incubator-ooo-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 121163] New: Update internal expat to version 2.1.0
Date Thu, 04 Oct 2012 20:29:09 GMT
https://issues.apache.org/ooo/show_bug.cgi?id=121163

          Priority: P3
            Bug ID: 121163
          Assignee: ooo-issues@incubator.apache.org
           Summary: Update internal expat to version 2.1.0
          Severity: minor
        Issue Type: DEFECT
    Classification: Code
                OS: All
          Reporter: pfg@apache.org
          Hardware: All
            Status: CONFIRMED
           Version: AOO350-dev
         Component: www
           Product: external prerequisites

The expat package hadn't been updated since June 2007

http://expat.sourceforge.net/

The new update has multiple bugfixes:

Release 2.1.0 Sat March 24 2012
        - Bug Fixes:
          #1742315: Harmful XML_ParserCreateNS suggestion.
          #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
          #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
          #1983953, 2517952, 2517962, 2649838: 
                Build modifications using autoreconf instead of buildconf.sh.
          #2815947, #2884086: OBJEXT and EXEEXT support while building.
          #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
          #2517938: xmlwf should return non-zero exit status if not
well-formed.
          #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
          #2855609: Dangling positionPtr after error.
          #2894085: CVE-2009-3560 - Buffer over-read and crash in
big2_toUtf8().
          #2958794: CVE-2012-1148 - Memory leak in poolGrow.
          #2990652: CMake support.
          #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
          #3206497: Unitialized memory returned from XML_Parse.
          #3287849: make check fails on mingw-w64.
          #3496608: CVE-2012-0876 - Hash DOS attack.
        - Patches:
          #1749198: pkg-config support.
          #3010222: Fix for bug #3010819.
          #3312568: CMake support.
          #3446384: Report byte offsets for attr names and values.
        - New Features / API changes:
          Added new API member XML_SetHashSalt() that allows setting an initial
                value (salt) for hash calculations. This is part of the fix for
                bug #3496608 to randomize hash parameters.
          When compiled with XML_ATTR_INFO defined, adds new API member
                XML_GetAttributeInfo() that allows retrieving the byte
                offsets for attribute names and values (patch #3446384).
          Added CMake build system.
                See bug #2990652 and patch #3312568.
          Added run-benchmark target to Makefile.in - relies on testdata module
                present in the same relative location as in the repository.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Mime
View raw message