From 12446ffc4729e1aff5e24628dd485c38e5dc2533 Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Tue, 11 Oct 2022 14:23:04 +0300 Subject: Upgrade to 3.2.4 --- libxerces-c/README-DEV | 64 +++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) (limited to 'libxerces-c/README-DEV') diff --git a/libxerces-c/README-DEV b/libxerces-c/README-DEV index b27a7ef..5ac21cd 100644 --- a/libxerces-c/README-DEV +++ b/libxerces-c/README-DEV @@ -6,7 +6,7 @@ Symlink the required upstream files and provide our own implementations for auto-generated headers: $ ln -s ../upstream/LICENSE -$ ln -s ../../upstream/src/xercesc/{dom,framework,internal,parsers,sax,sax2,xinclude} \ +$ ln -s ../../upstream/src/xercesc/{dom,framework,parsers,sax,sax2,xinclude} \ xercesc/ $ ln -s ../../upstream/src/{stricmp,strnicmp}.{h,c} xercesc/ @@ -50,53 +50,53 @@ $ ln -s ../../../upstream/samples/src/PSVIWriter tests/psvi-writer/ We also apply the following patches: -- Fix of the use-after-free error (CVE-2018-1311) triggered during the - scanning of external DTDs (see https://security-tracker.debian.org/tracker/CVE-2018-1311 - for details). +1) Fix of the use-after-free error (CVE-2018-1311) triggered during the + scanning of external DTDs (see https://security-tracker.debian.org/tracker/CVE-2018-1311 + for details). - There is no upstream fix and only suggested mitigations, at time of this - writing (see https://issues.apache.org/jira/browse/XERCESC-2188 for - details). Thus, we mitigate the issue at the expense of a memory leak, as it - is done by Debian (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947431). + There is no upstream fix and only suggested mitigations, at time of this + writing (see https://issues.apache.org/jira/browse/XERCESC-2188 for + details). Thus, we mitigate the issue at the expense of a memory leak, as + it is done by Debian (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947431). - $ cp --remove-destination ../upstream/src/xercesc/internal/IGXMLScanner.cpp \ - xercesc/internal/ + $ cp --remove-destination ../upstream/src/xercesc/internal/IGXMLScanner.cpp \ + xercesc/internal/ - $ git apply xercesc/dtd-decl-use-after-free.patch + $ git apply xercesc/dtd-decl-use-after-free.patch -- The explicit template instantiation declarations and definitions patch (see - xercesc/util/Xerces_autoconf_config.hpp for details): +2) The explicit template instantiation declarations and definitions patch (see + xercesc/util/Xerces_autoconf_config.hpp for details): - $ cp --remove-destination ../upstream/src/xercesc/util/{Janitor.hpp,JanitorExports.cpp} \ - xercesc/util/ + $ cp --remove-destination ../upstream/src/xercesc/util/{Janitor.hpp,JanitorExports.cpp} \ + xercesc/util/ - $ git apply xercesc/export-template-instantiations.patch + $ git apply xercesc/export-template-instantiations.patch -- The inline functions definition/usage order change to prevent MinGW GCC - from complaining when compile code that uses libxerces-c: +3) The inline functions definition/usage order change to prevent MinGW GCC + from complaining when compile code that uses libxerces-c: - $ cp --remove-destination ../upstream/src/xercesc/util/KVStringPair.hpp \ - xercesc/util/ + $ cp --remove-destination ../upstream/src/xercesc/util/KVStringPair.hpp \ + xercesc/util/ - $ git apply xercesc/inline-funcs-def-usage-order.patch + $ git apply xercesc/inline-funcs-def-usage-order.patch -- Patch source files, so that they are properly UTF-8-encoded: +4) Patch source files, so that they are properly UTF-8-encoded: - $ cp --remove-destination ../upstream/src/xercesc/validators/schema/TraverseSchema.cpp \ - xercesc/validators/schema/ + $ cp --remove-destination ../upstream/src/xercesc/validators/schema/TraverseSchema.cpp \ + xercesc/validators/schema/ - $ cp --remove-destination ../upstream/src/xercesc/util/XMLFloat.cpp \ - xercesc/util/ + $ cp --remove-destination ../upstream/src/xercesc/util/XMLFloat.cpp \ + xercesc/util/ - $ git apply xercesc/utf-8.patch + $ git apply xercesc/utf-8.patch -- Patch of the net accessor test, which by some reason exits with the zero - status printing the diagnostics to stdout for some errors: +5) Patch of the net accessor test, which by some reason exits with the zero + status printing the diagnostics to stdout for some errors: - $ cp ../upstream/tests/src/NetAccessorTest/NetAccessorTest.cpp \ - tests/net-accessor/ + $ cp ../upstream/tests/src/NetAccessorTest/NetAccessorTest.cpp \ + tests/net-accessor/ - $ git apply tests/net-accessor/handle-exception-as-error.patch + $ git apply tests/net-accessor/handle-exception-as-error.patch Note that the above patches are produced by the following commands: -- cgit v1.1