File expat.spec of Package expat.23181

#
# spec file for package expat
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


Name:           expat
Version:        2.1.0
Release:        0
URL:            http://expat.sourceforge.net/
# bug437293
%ifarch ppc64
Obsoletes:      expat-64bit
%endif
#
Summary:        XML Parser Toolkit
License:        MIT
Group:          Development/Libraries/C and C++
Source0:        http://downloads.sourceforge.net/project/%{name}/%{name}/%{version}/%{name}-%{version}.tar.gz
Source1:        %{name}faq.html
Source2:        baselibs.conf
Patch2:         expat-visibility.patch
Patch3:         expat-alloc-size.patch
Patch4:         config-guess-sub-update.patch
# PATCH-FIX-UPSTREAM bnc#980391 CVE-2015-1283 kstreitova@suse.com -- fix multiple integer overflows
Patch5:         expat-2.1.0-heap_buffer_overflow.patch
# PATCH-FIX-UPSTREAM bnc#979441 CVE-2016-0718 kstreitova@suse.com -- XML parser crashes on malformed input
Patch6:         expat-2.1.0-parser_crashes_on_malformed_input.patch
Patch7:         expat-2.1.1-CVE-2012-6702.patch
# PATCH-FIX-UPSTREAM bsc#1047236 CVE-2017-9233 pmonrealgonzalez@suse.com -- External Entity Vulnerability
Patch8:         expat-CVE-2017-9233.patch
# PATCH-FIX-UPSTREAM bsc#1047240 CVE-2016-9063 pmonrealgonzalez@suse.com -- Possible integer overflow to fix inside XML_Parse
Patch9:         expat-2.1.0-CVE-2016-9063.patch
# PATCH-FIX-UPSTREAM bsc#1139937 CVE-2018-20843 pmonrealgonzalez@suse.com -- Fix extraction of namespace prefixes from XML names
Patch10:        expat-CVE-2018-20843.patch
# PATCH-FIX-UPSTREAM bsc#1149429 CVE-2019-15903 crafted XML input results in heap-based buffer over-read
Patch11:        expat-CVE-2019-15903.patch
Patch12:        expat-CVE-2019-15903-tests.patch
# PATCH-FIX-UPSTREAM bsc#1194251 CVE-2021-45960TCH-FIX-UPSTREAM bsc#1194251 CVE-2021-45960 a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior
# - https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea
Patch13:        expat-CVE-2021-45960.patch
# PATCH-FIX-UPSTREAM bsc#1194362 CVE-2021-46143 integer overflow exists for m_groupSize in doProlog
# - https://github.com/libexpat/libexpat/pull/538/commits/85ae9a2d7d0e9358f356b33977b842df8ebaec2b
Patch14:        expat-CVE-2021-46143.patch
# PATCH-FIX-UPSTREAM bsc#1194474 CVE-2022-22822 integer overflow in addBinding in xmlparse.c
# - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e
Patch15:        expat-CVE-2022-22822.patch
# PATCH-FIX-UPSTREAM bsc#1194476 CVE-2022-22823 integer overflow in build_model in xmlparse.c
# - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e
Patch16:        expat-CVE-2022-22823.patch
# PATCH-FIX-UPSTREAM bsc#1194477 CVE-2022-22824 integer overflow in defineAttribute in xmlparse.c
# - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e
Patch17:        expat-CVE-2022-22824.patch
# PATCH-FIX-UPSTREAM bsc#1194478 CVE-2022-22825 integer overflow in lookup in xmlparse.c
# - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e
Patch18:        expat-CVE-2022-22825.patch
# PATCH-FIX-UPSTREAM bsc#1194479 CVE-2022-22826 integer overflow in nextScaffoldPart in xmlparse.c
# - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e
Patch19:        expat-CVE-2022-22826.patch
# PATCH-FIX-UPSTREAM bsc#1194480 CVE-2022-22827 integer overflow in storeAtts in xmlparse.c
# - https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e
Patch20:        expat-CVE-2022-22827.patch
# PATCH-FIX-UPSTREAM bsc#1195054 CVE-2022-23852 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES
# - https://github.com/libexpat/libexpat/pull/550/commits/847a645152f5ebc10ac63b74b604d0c1a79fae40
# - https://github.com/libexpat/libexpat/pull/550/commits/acf956f14bf79a5e6383a969aaffec98bfbc2e44
Patch21:        expat-CVE-2022-23852.patch
# PATCH-FIX-UPSTREAM bsc#1195217 CVE-2022-23990: expat: integer overflow in the doProlog function
# - https://github.com/libexpat/libexpat/pull/551/commits/ede41d1e186ed2aba88a06e84cac839b770af3a1
Patch22:        expat-CVE-2022-23990.patch
# Stack exhaustion in build_model() via uncontrolled recursion
# UPSTREAM-FIX: (CVE-2022-25313, bsc#1196168) https://github.com/libexpat/libexpat/pull/558
Patch23:        %{name}-CVE-2022-25313.patch
# UPSTREAM-FIX: (CVE-2022-25313) Fix for patch as it introduced a regression: https://github.com/libexpat/libexpat/pull/566
Patch24:        %{name}-CVE-2022-25313-fix-regression.patch
# Integer overflow in storeRawNames
# UPSTREAM-FIX: (CVE-2022-25315, bsc#1196171) https://github.com/libexpat/libexpat/pull/559
Patch25:        %{name}-CVE-2022-25315.patch
# xmlparse.c in Expat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs
# UPSTREAM-FIX: (CVE-2022-25236, bsc#1196025) https://github.com/libexpat/libexpat/pull/561
Patch26:        %{name}-CVE-2022-25236.patch
# xmltok_impl.c in Expat before 2.4.5 does not check whether a UTF-8 character is valid in a certain context.
# UPSTREAM-FIX: (CVE-2022-25235, bsc#1196026) https://github.com/libexpat/libexpat/pull/562
Patch27:        %{name}-CVE-2022-25235.patch
# In order to fix CVE-2022-25235, we need to backport a previous patch
# that did introduce copyString function and fixes issues with protocolEncodingName
# https://github.com/libexpat/libexpat/commit/196bea60b1ef161d6a2957e6ddab00e2cb6c60ec
Patch28:        %{name}-CVE-2022-25314-before.patch
# Integer overflow in copyString
# UPSTREAM-FIX: (CVE-2022-25314, bsc#1196169) https://github.com/libexpat/libexpat/pull/560
Patch29:        %{name}-CVE-2022-25314.patch
# [>=2.4.5] Fix to CVE-2022-25236 breaks biboumi, ClairMeta, jxmlease, libwbxml, openleadr-python, rnv, xmltodict
# UPSTREAM-FIX: (CVE-2022-25236, bsc#1196784) https://github.com/libexpat/libexpat/pull/577
Patch30:        %{name}-CVE-2022-25236-relax-fix.patch

BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildRequires:  autoconf >= 2.58
BuildRequires:  gcc-c++
BuildRequires:  libtool
BuildRequires:  pkg-config

%description
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).

%package -n libexpat1
Summary:        XML Parser Toolkit
# bug437293
Group:          Development/Libraries/C and C++
%ifarch ppc64
Obsoletes:      expat-64bit
%endif
#

%description -n libexpat1
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).

%package -n libexpat-devel
Summary:        XML Parser Toolkit
Group:          Development/Libraries/C and C++
Requires:       glibc-devel
Requires:       libexpat1 = %{version}

%description -n libexpat-devel
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).

This package contains the development headers for the library found
in libexpat.

%prep
%setup -q -n expat-2.1.0
%patch2 -p1
%patch3
%patch4
%patch5 -p1
%patch6 -p1
%patch7 -p2
%patch8 -p2
%patch9 -p2
%patch10 -p2
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
cp %{S:1} .
rm -f examples/*.dsp

%build
autoreconf -fi
%configure --disable-static --with-pic
make %{?_smp_mflags}

%install
make DESTDIR=$RPM_BUILD_ROOT install
rm doc/xmlwf.1
# remove .la file
rm -f %{buildroot}%{_libdir}/libexpat.la

%check
make check

%post -n libexpat1 -p /sbin/ldconfig

%postun -n libexpat1 -p /sbin/ldconfig

%files
%defattr(-, root, root)
%license COPYING
%doc Changes README examples expatfaq.html
%doc doc/expat.png doc/reference.html doc/style.css doc/valid-xhtml10.png
%doc %{_mandir}/man?/*
%{_bindir}/xmlwf

%files -n libexpat1
%defattr(-, root, root)
%{_libdir}/libexpat.so.*

%files -n libexpat-devel
%defattr(-, root, root)
%{_includedir}/*
%{_libdir}/libexpat.so
%{_libdir}/pkgconfig/expat.pc

%changelog