apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: apr 0.9.19/apr-util 0.9.18?
Date Fri, 08 Oct 2010 21:47:44 GMT
On 08.10.2010 17:45, Jeff Trawick wrote:
> On Fri, Oct 8, 2010 at 9:50 AM, Rainer Jung<rainer.jung@kippdata.de>  wrote:
>> On 04.10.2010 13:00, Jeff Trawick wrote:
>>> (Both have critical fixes which are currently available only as patches.)
>>> I can T&R as long as the trees are ready by approx. Thursday (I'm on
>>> the road next week).  It would be great to get expat taken care of but
>>> I can't volunteer any time on that.
>> If noone else already works on it, I can try to do the update during the
>> next 24 hours.
> cool!

OK, done so far. First build tests on Solaris look good. I can even do 
an out of tree build.

Some comments:

- Tests

I added the billion laughs test and the alpha and beta test for 
CVE-2009-3720. I'm not yet sure, whether those tests really work. The 
testing in 0.9 is very different from 1.3.

Building the tests might be broken for Windows and Netware, although I'm 
not aware of any obvious problem.

- Checking expat security fixes

I don't know how to reliably check, whether the CVEs have actually been 
closed. Would be good if someone could confirm for 0.9 too.

- Windows build files

I didn't backport 1003370 (Windows dsp files), because those files 
differ significantly. I hope Bill can have a look.

We might also take the opportunity of adding mak and dep files, like we 
have in the newer branches, but of course that's not a show stopper for 0.9



View raw message