Sophie: libxml2-2.7.8-9.4.mga1 src

libxml2-2.7.8-9.4.mga1.src.rpm

%define major		2
%define libname		%mklibname xml2_ %{major}
%define develname	%mklibname xml2 -d

%define subrel 4

Summary:	Library providing XML and HTML support
Name:		libxml2
Version:	2.7.8
Release:	%mkrel 9
License:	MIT
Group: 		System/Libraries
URL:		http://www.xmlsoft.org/
Source0:	ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz
Patch0:		libxml2-2.7.8-reenable-version-script.patch
Patch1:		libxml2-2.7.8-CVE-2010-4494.diff

# Bug #1669
# http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
# http://git.gnome.org/browse/libxml2/patch/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4
Patch2:         libxml-fix-xpath-buffer-overflow.patch
Patch3:		libxml2-2.7.8-CVE-2011-2821,2834.diff

Patch4:		libxml2-2.7.8-CVE-2011-0216.diff
Patch5:		libxml2-2.7.8-CVE-2011-3905.diff
Patch6:		libxml2-2.7.8-CVE-2011-3919.diff

BuildRequires:	gtk-doc
BuildRequires:	python-devel
BuildRequires:	readline-devel
BuildRequires:	zlib-devel

%description
This library allows you to manipulate XML files. It includes support 
for reading, modifying and writing XML and HTML files. There is DTDs 
support: this includes parsing and validation even with complex DtDs, 
either at parse time or later once the document has been modified. The
output can be a simple SAX stream or and in-memory DOM-like 
representations. In this case one can use the built-in XPath and 
XPointer implementation to select subnodes or ranges. A flexible 
Input/Output mechanism is available, with existing HTTP and FTP modules
and combined to a URI library.

%package -n %{libname}
Summary:	Shared libraries providing XML and HTML support
Group: 		System/Libraries
Obsoletes:	%{mklibname xml 2}
Provides:	%{name} = %{version}-%{release}

%description -n %{libname}
This library allows you to manipulate XML files. It includes support 
for reading, modifying and writing XML and HTML files. There is DTDs 
support: this includes parsing and validation even with complex DtDs, 
either at parse time or later once the document has been modified.

%package utils
Summary: Utilities to manipulate XML files
Group: System/Libraries
Requires: %{libname} >= %{version}-%{release}

%description utils
This packages contains utils to manipulate XML files.

%package python
Summary: Python bindings for the libxml2 library
Group: Development/Python
Requires: %{libname} >= %{version}-%{release}
Requires: python >= %{pyver}
Provides: python-%{name} = %{version}-%{release}
%if "%{_lib}" != "lib"
Obsoletes: %{_lib}xml2-python < 2.6.29-4
%endif

%description python
The libxml2-python package contains a module that permits applications
written in the Python programming language to use the interface
supplied by the libxml2 library to manipulate XML files.

This library allows you to manipulate XML files. It includes support 
for reading, modifying and writing XML and HTML files. There is DTDs 
support: this includes parsing and validation even with complex DtDs, 
either at parse time or later once the document has been modified.

%package -n %{develname}
Summary: Libraries, includes, etc. to develop XML and HTML applications
Group: Development/C
Requires: %{libname} = %{version}-%{release}
Requires: zlib-devel
Provides: %{name}-devel = %{version}-%{release}

%description -n %{develname}
Libraries, include files, etc you can use to develop XML applications.
This library allows you to manipulate XML files. It includes support 
for reading, modifying and writing XML and HTML files. There is DTDs 
support: this includes parsing and validation even with complex DtDs, 
either at parse time or later once the document has been modified. 

%prep
%setup -q
%patch0 -p1
%patch1 -p0 -b .CVE-2010-4494
%patch2 -p1
%patch3 -p1 -b .CVE-2011-2821,2834
%patch4 -p0 -b .CVE-2011-0216
%patch5 -p0 -b .CVE-2011-3905
%patch6 -p1 -b .CVE-2011-3919

%build
autoreconf -fi
%configure2_5x
%make

%install
rm -rf %{buildroot}

%makeinstall_std

#only do it here if check aren't done
if [ %{_with check} -eq 0 ]; then 
  # clean before packaging documentation
  (cd doc/examples ; make clean ; rm -rf .deps Makefile)
  gzip -9 doc/libxml2-api.xml
fi


# multiarch policy
%multiarch_binaries %{buildroot}%{_bindir}/xml2-config

# remove unpackaged files
rm -rf	%{buildroot}%{_prefix}/doc \
 	%{buildroot}%{_datadir}/doc \
	%{buildroot}%{_libdir}/python%{pyver}/site-packages/*.{la,a} \

%check
# all tests must pass
# use TARBALLURL_2="" TARBALLURL="" TESTDIRS="" to disable xstc test which are using remote tarball
make TARBALLURL_2="" TARBALLURL="" TESTDIRS="" check

#need to do that after check otherwise it will fail
# clean before packaging documentation
(cd doc/examples ; make clean ; rm -rf .deps Makefile)
gzip -9 doc/libxml2-api.xml

%clean
rm -rf %{buildroot}

%files -n %{libname}
%defattr(-, root, root)
%{_libdir}/lib*.so.*

%files utils
%defattr(-, root, root)
%doc AUTHORS README Copyright TODO 
%{_bindir}/xmlcatalog
%{_bindir}/xmllint
%{_mandir}/man1/xmlcatalog*
%{_mandir}/man1/xmllint*

%files python
%defattr(-, root, root)
%doc AUTHORS README Copyright TODO 
%doc doc/*.py doc/python.html
%doc python/TODO
%doc python/libxml2class.txt
%doc python/tests/*.py
%{_libdir}/python%{pyver}/site-packages/*.so
%{_libdir}/python%{pyver}/site-packages/*.py

%files -n %{develname}
%defattr(-, root, root)
%doc AUTHORS ChangeLog README Copyright TODO 
%doc doc/*.html doc/*.gif doc/*.png doc/html doc/examples doc/tutorial
%doc doc/libxml2-api.xml.gz
%doc %{_datadir}/gtk-doc/html/*
%{_bindir}/xml2-config
%multiarch %{multiarch_bindir}/xml2-config
%{_libdir}/*a
%{_libdir}/*.so
%{_libdir}/*.sh
%{_libdir}/pkgconfig/*
%{_mandir}/man1/xml2-config*
%{_mandir}/man3/*
%{_includedir}/*
%{_datadir}/aclocal/*


%changelog

* Sat Jan 14 2012 fwang <fwang> 2.7.8-9.4.mga1
+ Revision: 195863
- add upstream patch to fix CVE-2011-3919

* Thu Dec 15 2011 wally <wally> 2.7.8-9.3.mga1
+ Revision: 182323
- fix CVE-2011-0216 and CVE-2011-3905

* Sun Oct 09 2011 wally <wally> 2.7.8-9.2.mga1
+ Revision: 153552
- fix CVE-2011-2821,2834

* Tue Jun 28 2011 boklm <boklm> 2.7.8-9.1.mga1
+ Revision: 114970
- fix possible buffer overflow (Bug #1669)

* Fri May 06 2011 ahmad <ahmad> 2.7.8-9.mga1
+ Revision: 95274
- Revert the deleting of .la files

* Thu May 05 2011 ahmad <ahmad> 2.7.8-8.mga1
+ Revision: 95203
- Don't ship .la files

* Sun Jan 16 2011 pterjan <pterjan> 2.7.8-7.mga1
+ Revision: 20630
- Rebuild for python 2.7

* Wed Jan 12 2011 ahmad <ahmad> 2.7.8-6.mga1
+ Revision: 6990
- drop old/unneeded scriptlets
- imported package libxml2