Hello community, here is the log from the commit of package xmltooling for openSUSE:Factory checked in at 2019-03-22 15:09:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xmltooling (Old) and /work/SRC/openSUSE:Factory/.xmltooling.new.25356 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xmltooling" Fri Mar 22 15:09:09 2019 rev:12 rq:687305 version:3.0.4 Changes: -------- --- /work/SRC/openSUSE:Factory/xmltooling/xmltooling.changes 2019-02-11 21:29:02.690962010 +0100 +++ /work/SRC/openSUSE:Factory/.xmltooling.new.25356/xmltooling.changes 2019-03-22 15:09:12.373399072 +0100 @@ -1,0 +2,8 @@ +Wed Mar 20 12:51:06 UTC 2019 - Kristýna Streitová <[email protected]> + +- update to 3.0.4 + * [CPPXT-143] - Crash due to uncaught DOMException + [bsc#1129537] [CVE-2019-9628] + * [CPPXT-144] - CURL SOAP Transport: unset Expect Header + +------------------------------------------------------------------- Old: ---- xmltooling-3.0.3.tar.bz2 xmltooling-3.0.3.tar.bz2.asc New: ---- xmltooling-3.0.4.tar.bz2 xmltooling-3.0.4.tar.bz2.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xmltooling.spec ++++++ --- /var/tmp/diff_new_pack.5DYo68/_old 2019-03-22 15:09:13.109398436 +0100 +++ /var/tmp/diff_new_pack.5DYo68/_new 2019-03-22 15:09:13.117398429 +0100 @@ -17,10 +17,10 @@ %define libvers 8 -%define opensaml_version 3.0.0 +%define opensaml_version 3.0.1 %define pkgdocdir %{_docdir}/%{name} Name: xmltooling -Version: 3.0.3 +Version: 3.0.4 Release: 0 Summary: OpenSAML XML Processing library License: Apache-2.0 ++++++ xmltooling-3.0.3.tar.bz2 -> xmltooling-3.0.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.3/config_win32.h new/xmltooling-3.0.4/config_win32.h --- old/xmltooling-3.0.3/config_win32.h 2018-10-11 22:32:28.000000000 +0200 +++ new/xmltooling-3.0.4/config_win32.h 2019-03-08 15:44:44.000000000 +0100 @@ -106,13 +106,13 @@ #define PACKAGE_NAME "xmltooling" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "xmltooling 3.0.3" +#define PACKAGE_STRING "xmltooling 3.0.4" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "xmltooling" /* Define to the version of this package. */ -#define PACKAGE_VERSION "3.0.3" +#define PACKAGE_VERSION "3.0.4" /* Define to the necessary symbol if this constant uses a non-standard name on your system. */ @@ -125,7 +125,7 @@ /* #undef TM_IN_SYS_TIME */ /* Version number of package */ -#define VERSION "3.0.3" +#define VERSION "3.0.4" /* Define if you wish to disable XML-Security-dependent features. */ /* #undef XMLTOOLING_NO_XMLSEC */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.3/configure new/xmltooling-3.0.4/configure --- old/xmltooling-3.0.3/configure 2018-10-12 20:28:11.000000000 +0200 +++ new/xmltooling-3.0.4/configure 2019-03-08 15:45:41.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for xmltooling 3.0.3. +# Generated by GNU Autoconf 2.69 for xmltooling 3.0.4. # # Report bugs to <https://issues.shibboleth.net/>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='xmltooling' PACKAGE_TARNAME='xmltooling' -PACKAGE_VERSION='3.0.3' -PACKAGE_STRING='xmltooling 3.0.3' +PACKAGE_VERSION='3.0.4' +PACKAGE_STRING='xmltooling 3.0.4' PACKAGE_BUGREPORT='https://issues.shibboleth.net/' PACKAGE_URL='' @@ -1449,7 +1449,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures xmltooling 3.0.3 to adapt to many kinds of systems. +\`configure' configures xmltooling 3.0.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1519,7 +1519,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of xmltooling 3.0.3:";; + short | recursive ) echo "Configuration of xmltooling 3.0.4:";; esac cat <<\_ACEOF @@ -1687,7 +1687,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -xmltooling configure 3.0.3 +xmltooling configure 3.0.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2422,7 +2422,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by xmltooling $as_me 3.0.3, which was +It was created by xmltooling $as_me 3.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3287,7 +3287,7 @@ # Define the identity of the package. PACKAGE='xmltooling' - VERSION='3.0.3' + VERSION='3.0.4' cat >>confdefs.h <<_ACEOF @@ -21853,7 +21853,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by xmltooling $as_me 3.0.3, which was +This file was extended by xmltooling $as_me 3.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21919,7 +21919,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -xmltooling config.status 3.0.3 +xmltooling config.status 3.0.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.3/configure.ac new/xmltooling-3.0.4/configure.ac --- old/xmltooling-3.0.3/configure.ac 2018-10-12 20:23:43.000000000 +0200 +++ new/xmltooling-3.0.4/configure.ac 2019-03-08 15:44:44.000000000 +0100 @@ -1,6 +1,6 @@ # Process this file with autoreconf AC_PREREQ([2.50]) -AC_INIT([xmltooling],[3.0.3],[https://issues.shibboleth.net/],[xmltooling]) +AC_INIT([xmltooling],[3.0.4],[https://issues.shibboleth.net/],[xmltooling]) AC_CONFIG_SRCDIR(xmltooling) AC_CONFIG_AUX_DIR(build-aux) AC_CONFIG_MACRO_DIR(m4) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.3/xmltooling/Makefile.am new/xmltooling-3.0.4/xmltooling/Makefile.am --- old/xmltooling-3.0.3/xmltooling/Makefile.am 2018-11-09 16:42:30.000000000 +0100 +++ new/xmltooling-3.0.4/xmltooling/Makefile.am 2019-03-08 15:44:44.000000000 +0100 @@ -229,7 +229,7 @@ $(PTHREAD_LIBS) \ $(dlopen_LIBS) -AM_LDFLAGS = -version-info 8:3:0 +AM_LDFLAGS = -version-info 8:4:0 libxmltooling_lite_la_SOURCES = \ ${common_sources} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.3/xmltooling/Makefile.in new/xmltooling-3.0.4/xmltooling/Makefile.in --- old/xmltooling-3.0.3/xmltooling/Makefile.in 2018-11-09 16:42:35.000000000 +0100 +++ new/xmltooling-3.0.4/xmltooling/Makefile.in 2019-03-08 15:45:41.000000000 +0100 @@ -913,7 +913,7 @@ $(PTHREAD_LIBS) \ $(dlopen_LIBS) -AM_LDFLAGS = -version-info 8:3:0 +AM_LDFLAGS = -version-info 8:4:0 libxmltooling_lite_la_SOURCES = \ ${common_sources} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.3/xmltooling/soap/impl/CURLSOAPTransport.cpp new/xmltooling-3.0.4/xmltooling/soap/impl/CURLSOAPTransport.cpp --- old/xmltooling-3.0.3/xmltooling/soap/impl/CURLSOAPTransport.cpp 2018-10-12 19:33:58.000000000 +0200 +++ new/xmltooling-3.0.4/xmltooling/soap/impl/CURLSOAPTransport.cpp 2019-03-08 15:44:44.000000000 +0100 @@ -90,7 +90,8 @@ curl_easy_setopt(m_handle,CURLOPT_USERPWD,0); curl_easy_setopt(m_handle,CURLOPT_SSL_VERIFYHOST,2); curl_easy_setopt(m_handle,CURLOPT_HEADERDATA,this); - m_headers=curl_slist_append(m_headers,"Content-Type: text/xml"); + m_headers = curl_slist_append(m_headers, "Content-Type: text/xml"); + m_headers = curl_slist_append(m_headers, "Expect:"); } virtual ~CURLSOAPTransport() { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.3/xmltooling/util/CurlURLInputStream.cpp new/xmltooling-3.0.4/xmltooling/util/CurlURLInputStream.cpp --- old/xmltooling-3.0.3/xmltooling/util/CurlURLInputStream.cpp 2018-07-10 03:00:14.000000000 +0200 +++ new/xmltooling-3.0.4/xmltooling/util/CurlURLInputStream.cpp 2019-03-08 15:44:44.000000000 +0100 @@ -305,6 +305,8 @@ " libcurl/" + LIBCURL_VERSION + ' ' + OPENSSL_VERSION_TEXT; fHeaders = curl_slist_append(fHeaders, ua.c_str()); + fHeaders = curl_slist_append(fHeaders, "Expect:"); + // Add User-Agent and cache headers. curl_easy_setopt(fEasy, CURLOPT_HTTPHEADER, fHeaders); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.3/xmltooling/util/ParserPool.cpp new/xmltooling-3.0.4/xmltooling/util/ParserPool.cpp --- old/xmltooling-3.0.3/xmltooling/util/ParserPool.cpp 2018-07-10 03:00:14.000000000 +0200 +++ new/xmltooling-3.0.4/xmltooling/util/ParserPool.cpp 2019-03-08 15:44:44.000000000 +0100 @@ -148,14 +148,28 @@ checkinBuilder(janitor.release()); return doc; } - catch (XMLException& ex) { + catch (const DOMException& ex) { + parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr); + parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true); + checkinBuilder(janitor.release()); + auto_ptr_char temp(ex.getMessage()); + throw XMLParserException(string("DOM error during parsing: ") + (temp.get() ? temp.get() : "no message")); + } + catch (const SAXException& ex) { + parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr); + parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true); + checkinBuilder(janitor.release()); + auto_ptr_char temp(ex.getMessage()); + throw XMLParserException(string("SAX error during parsing: ") + (temp.get() ? temp.get() : "no message")); + } + catch (const XMLException& ex) { parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr); parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true); checkinBuilder(janitor.release()); auto_ptr_char temp(ex.getMessage()); throw XMLParserException(string("Xerces error during parsing: ") + (temp.get() ? temp.get() : "no message")); } - catch (XMLToolingException&) { + catch (const XMLToolingException&) { parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, (void*)nullptr); parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true); checkinBuilder(janitor.release()); @@ -220,8 +234,11 @@ trim(temp); vector<string> catpaths; split(catpaths, temp, is_any_of(PATH_SEPARATOR_STR), algorithm::token_compress_on); - static bool (ParserPool::* lc)(const char*) = &ParserPool::loadCatalog; - for_each(catpaths.begin(), catpaths.end(), boost::bind(lc, this, boost::bind(&string::c_str, _1))); + + for (vector<string>::const_iterator i = catpaths.begin(); i != catpaths.end(); ++i) { + loadCatalog(i->c_str()); + } + return !catpaths.empty(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.3/xmltooling/version.h new/xmltooling-3.0.4/xmltooling/version.h --- old/xmltooling-3.0.3/xmltooling/version.h 2018-10-11 22:31:05.000000000 +0200 +++ new/xmltooling-3.0.4/xmltooling/version.h 2019-03-08 15:44:44.000000000 +0100 @@ -44,7 +44,7 @@ #define XMLTOOLING_VERSION_MAJOR 3 #define XMLTOOLING_VERSION_MINOR 0 -#define XMLTOOLING_VERSION_REVISION 3 +#define XMLTOOLING_VERSION_REVISION 4 /** DO NOT MODIFY BELOW THIS LINE */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-3.0.3/xmltooling/xmltooling.rc new/xmltooling-3.0.4/xmltooling/xmltooling.rc --- old/xmltooling-3.0.3/xmltooling/xmltooling.rc 2018-10-11 22:31:36.000000000 +0200 +++ new/xmltooling-3.0.4/xmltooling/xmltooling.rc 2019-03-08 15:44:44.000000000 +0100 @@ -28,8 +28,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 3,0,3,0 - PRODUCTVERSION 3,0,0,0 + FILEVERSION 3,0,4,0 + PRODUCTVERSION 3,0,1,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -51,7 +51,7 @@ #else VALUE "FileDescription", "OpenSAML XMLTooling Library\0" #endif - VALUE "FileVersion", "3, 0, 3, 0\0" + VALUE "FileVersion", "3, 0, 4, 0\0" #ifdef XMLTOOLING_LITE #ifdef _DEBUG VALUE "InternalName", "xmltooling-lite3_0D\0" @@ -65,7 +65,7 @@ VALUE "InternalName", "xmltooling3_0\0" #endif #endif - VALUE "LegalCopyright", "Copyright � 2018 UCAID\0" + VALUE "LegalCopyright", "Copyright 2019 UCAID\0" VALUE "LegalTrademarks", "\0" #ifdef XMLTOOLING_LITE #ifdef _DEBUG @@ -81,8 +81,8 @@ #endif #endif VALUE "PrivateBuild", "\0" - VALUE "ProductName", "OpenSAML 3.0.0\0" - VALUE "ProductVersion", "3, 0, 0, 0\0" + VALUE "ProductName", "OpenSAML 3.0.1\0" + VALUE "ProductVersion", "3, 0, 1, 0\0" VALUE "SpecialBuild", "\0" END END
