- update to 3.2.5 (bsc#1159552, CVE-2018-1311):
* [XERCESC-2163] - XercesMessages_en_US.cat is installed to
wrong directory
* [XERCESC-2188] - Use-after-free on external DTD scan
* [XERCESC-2242] - Non-default curl location breaks autoconf link detection
* Custom HTTP headers missing with CURL NetAccessor
+ ICUTransService and IconvGNUransService CAN NOT deal with
+ Problem in prefix parsing while creating Documnet, Element,
+ Whitespace in xsi:type
+ XMLUTF8Transcoder::transcodeTo fails with an exception when
transcoding single characters that require 3 or more bytes as
+ XMLUni::fgXercesLoadSchema[] is not null-terminated in
+ XMLURL.cpp: isHexDigit() and xlatHexDigit() accept whole
+ Xerces livelocks while reading external DTD if socket closes
+ Memory leak occurs if an exception is thrown in
+ DOMDocumentImpl:: getPooledNString(const XMLCh *in,
+ OutOfMemoryException being thrown on creation of an LS
+ TranscodeToStr::transcode throws an exception when
+ ContentSpecNode::getMaxTotalRange: Operator precedence
+ Add support for GNU/Hurd by using POSIX.1-2001 and
+ enumeration value ‘Loop’ not handled in switch
+ Xerces 3.1.1 Xerces.Lib fails to build with new Visual
+ Code analysis revealed multiple potential NULL derefence
+ MacOSUnicodeConverter.cpp: ISO C++ forbids comparison
- Add baselib.conf in order to build -32Bit.
* Check that we have non-NULL host before trying to connect (XERCESC-1920).
* Recover from the mismatching start/end even count which may happen when we continue parsing an invalid document (XERCESC-1919).
* If the transcoder doesn't process any input, throw an exception (XERCESC-1916).
* Delay the recursive expansion of includes until the document fragment has been placed in the final location (XERCESC-1918).
OBS-URL: https://build.opensuse.org/request/show/1135297
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xerces-c?expand=0&rev=26
* [XERCESC-2163] - XercesMessages_en_US.cat is installed to
wrong directory
* [XERCESC-2188] - Use-after-free on external DTD scan
* [XERCESC-2242] - Non-default curl location breaks autoconf link detection
* Custom HTTP headers missing with CURL NetAccessor
+ ICUTransService and IconvGNUransService CAN NOT deal with
+ Problem in prefix parsing while creating Documnet, Element,
+ Whitespace in xsi:type
+ XMLUTF8Transcoder::transcodeTo fails with an exception when
transcoding single characters that require 3 or more bytes as
+ XMLUni::fgXercesLoadSchema[] is not null-terminated in
+ XMLURL.cpp: isHexDigit() and xlatHexDigit() accept whole
+ Xerces livelocks while reading external DTD if socket closes
+ Memory leak occurs if an exception is thrown in
+ DOMDocumentImpl:: getPooledNString(const XMLCh *in,
+ OutOfMemoryException being thrown on creation of an LS
+ TranscodeToStr::transcode throws an exception when
+ ContentSpecNode::getMaxTotalRange: Operator precedence
+ Add support for GNU/Hurd by using POSIX.1-2001 and
+ enumeration value ‘Loop’ not handled in switch
+ Xerces 3.1.1 Xerces.Lib fails to build with new Visual
+ Code analysis revealed multiple potential NULL derefence
+ MacOSUnicodeConverter.cpp: ISO C++ forbids comparison
- Add baselib.conf in order to build -32Bit.
* Check that we have non-NULL host before trying to connect (XERCESC-1920).
* Recover from the mismatching start/end even count which may happen when we continue parsing an invalid document (XERCESC-1919).
* If the transcoder doesn't process any input, throw an exception (XERCESC-1916).
* Delay the recursive expansion of includes until the document fragment has been placed in the final location (XERCESC-1918).
* The code formatting a content model was skipping the cardinality indicators (*, +, ?) (XERCESC-1914).
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=36
- update to 3.2.3:
* Custom HTTP headers missing with CURL NetAccessor
* Type Confusion from DTDGrammar to SchemaGrammar
* Patch to build with older GCC
* fix build without pthread
* XMLUTF8Transcoder: One multibyte UTF8 character is swallowed from the srcData when the resulting surrogate pair does not fit in toFill at the end
* Postpone freeing the memory being used by CURL
* Memory leak in ValueVectorOf
* There is an error in the parameters of the ThreadTtest8 script in Apache xerces-c++ XML's tests/script
* Incorrect symbolic links created for Linux static library and MacOS static and shared libraries
* invalid windows version check for `onXPOrLater`
* Handle surrogate pairs when reading a QName instead of ASSERTing
* Janitor.hpp fails to compile on Solaris with Solaris Studio 12.2 and 12.4
* undef symbols on HPUX for ArrayJanitor
* DOM tests crash on AIX
* XMLChar with NEED_TO_GEN_TABLE has 2 buffer out of bounds reads
* Including Xerces_autoconf_config.hpp on Windows fails due to undefined ssize_t
OBS-URL: https://build.opensuse.org/request/show/826884
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xerces-c?expand=0&rev=24
* Custom HTTP headers missing with CURL NetAccessor
* Type Confusion from DTDGrammar to SchemaGrammar
* Patch to build with older GCC
* fix build without pthread
* XMLUTF8Transcoder: One multibyte UTF8 character is swallowed from the srcData when the resulting surrogate pair does not fit in toFill at the end
* Postpone freeing the memory being used by CURL
* Memory leak in ValueVectorOf
* There is an error in the parameters of the ThreadTtest8 script in Apache xerces-c++ XML's tests/script
* Incorrect symbolic links created for Linux static library and MacOS static and shared libraries
* invalid windows version check for `onXPOrLater`
* Handle surrogate pairs when reading a QName instead of ASSERTing
* Janitor.hpp fails to compile on Solaris with Solaris Studio 12.2 and 12.4
* undef symbols on HPUX for ArrayJanitor
* DOM tests crash on AIX
* XMLChar with NEED_TO_GEN_TABLE has 2 buffer out of bounds reads
* Including Xerces_autoconf_config.hpp on Windows fails due to undefined ssize_t
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=32
- Version update to 3.1.4:
* Fixes bnc#985860 CVE-2016-4463
* xerces-c-CVE-2016-2099.patch removed as it was included upstream
- Use pkgconfig requires
- Disable "pretty" make to make it bit faster
- Fix the selfobsoleting provides/requires to silence rpmlint
- Use valid group for the docs
- Resolve rpmlint warnings of type "version-control-internal-file"
- Update to 3.1.3
* bug fixes
+ memcpy used on overlapping memory regions causes sanity test failure
+ Typo in XMLUni::fgUnknownURIName constant
+ Buffer overruns in prolog parsing and error handling
- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream.
- added xerces-c-CVE-2016-2099.patch
Exception handling mistake causing use after free
(bsc#979208, CVE-2016-2099)
- xerces-c-CVE-2016-0729.patch
Fix for mishandling certain kinds of malformed input documents,
resulting in buffer overlows during processing and error reporting.
The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. (bsc#966822, CVE-2016-0729)
OBS-URL: https://build.opensuse.org/request/show/406725
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xerces-c?expand=0&rev=21
- added xerces-c-CVE-2016-2099.patch
Exception handling mistake causing use after free
(bsc#979208, CVE-2016-2099)
- xerces-c-CVE-2016-0729.patch
Fix for mishandling certain kinds of malformed input documents,
resulting in buffer overlows during processing and error reporting.
The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. (bsc#966822, CVE-2016-0729)
OBS-URL: https://build.opensuse.org/request/show/402773
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=21
