Mailinglist Archive: opensuse-commit (794 mails)
| < Previous | Next > |
commit xerces-j2 for openSUSE:Factory
- From: root@xxxxxxxxxxxxxxx (h_root)
- Date: Wed, 02 Sep 2009 18:28:10 +0200
- Message-id: <20090902162810.6D99E6482@xxxxxxxxxxxxxxx>
Hello community,
here is the log from the commit of package xerces-j2 for openSUSE:Factory
checked in at Wed Sep 2 18:28:10 CEST 2009.
--------
--- xerces-j2/xerces-j2-bootstrap.changes 2008-01-28 16:59:54.000000000
+0100
+++ xerces-j2/xerces-j2-bootstrap.changes 2009-08-18 08:49:27.000000000
+0200
@@ -1,0 +2,5 @@
+Mon Aug 17 11:46:39 UTC 2009 - mvyskocil@xxxxxxx
+
+- fixed bnc#530717: VUL-0: xerces-j2: XML parsing vulnerability
+
+-------------------------------------------------------------------
--- xerces-j2/xerces-j2.changes 2008-11-12 12:23:15.000000000 +0100
+++ xerces-j2/xerces-j2.changes 2009-08-18 08:49:29.000000000 +0200
@@ -1,0 +2,9 @@
+Mon Aug 17 11:44:46 UTC 2009 - mvyskocil@xxxxxxx
+
+- fixed bnc#530717: VUL-0: xerces-j2: XML parsing vulnerability
+- Removed non used patch xerces-build.patch
+- Fixed some rpmlint warnings and errors
+- Removed javadoc postinstall scripts
+- Removed %%release from subpackages requires
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
xerces-j2-parsing.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xerces-j2-bootstrap.spec ++++++
--- /var/tmp/diff_new_pack.r4kXxO/_old 2009-09-02 18:27:09.000000000 +0200
+++ /var/tmp/diff_new_pack.r4kXxO/_new 2009-09-02 18:27:09.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package xerces-j2-bootstrap (Version 2.8.1)
#
-# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -34,16 +34,19 @@
Summary: Java XML parser
Group: Development/Libraries/Java
Version: 2.8.1
-Release: 238
+Release: 239
Requires: xml-commons-which-bootstrap
Requires: xml-commons-apis-bootstrap
Requires: xml-commons-resolver-bootstrap
-License: The Apache Software License
+License: Apache Software License ..
Group: Development/Libraries/Java
AutoReqProv: on
Source0: Xerces-J-src.%{version}.tar.bz2
Patch0: xerces-j2-gcj-switch-constants-bug.patch
Patch1: xerces-build.patch
+#PATCH-FIX-UPSTREAM bnc#530717
+#http://svn.apache.org/viewvc?view=rev&revision=787352
+Patch3: xerces-j2-parsing.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
#BuildArchitectures: noarch
#ExclusiveArch: %ix86
@@ -78,6 +81,7 @@
%setup -n xerces-%{xerces_version_cvs}
%patch0
%patch1
+%patch3 -p1 -b .parsing
#<<<
#>>> %build
@@ -87,6 +91,7 @@
TARGET_DIR=`pwd`
CLASSPATH_ORIG="$CLASSPATH"
LIB_GCJ="`ls %{_javadir}/libgcj-*.jar`"
+export GC_MAXIMUM_HEAP_SIZE="134217728"
#>>> delete binary file and files not needed
function delBinaryFiles() {
set +x
++++++ xerces-j2.spec ++++++
--- /var/tmp/diff_new_pack.r4kXxO/_old 2009-09-02 18:27:09.000000000 +0200
+++ /var/tmp/diff_new_pack.r4kXxO/_new 2009-09-02 18:27:09.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package xerces-j2 (Version 2.8.1)
#
-# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,18 +26,20 @@
%define release 3jpp
%define section free
Version: 2.8.1
-Release: 198
+Release: 199
Summary: Java XML parser
-License: The Apache Software License
+License: Apache Software License ..
Url: http://xml.apache.org/xerces2-j/
Group: Development/Libraries/Java
Source0: Xerces-J-src.%{version}.tar.bz2
Source1: %{name}-version.sh
Source2: %{name}-constants.sh
Source3: Xerces-J-tools.%{version}.tar.bz2
-Patch0: %{name}-build.patch
Patch1: java150_build.patch
Patch2: %{name}-%{version}_new_unsupported_dom_methods.patch
+#PATCH-FIX-UPSTREAM bnc#530717
+#http://svn.apache.org/viewvc?view=rev&revision=787352
+Patch3: xerces-j2-parsing.patch
Provides: jaxp_parser_impl
PreReq: update-alternatives /bin/ln
# some build requirements removed to enable jpackage bootstrap. this is
@@ -69,7 +71,7 @@
%package javadoc-impl
-License: The Apache Software License
+License: Apache Software License ..
Summary: Javadoc for xerces-j2 implementation
Group: Development/Libraries/Java
PreReq: coreutils
@@ -100,7 +102,7 @@
%package javadoc-apis
-License: The Apache Software License
+License: Apache Software License ..
Summary: Javadoc for xerces-j2 apis
Group: Development/Libraries/Java
PreReq: coreutils
@@ -130,8 +132,8 @@
%package javadoc-dom3
-License: The Apache Software License
-Summary: Javadoc for xerces-j2 DOM3.
+License: Apache Software License ..
+Summary: Javadoc for xerces-j2 DOM3
Group: Development/Libraries/Java
PreReq: coreutils
@@ -160,8 +162,8 @@
%package javadoc-xni
-License: The Apache Software License
-Summary: Javadoc for xerces-j2 XNI.
+License: Apache Software License ..
+Summary: Javadoc for xerces-j2 XNI
Group: Development/Libraries/Java
PreReq: coreutils
@@ -190,8 +192,8 @@
%package javadoc-other
-License: The Apache Software License
-Summary: Javadoc for other xerces-j2 components.
+License: Apache Software License ..
+Summary: Javadoc for other xerces-j2 components
Group: Development/Libraries/Java
PreReq: coreutils
@@ -221,10 +223,10 @@
%package demo
-License: The Apache Software License
-Summary: Demonstration and sample files for xerces-j2.
+License: Apache Software License ..
+Summary: Demonstration and sample files for xerces-j2
Group: Development/Libraries/Java
-Requires: %{name} = %{version}-%{release}
+Requires: %{name} = %{version}
%description demo
Welcome to the future! Xerces2 is the next generation of high
@@ -251,10 +253,10 @@
%package scripts
-License: The Apache Software License
-Summary: Additional utility scripts for xerces-j2.
+License: Apache Software License ..
+Summary: Additional utility scripts for xerces-j2
Group: Development/Libraries/Java
-Requires: %{name} = %{version}-%{release}
+Requires: %{name} = %{version}
Requires: jpackage-utils >= 1.5
%description scripts
@@ -282,7 +284,7 @@
%package xml-resolver
-License: The Apache Software License
+License: Apache Software License ..
Summary: Resolver subproject of xml-commons
Group: Development/Libraries/Java
Requires: jpackage-utils >= 1.5
@@ -300,7 +302,7 @@
%package xml-apis
-License: The Apache Software License
+License: Apache Software License ..
Summary: APIs subproject of xml-commons
Group: Development/Libraries/Java
Requires: jpackage-utils >= 1.5
@@ -325,19 +327,19 @@
%setup -q -n xerces-%{cvs_version}
%setup -q -T -a 3 -D -n xerces-%{cvs_version}
%setup -T -D -n xerces-%{cvs_version}
-#%patch0 -p1 -b .build
%patch1 -p1
%patch2 -p1
+%patch3 -p1 -b .parsing
%build
## this uses the ant.jar provided by the xerces packages. Tough luck,
# jpackage bootstrap has to start somewhere. It is not installed,
# though.
+export GC_MAXIMUM_HEAP_SIZE="134217728"
sh build.sh jars
sh build.sh javadocs
%install
-rm -rf $RPM_BUILD_ROOT
# jars
mkdir -p $RPM_BUILD_ROOT%{_javadir}
cp -p build/xercesImpl.jar $RPM_BUILD_ROOT%{_javadir}/%{name}-%{version}.jar
@@ -388,26 +390,6 @@
%clean
rm -rf $RPM_BUILD_ROOT
-%post javadoc-apis
-rm -f %{_javadocdir}/%{name}-apis
-ln -s %{name}-apis-%{version} %{_javadocdir}/%{name}-apis
-
-%post javadoc-dom3
-rm -f %{_javadocdir}/%{name}-dom3
-ln -s %{name}-dom3-%{version} %{_javadocdir}/%{name}-dom3
-
-%post javadoc-impl
-rm -f %{_javadocdir}/%{name}-impl
-ln -s %{name}-impl-%{version} %{_javadocdir}/%{name}-impl
-
-%post javadoc-other
-rm -f %{_javadocdir}/%{name}-other
-ln -s %{name}-other-%{version} %{_javadocdir}/%{name}-other
-
-%post javadoc-xni
-rm -f %{_javadocdir}/%{name}-xni
-ln -s %{name}-xni-%{version} %{_javadocdir}/%{name}-xni
-
%post
/usr/sbin/update-alternatives --install %{_javadir}/jaxp_parser_impl.jar
jaxp_parser_impl %{_javadir}/%{name}.jar 23
/usr/sbin/update-alternatives --auto jaxp_parser_impl
@@ -460,27 +442,27 @@
%files javadoc-impl
%defattr(0644,root,root,0755)
%doc %{_javadocdir}/%{name}-impl-%{version}
-%ghost %doc %{_javadocdir}/%{name}-impl
+%doc %{_javadocdir}/%{name}-impl
%files javadoc-apis
%defattr(0644,root,root,0755)
%doc %{_javadocdir}/%{name}-apis-%{version}
-%ghost %doc %{_javadocdir}/%{name}-apis
+%doc %{_javadocdir}/%{name}-apis
%files javadoc-dom3
%defattr(0644,root,root,0755)
%doc %{_javadocdir}/%{name}-dom-%{version}
-%ghost %doc %{_javadocdir}/%{name}-dom
+%doc %{_javadocdir}/%{name}-dom
%files javadoc-other
%defattr(0644,root,root,0755)
%doc %{_javadocdir}/%{name}-other-%{version}
-%ghost %doc %{_javadocdir}/%{name}-other
+%doc %{_javadocdir}/%{name}-other
%files javadoc-xni
%defattr(0644,root,root,0755)
%doc %{_javadocdir}/%{name}-xni-%{version}
-%ghost %doc %{_javadocdir}/%{name}-xni
+%doc %{_javadocdir}/%{name}-xni
%files demo
%defattr(0644,root,root,0755)
++++++ xerces-j2-parsing.patch ++++++
Index: xerces-2_8_1/src/org/apache/xerces/impl/XMLScanner.java
===================================================================
--- xerces-2_8_1.orig/src/org/apache/xerces/impl/XMLScanner.java
2006-09-14 03:23:36.000000000 +0200
+++ xerces-2_8_1/src/org/apache/xerces/impl/XMLScanner.java 2009-08-17
12:02:22.811296491 +0200
@@ -1026,6 +1026,14 @@
if (XMLChar.isMarkup(c) || c == ']') {
fStringBuffer.append((char)fEntityScanner.scanChar());
}
+ else if (XMLChar.isHighSurrogate(c)) {
+ scanSurrogates(fStringBuffer);
+ }
+ else if (isInvalidLiteral(c)) {
+ reportFatalError("InvalidCharInSystemID",
+ new Object[] { Integer.toHexString(c) });
+ fEntityScanner.scanChar();
+ }
} while (fEntityScanner.scanLiteral(quote, ident) != quote);
fStringBuffer.append(ident);
ident = fStringBuffer;
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx
| < Previous | Next > |