|
|
|
|
@ -1,24 +1,14 @@
@@ -1,24 +1,14 @@
|
|
|
|
|
%global unversion 2_2_10 |
|
|
|
|
%global unversion 2_5_0 |
|
|
|
|
|
|
|
|
|
Summary: An XML parser library |
|
|
|
|
Name: expat |
|
|
|
|
Version: %(echo %{unversion} | sed 's/_/./g') |
|
|
|
|
Release: 12%{?dist}.2 |
|
|
|
|
Release: 1%{?dist} |
|
|
|
|
Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz |
|
|
|
|
URL: https://libexpat.github.io/ |
|
|
|
|
License: MIT |
|
|
|
|
BuildRequires: autoconf, libtool, xmlto, gcc-c++ |
|
|
|
|
BuildRequires: make |
|
|
|
|
Patch0: expat-2.2.10-prevent-integer-overflow-in-doProlog.patch |
|
|
|
|
Patch1: expat-2.2.10-Prevent-more-integer-overflows.patch |
|
|
|
|
Patch2: expat-2.2.10-Prevent-integer-overflow-on-m_groupSize-in-function.patch |
|
|
|
|
Patch3: expat-2.2.10-Detect-and-prevent-troublesome-left-shifts.patch |
|
|
|
|
Patch4: expat-2.2.10-Detect-and-prevent-integer-overflow-in-XML_GetBuffer.patch |
|
|
|
|
Patch5: expat-2.2.10-Protect-against-malicious-namespace-declarations.patch |
|
|
|
|
Patch6: expat-2.2.10-Add-missing-validation-of-encoding.patch |
|
|
|
|
Patch7: expat-2.2.10-Prevent-integer-overflow-in-storeRawNames.patch |
|
|
|
|
Patch8: expat-2.2.10-Prevent-integer-overflow-in-copyString.patch |
|
|
|
|
Patch9: expat-2.2.10-Prevent-stack-exhaustion-in-build_model.patch |
|
|
|
|
|
|
|
|
|
%description |
|
|
|
|
This is expat, the C library for parsing XML, written by James Clark. Expat |
|
|
|
|
@ -46,16 +36,6 @@ Install it if you need to link statically with expat.
@@ -46,16 +36,6 @@ Install it if you need to link statically with expat.
|
|
|
|
|
|
|
|
|
|
%prep |
|
|
|
|
%setup -q -n libexpat-R_%{unversion}/expat |
|
|
|
|
%patch0 -p1 -b .CVE-2022-23990 |
|
|
|
|
%patch1 -p1 -b .CVE-2022-22822-CVE-2022-22827 |
|
|
|
|
%patch2 -p1 -b .CVE-2021-46143 |
|
|
|
|
%patch3 -p1 -b .CVE-2021-45960 |
|
|
|
|
%patch4 -p1 -b .CVE-2022-23852 |
|
|
|
|
%patch5 -p1 -b .CVE-2022-25236 |
|
|
|
|
%patch6 -p1 -b .CVE-2022-25235 |
|
|
|
|
%patch7 -p1 -b .CVE-2022-25315 |
|
|
|
|
%patch8 -p1 -b .CVE-2022-25314 |
|
|
|
|
%patch9 -p1 -b .CVE-2022-25313 |
|
|
|
|
|
|
|
|
|
sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am |
|
|
|
|
./buildconf.sh |
|
|
|
|
@ -84,27 +64,30 @@ make check
@@ -84,27 +64,30 @@ make check
|
|
|
|
|
%{_mandir}/*/* |
|
|
|
|
|
|
|
|
|
%files devel |
|
|
|
|
%doc doc/reference.html doc/*.png doc/*.css examples/*.c |
|
|
|
|
%doc doc/reference.html doc/*.css examples/*.c |
|
|
|
|
%{_libdir}/lib*.so |
|
|
|
|
%{_libdir}/pkgconfig/*.pc |
|
|
|
|
%{_includedir}/*.h |
|
|
|
|
%{_libdir}/cmake/expat-%{version} |
|
|
|
|
|
|
|
|
|
%files static |
|
|
|
|
%{_libdir}/lib*.a |
|
|
|
|
|
|
|
|
|
%changelog |
|
|
|
|
* Tue May 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-12.2 |
|
|
|
|
- Improve fix for CVE-2022-25313 |
|
|
|
|
- Related: CVE-2022-25313 |
|
|
|
|
* Thu Nov 10 2022 Tomas Korbar <tkorbar@redhat.com> - 2.5.0-1 |
|
|
|
|
- Rebase to version 2.5.0 |
|
|
|
|
- Resolves: CVE-2022-43680 |
|
|
|
|
|
|
|
|
|
* Tue Apr 26 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-12.1 |
|
|
|
|
- Fix multiple CVEs |
|
|
|
|
- Resolves: CVE-2022-25314 |
|
|
|
|
- Resolves: CVE-2022-25313 |
|
|
|
|
* Thu Sep 29 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.9-1 |
|
|
|
|
- Rebase to version 2.4.9 |
|
|
|
|
- Resolves: CVE-2022-40674 |
|
|
|
|
|
|
|
|
|
* Wed Mar 16 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-12 |
|
|
|
|
- Build fix for CVE-2022-25236 in rhel-9.0.0 |
|
|
|
|
- Related: CVE-2022-25236 |
|
|
|
|
* Tue Apr 26 2022 Tomas Korbar <tkorbar@redhat.com> - 2.4.7-1 |
|
|
|
|
- Rebase to version 2.4.7 |
|
|
|
|
- Resolves: rhbz#2067201 |
|
|
|
|
- Resolves: CVE-2022-25313 |
|
|
|
|
- Resolves: CVE-2022-25314 |
|
|
|
|
- Resolves: CVE-2022-25236 |
|
|
|
|
|
|
|
|
|
* Mon Mar 14 2022 Tomas Korbar <tkorbar@redhat.com> - 2.2.10-11 |
|
|
|
|
- Improve fix for CVE-2022-25236 |
|
|
|
|
|
Toshaan Bharvani
1 year ago