From 62365853c1c81da8831d95db698430317ef0e4fe46bd51b4547ae42b24e2b3b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Thu, 27 Sep 2018 06:52:33 +0000 Subject: [PATCH 1/2] - Version update to 3.2.2: * Fixes CVE-2017-12627 bsc#1083630 - Remove the switch to disable SSE2 on i586, we support pentium4 as lowest and that has sse2 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=27 --- baselibs.conf | 2 +- xerces-c-3.1.4.tar.gz | 3 --- xerces-c-3.1.4.tar.gz.asc | 17 ----------------- xerces-c-3.2.2.tar.gz | 3 +++ xerces-c-3.2.2.tar.gz.asc | 16 ++++++++++++++++ xerces-c.changes | 8 ++++++++ xerces-c.spec | 38 ++++++++++++++++---------------------- 7 files changed, 44 insertions(+), 43 deletions(-) delete mode 100644 xerces-c-3.1.4.tar.gz delete mode 100644 xerces-c-3.1.4.tar.gz.asc create mode 100644 xerces-c-3.2.2.tar.gz create mode 100644 xerces-c-3.2.2.tar.gz.asc diff --git a/baselibs.conf b/baselibs.conf index af16f9e..960d66a 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1 +1 @@ -libxerces-c-3_1 +libxerces-c-3_2 diff --git a/xerces-c-3.1.4.tar.gz b/xerces-c-3.1.4.tar.gz deleted file mode 100644 index fe2a426..0000000 --- a/xerces-c-3.1.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c98eedac4cf8a73b09366ad349cb3ef30640e7a3089d360d40a3dde93f66ecf6 -size 6992545 diff --git a/xerces-c-3.1.4.tar.gz.asc b/xerces-c-3.1.4.tar.gz.asc deleted file mode 100644 index f32b80a..0000000 --- a/xerces-c-3.1.4.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQIcBAABCAAGBQJXc8xIAAoJEDeLhFQCJ3liTREP/ji8nDOE1eusTdEhAZQl4YGt -ENLusM2UKEs7/dyPJIQoRQ1kUQdzhtcWKA23Nzb55Cs2bAuOkWLD7K20DlqJG1w0 -eoMG+KFtTsKBuGI/xEwMNw25HoIU7JvcFFhFMLRmOxMugmOYMW8hxUwGNTpv5MF9 -Rq7e2/H8E6Gt5w9oDlZZoHmMaIIIz8jxMNwQyCHgvwg0NYY+wpvAuKp7DbKC5Qp9 -fzWGdz2HwenUJyRJf6PZBhXeab/dzJ5uazGbHx5B1lWerwI2UAjzjPMGVO9+Fax9 -Aou/C4JtmordgSE4oPL+VkvgpC2n+eLlCBvWT5CKm/157RetBdVutqdpzHPZaGc/ -wpKqiw01bqt8ogoVDcxa21hMW6R44QDlgnMrdvhcVH/NuEj/+LM1sudChYmbq8qP -qADgbeizbQnSP5NZgKzZjqVprl4UHrHoUcwTWT4yZgZnm1iz+hbtno8XmadWuolo -wq+/8XUhqbIcIzHNHbKiiveH/2pKGuMuNngnJT3WbuNIgXA0/7LTOYnAA7ZYMkpH -hphHzwkoycxT56Gm/88vuZ6VQFZDoca3rYkWysiUnlgLrTHI9Gs1XD7XQJsL34cs -rlVywiqmwYYHHf4sTXLKyyweDNQmM48eFMP9RgFasOAmFg7OIc7ynr970H6eSkez -ARW/IgksxrFy6hrg1ehw -=2sAu ------END PGP SIGNATURE----- diff --git a/xerces-c-3.2.2.tar.gz b/xerces-c-3.2.2.tar.gz new file mode 100644 index 0000000..db90c3d --- /dev/null +++ b/xerces-c-3.2.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:dd6191f8aa256d3b4686b64b0544eea2b450d98b4254996ffdfe630e0c610413 +size 7100953 diff --git a/xerces-c-3.2.2.tar.gz.asc b/xerces-c-3.2.2.tar.gz.asc new file mode 100644 index 0000000..6153866 --- /dev/null +++ b/xerces-c-3.2.2.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE3KoVAHvtneaQzZUjN4uEVAIneWIFAluiUJUACgkQN4uEVAIn +eWJlNQ/+ONdZD2zO+TpUaz5FBHQJFgyaXE8TedZSnlmgoxdVQjSVTMcYicIWy2dG +wfJTH2CNyxUv6haJa0vOIO88nbsZyDRbw734P1+5VsDpFEGGn5Sr/oupKOL7pQra +LGHI+jH/1ACRvupVFAIRB/j8QA4tV0Tem0inddzya3giEidxE8dR8jGzlqW54fDf +cwlM4F+ooDQLdbgvN22SOKtMp/pEGCHxArJvNqz+8bxfFuCBtbJg+XlEIrTz8Tly +b08jecW/Kz/RyovIuZ18gLGkoyXGEsZ9HcZWeSlmVeZOMQjjjZTNKzwkcoihIlZI +CuiEbstW0VeFF9xoUmtj3NdrSKbSqMicQFYM3A/fFcosqXwf6sce1RjPQhAZPdrj +DdEHv7zb5PZV/nrvoSzqhfKx0ID+VYQMy0B5EYJxH8TH5lQ4oeLaRerezeTC/jGy +j0BkgBBhwqEwRwU6MjmQgOdkaucAUVdACiv2V7ooYiR3kcUsEm6VkRMXV3NXDp0s +oAdolHiX4ZQ59NEgdf1CzkEHOR6vYS2JEZZ1CX4/ocyU9zyOPisTJtg+hiXY5PO9 +sTToh7PqEknUfCaxFzuoFqWYhw9RlklEADmA93lmhOaWQcHSjTpW/rCwLAclfhUw +SVoQpxDdEvPeDq7uN4hHFY2+FW/9IF6Z+SEAnnAiEwt0TevjKHI= +=CjcP +-----END PGP SIGNATURE----- diff --git a/xerces-c.changes b/xerces-c.changes index 6cb7af2..6612510 100644 --- a/xerces-c.changes +++ b/xerces-c.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Sep 27 06:47:42 UTC 2018 - Tomáš Chvátal + +- Version update to 3.2.2: + * Fixes CVE-2017-12627 bsc#1083630 +- Remove the switch to disable SSE2 on i586, we support pentium4 as + lowest and that has sse2 + ------------------------------------------------------------------- Tue Jul 5 11:59:36 UTC 2016 - tchvatal@suse.com diff --git a/xerces-c.spec b/xerces-c.spec index 2adf284..17c07f7 100644 --- a/xerces-c.spec +++ b/xerces-c.spec @@ -1,7 +1,7 @@ # # spec file for package xerces-c # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,17 +12,17 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: xerces-c -Version: 3.1.4 +Version: 3.2.2 Release: 0 Summary: A Validating XML Parser License: Apache-2.0 Group: Productivity/Publishing/XML -Url: http://xerces.apache.org/xerces-c/ +URL: http://xerces.apache.org/xerces-c/ Source0: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version}.tar.gz Source1: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version}.tar.gz.asc Source2: %{name}.keyring @@ -32,7 +32,6 @@ BuildRequires: gcc-c++ BuildRequires: pkgconfig BuildRequires: pkgconfig(icu-i18n) BuildRequires: pkgconfig(libcurl) -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Xerces-C is a validating XML parser written in a portable subset of @@ -56,13 +55,13 @@ faithful to the XML 1.0 recommendation and associated standards ( DOM This package contains just documentation. -%package -n libxerces-c-3_1 +%package -n libxerces-c-3_2 Summary: Shared libraries for Xerces-c - a validating XML parser Group: Productivity/Publishing/XML Provides: Xerces-c = %{version} Obsoletes: Xerces-c < %{version} -%description -n libxerces-c-3_1 +%description -n libxerces-c-3_2 Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, @@ -95,38 +94,33 @@ This package includes files needed for development with Xerces-c %build find . -type d -name .svn -exec rm -Rf "{}" "+" %configure \ -%ifnarch x86_64 - --disable-sse2 \ -%endif --enable-netaccessor-curl \ --disable-static \ - --disable-pretty-make + --disable-silent-rules make %{?_smp_mflags} %install -make %{?_smp_mflags} DESTDIR=%{buildroot} install +%make_install find %{buildroot} -type f -name "*.la" -delete -print %fdupes -s doc -%post -n libxerces-c-3_1 -p /sbin/ldconfig -%postun -n libxerces-c-3_1 -p /sbin/ldconfig +%post -n libxerces-c-3_2 -p /sbin/ldconfig +%postun -n libxerces-c-3_2 -p /sbin/ldconfig %files -%defattr(-,root,root) -%doc CREDITS KEYS LICENSE NOTICE README +%license LICENSE +%doc CREDITS KEYS NOTICE README %{_bindir}/* %files doc -%defattr(-,root,root) -%doc CREDITS KEYS LICENSE NOTICE README +%license LICENSE +%doc CREDITS KEYS NOTICE README %doc doc/* -%files -n libxerces-c-3_1 -%defattr(-,root,root) -%{_libdir}/libxerces-c-3.1.so +%files -n libxerces-c-3_2 +%{_libdir}/libxerces-c-3.2.so %files -n libxerces-c-devel -%defattr(-,root,root) %{_includedir}/xercesc %{_libdir}/libxerces-c.so %{_libdir}/pkgconfig/xerces-c.pc From 56697ba94b2234da2be5ff5b90a61655e3105a908b24a8b271b30efb4ea5e98f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 2 Oct 2018 10:01:49 +0000 Subject: [PATCH 2/2] - Fix the libname dependency in devel pkg, typo after libname change OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=28 --- xerces-c.changes | 6 ++++++ xerces-c.spec | 15 ++++++++------- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/xerces-c.changes b/xerces-c.changes index 6612510..b70634f 100644 --- a/xerces-c.changes +++ b/xerces-c.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Oct 2 10:01:02 UTC 2018 - Tomáš Chvátal + +- Fix the libname dependency in devel pkg, typo after libname + change + ------------------------------------------------------------------- Thu Sep 27 06:47:42 UTC 2018 - Tomáš Chvátal diff --git a/xerces-c.spec b/xerces-c.spec index 17c07f7..ea11d49 100644 --- a/xerces-c.spec +++ b/xerces-c.spec @@ -16,6 +16,7 @@ # +%define libname libxerces-c-3_2 Name: xerces-c Version: 3.2.2 Release: 0 @@ -55,13 +56,13 @@ faithful to the XML 1.0 recommendation and associated standards ( DOM This package contains just documentation. -%package -n libxerces-c-3_2 +%package -n %{libname} Summary: Shared libraries for Xerces-c - a validating XML parser Group: Productivity/Publishing/XML Provides: Xerces-c = %{version} Obsoletes: Xerces-c < %{version} -%description -n libxerces-c-3_2 +%description -n %{libname} Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, @@ -74,7 +75,7 @@ This package contains shared libraries. %package -n libxerces-c-devel Summary: A validating XML parser - Development Files Group: Development/Libraries/C and C++ -Requires: libxerces-c-3_1 = %{version} +Requires: %{libname} = %{version} Provides: Xerces-c-devel = %{version} Obsoletes: Xerces-c-devel < %{version} Provides: libXerces-c-devel = %{version} @@ -104,8 +105,8 @@ make %{?_smp_mflags} find %{buildroot} -type f -name "*.la" -delete -print %fdupes -s doc -%post -n libxerces-c-3_2 -p /sbin/ldconfig -%postun -n libxerces-c-3_2 -p /sbin/ldconfig +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig %files %license LICENSE @@ -117,8 +118,8 @@ find %{buildroot} -type f -name "*.la" -delete -print %doc CREDITS KEYS NOTICE README %doc doc/* -%files -n libxerces-c-3_2 -%{_libdir}/libxerces-c-3.2.so +%files -n %{libname} +%{_libdir}/libxerces-c-*.so %files -n libxerces-c-devel %{_includedir}/xercesc