1%define Rversion %(echo %{version} | sed -e 's/\\./_/g' -e 's/^/R_/') 2Name: expat 3Version: 2.4.1 4Release: 8 5Summary: An XML parser library 6License: MIT 7URL: https://libexpat.github.io/ 8Source0: https://github.com/libexpat/libexpat/releases/download/%{Rversion}/expat-%{version}.tar.gz 9 10Patch0: backport-CVE-2021-45960.patch 11Patch1: backport-CVE-2021-46143.patch 12Patch2: backport-CVE-2022-22822-CVE-2022-22823-CVE-2022-22824-CVE-2022-22825-CVE-2022-22826-CVE-2022-22827.patch 13Patch3: backport-CVE-2022-23852-lib-Detect-and-prevent-integer-overflow-in-XML_GetBu.patch 14Patch4: backport-CVE-2022-23852-tests-Cover-integer-overflow-in-XML_GetBuffer-CVE-20.patch 15Patch5: backport-CVE-2022-23990-lib-Prevent-integer-overflow-in-doProlog-CVE-2022-23.patch 16Patch6: backport-CVE-2022-25235-lib-Add-missing-validation-of-encoding.patch 17Patch7: backport-tests-Cover-missing-validation-of-encoding.patch 18Patch8: backport-CVE-2022-25236-lib-Protect-against-malicious-namespace-declarations.patch 19Patch9: backport-tests-Cover-CVE-2022-25236.patch 20Patch10: backport-CVE-2022-25313-Prevent-stack-exhaustion-in-build_model.patch 21Patch11: backport-CVE-2022-25314-Prevent-integer-overflow-in-copyString.patch 22Patch12: backport-CVE-2022-25315-Prevent-integer-overflow-in-storeRawNames.patch 23Patch13: backport-Fix-build_model-regression.patch 24Patch14: backport-tests-Protect-against-nested-element-declaration-mod.patch 25Patch15: backport-lib-Fix-harmless-use-of-uninitialized-memory.patch 26Patch16: backport-lib-Drop-unused-macro-UTF8_GET_NAMING.patch 27Patch17: backport-lib-Relax-fix-to-CVE-2022-25236-with-regard-to-RFC-3.patch 28Patch18: backport-tests-Cover-relaxed-fix-to-CVE-2022-25236.patch 29Patch19: backport-0001-CVE-2022-40674.patch 30Patch20: backport-0002-CVE-2022-40674.patch 31Patch21: backport-CVE-2022-43680.patch 32Patch22: backport-tests-Cover-overeager-DTD-destruction-in-XML_Externa.patch 33 34BuildRequires: sed,autoconf,automake,gcc-c++,libtool,xmlto 35 36%description 37expat is a stream-oriented XML parser library written in C. 38expat excels with files too large to fit RAM, and where 39performance and flexibility are crucial. 40 41%package devel 42Summary: Development files 43Requires: %{name} = %{version}-%{release} 44%description devel 45This package provides with static libraries and header files for developing with expat. 46 47%package_help 48 49%prep 50%autosetup -p1 51 52%build 53autoreconf -fiv 54%configure CFLAGS="$RPM_OPT_FLAGS -fPIC" DOCBOOK_TO_MAN="xmlto man --skip-validation" 55%make_build 56 57%install 58%makeinstall 59find %{buildroot} -type f -name changelog -delete 60 61%check 62make check 63 64%ldconfig_scriptlets 65 66%files 67%defattr(-,root,root) 68%license COPYING AUTHORS 69%{_bindir}/* 70%{_libdir}/libexpat.so.1* 71%exclude %{_docdir}/%{name}/AUTHORS 72 73%files devel 74%defattr(-,root,root) 75%{_includedir}/* 76%{_libdir}/{libexpat.*a,libexpat.so} 77%{_libdir}/cmake/expat-%{version} 78%{_libdir}/pkgconfig/expat.pc 79 80%files help 81%defattr(-,root,root) 82%doc README.md 83%{_mandir}/man1/* 84 85%changelog 86* Sat Oct 29 2022 fuanan <fuanan3@h-partners.com> - 2.4.1-8 87- fix CVE-2022-43680 88 89* Tue Oct 11 2022 huangduirong <huangduirong@huawei.com> - 2.4.1-7 90- Type:bugfix 91- ID:NA 92- SUG:NA 93- DESC:Move autoreconf to build 94 95* Thu Sep 15 2022 panxiaohe <panxh.life@foxmail.com> - 2.4.1-6 96- fix CVE-2022-40674 97 98* Mon Mar 7 2022 yangzhuangzhuang <yangzhuangzhuang1@h-partners.com> - 2.4.1-5 99- Type:bugfix 100- ID:NA 101- SUG:NA 102- DESC:Relax fix to CVE-2022-25236 103 104* Sat Feb 26 2022 yangzhuangzhuang <yangzhuangzhuang1@h-partners.com> - 2.4.1-4 105- Type:CVE 106- ID:Fix CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 107- SUG:NA 108- DESC:Fix CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 109 110* Mon Feb 7 2022 yangzhuangzhuang <yangzhuangzhuang1@h-partners.com> - 2.4.1-3 111- Type:CVE 112- ID:CVE-2022-23852 CVE-2022-23990 113- SUG:NA 114- DESC:Fix CVE-2022-23852CVE-2022-23990 115 116* Mon Jan 17 2022 wangjie <wangjie375@huawei.com> - 2.4.1-2 117- Type:CVE 118- ID:CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 119- SUG:NA 120- DESC:fix CVE-2021-45960 CVE-2021-46143 121 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 122 123* Tue Jul 6 2021 panxiaohe <panxiaohe@huawei.com> - 2.4.1-1 124- update to 2.4.1 125- fix CVE-2013-0340 126 127* Wed Jan 20 2021 wangchen <wangchen137@huawei.com> - 2.2.10-1 128- update to 2.2.10 129 130* Sun Jun 28 2020 liuchenguang <liuchenguang4@huawei.com> - 2.2.9-2 131- quality enhancement synchronization github patch 132 133* Mon May 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.2.9-1 134- Type:requirement 135- ID:NA 136- SUG:NA 137- DESC:update to 2.2.9 138 139* Mon Oct 21 2019 shenyangyang <shenyangyang4@huawei.com> - 2.2.6-5 140- Type:NA 141- ID:NA 142- SUG:NA 143- DESC:modify the directory of AUTHORS 144 145* Mon Oct 21 2019 shenyangyang <shenyangyang4@huawei.com> - 2.2.6-4 146- Type:NA 147- ID:NA 148- SUG:NA 149- DESC:move AUTHORS to license directory 150 151* Sat Sep 28 2019 shenyangyang<shenyangyang4@huawei.com> - 2.2.6-3 152- Type:cves 153- ID:CVE-2019-15903 154- SUG:NA 155- DESC:fix CVE-2019-15903 156 157* Fri Aug 30 2019 gulining<gulining1@huawei.com> - 2.2.6-2 158- Type:cves 159- ID:CVE-2018-20843 160- SUG:NA 161- DESC:fix CVE-2018-20843 162 163* Thu Aug 29 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.2.6-1 164- Package Init 165