%files
%license COPYING
%doc AUTHORS README.md expatfaq.html
%doc doc/reference.html doc/style.css
%doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in
%doc changelog
%{_bindir}/xmlwf
%files -n libexpat1
%{_libdir}/libexpat.so.*
%files -n libexpat-devel
%{_includedir}/*
%{_libdir}/libexpat.so
%{_libdir}/pkgconfig/expat.pc
%dir %{_libdir}/cmake
%{_libdir}/cmake/expat-%{version}
%changelog
View Git Blame Copy Permalink