rpm/expat
SHA256
1
0
Fork 0
forked from pool/expat
Code Pull Requests Activity
44 Commits 2 Branches 0 Tags 470 KiB
HTML 100%
87920586bc
Go to file
Tomáš Chvátal 87920586bc Accepting request 508174 from home:msmeissn:branches:devel:libraries:c_c++ 
- Version update to 2.2.1 Sat June 17 2017
  - Security fixes:
                    CVE-2017-9233 / bsc#1047236 -- External entity infinite loop DoS
                    Details: https://libexpat.github.io/doc/cve-2017-9233/
                    Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
   - [MOX-002]      CVE-2016-9063 / bsc#1047240 -- Detect integer overflow; 
                    (Fixed version of existing downstream patches!)
   - (SF.net) #539  Fix regression from fix to CVE-2016-0718 cutting off
                    longer tag names; 
               #25  More integer overflow detection (function poolGrow); 
   - [MOX-002]      Detect overflow from len=INT_MAX call to XML_Parse; 
   - [MOX-005] #30  Use high quality entropy for hash initialization:
                    * arc4random_buf on BSD, systems with libbsd
                      (when configured with --with-libbsd), CloudABI
                    * RtlGenRandom on Windows XP / Server 2003 and later
                    * getrandom on Linux 3.17+
                    In a way, that's still part of CVE-2016-5300.
                    https://github.com/libexpat/libexpat/pull/30/commits
   - [MOX-005] For the low quality entropy extraction fallback code,
               the parser instance address can no longer leak, 
   - [MOX-003] Prevent use of uninitialised variable; commit
   - [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
               Add missing parameter validation to public API functions
               and dedicated error code XML_ERROR_INVALID_ARGUMENT:
   - [MOX-006] * NULL checks; commits
               * Negative length (XML_Parse); commit
   - [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
   - [MOX-001] #35  Change hash algorithm to William Ahern's version of SipHash
                    to go further with fixing CVE-2012-0876.
                    https://github.com/libexpat/libexpat/pull/39/commits

OBS-URL: https://build.opensuse.org/request/show/508174
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=57
2017-07-04 16:25:59 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=1 2006-12-18 23:15:51 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=1 2006-12-18 23:15:51 +00:00
baselibs.conf Accepting request 83485 from home:jengelh:bl-e 2011-09-19 09:53:57 +00:00
expat-2.2.1.tar.bz2 Accepting request 508174 from home:msmeissn:branches:devel:libraries:c_c++ 2017-07-04 16:25:59 +00:00
expat.changes Accepting request 508174 from home:msmeissn:branches:devel:libraries:c_c++ 2017-07-04 16:25:59 +00:00
expat.spec Accepting request 508174 from home:msmeissn:branches:devel:libraries:c_c++ 2017-07-04 16:25:59 +00:00
expatfaq.html OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=1 2006-12-18 23:15:51 +00:00