%define major 3 %define libname %mklibname plist %{major} %define libnamedev %mklibname plist -d %define libnamecxx %mklibname plist++ %{major} %define libnamecxxdev %mklibname plist++ -d Name: libplist Version: 1.12 Release: %mkrel 1 Summary: Library for manipulating Apple Binary and XML Property Lists Group: System/Libraries License: LGPLv2+ URL: http://www.libimobiledevice.org/ Source0: http://www.libimobiledevice.org/downloads/%{name}-%{version}.tar.bz2 Patch1: 0001-Fix-possible-crash-in-plist_from_bin-caused-by-access-to-already-freed-memory.patch Patch2: 0002-Plug-memory-leaks-caused-by-unused-and-unfreed-buffer.patch Patch3: 0003-Refactor-binary-plist-parsing-in-a-recursive-way.patch Patch4: 0004-Make-sure-to-compare-the-node-sizes-for-integer-nodes.patch Patch5: 0005-Change-internal-storage-of-PLIST_DATE-values-from-struct-timeval-to-double.patch Patch6: 0006-Fix-possible-out-of-bounds-read-in-parse_dict_node-with-proper-bounds-checking.patch Patch7: 0007-Fix-possible-out-of-bounds-reads-in-parse_bin_node.patch Patch8: 0008-Make-sure-the-index-in-parse_bin_node_at_index-is-actually-within-the-offset-table.patch Patch9: 0009-Prevent-out-of-bounds-read-in-plist_from_bin-when-parsing-offset_table.patch Patch10: 0010-Make-sure-to-error-out-if-allocation-of-used_indexes-buffer-in-plist_from_bin-fails.patch Patch11: 0011-Disallow-key-nodes-with-non-string-node-types.patch Patch12: 0012-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch Patch13: 0013-Improve-UINT_TO_HOST-macro-remove-uint24_from_be-function.patch Patch14: 0014-Check-for-invalid-offset_size-in-bplist-trailer.patch Patch15: 0015-Use-proper-struct-for-binary-plist-trailer.patch Patch16: 0016-Mass-rename-dict_size-and-param_dict_size-to-more-appropiate-ref_size.patch Patch17: 0017-Fix-possible-out-of-bounds-read-in-parse_array_node-with-proper-bounds-checking.patch Patch18: 0018-Avoid-heap-buffer-allocation-when-parsing-array-dict-string-data-node-sizes-14.patch Patch19: 0019-Unify-size-node-parsing-for-data-string-array-dict-nodes.patch Patch20: 0020-Prevent-OOB-read-when-parsing-data-string-array-dict-size-nodes.patch Patch21: 0021-Fix-OOB-write-on-heap-buffer-and-improve-recursion-check.patch Patch22: 0022-Make-sure-node-index-is-smaller-than-number-of-objects.patch Patch23: 0023-Make-sure-the-offset-table-is-in-the-correct-range.patch Patch24: 0024-Plug-memory-leak-in-case-parsing-a-dictionary-key-fails.patch Patch26: 0026-bplist-Improve-real-date-node-de-serialization.patch Patch27: 0027-bplist-Improve-parsing-unicode-nodes.patch # PATCH-FIX-UPSTREAM 0029-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch boo#1029639 alarrosa@suse.com -- make sure to bail out if malloc fails in parse_string_node (CVE-2017-6435). Patch29: 0029-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch Patch30: 0030-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch Patch31: 0031-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch Patch32: 0032-bplist-Properly-handle-some-more-malloc-failure-situ.patch Patch33: 0033-plist-Fix-assert-to-allow-16-or-8-byte-integer-sizes.patch Patch34: C0001-Plug-memory-leak-when-converting-PLIST_UID-nodes-to-XML.patch Patch35: C0002-Improve-writing-of-array-and-dictionary-nodes.patch Patch36: C0003-Improve-writing-of-integer-nodes.patch Patch37: C0004-Fix-UID-node-parsing-to-match-Apples-parser.patch Patch38: C0005-Improve-writing-of-UID-nodes.patch Patch39: C0006-Improve-writing-of-data-string-and-unicode-nodes.patch Patch40: C0007-Improve-writing-of-offset-table.patch #PATCH-FIX-UPSTREAM Nikias Bassen <nikias@gmx.li> CVE-2017-5209 #rework base64decode to handle split encoded data Patch101: B0005-base64-Prevent-buffer-overflow-by-not-decoding-blocks-with-less-than-4-chrs.patch Patch102: B0006-Prevent-use-strlen-in-base64decode-when-input-buffer-size-is-known.patch Patch103: B0007-base64-Rework-base64decode-to-handle-split-encoded-data.patch # PATCH-FIX-UPSTREAM libplist-boo1035312-overflow-fixes.patch boo#1035312 mgorse@suse.com -- add some overflow checks (boo#1035312 CVE-2017-7982). Patch110: libplist-boo1035312-overflow-fixes.patch # PATCH-FIX-UPSTREAM libplist-boo1029631-32bit.patch boo#1029631 boo#1029638 boo#1029706 boo#1029751 mgorse@suse.com -- make sure sanity checks work on 32-bit platforms, and fix range checks (CVE-2017-6440 CVE-2017-6439 CVE-2017-6438 CVE-2017-6436). Patch111: libplist-boo1029631-32bit.patch # PATCh-FIX-UPSTREAM libplist-boo1029707-base64-invalid-read.patch boo#1029707 mgorse@suse.com -- prevent undefined shift when parsing invalid base64 encoded data (CVE-2017-6437). Patch112: libplist-boo1029707-base64-invalid-read.patch BuildRequires: pkgconfig(libxml-2.0) BuildRequires: gcc-c++ BuildRequires: libtool %description libplist is a library for manipulating Apple Binary and XML Property Lists #---------------------------------------------------------------------------- %package -n %{libname} Summary: Library for manipulating Apple Binary and XML Property Lists Group: System/Libraries Requires: %{name} >= %{version}-%{release} %description -n %{libname} libplist is a library for manipulating Apple Binary and XML Property Lists #---------------------------------------------------------------------------- %package -n %{libnamedev} Summary: Development package for libplist Group: Development/C Requires: %{libname} = %{version}-%{release} Provides: %{name}-devel = %{version}-%{release} %description -n %{libnamedev} %{name}, development headers and libraries. #---------------------------------------------------------------------------- %package -n %{libnamecxx} Summary: C++ binding for libplist Group: Development/C++ Requires: %{name} >= %{version}-%{release} %description -n %{libnamecxx} C++ bindings for %{name} #---------------------------------------------------------------------------- %package -n %{libnamecxxdev} Summary: Development package for libplist++ Group: Development/C++ Requires: %{libnamecxx} = %{version}-%{release} Provides: %{name}++-devel = %{version}-%{release} Conflicts: %{mklibname plist++ 0} < 1.0 %description -n %{libnamecxxdev} %{name}, C++ development headers and libraries. #---------------------------------------------------------------------------- %package -n python-plist Summary: Python package for libplist Group: Development/Python BuildRequires: python-cython BuildRequires: python-devel Requires: python %description -n python-plist %{name}, python libraries and support #---------------------------------------------------------------------------- %prep %setup -q %apply_patches %build autoreconf -vfi %configure2_5x \ --disable-static make %install %makeinstall_std # daviddavid (workaround since new 1.11 version) # FIXME This file is not automatically installed by upstream source while it is built. mkdir -p %{buildroot}%{_includedir}/plist/cython install -m 0644 cython/plist.pxd %{buildroot}%{_includedir}/plist/cython/ # we don't want these find %{buildroot} -name '*.la' -delete %files %doc AUTHORS COPYING.LESSER README %{_bindir}/plistutil %files -n %{libname} %{_libdir}/%{name}.so.%{major} %{_libdir}/%{name}.so.%{major}.* %files -n %{libnamedev} %dir %{_includedir}/plist %{_includedir}/plist/*.h %{_includedir}/plist/cython/ %{_libdir}/pkgconfig/%{name}.pc %{_libdir}/%{name}.so %files -n %{libnamecxx} %{_libdir}/%{name}++.so.%{major} %{_libdir}/%{name}++.so.%{major}.* %files -n %{libnamecxxdev} %{_libdir}/pkgconfig/%{name}++.pc %{_libdir}/%{name}++.so %files -n python-plist %{python_sitearch}/plist.so %changelog * Fri Dec 29 2017 luigiwalser <luigiwalser> 1.12-1.mga5 + Revision: 1186922 - 1.12 - library major is now 3 - add patches from opensuse to fix several security issues (mga#20232) * Wed Oct 15 2014 umeabot <umeabot> 1.11-7.mga5 + Revision: 745015 - Second Mageia 5 Mass Rebuild * Sat Sep 27 2014 tv <tv> 1.11-6.mga5 + Revision: 726830 - rebuild for missing pythoneggs deps * Tue Sep 16 2014 umeabot <umeabot> 1.11-5.mga5 + Revision: 681711 - Mageia 5 Mass Rebuild * Mon Mar 31 2014 daviddavid <daviddavid> 1.11-4.mga5 + Revision: 610951 - use correct specification for required main pkg on library - drop obsolete macro on %%py_requires -d * Mon Mar 31 2014 daviddavid <daviddavid> 1.11-3.mga5 + Revision: 610827 - add a comment for the fix of cython stuff - prefer use pkgconfig on BR - specify also the release of required packages (according to Mageia's policy) * Mon Mar 31 2014 daviddavid <daviddavid> 1.11-2.mga5 + Revision: 610733 - fix missing cython stuff needed for libimobiledevice build * thanks for luigiwalser help * Sun Mar 30 2014 daviddavid <daviddavid> 1.11-1.mga5 + Revision: 610678 - remove swig python bindings from upstream - change build system to autotools from upstream - add autoreconf and configure for build - add BRs on libtool and gcc-c++ - minor cosmetic change - new major: 2 - new version: 1.11 * Sat Oct 19 2013 umeabot <umeabot> 1.10-2.mga4 + Revision: 528539 - Mageia 4 Mass Rebuild * Sun Jun 23 2013 luigiwalser <luigiwalser> 1.10-1.mga4 + Revision: 445870 - 1.10 - fix files list - clean spec * Sat Jan 12 2013 umeabot <umeabot> 1.8-2.mga3 + Revision: 357976 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Sun Mar 04 2012 fwang <fwang> 1.8-1.mga2 + Revision: 217813 - fix build - br cython - new version 1.8 - update url * Thu Sep 08 2011 tv <tv> 1.4-1.mga2 + Revision: 141180 - new release * Tue Jan 18 2011 pterjan <pterjan> 1.3-4.mga1 + Revision: 21795 - Rebuild for python 2.7 * Sat Jan 15 2011 blino <blino> 1.3-3.mga1 + Revision: 18979 - remove old ldconfig scriptlets - imported package libplist * Wed Apr 28 2010 Christophe Fergeau <cfergeau@mandriva.com> 1.3-2mdv2010.1 + Revision: 540035 - rebuild so that shared libraries are properly stripped again * Tue Apr 20 2010 Christophe Fergeau <cfergeau@mandriva.com> 1.3-1mdv2010.1 + Revision: 536948 - libplist 1.3 * Fri Feb 12 2010 Christophe Fergeau <cfergeau@mandriva.com> 1.2-1mdv2010.1 + Revision: 504510 - libplist 1.2 * Mon Jan 11 2010 Christophe Fergeau <cfergeau@mandriva.com> 1.1-4mdv2010.1 + Revision: 489608 - fix again Conflicts: between libplist++ and libplists++-devel * Tue Dec 29 2009 Christophe Fergeau <cfergeau@mandriva.com> 1.1-3mdv2010.1 + Revision: 483261 - fix library name in Conflicts: * Tue Dec 15 2009 Christophe Fergeau <cfergeau@mandriva.com> 1.1-2mdv2010.1 + Revision: 479034 - add Conflicts in libplist++-devel on older libplist++ since the latter used to ship the .so file * Tue Dec 15 2009 Christophe Fergeau <cfergeau@mandriva.com> 1.1-1mdv2010.1 + Revision: 478857 - libplist 1.1 * Mon Dec 07 2009 Christophe Fergeau <cfergeau@mandriva.com> 1.0-1mdv2010.1 + Revision: 474466 - libplist 1.0.0 * Fri Nov 06 2009 Colin Guthrie <cguthrie@mandriva.org> 0.16-1mdv2010.1 + Revision: 460535 - New version: 0.16 (work by teuf) * Thu Aug 06 2009 Christophe Fergeau <cfergeau@mandriva.com> 0.13-2mdv2010.0 + Revision: 410904 - fix name of python package * Thu Aug 06 2009 Christophe Fergeau <cfergeau@mandriva.com> 0.13-1mdv2010.0 + Revision: 410622 - fix rpm groups - import libplist * Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Mon May 11 2009 Peter Robinson <pbrobinson@gmail.com> 0.13-1 - New upstream 0.13 release * Mon May 11 2009 Peter Robinson <pbrobinson@gmail.com> 0.12-2 - Further review updates * Sun May 10 2009 Peter Robinson <pbrobinson@gmail.com> 0.12-1 - Update to official tarball release, some review fixes * Sun May 10 2009 Peter Robinson <pbrobinson@gmail.com> 0.12.0-0.1 - Initial package