Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS import: src/external/mit/expat/dist
Module Name: src
Committed By: christos
Date: Sat Jun 17 21:59:12 UTC 2017
Update of /cvsroot/src/external/mit/expat/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv19443
Log Message:
Release 2.2.1 Sat June 17 2017
Security fixes:
CVE-2017-9233 -- External entity infinite loop DoS
Details: https://libexpat.github.io/doc/cve-2017-9233/
Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
[MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
d4f735b88d9932bd5039df2335eefdd0723dbe20
(Fixed version of existing downstream patches!)
(SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
longer tag names; commits
* 896b6c1fd3b842f377d1b62135dccf0a579cf65d
* af507cef2c93cb8d40062a0abe43a4f4e9158fb2
#16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
#25 More integer overflow detection (function poolGrow); commits
* 810b74e4703dcfdd8f404e3cb177d44684775143
* 44178553f3539ce69d34abee77a05e879a7982ac
[MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
* 4be2cb5afcc018d996f34bbbce6374b7befad47f
* 7e5b71b748491b6e459e5c9a1d090820f94544d8
[MOX-005] #30 Use high quality entropy for hash initialization:
* arc4random_buf on BSD, systems with libbsd
(when configured with --with-libbsd), CloudABI
* RtlGenRandom on Windows XP / Server 2003 and later
* getrandom on Linux 3.17+
In a way, that's still part of CVE-2016-5300.
https://github.com/libexpat/libexpat/pull/30/commits
[MOX-005] For the low quality entropy extraction fallback code,
the parser instance address can no longer leak, commit
04ad658bd3079dd15cb60fc67087900f0ff4b083
[MOX-003] Prevent use of uninitialised variable; commit
[MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
Add missing parameter validation to public API functions
and dedicated error code XML_ERROR_INVALID_ARGUMENT:
[MOX-006] * NULL checks; commits
* d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
* 9ed727064b675b7180c98cb3d4f75efba6966681
* 6a747c837c50114dfa413994e07c0ba477be4534
* Negative length (XML_Parse); commit
[MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
[MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
to go further with fixing CVE-2012-0876.
https://github.com/libexpat/libexpat/pull/39/commits
Bug fixes:
#32 Fix sharing of hash salt across parsers;
relevant where XML_ExternalEntityParserCreate is called
prior to XML_Parse, in particular (e.g. FBReader)
#28 xmlwf: Auto-disable use of memory-mapping (and parsing
as a single chunk) for files larger than ~1 GB (2^30 bytes)
rather than failing with error "out of memory"
#3 Fix double free after malloc failure in DTD code; commit
7ae9c3d3af433cd4defe95234eae7dc8ed15637f
#17 Fix memory leak on parser error for unbound XML attribute
prefix with new namespaces defined in the same tag;
found by Google's OSS-Fuzz; commits
* 16f87daae5a16132e479e4f71862128c7a915c73
* b47dbc9745932c160893d433220e462bd605f8cd
xmlwf on Windows: Add missing calls to CloseHandle
New features:
#30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
for runtime debugging of entropy extraction
Other changes:
Increase code coverage
#33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
XML_UNICODE_WCHAR_T was never meant to be used outside
of Windows; 4-byte wchar_t is common on Linux
(SF.net) #538 Start using -fno-strict-aliasing
(SF.net) #540 Support compilation against cloudlibc of CloudABI
Allow MinGW cross-compilation
(SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default)
to bypass compilation of the xmlwf.1 man page
(SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default)
to bypass installation of expat files
CMake: Fix ninja support
Autotools: Add parameters --enable-xml-context [COUNT]
and --disable-xml-context; default of context of 1024
bytes enabled unchanged
#14 Drop AmigaOS 4.x code and includes
#14 Drop ancient build systems:
* Borland C++ Builder
* OpenVMS
* Open Watcom
* Visual Studio 6.0
* Pre-X Mac OS (MPW Makefile)
If you happen to rely on some of these, please get in
touch for joining with maintenance.
#10 Move from WIN32 to _WIN32
#13 Fix "make run-xmltest" order instability
Address compile warnings
Bump version info from 7:2:6 to 7:3:6
Add AUTHORS file
Infrastructure:
#1 Migrate from SourceForge to GitHub (except downloads):
https://github.com/libexpat/
#1 Re-create http://libexpat.org/ project website
Start utilizing Travis CI
Special thanks to:
Andy Wang
Don Lewis
Ed Schouten
Karl Waclawek
Pascal Cuoq
Rhodri James
Sergei Nikulov
Tobias Taschner
Viktor Szakats
and
Core Infrastructure Initiative
Mozilla Foundation (MOSS Track 3: Secure Open Source)
Radically Open Security
Status:
Vendor Tag: expat
Release Tags: expat-2-2-1
N src/external/mit/expat/dist/AUTHORS
U src/external/mit/expat/dist/Makefile.in
U src/external/mit/expat/dist/COPYING
U src/external/mit/expat/dist/configure.ac
U src/external/mit/expat/dist/MANIFEST
U src/external/mit/expat/dist/expat_config.h.in
N src/external/mit/expat/dist/run.sh.in
U src/external/mit/expat/dist/configure
U src/external/mit/expat/dist/README
U src/external/mit/expat/dist/ConfigureChecks.cmake
U src/external/mit/expat/dist/CMakeLists.txt
U src/external/mit/expat/dist/aclocal.m4
U src/external/mit/expat/dist/CMake.README
U src/external/mit/expat/dist/expat_config.h.cmake
U src/external/mit/expat/dist/expat.pc.in
U src/external/mit/expat/dist/Changes
U src/external/mit/expat/dist/xmlwf/win32filemap.c
U src/external/mit/expat/dist/xmlwf/xmltchar.h
U src/external/mit/expat/dist/xmlwf/codepage.h
U src/external/mit/expat/dist/xmlwf/xmlurl.h
U src/external/mit/expat/dist/xmlwf/unixfilemap.c
U src/external/mit/expat/dist/xmlwf/xmlmime.h
U src/external/mit/expat/dist/xmlwf/filemap.h
U src/external/mit/expat/dist/xmlwf/ct.c
U src/external/mit/expat/dist/xmlwf/codepage.c
U src/external/mit/expat/dist/xmlwf/xmlwin32url.cxx
U src/external/mit/expat/dist/xmlwf/xmlfile.c
U src/external/mit/expat/dist/xmlwf/xmlfile.h
U src/external/mit/expat/dist/xmlwf/xmlwf.c
U src/external/mit/expat/dist/xmlwf/readfilemap.c
U src/external/mit/expat/dist/xmlwf/xmlmime.c
U src/external/mit/expat/dist/m4/lt~obsolete.m4
U src/external/mit/expat/dist/m4/ltsugar.m4
U src/external/mit/expat/dist/m4/ltversion.m4
U src/external/mit/expat/dist/m4/libtool.m4
U src/external/mit/expat/dist/m4/ltoptions.m4
U src/external/mit/expat/dist/examples/elements.c
U src/external/mit/expat/dist/examples/outline.c
U src/external/mit/expat/dist/win32/README.txt
U src/external/mit/expat/dist/win32/expat.iss
U src/external/mit/expat/dist/win32/MANIFEST.txt
U src/external/mit/expat/dist/conftools/mkinstalldirs
U src/external/mit/expat/dist/conftools/ltmain.sh
U src/external/mit/expat/dist/conftools/PrintPath
U src/external/mit/expat/dist/conftools/install-sh
U src/external/mit/expat/dist/conftools/expat.m4
C src/external/mit/expat/dist/conftools/config.guess
U src/external/mit/expat/dist/conftools/ac_c_bigendian_cross.m4
U src/external/mit/expat/dist/conftools/get-version.sh
C src/external/mit/expat/dist/conftools/config.sub
U src/external/mit/expat/dist/doc/valid-xhtml10.png
U src/external/mit/expat/dist/doc/reference.html
U src/external/mit/expat/dist/doc/style.css
U src/external/mit/expat/dist/doc/expat.png
U src/external/mit/expat/dist/doc/xmlwf.1
U src/external/mit/expat/dist/doc/xmlwf.xml
U src/external/mit/expat/dist/tests/README.txt
C src/external/mit/expat/dist/tests/xmltest.sh
U src/external/mit/expat/dist/tests/chardata.h
N src/external/mit/expat/dist/tests/memcheck.c
U src/external/mit/expat/dist/tests/minicheck.h
U src/external/mit/expat/dist/tests/minicheck.c
N src/external/mit/expat/dist/tests/memcheck.h
U src/external/mit/expat/dist/tests/runtests.c
U src/external/mit/expat/dist/tests/runtestspp.cpp
U src/external/mit/expat/dist/tests/chardata.c
U src/external/mit/expat/dist/tests/benchmark/README.txt
U src/external/mit/expat/dist/tests/benchmark/benchmark.c
U src/external/mit/expat/dist/lib/libexpatw.def
U src/external/mit/expat/dist/lib/xmltok.h
U src/external/mit/expat/dist/lib/xmlrole.h
U src/external/mit/expat/dist/lib/latin1tab.h
U src/external/mit/expat/dist/lib/xmltok_impl.h
N src/external/mit/expat/dist/lib/siphash.h
U src/external/mit/expat/dist/lib/nametab.h
U src/external/mit/expat/dist/lib/expat_external.h
U src/external/mit/expat/dist/lib/utf8tab.h
U src/external/mit/expat/dist/lib/xmlrole.c
U src/external/mit/expat/dist/lib/expat.h
U src/external/mit/expat/dist/lib/winconfig.h
U src/external/mit/expat/dist/lib/asciitab.h
C src/external/mit/expat/dist/lib/xmltok.c
U src/external/mit/expat/dist/lib/iasciitab.h
U src/external/mit/expat/dist/lib/xmltok_ns.c
U src/external/mit/expat/dist/lib/internal.h
C src/external/mit/expat/dist/lib/xmlparse.c
U src/external/mit/expat/dist/lib/xmltok_impl.c
U src/external/mit/expat/dist/lib/libexpat.def
U src/external/mit/expat/dist/lib/ascii.h
5 conflicts created by this import.
Use the following command to help the merge:
cvs checkout -jexpat:yesterday -jexpat src/external/mit/expat/dist
Home |
Main Index |
Thread Index |
Old Index