- update to 3.2.3:
* Custom HTTP headers missing with CURL NetAccessor
* Type Confusion from DTDGrammar to SchemaGrammar
* Patch to build with older GCC
* fix build without pthread
* XMLUTF8Transcoder: One multibyte UTF8 character is swallowed from the srcData when the resulting surrogate pair does not fit in toFill at the end
* Postpone freeing the memory being used by CURL
* Memory leak in ValueVectorOf
* There is an error in the parameters of the ThreadTtest8 script in Apache xerces-c++ XML's tests/script
* Incorrect symbolic links created for Linux static library and MacOS static and shared libraries
* invalid windows version check for `onXPOrLater`
* Handle surrogate pairs when reading a QName instead of ASSERTing
* Janitor.hpp fails to compile on Solaris with Solaris Studio 12.2 and 12.4
* undef symbols on HPUX for ArrayJanitor
* DOM tests crash on AIX
* XMLChar with NEED_TO_GEN_TABLE has 2 buffer out of bounds reads
* Including Xerces_autoconf_config.hpp on Windows fails due to undefined ssize_t
OBS-URL: https://build.opensuse.org/request/show/826884
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xerces-c?expand=0&rev=24
* Custom HTTP headers missing with CURL NetAccessor
* Type Confusion from DTDGrammar to SchemaGrammar
* Patch to build with older GCC
* fix build without pthread
* XMLUTF8Transcoder: One multibyte UTF8 character is swallowed from the srcData when the resulting surrogate pair does not fit in toFill at the end
* Postpone freeing the memory being used by CURL
* Memory leak in ValueVectorOf
* There is an error in the parameters of the ThreadTtest8 script in Apache xerces-c++ XML's tests/script
* Incorrect symbolic links created for Linux static library and MacOS static and shared libraries
* invalid windows version check for `onXPOrLater`
* Handle surrogate pairs when reading a QName instead of ASSERTing
* Janitor.hpp fails to compile on Solaris with Solaris Studio 12.2 and 12.4
* undef symbols on HPUX for ArrayJanitor
* DOM tests crash on AIX
* XMLChar with NEED_TO_GEN_TABLE has 2 buffer out of bounds reads
* Including Xerces_autoconf_config.hpp on Windows fails due to undefined ssize_t
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=32
- Version update to 3.1.4:
* Fixes bnc#985860 CVE-2016-4463
* xerces-c-CVE-2016-2099.patch removed as it was included upstream
- Use pkgconfig requires
- Disable "pretty" make to make it bit faster
- Fix the selfobsoleting provides/requires to silence rpmlint
- Use valid group for the docs
- Resolve rpmlint warnings of type "version-control-internal-file"
- Update to 3.1.3
* bug fixes
+ memcpy used on overlapping memory regions causes sanity test failure
+ Typo in XMLUni::fgUnknownURIName constant
+ Buffer overruns in prolog parsing and error handling
- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream.
- added xerces-c-CVE-2016-2099.patch
Exception handling mistake causing use after free
(bsc#979208, CVE-2016-2099)
- xerces-c-CVE-2016-0729.patch
Fix for mishandling certain kinds of malformed input documents,
resulting in buffer overlows during processing and error reporting.
The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. (bsc#966822, CVE-2016-0729)
OBS-URL: https://build.opensuse.org/request/show/406725
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xerces-c?expand=0&rev=21
- added xerces-c-CVE-2016-2099.patch
Exception handling mistake causing use after free
(bsc#979208, CVE-2016-2099)
- xerces-c-CVE-2016-0729.patch
Fix for mishandling certain kinds of malformed input documents,
resulting in buffer overlows during processing and error reporting.
The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. (bsc#966822, CVE-2016-0729)
OBS-URL: https://build.opensuse.org/request/show/402773
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=21
