File xerces-c.changes of Package xerces-c.35692
-------------------------------------------------------------------
Wed Sep 11 19:00:38 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>
- Enable gnuiconv transcoder, permanent fix for bsc#1223088. 
-------------------------------------------------------------------
Fri Jan 19 15:43:29 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
- Update fix for CVE-2018-1311 with a proper fix from upstream
  * xerces-c-2018-1311.patch
-------------------------------------------------------------------
Sat Nov 18 03:55:14 UTC 2023 - Martin Schreiner <martin.schreiner@suse.com>
- Fix CVE-2023-37536: an integer overflow could potentially lead to
  out-of-bounds memory accesses (bsc#1216156).
  * Add xerces-c-CVE-2023-37536.patch.
-------------------------------------------------------------------
Mon Aug 23 14:42:28 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2018-1311 the XML parser contains a use-after-free triggered
  during the scanning of external DTDs potentially leading to DOS
  (bsc#1159552, CVE-2018-1311)
  * xerces-c-CVE-2018-1311.patch
-------------------------------------------------------------------
Thu Sep 27 06:59:11 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
- Add patch to fix CVE-2017-12627 bsc#1083630
  * xerces-c-CVE-2017-12627.patch
-------------------------------------------------------------------
Tue Jul  5 11:59:36 UTC 2016 - tchvatal@suse.com
- Version update to 3.1.4:
  * Fixes bnc#985860 CVE-2016-4463
  * xerces-c-CVE-2016-2099.patch removed as it was included upstream
-------------------------------------------------------------------
Mon Jun 27 12:07:47 UTC 2016 - tchvatal@suse.com
- Use pkgconfig requires
- Disable "pretty" make to make it bit faster
- Fix the selfobsoleting provides/requires to silence rpmlint
- Use valid group for the docs
-------------------------------------------------------------------
Wed Jun 22 14:02:13 UTC 2016 - jengelh@inai.de
- Resolve rpmlint warnings of type "version-control-internal-file"
-------------------------------------------------------------------
Mon Jun 21 11:00:01 CEST 2016 - zawel1@gmail.com
- Update to 3.1.3
  * bug fixes
    + memcpy used on overlapping memory regions causes sanity test failure
    + Typo in XMLUni::fgUnknownURIName constant
    + Buffer overruns in prolog parsing and error handling
- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream.
-------------------------------------------------------------------
Thu Jun 16 15:43:53 UTC 2016 - pjanouch@suse.de
- added xerces-c-CVE-2016-2099.patch
  Exception handling mistake causing use after free
  (bsc#979208, CVE-2016-2099)
- xerces-c-CVE-2016-0729.patch
  Fix for mishandling certain kinds of malformed input documents,
  resulting in buffer overlows during processing and error reporting.
  The overflows can manifest as a segmentation fault or as memory
  corruption during a parse operation. (bsc#966822, CVE-2016-0729)
-------------------------------------------------------------------
Mon Sep 28 16:19:17 UTC 2015 - mpluskal@suse.com
- Update to 3.1.2
  * bug fixes
    + Wrong temporary token type causes regex construction to fail
    + IGXMLScanner can fail to properly set its XSModel.
    + ICUTransService and IconvGNUransService CAN NOT deal with 
      huge file.
    + xsi:type is not applied to root element
    + Problem in prefix parsing while creating Documnet, Element, 
      Attributes on all platforms : Issue is in poolString creation
    + Whitespace in xsi:type 
    + XMLUTF8Transcoder::transcodeTo fails with an exception when 
      transcoding single characters that require 3 or more bytes as 
      UTF8.
    + getWholeText leaks memory
    + Missing Libs.private in the xerces-c pkg-config file
    + XMLUni::fgXercesLoadSchema[] is not null-terminated in 
      XMLUni.cpp
    + XMLURL.cpp: isHexDigit() and xlatHexDigit() accept whole 
      alphabet
    + Xerces livelocks while reading external DTD if socket closes 
      prematurely
    + Memory leak occurs if an exception is thrown in 
      TranscodeToStr or TranscodeFromStr constructors
    + DOMDocumentImpl:: getPooledNString(const XMLCh *in, 
      XMLSize_t n) returns incorrect string
    + OutOfMemoryException being thrown on creation of an LS 
      Serializer
    + TranscodeToStr::transcode throws an exception when 
      transcoding to UTF-8
    + ContentSpecNode::getMaxTotalRange: Operator precedence 
      flaw
    + Add support for GNU/Hurd by using POSIX.1-2001 and 
      POSIX.1-2008 functions
    + enumeration value ‘Loop’ not handled in switch 
      src/SEnumVal/SEnumVal.cpp:
    + bit operation error in DOMNodeImpl::reverseTreeOrderBitPattern
    + build xerces-c with icu on mingw gcc 4.7.2
    + Xerces 3.1.1 Xerces.Lib fails to build with new Visual 
      Studio 2012 Update 1 when v110_xp platform is chosen
    + Off-by-one error in TranscodeFromStr (with ICU)
    + Use icu, which is built with features
    + LocalFileFormatTarget leaks file handle
    + Curl Checking
    + Janitor<BinInputStream>::~Janitor() throws in unwind
    + String pooling in DOMDocumentImpl is unsafe, particularly on
      64-bit platforms
    + Code analysis revealed multiple potential NULL derefence 
      conditions (currently unconfirmed)
    + XMLString sizeToText/binToText produce mixed case
    + Crash while parsing malformed documents
  * improvements
    + MacOSUnicodeConverter.cpp: ISO C++ forbids comparison 
      between pointer of type 'void *' and pointer-to-function
    + Allow compiling Xerces-C using C++11 (especially Clang)
    + VS2012 Project
-------------------------------------------------------------------
Thu Feb 19 12:39:37 UTC 2015 - mpluskal@suse.com
- Use url for source
- Add gpg signature
- Use fdupes to remove duplicities in documentation
- Split documentation into separate package
- Use curl as netaccessor, necessary for proxy support
-------------------------------------------------------------------
Thu Dec 12 21:58:01 UTC 2013 - zaitor@opensuse.org
- Add baselib.conf in order to build -32Bit. 
-------------------------------------------------------------------
Sun Oct 20 21:38:44 UTC 2013 - hrvoje.senjan@gmail.com
- Disable sse2 instructions on non x86_64 arches, bnc#846539
-------------------------------------------------------------------
Fri Apr 13 17:58:48 UTC 2012 - behrisch@users.sourceforge.net
- updated to 3.1.1
  * Check that we have non-NULL host before trying to connect (XERCESC-1920). 
  * Recover from the mismatching start/end even count which may happen when we continue parsing an invalid document (XERCESC-1919). 
  * If the transcoder doesn't process any input, throw an exception (XERCESC-1916). 
  * Delay the recursive expansion of includes until the document fragment has been placed in the final location (XERCESC-1918). 
  * The code formatting a content model was skipping the cardinality indicators (*, +, ?) (XERCESC-1914). 
  * Fix a few bugs and memory leaks in XInclude code. 
  * Give proper name to 64-bit PDB file in static build (XERCESC-1907). 
  * Spelling fixes (XERCESC-1911). 
  * Don't include cpuid.h if we are using intrin.h (XERCESC-1912). 
  * Fix socket leak. 
  * Set scanner object on validation context. Needed during QName validation. Don't re-validate default/fixed values in preContentValidation when called from loadGrammar. This values are already validated in TraverseSchema. 
  * Remove explicit setting of prefix for cloned elements and attributes since it is done properly by the create*() functions (XERCESC-1913). 
  * Initializing unitialized variables in TranscodeToStr and TranscodeFromStr (#XERCESC-1858). 
  * Fixed a bug when transcoding small strings using TranscodeToStr (XERCESC-1858). 
-------------------------------------------------------------------
Sat Jan 28 22:15:56 UTC 2012 - jengelh@medozas.de
- Remove redundant tags/sections per specfile guideline suggestions
- Parallel building using %_smp_mflags
- Restore missing pkgconfig provides
-------------------------------------------------------------------
Wed Oct  7 15:04:42 CEST 2009 - prusnak@suse.cz
- fix provides and obsoletes [bnc#544957]
-------------------------------------------------------------------
Thu Aug 13 16:16:03 CEST 2009 - prusnak@suse.cz
- fix CVE-2009-1885 (CVE-2009-1885.patch) [bnc#530708]
-------------------------------------------------------------------
Tue Mar 10 13:04:32 CET 2009 - prusnak@suse.cz
- updated to 3.0.1
  * More robust handling of leading/trailing whitespaces (XERCESC-1838).
  * Minor documentation updates, including a fix for XERCESC-1848.
  * Add --disable-rpath configure option.
  * Remove class name from method declaration (XERCESC-1850).
  * Fix a bug in the socket and winsock net accessors when a redirection
    response does not contain a "Location" header.
  * Make XMLMutex use the correct MemoryManager when it closes it's mutex.
  * Documentation fixes (XERCESC-1841).
  * Backport fixes for memory leaks.
  * Alberto Massari  Force Borland projects to use CRLF EOL.
  * The wrong constructor was called, causing a memory leak (XERCESC-1840).
  * Fix memory leak (XERCESC-1834).
  * Update URLs in source code to point to the new pages.
-------------------------------------------------------------------
Tue Mar 10 11:23:16 CET 2009 - prusnak@suse.cz
- updated to 3.0.0
  * changes too numerous to list
- removed obsoleted patch:
  * lib64.patch
  * optflags.patch
-------------------------------------------------------------------
Mon Aug 18 13:46:40 CEST 2008 - prusnak@suse.cz
- add -DNDEBUG to opt_flags
-------------------------------------------------------------------
Mon Aug 18 00:57:38 CEST 2008 - ro@suse.de
- disable parallel build for now, breaks 
-------------------------------------------------------------------
Thu Aug 14 16:14:35 CEST 2008 - prusnak@suse.cz
- cleaned spec file (and renamed libXerces-c-28 to libXerces-c28)
-------------------------------------------------------------------
Mon Apr  7 18:41:17 CEST 2008 - zpetrova@suse.CZ
- update to version 2.8.0
  - this version should fix large number of bugs.
  - Exponential growth of memory block (from 16KB to 128KB) 
    that are allocated by the DOM heap.
  - The NODE_CLONED notification is now sent to each node's user data 
    handler when cloning the entire DOMDocument.
  - Allow whitespace-only nodes to be added as children of a DOMDocument.
  - When a node is cloned or imported the type information (PSVI)
    is also copied.
-------------------------------------------------------------------
Tue Dec 18 16:55:18 CET 2007 - zpetrova@suse.cz
- fixed Required field for libXerces-c-27
-------------------------------------------------------------------
Tue Aug  7 00:19:23 CEST 2007 - mrueckert@suse.de
- fixed file section for the devel package
- %post* scriptlets for ldconfig
-------------------------------------------------------------------
Mon Aug  6 22:12:13 CEST 2007 - mrueckert@suse.de
- added provides/obsoletes for the package rename 
-------------------------------------------------------------------
Mon Aug  6 09:45:51 CEST 2007 - zpetrova@suse.cz
- branch/rename package according to Share library guidelines.
-------------------------------------------------------------------
Wed Jan 25 21:34:03 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Jan 16 21:08:22 CET 2006 - zpetrova@suse.cz
- added -fno-strict-aliasing.
-------------------------------------------------------------------
Wed Jan 11 09:50:07 CET 2006 - zpetrova@suse.cz
- update to 2.7.0
-------------------------------------------------------------------
Fri Sep  9 11:30:56 CEST 2005 - zpetrova@suse.cz
- endelementfix.patch - namespace bug (#114685) 
-------------------------------------------------------------------
Tue Jan 11 15:38:15 CET 2005 - didge@suse.de
- update to 2.6.0
- build with icu libraries
- did some cleanup
-------------------------------------------------------------------
Thu Mar 18 16:34:05 CET 2004 - didge@suse.de
- fixed bug #36229 with patch, provided there 
-------------------------------------------------------------------
Mon Feb 23 12:11:31 CET 2004 - didge@suse.de
- update to 2.5.0
-------------------------------------------------------------------
Sat Jan 17 16:33:13 CET 2004 - meissner@suse.de
- added missing include to fix gcc3.4 build.
-------------------------------------------------------------------
Sun Jan  4 18:10:01 CET 2004 - nashif@suse.de
- update to 2.4.0
-------------------------------------------------------------------
Tue Aug 26 19:46:30 CEST 2003 - nashif@suse.de
- Reduced docs
-------------------------------------------------------------------
Sun Jul 27 16:49:28 CEST 2003 - nashif@suse.de
- update to version 2.3.0
-------------------------------------------------------------------
Tue May 27 22:59:54 CEST 2003 - nashif@suse.de
- Removed CVS files
-------------------------------------------------------------------
Fri May 16 05:11:33 CEST 2003 - nashif@suse.de
- update to version 2.2.0
-------------------------------------------------------------------
Mon Jan 20 05:57:41 CET 2003 - nashif@suse.de
- update to version 2.1.0
-------------------------------------------------------------------
Fri May 17 03:07:38 CEST 2002 - nashif@suse.de
- lib64 problems fixed: Now build on all architectures
-------------------------------------------------------------------
Wed May 15 07:25:48 CEST 2002 - nashif@suse.de
- Java not needed for build
-------------------------------------------------------------------
Fri Apr  5 15:37:50 CEST 2002 - nashif@suse.de
- Update to 1.70
-------------------------------------------------------------------
Tue Dec 11 13:30:21 CET 2001 - nashif@suse.de
-  Update to version 1.60
-------------------------------------------------------------------
Mon Oct 29 06:22:40 CET 2001 - nashif@suse.de
- Update to latest version: 1.5.2
- Among others, this release contains the following fixes and
  new features:
  - Schema support
  - DatatypeValidator support
  - XMLDeleterFor related functions and data are removed.
    Replace with XMLRegisterCleanup.
  - Various bug fixes related to runConfigure
  - Comment outside root element should also be reported.
  - Added U+0110 to XMLEBCDICTranscoder.cpp's "Unicode to IBM037"
    translation table.
  - Add "Base64::encode" for encoding binary data.
  - Performance: Use XMLBufBid instead of XMLBuffer directly for
    better performance.
-------------------------------------------------------------------
Mon Oct  1 07:35:08 CEST 2001 - nashif@suse.de
- Created sub-package doc
-------------------------------------------------------------------
Fri Aug 31 10:07:29 CEST 2001 - nashif@suse.de
- Update to version 1.5.1
- This release includes various bug fixes and Schema support
-------------------------------------------------------------------
Tue May  8 01:57:00 CEST 2001 - mfabian@suse.de
- bzip2 sources
-------------------------------------------------------------------
Tue Feb 27 15:29:13 MET 2001 - rolf@suse.de
- initial package 1.4.0 with devel subpackage