%define major 3
%define libname %mklibname plist %{major}
%define libnamedev %mklibname plist -d
%define libnamecxx %mklibname plist++ %{major}
%define libnamecxxdev %mklibname plist++ -d
Name: libplist
Version: 1.12
Release: %mkrel 1
Summary: Library for manipulating Apple Binary and XML Property Lists
Group: System/Libraries
License: LGPLv2+
URL: http://www.libimobiledevice.org/
Source0: http://www.libimobiledevice.org/downloads/%{name}-%{version}.tar.bz2
Patch1: 0001-Fix-possible-crash-in-plist_from_bin-caused-by-access-to-already-freed-memory.patch
Patch2: 0002-Plug-memory-leaks-caused-by-unused-and-unfreed-buffer.patch
Patch3: 0003-Refactor-binary-plist-parsing-in-a-recursive-way.patch
Patch4: 0004-Make-sure-to-compare-the-node-sizes-for-integer-nodes.patch
Patch5: 0005-Change-internal-storage-of-PLIST_DATE-values-from-struct-timeval-to-double.patch
Patch6: 0006-Fix-possible-out-of-bounds-read-in-parse_dict_node-with-proper-bounds-checking.patch
Patch7: 0007-Fix-possible-out-of-bounds-reads-in-parse_bin_node.patch
Patch8: 0008-Make-sure-the-index-in-parse_bin_node_at_index-is-actually-within-the-offset-table.patch
Patch9: 0009-Prevent-out-of-bounds-read-in-plist_from_bin-when-parsing-offset_table.patch
Patch10: 0010-Make-sure-to-error-out-if-allocation-of-used_indexes-buffer-in-plist_from_bin-fails.patch
Patch11: 0011-Disallow-key-nodes-with-non-string-node-types.patch
Patch12: 0012-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch
Patch13: 0013-Improve-UINT_TO_HOST-macro-remove-uint24_from_be-function.patch
Patch14: 0014-Check-for-invalid-offset_size-in-bplist-trailer.patch
Patch15: 0015-Use-proper-struct-for-binary-plist-trailer.patch
Patch16: 0016-Mass-rename-dict_size-and-param_dict_size-to-more-appropiate-ref_size.patch
Patch17: 0017-Fix-possible-out-of-bounds-read-in-parse_array_node-with-proper-bounds-checking.patch
Patch18: 0018-Avoid-heap-buffer-allocation-when-parsing-array-dict-string-data-node-sizes-14.patch
Patch19: 0019-Unify-size-node-parsing-for-data-string-array-dict-nodes.patch
Patch20: 0020-Prevent-OOB-read-when-parsing-data-string-array-dict-size-nodes.patch
Patch21: 0021-Fix-OOB-write-on-heap-buffer-and-improve-recursion-check.patch
Patch22: 0022-Make-sure-node-index-is-smaller-than-number-of-objects.patch
Patch23: 0023-Make-sure-the-offset-table-is-in-the-correct-range.patch
Patch24: 0024-Plug-memory-leak-in-case-parsing-a-dictionary-key-fails.patch
Patch26: 0026-bplist-Improve-real-date-node-de-serialization.patch
Patch27: 0027-bplist-Improve-parsing-unicode-nodes.patch
# PATCH-FIX-UPSTREAM 0029-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch boo#1029639 alarrosa@suse.com -- make sure to bail out if malloc fails in parse_string_node (CVE-2017-6435).
Patch29: 0029-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch
Patch30: 0030-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch
Patch31: 0031-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch
Patch32: 0032-bplist-Properly-handle-some-more-malloc-failure-situ.patch
Patch33: 0033-plist-Fix-assert-to-allow-16-or-8-byte-integer-sizes.patch
Patch34: C0001-Plug-memory-leak-when-converting-PLIST_UID-nodes-to-XML.patch
Patch35: C0002-Improve-writing-of-array-and-dictionary-nodes.patch
Patch36: C0003-Improve-writing-of-integer-nodes.patch
Patch37: C0004-Fix-UID-node-parsing-to-match-Apples-parser.patch
Patch38: C0005-Improve-writing-of-UID-nodes.patch
Patch39: C0006-Improve-writing-of-data-string-and-unicode-nodes.patch
Patch40: C0007-Improve-writing-of-offset-table.patch
#PATCH-FIX-UPSTREAM Nikias Bassen <nikias@gmx.li> CVE-2017-5209
#rework base64decode to handle split encoded data
Patch101: B0005-base64-Prevent-buffer-overflow-by-not-decoding-blocks-with-less-than-4-chrs.patch
Patch102: B0006-Prevent-use-strlen-in-base64decode-when-input-buffer-size-is-known.patch
Patch103: B0007-base64-Rework-base64decode-to-handle-split-encoded-data.patch
# PATCH-FIX-UPSTREAM libplist-boo1035312-overflow-fixes.patch boo#1035312 mgorse@suse.com -- add some overflow checks (boo#1035312 CVE-2017-7982).
Patch110: libplist-boo1035312-overflow-fixes.patch
# PATCH-FIX-UPSTREAM libplist-boo1029631-32bit.patch boo#1029631 boo#1029638 boo#1029706 boo#1029751 mgorse@suse.com -- make sure sanity checks work on 32-bit platforms, and fix range checks (CVE-2017-6440 CVE-2017-6439 CVE-2017-6438 CVE-2017-6436).
Patch111: libplist-boo1029631-32bit.patch
# PATCh-FIX-UPSTREAM libplist-boo1029707-base64-invalid-read.patch boo#1029707 mgorse@suse.com -- prevent undefined shift when parsing invalid base64 encoded data (CVE-2017-6437).
Patch112: libplist-boo1029707-base64-invalid-read.patch
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: gcc-c++
BuildRequires: libtool
%description
libplist is a library for manipulating Apple Binary and XML Property Lists
#----------------------------------------------------------------------------
%package -n %{libname}
Summary: Library for manipulating Apple Binary and XML Property Lists
Group: System/Libraries
Requires: %{name} >= %{version}-%{release}
%description -n %{libname}
libplist is a library for manipulating Apple Binary and XML Property Lists
#----------------------------------------------------------------------------
%package -n %{libnamedev}
Summary: Development package for libplist
Group: Development/C
Requires: %{libname} = %{version}-%{release}
Provides: %{name}-devel = %{version}-%{release}
%description -n %{libnamedev}
%{name}, development headers and libraries.
#----------------------------------------------------------------------------
%package -n %{libnamecxx}
Summary: C++ binding for libplist
Group: Development/C++
Requires: %{name} >= %{version}-%{release}
%description -n %{libnamecxx}
C++ bindings for %{name}
#----------------------------------------------------------------------------
%package -n %{libnamecxxdev}
Summary: Development package for libplist++
Group: Development/C++
Requires: %{libnamecxx} = %{version}-%{release}
Provides: %{name}++-devel = %{version}-%{release}
Conflicts: %{mklibname plist++ 0} < 1.0
%description -n %{libnamecxxdev}
%{name}, C++ development headers and libraries.
#----------------------------------------------------------------------------
%package -n python-plist
Summary: Python package for libplist
Group: Development/Python
BuildRequires: python-cython
BuildRequires: python-devel
Requires: python
%description -n python-plist
%{name}, python libraries and support
#----------------------------------------------------------------------------
%prep
%setup -q
%apply_patches
%build
autoreconf -vfi
%configure2_5x \
--disable-static
make
%install
%makeinstall_std
# daviddavid (workaround since new 1.11 version)
# FIXME This file is not automatically installed by upstream source while it is built.
mkdir -p %{buildroot}%{_includedir}/plist/cython
install -m 0644 cython/plist.pxd %{buildroot}%{_includedir}/plist/cython/
# we don't want these
find %{buildroot} -name '*.la' -delete
%files
%doc AUTHORS COPYING.LESSER README
%{_bindir}/plistutil
%files -n %{libname}
%{_libdir}/%{name}.so.%{major}
%{_libdir}/%{name}.so.%{major}.*
%files -n %{libnamedev}
%dir %{_includedir}/plist
%{_includedir}/plist/*.h
%{_includedir}/plist/cython/
%{_libdir}/pkgconfig/%{name}.pc
%{_libdir}/%{name}.so
%files -n %{libnamecxx}
%{_libdir}/%{name}++.so.%{major}
%{_libdir}/%{name}++.so.%{major}.*
%files -n %{libnamecxxdev}
%{_libdir}/pkgconfig/%{name}++.pc
%{_libdir}/%{name}++.so
%files -n python-plist
%{python_sitearch}/plist.so
%changelog
* Fri Dec 29 2017 luigiwalser <luigiwalser> 1.12-1.mga5
+ Revision: 1186922
- 1.12
- library major is now 3
- add patches from opensuse to fix several security issues (mga#20232)
* Wed Oct 15 2014 umeabot <umeabot> 1.11-7.mga5
+ Revision: 745015
- Second Mageia 5 Mass Rebuild
* Sat Sep 27 2014 tv <tv> 1.11-6.mga5
+ Revision: 726830
- rebuild for missing pythoneggs deps
* Tue Sep 16 2014 umeabot <umeabot> 1.11-5.mga5
+ Revision: 681711
- Mageia 5 Mass Rebuild
* Mon Mar 31 2014 daviddavid <daviddavid> 1.11-4.mga5
+ Revision: 610951
- use correct specification for required main pkg on library
- drop obsolete macro on %%py_requires -d
* Mon Mar 31 2014 daviddavid <daviddavid> 1.11-3.mga5
+ Revision: 610827
- add a comment for the fix of cython stuff
- prefer use pkgconfig on BR
- specify also the release of required packages (according to Mageia's policy)
* Mon Mar 31 2014 daviddavid <daviddavid> 1.11-2.mga5
+ Revision: 610733
- fix missing cython stuff needed for libimobiledevice build
* thanks for luigiwalser help
* Sun Mar 30 2014 daviddavid <daviddavid> 1.11-1.mga5
+ Revision: 610678
- remove swig python bindings from upstream
- change build system to autotools from upstream
- add autoreconf and configure for build
- add BRs on libtool and gcc-c++
- minor cosmetic change
- new major: 2
- new version: 1.11
* Sat Oct 19 2013 umeabot <umeabot> 1.10-2.mga4
+ Revision: 528539
- Mageia 4 Mass Rebuild
* Sun Jun 23 2013 luigiwalser <luigiwalser> 1.10-1.mga4
+ Revision: 445870
- 1.10
- fix files list
- clean spec
* Sat Jan 12 2013 umeabot <umeabot> 1.8-2.mga3
+ Revision: 357976
- Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild
* Sun Mar 04 2012 fwang <fwang> 1.8-1.mga2
+ Revision: 217813
- fix build
- br cython
- new version 1.8
- update url
* Thu Sep 08 2011 tv <tv> 1.4-1.mga2
+ Revision: 141180
- new release
* Tue Jan 18 2011 pterjan <pterjan> 1.3-4.mga1
+ Revision: 21795
- Rebuild for python 2.7
* Sat Jan 15 2011 blino <blino> 1.3-3.mga1
+ Revision: 18979
- remove old ldconfig scriptlets
- imported package libplist
* Wed Apr 28 2010 Christophe Fergeau <cfergeau@mandriva.com> 1.3-2mdv2010.1
+ Revision: 540035
- rebuild so that shared libraries are properly stripped again
* Tue Apr 20 2010 Christophe Fergeau <cfergeau@mandriva.com> 1.3-1mdv2010.1
+ Revision: 536948
- libplist 1.3
* Fri Feb 12 2010 Christophe Fergeau <cfergeau@mandriva.com> 1.2-1mdv2010.1
+ Revision: 504510
- libplist 1.2
* Mon Jan 11 2010 Christophe Fergeau <cfergeau@mandriva.com> 1.1-4mdv2010.1
+ Revision: 489608
- fix again Conflicts: between libplist++ and libplists++-devel
* Tue Dec 29 2009 Christophe Fergeau <cfergeau@mandriva.com> 1.1-3mdv2010.1
+ Revision: 483261
- fix library name in Conflicts:
* Tue Dec 15 2009 Christophe Fergeau <cfergeau@mandriva.com> 1.1-2mdv2010.1
+ Revision: 479034
- add Conflicts in libplist++-devel on older libplist++ since the latter used to ship the .so file
* Tue Dec 15 2009 Christophe Fergeau <cfergeau@mandriva.com> 1.1-1mdv2010.1
+ Revision: 478857
- libplist 1.1
* Mon Dec 07 2009 Christophe Fergeau <cfergeau@mandriva.com> 1.0-1mdv2010.1
+ Revision: 474466
- libplist 1.0.0
* Fri Nov 06 2009 Colin Guthrie <cguthrie@mandriva.org> 0.16-1mdv2010.1
+ Revision: 460535
- New version: 0.16 (work by teuf)
* Thu Aug 06 2009 Christophe Fergeau <cfergeau@mandriva.com> 0.13-2mdv2010.0
+ Revision: 410904
- fix name of python package
* Thu Aug 06 2009 Christophe Fergeau <cfergeau@mandriva.com> 0.13-1mdv2010.0
+ Revision: 410622
- fix rpm groups
- import libplist
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Mon May 11 2009 Peter Robinson <pbrobinson@gmail.com> 0.13-1
- New upstream 0.13 release
* Mon May 11 2009 Peter Robinson <pbrobinson@gmail.com> 0.12-2
- Further review updates
* Sun May 10 2009 Peter Robinson <pbrobinson@gmail.com> 0.12-1
- Update to official tarball release, some review fixes
* Sun May 10 2009 Peter Robinson <pbrobinson@gmail.com> 0.12.0-0.1
- Initial package
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
fde688f3069f2918988ce2c95b33f20b
>
files
>
46
