diff --git a/xerces-c-3.1.2.tar.gz b/xerces-c-3.1.2.tar.gz deleted file mode 100644 index ae8b074..0000000 --- a/xerces-c-3.1.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:743bd0a029bf8de56a587c270d97031e0099fe2b7142cef03e0da16e282655a0 -size 6959894 diff --git a/xerces-c-3.1.2.tar.gz.asc b/xerces-c-3.1.2.tar.gz.asc deleted file mode 100644 index 868ff6d..0000000 --- a/xerces-c-3.1.2.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABCgAGBQJVCZSnAAoJEDeLhFQCJ3liDegP/jtKeuHuCzdkJHE1GmOZxauQ -1EEKY184iFd6vfFWVrO5t05GvtM7lQ+JducddvyUJ2Y6zOxQQys22zN41PhPMeo7 -YvOp1nw04XVolke9nOzMm2s9qlYKtF+darXVZAi/ISYay36MLS1fQwx/B+tT/okM -jZFwA1pvzFI/YZ79Pj1k1W9VAlRXCGfOSveMasHv4Y97fFyQLIsyL85OetAqbIBR -UjGUZY47lcJYEMxu2SGwpCDr8hOcphF61qIDtnPdOzjHtyNfleWBYHgZhJcna1C4 -lO+1BkOzzHb9Hclpu6TeDz2jPnJG6Eaxj+bG02EjSbhvgZSY+2pYFjDQUAulFNcp -ADidIh8oMke9Qv/CMesf8GagiPmPs3ftHM5+B1rYvSo8XyTJvsFrKUdDRaGPHpv7 -uAAh+MI8WmvIqun7J14VZobvNb2rrVdWWitMG74eoW0ZB84P2uR7A9bIX8EaxIph -Kfe3DvUuB1/4Y5WlfOPsbl8KD5/QKvCwEnSJUd+VAxJJ3T1K74kycLNfTg4hwpF1 -pPN6OCBXpeepkFN5z4UPxk3wTWjtv8vNqp0T3kx73kIwlpwcEYy3aeBiDuM7WaQ/ -9aMQSWr0xbG4xlcQkl1T1nAspnszzr6V4igSpDep5sCLnyszXTICDpxRLrGPieaD -2kYITLYANPAluikgnX1i -=lzt1 ------END PGP SIGNATURE----- diff --git a/xerces-c-3.1.4.tar.gz b/xerces-c-3.1.4.tar.gz new file mode 100644 index 0000000..fe2a426 --- /dev/null +++ b/xerces-c-3.1.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c98eedac4cf8a73b09366ad349cb3ef30640e7a3089d360d40a3dde93f66ecf6 +size 6992545 diff --git a/xerces-c-3.1.4.tar.gz.asc b/xerces-c-3.1.4.tar.gz.asc new file mode 100644 index 0000000..f32b80a --- /dev/null +++ b/xerces-c-3.1.4.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAABCAAGBQJXc8xIAAoJEDeLhFQCJ3liTREP/ji8nDOE1eusTdEhAZQl4YGt +ENLusM2UKEs7/dyPJIQoRQ1kUQdzhtcWKA23Nzb55Cs2bAuOkWLD7K20DlqJG1w0 +eoMG+KFtTsKBuGI/xEwMNw25HoIU7JvcFFhFMLRmOxMugmOYMW8hxUwGNTpv5MF9 +Rq7e2/H8E6Gt5w9oDlZZoHmMaIIIz8jxMNwQyCHgvwg0NYY+wpvAuKp7DbKC5Qp9 +fzWGdz2HwenUJyRJf6PZBhXeab/dzJ5uazGbHx5B1lWerwI2UAjzjPMGVO9+Fax9 +Aou/C4JtmordgSE4oPL+VkvgpC2n+eLlCBvWT5CKm/157RetBdVutqdpzHPZaGc/ +wpKqiw01bqt8ogoVDcxa21hMW6R44QDlgnMrdvhcVH/NuEj/+LM1sudChYmbq8qP +qADgbeizbQnSP5NZgKzZjqVprl4UHrHoUcwTWT4yZgZnm1iz+hbtno8XmadWuolo +wq+/8XUhqbIcIzHNHbKiiveH/2pKGuMuNngnJT3WbuNIgXA0/7LTOYnAA7ZYMkpH +hphHzwkoycxT56Gm/88vuZ6VQFZDoca3rYkWysiUnlgLrTHI9Gs1XD7XQJsL34cs +rlVywiqmwYYHHf4sTXLKyyweDNQmM48eFMP9RgFasOAmFg7OIc7ynr970H6eSkez +ARW/IgksxrFy6hrg1ehw +=2sAu +-----END PGP SIGNATURE----- diff --git a/xerces-c.changes b/xerces-c.changes index d8c51d3..6cb7af2 100644 --- a/xerces-c.changes +++ b/xerces-c.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Tue Jul 5 11:59:36 UTC 2016 - tchvatal@suse.com + +- Version update to 3.1.4: + * Fixes bnc#985860 CVE-2016-4463 + * xerces-c-CVE-2016-2099.patch removed as it was included upstream + +------------------------------------------------------------------- +Mon Jun 27 12:07:47 UTC 2016 - tchvatal@suse.com + +- Use pkgconfig requires +- Disable "pretty" make to make it bit faster +- Fix the selfobsoleting provides/requires to silence rpmlint +- Use valid group for the docs + +------------------------------------------------------------------- +Wed Jun 22 14:02:13 UTC 2016 - jengelh@inai.de + +- Resolve rpmlint warnings of type "version-control-internal-file" + +------------------------------------------------------------------- +Mon Jun 21 11:00:01 CEST 2016 - zawel1@gmail.com + +- Update to 3.1.3 + * bug fixes + + memcpy used on overlapping memory regions causes sanity test failure + + Typo in XMLUni::fgUnknownURIName constant + + Buffer overruns in prolog parsing and error handling +- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream. + +------------------------------------------------------------------- +Thu Jun 16 15:43:53 UTC 2016 - pjanouch@suse.de + +- added xerces-c-CVE-2016-2099.patch + Exception handling mistake causing use after free + (bsc#979208, CVE-2016-2099) +- xerces-c-CVE-2016-0729.patch + Fix for mishandling certain kinds of malformed input documents, + resulting in buffer overlows during processing and error reporting. + The overflows can manifest as a segmentation fault or as memory + corruption during a parse operation. (bsc#966822, CVE-2016-0729) + ------------------------------------------------------------------- Mon Sep 28 16:19:17 UTC 2015 - mpluskal@suse.com @@ -57,6 +99,7 @@ Mon Sep 28 16:19:17 UTC 2015 - mpluskal@suse.com + Allow compiling Xerces-C using C++11 (especially Clang) + VS2012 Project +------------------------------------------------------------------- Thu Feb 19 12:39:37 UTC 2015 - mpluskal@suse.com - Use url for source diff --git a/xerces-c.spec b/xerces-c.spec index 38bf26d..2adf284 100644 --- a/xerces-c.spec +++ b/xerces-c.spec @@ -1,7 +1,7 @@ # # spec file for package xerces-c # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: xerces-c -Version: 3.1.2 +Version: 3.1.4 Release: 0 Summary: A Validating XML Parser License: Apache-2.0 @@ -29,8 +29,8 @@ Source2: %{name}.keyring Source3: baselibs.conf BuildRequires: fdupes BuildRequires: gcc-c++ -BuildRequires: libicu-devel -BuildRequires: pkg-config +BuildRequires: pkgconfig +BuildRequires: pkgconfig(icu-i18n) BuildRequires: pkgconfig(libcurl) BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -44,7 +44,7 @@ faithful to the XML 1.0 recommendation and associated standards ( DOM %package doc Summary: Documentation for %{name} -Group: Documentation +Group: Documentation/Other %description doc Xerces-C is a validating XML parser written in a portable subset of @@ -60,7 +60,7 @@ This package contains just documentation. Summary: Shared libraries for Xerces-c - a validating XML parser Group: Productivity/Publishing/XML Provides: Xerces-c = %{version} -Obsoletes: Xerces-c <= %{version} +Obsoletes: Xerces-c < %{version} %description -n libxerces-c-3_1 Xerces-C is a validating XML parser written in a portable subset of @@ -77,9 +77,9 @@ Summary: A validating XML parser - Development Files Group: Development/Libraries/C and C++ Requires: libxerces-c-3_1 = %{version} Provides: Xerces-c-devel = %{version} -Obsoletes: Xerces-c-devel <= %{version} +Obsoletes: Xerces-c-devel < %{version} Provides: libXerces-c-devel = %{version} -Obsoletes: libXerces-c-devel <= %{version} +Obsoletes: libXerces-c-devel < %{version} %description -n libxerces-c-devel Xerces-C is a validating XML parser written in a portable subset of @@ -93,21 +93,22 @@ This package includes files needed for development with Xerces-c %setup -q -n xerces-c-%{version} %build +find . -type d -name .svn -exec rm -Rf "{}" "+" %configure \ %ifnarch x86_64 --disable-sse2 \ %endif --enable-netaccessor-curl \ - --disable-static + --disable-static \ + --disable-pretty-make make %{?_smp_mflags} %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +make %{?_smp_mflags} DESTDIR=%{buildroot} install find %{buildroot} -type f -name "*.la" -delete -print %fdupes -s doc %post -n libxerces-c-3_1 -p /sbin/ldconfig - %postun -n libxerces-c-3_1 -p /sbin/ldconfig %files