Hello community, here is the log from the commit of package xmltooling for openSUSE:Factory checked in at 2018-01-22 16:20:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xmltooling (Old) and /work/SRC/openSUSE:Factory/.xmltooling.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xmltooling" Mon Jan 22 16:20:35 2018 rev:8 rq:568061 version:1.6.3 Changes: -------- --- /work/SRC/openSUSE:Factory/xmltooling/xmltooling.changes 2017-11-27 22:16:08.535575891 +0100 +++ /work/SRC/openSUSE:Factory/.xmltooling.new/xmltooling.changes 2018-01-22 16:21:34.325364393 +0100 @@ -1,0 +2,8 @@ +Mon Jan 15 12:00:19 UTC 2018 - [email protected] + +- update to 1.6.3 + * [CPPXT-127] - DTD-defined entities can be added to XML without + breaking signature [CVE-2018-0486], [bsc#1075975] +- 'Url' -> 'URL' + +------------------------------------------------------------------- Old: ---- xmltooling-1.6.2.tar.bz2 xmltooling-1.6.2.tar.bz2.asc New: ---- xmltooling-1.6.3.tar.bz2 xmltooling-1.6.3.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xmltooling.spec ++++++ --- /var/tmp/diff_new_pack.Du5PMe/_old 2018-01-22 16:21:36.341270106 +0100 +++ /var/tmp/diff_new_pack.Du5PMe/_new 2018-01-22 16:21:36.341270106 +0100 @@ -1,7 +1,7 @@ # # spec file for package xmltooling # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define opensaml_version 2.6.1 %define pkgdocdir %{_docdir}/%{name} Name: xmltooling -Version: 1.6.2 +Version: 1.6.3 Release: 0 Summary: OpenSAML XML library License: Apache-2.0 @@ -60,7 +60,6 @@ Patch29: 0029-CPPXT-110-OpenSSL-1.1-Cleanup-tests.patch Patch30: 0030-CPPXT-110-OpenSSL-1.1-New-build-mechanisms.patch Patch31: 0031-Missed-file-for-OpenSSL1.1-support.patch - BuildRequires: automake BuildRequires: curl-devel >= 7.10.6 BuildRequires: doxygen ++++++ xmltooling-1.6.2.tar.bz2 -> xmltooling-1.6.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.2/config_win32.h new/xmltooling-1.6.3/config_win32.h --- old/xmltooling-1.6.2/config_win32.h 2017-11-17 00:03:06.000000000 +0100 +++ new/xmltooling-1.6.3/config_win32.h 2018-01-11 21:46:39.000000000 +0100 @@ -117,13 +117,13 @@ #define PACKAGE_NAME "xmltooling" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "xmltooling 1.6.2" +#define PACKAGE_STRING "xmltooling 1.6.3" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "xmltooling" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.6.2" +#define PACKAGE_VERSION "1.6.3" /* Define to the necessary symbol if this constant uses a non-standard name on your system. */ @@ -136,7 +136,7 @@ /* #undef TM_IN_SYS_TIME */ /* Version number of package */ -#define VERSION "1.6.1" +#define VERSION "1.6.3" /* Define if you wish to disable XML-Security-dependent features. */ /* #undef XMLTOOLING_NO_XMLSEC */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.2/configure new/xmltooling-1.6.3/configure --- old/xmltooling-1.6.2/configure 2017-11-17 00:03:34.000000000 +0100 +++ new/xmltooling-1.6.3/configure 2018-01-11 21:47:04.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for xmltooling 1.6.2. +# Generated by GNU Autoconf 2.69 for xmltooling 1.6.3. # # Report bugs to <https://issues.shibboleth.net/>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='xmltooling' PACKAGE_TARNAME='xmltooling' -PACKAGE_VERSION='1.6.2' -PACKAGE_STRING='xmltooling 1.6.2' +PACKAGE_VERSION='1.6.3' +PACKAGE_STRING='xmltooling 1.6.3' PACKAGE_BUGREPORT='https://issues.shibboleth.net/' PACKAGE_URL='' @@ -1413,7 +1413,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures xmltooling 1.6.2 to adapt to many kinds of systems. +\`configure' configures xmltooling 1.6.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1483,7 +1483,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of xmltooling 1.6.2:";; + short | recursive ) echo "Configuration of xmltooling 1.6.3:";; esac cat <<\_ACEOF @@ -1619,7 +1619,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -xmltooling configure 1.6.2 +xmltooling configure 1.6.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2354,7 +2354,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by xmltooling $as_me 1.6.2, which was +It was created by xmltooling $as_me 1.6.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3219,7 +3219,7 @@ # Define the identity of the package. PACKAGE='xmltooling' - VERSION='1.6.2' + VERSION='1.6.3' cat >>confdefs.h <<_ACEOF @@ -21695,7 +21695,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by xmltooling $as_me 1.6.2, which was +This file was extended by xmltooling $as_me 1.6.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21761,7 +21761,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -xmltooling config.status 1.6.2 +xmltooling config.status 1.6.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.2/configure.ac new/xmltooling-1.6.3/configure.ac --- old/xmltooling-1.6.2/configure.ac 2017-11-17 00:03:06.000000000 +0100 +++ new/xmltooling-1.6.3/configure.ac 2018-01-11 21:46:39.000000000 +0100 @@ -1,6 +1,6 @@ # Process this file with autoreconf AC_PREREQ([2.50]) -AC_INIT([xmltooling],[1.6.2],[https://issues.shibboleth.net/],[xmltooling]) +AC_INIT([xmltooling],[1.6.3],[https://issues.shibboleth.net/],[xmltooling]) AC_CONFIG_SRCDIR(xmltooling) AC_CONFIG_AUX_DIR(build-aux) AC_CONFIG_MACRO_DIR(m4) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.2/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp new/xmltooling-1.6.3/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp --- old/xmltooling-1.6.2/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp 2016-12-01 04:59:37.000000000 +0100 +++ new/xmltooling-1.6.3/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp 2018-01-11 21:46:33.000000000 +0100 @@ -206,6 +206,8 @@ else if (childNode->getNodeType() == DOMNode::TEXT_NODE || childNode->getNodeType() == DOMNode::CDATA_SECTION_NODE) { m_log.debug("processing text content at position (%d)", position); setTextContent(childNode->getNodeValue(), position); + } else if (childNode->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE || childNode->getNodeType() == DOMNode::ENTITY_NODE) { + throw UnmarshallingException("Unmarshaller found Entity/Reference node."); } childNode = childNode->getNextSibling(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.2/xmltooling/version.h new/xmltooling-1.6.3/xmltooling/version.h --- old/xmltooling-1.6.2/xmltooling/version.h 2017-11-17 00:03:06.000000000 +0100 +++ new/xmltooling-1.6.3/xmltooling/version.h 2018-01-11 21:46:39.000000000 +0100 @@ -44,7 +44,7 @@ #define XMLTOOLING_VERSION_MAJOR 1 #define XMLTOOLING_VERSION_MINOR 6 -#define XMLTOOLING_VERSION_REVISION 2 +#define XMLTOOLING_VERSION_REVISION 3 /** DO NOT MODIFY BELOW THIS LINE */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.2/xmltooling/xmltooling.rc new/xmltooling-1.6.3/xmltooling/xmltooling.rc --- old/xmltooling-1.6.2/xmltooling/xmltooling.rc 2017-11-17 00:03:06.000000000 +0100 +++ new/xmltooling-1.6.3/xmltooling/xmltooling.rc 2018-01-11 21:46:39.000000000 +0100 @@ -28,7 +28,7 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 1,6,2,0 + FILEVERSION 1,6,3,0 PRODUCTVERSION 2,6,1,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG @@ -51,7 +51,7 @@ #else VALUE "FileDescription", "OpenSAML XMLTooling Library\0" #endif - VALUE "FileVersion", "1, 6, 2, 0\0" + VALUE "FileVersion", "1, 6, 3, 0\0" #ifdef XMLTOOLING_LITE #ifdef _DEBUG VALUE "InternalName", "xmltooling-lite1_6D\0" @@ -65,7 +65,7 @@ VALUE "InternalName", "xmltooling1_6\0" #endif #endif - VALUE "LegalCopyright", "Copyright � 2017 UCAID\0" + VALUE "LegalCopyright", "Copyright � 2018 UCAID\0" VALUE "LegalTrademarks", "\0" #ifdef XMLTOOLING_LITE #ifdef _DEBUG diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.2/xmltooling.spec new/xmltooling-1.6.3/xmltooling.spec --- old/xmltooling-1.6.2/xmltooling.spec 2017-11-17 00:07:10.000000000 +0100 +++ new/xmltooling-1.6.3/xmltooling.spec 2018-01-11 21:47:31.000000000 +0100 @@ -1,5 +1,5 @@ Name: xmltooling -Version: 1.6.2 +Version: 1.6.3 Release: 1 Summary: OpenSAML XML Processing library Group: Development/Libraries/C and C++
