Revisions of xerces-c
- update to 3.2.5 (bsc#1159552, CVE-2018-1311): * [XERCESC-2163] - XercesMessages_en_US.cat is installed to wrong directory * [XERCESC-2188] - Use-after-free on external DTD scan * [XERCESC-2242] - Non-default curl location breaks autoconf link detection * Custom HTTP headers missing with CURL NetAccessor + ICUTransService and IconvGNUransService CAN NOT deal with + Problem in prefix parsing while creating Documnet, Element, + Whitespace in xsi:type + XMLUTF8Transcoder::transcodeTo fails with an exception when transcoding single characters that require 3 or more bytes as + XMLUni::fgXercesLoadSchema[] is not null-terminated in + XMLURL.cpp: isHexDigit() and xlatHexDigit() accept whole + Xerces livelocks while reading external DTD if socket closes + Memory leak occurs if an exception is thrown in + DOMDocumentImpl:: getPooledNString(const XMLCh *in, + OutOfMemoryException being thrown on creation of an LS + TranscodeToStr::transcode throws an exception when + ContentSpecNode::getMaxTotalRange: Operator precedence + Add support for GNU/Hurd by using POSIX.1-2001 and + enumeration value ‘Loop’ not handled in switch + Xerces 3.1.1 Xerces.Lib fails to build with new Visual + Code analysis revealed multiple potential NULL derefence + MacOSUnicodeConverter.cpp: ISO C++ forbids comparison - Add baselib.conf in order to build -32Bit. * Check that we have non-NULL host before trying to connect (XERCESC-1920). * Recover from the mismatching start/end even count which may happen when we continue parsing an invalid document (XERCESC-1919). * If the transcoder doesn't process any input, throw an exception (XERCESC-1916). * Delay the recursive expansion of includes until the document fragment has been placed in the final location (XERCESC-1918).
- update to 3.2.4: * [XERCESC-2195] - Invalid attribute in .gitattributes file * [XERCESC-2196] - cross-compiling issue * [XERCESC-2214] - Wrong delete[] in MemBufInputSource dtor * [XERCESC-2217] - ICUTranscoder::transcodeFrom buffer overflow * [XERCESC-2218] - CurlURLInputStream constructor memory leak * [XERCESC-2219] - XMLReader constructor: memory leak when refreshRawBuffer() throws * [XERCESC-2221] - InMemMsgLoader::loadMsg(): fix memory leak when transcoding fails * [XERCESC-2222] - DFAContentModel::checkUniqueParticleAttribution(): fix memory leak * [XERCESC-2223] - SAX2XMLReaderImpl::error(): potential memory leak * [XERCESC-2225] - Link to installed CMake targets of CURL * [XERCESC-2227] - Memleak fixes in ContentSpecNode and ComplexTypeInfo classes * [XERCESC-2228] - DFAContentModel: fix memory leaks when OutOfMemoryException occurs * [XERCESC-2229] - IGXMLScanner::scanDocTypeDecl(): fix memory leak on exception * [XERCESC-2230] - DFAContentModel::buildSyntaxTree(): fix memory leaks when OutOfMemoryException occurs * [XERCESC-2235] - DFAContentModel::buildDFA(): correctly zero-initialize fFollowList * [XERCESC-2236] - Dependencies aren't loaded when using provided CMake config package * [XERCESC-2241] - Integer overflows in DFAContentModel class * [XERCESC-2242] - Non-default curl location breaks autoconf link detection
- update to 3.2.3: * Custom HTTP headers missing with CURL NetAccessor * Type Confusion from DTDGrammar to SchemaGrammar * Patch to build with older GCC * fix build without pthread * XMLUTF8Transcoder: One multibyte UTF8 character is swallowed from the srcData when the resulting surrogate pair does not fit in toFill at the end * Postpone freeing the memory being used by CURL * Memory leak in ValueVectorOf * There is an error in the parameters of the ThreadTtest8 script in Apache xerces-c++ XML's tests/script * Incorrect symbolic links created for Linux static library and MacOS static and shared libraries * invalid windows version check for `onXPOrLater` * Handle surrogate pairs when reading a QName instead of ASSERTing * Janitor.hpp fails to compile on Solaris with Solaris Studio 12.2 and 12.4 * undef symbols on HPUX for ArrayJanitor * DOM tests crash on AIX * XMLChar with NEED_TO_GEN_TABLE has 2 buffer out of bounds reads * Including Xerces_autoconf_config.hpp on Windows fails due to undefined ssize_t
- Fixup rpmlint warning about installed Makefiles (forwarded request 773617 from scarabeus_iv)
- Fix the libname dependency in devel pkg, typo after libname change - Version update to 3.2.2: * Fixes CVE-2017-12627 bsc#1083630 - Remove the switch to disable SSE2 on i586, we support pentium4 as lowest and that has sse2
- Version update to 3.1.4: * Fixes bnc#985860 CVE-2016-4463 * xerces-c-CVE-2016-2099.patch removed as it was included upstream - Use pkgconfig requires - Disable "pretty" make to make it bit faster - Fix the selfobsoleting provides/requires to silence rpmlint - Use valid group for the docs - Resolve rpmlint warnings of type "version-control-internal-file" - Update to 3.1.3 * bug fixes + memcpy used on overlapping memory regions causes sanity test failure + Typo in XMLUni::fgUnknownURIName constant + Buffer overruns in prolog parsing and error handling - Dropped xerces-c-CVE-2016-0729.patch, fixed upstream. - added xerces-c-CVE-2016-2099.patch Exception handling mistake causing use after free (bsc#979208, CVE-2016-2099) - xerces-c-CVE-2016-0729.patch Fix for mishandling certain kinds of malformed input documents, resulting in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. (bsc#966822, CVE-2016-0729)
1
1
Add baselibs.conf -- Citrix reciver (ICAclient) needs libxerces-c-3_1-32bit (forwarded request 210742 from Zaitor)
Disable sse2 instructions on non x86_64 arches, bnc#846539 (forwarded request 204065 from sumski)
update to most recent version (forwarded request 113448 from behrisch)
Automatic submission by obs-autosubmit
Displaying revisions 1 - 20 of 26