import xmlrpc-c-1.51.0-8.el8

This commit is contained in:
CentOS Sources 2022-04-26 16:12:17 +00:00 committed by Stepan Oksanichenko
commit 3996a889f0
12 changed files with 2642 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/xmlrpc-c-1.51.0.tar.xz

1
.xmlrpc-c.metadata Normal file
View File

@ -0,0 +1 @@
784a3e74971f3b7d992d768c732daa891ffd2412 SOURCES/xmlrpc-c-1.51.0.tar.xz

View File

@ -0,0 +1,83 @@
From 78e995f9f2958fc54e2a559a52c81684dc3460cf Mon Sep 17 00:00:00 2001
From: giraffedata <giraffedata@98333e67-4a24-44d7-a75c-e53540dd3050>
Date: Sun, 21 Jan 2018 22:27:31 +0000
Subject: [PATCH] Remove trace statements accidentally committed with 2977
git-svn-id: https://svn.code.sf.net/p/xmlrpc-c/code/trunk@2981 98333e67-4a24-44d7-a75c-e53540dd3050
---
src/cpp/value.cpp | 8 --------
src/xmlrpc_string.c | 5 -----
2 files changed, 13 deletions(-)
diff --git a/src/cpp/value.cpp b/src/cpp/value.cpp
index e2c12372..b319430e 100644
--- a/src/cpp/value.cpp
+++ b/src/cpp/value.cpp
@@ -1,4 +1,3 @@
-#include <iostream>
/*****************************************************************************
value.cpp
******************************************************************************
@@ -622,13 +621,9 @@ public:
switch (nlCode) {
case value_string::nlCode_all:
- cerr << "Going to call xmlrpc_string_new_lp" << endl;
- cerr << "length = " << cppvalue.length() << ", value = "
- << cppvalue.c_str() << endl;
this->valueP = xmlrpc_string_new_lp(&env.env_c,
cppvalue.length(),
cppvalue.c_str());
- cerr << "Back from xmlrpc_string_new_lp" << endl;
break;
case value_string::nlCode_lf:
this->valueP = xmlrpc_string_new_lp_cr(&env.env_c,
@@ -661,12 +656,9 @@ value_string::value_string(std::string const& cppvalue,
value_string::value_string(std::string const& cppvalue) {
- cerr << "value_string constructor entered" << endl;
cNewStringWrapper wrapper(cppvalue, nlCode_all);
- cerr << "wrapper constructed" << endl;
this->instantiate(wrapper.valueP);
- cerr << "value_string constructor exiting" << endl;
}
diff --git a/src/xmlrpc_string.c b/src/xmlrpc_string.c
index 2da61e4e..e6e00716 100644
--- a/src/xmlrpc_string.c
+++ b/src/xmlrpc_string.c
@@ -1,4 +1,3 @@
-#include <stdio.h>
/*=============================================================================
xmlrpc_string
===============================================================================
@@ -746,15 +745,12 @@ stringNew(xmlrpc_env * const envP,
enum crTreatment const crTreatment,
xmlrpc_value ** const valPP) {
- fprintf(stderr, "stringNew entered\n");
xmlrpc_value * valP;
xmlrpc_validate_utf8(envP, value, length);
if (!envP->fault_occurred) {
- fprintf(stderr, "Going to xmlrpc_createXmlrpcValue\n");
xmlrpc_createXmlrpcValue(envP, &valP);
- fprintf(stderr, "Back from createXmlrpcValue\n");
if (!envP->fault_occurred) {
valP->_type = XMLRPC_TYPE_STRING;
@@ -774,7 +770,6 @@ stringNew(xmlrpc_env * const envP,
*valPP = valP;
}
}
- fprintf(stderr, "stringNew exiting\n");
}
--
2.17.0

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,34 @@
From d31c2ffbf5181053330fa32e4f03c47283bd1448 Mon Sep 17 00:00:00 2001
From: Igor Gnatenko <i.gnatenko.brain@gmail.com>
Date: Sat, 17 Dec 2016 10:28:31 +0100
Subject: [PATCH 1/3] xmlrpc_server_abyss: use va_args properly
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
../src/xmlrpc_server_abyss.c: In function createServer:
../src/xmlrpc_server_abyss.c:783:13: error: format not a string literal and no format arguments [-Werror=format-security]
xmlrpc_faultf(envP, error);
^~~~~~~~~~~~~
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
---
src/xmlrpc_server_abyss.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/xmlrpc_server_abyss.c b/src/xmlrpc_server_abyss.c
index 8aacb4b..58f5ba0 100644
--- a/src/xmlrpc_server_abyss.c
+++ b/src/xmlrpc_server_abyss.c
@@ -780,7 +780,7 @@ createServer(xmlrpc_env * const envP,
ServerInit2(abyssServerP, &error);
if (error) {
- xmlrpc_faultf(envP, error);
+ xmlrpc_faultf(envP, "%s", error);
xmlrpc_strfree(error);
}
}
--
2.13.1

View File

@ -0,0 +1,84 @@
From aca713786debd68c81a823c5989afb3de82da45b Mon Sep 17 00:00:00 2001
From: Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
Date: Sat, 5 Apr 2008 11:41:34 +0200
Subject: [PATCH 2/3] Use proper datatypes for 'long long'
xmlrpc-c uses 'long long' at some places (e.g. in printf
statements with PRId64) under the assumption that it has a
width of exactly 64 bits.
On 64 bit machines 'long long' has a width of 128 bit and
will cause overhead both in memory and cpu usage there. As
'long long' is used only to handle <i8> datatypes, the patch
uses a plain 64 integer type there.
It is arguable whether 'int_least64_t' (and 'int_least32_t')
would be a better choice for 'int64_t' (and 'int32_t'), but
for now, the patch uses datatypes with exact widths.
---
include/xmlrpc-c/base.h | 7 ++++---
lib/libutil/string_number.c | 1 +
src/cpp/param_list.cpp | 2 +-
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/include/xmlrpc-c/base.h b/include/xmlrpc-c/base.h
index e74e2c5..90f2c91 100644
--- a/include/xmlrpc-c/base.h
+++ b/include/xmlrpc-c/base.h
@@ -5,6 +5,7 @@
#include <stddef.h>
#include <stdarg.h>
+#include <stdint.h>
#include <time.h>
#include <xmlrpc-c/c_util.h> /* For XMLRPC_DLLEXPORT */
#include <xmlrpc-c/util.h>
@@ -73,9 +74,9 @@ xmlrpc_version(unsigned int * const majorP,
typedef signed int xmlrpc_int;
/* An integer of the type defined by XML-RPC <int>; i.e. 32 bit */
-typedef XMLRPC_INT32 xmlrpc_int32;
+typedef int32_t xmlrpc_int32;
/* An integer of the type defined by XML-RPC <i4>; i.e. 32 bit */
-typedef XMLRPC_INT64 xmlrpc_int64;
+typedef int64_t xmlrpc_int64;
/* An integer of the type defined by "XML-RPC" <i8>; i.e. 64 bit */
typedef int xmlrpc_bool;
/* A boolean (of the type defined by XML-RPC <boolean>, but there's
@@ -112,7 +113,7 @@ typedef int xmlrpc_socket;
#define XMLRPC_INT32_MAX 0x7fffffff
#define XMLRPC_INT32_MIN (-XMLRPC_INT32_MAX - 1)
-#define XMLRPC_INT64_MAX 0x7fffffffffffffffll
+#define XMLRPC_INT64_MAX ((xmlrpc_int64)0x7fffffffffffffffll)
#define XMLRPC_INT64_MIN (-XMLRPC_INT64_MAX - 1)
diff --git a/lib/libutil/string_number.c b/lib/libutil/string_number.c
index 1c284af..a7e78ad 100644
--- a/lib/libutil/string_number.c
+++ b/lib/libutil/string_number.c
@@ -6,6 +6,7 @@
============================================================================*/
#include <stdlib.h>
#include <string.h>
+#include <inttypes.h>
#include <errno.h>
#include <xmlrpc-c/base.h>
diff --git a/src/cpp/param_list.cpp b/src/cpp/param_list.cpp
index 1f7ae41..60f7df9 100644
--- a/src/cpp/param_list.cpp
+++ b/src/cpp/param_list.cpp
@@ -277,7 +277,7 @@ paramList::getI8(unsigned int const paramNumber,
throw(fault("Parameter that is supposed to be 64-bit integer is not",
fault::CODE_TYPE));
- long long const longlongvalue(static_cast<long long>(
+ xmlrpc_int64 const longlongvalue(static_cast<xmlrpc_int64>(
value_i8(this->paramVector[paramNumber])));
if (longlongvalue < minimum)
--
2.13.1

View File

@ -0,0 +1,16 @@
From d97ec6e652690a321d7ce8c81aa30f87d9c0de8f Mon Sep 17 00:00:00 2001
From: Igor Gnatenko <i.gnatenko.brain@gmail.com>
Date: Mon, 19 Dec 2016 21:33:47 +0100
Subject: [PATCH 2/2] chmod +x xml-rpc-api2txt
It's script which is installing into $bindir, so it must be executable.
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
---
tools/xml-rpc-api2txt/xml-rpc-api2txt | 0
1 file changed, 0 insertions(+), 0 deletions(-)
mode change 100644 => 100755 tools/xml-rpc-api2txt/xml-rpc-api2txt
diff --git a/tools/xml-rpc-api2txt/xml-rpc-api2txt b/tools/xml-rpc-api2txt/xml-rpc-api2txt
old mode 100644
new mode 100755

View File

@ -0,0 +1,27 @@
From 9bb040a9ae29e1b5afcb674c74f107114b316818 Mon Sep 17 00:00:00 2001
From: Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
Date: Thu, 29 Jul 2010 19:25:32 +0200
Subject: [PATCH 3/3] allow 30x redirections
---
lib/curl_transport/curltransaction.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/curl_transport/curltransaction.c b/lib/curl_transport/curltransaction.c
index f0aafae..b5392a9 100644
--- a/lib/curl_transport/curltransaction.c
+++ b/lib/curl_transport/curltransaction.c
@@ -671,6 +671,10 @@ setupCurlSession(xmlrpc_env * const envP,
curl_easy_setopt(curlSessionP, CURLOPT_POST, 1);
curl_easy_setopt(curlSessionP, CURLOPT_URL, transP->serverUrl);
+ curl_easy_setopt(curlSessionP, CURLOPT_FOLLOWLOCATION, 1);
+ curl_easy_setopt(curlSessionP, CURLOPT_MAXREDIRS, (long)10);
+ curl_easy_setopt(curlSessionP, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
+
XMLRPC_MEMBLOCK_APPEND(char, envP, transP->postDataP, "\0", 1);
if (!envP->fault_occurred) {
curl_easy_setopt(curlSessionP, CURLOPT_POSTFIELDS,
--
2.13.1

View File

@ -0,0 +1,89 @@
From 6aee99f381cc5bdfb6e514ac1e82f5e7b0fa7e2d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 25 Feb 2022 16:42:35 -0500
Subject: [PATCH 5/6] Add missing validation of encoding (CVE-2022-25235)
Backported from upstream https://github.com/libexpat/libexpat/pull/562
Resolves: #2058114
---
lib/expat/xmltok/xmltok.c | 21 +++++++++++++++------
lib/expat/xmltok/xmltok_impl.c | 8 ++++++--
2 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/lib/expat/xmltok/xmltok.c b/lib/expat/xmltok/xmltok.c
index 7b31fbb..3b0c950 100644
--- a/lib/expat/xmltok/xmltok.c
+++ b/lib/expat/xmltok/xmltok.c
@@ -61,12 +61,17 @@ We need 8 bits to index into pages, 3 bits to add to that index and
? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \
: 0))
+#define UTF8_INVALID2(p) \
+ ((*p) < 0xC2 || ((p)[1] & 0x80) == 0 || ((p)[1] & 0xC0) == 0xC0)
+
#define UTF8_INVALID3(p) \
- ((*p) == 0xED \
- ? (((p)[1] & 0x20) != 0) \
- : ((*p) == 0xEF \
- ? ((p)[1] == 0xBF && ((p)[2] == 0xBF || (p)[2] == 0xBE)) \
- : 0))
+ (((p)[2] & 0x80) == 0 \
+ || ((*p) == 0xEF && (p)[1] == 0xBF ? (p)[2] > 0xBD \
+ : ((p)[2] & 0xC0) == 0xC0) \
+ || ((*p) == 0xE0 \
+ ? (p)[1] < 0xA0 || ((p)[1] & 0xC0) == 0xC0 \
+ : ((p)[1] & 0x80) == 0 \
+ || ((*p) == 0xED ? (p)[1] > 0x9F : ((p)[1] & 0xC0) == 0xC0)))
#define UTF8_INVALID4(p) ((*p) == 0xF4 && ((p)[1] & 0x30) != 0)
@@ -104,7 +109,11 @@ int utf8_isNmstrt3(const ENCODING *enc ATTR_UNUSED, const char *p)
#define utf8_isNmstrt4 isNever
-#define utf8_isInvalid2 isNever
+static
+int utf8_isInvalid2(const ENCODING *enc ATTR_UNUSED, const char *p)
+{
+ return UTF8_INVALID2((const unsigned char *)p);
+}
static
int utf8_isInvalid3(const ENCODING *enc ATTR_UNUSED, const char *p)
diff --git a/lib/expat/xmltok/xmltok_impl.c b/lib/expat/xmltok/xmltok_impl.c
index d035527..bae79b9 100644
--- a/lib/expat/xmltok/xmltok_impl.c
+++ b/lib/expat/xmltok/xmltok_impl.c
@@ -43,7 +43,7 @@ See the file copying.txt for copying permission.
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
- if (!IS_NAME_CHAR(enc, ptr, n)) { \
+ if (IS_INVALID_CHAR(enc, ptr, n) || !IS_NAME_CHAR(enc, ptr, n)) { \
*nextTokPtr = ptr; \
return XML_TOK_INVALID; \
} \
@@ -71,7 +71,7 @@ See the file copying.txt for copying permission.
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
- if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
+ if (IS_INVALID_CHAR(enc, ptr, n) || !IS_NMSTRT_CHAR(enc, ptr, n)) { \
*nextTokPtr = ptr; \
return XML_TOK_INVALID; \
} \
@@ -1168,6 +1168,10 @@ int PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
case BT_LEAD ## n: \
if (end - ptr < n) \
return XML_TOK_PARTIAL_CHAR; \
+ if (IS_INVALID_CHAR(enc, ptr, n)) { \
+ *nextTokPtr = ptr; \
+ return XML_TOK_INVALID; \
+ } \
if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
ptr += n; \
tok = XML_TOK_NAME; \
--
2.31.1

View File

@ -0,0 +1,92 @@
From ce6eddc1a167dafaac17c7bad9fa6b013fada31b Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 25 Feb 2022 13:07:07 -0500
Subject: [PATCH 5/6] lib: Prevent more integer overflows (CVE-2022-22822 to
CVE-2022-22827)
Backport fixes from https://github.com/libexpat/libexpat/pull/539
Resolves: #2058567, #2058576, #2058282, #2058589, #2058595, #2058602
---
lib/expat/xmlparse/xmlparse.c | 40 +++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c
index 48adfb3..16ab82a 100644
--- a/lib/expat/xmlparse/xmlparse.c
+++ b/lib/expat/xmlparse/xmlparse.c
@@ -19,6 +19,7 @@ See the file copying.txt for copying permission.
#include <assert.h>
#include <limits.h> /* UINT_MAX */
#include <time.h> /* time() */
+#include <stdint.h>
#include "xmlrpc_config.h"
#include "c_util.h"
@@ -1076,6 +1077,9 @@ int addBinding(XML_Parser parser,
;
if (namespaceSeparator)
len++;
+ if (namespaceSeparator && (uri[len] == namespaceSeparator)) {
+ return XML_ERROR_SYNTAX;
+ }
if (freeBindingList) {
b = freeBindingList;
if (len > b->uriAlloc) {
@@ -2116,10 +2120,32 @@ storeAtts(XML_Parser const xmlParserP,
}
/* get the attributes from the tokenizer */
n = XmlGetAttributes(enc, attStr, attsSize, atts);
+
+
+ /* Detect and prevent integer overflow */
+ if (n > INT_MAX - nDefaultAtts) {
+ return XML_ERROR_NO_MEMORY;
+ }
+
if (n + nDefaultAtts > attsSize) {
int oldAttsSize = attsSize;
ATTRIBUTE *temp;
+ /* Detect and prevent integer overflow */
+ if ((nDefaultAtts > INT_MAX - INIT_ATTS_SIZE)
+ || (n > INT_MAX - (nDefaultAtts + INIT_ATTS_SIZE))) {
+ return XML_ERROR_NO_MEMORY;
+ }
attsSize = n + nDefaultAtts + INIT_ATTS_SIZE;
+ /* Detect and prevent integer overflow.
+ * The preprocessor guard addresses the "always false" warning
+ * from -Wtype-limits on platforms where
+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
+#if UINT_MAX >= SIZE_MAX
+ if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(ATTRIBUTE)) {
+ attsSize = oldAttsSize;
+ return XML_ERROR_NO_MEMORY;
+ }
+#endif
temp = realloc((void *)atts, attsSize * sizeof(ATTRIBUTE));
if (!temp)
return XML_ERROR_NO_MEMORY;
@@ -2297,6 +2323,20 @@ storeAtts(XML_Parser const xmlParserP,
n = i + binding->uriLen;
if (n > binding->uriAlloc) {
TAG *p;
+
+ /* Detect and prevent integer overflow */
+ if (n > INT_MAX - EXPAND_SPARE) {
+ return XML_ERROR_NO_MEMORY;
+ }
+ /* Detect and prevent integer overflow.
+ * The preprocessor guard addresses the "always false" warning
+ * from -Wtype-limits on platforms where
+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
+#if UINT_MAX >= SIZE_MAX
+ if ((unsigned)(n + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
+ return XML_ERROR_NO_MEMORY;
+ }
+#endif
XML_Char *uri = malloc((n + EXPAND_SPARE) * sizeof(XML_Char));
if (!uri)
return XML_ERROR_NO_MEMORY;
--
2.31.1

View File

@ -0,0 +1,32 @@
From 06d354807ac297374973631a6418edf7e3fcbf30 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 28 Feb 2022 10:43:23 -0500
Subject: [PATCH 6/6] Prevent integer overflow on m_groupSize in doProlog
(CVE-2021-46143)
Backported from upstream https://github.com/libexpat/libexpat/pull/538
Resolves: #2058560
---
lib/expat/xmlparse/xmlparse.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c
index 16ab82a..b9aa927 100644
--- a/lib/expat/xmlparse/xmlparse.c
+++ b/lib/expat/xmlparse/xmlparse.c
@@ -3991,6 +3991,11 @@ doProlog(XML_Parser const xmlParserP,
case XML_ROLE_GROUP_OPEN:
if (prologState.level >= groupSize) {
if (groupSize) {
+ /* Detect and prevent integer overflow */
+ if (groupSize > (unsigned int)(-1) / 2u) {
+ *errorCodeP = XML_ERROR_NO_MEMORY;
+ return;
+ }
char *temp = realloc(groupConnector, groupSize *= 2);
if (!temp) {
*errorCodeP = XML_ERROR_NO_MEMORY;
--
2.31.1

515
SPECS/xmlrpc-c.spec Normal file
View File

@ -0,0 +1,515 @@
%global advanced_branch 1
# Upstream libxml2 backend is completely broken since 2015
# https://sourceforge.net/p/xmlrpc-c/patches/49/
%bcond_with libxml2
Name: xmlrpc-c
Version: 1.51.0
Release: 8%{?dist}
Summary: Lightweight RPC library based on XML and HTTP
# See doc/COPYING for details.
# The Python 1.5.2 license used by a few files is just BSD.
License: BSD and MIT
URL: http://xmlrpc-c.sourceforge.net/
%{!?advanced_branch:Source0: http://dl.sourceforge.net/sourceforge/xmlrpc-c/xmlrpc-%version.tgz}
# generated by 'make svn-sources [SVN_VER=%version SVN_REV=%svnrev]'. Unfortunately,
# upstream does not tag versions so we must fetch from the branch and
# check which version was used for it
%{?advanced_branch:Source0: xmlrpc-c-%version.tar.xz}
# Upstreamable patches
Patch101: 0001-xmlrpc_server_abyss-use-va_args-properly.patch
Patch102: 0002-Use-proper-datatypes-for-long-long.patch
Patch103: 0003-allow-30x-redirections.patch
#Patch104: xmlrpc-c-printf-size_t.patch
#Patch105: xmlrpc-c-check-vasprintf-return-value.patch
Patch104: 0004-Add-missing-validation-of-encoding-CVE-2022-25235.patch
Patch105: 0005-lib-Prevent-more-integer-overflows-CVE-2022-22822-to.patch
Patch106: 0006-Prevent-integer-overflow-on-m_groupSize-in-doProlog-.patch
# Backported patches
# https://sourceforge.net/p/xmlrpc-c/code/2981/
# Fixes RHBZ #1541868
Patch201: 0001-Remove-trace-statements-accidentally-committed-with-.patch
# Meson buildsystem, see https://blogs.gnome.org/ignatenko/2016/12/17/meson-%E2%99%A5-xmlrpc-c/
Patch1001: 0001-add-meson-buildsystem-definitions.patch
Patch1002: 0002-chmod-x-xml-rpc-api2txt.patch
BuildRequires: git-core
BuildRequires: meson >= 0.36.0
BuildRequires: gcc
BuildRequires: gcc-c++
%if %{with libxml2}
BuildRequires: pkgconfig(libxml-2.0)
%else
# upstream has its own fork of expat
Provides: bundled(expat)
%endif
BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(libcurl)
BuildRequires: readline-devel
BuildRequires: ncurses-devel
%package c++
Summary: C++ libraries for xmlrpc-c
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
%package client
Summary: C client libraries for xmlrpc-c
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
%package client++
Summary: C++ client libraries for xmlrpc-c
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name}-c++%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name}-client%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
%package devel
Summary: Development files for xmlrpc-c based programs
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name}-c++%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name}-client%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name}-client++%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
%package apps
Summary: Sample XML-RPC applications
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name}-c++%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name}-client%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name}-client++%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
%description
XML-RPC is a quick-and-easy way to make procedure calls over the
Internet. It converts the procedure call into XML document, sends it
to a remote server using HTTP, and gets back the response as XML.
This library provides a modular implementation of XML-RPC for C.
%description c++
XML-RPC is a quick-and-easy way to make procedure calls over the
Internet. It converts the procedure call into XML document, sends it
to a remote server using HTTP, and gets back the response as XML.
This library provides a modular implementation of XML-RPC for C++.
%description client
XML-RPC is a quick-and-easy way to make procedure calls over the
Internet. It converts the procedure call into XML document, sends it
to a remote server using HTTP, and gets back the response as XML.
This library provides a modular implementation of XML-RPC for C
clients.
%description client++
XML-RPC is a quick-and-easy way to make procedure calls over the
Internet. It converts the procedure call into XML document, sends it
to a remote server using HTTP, and gets back the response as XML.
This library provides a modular implementation of XML-RPC for C++
clients.
%description devel
Static libraries and header files for writing XML-RPC applications in
C and C++.
%description apps
XML-RPC is a quick-and-easy way to make procedure calls over the
Internet. It converts the procedure call into XML document, sends it
to a remote server using HTTP, and gets back the response as XML.
This package contains some handy XML-RPC demo applications.
%prep
%autosetup -Sgit
%build
%meson %{?with_libxml2:-Dlibxml2-backend=true}
%meson_build
%install
%meson_install
%ldconfig_scriptlets
%ldconfig_scriptlets client
%ldconfig_scriptlets c++
%ldconfig_scriptlets client++
%files
%license doc/COPYING lib/abyss/license.txt
%doc doc/CREDITS doc/HISTORY
%if ! %{with libxml2}
%{_libdir}/libxmlrpc_xml*.so.*
%endif
%{_libdir}/libxmlrpc_openssl.so.*
%{_libdir}/libxmlrpc.so.*
%{_libdir}/libxmlrpc_util.so.*
%{_libdir}/libxmlrpc_abyss.so.*
%{_libdir}/libxmlrpc_server.so.*
%{_libdir}/libxmlrpc_server_abyss.so.*
%{_libdir}/libxmlrpc_server_cgi.so.*
%files client
%{_libdir}/libxmlrpc_client.so.*
%files c++
%{_libdir}/libxmlrpc_cpp.so.*
%{_libdir}/libxmlrpc++.so.*
%{_libdir}/libxmlrpc_util++.so.*
%{_libdir}/libxmlrpc_abyss++.so.*
%{_libdir}/libxmlrpc_server++.so.*
%{_libdir}/libxmlrpc_server_abyss++.so.*
%{_libdir}/libxmlrpc_server_cgi++.so.*
%{_libdir}/libxmlrpc_packetsocket.so.*
%{_libdir}/libxmlrpc_server_pstream++.so.*
%files client++
%{_libdir}/libxmlrpc_client++.so.*
%files devel
%{_bindir}/xmlrpc-c-config
%{_includedir}/xmlrpc-c/
%{_includedir}/*.h
%{_libdir}/pkgconfig/xmlrpc*.pc
%{_libdir}/libxmlrpc*.so
%files apps
%{_bindir}/xmlrpc_parsecall
%{_bindir}/xmlrpc
%{_bindir}/xmlrpc_transport
%doc tools/xmlrpc_transport/xmlrpc_transport.html
%{_bindir}/xml-rpc-api2cpp
%{_mandir}/man1/xml-rpc-api2cpp.1*
%{_bindir}/xml-rpc-api2txt
%{_mandir}/man1/xml-rpc-api2txt.1*
%{_bindir}/xmlrpc_cpp_proxy
%{_bindir}/xmlrpc_pstream
%{_bindir}/xmlrpc_dumpserver
%changelog
* Thu Apr 14 2022 Rob Crittenden <rcritten@redhat.com> - 1.51.0-8
- Address some Coverity issues in the patch set
* Tue Apr 05 2022 Rob Crittenden <rcritten@redhat.com> - 1.51.0-7
- lib: Prevent more integer overflows (CVE-2022-22822 to CVE-2022-22827)
(#2058567, #2058576, #2058582, #2058589, #2058595, #2058602)
- Prevent integer overflow on m_groupSize in doProlog
(CVE-2021-46143) (#2058560)
* Thu Mar 03 2022 Rob Crittenden <rcritten@redhat.com> - 1.51.0-6
- Add missing validation of encoding (CVE-2022-25235) (#2070481)
* Thu Apr 19 2018 Adam Williamson <awilliam@redhat.com> - 1.51.0-5
- Backport upstream fix for console spam with debug messages (#1541868)
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.51.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 31 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.51.0-3
- Switch to %%ldconfig_scriptlets
* Wed Jan 17 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.51.0-2
- BuildRequire openssl by pkgconfig()
* Mon Jan 01 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.51.0-1
- Update to 1.51.0
* Sun Oct 01 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.49.02-2
- Fix Requires.private in xmlrpc_server++.pc
* Fri Sep 29 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.49.02-1
- Update to 1.49.02
* Fri Sep 29 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.48.0-8
- Add xmlrpc_client++.pc
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.48.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.48.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Jun 30 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.48.0-5
- Fix underlinking issue causing FTBFS
* Mon Mar 13 2017 Peter Robinson <pbrobinson@fedoraproject.org> 1.48.0-4
- Build with openssl 1.1
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.48.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Sat Jan 21 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.48.0-2
- Apply patches via git to preserve permissions
* Sun Dec 18 2016 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 1.48.0-1
- Update to 1.48.0
* Tue Feb 16 2016 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.32.5-1909.svn2451
- Add patch for conversion from int to usnigned char
- Resolves: rhbz#1308254
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.32.5-1909.svn2451
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.32.5-1908.svn2451
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 1.32.5-1907.svn2451
- Rebuilt for GCC 5 C++11 ABI change
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.32.5-1906.svn2451
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.32.5-1905.svn2451
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Mar 28 2014 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.32.5-1904.svn2451
- Add patch to silence format-security compiler warning
- Resolves: rhbz#1037399
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.32.5-1903.svn2451
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Apr 25 2013 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.32.5-1902.svn2451
- Add missing inter-package dependencies
- Rename fedora directory to build
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.32.5-1901.svn2451
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sun Dec 9 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.32.5-1900.svn2451
- updated to 1.32.5
* Sun Oct 21 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.32.2-1900.svn2434
- updated to 1.32.2
* Sat Oct 6 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.32.1-1900.svn2413
- updated to 1.32.1
* Sun Aug 26 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.31.4-1900.svn2386
- updated to 1.31.4
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.31.0-1801.svn2365
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sun Jul 1 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.31.0-1800.svn2365
- updated to 1.31.0
* Wed Jun 6 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.30.6-1800.svn2328
- updated to 1.30.6
* Sat May 26 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.30.5-1800.svn2324
- updated to 1.30.5 (IPv6 server fixes)
* Sat May 12 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.30.4-1800.svn2318
- updated to 1.30.4
* Thu Apr 5 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.30.1-1800.svn2298
- updated to 1.30.1
* Tue Feb 28 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.29.0-1701.svn2233
- Rebuilt for c++ ABI breakage
* Wed Jan 4 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.29.0-1700.svn2233
- updated to 1.29.0
* Mon Oct 3 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.28.1-1700.svn2203
- updated to 1.28.1
* Mon Oct 3 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.27.5-1701.svn2185
- fixed error handling when transfering too large files (#741980)
* Sat Aug 27 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.27.5-1700.svn2185
- updated to 1.27.5
* Sun Aug 7 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.27.4-1700.svn2171
- updated to 1.27.4
* Sun Aug 7 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.27.3-1700.svn2145
- updated to 1.27.3
* Mon Jun 27 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.27.0-1600.svn2145
- updated to 1.27.0
- made it build with recent curl
* Mon Jun 13 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.26.3-1600.svn2134
- updated to 1.26.3
- removed default-constructor patch; issue is solved upstream
* Sat Apr 2 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.26.0-1600.svn2188
- updated to 1.26.0
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.25.1-1501.svn2077
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Jan 6 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.25.1-1500.svn2077
- updated to 1.25.1
* Thu Dec 30 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.25.0-1500.svn2074
- updated to 1.25.0
* Sun Nov 7 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.24.4-1500.svn2042
- updated to 1.24.4
* Sat Oct 9 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.24.1-1500.svn1987
- updated to 1.24.1
- set -Wno-uninitialized CFLAGS; code contains lot of constructs
triggering this warning and the 'int a=a' defeaters have been
removed in this version
* Fri Aug 27 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.23.02-1500.svn1968
- updated to 1.23.02 (note: this breaks C++ ABI)
- added vasprintf patch
* Thu Jul 29 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.23.01-1400.svn1958
- updated to 1.23.01
- added patch to make curl follow HTTP POST 301 redirects (#618504)
* Sun Apr 18 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.22.01-1400.svn1907
- updated to 1.22.01 (svn 1907)
* Tue Feb 23 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.21.00-1401.1851
- require the various subpackages explicitly for -devel; the ld linker
scripts broke rpm's autodetection (#567400)
- removed -devel Requires: which are covered by pkgconfig autodeps
- added %%{?_isa} annotations
* Sun Feb 21 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.21.00-1400.1851
- made linker scripts more 'ldconfig' friendly
* Mon Feb 15 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.21.00-1301.1851
- replaced .so symlinks by linker scripts which add all implicit
dependencies in AS_NEEDED() commands (#564607, #565577)
* Thu Jan 14 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.21.00-1300.1851
- updated to 1.21.00 (rev 1851)
- removed curl-trace patch as applied upstream
- rediffed patches
* Sat Nov 21 2009 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.20.3-1.1841
- updated to rev1841
- rediffed patches
- added patch to fix handling of wrong certificates (Nikola Pajkovsky)
- added support for $XMLRPC_TRACE_CURL env (John Dennis)
* Mon Jul 27 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.16.6-3.1582
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.16.6-2.1582
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Dec 11 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.16.6-1.1582
- updated to 1.16.6; rediffed patches
- fixed client headers (bug #475887)
* Sat Nov 15 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.16.4.1567-2
- updated to 1.16.4
- rediffed/updated patches
- splitted some subpackages (c++, client) out of main package as they
introduce additional dependencies (c++, curl)
* Sat Sep 6 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.14.8-2
- fix license tag
* Sat Jun 21 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.14.8-1
- updated to 1.14.8
* Sun May 25 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.14.6-1
- updated to 1.14.6
* Sat Apr 12 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.14.2-1
- updated to 1.14.2
- rediffed patches
- added patch to fix broken usage of 'long long' datatype
* Mon Mar 17 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.13.8-2
- fixed cmake quoting so that pkgconfig files get correct version number
- fixed handling of 'server-util' and '--cflags' within xmlrpc-c-config
* Sun Mar 16 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.13.8-1
- updated to 1.13.8
- removed some patches which were applied upstream
* Tue Feb 26 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.13.07-2
- moved to advanced branched; rediffed/updated existing cmake patch
and fixed other compilation issues (#369841)
* Mon Feb 18 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.06.23-2
- Autorebuild for GCC 4.3
* Wed Jan 2 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.06.23-1
- use correct pkg-config script for 'xmlrpc-config abyss-server'
output (#355411)
- updated to 1.06.23 (#355411)
* Tue Sep 4 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.06.18-1
- updated to 1.06.18
* Thu Aug 16 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.06.17-1
- updated to 1.06.17
* Sun Jul 22 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.06.16-1
- updated to 1.06.16
* Thu Jun 14 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.06.14-1
- updated to 1.06.14
* Sun Apr 1 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.06.11-2
- rediffed cmake patch against current version
- made the xmlrpc-c-config compatible to the upstream version
- added compatibility symlinks for some header files (thx to Robert de
Vries for reporting these two issues)
* Sat Mar 17 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.06.11-1
- updated to 1.06.11
* Sat Feb 3 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.06.09-1
- updated to 1.06.09
- removed -typo patch since applied upstream
* Mon Nov 6 2006 Jindrich Novy <jnovy@redhat.com> - 1.06.05-3
- rebuild against the new curl
* Mon Oct 2 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.06.05-2
- updated cmake patch
- strip installed libraries
* Wed Sep 20 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.06.05-1
- updated to 1.06.05
- merged + updated patches
* Sat Sep 16 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.06.04-1
- updated to 1.06.04
- patched the broken buildsystem
- disabled libwww backend explicitely
* Sun Jun 4 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.05-1
- updated to 1.05
- updated patches
* Sat Feb 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.04-2
- rebuilt for FC5
* Sun Dec 18 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.04-1
- added libxml2-devel and openssl-devel Requires: for the -devel
subpackage
- ship doc/* instead of doc
- initial Fedora Extras package (review 175840)
* Thu Dec 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.04-0.1
- disabled w3c-libwww because it does not exist anymore in FC5 and
seems to be unmaintained upstream
- added missing libxml2-devel
- cleaned up list of %%doc files
- fixed gcc4.1 build issues
- removed static libraries when there exists a corresponding dynamic one
* Tue Aug 2 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 1.03.02-1
- Initial build.