powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

libxml2 package update 

Signed-off-by: basebuilder_pel7ppc64lebuilder0 <basebuilder@powerel.org>
master
basebuilder_pel7ppc64lebuilder0 5 years ago
parent
48f7ba1622
commit
5cf9fb2158
7 changed files with 564 additions and 226 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 31
      SOURCES/libxml2-2.9.1-CVE-2015-8035.patch
  2. 131
      SOURCES/libxml2-2.9.1-CVE-2016-5131.patch
  3. 36
      SOURCES/libxml2-2.9.1-CVE-2017-15412.patch
  4. 32
      SOURCES/libxml2-2.9.1-CVE-2017-18258.patch
  5. 54
      SOURCES/libxml2-2.9.1-CVE-2018-14404.patch
  6. 50
      SOURCES/libxml2-2.9.1-CVE-2018-14567.patch
  7. 456
      SPECS/libxml2.spec

31
SOURCES/libxml2-2.9.1-CVE-2015-8035.patch
Unescape View File

@ -0,0 +1,31 @@
From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Tue, 3 Nov 2015 15:31:25 +0800
Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop

For https://bugzilla.gnome.org/show_bug.cgi?id=757466
DoS when parsing specially crafted XML document if XZ support
is compiled in (which wasn't the case for 2.9.2 and master since
Nov 2013, fixed in next commit !)
---
xzlib.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/xzlib.c b/xzlib.c
index 0dcb9f48..1fab5463 100644
--- a/xzlib.c
+++ b/xzlib.c
@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
xz_error(state, LZMA_DATA_ERROR, "compressed data error");
return -1;
}
+ if (ret == LZMA_PROG_ERROR) {
+ xz_error(state, LZMA_PROG_ERROR, "compression error");
+ return -1;
+ }
} while (strm->avail_out && ret != LZMA_STREAM_END);
/* update available output and crc check value */
--
2.22.0

131
SOURCES/libxml2-2.9.1-CVE-2016-5131.patch
Unescape View File

@ -0,0 +1,131 @@
commit 3189fa5b5d1cce13e70cf282936736b2e7889a46
Author: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue Jun 28 14:22:23 2016 +0200

Fix XPointer paths beginning with range-to
The old code would invoke the totally broken xmlXPtrRangeToFunction.
range-to isn't really a function but a special kind of location step.
Remove this function and always handle range-to in the XPath code.
The old xmlXPtrRangeToFunction could also be abused to trigger a
use-after-free error with the potential for remote code execution.

diff --git a/xpath.c b/xpath.c
index 751665b..7c24a82 100644
--- a/xpath.c
+++ b/xpath.c
@@ -10691,13 +10691,16 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
lc = 1;
break;
} else if ((NXT(len) == '(')) {
- /* Note Type or Function */
+ /* Node Type or Function */
if (xmlXPathIsNodeType(name)) {
#ifdef DEBUG_STEP
xmlGenericError(xmlGenericErrorContext,
"PathExpr: Type search\n");
#endif
lc = 1;
+ } else if (ctxt->xptr &&
+ xmlStrEqual(name, BAD_CAST "range-to")) {
+ lc = 1;
} else {
#ifdef DEBUG_STEP
xmlGenericError(xmlGenericErrorContext,
diff --git a/xpointer.c b/xpointer.c
index 676c510..d74174a 100644
--- a/xpointer.c
+++ b/xpointer.c
@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
ret->here = here;
ret->origin = origin;
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
- xmlXPtrRangeToFunction);
xmlXPathRegisterFunc(ret, (xmlChar *)"range",
xmlXPtrRangeFunction);
xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
* @nargs: the number of args
*
* Implement the range-to() XPointer function
+ *
+ * Obsolete. range-to is not a real function but a special type of location
+ * step which is handled in xpath.c.
*/
void
-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- xmlXPathObjectPtr range;
- const xmlChar *cur;
- xmlXPathObjectPtr res, obj;
- xmlXPathObjectPtr tmp;
- xmlLocationSetPtr newset = NULL;
- xmlNodeSetPtr oldset;
- int i;
-
- if (ctxt == NULL) return;
- CHECK_ARITY(1);
- /*
- * Save the expression pointer since we will have to evaluate
- * it multiple times. Initialize the new set.
- */
- CHECK_TYPE(XPATH_NODESET);
- obj = valuePop(ctxt);
- oldset = obj->nodesetval;
- ctxt->context->node = NULL;
-
- cur = ctxt->cur;
- newset = xmlXPtrLocationSetCreate(NULL);
-
- for (i = 0; i < oldset->nodeNr; i++) {
- ctxt->cur = cur;
-
- /*
- * Run the evaluation with a node list made of a single item
- * in the nodeset.
- */
- ctxt->context->node = oldset->nodeTab[i];
- tmp = xmlXPathNewNodeSet(ctxt->context->node);
- valuePush(ctxt, tmp);
-
- xmlXPathEvalExpr(ctxt);
- CHECK_ERROR;
-
- /*
- * The result of the evaluation need to be tested to
- * decided whether the filter succeeded or not
- */
- res = valuePop(ctxt);
- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
- if (range != NULL) {
- xmlXPtrLocationSetAdd(newset, range);
- }
-
- /*
- * Cleanup
- */
- if (res != NULL)
- xmlXPathFreeObject(res);
- if (ctxt->value == tmp) {
- res = valuePop(ctxt);
- xmlXPathFreeObject(res);
- }
-
- ctxt->context->node = NULL;
- }
-
- /*
- * The result is used as the new evaluation set.
- */
- xmlXPathFreeObject(obj);
- ctxt->context->node = NULL;
- ctxt->context->contextSize = -1;
- ctxt->context->proximityPosition = -1;
- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
+ int nargs ATTRIBUTE_UNUSED) {
+ XP_ERROR(XPATH_EXPR_ERROR);
}
/**

36
SOURCES/libxml2-2.9.1-CVE-2017-15412.patch
Unescape View File

@ -0,0 +1,36 @@
From 0f3b843b3534784ef57a4f9b874238aa1fda5a73 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 1 Jun 2017 23:12:19 +0200
Subject: [PATCH] Fix XPath stack frame logic

Move the calls to xmlXPathSetFrame and xmlXPathPopFrame around in
xmlXPathCompOpEvalPositionalPredicate to make sure that the context
object on the stack is actually protected. Otherwise, memory corruption
can occur when calling sloppily coded XPath extension functions.

Fixes bug 783160.
---
xpath.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xpath.c b/xpath.c
index 94815075..b816bd36 100644
--- a/xpath.c
+++ b/xpath.c
@@ -11932,11 +11932,11 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt,
}
}
- frame = xmlXPathSetFrame(ctxt);
valuePush(ctxt, contextObj);
+ frame = xmlXPathSetFrame(ctxt);
res = xmlXPathCompOpEvalToBoolean(ctxt, exprOp, 1);
- tmp = valuePop(ctxt);
xmlXPathPopFrame(ctxt, frame);
+ tmp = valuePop(ctxt);
if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
while (tmp != contextObj) {
--
2.22.0

32
SOURCES/libxml2-2.9.1-CVE-2017-18258.patch
Unescape View File

@ -0,0 +1,32 @@
From e2a9122b8dde53d320750451e9907a7dcb2ca8bb Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 7 Sep 2017 18:36:01 +0200
Subject: [PATCH] Set memory limit for LZMA decompression

Otherwise malicious LZMA compressed files could consume large amounts
of memory when decompressed.

According to the xz man page, files compressed with `xz -9` currently
require 65 MB to decompress, so set the limit to 100 MB.

Should fix bug 786696.
---
xzlib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xzlib.c b/xzlib.c
index 782957f6..f43632bd 100644
--- a/xzlib.c
+++ b/xzlib.c
@@ -408,7 +408,7 @@ xz_head(xz_statep state)
state->strm = init;
state->strm.avail_in = 0;
state->strm.next_in = NULL;
- if (lzma_auto_decoder(&state->strm, UINT64_MAX, 0) != LZMA_OK) {
+ if (lzma_auto_decoder(&state->strm, 100000000, 0) != LZMA_OK) {
xmlFree(state->out);
xmlFree(state->in);
state->size = 0;
--
2.22.0

54
SOURCES/libxml2-2.9.1-CVE-2018-14404.patch
Unescape View File

@ -0,0 +1,54 @@
From a436374994c47b12d5de1b8b1d191a098fa23594 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 30 Jul 2018 12:54:38 +0200
Subject: [PATCH] Fix nullptr deref with XPath logic ops

If the XPath stack is corrupted, for example by a misbehaving extension
function, the "and" and "or" XPath operators could dereference NULL
pointers. Check that the XPath stack isn't empty and optimize the
logic operators slightly.

Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5

Also see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
https://bugzilla.redhat.com/show_bug.cgi?id=1595985

This is CVE-2018-14404.

Thanks to Guy Inbar for the report.
---
xpath.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/xpath.c b/xpath.c
index 3fae0bf4..5e3bb9ff 100644
--- a/xpath.c
+++ b/xpath.c
@@ -13234,9 +13234,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
return(0);
}
xmlXPathBooleanFunction(ctxt, 1);
- arg1 = valuePop(ctxt);
- arg1->boolval &= arg2->boolval;
- valuePush(ctxt, arg1);
+ if (ctxt->value != NULL)
+ ctxt->value->boolval &= arg2->boolval;
xmlXPathReleaseObject(ctxt->context, arg2);
return (total);
case XPATH_OP_OR:
@@ -13252,9 +13251,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
return(0);
}
xmlXPathBooleanFunction(ctxt, 1);
- arg1 = valuePop(ctxt);
- arg1->boolval |= arg2->boolval;
- valuePush(ctxt, arg1);
+ if (ctxt->value != NULL)
+ ctxt->value->boolval |= arg2->boolval;
xmlXPathReleaseObject(ctxt->context, arg2);
return (total);
case XPATH_OP_EQUAL:
--
2.22.0

50
SOURCES/libxml2-2.9.1-CVE-2018-14567.patch
Unescape View File

@ -0,0 +1,50 @@
From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 30 Jul 2018 13:14:11 +0200
Subject: [PATCH] Fix infinite loop in LZMA decompression
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Check the liblzma error code more thoroughly to avoid infinite loops.

Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914

This is CVE-2018-9251 and CVE-2018-14567.

Thanks to Dongliang Mu and Simon Wörner for the reports.
---
xzlib.c | 9 +++++++++
1 file changed, 9 insertions(+)

diff --git a/xzlib.c b/xzlib.c
index a839169e..0ba88cfa 100644
--- a/xzlib.c
+++ b/xzlib.c
@@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
"internal error: inflate stream corrupt");
return -1;
}
+ /*
+ * FIXME: Remapping a couple of error codes and falling through
+ * to the LZMA error handling looks fragile.
+ */
if (ret == Z_MEM_ERROR)
ret = LZMA_MEM_ERROR;
if (ret == Z_DATA_ERROR)
@@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
xz_error(state, LZMA_PROG_ERROR, "compression error");
return -1;
}
+ if ((state->how != GZIP) &&
+ (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
+ xz_error(state, ret, "lzma error");
+ return -1;
+ }
} while (strm->avail_out && ret != LZMA_STREAM_END);
/* update available output and crc check value */
--
2.22.0

456
SPECS/libxml2.spec
Unescape View File

@ -1,60 +1,21 @@
# for -O3 on ppc64 c.f. 1051068 Name: libxml2
%global _performance_build 1 Version: 2.9.10

Release: 1%{?dist}
Summary: Library providing XML and HTML support Summary: Library providing XML and HTML support
Name: libxml2
Version: 2.9.1 License: MIT
Release: 6%{?dist}%{?extra_release}.3 URL: http://xmlsoft.org/
License: MIT Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz
Group: Development/Libraries Patch0: libxml2-multilib.patch
Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz # Patch from openSUSE.
BuildRoot: %{_tmppath}/%{name}-%{version}-root # See: https://bugzilla.gnome.org/show_bug.cgi?id=789714
BuildRequires: python python-devel zlib-devel pkgconfig xz-devel Patch1: libxml2-2.9.8-python3-unicode-errors.patch
URL: http://xmlsoft.org/
Patch0: libxml2-multilib.patch BuildRequires: gcc
Patch1: libxml2-2.9.0-do-not-check-crc.patch BuildRequires: make

#BuildRequires: cmake-rpm-macros
Patch100: libxml2-Fix-a-regression-in-xmlGetDocCompressMode.patch BuildRequires: pkgconfig(zlib)
Patch101: CVE-2014-3660-rhel7.patch BuildRequires: pkgconfig(liblzma)
Patch102: libxml2-Fix-missing-entities-after-CVE-2014-3660-fix.patch
Patch103: libxml2-Do-not-fetch-external-parameter-entities.patch
Patch104: libxml2-Fix-regression-introduced-by-CVE-2014-0191.patch
Patch105: libxml2-Stop-parsing-on-entities-boundaries-errors.patch
Patch106: libxml2-Cleanup-conditional-section-error-handling.patch
Patch107: libxml2-Fail-parsing-early-on-if-encoding-conversion-failed.patch
Patch108: libxml2-Another-variation-of-overflow-in-Conditional-sections.patch
Patch109: libxml2-Fix-an-error-in-previous-Conditional-section-patch.patch
Patch110: libxml2-Fix-parsing-short-unclosed-comment-uninitialized-access.patch
Patch111: libxml2-Avoid-extra-processing-of-MarkupDecl-when-EOF.patch
Patch112: libxml2-Avoid-processing-entities-after-encoding-conversion-failures.patch
Patch113: libxml2-xmlStopParser-reset-errNo.patch
Patch114: libxml2-CVE-2015-7497-Avoid-an-heap-buffer-overflow-in-xmlDictComputeFastQKey.patch
Patch115: libxml2-CVE-2015-5312-Another-entity-expansion-issue.patch
Patch116: libxml2-Add-xmlHaltParser-to-stop-the-parser.patch
Patch117: libxml2-Reuse-xmlHaltParser-where-it-makes-sense.patch
Patch118: libxml2-Do-not-print-error-context-when-there-is-none.patch
Patch119: libxml2-Detect-incoherency-on-GROW.patch
Patch120: libxml2-Fix-some-loop-issues-embedding-NEXT.patch
Patch121: libxml2-Bug-on-creating-new-stream-from-entity.patch
Patch122: libxml2-CVE-2015-7500-Fix-memory-access-error-due-to-incorrect-entities-boundaries.patch
Patch123: libxml2-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-push-mode.patch
Patch124: libxml2-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-memory.patch
patch125: libxml2-Add-missing-increments-of-recursion-depth-counter-to-XML-parser.patch
patch126: libxml2-Avoid-building-recursive-entities.patch
patch127: libxml2-Bug-757711-heap-buffer-overflow-in-xmlFAParsePosCharGroup-https-bugzilla.gnome.org-show_bug.cgi-id-757711.patch
patch128: libxml2-Bug-758588-Heap-based-buffer-overread-in-xmlParserPrintFileContextInternal-https-bugzilla.gnome.org-show_bug.cgi-id-758588.patch
patch129: libxml2-Bug-758605-Heap-based-buffer-overread-in-xmlDictAddString-https-bugzilla.gnome.org-show_bug.cgi-id-758605.patch
patch130: libxml2-Bug-759398-Heap-use-after-free-in-xmlDictComputeFastKey-https-bugzilla.gnome.org-show_bug.cgi-id-759398.patch
patch131: libxml2-Bug-763071-heap-buffer-overflow-in-xmlStrncat-https-bugzilla.gnome.org-show_bug.cgi-id-763071.patch
patch132: libxml2-Fix-inappropriate-fetch-of-entities-content.patch
patch133: libxml2-Fix-some-format-string-warnings-with-possible-format-string-vulnerability.patch
patch134: libxml2-Heap-based-buffer-overread-in-htmlCurrentChar.patch
patch135: libxml2-Heap-based-buffer-overread-in-xmlNextChar.patch
patch136: libxml2-Heap-based-buffer-underreads-due-to-xmlParseName.patch
patch137: libxml2-Heap-use-after-free-in-htmlParsePubidLiteral-and-htmlParseSystemiteral.patch
patch138: libxml2-Heap-use-after-free-in-xmlSAX2AttributeNs.patch
patch139: libxml2-More-format-string-warnings-with-possible-format-string-vulnerability.patch



%description %description
This library allows to manipulate XML files. It includes support This library allows to manipulate XML files. It includes support
@ -68,12 +29,10 @@ available, with existing HTTP and FTP modules and combined to an
URI library. URI library.


%package devel %package devel
Summary: Libraries, includes, etc. to develop XML and HTML applications Summary: Libraries, includes, etc. to develop XML and HTML applications
Group: Development/Libraries Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: libxml2 = %{version}-%{release} Requires: zlib-devel%{?_isa}
Requires: zlib-devel Requires: xz-devel%{?_isa}
Requires: xz-devel
Requires: pkgconfig


%description devel %description devel
Libraries, include files, etc you can use to develop XML applications. Libraries, include files, etc you can use to develop XML applications.
@ -88,22 +47,23 @@ available, with existing HTTP and FTP modules and combined to an
URI library. URI library.


%package static %package static
Summary: Static library for libxml2 Summary: Static library for libxml2
Group: Development/Libraries
Requires: libxml2 = %{version}-%{release}


%description static %description static
Static library for libxml2 provided for specific uses or shaving a few Static library for libxml2 provided for specific uses or shaving a few
microseconds when parsing, do not link to them for generic purpose packages. microseconds when parsing, do not link to them for generic purpose packages.


%package python %package -n python2-%{name}
Summary: Python bindings for the libxml2 library %{?python_provide:%python_provide python2-%{name}}
Group: Development/Libraries Summary: Python bindings for the libxml2 library
Requires: libxml2 = %{version}-%{release} BuildRequires: python2-devel

Requires: %{name}%{?_isa} = %{version}-%{release}
%description python Obsoletes: %{name}-python < %{version}-%{release}
The libxml2-python package contains a module that permits applications Provides: %{name}-python = %{version}-%{release}
written in the Python programming language to use the interface
%description -n python2-%{name}
The libxml2-python package contains a Python 2 module that permits applications
written in the Python programming language, version 2, to use the interface
supplied by the libxml2 library to manipulate XML files. supplied by the libxml2 library to manipulate XML files.


This library allows to manipulate XML files. It includes support This library allows to manipulate XML files. It includes support
@ -111,187 +71,231 @@ to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DTDs, either this includes parsing and validation even with complex DTDs, either
at parse time or later once the document has been modified. at parse time or later once the document has been modified.


%package -n python3-%{name}
Summary: Python 3 bindings for the libxml2 library
BuildRequires: python3-devel
Requires: %{name}%{?_isa} = %{version}-%{release}
Obsoletes: %{name}-python3 < %{version}-%{release}
Provides: %{name}-python3 = %{version}-%{release}

%description -n python3-%{name}
The libxml2-python3 package contains a Python 3 module that permits
applications written in the Python programming language, version 3, to use the
interface supplied by the libxml2 library to manipulate XML files.

This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DTDs, either
at parse time or later once the document has been modified.

%prep %prep
%setup -q %autosetup -p1
%patch0 -p1 find doc -type f -executable -print -exec chmod 0644 {} ';'
# workaround for #877567 - Very weird bug gzip decompression bug in "recent" libxml2 versions
%patch1 -p1 -b .do-not-check-crc

%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
%patch107 -p1
%patch108 -p1
%patch109 -p1
%patch110 -p1
%patch111 -p1
%patch112 -p1
%patch113 -p1
%patch114 -p1
%patch115 -p1
%patch116 -p1
%patch117 -p1
%patch118 -p1
%patch119 -p1
%patch120 -p1
%patch121 -p1
%patch122 -p1
%patch123 -p1
%patch124 -p1
%patch125 -p1
%patch126 -p1
%patch127 -p1
%patch128 -p1
%patch129 -p1
%patch130 -p1
%patch131 -p1
%patch132 -p1
%patch133 -p1
%patch134 -p1
%patch135 -p1
%patch136 -p1
%patch137 -p1
%patch138 -p1
%patch139 -p1


%build %build
%configure mkdir py2 py3
make %{_smp_mflags} %global _configure ../configure
%global _configure_disable_silent_rules 1
( cd py2 && %configure --cache-file=../config.cache --with-python=%{__python2} )
( cd py3 && %configure --cache-file=../config.cache --with-python=%{__python3} )
%make_build -C py2
%make_build -C py3


%install %install
rm -fr %{buildroot} %make_install -C py2

%make_install -C py3
make install DESTDIR=%{buildroot}


# multiarch crazyness on timestamp differences or Makefile/binaries for examples # multiarch crazyness on timestamp differences or Makefile/binaries for examples
touch -m --reference=$RPM_BUILD_ROOT/%{_includedir}/libxml2/libxml/parser.h $RPM_BUILD_ROOT/%{_bindir}/xml2-config touch -m --reference=%{buildroot}%{_includedir}/libxml2/libxml/parser.h %{buildroot}%{_bindir}/xml2-config


rm -f $RPM_BUILD_ROOT%{_libdir}/*.la find %{buildroot} -type f -name '*.la' -print -delete
rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.a rm -vf %{buildroot}{%{python2_sitearch},%{python3_sitearch}}/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.la rm -vrf %{buildroot}%{_datadir}/doc/
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libxml2-%{version}/* #(cd doc/examples ; make clean ; rm -rf .deps Makefile)
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libxml2-python-%{version}/*
(cd doc/examples ; make clean ; rm -rf .deps Makefile)
gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz


%check %check
make runtests %make_build runtests -C py2
%make_build runtests -C py3


%clean %ldconfig_scriptlets
rm -fr %{buildroot}

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig


%files %files
%defattr(-, root, root) %license Copyright

%doc AUTHORS NEWS README TODO
%doc AUTHORS NEWS README Copyright TODO %{_libdir}/libxml2.so.2*
%doc %{_mandir}/man1/xmllint.1* %{_mandir}/man3/libxml.3*
%doc %{_mandir}/man1/xmlcatalog.1*
%doc %{_mandir}/man3/libxml.3*

%{_libdir}/lib*.so.*
%{_bindir}/xmllint %{_bindir}/xmllint
%{_mandir}/man1/xmllint.1*
%{_bindir}/xmlcatalog %{_bindir}/xmlcatalog
%{_mandir}/man1/xmlcatalog.1*


%files devel %files devel
%defattr(-, root, root)

%doc %{_mandir}/man1/xml2-config.1*
%doc AUTHORS NEWS README Copyright
%doc doc/*.html doc/html doc/*.gif doc/*.png %doc doc/*.html doc/html doc/*.gif doc/*.png
%doc doc/tutorial doc/libxml2-api.xml.gz %doc doc/tutorial doc/libxml2-api.xml.gz
%doc doc/examples %doc doc/examples
%doc %dir %{_datadir}/gtk-doc/html/libxml2 %dir %{_datadir}/gtk-doc
%doc %{_datadir}/gtk-doc/html/libxml2/*.devhelp %dir %{_datadir}/gtk-doc/html
%doc %{_datadir}/gtk-doc/html/libxml2/*.html %{_datadir}/gtk-doc/html/libxml2/
%doc %{_datadir}/gtk-doc/html/libxml2/*.png %{_libdir}/libxml2.so
%doc %{_datadir}/gtk-doc/html/libxml2/*.css %{_libdir}/xml2Conf.sh

%{_includedir}/libxml2/
%{_libdir}/lib*.so
%{_libdir}/*.sh
%{_includedir}/*
%{_bindir}/xml2-config %{_bindir}/xml2-config
%{_mandir}/man1/xml2-config.1*
%{_datadir}/aclocal/libxml.m4 %{_datadir}/aclocal/libxml.m4
%{_libdir}/pkgconfig/libxml-2.0.pc %{_libdir}/pkgconfig/libxml-2.0.pc
%{_libdir}/cmake/libxml2/


%files static %files static
%defattr(-, root, root) %license Copyright
%{_libdir}/libxml2.a

%files -n python2-%{name}
%doc python/TODO python/libxml2class.txt
%doc doc/*.py doc/python.html
%{python2_sitearch}/libxml2.py*
%{python2_sitearch}/drv_libxml2.py*
%{python2_sitearch}/libxml2mod.so

%files -n python3-%{name}
%doc python/TODO python/libxml2class.txt
%doc doc/*.py doc/python.html
%{python3_sitearch}/libxml2.py
%{python3_sitearch}/__pycache__/libxml2.*
%{python3_sitearch}/drv_libxml2.py
%{python3_sitearch}/__pycache__/drv_libxml2.*
%{python3_sitearch}/libxml2mod.so


%{_libdir}/*a %changelog
* Fri Nov 08 2019 David King <amigadave@amigadave.com> - 2.9.10-1
- Update to 2.9.10 (#1767151)


%files python * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.9-3
%defattr(-, root, root) - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild


%{_libdir}/python*/site-packages/libxml2.py* * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.9-2
%{_libdir}/python*/site-packages/drv_libxml2.py* - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
%{_libdir}/python*/site-packages/libxml2mod*
%doc python/TODO
%doc python/libxml2class.txt
%doc python/tests/*.py
%doc doc/*.py
%doc doc/python.html


%changelog * Fri Jan 25 2019 David King <amigadave@amigadave.com> - 2.9.9-1
* Mon Jun 6 2016 Daniel Veillard <veillard@redhat.com> - libxml2-2.9.1-6.3 - Update to 2.9.9
- Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
- Bug 763071: Heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> (CVE-2016-1834) * Sun Jan 06 2019 Björn Esser <besser82@fedoraproject.org> - 2.9.8-5
- Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> (CVE-2016-1840) - Add patch to fix crash: xmlParserPrintFileContextInternal mangles utf8
- Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> (CVE-2016-1838)
- Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> (CVE-2016-1839) * Thu Aug 02 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.9.8-4
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> (CVE-2016-1836) - Backport patches from upstream
- Fix inappropriate fetch of entities content (CVE-2016-4449)
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837) * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.8-3
- Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835) - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
- Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
- Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833) * Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.9.8-2
- Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705) - Rebuilt for Python 3.7
- Avoid building recursive entities (CVE-2016-3627)
- Fix some format string warnings with possible format string vulnerability (CVE-2016-4448) * Tue Apr 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.9.8-1
- More format string warnings with possible format string vulnerability (CVE-2016-4448) - Update to 2.9.8


* Mon Nov 30 2015 Daniel Veillard <veillard@redhat.com> - 2.9.1-6.2 * Sat Feb 24 2018 Florian Weimer <fweimer@redhat.com> - 2.9.7-4
- Fix a series of CVEs (rhbz#1286496) - Rebuild with new LDFLAGS from redhat-rpm-config
- CVE-2015-7941 Stop parsing on entities boundaries errors
- CVE-2015-7941 Cleanup conditional section error handling * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-3
- CVE-2015-8317 Fail parsing early on if encoding conversion failed - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
- CVE-2015-7942 Another variation of overflow in Conditional sections
- CVE-2015-7942 Fix an error in previous Conditional section patch * Tue Jan 30 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.9.7-2
- Fix parsing short unclosed comment uninitialized access - Switch to %%ldconfig_scriptlets
- CVE-2015-7498 Avoid processing entities after encoding conversion failures
- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey * Wed Jan 24 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.9.7-1
- CVE-2015-5312 Another entity expansion issue - Update to 2.9.7
- CVE-2015-7499 Add xmlHaltParser() to stop the parser - Cleanups in packaging
- CVE-2015-7499 Detect incoherency on GROW
- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries * Tue Jan 09 2018 Iryna Shcherbina <ishcherb@redhat.com> - 2.9.5-3
- CVE-2015-8242 Buffer overead with HTML parser in push mode - Update Python 2 dependency declarations to new packaging standards
- CVE-2015-1819 Enforce the reader to run in constant memory (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)


* Mon Mar 23 2015 Daniel Veillard <veillard@redhat.com> - 2.9.1-6 * Fri Sep 22 2017 Petr Pisar <ppisar@redhat.com> - 2.9.5-2
- Fix missing entities after CVE-2014-3660 fix - Fix reporting error about undefined XPath variables (bug #1493613)
- CVE-2014-0191 Do not fetch external parameter entities (rhbz#1195650)
- Fix regressions introduced by CVE-2014-0191 patch * Mon Sep 4 2017 Daniel Veillard <veillard@redhat.com> - 2.9.5-1

- update to 2.9.5
* Sat Oct 11 2014 Daniel Veillard <veillard@redhat.com> - 2.9.1-5.1
- CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149087) * Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.9.4-5

- Python 2 binary package renamed to python2-libxml2
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.9.1-5 See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
- Mass rebuild 2014-01-24

* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-4
* Wed Jan 15 2014 Daniel Veillard <veillard@redhat.com> - 2.9.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
- rebuild to activate -O3 on ppc64 rhbz#1051068

* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-3
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.9.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
- Mass rebuild 2013-12-27

* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-2
* Fri Nov 15 2013 Daniel Veillard <veillard@redhat.com> - 2.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
- Fix a regression in xmlGetDocCompressMode() rhbz#963716
* Wed Dec 21 2016 Kevin Fenzi <kevin@scrye.com> - 2.9.4-1
- Update to 2.9.4.
- Apply very hacky patch that removes the no longer in python-3.6 PyVerify_fd symbol.

* Mon Dec 12 2016 Charalampos Stratakis <cstratak@redhat.com> - 2.9.3-5
- Rebuild for Python 3.6

* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.3-4
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Wed Dec 02 2015 Kalev Lember <klember@redhat.com> - 2.9.3-2
- Fix obsoletes versions now that F22 has libxml2 2.9.3 (#1287262)

* Fri Nov 20 2015 Daniel Veillard <veillard@redhat.com> - 2.9.2-1
- upstream release of 2.9.3
- Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, CVE-2015-1819
CVE-2015-7497, CVE-2015-7498, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500
and CVE-2015-8242
- many other bug fixes

* Fri Nov 06 2015 Robert Kuska <rkuska@redhat.com> - 2.9.2-9
- Rebuilt for Python3.5 rebuild
- Python3.5 has new naming convention for byte compiled files

* Tue Nov 3 2015 Toshio Kuratomi <toshio@fedoraproject.org> - 2.9.2-8
- Remove executable permissions from documentation. Complies with packaging
guidelines and solves issue of libxml2-python3 package depending on python2

* Thu Aug 27 2015 Miro Hrončok <mhroncok@redhat.com> - 2.9.2-7
- Remove dependency on python2 from python3 subpackage, rhbz#1250940

* Sat Aug 22 2015 Kalev Lember <klember@redhat.com> - 2.9.2-6
- Rename the Python 3 subpackage to python3-libxml2 as per guidelines

* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.9.2-4
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code

* Wed Jan 21 2015 Tomas Radej <tradej@redhat.com> - 2.9.2-3
- Added Python 3 subpackage

* Thu Oct 16 2014 Lubomir Rintel <lkundrak@v3.sk> - 2.9.2-2
- Avoid corrupting the xml catalogs

* Thu Oct 16 2014 Daniel Veillard <veillard@redhat.com> - 2.9.2-1
- upstream release of 2.9.2
- Fix for CVE-214-3660 billion laugh DOS
- many other bug fixes

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> - 2.9.1-4
- fix license handling

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild


* Fri Apr 19 2013 Daniel Veillard <veillard@redhat.com> - 2.9.1-1 * Fri Apr 19 2013 Daniel Veillard <veillard@redhat.com> - 2.9.1-1
- upstream release of 2.9.1 - upstream release of 2.9.1

Write Preview
Loading…
Cancel
Save