Accepting request 406725 from devel:libraries:c_c++

- Version update to 3.1.4:
  * Fixes bnc#985860 CVE-2016-4463
  * xerces-c-CVE-2016-2099.patch removed as it was included upstream

- Use pkgconfig requires
- Disable "pretty" make to make it bit faster
- Fix the selfobsoleting provides/requires to silence rpmlint
- Use valid group for the docs

- Resolve rpmlint warnings of type "version-control-internal-file"

- Update to 3.1.3
  * bug fixes
    + memcpy used on overlapping memory regions causes sanity test failure
    + Typo in XMLUni::fgUnknownURIName constant
    + Buffer overruns in prolog parsing and error handling
- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream.

- added xerces-c-CVE-2016-2099.patch
  Exception handling mistake causing use after free
  (bsc#979208, CVE-2016-2099)
- xerces-c-CVE-2016-0729.patch
  Fix for mishandling certain kinds of malformed input documents,
  resulting in buffer overlows during processing and error reporting.
  The overflows can manifest as a segmentation fault or as memory
  corruption during a parse operation. (bsc#966822, CVE-2016-0729)

OBS-URL: https://build.opensuse.org/request/show/406725
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xerces-c?expand=0&rev=21

xerces-c-3.1.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:743bd0a029bf8de56a587c270d97031e0099fe2b7142cef03e0da16e282655a0
-size 6959894

xerces-c-3.1.2.tar.gz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABCgAGBQJVCZSnAAoJEDeLhFQCJ3liDegP/jtKeuHuCzdkJHE1GmOZxauQ
-1EEKY184iFd6vfFWVrO5t05GvtM7lQ+JducddvyUJ2Y6zOxQQys22zN41PhPMeo7
-YvOp1nw04XVolke9nOzMm2s9qlYKtF+darXVZAi/ISYay36MLS1fQwx/B+tT/okM
-jZFwA1pvzFI/YZ79Pj1k1W9VAlRXCGfOSveMasHv4Y97fFyQLIsyL85OetAqbIBR
-UjGUZY47lcJYEMxu2SGwpCDr8hOcphF61qIDtnPdOzjHtyNfleWBYHgZhJcna1C4
-lO+1BkOzzHb9Hclpu6TeDz2jPnJG6Eaxj+bG02EjSbhvgZSY+2pYFjDQUAulFNcp
-ADidIh8oMke9Qv/CMesf8GagiPmPs3ftHM5+B1rYvSo8XyTJvsFrKUdDRaGPHpv7
-uAAh+MI8WmvIqun7J14VZobvNb2rrVdWWitMG74eoW0ZB84P2uR7A9bIX8EaxIph
-Kfe3DvUuB1/4Y5WlfOPsbl8KD5/QKvCwEnSJUd+VAxJJ3T1K74kycLNfTg4hwpF1
-pPN6OCBXpeepkFN5z4UPxk3wTWjtv8vNqp0T3kx73kIwlpwcEYy3aeBiDuM7WaQ/
-9aMQSWr0xbG4xlcQkl1T1nAspnszzr6V4igSpDep5sCLnyszXTICDpxRLrGPieaD
-2kYITLYANPAluikgnX1i
-=lzt1
------END PGP SIGNATURE-----

xerces-c-3.1.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c98eedac4cf8a73b09366ad349cb3ef30640e7a3089d360d40a3dde93f66ecf6
+size 6992545

xerces-c-3.1.4.tar.gz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQIcBAABCAAGBQJXc8xIAAoJEDeLhFQCJ3liTREP/ji8nDOE1eusTdEhAZQl4YGt
+ENLusM2UKEs7/dyPJIQoRQ1kUQdzhtcWKA23Nzb55Cs2bAuOkWLD7K20DlqJG1w0
+eoMG+KFtTsKBuGI/xEwMNw25HoIU7JvcFFhFMLRmOxMugmOYMW8hxUwGNTpv5MF9
+Rq7e2/H8E6Gt5w9oDlZZoHmMaIIIz8jxMNwQyCHgvwg0NYY+wpvAuKp7DbKC5Qp9
+fzWGdz2HwenUJyRJf6PZBhXeab/dzJ5uazGbHx5B1lWerwI2UAjzjPMGVO9+Fax9
+Aou/C4JtmordgSE4oPL+VkvgpC2n+eLlCBvWT5CKm/157RetBdVutqdpzHPZaGc/
+wpKqiw01bqt8ogoVDcxa21hMW6R44QDlgnMrdvhcVH/NuEj/+LM1sudChYmbq8qP
+qADgbeizbQnSP5NZgKzZjqVprl4UHrHoUcwTWT4yZgZnm1iz+hbtno8XmadWuolo
+wq+/8XUhqbIcIzHNHbKiiveH/2pKGuMuNngnJT3WbuNIgXA0/7LTOYnAA7ZYMkpH
+hphHzwkoycxT56Gm/88vuZ6VQFZDoca3rYkWysiUnlgLrTHI9Gs1XD7XQJsL34cs
+rlVywiqmwYYHHf4sTXLKyyweDNQmM48eFMP9RgFasOAmFg7OIc7ynr970H6eSkez
+ARW/IgksxrFy6hrg1ehw
+=2sAu
+-----END PGP SIGNATURE-----

xerces-c.changes

@@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Tue Jul  5 11:59:36 UTC 2016 - tchvatal@suse.com
+
+- Version update to 3.1.4:
+  * Fixes bnc#985860 CVE-2016-4463
+  * xerces-c-CVE-2016-2099.patch removed as it was included upstream
+
+-------------------------------------------------------------------
+Mon Jun 27 12:07:47 UTC 2016 - tchvatal@suse.com
+
+- Use pkgconfig requires
+- Disable "pretty" make to make it bit faster
+- Fix the selfobsoleting provides/requires to silence rpmlint
+- Use valid group for the docs
+
+-------------------------------------------------------------------
+Wed Jun 22 14:02:13 UTC 2016 - jengelh@inai.de
+
+- Resolve rpmlint warnings of type "version-control-internal-file"
+
+-------------------------------------------------------------------
+Mon Jun 21 11:00:01 CEST 2016 - zawel1@gmail.com
+
+- Update to 3.1.3
+  * bug fixes
+    + memcpy used on overlapping memory regions causes sanity test failure
+    + Typo in XMLUni::fgUnknownURIName constant
+    + Buffer overruns in prolog parsing and error handling
+- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream.
+
+-------------------------------------------------------------------
+Thu Jun 16 15:43:53 UTC 2016 - pjanouch@suse.de
+
+- added xerces-c-CVE-2016-2099.patch
+  Exception handling mistake causing use after free
+  (bsc#979208, CVE-2016-2099)
+- xerces-c-CVE-2016-0729.patch
+  Fix for mishandling certain kinds of malformed input documents,
+  resulting in buffer overlows during processing and error reporting.
+  The overflows can manifest as a segmentation fault or as memory
+  corruption during a parse operation. (bsc#966822, CVE-2016-0729)
+
 -------------------------------------------------------------------
 Mon Sep 28 16:19:17 UTC 2015 - mpluskal@suse.com
 
@@ -57,6 +99,7 @@ Mon Sep 28 16:19:17 UTC 2015 - mpluskal@suse.com
     + Allow compiling Xerces-C using C++11 (especially Clang)
     + VS2012 Project
 
+-------------------------------------------------------------------
 Thu Feb 19 12:39:37 UTC 2015 - mpluskal@suse.com
 
 - Use url for source

xerces-c.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package xerces-c
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           xerces-c
-Version:        3.1.2
+Version:        3.1.4
 Release:        0
 Summary:        A Validating XML Parser
 License:        Apache-2.0
@@ -29,8 +29,8 @@ Source2:        %{name}.keyring
 Source3:        baselibs.conf
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
-BuildRequires:  libicu-devel
+BuildRequires:  pkgconfig
-BuildRequires:  pkg-config
+BuildRequires:  pkgconfig(icu-i18n)
 BuildRequires:  pkgconfig(libcurl)
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -44,7 +44,7 @@ faithful to the XML 1.0 recommendation and associated standards ( DOM
 
 %package doc
 Summary:        Documentation for %{name}
-Group:          Documentation
+Group:          Documentation/Other
 
 %description doc
 Xerces-C is a validating XML parser written in a portable subset of
@@ -60,7 +60,7 @@ This package contains just documentation.
 Summary:        Shared libraries for Xerces-c - a validating XML parser
 Group:          Productivity/Publishing/XML
 Provides:       Xerces-c = %{version}
-Obsoletes:      Xerces-c <= %{version}
+Obsoletes:      Xerces-c < %{version}
 
 %description -n libxerces-c-3_1
 Xerces-C is a validating XML parser written in a portable subset of
@@ -77,9 +77,9 @@ Summary:        A validating XML parser - Development Files
 Group:          Development/Libraries/C and C++
 Requires:       libxerces-c-3_1 = %{version}
 Provides:       Xerces-c-devel = %{version}
-Obsoletes:      Xerces-c-devel <= %{version}
+Obsoletes:      Xerces-c-devel < %{version}
 Provides:       libXerces-c-devel = %{version}
-Obsoletes:      libXerces-c-devel <= %{version}
+Obsoletes:      libXerces-c-devel < %{version}
 
 %description -n libxerces-c-devel
 Xerces-C is a validating XML parser written in a portable subset of
@@ -93,21 +93,22 @@ This package includes files needed for development with Xerces-c
 %setup -q -n xerces-c-%{version}
 
 %build
+find . -type d -name .svn -exec rm -Rf "{}" "+"
 %configure \
 %ifnarch x86_64
     --disable-sse2 \
 %endif
     --enable-netaccessor-curl \
-    --disable-static
+    --disable-static \
+    --disable-pretty-make
 make %{?_smp_mflags}
 
 %install
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
+make %{?_smp_mflags} DESTDIR=%{buildroot} install
 find %{buildroot} -type f -name "*.la" -delete -print
 %fdupes -s doc
 
 %post -n libxerces-c-3_1 -p /sbin/ldconfig
-
 %postun -n libxerces-c-3_1 -p /sbin/ldconfig
 
 %files