Changelog for
libxerces-c-devel-3.2.5-lp156.54.1.x86_64.rpm :
* Wed Sep 11 2024 Martin Schreiner
- Enable gnuiconv transcoder, permanent fix for bsc#1223088.
* Wed Dec 27 2023 Dirk Müller - update to 3.2.5 (bsc#1159552, CVE-2018-1311):
* [XERCESC-2163] - XercesMessages_en_US.cat is installed to wrong directory
* [XERCESC-2188] - Use-after-free on external DTD scan
* Wed Oct 26 2022 Dirk Müller - update to 3.2.4:
* [XERCESC-2195] - Invalid attribute in .gitattributes file
* [XERCESC-2196] - cross-compiling issue
* [XERCESC-2214] - Wrong delete[] in MemBufInputSource dtor
* [XERCESC-2217] - ICUTranscoder::transcodeFrom buffer overflow
* [XERCESC-2218] - CurlURLInputStream constructor memory leak
* [XERCESC-2219] - XMLReader constructor: memory leak when refreshRawBuffer() throws
* [XERCESC-2221] - InMemMsgLoader::loadMsg(): fix memory leak when transcoding fails
* [XERCESC-2222] - DFAContentModel::checkUniqueParticleAttribution(): fix memory leak
* [XERCESC-2223] - SAX2XMLReaderImpl::error(): potential memory leak
* [XERCESC-2225] - Link to installed CMake targets of CURL
* [XERCESC-2227] - Memleak fixes in ContentSpecNode and ComplexTypeInfo classes
* [XERCESC-2228] - DFAContentModel: fix memory leaks when OutOfMemoryException occurs
* [XERCESC-2229] - IGXMLScanner::scanDocTypeDecl(): fix memory leak on exception
* [XERCESC-2230] - DFAContentModel::buildSyntaxTree(): fix memory leaks when OutOfMemoryException occurs
* [XERCESC-2235] - DFAContentModel::buildDFA(): correctly zero-initialize fFollowList
* [XERCESC-2236] - Dependencies aren\'t loaded when using provided CMake config package
* [XERCESC-2241] - Integer overflows in DFAContentModel class
* [XERCESC-2242] - Non-default curl location breaks autoconf link detection
* Sat Aug 15 2020 Dirk Mueller - update to 3.2.3:
* Custom HTTP headers missing with CURL NetAccessor
* Type Confusion from DTDGrammar to SchemaGrammar
* Patch to build with older GCC
* fix build without pthread
* XMLUTF8Transcoder: One multibyte UTF8 character is swallowed from the srcData when the resulting surrogate pair does not fit in toFill at the end
* Postpone freeing the memory being used by CURL
* Memory leak in ValueVectorOf
* There is an error in the parameters of the ThreadTtest8 script in Apache xerces-c++ XML\'s tests/script
* Incorrect symbolic links created for Linux static library and MacOS static and shared libraries
* invalid windows version check for `onXPOrLater`
* Handle surrogate pairs when reading a QName instead of ASSERTing
* Janitor.hpp fails to compile on Solaris with Solaris Studio 12.2 and 12.4
* undef symbols on HPUX for ArrayJanitor
* DOM tests crash on AIX
* XMLChar with NEED_TO_GEN_TABLE has 2 buffer out of bounds reads
* Including Xerces_autoconf_config.hpp on Windows fails due to undefined ssize_t
* Wed Feb 12 2020 Tomáš Chvátal - Fixup rpmlint warning about installed Makefiles
* Tue Oct 02 2018 Tomáš Chvátal - Fix the libname dependency in devel pkg, typo after libname change
* Thu Sep 27 2018 Tomáš Chvátal - Version update to 3.2.2:
* Fixes CVE-2017-12627 bsc#1083630- Remove the switch to disable SSE2 on i586, we support pentium4 as lowest and that has sse2
* Tue Jul 05 2016 tchvatalAATTsuse.com- Version update to 3.1.4:
* Fixes bnc#985860 CVE-2016-4463
* xerces-c-CVE-2016-2099.patch removed as it was included upstream
* Mon Jun 27 2016 tchvatalAATTsuse.com- Use pkgconfig requires- Disable \"pretty\" make to make it bit faster- Fix the selfobsoleting provides/requires to silence rpmlint- Use valid group for the docs
* Wed Jun 22 2016 jengelhAATTinai.de- Resolve rpmlint warnings of type \"version-control-internal-file\"
* Tue Jun 21 2016 zawel1AATTgmail.com- Update to 3.1.3
* bug fixes + memcpy used on overlapping memory regions causes sanity test failure + Typo in XMLUni::fgUnknownURIName constant + Buffer overruns in prolog parsing and error handling- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream.
* Thu Jun 16 2016 pjanouchAATTsuse.de- added xerces-c-CVE-2016-2099.patch Exception handling mistake causing use after free (bsc#979208, CVE-2016-2099)- xerces-c-CVE-2016-0729.patch Fix for mishandling certain kinds of malformed input documents, resulting in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. (bsc#966822, CVE-2016-0729)
* Mon Sep 28 2015 mpluskalAATTsuse.com- Update to 3.1.2
* bug fixes + Wrong temporary token type causes regex construction to fail + IGXMLScanner can fail to properly set its XSModel. + ICUTransService and IconvGNUransService CAN NOT deal with huge file. + xsi:type is not applied to root element + Problem in prefix parsing while creating Documnet, Element, Attributes on all platforms : Issue is in poolString creation + Whitespace in xsi:type + XMLUTF8Transcoder::transcodeTo fails with an exception when transcoding single characters that require 3 or more bytes as UTF8. + getWholeText leaks memory + Missing Libs.private in the xerces-c pkg-config file + XMLUni::fgXercesLoadSchema[] is not null-terminated in XMLUni.cpp + XMLURL.cpp: isHexDigit() and xlatHexDigit() accept whole alphabet + Xerces livelocks while reading external DTD if socket closes prematurely + Memory leak occurs if an exception is thrown in TranscodeToStr or TranscodeFromStr constructors + DOMDocumentImpl:: getPooledNString(const XMLCh
*in, XMLSize_t n) returns incorrect string + OutOfMemoryException being thrown on creation of an LS Serializer + TranscodeToStr::transcode throws an exception when transcoding to UTF-8 + ContentSpecNode::getMaxTotalRange: Operator precedence flaw + Add support for GNU/Hurd by using POSIX.1-2001 and POSIX.1-2008 functions + enumeration value ‘Loop’ not handled in switch src/SEnumVal/SEnumVal.cpp: + bit operation error in DOMNodeImpl::reverseTreeOrderBitPattern + build xerces-c with icu on mingw gcc 4.7.2 + Xerces 3.1.1 Xerces.Lib fails to build with new Visual Studio 2012 Update 1 when v110_xp platform is chosen + Off-by-one error in TranscodeFromStr (with ICU) + Use icu, which is built with features + LocalFileFormatTarget leaks file handle + Curl Checking + Janitor::~Janitor() throws in unwind + String pooling in DOMDocumentImpl is unsafe, particularly on 64-bit platforms + Code analysis revealed multiple potential NULL derefence conditions (currently unconfirmed) + XMLString sizeToText/binToText produce mixed case + Crash while parsing malformed documents
* improvements + MacOSUnicodeConverter.cpp: ISO C++ forbids comparison between pointer of type \'void
*\' and pointer-to-function + Allow compiling Xerces-C using C++11 (especially Clang) + VS2012 Project
* Thu Feb 19 2015 mpluskalAATTsuse.com- Use url for source- Add gpg signature- Use fdupes to remove duplicities in documentation- Split documentation into separate package- Use curl as netaccessor, necessary for proxy support