- Version update to 3.1.4:

* Fixes bnc#985860 CVE-2016-4463 * xerces-c-CVE-2016-2099.patch removed as it was included upstream OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=25
2016-07-05 12:05:14 +00:00 · 2016-07-05 12:05:14 +00:00 · cca002779c
commit cca002779c
parent 3a2a509001
7 changed files with 28 additions and 43 deletions
--- a/xerces-c-3.1.3.tar.gz
+++ b/xerces-c-3.1.3.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f3d4f73db7c981e16db2b16d9424b0c75d9fbd30ad81747cac047bc6170b5b49
-size 9009575
--- a/xerces-c-3.1.3.tar.gz.asc
+++ b/xerces-c-3.1.3.tar.gz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iQIcBAABCAAGBQJWxIfxAAoJEDeLhFQCJ3lilE8P/2vIKgW/8osvAZ2BCBGAUb24
-qpxNvdYOGM3TUvqtdxUgL8+FYXB8iUS40iH3wCO48eUJU5fwvV/p5aW4/vly3AUP
-MrLusDuYCMdVFua1cbGp2++e1HqFG5++3z/BwHjG4PnvzmiIiICPoFlVVpNXHSd2
-dOXU+7HKBzrBTP4kOSv9jOx/OBpuTg+OnGUcy3BrR3cn1WCjjU37FLFr55XLm4u9
-2V25IByhY/NP5GTCHRwu4fUE7bNVC64sN3J7gVtRTK4HbS353rx+30EteN7jdBit
-/3PqprmIQHATn+WqEybAm3a6ofyX1+qwZjvF28j60NGupYbl5ZYIrSsXY+A0MZgb
-qmFyVYWzaDW722RuGUIoKPO98G+kzywdVN+o0EZ10BmAHsw9kZIP4GLsuvgmNs3B
-iJYSRlqyw47/Q566REo0tibIWUtWUlljG4QMfIpMhwW2dNFgPDk4kL0a5KKjYwD5
-eAjvcaQdA8i2XJX8Dd8VLhPPBvJK2VaSx1BHnYFZZBqcD6ZrxjckaAc2n97beet5
-tbSp1h7oNMn9A6EjbAqVz4gWgslix3NtHYHMKcBjoZORbmiC+KQc60zwlY7IVwtD
-V9pLX8W9ce8aCsXsRhecvxwnDtJHro3730oKd+gG3+xPxSqtOM1c0BGEmV/liy+W
-O0R7LgVTzKkaBKqSmkTD
-=0g/c
-----END PGP SIGNATURE-----
--- a/xerces-c-3.1.4.tar.gz
+++ b/xerces-c-3.1.4.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c98eedac4cf8a73b09366ad349cb3ef30640e7a3089d360d40a3dde93f66ecf6
+size 6992545
--- a/xerces-c-3.1.4.tar.gz.asc
+++ b/xerces-c-3.1.4.tar.gz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQIcBAABCAAGBQJXc8xIAAoJEDeLhFQCJ3liTREP/ji8nDOE1eusTdEhAZQl4YGt
+ENLusM2UKEs7/dyPJIQoRQ1kUQdzhtcWKA23Nzb55Cs2bAuOkWLD7K20DlqJG1w0
+eoMG+KFtTsKBuGI/xEwMNw25HoIU7JvcFFhFMLRmOxMugmOYMW8hxUwGNTpv5MF9
+Rq7e2/H8E6Gt5w9oDlZZoHmMaIIIz8jxMNwQyCHgvwg0NYY+wpvAuKp7DbKC5Qp9
+fzWGdz2HwenUJyRJf6PZBhXeab/dzJ5uazGbHx5B1lWerwI2UAjzjPMGVO9+Fax9
+Aou/C4JtmordgSE4oPL+VkvgpC2n+eLlCBvWT5CKm/157RetBdVutqdpzHPZaGc/
+wpKqiw01bqt8ogoVDcxa21hMW6R44QDlgnMrdvhcVH/NuEj/+LM1sudChYmbq8qP
+qADgbeizbQnSP5NZgKzZjqVprl4UHrHoUcwTWT4yZgZnm1iz+hbtno8XmadWuolo
+wq+/8XUhqbIcIzHNHbKiiveH/2pKGuMuNngnJT3WbuNIgXA0/7LTOYnAA7ZYMkpH
+hphHzwkoycxT56Gm/88vuZ6VQFZDoca3rYkWysiUnlgLrTHI9Gs1XD7XQJsL34cs
+rlVywiqmwYYHHf4sTXLKyyweDNQmM48eFMP9RgFasOAmFg7OIc7ynr970H6eSkez
+ARW/IgksxrFy6hrg1ehw
+=2sAu
+-----END PGP SIGNATURE-----
--- a/xerces-c-CVE-2016-2099.patch
+++ b/xerces-c-CVE-2016-2099.patch
@ -1,19 +0,0 @@
--- src/xercesc/validators/DTD/DTDScanner.cpp	(revision 1741478)
-+++ src/xercesc/validators/DTD/DTDScanner.cpp	(working copy)
-@@ -2509,7 +2509,15 @@
-         {
-             while (true)
-             {
-                const XMLCh nextCh = fReaderMgr->peekNextChar();
-+                XMLCh nextCh;
-+                
-+                try {
-+                    nextCh = fReaderMgr->peekNextChar();
-+                }
-+                catch (XMLException& ex) {
-+                    fScanner->emitError(XMLErrs::XMLException_Fatal, ex.getCode(), ex.getMessage(), NULL, NULL);
-+                    nextCh = chNull;
-+                }
- 
-                 if (!nextCh)
-                 {
--- a/xerces-c.changes
+++ b/xerces-c.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jul  5 11:59:36 UTC 2016 - tchvatal@suse.com
+
+- Version update to 3.1.4:
+  * Fixes bnc#985860 CVE-2016-4463
+  * xerces-c-CVE-2016-2099.patch removed as it was included upstream
+
 -------------------------------------------------------------------
 Mon Jun 27 12:07:47 UTC 2016 - tchvatal@suse.com

--- a/xerces-c.spec
+++ b/xerces-c.spec
@ -17,7 +17,7 @@


 Name:           xerces-c
-Version:        3.1.3
+Version:        3.1.4
 Release:        0
 Summary:        A Validating XML Parser
 License:        Apache-2.0
@ -27,8 +27,6 @@ Source0:        http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version}
 Source1:        http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version}.tar.gz.asc
 Source2:        %{name}.keyring
 Source3:        baselibs.conf
-# PATCH-FIX-UPSTREAM bsc#979208
-Patch3:         %{name}-CVE-2016-2099.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  pkgconfig
@ -93,7 +91,6 @@ This package includes files needed for development with Xerces-c

 %prep
 %setup -q -n xerces-c-%{version}
-%patch3

 %build
 find . -type d -name .svn -exec rm -Rf "{}" "+"