DragonFly BSD
DragonFly commits List (threaded) for 2013-04
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

git: libexpat (libbsdxml): Upgrade from version 2.0.1 to 2.1.0


From: John Marino <marino@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Apr 2013 06:58:24 -0700 (PDT)

commit 738892e281b16e092079897b65e3f0617269fc01
Author: John Marino <draco@marino.st>
Date:   Tue Apr 23 13:38:06 2013 +0200

    libexpat (libbsdxml): Upgrade from version 2.0.1 to 2.1.0
    
    This is a security update.  Bug fixes since Release 2.0.1:
      #1742315: Harmful XML_ParserCreateNS suggestion.
      #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
      #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
      #1983953, 2517952, 2517962, 2649838:
                Build modifications using autoreconf instead of buildconf.sh.
      #2815947, #2884086: OBJEXT and EXEEXT support while building.
      #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
      #2517938: xmlwf should return non-zero exit status if not well-formed.
      #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
      #2855609: Dangling positionPtr after error.
      #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
      #2958794: CVE-2012-1148 - Memory leak in poolGrow.
      #2990652: CMake support.
      #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
      #3206497: Unitialized memory returned from XML_Parse.
      #3287849: make check fails on mingw-w64.
      #3496608: CVE-2012-0876 - Hash DOS attack.
    
    New Features / API changes:
      Added new API member XML_SetHashSalt() that allows setting an intial
        value (salt) for hash calculations. This is part of the fix for
        bug #3496608 to randomize hash parameters.
      When compiled with XML_ATTR_INFO defined, adds new API member
        XML_GetAttributeInfo() that allows retrieving the byte
        offsets for attribute names and values (patch #3446384).
      Added CMake build system.
        See bug #2990652 and patch #3312568.
      Added run-benchmark target to Makefile.in - relies on testdata module
        present in the same relative location as in the repository.

Summary of changes:
 contrib/expat/README.DELETED   | 22 ++++++++++++++++++++++
 contrib/expat/README.DRAGONFLY | 14 +++++++++++---
 lib/libexpat/expat_config.h    | 38 +++++++++++++++++++++-----------------
 3 files changed, 54 insertions(+), 20 deletions(-)
 create mode 100644 contrib/expat/README.DELETED

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/738892e281b16e092079897b65e3f0617269fc01


-- 
DragonFly BSD source repository



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]