!41 [sync] PR-36: Use __cxx marco to support Clang

From: @openeuler-sync-bot 
Reviewed-by: @jianminw 
Signed-off-by: @jianminw

2-fix-devel-package-error.patch

@@ -0,0 +1,14 @@
+diff -Naur tinyxml/tinyxml.h tinyxml_new/tinyxml.h
+--- tinyxml/tinyxml.h	2011-05-15 10:24:57.000000000 +0800
++++ tinyxml_new/tinyxml.h	2023-04-27 20:10:36.533804686 +0800
+@@ -26,6 +26,10 @@
+ #ifndef TINYXML_INCLUDED
+ #define TINYXML_INCLUDED
+ 
++#ifndef TIXML_USE_STL
++#define TIXML_USE_STL
++#endif
++
+ #ifdef _MSC_VER
+ #pragma warning( push )
+ #pragma warning( disable : 4530 )

CVE-2021-42260.patch

@@ -0,0 +1,32 @@
+From f7ca0035d17a663f55668e662b840afce7b86112 Mon Sep 17 00:00:00 2001
+From: Christian Voegl <cvoegl@suse.com>
+Date: Wed, 27 Oct 2021 11:25:18 +0200
+Subject: [PATCH] In stamp always advance the pointer if *p= 0xef
+
+The current implementation only advanced if 0xef is followed
+by two non-zero bytes. In case of malformed input (0xef should be
+the start byte of a three byte character) this leads to an infinite
+loop. (CVE-2021-42260)
+---
+ tinyxmlparser.cpp | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp
+index 81b7eae..8aa0dfa 100755
+--- a/tinyxmlparser.cpp
++++ b/tinyxmlparser.cpp
+@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding )
+ 						else
+ 							{ p +=3; ++col; }	// A normal character.
+ 					}
++					else
++					{
++						// TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so
++						// there is something wrong here. Just advance the pointer to evade infinite loops
++						++p;
++					}
+ 				}
+ 				else
+ 				{
+--
+2.33.0

CVE-2023-34194.patch

@@ -0,0 +1,28 @@
+From: Guilhem Moulin <guilhem@debian.org>
+Date: Sat, 30 Dec 2023 14:15:54 +0100
+Subject: Avoid reachable assertion via crafted XML document with a '\0'
+ located after whitespace
+
+Bug: https://www.forescout.com/resources/sierra21-vulnerabilities
+Bug-Debian: https://bugs.debian.org/1059315
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-34194
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-40462
+---
+ tinyxmlparser.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp
+index 8aa0dfa..1601962 100644
+--- a/tinyxmlparser.cpp
++++ b/tinyxmlparser.cpp
+@@ -1606,6 +1606,10 @@ const char* TiXmlDeclaration::Parse( const char* p, TiXmlParsingData* data, TiXm
+ 		}
+ 
+ 		p = SkipWhiteSpace( p, _encoding );
++		if ( !p || !*p )
++		{
++			break;
++		}
+ 		if ( StringEqual( p, "version", true, _encoding ) )
+ 		{
+ 			TiXmlAttribute attrib;

tinyxml.spec

@@ -1,10 +1,13 @@
 Name:           tinyxml
 Version:        2.6.2
-Release:        20
+Release:        25
 Summary:        C++ XML parser
 License:        zlib
 URL:            http://www.grinninglizard.com/tinyxml/
 Source0:        http://downloads.sourceforge.net/tinyxml/tinyxml_2_6_2.tar.gz
+Patch0001:      CVE-2021-42260.patch
+Patch0002:      2-fix-devel-package-error.patch
+Patch0003:      CVE-2023-34194.patch
 BuildRequires:  gcc-c++
 
 %description
@@ -23,15 +26,15 @@ The devel package contains development files for tinyxml.
 It provides header files and libraries for tinyxml.
 
 %prep
-%autosetup -n tinyxml
+%autosetup -p1 -n tinyxml
 touch tinyxml.h
 
 %build
-g++ $RPM_OPT_FLAGS -fPIC -o tinyxml.cpp.o -c tinyxml.cpp
+%{__cxx} $RPM_OPT_FLAGS -fPIC -o tinyxml.cpp.o -c tinyxml.cpp
-g++ $RPM_OPT_FLAGS -fPIC -o tinystr.cpp.o -c tinystr.cpp
+%{__cxx} $RPM_OPT_FLAGS -fPIC -o tinystr.cpp.o -c tinystr.cpp
-g++ $RPM_OPT_FLAGS -fPIC -o tinyxmlerror.cpp.o -c tinyxmlerror.cpp
+%{__cxx} $RPM_OPT_FLAGS -fPIC -o tinyxmlerror.cpp.o -c tinyxmlerror.cpp
-g++ $RPM_OPT_FLAGS -fPIC -o tinyxmlparser.cpp.o -c tinyxmlparser.cpp
+%{__cxx} $RPM_OPT_FLAGS -fPIC -o tinyxmlparser.cpp.o -c tinyxmlparser.cpp
-g++ $RPM_LD_FLAGS -shared -o libtinyxml.so.0.%{version} -Wl,-soname,libtinyxml.so.0 *.cpp.o
+%{__cxx} $RPM_LD_FLAGS -shared -o libtinyxml.so.0.%{version} -Wl,-soname,libtinyxml.so.0 *.cpp.o
 
 
 %install
@@ -63,6 +66,21 @@ mkdir -p %{buildroot}%{_libdir}/pkgconfig
 %{_libdir}/*.so
 
 %changelog
+* Wed Jan 08 2025 Suyun <ziyu.oerv@isrc.iscas.ac.cn> - 2.6.2-25
+- Use __cxx marco to support Clang
+
+* Tue Dec 24 2024 Jianmin <jianmin@iscas.ac.cn> - 2.6.2-24
+- fix CVE-2023-34194
+
+* Fri Apr 28 2023 will_niutao <huawei2@huawei.com> - 2.6.2-23
+- fix the devel package error
+
+* Thu Jan 27 2022 yaoxin <yaoxin30@huawei.com> - 2.6.2-22
+- Change the patch name to CVE-2021-42260.patch.
+
+* Mon Nov  1 2021 Zhiyi Weng <zhiyi@iscas.ac.cn> - 2.6.2-21
+- Fix CVE-2021-42260
+
 * Tue Oct 26 2021 chenchen <chen_aka_jan@163.com> - 2.6.2-20
 - change the spec file name to be the same as the repo name