#
# spec file for package expat
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           expat
Version:        2.2.1
Release:        2.1
Summary:        XML Parser Toolkit
License:        MIT
Group:          Development/Libraries/C and C++
Url:            http://expat.sourceforge.net/
Source0:        http://downloads.sourceforge.net/project/expat/expat/%{version}/expat-%{version}.tar.bz2
Source1:        %{name}faq.html
Source2:        baselibs.conf
BuildRequires:  gcc-c++
BuildRequires:  libtool
BuildRequires:  pkgconfig
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%description
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).

%package -n libexpat1
Summary:        XML Parser Toolkit
Group:          System/Libraries

%description -n libexpat1
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).

%package -n libexpat-devel
Summary:        XML Parser Toolkit
Group:          Development/Libraries/C and C++
Requires:       glibc-devel
Requires:       libexpat1 = %{version}

%description -n libexpat-devel
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).

This package contains the development headers for the library found
in libexpat.

%prep
%setup -q

cp %{SOURCE1} .
rm -f examples/*.dsp

%build
%configure \
  --disable-silent-rules \
  --disable-static
%if %{do_profiling}
  make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}"
  make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" LDFLAGS="%{optflags} %{cflags_profile_generate}" check
  make clean
  make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_feedback}"
%else
  make %{?_smp_mflags} CFLAGS="%{optflags}"
%endif

%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print

%check
make %{?_smp_mflags} check

%post -n libexpat1 -p /sbin/ldconfig
%postun -n libexpat1 -p /sbin/ldconfig

%files
%defattr(-, root, root)
%doc COPYING Changes README examples expatfaq.html
%doc doc/expat.png doc/reference.html doc/style.css doc/valid-xhtml10.png
%{_mandir}/man?/*
%{_bindir}/xmlwf

%files -n libexpat1
%defattr(-, root, root)
%{_libdir}/libexpat.so.*

%files -n libexpat-devel
%defattr(-, root, root)
%{_includedir}/*
%{_libdir}/libexpat.so
%{_libdir}/pkgconfig/expat.pc

%changelog
* Tue Jul 11 2017 mpluskal@suse.com
- Build with profiling when possible
* Tue Jul  4 2017 meissner@suse.com
- Version update to 2.2.1 Sat June 17 2017
  - Security fixes:
    CVE-2017-9233 / bsc#1047236 -- External entity infinite loop DoS
    Details: https://libexpat.github.io/doc/cve-2017-9233/
    Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
  - [MOX-002]      CVE-2016-9063 / bsc#1047240 -- Detect integer overflow;
    (Fixed version of existing downstream patches!)
  - (SF.net) #539  Fix regression from fix to CVE-2016-0718 cutting off
    longer tag names;
    [#25]  More integer overflow detection (function poolGrow);
  - [MOX-002]      Detect overflow from len=INT_MAX call to XML_Parse;
  - [MOX-005] #30  Use high quality entropy for hash initialization:
  * arc4random_buf on BSD, systems with libbsd
    (when configured with --with-libbsd), CloudABI
  * RtlGenRandom on Windows XP / Server 2003 and later
  * getrandom on Linux 3.17+
    In a way, that's still part of CVE-2016-5300.
    https://github.com/libexpat/libexpat/pull/30/commits
  - [MOX-005] For the low quality entropy extraction fallback code,
    the parser instance address can no longer leak,
  - [MOX-003] Prevent use of uninitialised variable; commit
  - [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
    Add missing parameter validation to public API functions
    and dedicated error code XML_ERROR_INVALID_ARGUMENT:
  - [MOX-006] * NULL checks; commits
  * Negative length (XML_Parse); commit
  - [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
  - [MOX-001] #35  Change hash algorithm to William Ahern's version of SipHash
    to go further with fixing CVE-2012-0876.
    https://github.com/libexpat/libexpat/pull/39/commits
  - Bug fixes:
    [#32] Fix sharing of hash salt across parsers;
    relevant where XML_ExternalEntityParserCreate is called
    prior to XML_Parse, in particular (e.g. FBReader)
    [#28] xmlwf: Auto-disable use of memory-mapping (and parsing
    as a single chunk) for files larger than ~1 GB (2^30 bytes)
    rather than failing with error "out of memory"
    [#3]  Fix double free after malloc failure in DTD code; commit
    7ae9c3d3af433cd4defe95234eae7dc8ed15637f
    [#17] Fix memory leak on parser error for unbound XML attribute
    prefix with new namespaces defined in the same tag;
    found by Google's OSS-Fuzz; commits
    xmlwf on Windows: Add missing calls to CloseHandle
  - New features:
    [#30] Introduced environment switch EXPAT_ENTROPY_DEBUG=1
    for runtime debugging of entropy extraction
    Bump version info from 7:2:6 to 7:3:6
* Mon Jul 18 2016 jengelh@inai.de
- Remove pointless --with-pic (for static only)
* Thu Jul 14 2016 tchvatal@suse.com
- Version update to 2.2.0:
  * Fixes bnc#983215 CVE-2012-6702
  * Fixes bnc#983216 CVE-2016-5300
  * Various cmake and autotools script updates
  * Fix detection of utf8 character boundaries
- Remove all patches merged upstream:
  * expat-2.1.1-avoid_relying_on_undef_behaviour.patch
  * expat-2.1.1-parser_crashes_on_malformed_input.patch
  * expat-alloc-size.patch
  * expat-visibility.patch
* Wed May 18 2016 kstreitova@suse.com
- add expat-2.1.1-avoid_relying_on_undef_behaviour.patch to avoid
  relying on undefined behavior in the original CVE-2015-1283 fix
  [bnc#980391], [bnc#983985], [CVE-2016-4472]
- add expat-2.1.1-parser_crashes_on_malformed_input.patch to fix
  Expat XML parser that mishandles certain kinds of malformed input
  documents [bnc#979441], [CVE-2016-0718]
- use spec-cleaner to clean specfile
* Fri Apr  1 2016 crrodriguez@opensuse.org
- After simplification of expat-visibility.patch, it became
  uneffective as no symbols are getting hidden. add
  - fvisibility=hidden to CFLAGS again.
- expat-alloc-size.patch: fix braino, realloc()-like functions
  should not take __attribute__(malloc)
* Wed Mar 23 2016 idonmez@suse.com
- Update to version 2.1.1
  * Fixes CVE-2015-1283 — Multiple integer overflows in the
    XML_GetBuffer function
  * Fix potential null pointer dereference
  * Symbol XML_SetHashSalt was not exported
  * Output of xmlwf -h was incomplete
  * Document behavior of calling XML_SetHashSalt with salt 0
  * Minor improvements to man page xmlwf(1)
- Simplify expat-visibility.patch, refresh expat-alloc-size.patch
- Drop config-guess-sub-update.patch, fixed upstream.
* Sat Jul 11 2015 mpluskal@suse.com
- Cleanup spec file with spec-cleaner
- Remove old ppc obsoletes/provides
* Tue Mar 26 2013 mmeister@suse.com
- Added url as source.
  Please see http://en.opensuse.org/SourceUrls
* Thu Feb 21 2013 jengelh@inai.de
- Sanitize description of expat (replace it with a more current
  one from the homepage)
* Mon Feb  4 2013 schwab@suse.de
- Update config.guess/sub for aarch64
* Wed Jan 23 2013 pgajdos@suse.com
- fix of fix of [bnc#798644]
- according to upstream changelog:
  - Improved ability to build without the configure-generated
    expat_config.h header.  This is useful for applications
    which embed Expat rather than linking in the library.
  because I am not exactly sure about implication of this, rather use
  - DXML_HAVE_VISIBILITY in CFLAG_VISIBILITY in expat-visibility.patch
* Tue Jan 22 2013 jengelh@inai.de
- Executing autoreconf requires autoconf BuildRequire
* Fri Jan 18 2013 pgajdos@suse.com
- really hide private Xml* symbols [bnc#798644]
  * modified visibility.patch
* Tue Apr 10 2012 tabraham@novell.com
- update to 2.1.0
  - Bug Fixes:
    [#1742315]: Harmful XML_ParserCreateNS suggestion.
    [#2895533]: CVE-2012-1147 - Resource leak in readfilemap.c.
    [#1785430]: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
    [#1983953], 2517952, 2517962, 2649838:
    Build modifications using autoreconf instead of buildconf.sh.
    [#2815947], #2884086: OBJEXT and EXEEXT support while building.
    [#1990430]: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
    [#2517938]: xmlwf should return non-zero exit status if not well-formed.
    [#2517946]: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
    [#2855609]: Dangling positionPtr after error.
    [#2894085]: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
    [#2958794]: CVE-2012-1148 - Memory leak in poolGrow.
    [#2990652]: CMake support.
    [#3010819]: UNEXPECTED_STATE with a trailing "%%" in entity value.
    [#3206497]: Unitialized memory returned from XML_Parse.
    [#3287849]: make check fails on mingw-w64.
    [#3496608]: CVE-2012-0876 - Hash DOS attack.
  - Patches:
    [#1749198]: pkg-config support.
    [#3010222]: Fix for bug #3010819.
    [#3312568]: CMake support.
    [#3446384]: Report byte offsets for attr names and values.
  - New Features / API changes:
  * Added new API member XML_SetHashSalt() that allows setting an
    intial value (salt) for hash calculations. This is part of the
    fix for bug #3496608 to randomize hash parameters.
  * When compiled with XML_ATTR_INFO defined, adds new API member
    XML_GetAttributeInfo() that allows retrieving the byte
    offsets for attribute names and values (patch #3446384).
  * Added CMake build system.  See bug #2990652 and patch #3312568.
  * Added run-benchmark target to Makefile.in - relies on testdata
    module present in the same relative location as in the repository.
* Tue Mar  6 2012 tabraham@novell.com
- update to 2.1.0 beta
  * refreshed expat-visibility.patch
  * removed obsolete expat-CVE-2009-3560.patch
  * removed obsolete expat-CVE-2009-2625.patch
  - hash table DOS attack fix
  - accumulated bug fixes and some changes to the build system
  - new conditional feature to make byte offsets for attributes
    and attribute names available
* Sun Feb 12 2012 crrodriguez@opensuse.org
- Put libraries back to %%{_libdir}, /usr merge project
* Fri Dec  2 2011 coolo@suse.com
- add automake as buildrequire to avoid implicit dependency
* Sun Oct 30 2011 crrodriguez@opensuse.org
- Hide non public symbols reusing existing win32 API export/imports
- annotate malloc/realloc-like functions with attribute alloc_size
  to catch possible misuses in calling code.
* Sun Sep 18 2011 jengelh@medozas.de
- Remove redundant/obsolete tags/sections from specfile
  (cf. packaging guidelines)
- Use %%_smp_mflags for parallel build
- Add libexpat-devel to baselibs
* Fri Feb 25 2011 prusnak@opensuse.org
- fix license (MIT) in spec file
* Fri Jan  8 2010 prusnak@suse.cz
- fix CVE-2009-3560.patch [bnc#566434]
* Sun Dec 13 2009 jengelh@medozas.de
- add baselibs.conf as a source
* Fri Dec  4 2009 prusnak@suse.cz
- fix DoS (CVE-2009-3560.patch) [bnc#558892]
* Thu Oct 29 2009 prusnak@suse.cz
- fix DoS (CVE-2009-2625.patch) [bnc#550664]
* Sun Apr  5 2009 crrodriguez@suse.de
- test suite requires gcc-c++ to compile
* Thu Feb 19 2009 crrodriguez@suse.de
- remove static libraries, shouldnt be needed anymore.
- run make check
* Wed Dec 10 2008 olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
  (bnc#437293)
* Thu Oct 30 2008 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
  for multilib support
* Sat Jul 28 2007 coolo@suse.de
- fix devel symlink
* Wed Jul 25 2007 prusnak@suse.cz
- move libraries from /usr/lib to /lib [#285472]
- replace deprecated %%run_ldconfig with /sbin/ldconfig
* Thu Jun  7 2007 prusnak@suse.cz
- update to 2.0.1:
  ( from Changes )
  * Fixed bugs #1515266, 1515600: The character data handler's calling
    of XML_StopParser() was not handled properly; if the parser was
    stopped and the handler set to NULL, the parser would segfault.
  * Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
    some character constants to be ASCII encoded.
  * Minor cleanups of the test harness.
  * Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
  * Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
  * Fixes and improvements for Windows platform:
    bugs #1409451, #1476160, 1548182, 1602769, 1717322.
  * Build fixes for various platforms:
    HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
    All Unix: #1554618 (refreshed config.sub/config.guess).
    [#1490371], #1613457: support both, DESTDIR and INSTALL_ROOT,
    without relying on GNU-Make specific features.
    [#1647805]: Patched configure.in to work better with Intel compiler.
  * Fixes to Makefile.in to have make check work correctly:
    bugs #1408143, #1535603, #1536684.
  * Added Open Watcom support: patch #1523242.
* Tue Apr 17 2007 prusnak@suse.cz
- split libexpat1 and libexpat-devel subpackages [#260214]
* Thu Oct 19 2006 dmueller@suse.de
- strip .la file
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Thu Jan 12 2006 ro@suse.de
- fixed file list for debuginfo package (do not pack all of libdir)
* Wed Jan 11 2006 mjancar@suse.cz
- update to 2.0.0
* Mon Jan  9 2006 mjancar@suse.cz
- update to 2.0 pre release
* Wed Nov 10 2004 ro@suse.de
- fixed filelist
* Mon Aug  9 2004 tcrhak@suse.cz
- update to 1.95.8
* Thu Feb  5 2004 kukuk@suse.de
- Build as user
* Thu Feb  5 2004 tcrhak@suse.cz
- update to version 1.95.7
* Tue Feb 18 2003 tcrhak@suse.cz
- in expat.h, declare enum XML_Status before using it;
  put into patch "...-header.diff" [bug #23742]
* Mon Feb 17 2003 tcrhak@suse.cz
- updated to version 1.95.6
* Sun Dec 22 2002 tcrhak@suse.cz
- update to version 1.95.5
* Sat Jul 13 2002 tcrhak@suse.cz
- update to version 1.95.4
* Thu Mar 28 2002 tcrhak@suse.cz
- added parameter --target to configure
* Mon Jan 14 2002 rvasice@suse.cz
- use %%{_libdir} and %%{_lib}
* Tue Nov 20 2001 rvasice@suse.cz
- fix URL in spec file
* Wed Aug 15 2001 rvasice@suse.cz
- update to version 1.95.2
- spec file cleanup
- added DESTDIR
* Mon May 14 2001 pblaha@suse.cz
- fixed links for soname of libexpat.so*
* Fri May 11 2001 cihlar@suse.cz
- fixed soname of libexpat.so.1.2
* Fri Jan  5 2001 pblaha@suse.cz
- back on stable version 1.2  added build shared libexpat.so
* Thu Jan  4 2001 pblaha@suse.cz
- update on 1.95.1 on sourgeforge needed for midgard
- new description
* Thu Mar  9 2000 ke@suse.de
- Don't "install" symlinks; use "cp"; reported by bs; proposed fix
  by ro.
- Cleanup the spec file: better Group tag; more accurate files list.
* Tue Nov 23 1999 ke@suse.de
- first SuSE package: version 1.1.
- apply Debian patch to build shared libs.
- build libexpat.a.