forked from pool/expat
8121760156
* Fixes CVE-2015-1283 — Multiple integer overflows in the XML_GetBuffer function * Fix potential null pointer dereference * Symbol XML_SetHashSalt was not exported * Output of xmlwf -h was incomplete * Document behavior of calling XML_SetHashSalt with salt 0 * Minor improvements to man page xmlwf(1) - Simplify expat-visibility.patch, refresh expat-alloc-size.patch - Drop config-guess-sub-update.patch, fixed upstream. OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=43
356 lines
12 KiB
Plaintext
356 lines
12 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed Mar 23 08:31:29 UTC 2016 - idonmez@suse.com
|
|
|
|
- Update to version 2.1.1
|
|
* Fixes CVE-2015-1283 — Multiple integer overflows in the
|
|
XML_GetBuffer function
|
|
* Fix potential null pointer dereference
|
|
* Symbol XML_SetHashSalt was not exported
|
|
* Output of xmlwf -h was incomplete
|
|
* Document behavior of calling XML_SetHashSalt with salt 0
|
|
* Minor improvements to man page xmlwf(1)
|
|
- Simplify expat-visibility.patch, refresh expat-alloc-size.patch
|
|
- Drop config-guess-sub-update.patch, fixed upstream.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jul 11 12:10:03 UTC 2015 - mpluskal@suse.com
|
|
|
|
- Cleanup spec file with spec-cleaner
|
|
- Remove old ppc obsoletes/provides
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 26 13:10:01 UTC 2013 - mmeister@suse.com
|
|
|
|
- Added url as source.
|
|
Please see http://en.opensuse.org/SourceUrls
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 21 16:02:17 UTC 2013 - jengelh@inai.de
|
|
|
|
- Sanitize description of expat (replace it with a more current
|
|
one from the homepage)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 4 12:59:44 UTC 2013 - schwab@suse.de
|
|
|
|
- Update config.guess/sub for aarch64
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 23 09:07:25 UTC 2013 - pgajdos@suse.com
|
|
|
|
- fix of fix of [bnc#798644]
|
|
- according to upstream changelog:
|
|
- Improved ability to build without the configure-generated
|
|
expat_config.h header. This is useful for applications
|
|
which embed Expat rather than linking in the library.
|
|
|
|
because I am not exactly sure about implication of this, rather use
|
|
-DXML_HAVE_VISIBILITY in CFLAG_VISIBILITY in expat-visibility.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 22 12:40:02 UTC 2013 - jengelh@inai.de
|
|
|
|
- Executing autoreconf requires autoconf BuildRequire
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 18 08:53:33 UTC 2013 - pgajdos@suse.com
|
|
|
|
- really hide private Xml* symbols [bnc#798644]
|
|
* modified visibility.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 10 19:06:34 UTC 2012 - tabraham@novell.com
|
|
|
|
- update to 2.1.0
|
|
- Bug Fixes:
|
|
#1742315: Harmful XML_ParserCreateNS suggestion.
|
|
#2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
|
|
#1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
|
|
#1983953, 2517952, 2517962, 2649838:
|
|
Build modifications using autoreconf instead of buildconf.sh.
|
|
#2815947, #2884086: OBJEXT and EXEEXT support while building.
|
|
#1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
|
|
#2517938: xmlwf should return non-zero exit status if not well-formed.
|
|
#2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
|
|
#2855609: Dangling positionPtr after error.
|
|
#2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
|
|
#2958794: CVE-2012-1148 - Memory leak in poolGrow.
|
|
#2990652: CMake support.
|
|
#3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
|
|
#3206497: Unitialized memory returned from XML_Parse.
|
|
#3287849: make check fails on mingw-w64.
|
|
#3496608: CVE-2012-0876 - Hash DOS attack.
|
|
|
|
- Patches:
|
|
#1749198: pkg-config support.
|
|
#3010222: Fix for bug #3010819.
|
|
#3312568: CMake support.
|
|
#3446384: Report byte offsets for attr names and values.
|
|
|
|
- New Features / API changes:
|
|
* Added new API member XML_SetHashSalt() that allows setting an
|
|
intial value (salt) for hash calculations. This is part of the
|
|
fix for bug #3496608 to randomize hash parameters.
|
|
* When compiled with XML_ATTR_INFO defined, adds new API member
|
|
XML_GetAttributeInfo() that allows retrieving the byte
|
|
offsets for attribute names and values (patch #3446384).
|
|
* Added CMake build system. See bug #2990652 and patch #3312568.
|
|
* Added run-benchmark target to Makefile.in - relies on testdata
|
|
module present in the same relative location as in the repository.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 6 03:01:08 UTC 2012 - tabraham@novell.com
|
|
|
|
- update to 2.1.0 beta
|
|
* refreshed expat-visibility.patch
|
|
* removed obsolete expat-CVE-2009-3560.patch
|
|
* removed obsolete expat-CVE-2009-2625.patch
|
|
|
|
- hash table DOS attack fix
|
|
- accumulated bug fixes and some changes to the build system
|
|
- new conditional feature to make byte offsets for attributes
|
|
and attribute names available
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Feb 12 14:42:34 UTC 2012 - crrodriguez@opensuse.org
|
|
|
|
- Put libraries back to %{_libdir}, /usr merge project
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 2 12:43:19 UTC 2011 - coolo@suse.com
|
|
|
|
- add automake as buildrequire to avoid implicit dependency
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Oct 30 22:03:29 UTC 2011 - crrodriguez@opensuse.org
|
|
|
|
- Hide non public symbols reusing existing win32 API export/imports
|
|
- annotate malloc/realloc-like functions with attribute alloc_size
|
|
to catch possible misuses in calling code.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Sep 18 17:17:12 UTC 2011 - jengelh@medozas.de
|
|
|
|
- Remove redundant/obsolete tags/sections from specfile
|
|
(cf. packaging guidelines)
|
|
- Use %_smp_mflags for parallel build
|
|
- Add libexpat-devel to baselibs
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 25 16:01:01 UTC 2011 - prusnak@opensuse.org
|
|
|
|
- fix license (MIT) in spec file
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 8 15:04:28 CET 2010 - prusnak@suse.cz
|
|
|
|
- fix CVE-2009-3560.patch [bnc#566434]
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 13 19:28:22 CET 2009 - jengelh@medozas.de
|
|
|
|
- add baselibs.conf as a source
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 4 15:43:29 CET 2009 - prusnak@suse.cz
|
|
|
|
- fix DoS (CVE-2009-3560.patch) [bnc#558892]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 29 14:22:47 CET 2009 - prusnak@suse.cz
|
|
|
|
- fix DoS (CVE-2009-2625.patch) [bnc#550664]
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Apr 5 15:45:49 CEST 2009 - crrodriguez@suse.de
|
|
|
|
- test suite requires gcc-c++ to compile
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 19 04:55:08 CET 2009 - crrodriguez@suse.de
|
|
|
|
- remove static libraries, shouldnt be needed anymore.
|
|
- run make check
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
|
|
|
|
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
|
|
(bnc#437293)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
|
|
|
|
- obsolete old -XXbit packages (bnc#437293)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
|
|
|
- added baselibs.conf file to build xxbit packages
|
|
for multilib support
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jul 28 19:38:40 CEST 2007 - coolo@suse.de
|
|
|
|
- fix devel symlink
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 25 11:29:59 CEST 2007 - prusnak@suse.cz
|
|
|
|
- move libraries from /usr/lib to /lib [#285472]
|
|
- replace deprecated %run_ldconfig with /sbin/ldconfig
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 7 16:46:32 CEST 2007 - prusnak@suse.cz
|
|
|
|
- update to 2.0.1:
|
|
( from Changes )
|
|
* Fixed bugs #1515266, 1515600: The character data handler's calling
|
|
of XML_StopParser() was not handled properly; if the parser was
|
|
stopped and the handler set to NULL, the parser would segfault.
|
|
* Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
|
|
some character constants to be ASCII encoded.
|
|
* Minor cleanups of the test harness.
|
|
* Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
|
|
* Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
|
|
* Fixes and improvements for Windows platform:
|
|
bugs #1409451, #1476160, 1548182, 1602769, 1717322.
|
|
* Build fixes for various platforms:
|
|
HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
|
|
All Unix: #1554618 (refreshed config.sub/config.guess).
|
|
#1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
|
|
without relying on GNU-Make specific features.
|
|
#1647805: Patched configure.in to work better with Intel compiler.
|
|
* Fixes to Makefile.in to have make check work correctly:
|
|
bugs #1408143, #1535603, #1536684.
|
|
* Added Open Watcom support: patch #1523242.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 17 18:49:10 CEST 2007 - prusnak@suse.cz
|
|
|
|
- split libexpat1 and libexpat-devel subpackages [#260214]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 19 12:37:07 CEST 2006 - dmueller@suse.de
|
|
|
|
- strip .la file
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 25 21:30:10 CET 2006 - mls@suse.de
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 13 00:21:55 CET 2006 - ro@suse.de
|
|
|
|
- fixed file list for debuginfo package (do not pack all of libdir)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 11 17:43:46 CET 2006 - mjancar@suse.cz
|
|
|
|
- update to 2.0.0
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 9 13:25:07 CET 2006 - mjancar@suse.cz
|
|
|
|
- update to 2.0 pre release
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 10 11:54:21 CET 2004 - ro@suse.de
|
|
|
|
- fixed filelist
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 09 16:26:05 CEST 2004 - tcrhak@suse.cz
|
|
|
|
- update to 1.95.8
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 5 18:28:34 CET 2004 - kukuk@suse.de
|
|
|
|
- Build as user
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 05 18:00:24 CET 2004 - tcrhak@suse.cz
|
|
|
|
- update to version 1.95.7
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 18 15:36:28 CET 2003 - tcrhak@suse.cz
|
|
|
|
- in expat.h, declare enum XML_Status before using it;
|
|
put into patch "...-header.diff" [bug #23742]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 17 18:05:52 CET 2003 - tcrhak@suse.cz
|
|
|
|
- updated to version 1.95.6
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 22 18:21:13 CET 2002 - tcrhak@suse.cz
|
|
|
|
- update to version 1.95.5
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jul 13 15:14:59 CEST 2002 - tcrhak@suse.cz
|
|
|
|
- update to version 1.95.4
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 28 15:17:43 CET 2002 - tcrhak@suse.cz
|
|
|
|
- added parameter --target to configure
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 14 13:25:11 CET 2002 - rvasice@suse.cz
|
|
|
|
- use %{_libdir} and %{_lib}
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 20 18:41:35 CET 2001 - rvasice@suse.cz
|
|
|
|
- fix URL in spec file
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 15 19:54:16 CEST 2001 - rvasice@suse.cz
|
|
|
|
- update to version 1.95.2
|
|
- spec file cleanup
|
|
- added DESTDIR
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 14 12:08:01 CEST 2001 - pblaha@suse.cz
|
|
|
|
- fixed links for soname of libexpat.so*
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 11 09:03:03 CEST 2001 - cihlar@suse.cz
|
|
|
|
- fixed soname of libexpat.so.1.2
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 5 10:13:20 CET 2001 - pblaha@suse.cz
|
|
|
|
- back on stable version 1.2 added build shared libexpat.so
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 4 15:46:21 CET 2001 - pblaha@suse.cz
|
|
|
|
- update on 1.95.1 on sourgeforge needed for midgard
|
|
- new description
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 9 11:01:23 CET 2000 - ke@suse.de
|
|
|
|
- Don't "install" symlinks; use "cp"; reported by bs; proposed fix
|
|
by ro.
|
|
- Cleanup the spec file: better Group tag; more accurate files list.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 23 14:59:17 CET 1999 - ke@suse.de
|
|
|
|
- first SuSE package: version 1.1.
|
|
- apply Debian patch to build shared libs.
|
|
- build libexpat.a.
|
|
|