SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libexpat1-2.2.1-165.1.x86_64.rpm :
Tue Jul 11 14:00:00 2017 mpluskalAATTsuse.com
- Build with profiling when possible

Tue Jul 4 14:00:00 2017 meissnerAATTsuse.com
- Version update to 2.2.1 Sat June 17 2017
- Security fixes:
CVE-2017-9233 / bsc#1047236 -- External entity infinite loop DoS
Details: https://libexpat.github.io/doc/cve-2017-9233/
Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
- [MOX-002] CVE-2016-9063 / bsc#1047240 -- Detect integer overflow;
(Fixed version of existing downstream patches!)
- (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
longer tag names;
[#25] More integer overflow detection (function poolGrow);
- [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse;
- [MOX-005] #30 Use high quality entropy for hash initialization:

* arc4random_buf on BSD, systems with libbsd
(when configured with --with-libbsd), CloudABI

* RtlGenRandom on Windows XP / Server 2003 and later

* getrandom on Linux 3.17+
In a way, that\'s still part of CVE-2016-5300.
https://github.com/libexpat/libexpat/pull/30/commits
- [MOX-005] For the low quality entropy extraction fallback code,
the parser instance address can no longer leak,
- [MOX-003] Prevent use of uninitialised variable; commit
- [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
Add missing parameter validation to public API functions
and dedicated error code XML_ERROR_INVALID_ARGUMENT:
- [MOX-006]
* NULL checks; commits

* Negative length (XML_Parse); commit
- [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
- [MOX-001] #35 Change hash algorithm to William Ahern\'s version of SipHash
to go further with fixing CVE-2012-0876.
https://github.com/libexpat/libexpat/pull/39/commits
- Bug fixes:
[#32] Fix sharing of hash salt across parsers;
relevant where XML_ExternalEntityParserCreate is called
prior to XML_Parse, in particular (e.g. FBReader)
[#28] xmlwf: Auto-disable use of memory-mapping (and parsing
as a single chunk) for files larger than ~1 GB (2^30 bytes)
rather than failing with error \"out of memory\"
[#3] Fix double free after malloc failure in DTD code; commit
7ae9c3d3af433cd4defe95234eae7dc8ed15637f
[#17] Fix memory leak on parser error for unbound XML attribute
prefix with new namespaces defined in the same tag;
found by Google\'s OSS-Fuzz; commits
xmlwf on Windows: Add missing calls to CloseHandle
- New features:
[#30] Introduced environment switch EXPAT_ENTROPY_DEBUG=1
for runtime debugging of entropy extraction
Bump version info from 7:2:6 to 7:3:6

Mon Jul 18 14:00:00 2016 jengelhAATTinai.de
- Remove pointless --with-pic (for static only)

Thu Jul 14 14:00:00 2016 tchvatalAATTsuse.com
- Version update to 2.2.0:

* Fixes bnc#983215 CVE-2012-6702

* Fixes bnc#983216 CVE-2016-5300

* Various cmake and autotools script updates

* Fix detection of utf8 character boundaries
- Remove all patches merged upstream:

* expat-2.1.1-avoid_relying_on_undef_behaviour.patch

* expat-2.1.1-parser_crashes_on_malformed_input.patch

* expat-alloc-size.patch

* expat-visibility.patch

Wed May 18 14:00:00 2016 kstreitovaAATTsuse.com
- add expat-2.1.1-avoid_relying_on_undef_behaviour.patch to avoid
relying on undefined behavior in the original CVE-2015-1283 fix
[bnc#980391], [bnc#983985], [CVE-2016-4472]
- add expat-2.1.1-parser_crashes_on_malformed_input.patch to fix
Expat XML parser that mishandles certain kinds of malformed input
documents [bnc#979441], [CVE-2016-0718]
- use spec-cleaner to clean specfile

Fri Apr 1 14:00:00 2016 crrodriguezAATTopensuse.org
- After simplification of expat-visibility.patch, it became
uneffective as no symbols are getting hidden. add
- fvisibility=hidden to CFLAGS again.
- expat-alloc-size.patch: fix braino, realloc()-like functions
should not take __attribute__(malloc)

Wed Mar 23 13:00:00 2016 idonmezAATTsuse.com
- Update to version 2.1.1

* Fixes CVE-2015-1283 — Multiple integer overflows in the
XML_GetBuffer function

* Fix potential null pointer dereference

* Symbol XML_SetHashSalt was not exported

* Output of xmlwf -h was incomplete

* Document behavior of calling XML_SetHashSalt with salt 0

* Minor improvements to man page xmlwf(1)
- Simplify expat-visibility.patch, refresh expat-alloc-size.patch
- Drop config-guess-sub-update.patch, fixed upstream.

Sat Jul 11 14:00:00 2015 mpluskalAATTsuse.com
- Cleanup spec file with spec-cleaner
- Remove old ppc obsoletes/provides

Tue Mar 26 13:00:00 2013 mmeisterAATTsuse.com
- Added url as source.
Please see http://en.opensuse.org/SourceUrls

Thu Feb 21 13:00:00 2013 jengelhAATTinai.de
- Sanitize description of expat (replace it with a more current
one from the homepage)

Mon Feb 4 13:00:00 2013 schwabAATTsuse.de
- Update config.guess/sub for aarch64

Wed Jan 23 13:00:00 2013 pgajdosAATTsuse.com
- fix of fix of [bnc#798644]
- according to upstream changelog:
- Improved ability to build without the configure-generated
expat_config.h header. This is useful for applications
which embed Expat rather than linking in the library.
because I am not exactly sure about implication of this, rather use
- DXML_HAVE_VISIBILITY in CFLAG_VISIBILITY in expat-visibility.patch

Tue Jan 22 13:00:00 2013 jengelhAATTinai.de
- Executing autoreconf requires autoconf BuildRequire

Fri Jan 18 13:00:00 2013 pgajdosAATTsuse.com
- really hide private Xml
* symbols [bnc#798644]

* modified visibility.patch

Tue Apr 10 14:00:00 2012 tabrahamAATTnovell.com
- update to 2.1.0
- Bug Fixes:
[#1742315]: Harmful XML_ParserCreateNS suggestion.
[#2895533]: CVE-2012-1147 - Resource leak in readfilemap.c.
[#1785430]: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
[#1983953], 2517952, 2517962, 2649838:
Build modifications using autoreconf instead of buildconf.sh.
[#2815947], #2884086: OBJEXT and EXEEXT support while building.
[#1990430]: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
[#2517938]: xmlwf should return non-zero exit status if not well-formed.
[#2517946]: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
[#2855609]: Dangling positionPtr after error.
[#2894085]: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
[#2958794]: CVE-2012-1148 - Memory leak in poolGrow.
[#2990652]: CMake support.
[#3010819]: UNEXPECTED_STATE with a trailing \"%\" in entity value.
[#3206497]: Unitialized memory returned from XML_Parse.
[#3287849]: make check fails on mingw-w64.
[#3496608]: CVE-2012-0876 - Hash DOS attack.
- Patches:
[#1749198]: pkg-config support.
[#3010222]: Fix for bug #3010819.
[#3312568]: CMake support.
[#3446384]: Report byte offsets for attr names and values.
- New Features / API changes:

* Added new API member XML_SetHashSalt() that allows setting an
intial value (salt) for hash calculations. This is part of the
fix for bug #3496608 to randomize hash parameters.

* When compiled with XML_ATTR_INFO defined, adds new API member
XML_GetAttributeInfo() that allows retrieving the byte
offsets for attribute names and values (patch #3446384).

* Added CMake build system. See bug #2990652 and patch #3312568.

* Added run-benchmark target to Makefile.in - relies on testdata
module present in the same relative location as in the repository.

Tue Mar 6 13:00:00 2012 tabrahamAATTnovell.com
- update to 2.1.0 beta

* refreshed expat-visibility.patch

* removed obsolete expat-CVE-2009-3560.patch

* removed obsolete expat-CVE-2009-2625.patch
- hash table DOS attack fix
- accumulated bug fixes and some changes to the build system
- new conditional feature to make byte offsets for attributes
and attribute names available

Sun Feb 12 13:00:00 2012 crrodriguezAATTopensuse.org
- Put libraries back to %{_libdir}, /usr merge project

Fri Dec 2 13:00:00 2011 cooloAATTsuse.com
- add automake as buildrequire to avoid implicit dependency

Sun Oct 30 13:00:00 2011 crrodriguezAATTopensuse.org
- Hide non public symbols reusing existing win32 API export/imports
- annotate malloc/realloc-like functions with attribute alloc_size
to catch possible misuses in calling code.

Sun Sep 18 14:00:00 2011 jengelhAATTmedozas.de
- Remove redundant/obsolete tags/sections from specfile
(cf. packaging guidelines)
- Use %_smp_mflags for parallel build
- Add libexpat-devel to baselibs

Fri Feb 25 13:00:00 2011 prusnakAATTopensuse.org
- fix license (MIT) in spec file

Fri Jan 8 13:00:00 2010 prusnakAATTsuse.cz
- fix CVE-2009-3560.patch [bnc#566434]

Sun Dec 13 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source

Fri Dec 4 13:00:00 2009 prusnakAATTsuse.cz
- fix DoS (CVE-2009-3560.patch) [bnc#558892]

Thu Oct 29 13:00:00 2009 prusnakAATTsuse.cz
- fix DoS (CVE-2009-2625.patch) [bnc#550664]

Sun Apr 5 14:00:00 2009 crrodriguezAATTsuse.de
- test suite requires gcc-c++ to compile


  
ICM