commit xmltooling for openSUSE:Factory
Hello community,
here is the log from the commit of package xmltooling for openSUSE:Factory checked in at 2018-02-28 20:03:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xmltooling (Old)
and /work/SRC/openSUSE:Factory/.xmltooling.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xmltooling"
Wed Feb 28 20:03:13 2018 rev:9 rq:580972 version:1.6.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/xmltooling/xmltooling.changes 2018-01-22 16:21:34.325364393 +0100
+++ /work/SRC/openSUSE:Factory/.xmltooling.new/xmltooling.changes 2018-02-28 20:03:16.338790530 +0100
@@ -1,0 +2,7 @@
+Wed Feb 28 11:13:56 UTC 2018 - kstreitova@suse.com
+
+- update to 1.6.4
+ * [CPPXT-128] - Additional nodes can be added to XML without
+ breaking signature [bsc#1083247] [CVE-2018-0489]
+
+-------------------------------------------------------------------
Old:
----
xmltooling-1.6.3.tar.bz2
xmltooling-1.6.3.tar.bz2.asc
New:
----
xmltooling-1.6.4.tar.bz2
xmltooling-1.6.4.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xmltooling.spec ++++++
--- /var/tmp/diff_new_pack.iXUG3C/_old 2018-02-28 20:03:18.186723668 +0100
+++ /var/tmp/diff_new_pack.iXUG3C/_new 2018-02-28 20:03:18.210722800 +0100
@@ -19,7 +19,7 @@
%define opensaml_version 2.6.1
%define pkgdocdir %{_docdir}/%{name}
Name: xmltooling
-Version: 1.6.3
+Version: 1.6.4
Release: 0
Summary: OpenSAML XML library
License: Apache-2.0
++++++ xmltooling-1.6.3.tar.bz2 -> xmltooling-1.6.4.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.3/config_win32.h new/xmltooling-1.6.4/config_win32.h
--- old/xmltooling-1.6.3/config_win32.h 2018-01-11 21:46:39.000000000 +0100
+++ new/xmltooling-1.6.4/config_win32.h 2018-02-20 02:11:58.000000000 +0100
@@ -117,13 +117,13 @@
#define PACKAGE_NAME "xmltooling"
/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "xmltooling 1.6.3"
+#define PACKAGE_STRING "xmltooling 1.6.4"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "xmltooling"
/* Define to the version of this package. */
-#define PACKAGE_VERSION "1.6.3"
+#define PACKAGE_VERSION "1.6.4"
/* Define to the necessary symbol if this constant uses a non-standard name on
your system. */
@@ -136,7 +136,7 @@
/* #undef TM_IN_SYS_TIME */
/* Version number of package */
-#define VERSION "1.6.3"
+#define VERSION "1.6.4"
/* Define if you wish to disable XML-Security-dependent features. */
/* #undef XMLTOOLING_NO_XMLSEC */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.3/configure new/xmltooling-1.6.4/configure
--- old/xmltooling-1.6.3/configure 2018-01-11 21:47:04.000000000 +0100
+++ new/xmltooling-1.6.4/configure 2018-02-20 02:13:17.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for xmltooling 1.6.3.
+# Generated by GNU Autoconf 2.69 for xmltooling 1.6.4.
#
# Report bugs to https://issues.shibboleth.net/.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='xmltooling'
PACKAGE_TARNAME='xmltooling'
-PACKAGE_VERSION='1.6.3'
-PACKAGE_STRING='xmltooling 1.6.3'
+PACKAGE_VERSION='1.6.4'
+PACKAGE_STRING='xmltooling 1.6.4'
PACKAGE_BUGREPORT='https://issues.shibboleth.net/'
PACKAGE_URL=''
@@ -1413,7 +1413,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures xmltooling 1.6.3 to adapt to many kinds of systems.
+\`configure' configures xmltooling 1.6.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1483,7 +1483,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of xmltooling 1.6.3:";;
+ short | recursive ) echo "Configuration of xmltooling 1.6.4:";;
esac
cat <<\_ACEOF
@@ -1619,7 +1619,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-xmltooling configure 1.6.3
+xmltooling configure 1.6.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2354,7 +2354,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by xmltooling $as_me 1.6.3, which was
+It was created by xmltooling $as_me 1.6.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3219,7 +3219,7 @@
# Define the identity of the package.
PACKAGE='xmltooling'
- VERSION='1.6.3'
+ VERSION='1.6.4'
cat >>confdefs.h <<_ACEOF
@@ -21695,7 +21695,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by xmltooling $as_me 1.6.3, which was
+This file was extended by xmltooling $as_me 1.6.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -21761,7 +21761,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-xmltooling config.status 1.6.3
+xmltooling config.status 1.6.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.3/configure.ac new/xmltooling-1.6.4/configure.ac
--- old/xmltooling-1.6.3/configure.ac 2018-01-11 21:46:39.000000000 +0100
+++ new/xmltooling-1.6.4/configure.ac 2018-02-20 02:11:58.000000000 +0100
@@ -1,6 +1,6 @@
# Process this file with autoreconf
AC_PREREQ([2.50])
-AC_INIT([xmltooling],[1.6.3],[https://issues.shibboleth.net/],[xmltooling])
+AC_INIT([xmltooling],[1.6.4],[https://issues.shibboleth.net/],[xmltooling])
AC_CONFIG_SRCDIR(xmltooling)
AC_CONFIG_AUX_DIR(build-aux)
AC_CONFIG_MACRO_DIR(m4)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.3/xmltooling/AbstractComplexElement.cpp new/xmltooling-1.6.4/xmltooling/AbstractComplexElement.cpp
--- old/xmltooling-1.6.3/xmltooling/AbstractComplexElement.cpp 2018-01-11 21:46:39.000000000 +0100
+++ new/xmltooling-1.6.4/xmltooling/AbstractComplexElement.cpp 2018-02-20 02:14:23.000000000 +0100
@@ -102,5 +102,19 @@
m_text.push_back(nullptr);
++size;
}
- m_text[position] = prepareForAssignment(m_text[position], value);
+
+ // Merge if necessary.
+ if (value && *value) {
+ if (!m_text[position] || !*m_text[position]) {
+ m_text[position] = prepareForAssignment(m_text[position], value);
+ }
+ else {
+ XMLSize_t initialLen = XMLString::stringLen(m_text[position]);
+ XMLCh* merged = new XMLCh[initialLen + XMLString::stringLen(value) + 1];
+ auto_arrayptr<XMLCh> janitor(merged);
+ XMLString::copyString(merged, m_text[position]);
+ XMLString::catString(merged + initialLen, value);
+ m_text[position] = prepareForAssignment(m_text[position], merged);
+ }
+ }
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.3/xmltooling/AbstractSimpleElement.cpp new/xmltooling-1.6.4/xmltooling/AbstractSimpleElement.cpp
--- old/xmltooling-1.6.3/xmltooling/AbstractSimpleElement.cpp 2018-01-11 21:46:33.000000000 +0100
+++ new/xmltooling-1.6.4/xmltooling/AbstractSimpleElement.cpp 2018-02-20 02:14:23.000000000 +0100
@@ -77,12 +77,18 @@
if (position > 0)
throw XMLObjectException("Cannot set text content in simple element at position > 0.");
- // We overwrite the "one" piece of Text content if:
- // - the new value is null
- // - there is no existing value
- // - the old value is all whitespace
- // If there's a non-whitespace value set, we leave it alone unless we're clearing it with a null.
-
- if (!value || !m_value || XMLChar1_0::isAllSpaces(m_value, XMLString::stringLen(m_value)))
- m_value=prepareForAssignment(m_value, value);
+ // Merge if necessary.
+ if (value && *value) {
+ if (!m_value || !*m_value) {
+ m_value = prepareForAssignment(m_value, value);
+ }
+ else {
+ XMLSize_t initialLen = XMLString::stringLen(m_value);
+ XMLCh* merged = new XMLCh[initialLen + XMLString::stringLen(value) + 1];
+ auto_arrayptr<XMLCh> janitor(merged);
+ XMLString::copyString(merged, m_value);
+ XMLString::catString(merged + initialLen, value);
+ m_value = prepareForAssignment(m_value, merged);
+ }
+ }
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.3/xmltooling/Makefile.am new/xmltooling-1.6.4/xmltooling/Makefile.am
--- old/xmltooling-1.6.3/xmltooling/Makefile.am 2018-01-11 21:46:39.000000000 +0100
+++ new/xmltooling-1.6.4/xmltooling/Makefile.am 2018-02-20 02:11:58.000000000 +0100
@@ -206,13 +206,13 @@
libxmltooling_lite_la_SOURCES = \
${common_sources}
libxmltooling_lite_la_CPPFLAGS = -DXMLTOOLING_LITE
-libxmltooling_lite_la_LDFLAGS = -version-info 7:2:0
+libxmltooling_lite_la_LDFLAGS = -version-info 7:4:0
if BUILD_XMLSEC
libxmltooling_la_SOURCES = \
${common_sources} \
${xmlsec_sources}
-libxmltooling_la_LDFLAGS = $(XMLSEC_LIBS) -version-info 7:2:0
+libxmltooling_la_LDFLAGS = $(XMLSEC_LIBS) -version-info 7:4:0
endif
install-exec-hook:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.3/xmltooling/Makefile.in new/xmltooling-1.6.4/xmltooling/Makefile.in
--- old/xmltooling-1.6.3/xmltooling/Makefile.in 2018-01-11 21:47:06.000000000 +0100
+++ new/xmltooling-1.6.4/xmltooling/Makefile.in 2018-02-20 02:13:18.000000000 +0100
@@ -727,12 +727,12 @@
${common_sources}
libxmltooling_lite_la_CPPFLAGS = -DXMLTOOLING_LITE
-libxmltooling_lite_la_LDFLAGS = -version-info 7:2:0
+libxmltooling_lite_la_LDFLAGS = -version-info 7:4:0
@BUILD_XMLSEC_TRUE@libxmltooling_la_SOURCES = \
@BUILD_XMLSEC_TRUE@ ${common_sources} \
@BUILD_XMLSEC_TRUE@ ${xmlsec_sources}
-@BUILD_XMLSEC_TRUE@libxmltooling_la_LDFLAGS = $(XMLSEC_LIBS) -version-info 7:2:0
+@BUILD_XMLSEC_TRUE@libxmltooling_la_LDFLAGS = $(XMLSEC_LIBS) -version-info 7:4:0
EXTRA_DIST = \
config_pub.h.in \
config_pub_win32.h\
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.3/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp new/xmltooling-1.6.4/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp
--- old/xmltooling-1.6.3/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp 2018-01-11 21:46:33.000000000 +0100
+++ new/xmltooling-1.6.4/xmltooling/io/AbstractXMLObjectUnmarshaller.cpp 2018-02-20 02:14:23.000000000 +0100
@@ -206,8 +206,9 @@
else if (childNode->getNodeType() == DOMNode::TEXT_NODE || childNode->getNodeType() == DOMNode::CDATA_SECTION_NODE) {
m_log.debug("processing text content at position (%d)", position);
setTextContent(childNode->getNodeValue(), position);
- } else if (childNode->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE || childNode->getNodeType() == DOMNode::ENTITY_NODE) {
- throw UnmarshallingException("Unmarshaller found Entity/Reference node.");
+ }
+ else if (childNode->getNodeType() != DOMNode::ATTRIBUTE_NODE) {
+ throw UnmarshallingException("Unmarshaller found unsupported node type.");
}
childNode = childNode->getNextSibling();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmltooling-1.6.3/xmltooling/util/ParserPool.cpp new/xmltooling-1.6.4/xmltooling/util/ParserPool.cpp
--- old/xmltooling-1.6.3/xmltooling/util/ParserPool.cpp 2018-01-11 21:46:39.000000000 +0100
+++ new/xmltooling-1.6.4/xmltooling/util/ParserPool.cpp 2018-02-20 02:15:15.000000000 +0100
@@ -419,6 +419,7 @@
parser->getDomConfig()->setParameter(XMLUni::fgDOMResourceResolver, dynamic_cast
participants (1)
-
root@hilbert.suse.de