Hello community, here is the log from the commit of package xerces-c for openSUSE:Factory checked in at 2016-07-07 15:09:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xerces-c (Old) and /work/SRC/openSUSE:Factory/.xerces-c.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xerces-c" Changes: -------- --- /work/SRC/openSUSE:Factory/xerces-c/xerces-c.changes 2015-10-14 16:38:41.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.xerces-c.new/xerces-c.changes 2016-07-07 15:09:19.000000000 +0200 @@ -1,0 +2,42 @@ +Tue Jul 5 11:59:36 UTC 2016 - [email protected] + +- Version update to 3.1.4: + * Fixes bnc#985860 CVE-2016-4463 + * xerces-c-CVE-2016-2099.patch removed as it was included upstream + +------------------------------------------------------------------- +Mon Jun 27 12:07:47 UTC 2016 - [email protected] + +- Use pkgconfig requires +- Disable "pretty" make to make it bit faster +- Fix the selfobsoleting provides/requires to silence rpmlint +- Use valid group for the docs + +------------------------------------------------------------------- +Wed Jun 22 14:02:13 UTC 2016 - [email protected] + +- Resolve rpmlint warnings of type "version-control-internal-file" + +------------------------------------------------------------------- +Mon Jun 21 11:00:01 CEST 2016 - [email protected] + +- Update to 3.1.3 + * bug fixes + + memcpy used on overlapping memory regions causes sanity test failure + + Typo in XMLUni::fgUnknownURIName constant + + Buffer overruns in prolog parsing and error handling +- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream. + +------------------------------------------------------------------- +Thu Jun 16 15:43:53 UTC 2016 - [email protected] + +- added xerces-c-CVE-2016-2099.patch + Exception handling mistake causing use after free + (bsc#979208, CVE-2016-2099) +- xerces-c-CVE-2016-0729.patch + Fix for mishandling certain kinds of malformed input documents, + resulting in buffer overlows during processing and error reporting. + The overflows can manifest as a segmentation fault or as memory + corruption during a parse operation. (bsc#966822, CVE-2016-0729) + +------------------------------------------------------------------- @@ -59,0 +102 @@ +------------------------------------------------------------------- Old: ---- xerces-c-3.1.2.tar.gz xerces-c-3.1.2.tar.gz.asc New: ---- xerces-c-3.1.4.tar.gz xerces-c-3.1.4.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xerces-c.spec ++++++ --- /var/tmp/diff_new_pack.A19MW1/_old 2016-07-07 15:09:20.000000000 +0200 +++ /var/tmp/diff_new_pack.A19MW1/_new 2016-07-07 15:09:20.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package xerces-c # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: xerces-c -Version: 3.1.2 +Version: 3.1.4 Release: 0 Summary: A Validating XML Parser License: Apache-2.0 @@ -29,8 +29,8 @@ Source3: baselibs.conf BuildRequires: fdupes BuildRequires: gcc-c++ -BuildRequires: libicu-devel -BuildRequires: pkg-config +BuildRequires: pkgconfig +BuildRequires: pkgconfig(icu-i18n) BuildRequires: pkgconfig(libcurl) BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -44,7 +44,7 @@ %package doc Summary: Documentation for %{name} -Group: Documentation +Group: Documentation/Other %description doc Xerces-C is a validating XML parser written in a portable subset of @@ -60,7 +60,7 @@ Summary: Shared libraries for Xerces-c - a validating XML parser Group: Productivity/Publishing/XML Provides: Xerces-c = %{version} -Obsoletes: Xerces-c <= %{version} +Obsoletes: Xerces-c < %{version} %description -n libxerces-c-3_1 Xerces-C is a validating XML parser written in a portable subset of @@ -77,9 +77,9 @@ Group: Development/Libraries/C and C++ Requires: libxerces-c-3_1 = %{version} Provides: Xerces-c-devel = %{version} -Obsoletes: Xerces-c-devel <= %{version} +Obsoletes: Xerces-c-devel < %{version} Provides: libXerces-c-devel = %{version} -Obsoletes: libXerces-c-devel <= %{version} +Obsoletes: libXerces-c-devel < %{version} %description -n libxerces-c-devel Xerces-C is a validating XML parser written in a portable subset of @@ -93,21 +93,22 @@ %setup -q -n xerces-c-%{version} %build +find . -type d -name .svn -exec rm -Rf "{}" "+" %configure \ %ifnarch x86_64 --disable-sse2 \ %endif --enable-netaccessor-curl \ - --disable-static + --disable-static \ + --disable-pretty-make make %{?_smp_mflags} %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +make %{?_smp_mflags} DESTDIR=%{buildroot} install find %{buildroot} -type f -name "*.la" -delete -print %fdupes -s doc %post -n libxerces-c-3_1 -p /sbin/ldconfig - %postun -n libxerces-c-3_1 -p /sbin/ldconfig %files ++++++ xerces-c-3.1.2.tar.gz -> xerces-c-3.1.4.tar.gz ++++++ /work/SRC/openSUSE:Factory/xerces-c/xerces-c-3.1.2.tar.gz /work/SRC/openSUSE:Factory/.xerces-c.new/xerces-c-3.1.4.tar.gz differ: char 5, line 1
