openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File expat.spec of Package expat

#
# spec file for package expat
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#

%global unversion 2_4_4
Name:           expat
Version:        2.4.4
Release:        0
Summary:        XML Parser Toolkit
License:        MIT
Group:          Development/Libraries/C and C++
URL:            https://libexpat.github.io
Source0:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz
Source1:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz.asc
Source2:        baselibs.conf
Source3:        %{name}faq.html

# Stack exhaustion in build_model() via uncontrolled recursion
# UPSTREAM-FIX: (CVE-2022-25313, bsc#1196168) https://github.com/libexpat/libexpat/pull/558
Patch0:         %{name}-CVE-2022-25313.patch
# UPSTREAM-FIX: (CVE-2022-25313) Fix for patch as it introduced a regression: https://github.com/libexpat/libexpat/pull/566
Patch1:         %{name}-CVE-2022-25313-fix-regression.patch

# Integer overflow in storeRawNames
# UPSTREAM-FIX: (CVE-2022-25315, bsc#1196171) https://github.com/libexpat/libexpat/pull/559
Patch2:         %{name}-CVE-2022-25315.patch

# Integer overflow in copyString
# UPSTREAM-FIX: (CVE-2022-25314, bsc#1196169) https://github.com/libexpat/libexpat/pull/560
Patch3:         %{name}-CVE-2022-25314.patch

# xmlparse.c in Expat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs
# UPSTREAM-FIX: (CVE-2022-25236, bsc#1196025) https://github.com/libexpat/libexpat/pull/561
Patch4:         %{name}-CVE-2022-25236.patch

# xmltok_impl.c in Expat before 2.4.5 does not check whether a UTF-8 character is valid in a certain context.
# UPSTREAM-FIX: (CVE-2022-25235, bsc#1196026) https://github.com/libexpat/libexpat/pull/562
Patch5:         %{name}-CVE-2022-25235.patch

# [>=2.4.5] Fix to CVE-2022-25236 breaks biboumi, ClairMeta, jxmlease, libwbxml, openleadr-python, rnv, xmltodict
# UPSTREAM-FIX: (CVE-2022-25236, bsc#1196784) https://github.com/libexpat/libexpat/pull/577
Patch6:         %{name}-CVE-2022-25236-relax-fix.patch

# use-after-free in the doContent function in xmlparse.c
# UPSTREAM-FIX: (CVE-2022-40674, bsc#1203438) https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b
Patch7:         %{name}-CVE-2022-40674.patch

# use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations
# UPSTREAM-FIX: (CVE-2022-43680, bsc#1204708) https://github.com/libexpat/libexpat/pull/650
Patch8:         %{name}-CVE-2022-43680.patch

# denial of service (resource consumption) caused by processing large tokens
# UPSTREAM-FIX: (CVE-2023-52425, bsc#1219559)
#   https://github.com/libexpat/libexpat/pull/771
#   https://github.com/libexpat/libexpat/pull/789
Patch9:  expat-CVE-2023-52425-1.patch
Patch10: expat-CVE-2023-52425-2.patch
# In order for the backport of CVE-2023-52425 to pass the testsuite
# some additional changes needed to be backported to xmlparse.c
Patch11: expat-CVE-2023-52425-backport-parser-changes.patch
# Added tests and fixes for some other changes with the test suite
Patch12: expat-CVE-2023-52425-fix-tests.patch

# PATCH FIX-UPSTREAM: bsc#1221289 (CVE-2024-28757)
# https://github.com/libexpat/libexpat/pull/842
Patch13:         expat-CVE-2024-28757.patch

# detect integer overflow in function nextScaffoldPart
# UPSTREAM-FIX: (CVE-2024-45492, bsc#1229932) https://github.com/libexpat/libexpat/pull/892
Patch14:         expat-CVE-2024-45492.patch

# detect integer overflow in dtdCopy
# UPSTREAM-FIX: (bsc#1229931, CVE-2024-45491) https://github.com/libexpat/libexpat/pull/891
Patch15:         expat-CVE-2024-45491.patch

# reject negative len for XML_ParseBuffer
# UPSTREAM-FIX: (bsc#1229930, CVE-2024-45490) https://github.com/libexpat/libexpat/pull/890
Patch16:         expat-CVE-2024-45490.patch
# CVE-2024-50602 [bsc#1232579], DoS via XML_ResumeParser
Patch17:         expat-CVE-2024-50602.patch

BuildRequires:  gcc-c++
BuildRequires:  libtool
BuildRequires:  pkgconfig

%description
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).

%package -n libexpat1
Summary:        XML Parser Toolkit
Group:          System/Libraries

%description -n libexpat1
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).

%package -n libexpat-devel
Summary:        Development files for expat, an XML parser toolkit
Group:          Development/Libraries/C and C++
Requires:       glibc-devel
Requires:       libexpat1 = %{version}

%description -n libexpat-devel
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).

This package contains the development headers for the library found
in libexpat.

%prep
%autosetup -p1

cp %{SOURCE3} .
rm -f examples/*.dsp

%build

autoreconf

%configure \
  --disable-silent-rules \
  --docdir="%{_docdir}/%{name}" \
  --disable-static
%if 0%{?do_profiling}
  %make_build CFLAGS="%{optflags} %{cflags_profile_generate}"
  %make_build CFLAGS="%{optflags} %{cflags_profile_generate}" LDFLAGS="%{optflags} %{cflags_profile_generate}" check
  %make_build clean
  %make_build CFLAGS="%{optflags} %{cflags_profile_feedback}"
%else
  %make_build CFLAGS="%{optflags}"
%endif

%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
# Fix permissions error: spurious-executable-perm
chmod 0644 examples/elements.c

%check
%make_build check

%post -n libexpat1 -p /sbin/ldconfig
%postun -n libexpat1 -p /sbin/ldconfig

%files
%license COPYING
%doc AUTHORS README.md expatfaq.html
%doc doc/reference.html doc/style.css
%doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in
%doc changelog
%{_bindir}/xmlwf

%files -n libexpat1
%{_libdir}/libexpat.so.*

%files -n libexpat-devel
%{_includedir}/*
%{_libdir}/libexpat.so
%{_libdir}/pkgconfig/expat.pc
%dir %{_libdir}/cmake
%{_libdir}/cmake/expat-%{version}

%changelog

Places

File expat.spec of Package expat

Places