xerces-c (3.2.4+debian-1.2) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1063272 -- Steve Langasek Thu, 29 Feb 2024 07:28:56 +0000 xerces-c (3.2.4+debian-1.1) unstable; urgency=medium * Non-maintainer upload. * Backport upstream patches from 3.2.5: + Fix NetAccessorTest to exit with non-zero status in case of error. + Fix CVE-2018-1311: Use-after-free on external DTD scan. This replaces RedHat's mitigation patch (which had a memory leak). Closes: #947431 -- Guilhem Moulin Thu, 28 Dec 2023 21:17:42 +0100 xerces-c (3.2.4+debian-1) unstable; urgency=medium [ Debian Janitor ] * Update lintian override info format in d/libxerces-c-samples.lintian-overrides on line 2. * Re-export upstream signing key without extra signatures. * Set upstream metadata fields: Repository-Browse. * Update standards version to 4.6.1, no changes needed. [ William Blough ] * New upstream version 3.2.4+debian * Refreshed patches * Fix FTBFS when cross-building. Closes: #982039 -- William Blough Sun, 25 Dec 2022 21:24:54 -0500 xerces-c (3.2.3+debian-3) unstable; urgency=medium * Fix MemHandlerTest1 on 32-bit systems to compensate for CVE-2018-1311 fix -- William Blough Mon, 14 Dec 2020 11:43:13 -0500 xerces-c (3.2.3+debian-2) unstable; urgency=medium [ Sylvain Beucler ] * CVE-2018-1311 mitigation: fix use-after-free vulnerability when processing external DTD, at the expense of a memory leak. Users may mitigate both by setting the XERCES_DISABLE_DTD environment variable. [ William Blough ] * Update d/watch to v4 * Update standards version to 4.5.1 (no changes) -- William Blough Fri, 11 Dec 2020 11:22:23 -0500 xerces-c (3.2.3+debian-1) unstable; urgency=medium * New upstream version 3.2.3+debian -- William Blough Sat, 11 Apr 2020 15:34:02 -0400 xerces-c (3.2.2+debian-3) unstable; urgency=medium * Bump version for source-only upload -- William Blough Sun, 22 Mar 2020 14:31:48 -0400 xerces-c (3.2.2+debian-2) unstable; urgency=medium [ Debian Janitor ] * Drop unnecessary dependency on dh-autoreconf. [ William Blough ] * Move Java-related Build-Depends (for docs) to Build-Depends-Indep. Closes: 947899 * Remove optimization bug workaround for s390x, since the bug no longer appears to be present. Closes: 833754 * Update standards to 4.5.0 (no changes) * Build-Depend on debhelper-compat instead of using debian/compat * Update to debhelper 12 * Add a simple autopkgtest to verify that programs using xerces-c can be built. * Mark -doc package as Multi-Arch: foreign * Mark -dev package as Multi-Arch: same -- William Blough Tue, 17 Mar 2020 17:05:41 -0400 xerces-c (3.2.2+debian-1) unstable; urgency=medium * New upstream version 3.2.2+debian Closes: 909202 * Add gbp.conf * Update VCS URLs * Update maintainer email * Remove duplicate VCS URL * Update standards to 4.2.1 (no changes needed) -- William Blough Wed, 19 Sep 2018 15:19:49 -0400 xerces-c (3.2.1+debian-2) unstable; urgency=medium * Fixes regression related to SSE2 detection/support, which causes a baseline violation on i386. Closes: 895068 * Update to policy 4.1.4 (no changes) * Update to debhelper compat 11 * Simplify installation of NOTICE files -- William Blough Thu, 26 Apr 2018 01:02:02 -0400 xerces-c (3.2.1+debian-1) unstable; urgency=medium * New upstream release. Closes: 891841 Fixes CVE-2017-12627 Closes: 894050 * Update to policy 4.1.3 (no changes) * Remove patch that was applied upstream * Lintian fixes: - remove trailing whitespace in changelog - install NOTICE file - change watch file to use https -- William Blough Wed, 28 Mar 2018 17:56:05 -0400 xerces-c (3.2.0+debian-2) unstable; urgency=medium * Upload to unstable -- William Blough Fri, 10 Nov 2017 14:04:36 -0500 xerces-c (3.2.0+debian-1) experimental; urgency=medium * New upstream version * Update to policy 4.1.1 - Change d/copyright Format URL to use https * Remove patches that have been applied upstream * Set dh compat to 10 * Patch: Fix test failures for parallel builds (forwarded) -- William Blough Thu, 12 Oct 2017 01:49:25 -0400 xerces-c (3.1.4+debian-2) unstable; urgency=medium * Fix AC_LANG_SOURCE warnings. * Override dh_auto_clean to also clean generated doc directory. Closes: 847799 * Fix segfault in PSVIWriter. Closes: 715592 * Use -O1 on s390x to work around Bug: 833754 * Add hardening=+all build option * Remove lintian override that was no longer needed -- William Blough Sun, 11 Dec 2016 14:38:45 -0500 xerces-c (3.1.4+debian-1) unstable; urgency=medium * New upstream release * Removed patches that are no longer needed (applied upstream) * Compile with curl support to allow accessing https urls. Closes: #821380 * Added patch to fix some compiler warnings (forwarded upstream) -- William Blough Mon, 07 Nov 2016 20:38:09 -0500 xerces-c (3.1.3+debian-2.1) unstable; urgency=medium * Non-maintainer upload. * CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD (Closes: #828990) * Enable the ability to disable DTD processing through the use of an env variable * Add NEWS.Debian entry to document the XERCES_DISABLE_DTD variable -- Salvatore Bonaccorso Fri, 01 Jul 2016 14:28:51 +0200 xerces-c (3.1.3+debian-2) unstable; urgency=medium * Fix CVE-2016-2099: Exception handling mistake in DTDScanner. Closes: #823863 * Update standards version to 3.9.8 (no changes needed) -- William Blough Tue, 10 May 2016 00:34:51 -0400 xerces-c (3.1.3+debian-1) unstable; urgency=medium * New upstream version. Fixes CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input. Closes: #815907 * Add build dependency on libatk-wrapper-java. Closes: #816021 * Updated standards version to 3.9.7 (no updates needed) * Lintian fixes d/copyright fix typo in filename fix duplicate license short name add .svn to excluded files -- William Blough Sat, 27 Feb 2016 00:48:56 -0500 xerces-c (3.1.2+debian-1) unstable; urgency=medium * New maintainer. Closes: #777698 * New upstream version * Update standards version to 3.9.6, no changes required. * Add watchfile and upstream signing key. Closes: #744092 Thanks to David Gilman for the patch * Remove redundant Build-dep entry (Lintian fix) * Removed HURD patch since it was applied upstream * Removed patch for CVE-2015-0252 since it was applied upstream * Add patch to fix memcpy undefined behavior (upstream bug XERCESC-2049) * Change from cdbs to dh * Added more info to doc package description (Lintian fix) * Change to DEP5 copyright format * Added lintian override for false positive (hardening) * Build docs from scratch * Repack upstream source to remove 3rd party libs and prebuilt docs per policy * Lintian cleanup - removed duplicate files, removed embedded jquery -- William Blough Mon, 12 Oct 2015 12:02:34 -0400 xerces-c (3.1.1-5.1) unstable; urgency=high * Non-maintainer upload. * Add CVE-2015-0252.patch patch. CVE-2015-0252: Apache Xerces-C XML parser crashes on malformed input. (Closes: #780827) -- Salvatore Bonaccorso Fri, 20 Mar 2015 19:40:31 +0100 xerces-c (3.1.1-5) unstable; urgency=medium * Apply upstream patch for PATH_MAX to enable compilation on GNU hurd. (Closes: #636568) -- Jay Berkenbilt Wed, 08 Jan 2014 15:48:01 -0500 xerces-c (3.1.1-4) unstable; urgency=low * Update standards version to 3.9.5. Opting for shlibs files because of C++ interface. No changes required. * Depend on dh-autoreconf. (Closes: #733024) -- Jay Berkenbilt Tue, 24 Dec 2013 20:59:37 -0500 xerces-c (3.1.1-3) unstable; urgency=low * Update standards version to 3.9.3. * Enable hardening flags * Multiarch -- Jay Berkenbilt Fri, 29 Jun 2012 21:15:58 -0400 xerces-c (3.1.1-2) unstable; urgency=low * Stop installing .la files since no reverse dependencies are using them anymore. (Closes: #657663) * Update standards version to 3.9.2. No changes required. -- Jay Berkenbilt Sat, 28 Jan 2012 10:15:59 -0500 xerces-c (3.1.1-1) unstable; urgency=low * New upstream release -- Jay Berkenbilt Sat, 01 May 2010 08:39:53 -0400 xerces-c (3.1.0-3) unstable; urgency=low * Invoke configure with --disable-sse2 to disable sse2 extensions on platforms for which they not are enabled by default. This enables xerces-c to work on older ix86 processors in particular. This does not disable sse2 extensions on systems for which they are enabled by default, such as amd64 and ia64. (Closes: #574857) -- Jay Berkenbilt Fri, 09 Apr 2010 22:11:54 -0400 xerces-c (3.1.0-2) unstable; urgency=low * Fix importNode so that it works with xmlns=""; patch from upstream. (Closes: #572293) -- Jay Berkenbilt Sat, 06 Mar 2010 12:44:16 -0500 xerces-c (3.1.0-1) unstable; urgency=low * New upstream release * Updated standards version to 3.8.4. No changes required. -- Jay Berkenbilt Sat, 06 Feb 2010 16:46:23 -0500 xerces-c (3.1.0~rc1-1) unstable; urgency=low * New upstream release; public release candidate uploaded at request of upstream. * Updated source format to '3.0 (quilt)' -- Jay Berkenbilt Sat, 05 Dec 2009 14:58:32 -0500 xerces-c (3.0.1-2) unstable; urgency=low * Add dependency for libxerces-c-dev on libicu-dev. (Closes: #540964) * Update standards to 3.8.3. No changes required. * Apply patch to correct CVE-2009-1885: DoS attack from nested DTDs. (Closes: #540297) -- Jay Berkenbilt Fri, 21 Aug 2009 17:47:51 -0400 xerces-c (3.0.1-1) unstable; urgency=low * New upstream release -- Jay Berkenbilt Sun, 22 Feb 2009 16:52:23 -0500 xerces-c (3.0.0-1) experimental; urgency=low * New upstream release -- Jay Berkenbilt Fri, 03 Oct 2008 18:24:57 -0400 xerces-c (3.0.0~b2-1) experimental; urgency=low * New upstream release * Stopped using tarball in tarball, switched patchsys to quilt, and created README.source. Updated standards version to 3.8.0. -- Jay Berkenbilt Sat, 02 Aug 2008 09:12:24 -0400 xerces-c (3.0.0~b1-6) experimental; urgency=low * Regenerate Makefile.in from patched Makefile.am. -- Jay Berkenbilt Tue, 24 Jun 2008 10:56:57 -0400 xerces-c (3.0.0~b1-5) experimental; urgency=low * Add another change from upstream to address ICU-related failures. * Replace Apache License with reference to file in common-licenses. -- Jay Berkenbilt Mon, 23 Jun 2008 10:43:50 -0400 xerces-c (3.0.0~b1-4) experimental; urgency=low * Pull in all changes from upstream svn. See if this addresses ongoing build failures. -- Jay Berkenbilt Sat, 03 May 2008 09:46:49 -0400 xerces-c (3.0.0~b1-3) experimental; urgency=low * Fix signature of main. (Closes: #478418) -- Jay Berkenbilt Mon, 28 Apr 2008 22:14:15 -0400 xerces-c (3.0.0~b1-2) experimental; urgency=low * Apply patch from upstream to handle ICU makefile's use of .o or .ao for non-PIC object files on various platforms. (Closes: #474756) -- Jay Berkenbilt Sun, 27 Apr 2008 21:01:48 -0400 xerces-c (3.0.0~b1-1) experimental; urgency=low * Initial release of re-organized xerces packages. Going forward, any given debian release will contain only one version of xerces-c at any given major version number. This source package, xerces-c, will always correspond to the latest version. -- Jay Berkenbilt Sat, 22 Mar 2008 11:23:13 -0400