import tinyxml-2.6.2-30.el10

3 weeks ago · 8c7a30700c
commit 8c7a30700c
8 changed files with 346 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 SOURCES/tinyxml_2_6_2.tar.gz
--- a/.tinyxml.metadata
+++ b/.tinyxml.metadata
@ -0,0 +1 @@
 cba3f50dd657cb1434674a03b21394df9913d764  SOURCES/tinyxml_2_6_2.tar.gz
--- a/SOURCES/CVE-2021-42260.patch
+++ b/SOURCES/CVE-2021-42260.patch
@ -0,0 +1,23 @@
 Description: In stamp always advance the pointer if *p= 0xef
 .
 The current implementation only advanced if 0xef is followed
 by two non-zero bytes. In case of malformed input (0xef should be
 the start byte of a three byte character) this leads to an infinite
 loop. (CVE-2021-42260)
 Origin: https://sourceforge.net/p/tinyxml/git/merge-requests/1/
 --- a/tinyxmlparser.cpp
 +++ b/tinyxmlparser.cpp
@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding )
 						else
 							{ p +=3; ++col; }	// A normal character.
 					}
 +					else
 +					{
 +						// TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so
 +						// there is something wrong here. Just advance the pointer to evade infinite loops
 +						++p;
 +					}
 				}
 				else
 				{
--- a/SOURCES/CVE-2023-34194.patch
+++ b/SOURCES/CVE-2023-34194.patch
@ -0,0 +1,28 @@
 From: Guilhem Moulin <guilhem@debian.org>
 Date: Sat, 30 Dec 2023 14:15:54 +0100
 Subject: Avoid reachable assertion via crafted XML document with a '\0'
 located after whitespace
 Bug: https://www.forescout.com/resources/sierra21-vulnerabilities
 Bug-Debian: https://bugs.debian.org/1059315
 Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-34194
 Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-40462
 ---
 tinyxmlparser.cpp | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp
 index 8aa0dfa..1601962 100644
 --- a/tinyxmlparser.cpp
 +++ b/tinyxmlparser.cpp
@@ -1606,6 +1606,10 @@ const char* TiXmlDeclaration::Parse( const char* p, TiXmlParsingData* data, TiXm
 		}
 		p = SkipWhiteSpace( p, _encoding );
 +		if ( !p || !*p )
 +		{
 +			break;
 +		}
 		if ( StringEqual( p, "version", true, _encoding ) )
 		{
 			TiXmlAttribute attrib;
--- a/SOURCES/tinyxml-2.5.3-stl.patch
+++ b/SOURCES/tinyxml-2.5.3-stl.patch
@ -0,0 +1,12 @@
 diff -up tinyxml/tinyxml.h~ tinyxml/tinyxml.h
 --- tinyxml/tinyxml.h~	2007-11-30 22:39:36.000000000 +0100
 +++ tinyxml/tinyxml.h	2007-11-30 22:39:36.000000000 +0100
@@ -26,6 +26,8 @@ distribution.
 #ifndef TINYXML_INCLUDED
 #define TINYXML_INCLUDED
 +#define TIXML_USE_STL 1
 +
 #ifdef _MSC_VER
 #pragma warning( push )
 #pragma warning( disable : 4530 )
--- a/SOURCES/tinyxml-issue51.patch
+++ b/SOURCES/tinyxml-issue51.patch
@ -0,0 +1,55 @@
 diff -up tinyxml/tinyxml.cpp.orig tinyxml/tinyxml.cpp
 --- tinyxml/tinyxml.cpp.orig	2011-05-15 04:24:57.000000000 +0200
 +++ tinyxml/tinyxml.cpp	2024-01-03 14:55:14.246379618 +0100
@@ -57,30 +57,7 @@ void TiXmlBase::EncodeString( const TIXM
 	{
 		unsigned char c = (unsigned char) str[i];
 -		if (    c == '&' 
 -		     && i < ( (int)str.length() - 2 )
 -			 && str[i+1] == '#'
 -			 && str[i+2] == 'x' )
 -		{
 -			// Hexadecimal character reference.
 -			// Pass through unchanged.
 -			// &#xA9;	-- copyright symbol, for example.
 -			//
 -			// The -1 is a bug fix from Rob Laveaux. It keeps
 -			// an overflow from happening if there is no ';'.
 -			// There are actually 2 ways to exit this loop -
 -			// while fails (error case) and break (semicolon found).
 -			// However, there is no mechanism (currently) for
 -			// this function to return an error.
 -			while ( i<(int)str.length()-1 )
 -			{
 -				outString->append( str.c_str() + i, 1 );
 -				++i;
 -				if ( str[i] == ';' )
 -					break;
 -			}
 -		}
 -		else if ( c == '&' )
 +		if ( c == '&' )
 		{
 			outString->append( entity[0].str, entity[0].strLength );
 			++i;
 diff -up tinyxml/xmltest.cpp.orig tinyxml/xmltest.cpp
 --- tinyxml/xmltest.cpp.orig	2011-05-15 04:24:57.000000000 +0200
 +++ tinyxml/xmltest.cpp	2024-01-03 14:55:14.247379623 +0100
@@ -1366,6 +1366,16 @@ int main()
 		}*/
 	}
 +	#ifdef TIXML_USE_STL
 +	{
 +		TiXmlDocument xml;
 +		xml.Parse("<foo>foo&amp;#xa+bar</foo>");
 +		std::string str;
 +		str << xml;
 +		XmlTest( "Entity escaping", "<foo>foo&amp;#xa+bar</foo>", str.c_str() );
 +	}
 +	#endif
 +
 	/*  1417717 experiment
 	{
 		TiXmlDocument xml;
--- a/SOURCES/tinyxml.pc.in
+++ b/SOURCES/tinyxml.pc.in
@ -0,0 +1,10 @@
 prefix=@prefix@
 exec_prefix=@exec_prefix@
 libdir=@libdir@
 includedir=@includedir@
 Name: TinyXML
 Description: A simple, small, C++ XML parser
 Version: @version@
 Libs: -L${libdir} -ltinyxml
 Cflags: -I${includedir} -DTIXML_USE_STL=YES
--- a/SPECS/tinyxml.spec
+++ b/SPECS/tinyxml.spec
@ -0,0 +1,216 @@
 %global         _hardened_build 1
 %define underscore_version 2_6_2
 Name:           tinyxml
 Version:        2.6.2
 Release:        30%{?dist}
 Summary:        A simple, small, C++ XML parser
 License:        zlib
 URL:            http://www.grinninglizard.com/tinyxml/
 Source0:        http://downloads.sourceforge.net/%{name}/%{name}_%{underscore_version}.tar.gz
 Source1:        tinyxml.pc.in
 Patch0:         tinyxml-2.5.3-stl.patch
 # https://sourceforge.net/p/tinyxml/patches/_discuss/thread/fa2235db/f16d/attachment/entity.patch
 Patch1:         tinyxml-issue51.patch
 Patch2:         https://sources.debian.org/data/main/t/tinyxml/2.6.2-6.1/debian/patches/CVE-2021-42260.patch
 Patch3:         https://sources.debian.org/data/main/t/tinyxml/2.6.2-6.1/debian/patches/CVE-2023-34194.patch
 BuildRequires:  gcc-c++
 %description
 TinyXML is a simple, small, C++ XML parser that can be easily integrating
 into other programs. Have you ever found yourself writing a text file parser
 every time you needed to save human readable data or serialize objects?
 TinyXML solves the text I/O file once and for all.
 (Or, as a friend said, ends the Just Another Text File Parser problem.)
 %package        devel
 Summary:        Development files for %{name}
 Requires:       %{name} = %{version}-%{release}
 %description    devel
 The %{name}-devel package contains libraries and header files for
 developing applications that use %{name}.
 %prep
 %autosetup -p1 -n %{name}
 %build
 %{set_build_flags}
 mv changes.txt changes.txt-orig
 iconv -f ISO-8859-1 -t UTF-8 changes.txt-orig > changes.txt
 rm -f changes.txt-orig
 # Not really designed to be build as lib, DYI
 for i in tinyxml.cpp tinystr.cpp tinyxmlerror.cpp tinyxmlparser.cpp; do
  ${CXX} $RPM_OPT_FLAGS -fPIC -o $i.o -c $i
 done
 ${CXX} $RPM_LD_FLAGS -shared -o lib%{name}.so.0.%{version} \
   -Wl,-soname,lib%{name}.so.0 *.cpp.o
 %install
 rm -rf $RPM_BUILD_ROOT
 # Not really designed to be build as lib, DYI
 mkdir -p $RPM_BUILD_ROOT%{_libdir}
 mkdir -p $RPM_BUILD_ROOT%{_includedir}
 install -m 755 lib%{name}.so.0.%{version} $RPM_BUILD_ROOT%{_libdir}
 ln -s lib%{name}.so.0.%{version} $RPM_BUILD_ROOT%{_libdir}/lib%{name}.so.0
 ln -s lib%{name}.so.0.%{version} $RPM_BUILD_ROOT%{_libdir}/lib%{name}.so
 install -p -m 644 %{name}.h $RPM_BUILD_ROOT%{_includedir}
 mkdir -p %{buildroot}%{_libdir}/pkgconfig
 sed -e 's![@]prefix[@]!%{_prefix}!g' \
 -e 's![@]exec_prefix[@]!%{_exec_prefix}!g' \
 -e 's![@]libdir[@]!%{_libdir}!g' \
 -e 's![@]includedir[@]!%{_includedir}!g' \
 -e 's![@]version[@]!%{version}!g' \
 %{SOURCE1} > %{buildroot}%{_libdir}/pkgconfig/%{name}.pc
 %check
 %{set_build_flags}
 ${CXX} $RPM_OPT_FLAGS -DTIXML_USE_STL -fPIE -ltinyxml -L%{buildroot}%{_libdir} -o xmltest xmltest.cpp
 chmod +x xmltest
 LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./xmltest
 %files
 %doc changes.txt readme.txt
 %{_libdir}/*.so.*
 %files devel
 %doc docs/*
 %{_includedir}/*
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/%{name}.pc
 %changelog
 * Wed Dec 25 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 2.6.2-30
 - Rebuilt for MSVSphere 10
 * Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-30
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
 * Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-29
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Wed Jan 03 2024 Dominik Mierzejewski <dominik@greysector.net> - 2.6.2-28
 - apply Debian patch to fix CVE-2021-42260 (rhbz#2253716, rhbz#2253718)
 - apply Debian patch to fix CVE-2023-34194 and its duplicate, CVE-2023-40462
  (rhbz#2254376, rhbz#2254381)
 - fix incorrect text element encoding (upstream isssue #51)
 - compile and run tests
 * Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-27
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-26
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-25
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-24
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-23
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-22
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-21
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-20
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-19
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-18
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-17
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Fri Feb 23 2018 Florian Weimer <fweimer@redhat.com> - 2.6.2-16
 - Use LDFLAGS from redhat-rpm-config
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-15
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-14
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-13
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-12
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 * Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.2-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 * Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 2.6.2-9
 - Rebuilt for GCC 5 C++11 ABI change
 * Thu Mar 26 2015 Kalev Lember <kalevlember@gmail.com> - 2.6.2-8
 - Rebuilt for GCC 5 ABI change
 * Fri Jan 09 2015 François Cami <fcami@fedoraproject.org> - 2.6.2-7
 - Use PIC.
 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.2-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 * Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.2-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 * Fri Apr 04 2014 Scott K Logan <logans@cottsay.net> - 2.6.2-4
 - Fix wrong pkgconfig path
 * Sat Mar 01 2014 Scott K Logan <logans@cottsay.net> - 2.6.2-3
 - Add basic pkgconfig
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 * Thu Jan 17 2013 François Cami <fcami@fedoraproject.org> - 2.6.2-1
 - Update to 2.6.2
 - Fix changes.txt encoding
 * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
 * Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 * Mon May 03 2010 Rakesh Pandit <rakesh@fedoraproject.org> - 2.6.1-1
 - Updated to 2.6.1
 * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.3-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.3-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
 * Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 2.5.3-3
 - Autorebuild for GCC 4.3
 * Fri Dec 14 2007 Hans de Goede <j.w.r.degoede@hhs.nl> 2.5.3-2
 - Various improvements from review (bz 407571)
 * Fri Nov 30 2007 Hans de Goede <j.w.r.degoede@hhs.nl> 2.5.3-1
 - Initial Fedora Package
		`@ -0,0 +1 @@`
							`cba3f50dd657cb1434674a03b21394df9913d764 SOURCES/tinyxml_2_6_2.tar.gz`