Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
expat.36378
expat.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File expat.spec of Package expat.36378
# # spec file for package expat # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %global do_profiling 0 %global unversion 2_2_5 Name: expat Version: 2.2.5 Release: 0 Summary: XML Parser Toolkit License: MIT Group: Development/Libraries/C and C++ Url: https://libexpat.github.io Source0: https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.bz2 Source1: %{name}faq.html Source2: baselibs.conf # PATCH-FIX-UPSTREAM bsc#1139937 CVE-2018-20843 pmonrealgonzalez@suse.com -- Fix extraction of namespace prefixes from XML names Patch0: %{name}-CVE-2018-20843.patch # PATCH-FIX-UPSTREAM bsc#1149429 CVE-2019-15903 crafted XML input results in heap-based buffer over-read Patch1: %{name}-CVE-2019-15903.patch Patch2: %{name}-CVE-2019-15903-tests.patch # PATCH-FIX-UPSTREAM bsc#1194251 CVE-2021-45960 a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior # - https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea Patch3: %{name}-CVE-2021-45960.patch # PATCH-FIX-UPSTREAM bsc#1194362 CVE-2021-46143 integer overflow exists for m_groupSize in doProlog # - https://github.com/libexpat/libexpat/pull/538/commits/85ae9a2d7d0e9358f356b33977b842df8ebaec2b Patch4: %{name}-CVE-2021-46143.patch # PATCH-FIX-UPSTREAM bsc#1194474 CVE-2022-22822 integer overflow in addBinding in xmlparse.c # - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e Patch5: %{name}-CVE-2022-22822.patch # PATCH-FIX-UPSTREAM bsc#1194476 CVE-2022-22823 integer overflow in build_model in xmlparse.c # - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e Patch6: %{name}-CVE-2022-22823.patch # PATCH-FIX-UPSTREAM bsc#1194477 CVE-2022-22824 integer overflow in defineAttribute in xmlparse.c # - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e Patch7: %{name}-CVE-2022-22824.patch # PATCH-FIX-UPSTREAM bsc#1194478 CVE-2022-22825 integer overflow in lookup in xmlparse.c # - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e Patch8: %{name}-CVE-2022-22825.patch # PATCH-FIX-UPSTREAM bsc#1194479 CVE-2022-22826 integer overflow in nextScaffoldPart in xmlparse.c # - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e Patch9: %{name}-CVE-2022-22826.patch # PATCH-FIX-UPSTREAM bsc#1194480 CVE-2022-22827 integer overflow in storeAtts in xmlparse.c # - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e Patch10: %{name}-CVE-2022-22827.patch # PATCH-FIX-UPSTREAM bsc#1195054 CVE-2022-23852 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES # - https://github.com/libexpat/libexpat/pull/550/commits/847a645152f5ebc10ac63b74b604d0c1a79fae40 # - https://github.com/libexpat/libexpat/pull/550/commits/acf956f14bf79a5e6383a969aaffec98bfbc2e44 Patch11: %{name}-CVE-2022-23852.patch # PATCH-FIX-UPSTREAM bsc#1195217 CVE-2022-23990: expat: integer overflow in the doProlog function # - https://github.com/libexpat/libexpat/pull/551/commits/ede41d1e186ed2aba88a06e84cac839b770af3a1 Patch12: %{name}-CVE-2022-23990.patch # Stack exhaustion in build_model() via uncontrolled recursion # UPSTREAM-FIX: (CVE-2022-25313, bsc#1196168) https://github.com/libexpat/libexpat/pull/558 Patch13: %{name}-CVE-2022-25313.patch # UPSTREAM-FIX: (CVE-2022-25313) Fix for patch as it introduced a regression: https://github.com/libexpat/libexpat/pull/566 Patch14: %{name}-CVE-2022-25313-fix-regression.patch # Integer overflow in storeRawNames # UPSTREAM-FIX: (CVE-2022-25315, bsc#1196171) https://github.com/libexpat/libexpat/pull/559 Patch15: %{name}-CVE-2022-25315.patch # Integer overflow in copyString # UPSTREAM-FIX: (CVE-2022-25314, bsc#1196169) https://github.com/libexpat/libexpat/pull/560 Patch16: %{name}-CVE-2022-25314.patch # xmlparse.c in Expat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs # UPSTREAM-FIX: (CVE-2022-25236, bsc#1196025) https://github.com/libexpat/libexpat/pull/561 Patch17: %{name}-CVE-2022-25236.patch # xmltok_impl.c in Expat before 2.4.5 does not check whether a UTF-8 character is valid in a certain context. # UPSTREAM-FIX: (CVE-2022-25235, bsc#1196026) https://github.com/libexpat/libexpat/pull/562 Patch18: %{name}-CVE-2022-25235.patch # [>=2.4.5] Fix to CVE-2022-25236 breaks biboumi, ClairMeta, jxmlease, libwbxml, openleadr-python, rnv, xmltodict # UPSTREAM-FIX: (CVE-2022-25236, bsc#1196784) https://github.com/libexpat/libexpat/pull/577 Patch19: %{name}-CVE-2022-25236-relax-fix.patch # use-after-free in the doContent function in xmlparse.c # UPSTREAM-FIX: (CVE-2022-40674, bsc#1203438) https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b Patch20: %{name}-CVE-2022-40674.patch # use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations # UPSTREAM-FIX: (CVE-2022-43680, bsc#1204708) https://github.com/libexpat/libexpat/pull/650 Patch21: %{name}-CVE-2022-43680.patch # detect integer overflow in function nextScaffoldPart # UPSTREAM-FIX: (CVE-2024-45492, bsc#1229932) https://github.com/libexpat/libexpat/pull/892 Patch22: expat-CVE-2024-45492.patch # detect integer overflow in dtdCopy # UPSTREAM-FIX: (bsc#1229931, CVE-2024-45491) https://github.com/libexpat/libexpat/pull/891 Patch23: expat-CVE-2024-45491.patch # reject negative len for XML_ParseBuffer # UPSTREAM-FIX: (bsc#1229930, CVE-2024-45490) https://github.com/libexpat/libexpat/pull/890 Patch24: expat-CVE-2024-45490.patch # CVE-2024-50602 [bsc#1232579], DoS via XML_ResumeParser Patch25: expat-CVE-2024-50602.patch BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: pkgconfig %description Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags). %package -n libexpat1 Summary: XML Parser Toolkit Group: System/Libraries %description -n libexpat1 Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags). %package -n libexpat-devel Summary: Development files for expat, an XML parser toolkit Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libexpat1 = %{version} %description -n libexpat-devel Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags). This package contains the development headers for the library found in libexpat. %prep %autosetup -p1 cp %{SOURCE1} . rm -f examples/*.dsp %build %configure \ --disable-silent-rules \ --without-docbook \ --docdir="%{_docdir}/%{name}" \ --disable-static %if 0%{?do_profiling} make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" LDFLAGS="%{optflags} %{cflags_profile_generate}" check make %{?_smp_mflags} clean make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_feedback}" %else make %{?_smp_mflags} CFLAGS="%{optflags}" %endif %install %make_install find %{buildroot} -type f -name "*.la" -delete -print %check make %{?_smp_mflags} check %post -n libexpat1 -p /sbin/ldconfig %postun -n libexpat1 -p /sbin/ldconfig %files %{_docdir}/%{name} %license COPYING %doc README.md expatfaq.html %doc doc/expat.png doc/reference.html doc/style.css doc/valid-xhtml10.png %doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in %doc AUTHORS Changes %{_mandir}/man?/* %{_bindir}/xmlwf %files -n libexpat1 %{_libdir}/libexpat.so.* %files -n libexpat-devel %{_includedir}/* %{_libdir}/libexpat.so %{_libdir}/pkgconfig/expat.pc %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor