diff options
Diffstat (limited to 'libxerces-c/README-DEV')
-rw-r--r-- | libxerces-c/README-DEV | 22 |
1 files changed, 4 insertions, 18 deletions
diff --git a/libxerces-c/README-DEV b/libxerces-c/README-DEV index 5321a20..cb7bc86 100644 --- a/libxerces-c/README-DEV +++ b/libxerces-c/README-DEV @@ -50,21 +50,7 @@ $ ln -s ../../../upstream/samples/src/PSVIWriter tests/psvi-writer/ We also apply the following patches: -1) Fix of the use-after-free error (CVE-2018-1311) triggered during the - scanning of external DTDs (see https://security-tracker.debian.org/tracker/CVE-2018-1311 - for details). - - There is no upstream fix and only suggested mitigations, at time of this - writing (see https://issues.apache.org/jira/browse/XERCESC-2188 for - details). Thus, we mitigate the issue at the expense of a memory leak, as - it is done by Debian (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947431). - - $ cp --remove-destination ../upstream/src/xercesc/internal/IGXMLScanner.cpp \ - xercesc/internal/ - - $ git apply xercesc/dtd-decl-use-after-free.patch - -2) The explicit template instantiation declarations and definitions patch (see +1) The explicit template instantiation declarations and definitions patch (see xercesc/util/Xerces_autoconf_config.hpp for details): $ cp --remove-destination ../upstream/src/xercesc/util/{Janitor.hpp,JanitorExports.cpp} \ @@ -72,7 +58,7 @@ We also apply the following patches: $ git apply xercesc/export-template-instantiations.patch -3) The inline functions definition/usage order change to prevent MinGW GCC +2) The inline functions definition/usage order change to prevent MinGW GCC from complaining when compile code that uses libxerces-c: $ cp --remove-destination ../upstream/src/xercesc/util/KVStringPair.hpp \ @@ -80,7 +66,7 @@ We also apply the following patches: $ git apply xercesc/inline-funcs-def-usage-order.patch -4) Patch source files, so that they are properly UTF-8-encoded: +3) Patch source files, so that they are properly UTF-8-encoded: $ cp --remove-destination ../upstream/src/xercesc/validators/schema/TraverseSchema.cpp \ xercesc/validators/schema/ @@ -90,7 +76,7 @@ We also apply the following patches: $ git apply xercesc/utf-8.patch -5) Patch of the net accessor test, which by some reason exits with the zero +4) Patch of the net accessor test, which by some reason exits with the zero status printing the diagnostics to stdout for some errors: $ cp ../upstream/tests/src/NetAccessorTest/NetAccessorTest.cpp \ |