From 4ede32772006d2f775d287359d3b2da886ff7926391f55613a6b764f0c75705c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Sat, 18 Jun 2016 16:00:10 +0000 Subject: [PATCH 1/5] Accepting request 402773 from home:pjanouch:branches:devel:libraries:c_c++ - added xerces-c-CVE-2016-2099.patch Exception handling mistake causing use after free (bsc#979208, CVE-2016-2099) - xerces-c-CVE-2016-0729.patch Fix for mishandling certain kinds of malformed input documents, resulting in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. (bsc#966822, CVE-2016-0729) OBS-URL: https://build.opensuse.org/request/show/402773 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=21 --- xerces-c-CVE-2016-0729.patch | 377 +++++++++++++++++++++++++++++++++++ xerces-c-CVE-2016-2099.patch | 19 ++ xerces-c.changes | 12 ++ xerces-c.spec | 8 +- 4 files changed, 415 insertions(+), 1 deletion(-) create mode 100644 xerces-c-CVE-2016-0729.patch create mode 100644 xerces-c-CVE-2016-2099.patch diff --git a/xerces-c-CVE-2016-0729.patch b/xerces-c-CVE-2016-0729.patch new file mode 100644 index 0000000..05f5e1f --- /dev/null +++ b/xerces-c-CVE-2016-0729.patch @@ -0,0 +1,377 @@ +Index: xerces-c-3.1.1/src/xercesc/internal/XMLReader.cpp +=================================================================== +--- xerces-c-3.1.1.orig/src/xercesc/internal/XMLReader.cpp ++++ xerces-c-3.1.1/src/xercesc/internal/XMLReader.cpp +@@ -1460,8 +1460,30 @@ void XMLReader::doInitDecode() + + while (fRawBufIndex < fRawBytesAvail) + { +- // Security fix: make sure there are at least sizeof(UCS4Ch) bytes to consume. ++ // Make sure there are at least sizeof(UCS4Ch) bytes to consume. + if (fRawBufIndex + sizeof(UCS4Ch) > fRawBytesAvail) { ++ fCharsAvail = 0; ++ fRawBufIndex = 0; ++ fMemoryManager->deallocate(fPublicId); ++ fMemoryManager->deallocate(fEncodingStr); ++ ArrayJanitor janValue(fSystemId, fMemoryManager); ++ ThrowXMLwithMemMgr1 ++ ( ++ TranscodingException ++ , XMLExcepts::Reader_CouldNotDecodeFirstLine ++ , fSystemId ++ , fMemoryManager ++ ); ++ } ++ ++ // Make sure we don't exhaust the limited prolog buffer size. ++ // Leave room for a space added at the end of this function. ++ if (fCharsAvail == kCharBufSize - 1) { ++ fCharsAvail = 0; ++ fRawBufIndex = 0; ++ fMemoryManager->deallocate(fPublicId); ++ fMemoryManager->deallocate(fEncodingStr); ++ ArrayJanitor janValue(fSystemId, fMemoryManager); + ThrowXMLwithMemMgr1 + ( + TranscodingException +@@ -1547,6 +1569,23 @@ void XMLReader::doInitDecode() + const char curCh = *asChars++; + fRawBufIndex++; + ++ // Make sure we don't exhaust the limited prolog buffer size. ++ // Leave room for a space added at the end of this function. ++ if (fCharsAvail == kCharBufSize - 1) { ++ fCharsAvail = 0; ++ fRawBufIndex = 0; ++ fMemoryManager->deallocate(fPublicId); ++ fMemoryManager->deallocate(fEncodingStr); ++ ArrayJanitor janValue(fSystemId, fMemoryManager); ++ ThrowXMLwithMemMgr1 ++ ( ++ TranscodingException ++ , XMLExcepts::Reader_CouldNotDecodeFirstLine ++ , fSystemId ++ , fMemoryManager ++ ); ++ } ++ + // Looks ok, so store it + fCharSizeBuf[fCharsAvail] = 1; + fCharBuf[fCharsAvail++] = XMLCh(curCh); +@@ -1630,8 +1669,30 @@ void XMLReader::doInitDecode() + + while (fRawBufIndex < fRawBytesAvail) + { +- // Security fix: make sure there are at least sizeof(UTF16Ch) bytes to consume. ++ // Make sure there are at least sizeof(UTF16Ch) bytes to consume. + if (fRawBufIndex + sizeof(UTF16Ch) > fRawBytesAvail) { ++ fCharsAvail = 0; ++ fRawBufIndex = 0; ++ fMemoryManager->deallocate(fPublicId); ++ fMemoryManager->deallocate(fEncodingStr); ++ ArrayJanitor janValue(fSystemId, fMemoryManager); ++ ThrowXMLwithMemMgr1 ++ ( ++ TranscodingException ++ , XMLExcepts::Reader_CouldNotDecodeFirstLine ++ , fSystemId ++ , fMemoryManager ++ ); ++ } ++ ++ // Make sure we don't exhaust the limited prolog buffer size. ++ // Leave room for a space added at the end of this function. ++ if (fCharsAvail == kCharBufSize - 1) { ++ fCharsAvail = 0; ++ fRawBufIndex = 0; ++ fMemoryManager->deallocate(fPublicId); ++ fMemoryManager->deallocate(fEncodingStr); ++ ArrayJanitor janValue(fSystemId, fMemoryManager); + ThrowXMLwithMemMgr1 + ( + TranscodingException +@@ -1676,6 +1737,24 @@ void XMLReader::doInitDecode() + const XMLCh chCur = XMLEBCDICTranscoder::xlatThisOne(*srcPtr++); + fRawBufIndex++; + ++ // Make sure we don't exhaust the limited prolog buffer size. ++ // Leave room for a space added at the end of this function. ++ if (fCharsAvail == kCharBufSize - 1) { ++ fCharsAvail = 0; ++ fRawBufIndex = 0; ++ fMemoryManager->deallocate(fPublicId); ++ fMemoryManager->deallocate(fEncodingStr); ++ ArrayJanitor janValue(fSystemId, fMemoryManager); ++ ThrowXMLwithMemMgr1 ++ ( ++ TranscodingException ++ , XMLExcepts::Reader_CouldNotDecodeFirstLine ++ , fSystemId ++ , fMemoryManager ++ ); ++ } ++ ++ + // + // And put it into the character buffer. This stuff has to + // look like it was normally transcoded. +@@ -1730,7 +1809,7 @@ void XMLReader::doInitDecode() + // + void XMLReader::refreshRawBuffer() + { +- // Security fix: make sure we don't underflow on the subtraction. ++ // Make sure we don't underflow on the subtraction. + if (fRawBufIndex > fRawBytesAvail) { + ThrowXMLwithMemMgr1 + ( +Index: xerces-c-3.1.1/src/xercesc/util/XMLURL.cpp +=================================================================== +--- xerces-c-3.1.1.orig/src/xercesc/util/XMLURL.cpp ++++ xerces-c-3.1.1/src/xercesc/util/XMLURL.cpp +@@ -611,9 +611,20 @@ BinInputStream* XMLURL::makeNewStream() + + while (percentIndex != -1) { + +- if (percentIndex+2 >= (int)end || +- !isHexDigit(realPath[percentIndex+1]) || +- !isHexDigit(realPath[percentIndex+2])) ++ // Isolate the length/boundary check so we don't try and copy off the end. ++ if (percentIndex+2 >= (int)end) ++ { ++ XMLCh value1[3]; ++ value1[1] = chNull; ++ value1[2] = chNull; ++ XMLString::moveChars(value1, &(realPath[percentIndex]), (percentIndex + 1 >= (int)end ? 1 : 2)); ++ ThrowXMLwithMemMgr2(MalformedURLException ++ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence ++ , realPath ++ , value1 ++ , fMemoryManager); ++ } ++ else if (!isHexDigit(realPath[percentIndex+1]) || !isHexDigit(realPath[percentIndex+2])) + { + XMLCh value1[4]; + XMLString::moveChars(value1, &(realPath[percentIndex]), 3); +Index: xerces-c-3.1.1/src/xercesc/util/XMLUri.cpp +=================================================================== +--- xerces-c-3.1.1.orig/src/xercesc/util/XMLUri.cpp ++++ xerces-c-3.1.1/src/xercesc/util/XMLUri.cpp +@@ -875,11 +875,21 @@ void XMLUri::initializePath(const XMLCh* + // check for valid escape sequence + if (testChar == chPercent) + { +- if (index+2 >= end || +- !XMLString::isHex(uriSpec[index+1]) || +- !XMLString::isHex(uriSpec[index+2])) ++ if (index + 2 >= end) + { +- XMLCh value1[BUF_LEN+1]; ++ XMLCh value1[3]; ++ value1[1] = chNull; ++ value1[2] = chNull; ++ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2)); ++ ThrowXMLwithMemMgr2(MalformedURLException ++ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence ++ , errMsg_PATH ++ , value1 ++ , fMemoryManager); ++ } ++ else if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2])) ++ { ++ XMLCh value1[4]; + XMLString::moveChars(value1, &(uriSpec[index]), 3); + value1[3] = chNull; + ThrowXMLwithMemMgr2(MalformedURLException +@@ -892,7 +902,7 @@ void XMLUri::initializePath(const XMLCh* + else if (!isUnreservedCharacter(testChar) && + !isPathCharacter(testChar)) + { +- XMLCh value1[BUF_LEN+1]; ++ XMLCh value1[2]; + value1[0] = testChar; + value1[1] = chNull; + ThrowXMLwithMemMgr2(MalformedURLException +@@ -920,11 +930,21 @@ void XMLUri::initializePath(const XMLCh* + // check for valid escape sequence + if (testChar == chPercent) + { +- if (index+2 >= end || +- !XMLString::isHex(uriSpec[index+1]) || +- !XMLString::isHex(uriSpec[index+2])) ++ if (index + 2 >= end) + { +- XMLCh value1[BUF_LEN+1]; ++ XMLCh value1[3]; ++ value1[1] = chNull; ++ value1[2] = chNull; ++ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2)); ++ ThrowXMLwithMemMgr2(MalformedURLException ++ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence ++ , errMsg_PATH ++ , value1 ++ , fMemoryManager); ++ } ++ else if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2])) ++ { ++ XMLCh value1[4]; + XMLString::moveChars(value1, &(uriSpec[index]), 3); + value1[3] = chNull; + ThrowXMLwithMemMgr2(MalformedURLException +@@ -941,7 +961,7 @@ void XMLUri::initializePath(const XMLCh* + // contains '[' and ']'. + else if (!isReservedOrUnreservedCharacter(testChar)) + { +- XMLCh value1[BUF_LEN+1]; ++ XMLCh value1[2]; + value1[0] = testChar; + value1[1] = chNull; + ThrowXMLwithMemMgr2(MalformedURLException +@@ -979,11 +999,21 @@ void XMLUri::initializePath(const XMLCh* + + if (testChar == chPercent) + { +- if (index+2 >= end || +- !XMLString::isHex(uriSpec[index+1]) || +- !XMLString::isHex(uriSpec[index+2])) ++ if (index + 2 >= end) ++ { ++ XMLCh value1[3]; ++ value1[1] = chNull; ++ value1[2] = chNull; ++ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2)); ++ ThrowXMLwithMemMgr2(MalformedURLException ++ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence ++ , errMsg_QUERY ++ , value1 ++ , fMemoryManager); ++ } ++ if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2])) + { +- XMLCh value1[BUF_LEN+1]; ++ XMLCh value1[4]; + XMLString::moveChars(value1, &(uriSpec[index]), 3); + value1[3] = chNull; + ThrowXMLwithMemMgr2(MalformedURLException +@@ -995,7 +1025,7 @@ void XMLUri::initializePath(const XMLCh* + } + else if (!isReservedOrUnreservedCharacter(testChar)) + { +- XMLCh value1[BUF_LEN+1]; ++ XMLCh value1[2]; + value1[0] = testChar; + value1[1] = chNull; + ThrowXMLwithMemMgr2(MalformedURLException +@@ -1030,11 +1060,21 @@ void XMLUri::initializePath(const XMLCh* + + if (testChar == chPercent) + { +- if (index+2 >= end || +- !XMLString::isHex(uriSpec[index+1]) || +- !XMLString::isHex(uriSpec[index+2])) ++ if (index + 2 >= end) ++ { ++ XMLCh value1[3]; ++ value1[1] = chNull; ++ value1[2] = chNull; ++ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2)); ++ ThrowXMLwithMemMgr2(MalformedURLException ++ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence ++ , errMsg_FRAGMENT ++ , value1 ++ , fMemoryManager); ++ } ++ if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2])) + { +- XMLCh value1[BUF_LEN+1]; ++ XMLCh value1[4]; + XMLString::moveChars(value1, &(uriSpec[index]), 3); + value1[3] = chNull; + ThrowXMLwithMemMgr2(MalformedURLException +@@ -1046,7 +1086,7 @@ void XMLUri::initializePath(const XMLCh* + } + else if (!isReservedOrUnreservedCharacter(testChar)) + { +- XMLCh value1[BUF_LEN+1]; ++ XMLCh value1[2]; + value1[0] = testChar; + value1[1] = chNull; + ThrowXMLwithMemMgr2(MalformedURLException +@@ -1410,14 +1450,15 @@ void XMLUri::isConformantUserInfo(const + } + else if (*tmpStr == chPercent) // '%' + { +- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex +- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex ++ if (XMLString::stringLen(tmpStr) >= 3 ++ && XMLString::isHex(*(tmpStr+1)) // 1st hex ++ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex + { + tmpStr+=3; + } + else + { +- XMLCh value1[BUF_LEN+1]; ++ XMLCh value1[4]; + value1[0] = chPercent; + value1[1] = *(tmpStr+1); + value1[2] = *(tmpStr+2); +@@ -1468,8 +1509,9 @@ bool XMLUri::isValidServerBasedAuthority + } + else if (userinfo[index] == chPercent) // '%' + { +- if (XMLString::isHex(userinfo[index+1]) && // 1st hex +- XMLString::isHex(userinfo[index+2]) ) // 2nd hex ++ if (index + 2 < userLen ++ && XMLString::isHex(userinfo[index+1]) // 1st hex ++ && XMLString::isHex(userinfo[index+2]) ) // 2nd hex + index +=3; + else + return false; +@@ -1508,8 +1550,9 @@ bool XMLUri::isValidServerBasedAuthority + } + else if (*tmpStr == chPercent) // '%' + { +- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex +- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex ++ if (XMLString::stringLen(tmpStr) >= 3 ++ && XMLString::isHex(*(tmpStr+1)) // 1st hex ++ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex + { + tmpStr+=3; + } +@@ -1537,8 +1580,9 @@ bool XMLUri::isValidRegistryBasedAuthori + } + else if (authority[index] == chPercent) // '%' + { +- if (XMLString::isHex(authority[index+1]) && // 1st hex +- XMLString::isHex(authority[index+2]) ) // 2nd hex ++ if (index + 2 < authLen ++ && XMLString::isHex(authority[index+1]) // 1st hex ++ && XMLString::isHex(authority[index+2]) ) // 2nd hex + index +=3; + else + return false; +@@ -1566,8 +1610,9 @@ bool XMLUri::isValidRegistryBasedAuthori + } + else if (*tmpStr == chPercent) // '%' + { +- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex +- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex ++ if (XMLString::stringLen(tmpStr) >= 3 ++ && XMLString::isHex(*(tmpStr + 1)) // 1st hex ++ && XMLString::isHex(*(tmpStr + 2))) // 2nd hex + { + tmpStr+=3; + } +@@ -1602,8 +1647,9 @@ bool XMLUri::isURIString(const XMLCh* co + } + else if (*tmpStr == chPercent) // '%' + { +- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex +- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex ++ if (XMLString::stringLen(tmpStr) >=3 ++ && XMLString::isHex(*(tmpStr+1)) // 1st hex ++ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex + { + tmpStr+=3; + } diff --git a/xerces-c-CVE-2016-2099.patch b/xerces-c-CVE-2016-2099.patch new file mode 100644 index 0000000..dd7d59d --- /dev/null +++ b/xerces-c-CVE-2016-2099.patch @@ -0,0 +1,19 @@ +--- src/xercesc/validators/DTD/DTDScanner.cpp (revision 1741478) ++++ src/xercesc/validators/DTD/DTDScanner.cpp (working copy) +@@ -2509,7 +2509,15 @@ + { + while (true) + { +- const XMLCh nextCh = fReaderMgr->peekNextChar(); ++ XMLCh nextCh; ++ ++ try { ++ nextCh = fReaderMgr->peekNextChar(); ++ } ++ catch (XMLException& ex) { ++ fScanner->emitError(XMLErrs::XMLException_Fatal, ex.getCode(), ex.getMessage(), NULL, NULL); ++ nextCh = chNull; ++ } + + if (!nextCh) + { diff --git a/xerces-c.changes b/xerces-c.changes index d8c51d3..bc80829 100644 --- a/xerces-c.changes +++ b/xerces-c.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Jun 16 15:43:53 UTC 2016 - pjanouch@suse.de + +- added xerces-c-CVE-2016-2099.patch + Exception handling mistake causing use after free + (bsc#979208, CVE-2016-2099) +- xerces-c-CVE-2016-0729.patch + Fix for mishandling certain kinds of malformed input documents, + resulting in buffer overlows during processing and error reporting. + The overflows can manifest as a segmentation fault or as memory + corruption during a parse operation. (bsc#966822, CVE-2016-0729) + ------------------------------------------------------------------- Mon Sep 28 16:19:17 UTC 2015 - mpluskal@suse.com diff --git a/xerces-c.spec b/xerces-c.spec index 38bf26d..4b53df8 100644 --- a/xerces-c.spec +++ b/xerces-c.spec @@ -1,7 +1,7 @@ # # spec file for package xerces-c # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,10 @@ Source0: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version} Source1: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version}.tar.gz.asc Source2: %{name}.keyring Source3: baselibs.conf +# PATCH-FIX-UPSTREAM bsc#966822 +Patch2: %{name}-CVE-2016-0729.patch +# PATCH-FIX-UPSTREAM bsc#979208 +Patch3: %{name}-CVE-2016-2099.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: libicu-devel @@ -91,6 +95,8 @@ This package includes files needed for development with Xerces-c %prep %setup -q -n xerces-c-%{version} +%patch2 -p1 +%patch3 -p0 %build %configure \ From 0e4f002d6470c2065277b078f0b6ef48ae18041f3dd3e7c3be13b329e507951a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Tue, 21 Jun 2016 12:28:32 +0000 Subject: [PATCH 2/5] Accepting request 403800 from home:zawel1:branches:devel:libraries:c_c++ - Update to 3.1.3 * bug fixes + memcpy used on overlapping memory regions causes sanity test failure + Typo in XMLUni::fgUnknownURIName constant + Buffer overruns in prolog parsing and error handling - Dropped xerces-c-CVE-2016-0729.patch, fixed upstream. OBS-URL: https://build.opensuse.org/request/show/403800 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=22 --- xerces-c-3.1.2.tar.gz | 3 - xerces-c-3.1.2.tar.gz.asc | 17 -- xerces-c-3.1.3.tar.gz | 3 + xerces-c-3.1.3.tar.gz.asc | 17 ++ xerces-c-CVE-2016-0729.patch | 377 ----------------------------------- xerces-c.changes | 9 + xerces-c.spec | 5 +- 7 files changed, 30 insertions(+), 401 deletions(-) delete mode 100644 xerces-c-3.1.2.tar.gz delete mode 100644 xerces-c-3.1.2.tar.gz.asc create mode 100644 xerces-c-3.1.3.tar.gz create mode 100644 xerces-c-3.1.3.tar.gz.asc delete mode 100644 xerces-c-CVE-2016-0729.patch diff --git a/xerces-c-3.1.2.tar.gz b/xerces-c-3.1.2.tar.gz deleted file mode 100644 index ae8b074..0000000 --- a/xerces-c-3.1.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:743bd0a029bf8de56a587c270d97031e0099fe2b7142cef03e0da16e282655a0 -size 6959894 diff --git a/xerces-c-3.1.2.tar.gz.asc b/xerces-c-3.1.2.tar.gz.asc deleted file mode 100644 index 868ff6d..0000000 --- a/xerces-c-3.1.2.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABCgAGBQJVCZSnAAoJEDeLhFQCJ3liDegP/jtKeuHuCzdkJHE1GmOZxauQ -1EEKY184iFd6vfFWVrO5t05GvtM7lQ+JducddvyUJ2Y6zOxQQys22zN41PhPMeo7 -YvOp1nw04XVolke9nOzMm2s9qlYKtF+darXVZAi/ISYay36MLS1fQwx/B+tT/okM -jZFwA1pvzFI/YZ79Pj1k1W9VAlRXCGfOSveMasHv4Y97fFyQLIsyL85OetAqbIBR -UjGUZY47lcJYEMxu2SGwpCDr8hOcphF61qIDtnPdOzjHtyNfleWBYHgZhJcna1C4 -lO+1BkOzzHb9Hclpu6TeDz2jPnJG6Eaxj+bG02EjSbhvgZSY+2pYFjDQUAulFNcp -ADidIh8oMke9Qv/CMesf8GagiPmPs3ftHM5+B1rYvSo8XyTJvsFrKUdDRaGPHpv7 -uAAh+MI8WmvIqun7J14VZobvNb2rrVdWWitMG74eoW0ZB84P2uR7A9bIX8EaxIph -Kfe3DvUuB1/4Y5WlfOPsbl8KD5/QKvCwEnSJUd+VAxJJ3T1K74kycLNfTg4hwpF1 -pPN6OCBXpeepkFN5z4UPxk3wTWjtv8vNqp0T3kx73kIwlpwcEYy3aeBiDuM7WaQ/ -9aMQSWr0xbG4xlcQkl1T1nAspnszzr6V4igSpDep5sCLnyszXTICDpxRLrGPieaD -2kYITLYANPAluikgnX1i -=lzt1 ------END PGP SIGNATURE----- diff --git a/xerces-c-3.1.3.tar.gz b/xerces-c-3.1.3.tar.gz new file mode 100644 index 0000000..674bae9 --- /dev/null +++ b/xerces-c-3.1.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f3d4f73db7c981e16db2b16d9424b0c75d9fbd30ad81747cac047bc6170b5b49 +size 9009575 diff --git a/xerces-c-3.1.3.tar.gz.asc b/xerces-c-3.1.3.tar.gz.asc new file mode 100644 index 0000000..d8d15a5 --- /dev/null +++ b/xerces-c-3.1.3.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAABCAAGBQJWxIfxAAoJEDeLhFQCJ3lilE8P/2vIKgW/8osvAZ2BCBGAUb24 +qpxNvdYOGM3TUvqtdxUgL8+FYXB8iUS40iH3wCO48eUJU5fwvV/p5aW4/vly3AUP +MrLusDuYCMdVFua1cbGp2++e1HqFG5++3z/BwHjG4PnvzmiIiICPoFlVVpNXHSd2 +dOXU+7HKBzrBTP4kOSv9jOx/OBpuTg+OnGUcy3BrR3cn1WCjjU37FLFr55XLm4u9 +2V25IByhY/NP5GTCHRwu4fUE7bNVC64sN3J7gVtRTK4HbS353rx+30EteN7jdBit +/3PqprmIQHATn+WqEybAm3a6ofyX1+qwZjvF28j60NGupYbl5ZYIrSsXY+A0MZgb +qmFyVYWzaDW722RuGUIoKPO98G+kzywdVN+o0EZ10BmAHsw9kZIP4GLsuvgmNs3B +iJYSRlqyw47/Q566REo0tibIWUtWUlljG4QMfIpMhwW2dNFgPDk4kL0a5KKjYwD5 +eAjvcaQdA8i2XJX8Dd8VLhPPBvJK2VaSx1BHnYFZZBqcD6ZrxjckaAc2n97beet5 +tbSp1h7oNMn9A6EjbAqVz4gWgslix3NtHYHMKcBjoZORbmiC+KQc60zwlY7IVwtD +V9pLX8W9ce8aCsXsRhecvxwnDtJHro3730oKd+gG3+xPxSqtOM1c0BGEmV/liy+W +O0R7LgVTzKkaBKqSmkTD +=0g/c +-----END PGP SIGNATURE----- diff --git a/xerces-c-CVE-2016-0729.patch b/xerces-c-CVE-2016-0729.patch deleted file mode 100644 index 05f5e1f..0000000 --- a/xerces-c-CVE-2016-0729.patch +++ /dev/null @@ -1,377 +0,0 @@ -Index: xerces-c-3.1.1/src/xercesc/internal/XMLReader.cpp -=================================================================== ---- xerces-c-3.1.1.orig/src/xercesc/internal/XMLReader.cpp -+++ xerces-c-3.1.1/src/xercesc/internal/XMLReader.cpp -@@ -1460,8 +1460,30 @@ void XMLReader::doInitDecode() - - while (fRawBufIndex < fRawBytesAvail) - { -- // Security fix: make sure there are at least sizeof(UCS4Ch) bytes to consume. -+ // Make sure there are at least sizeof(UCS4Ch) bytes to consume. - if (fRawBufIndex + sizeof(UCS4Ch) > fRawBytesAvail) { -+ fCharsAvail = 0; -+ fRawBufIndex = 0; -+ fMemoryManager->deallocate(fPublicId); -+ fMemoryManager->deallocate(fEncodingStr); -+ ArrayJanitor janValue(fSystemId, fMemoryManager); -+ ThrowXMLwithMemMgr1 -+ ( -+ TranscodingException -+ , XMLExcepts::Reader_CouldNotDecodeFirstLine -+ , fSystemId -+ , fMemoryManager -+ ); -+ } -+ -+ // Make sure we don't exhaust the limited prolog buffer size. -+ // Leave room for a space added at the end of this function. -+ if (fCharsAvail == kCharBufSize - 1) { -+ fCharsAvail = 0; -+ fRawBufIndex = 0; -+ fMemoryManager->deallocate(fPublicId); -+ fMemoryManager->deallocate(fEncodingStr); -+ ArrayJanitor janValue(fSystemId, fMemoryManager); - ThrowXMLwithMemMgr1 - ( - TranscodingException -@@ -1547,6 +1569,23 @@ void XMLReader::doInitDecode() - const char curCh = *asChars++; - fRawBufIndex++; - -+ // Make sure we don't exhaust the limited prolog buffer size. -+ // Leave room for a space added at the end of this function. -+ if (fCharsAvail == kCharBufSize - 1) { -+ fCharsAvail = 0; -+ fRawBufIndex = 0; -+ fMemoryManager->deallocate(fPublicId); -+ fMemoryManager->deallocate(fEncodingStr); -+ ArrayJanitor janValue(fSystemId, fMemoryManager); -+ ThrowXMLwithMemMgr1 -+ ( -+ TranscodingException -+ , XMLExcepts::Reader_CouldNotDecodeFirstLine -+ , fSystemId -+ , fMemoryManager -+ ); -+ } -+ - // Looks ok, so store it - fCharSizeBuf[fCharsAvail] = 1; - fCharBuf[fCharsAvail++] = XMLCh(curCh); -@@ -1630,8 +1669,30 @@ void XMLReader::doInitDecode() - - while (fRawBufIndex < fRawBytesAvail) - { -- // Security fix: make sure there are at least sizeof(UTF16Ch) bytes to consume. -+ // Make sure there are at least sizeof(UTF16Ch) bytes to consume. - if (fRawBufIndex + sizeof(UTF16Ch) > fRawBytesAvail) { -+ fCharsAvail = 0; -+ fRawBufIndex = 0; -+ fMemoryManager->deallocate(fPublicId); -+ fMemoryManager->deallocate(fEncodingStr); -+ ArrayJanitor janValue(fSystemId, fMemoryManager); -+ ThrowXMLwithMemMgr1 -+ ( -+ TranscodingException -+ , XMLExcepts::Reader_CouldNotDecodeFirstLine -+ , fSystemId -+ , fMemoryManager -+ ); -+ } -+ -+ // Make sure we don't exhaust the limited prolog buffer size. -+ // Leave room for a space added at the end of this function. -+ if (fCharsAvail == kCharBufSize - 1) { -+ fCharsAvail = 0; -+ fRawBufIndex = 0; -+ fMemoryManager->deallocate(fPublicId); -+ fMemoryManager->deallocate(fEncodingStr); -+ ArrayJanitor janValue(fSystemId, fMemoryManager); - ThrowXMLwithMemMgr1 - ( - TranscodingException -@@ -1676,6 +1737,24 @@ void XMLReader::doInitDecode() - const XMLCh chCur = XMLEBCDICTranscoder::xlatThisOne(*srcPtr++); - fRawBufIndex++; - -+ // Make sure we don't exhaust the limited prolog buffer size. -+ // Leave room for a space added at the end of this function. -+ if (fCharsAvail == kCharBufSize - 1) { -+ fCharsAvail = 0; -+ fRawBufIndex = 0; -+ fMemoryManager->deallocate(fPublicId); -+ fMemoryManager->deallocate(fEncodingStr); -+ ArrayJanitor janValue(fSystemId, fMemoryManager); -+ ThrowXMLwithMemMgr1 -+ ( -+ TranscodingException -+ , XMLExcepts::Reader_CouldNotDecodeFirstLine -+ , fSystemId -+ , fMemoryManager -+ ); -+ } -+ -+ - // - // And put it into the character buffer. This stuff has to - // look like it was normally transcoded. -@@ -1730,7 +1809,7 @@ void XMLReader::doInitDecode() - // - void XMLReader::refreshRawBuffer() - { -- // Security fix: make sure we don't underflow on the subtraction. -+ // Make sure we don't underflow on the subtraction. - if (fRawBufIndex > fRawBytesAvail) { - ThrowXMLwithMemMgr1 - ( -Index: xerces-c-3.1.1/src/xercesc/util/XMLURL.cpp -=================================================================== ---- xerces-c-3.1.1.orig/src/xercesc/util/XMLURL.cpp -+++ xerces-c-3.1.1/src/xercesc/util/XMLURL.cpp -@@ -611,9 +611,20 @@ BinInputStream* XMLURL::makeNewStream() - - while (percentIndex != -1) { - -- if (percentIndex+2 >= (int)end || -- !isHexDigit(realPath[percentIndex+1]) || -- !isHexDigit(realPath[percentIndex+2])) -+ // Isolate the length/boundary check so we don't try and copy off the end. -+ if (percentIndex+2 >= (int)end) -+ { -+ XMLCh value1[3]; -+ value1[1] = chNull; -+ value1[2] = chNull; -+ XMLString::moveChars(value1, &(realPath[percentIndex]), (percentIndex + 1 >= (int)end ? 1 : 2)); -+ ThrowXMLwithMemMgr2(MalformedURLException -+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence -+ , realPath -+ , value1 -+ , fMemoryManager); -+ } -+ else if (!isHexDigit(realPath[percentIndex+1]) || !isHexDigit(realPath[percentIndex+2])) - { - XMLCh value1[4]; - XMLString::moveChars(value1, &(realPath[percentIndex]), 3); -Index: xerces-c-3.1.1/src/xercesc/util/XMLUri.cpp -=================================================================== ---- xerces-c-3.1.1.orig/src/xercesc/util/XMLUri.cpp -+++ xerces-c-3.1.1/src/xercesc/util/XMLUri.cpp -@@ -875,11 +875,21 @@ void XMLUri::initializePath(const XMLCh* - // check for valid escape sequence - if (testChar == chPercent) - { -- if (index+2 >= end || -- !XMLString::isHex(uriSpec[index+1]) || -- !XMLString::isHex(uriSpec[index+2])) -+ if (index + 2 >= end) - { -- XMLCh value1[BUF_LEN+1]; -+ XMLCh value1[3]; -+ value1[1] = chNull; -+ value1[2] = chNull; -+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2)); -+ ThrowXMLwithMemMgr2(MalformedURLException -+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence -+ , errMsg_PATH -+ , value1 -+ , fMemoryManager); -+ } -+ else if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2])) -+ { -+ XMLCh value1[4]; - XMLString::moveChars(value1, &(uriSpec[index]), 3); - value1[3] = chNull; - ThrowXMLwithMemMgr2(MalformedURLException -@@ -892,7 +902,7 @@ void XMLUri::initializePath(const XMLCh* - else if (!isUnreservedCharacter(testChar) && - !isPathCharacter(testChar)) - { -- XMLCh value1[BUF_LEN+1]; -+ XMLCh value1[2]; - value1[0] = testChar; - value1[1] = chNull; - ThrowXMLwithMemMgr2(MalformedURLException -@@ -920,11 +930,21 @@ void XMLUri::initializePath(const XMLCh* - // check for valid escape sequence - if (testChar == chPercent) - { -- if (index+2 >= end || -- !XMLString::isHex(uriSpec[index+1]) || -- !XMLString::isHex(uriSpec[index+2])) -+ if (index + 2 >= end) - { -- XMLCh value1[BUF_LEN+1]; -+ XMLCh value1[3]; -+ value1[1] = chNull; -+ value1[2] = chNull; -+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2)); -+ ThrowXMLwithMemMgr2(MalformedURLException -+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence -+ , errMsg_PATH -+ , value1 -+ , fMemoryManager); -+ } -+ else if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2])) -+ { -+ XMLCh value1[4]; - XMLString::moveChars(value1, &(uriSpec[index]), 3); - value1[3] = chNull; - ThrowXMLwithMemMgr2(MalformedURLException -@@ -941,7 +961,7 @@ void XMLUri::initializePath(const XMLCh* - // contains '[' and ']'. - else if (!isReservedOrUnreservedCharacter(testChar)) - { -- XMLCh value1[BUF_LEN+1]; -+ XMLCh value1[2]; - value1[0] = testChar; - value1[1] = chNull; - ThrowXMLwithMemMgr2(MalformedURLException -@@ -979,11 +999,21 @@ void XMLUri::initializePath(const XMLCh* - - if (testChar == chPercent) - { -- if (index+2 >= end || -- !XMLString::isHex(uriSpec[index+1]) || -- !XMLString::isHex(uriSpec[index+2])) -+ if (index + 2 >= end) -+ { -+ XMLCh value1[3]; -+ value1[1] = chNull; -+ value1[2] = chNull; -+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2)); -+ ThrowXMLwithMemMgr2(MalformedURLException -+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence -+ , errMsg_QUERY -+ , value1 -+ , fMemoryManager); -+ } -+ if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2])) - { -- XMLCh value1[BUF_LEN+1]; -+ XMLCh value1[4]; - XMLString::moveChars(value1, &(uriSpec[index]), 3); - value1[3] = chNull; - ThrowXMLwithMemMgr2(MalformedURLException -@@ -995,7 +1025,7 @@ void XMLUri::initializePath(const XMLCh* - } - else if (!isReservedOrUnreservedCharacter(testChar)) - { -- XMLCh value1[BUF_LEN+1]; -+ XMLCh value1[2]; - value1[0] = testChar; - value1[1] = chNull; - ThrowXMLwithMemMgr2(MalformedURLException -@@ -1030,11 +1060,21 @@ void XMLUri::initializePath(const XMLCh* - - if (testChar == chPercent) - { -- if (index+2 >= end || -- !XMLString::isHex(uriSpec[index+1]) || -- !XMLString::isHex(uriSpec[index+2])) -+ if (index + 2 >= end) -+ { -+ XMLCh value1[3]; -+ value1[1] = chNull; -+ value1[2] = chNull; -+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2)); -+ ThrowXMLwithMemMgr2(MalformedURLException -+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence -+ , errMsg_FRAGMENT -+ , value1 -+ , fMemoryManager); -+ } -+ if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2])) - { -- XMLCh value1[BUF_LEN+1]; -+ XMLCh value1[4]; - XMLString::moveChars(value1, &(uriSpec[index]), 3); - value1[3] = chNull; - ThrowXMLwithMemMgr2(MalformedURLException -@@ -1046,7 +1086,7 @@ void XMLUri::initializePath(const XMLCh* - } - else if (!isReservedOrUnreservedCharacter(testChar)) - { -- XMLCh value1[BUF_LEN+1]; -+ XMLCh value1[2]; - value1[0] = testChar; - value1[1] = chNull; - ThrowXMLwithMemMgr2(MalformedURLException -@@ -1410,14 +1450,15 @@ void XMLUri::isConformantUserInfo(const - } - else if (*tmpStr == chPercent) // '%' - { -- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex -- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex -+ if (XMLString::stringLen(tmpStr) >= 3 -+ && XMLString::isHex(*(tmpStr+1)) // 1st hex -+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex - { - tmpStr+=3; - } - else - { -- XMLCh value1[BUF_LEN+1]; -+ XMLCh value1[4]; - value1[0] = chPercent; - value1[1] = *(tmpStr+1); - value1[2] = *(tmpStr+2); -@@ -1468,8 +1509,9 @@ bool XMLUri::isValidServerBasedAuthority - } - else if (userinfo[index] == chPercent) // '%' - { -- if (XMLString::isHex(userinfo[index+1]) && // 1st hex -- XMLString::isHex(userinfo[index+2]) ) // 2nd hex -+ if (index + 2 < userLen -+ && XMLString::isHex(userinfo[index+1]) // 1st hex -+ && XMLString::isHex(userinfo[index+2]) ) // 2nd hex - index +=3; - else - return false; -@@ -1508,8 +1550,9 @@ bool XMLUri::isValidServerBasedAuthority - } - else if (*tmpStr == chPercent) // '%' - { -- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex -- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex -+ if (XMLString::stringLen(tmpStr) >= 3 -+ && XMLString::isHex(*(tmpStr+1)) // 1st hex -+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex - { - tmpStr+=3; - } -@@ -1537,8 +1580,9 @@ bool XMLUri::isValidRegistryBasedAuthori - } - else if (authority[index] == chPercent) // '%' - { -- if (XMLString::isHex(authority[index+1]) && // 1st hex -- XMLString::isHex(authority[index+2]) ) // 2nd hex -+ if (index + 2 < authLen -+ && XMLString::isHex(authority[index+1]) // 1st hex -+ && XMLString::isHex(authority[index+2]) ) // 2nd hex - index +=3; - else - return false; -@@ -1566,8 +1610,9 @@ bool XMLUri::isValidRegistryBasedAuthori - } - else if (*tmpStr == chPercent) // '%' - { -- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex -- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex -+ if (XMLString::stringLen(tmpStr) >= 3 -+ && XMLString::isHex(*(tmpStr + 1)) // 1st hex -+ && XMLString::isHex(*(tmpStr + 2))) // 2nd hex - { - tmpStr+=3; - } -@@ -1602,8 +1647,9 @@ bool XMLUri::isURIString(const XMLCh* co - } - else if (*tmpStr == chPercent) // '%' - { -- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex -- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex -+ if (XMLString::stringLen(tmpStr) >=3 -+ && XMLString::isHex(*(tmpStr+1)) // 1st hex -+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex - { - tmpStr+=3; - } diff --git a/xerces-c.changes b/xerces-c.changes index bc80829..1c0c7d9 100644 --- a/xerces-c.changes +++ b/xerces-c.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Jun 21 11:00:01 CEST 2016 - zawel1@gmail.com +- Update to 3.1.3 + * bug fixes + + memcpy used on overlapping memory regions causes sanity test failure + + Typo in XMLUni::fgUnknownURIName constant + + Buffer overruns in prolog parsing and error handling +- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream. + ------------------------------------------------------------------- Thu Jun 16 15:43:53 UTC 2016 - pjanouch@suse.de diff --git a/xerces-c.spec b/xerces-c.spec index 4b53df8..288a887 100644 --- a/xerces-c.spec +++ b/xerces-c.spec @@ -17,7 +17,7 @@ Name: xerces-c -Version: 3.1.2 +Version: 3.1.3 Release: 0 Summary: A Validating XML Parser License: Apache-2.0 @@ -27,8 +27,6 @@ Source0: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version} Source1: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version}.tar.gz.asc Source2: %{name}.keyring Source3: baselibs.conf -# PATCH-FIX-UPSTREAM bsc#966822 -Patch2: %{name}-CVE-2016-0729.patch # PATCH-FIX-UPSTREAM bsc#979208 Patch3: %{name}-CVE-2016-2099.patch BuildRequires: fdupes @@ -95,7 +93,6 @@ This package includes files needed for development with Xerces-c %prep %setup -q -n xerces-c-%{version} -%patch2 -p1 %patch3 -p0 %build From 3b25d2102fec27764a84de82dc9ff9875586b257e590e34c5bd8f7626056d349 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Thu, 23 Jun 2016 14:50:02 +0000 Subject: [PATCH 3/5] Accepting request 404058 from home:jengelh:branches:devel:libraries:c_c++ - Resolve rpmlint warnings of type "version-control-internal-file" OBS-URL: https://build.opensuse.org/request/show/404058 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=23 --- xerces-c.changes | 5 +++++ xerces-c.spec | 1 + 2 files changed, 6 insertions(+) diff --git a/xerces-c.changes b/xerces-c.changes index 1c0c7d9..2067297 100644 --- a/xerces-c.changes +++ b/xerces-c.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jun 22 14:02:13 UTC 2016 - jengelh@inai.de + +- Resolve rpmlint warnings of type "version-control-internal-file" + ------------------------------------------------------------------- Mon Jun 21 11:00:01 CEST 2016 - zawel1@gmail.com - Update to 3.1.3 diff --git a/xerces-c.spec b/xerces-c.spec index 288a887..7cd795f 100644 --- a/xerces-c.spec +++ b/xerces-c.spec @@ -96,6 +96,7 @@ This package includes files needed for development with Xerces-c %patch3 -p0 %build +find . -type d -name .svn -exec rm -Rf "{}" "+" %configure \ %ifnarch x86_64 --disable-sse2 \ From 3a2a509001243de0a7974b7b0be6d4c1656d8f697b517a2abf62e6f5703e847e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Mon, 27 Jun 2016 12:41:54 +0000 Subject: [PATCH 4/5] Accepting request 404987 from home:scarabeus_iv:branches:devel:libraries:c_c++ - Use pkgconfig requires - Disable "pretty" make to make it bit faster - Fix the selfobsoleting provides/requires to silence rpmlint - Use valid group for the docs OBS-URL: https://build.opensuse.org/request/show/404987 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=24 --- xerces-c.changes | 10 ++++++++++ xerces-c.spec | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/xerces-c.changes b/xerces-c.changes index 2067297..b21eb7c 100644 --- a/xerces-c.changes +++ b/xerces-c.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jun 27 12:07:47 UTC 2016 - tchvatal@suse.com + +- Use pkgconfig requires +- Disable "pretty" make to make it bit faster +- Fix the selfobsoleting provides/requires to silence rpmlint +- Use valid group for the docs + ------------------------------------------------------------------- Wed Jun 22 14:02:13 UTC 2016 - jengelh@inai.de @@ -5,6 +13,7 @@ Wed Jun 22 14:02:13 UTC 2016 - jengelh@inai.de ------------------------------------------------------------------- Mon Jun 21 11:00:01 CEST 2016 - zawel1@gmail.com + - Update to 3.1.3 * bug fixes + memcpy used on overlapping memory regions causes sanity test failure @@ -83,6 +92,7 @@ Mon Sep 28 16:19:17 UTC 2015 - mpluskal@suse.com + Allow compiling Xerces-C using C++11 (especially Clang) + VS2012 Project +------------------------------------------------------------------- Thu Feb 19 12:39:37 UTC 2015 - mpluskal@suse.com - Use url for source diff --git a/xerces-c.spec b/xerces-c.spec index 7cd795f..30a72cb 100644 --- a/xerces-c.spec +++ b/xerces-c.spec @@ -31,8 +31,8 @@ Source3: baselibs.conf Patch3: %{name}-CVE-2016-2099.patch BuildRequires: fdupes BuildRequires: gcc-c++ -BuildRequires: libicu-devel -BuildRequires: pkg-config +BuildRequires: pkgconfig +BuildRequires: pkgconfig(icu-i18n) BuildRequires: pkgconfig(libcurl) BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -46,7 +46,7 @@ faithful to the XML 1.0 recommendation and associated standards ( DOM %package doc Summary: Documentation for %{name} -Group: Documentation +Group: Documentation/Other %description doc Xerces-C is a validating XML parser written in a portable subset of @@ -62,7 +62,7 @@ This package contains just documentation. Summary: Shared libraries for Xerces-c - a validating XML parser Group: Productivity/Publishing/XML Provides: Xerces-c = %{version} -Obsoletes: Xerces-c <= %{version} +Obsoletes: Xerces-c < %{version} %description -n libxerces-c-3_1 Xerces-C is a validating XML parser written in a portable subset of @@ -79,9 +79,9 @@ Summary: A validating XML parser - Development Files Group: Development/Libraries/C and C++ Requires: libxerces-c-3_1 = %{version} Provides: Xerces-c-devel = %{version} -Obsoletes: Xerces-c-devel <= %{version} +Obsoletes: Xerces-c-devel < %{version} Provides: libXerces-c-devel = %{version} -Obsoletes: libXerces-c-devel <= %{version} +Obsoletes: libXerces-c-devel < %{version} %description -n libxerces-c-devel Xerces-C is a validating XML parser written in a portable subset of @@ -93,7 +93,7 @@ This package includes files needed for development with Xerces-c %prep %setup -q -n xerces-c-%{version} -%patch3 -p0 +%patch3 %build find . -type d -name .svn -exec rm -Rf "{}" "+" @@ -102,16 +102,16 @@ find . -type d -name .svn -exec rm -Rf "{}" "+" --disable-sse2 \ %endif --enable-netaccessor-curl \ - --disable-static + --disable-static \ + --disable-pretty-make make %{?_smp_mflags} %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +make %{?_smp_mflags} DESTDIR=%{buildroot} install find %{buildroot} -type f -name "*.la" -delete -print %fdupes -s doc %post -n libxerces-c-3_1 -p /sbin/ldconfig - %postun -n libxerces-c-3_1 -p /sbin/ldconfig %files From cca002779cfce407c480b594b78d10318d553d83fc91af48e1e5d76235aa2558 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 5 Jul 2016 12:05:14 +0000 Subject: [PATCH 5/5] - Version update to 3.1.4: * Fixes bnc#985860 CVE-2016-4463 * xerces-c-CVE-2016-2099.patch removed as it was included upstream OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=25 --- xerces-c-3.1.3.tar.gz | 3 --- xerces-c-3.1.3.tar.gz.asc | 17 ----------------- xerces-c-3.1.4.tar.gz | 3 +++ xerces-c-3.1.4.tar.gz.asc | 17 +++++++++++++++++ xerces-c-CVE-2016-2099.patch | 19 ------------------- xerces-c.changes | 7 +++++++ xerces-c.spec | 5 +---- 7 files changed, 28 insertions(+), 43 deletions(-) delete mode 100644 xerces-c-3.1.3.tar.gz delete mode 100644 xerces-c-3.1.3.tar.gz.asc create mode 100644 xerces-c-3.1.4.tar.gz create mode 100644 xerces-c-3.1.4.tar.gz.asc delete mode 100644 xerces-c-CVE-2016-2099.patch diff --git a/xerces-c-3.1.3.tar.gz b/xerces-c-3.1.3.tar.gz deleted file mode 100644 index 674bae9..0000000 --- a/xerces-c-3.1.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f3d4f73db7c981e16db2b16d9424b0c75d9fbd30ad81747cac047bc6170b5b49 -size 9009575 diff --git a/xerces-c-3.1.3.tar.gz.asc b/xerces-c-3.1.3.tar.gz.asc deleted file mode 100644 index d8d15a5..0000000 --- a/xerces-c-3.1.3.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQIcBAABCAAGBQJWxIfxAAoJEDeLhFQCJ3lilE8P/2vIKgW/8osvAZ2BCBGAUb24 -qpxNvdYOGM3TUvqtdxUgL8+FYXB8iUS40iH3wCO48eUJU5fwvV/p5aW4/vly3AUP -MrLusDuYCMdVFua1cbGp2++e1HqFG5++3z/BwHjG4PnvzmiIiICPoFlVVpNXHSd2 -dOXU+7HKBzrBTP4kOSv9jOx/OBpuTg+OnGUcy3BrR3cn1WCjjU37FLFr55XLm4u9 -2V25IByhY/NP5GTCHRwu4fUE7bNVC64sN3J7gVtRTK4HbS353rx+30EteN7jdBit -/3PqprmIQHATn+WqEybAm3a6ofyX1+qwZjvF28j60NGupYbl5ZYIrSsXY+A0MZgb -qmFyVYWzaDW722RuGUIoKPO98G+kzywdVN+o0EZ10BmAHsw9kZIP4GLsuvgmNs3B -iJYSRlqyw47/Q566REo0tibIWUtWUlljG4QMfIpMhwW2dNFgPDk4kL0a5KKjYwD5 -eAjvcaQdA8i2XJX8Dd8VLhPPBvJK2VaSx1BHnYFZZBqcD6ZrxjckaAc2n97beet5 -tbSp1h7oNMn9A6EjbAqVz4gWgslix3NtHYHMKcBjoZORbmiC+KQc60zwlY7IVwtD -V9pLX8W9ce8aCsXsRhecvxwnDtJHro3730oKd+gG3+xPxSqtOM1c0BGEmV/liy+W -O0R7LgVTzKkaBKqSmkTD -=0g/c ------END PGP SIGNATURE----- diff --git a/xerces-c-3.1.4.tar.gz b/xerces-c-3.1.4.tar.gz new file mode 100644 index 0000000..fe2a426 --- /dev/null +++ b/xerces-c-3.1.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c98eedac4cf8a73b09366ad349cb3ef30640e7a3089d360d40a3dde93f66ecf6 +size 6992545 diff --git a/xerces-c-3.1.4.tar.gz.asc b/xerces-c-3.1.4.tar.gz.asc new file mode 100644 index 0000000..f32b80a --- /dev/null +++ b/xerces-c-3.1.4.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAABCAAGBQJXc8xIAAoJEDeLhFQCJ3liTREP/ji8nDOE1eusTdEhAZQl4YGt +ENLusM2UKEs7/dyPJIQoRQ1kUQdzhtcWKA23Nzb55Cs2bAuOkWLD7K20DlqJG1w0 +eoMG+KFtTsKBuGI/xEwMNw25HoIU7JvcFFhFMLRmOxMugmOYMW8hxUwGNTpv5MF9 +Rq7e2/H8E6Gt5w9oDlZZoHmMaIIIz8jxMNwQyCHgvwg0NYY+wpvAuKp7DbKC5Qp9 +fzWGdz2HwenUJyRJf6PZBhXeab/dzJ5uazGbHx5B1lWerwI2UAjzjPMGVO9+Fax9 +Aou/C4JtmordgSE4oPL+VkvgpC2n+eLlCBvWT5CKm/157RetBdVutqdpzHPZaGc/ +wpKqiw01bqt8ogoVDcxa21hMW6R44QDlgnMrdvhcVH/NuEj/+LM1sudChYmbq8qP +qADgbeizbQnSP5NZgKzZjqVprl4UHrHoUcwTWT4yZgZnm1iz+hbtno8XmadWuolo +wq+/8XUhqbIcIzHNHbKiiveH/2pKGuMuNngnJT3WbuNIgXA0/7LTOYnAA7ZYMkpH +hphHzwkoycxT56Gm/88vuZ6VQFZDoca3rYkWysiUnlgLrTHI9Gs1XD7XQJsL34cs +rlVywiqmwYYHHf4sTXLKyyweDNQmM48eFMP9RgFasOAmFg7OIc7ynr970H6eSkez +ARW/IgksxrFy6hrg1ehw +=2sAu +-----END PGP SIGNATURE----- diff --git a/xerces-c-CVE-2016-2099.patch b/xerces-c-CVE-2016-2099.patch deleted file mode 100644 index dd7d59d..0000000 --- a/xerces-c-CVE-2016-2099.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- src/xercesc/validators/DTD/DTDScanner.cpp (revision 1741478) -+++ src/xercesc/validators/DTD/DTDScanner.cpp (working copy) -@@ -2509,7 +2509,15 @@ - { - while (true) - { -- const XMLCh nextCh = fReaderMgr->peekNextChar(); -+ XMLCh nextCh; -+ -+ try { -+ nextCh = fReaderMgr->peekNextChar(); -+ } -+ catch (XMLException& ex) { -+ fScanner->emitError(XMLErrs::XMLException_Fatal, ex.getCode(), ex.getMessage(), NULL, NULL); -+ nextCh = chNull; -+ } - - if (!nextCh) - { diff --git a/xerces-c.changes b/xerces-c.changes index b21eb7c..6cb7af2 100644 --- a/xerces-c.changes +++ b/xerces-c.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jul 5 11:59:36 UTC 2016 - tchvatal@suse.com + +- Version update to 3.1.4: + * Fixes bnc#985860 CVE-2016-4463 + * xerces-c-CVE-2016-2099.patch removed as it was included upstream + ------------------------------------------------------------------- Mon Jun 27 12:07:47 UTC 2016 - tchvatal@suse.com diff --git a/xerces-c.spec b/xerces-c.spec index 30a72cb..2adf284 100644 --- a/xerces-c.spec +++ b/xerces-c.spec @@ -17,7 +17,7 @@ Name: xerces-c -Version: 3.1.3 +Version: 3.1.4 Release: 0 Summary: A Validating XML Parser License: Apache-2.0 @@ -27,8 +27,6 @@ Source0: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version} Source1: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version}.tar.gz.asc Source2: %{name}.keyring Source3: baselibs.conf -# PATCH-FIX-UPSTREAM bsc#979208 -Patch3: %{name}-CVE-2016-2099.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: pkgconfig @@ -93,7 +91,6 @@ This package includes files needed for development with Xerces-c %prep %setup -q -n xerces-c-%{version} -%patch3 %build find . -type d -name .svn -exec rm -Rf "{}" "+"