SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libexpat1-2.1.0-24.1.x86_64.rpm :
Thu Aug 3 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Security fix [bsc#1047240, CVE-2016-9063]

* Possible integer overflow in XML_Parse

* Added patch expat-2.1.0-CVE-2016-9063.patch

Wed Aug 2 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Security fix [bsc#1047236, CVE-2017-9233]

* External Entity Vulnerability in Expat 2.2.0 And Earlier

* Added patch expat-CVE-2017-9233.patch

Thu Feb 2 13:00:00 2017 tchvatalAATTsuse.com
- Add patch to fix bnc#983216 and bnc#983215 CVE-2012-6702 CVE-2016-5300

* expat-2.1.1-CVE-2012-6702.patch

Tue May 17 14:00:00 2016 kstreitovaAATTsuse.com
- add expat-2.1.0-heap_buffer_overflow.patch to fix multiple
integer overflows [bnc#980391], [CVE-2015-1283]
- fix some issues with the current version of the
expat-2.1.0-parser_crashes_on_malformed_input.patch
[bnc#979441], [CVE-2016-0718]

Wed May 11 14:00:00 2016 kstreitovaAATTsuse.com
- add expat-2.1.0-parser_crashes_on_malformed_input.patch to fix
Expat XML parser that mishandles certain kinds of malformed input
documents [bnc#979441], [CVE-2016-0718]

Tue Mar 26 13:00:00 2013 mmeisterAATTsuse.com
- Added url as source.
Please see http://en.opensuse.org/SourceUrls

Thu Feb 21 13:00:00 2013 jengelhAATTinai.de
- Sanitize description of expat (replace it with a more current
one from the homepage)

Mon Feb 4 13:00:00 2013 schwabAATTsuse.de
- Update config.guess/sub for aarch64

Wed Jan 23 13:00:00 2013 pgajdosAATTsuse.com
- fix of fix of [bnc#798644]
- according to upstream changelog:
- Improved ability to build without the configure-generated
expat_config.h header. This is useful for applications
which embed Expat rather than linking in the library.
because I am not exactly sure about implication of this, rather use
- DXML_HAVE_VISIBILITY in CFLAG_VISIBILITY in expat-visibility.patch

Tue Jan 22 13:00:00 2013 jengelhAATTinai.de
- Executing autoreconf requires autoconf BuildRequire

Fri Jan 18 13:00:00 2013 pgajdosAATTsuse.com
- really hide private Xml
* symbols [bnc#798644]

* modified visibility.patch

Tue Apr 10 14:00:00 2012 tabrahamAATTnovell.com
- update to 2.1.0
- Bug Fixes:
[#1742315]: Harmful XML_ParserCreateNS suggestion.
[#2895533]: CVE-2012-1147 - Resource leak in readfilemap.c.
[#1785430]: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
[#1983953], 2517952, 2517962, 2649838:
Build modifications using autoreconf instead of buildconf.sh.
[#2815947], #2884086: OBJEXT and EXEEXT support while building.
[#1990430]: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
[#2517938]: xmlwf should return non-zero exit status if not well-formed.
[#2517946]: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
[#2855609]: Dangling positionPtr after error.
[#2894085]: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
[#2958794]: CVE-2012-1148 - Memory leak in poolGrow.
[#2990652]: CMake support.
[#3010819]: UNEXPECTED_STATE with a trailing \"%\" in entity value.
[#3206497]: Unitialized memory returned from XML_Parse.
[#3287849]: make check fails on mingw-w64.
[#3496608]: CVE-2012-0876 - Hash DOS attack.
- Patches:
[#1749198]: pkg-config support.
[#3010222]: Fix for bug #3010819.
[#3312568]: CMake support.
[#3446384]: Report byte offsets for attr names and values.
- New Features / API changes:

* Added new API member XML_SetHashSalt() that allows setting an
intial value (salt) for hash calculations. This is part of the
fix for bug #3496608 to randomize hash parameters.

* When compiled with XML_ATTR_INFO defined, adds new API member
XML_GetAttributeInfo() that allows retrieving the byte
offsets for attribute names and values (patch #3446384).

* Added CMake build system. See bug #2990652 and patch #3312568.

* Added run-benchmark target to Makefile.in - relies on testdata
module present in the same relative location as in the repository.

Tue Mar 6 13:00:00 2012 tabrahamAATTnovell.com
- update to 2.1.0 beta

* refreshed expat-visibility.patch

* removed obsolete expat-CVE-2009-3560.patch

* removed obsolete expat-CVE-2009-2625.patch
- hash table DOS attack fix
- accumulated bug fixes and some changes to the build system
- new conditional feature to make byte offsets for attributes
and attribute names available

Sun Feb 12 13:00:00 2012 crrodriguezAATTopensuse.org
- Put libraries back to %{_libdir}, /usr merge project

Fri Dec 2 13:00:00 2011 cooloAATTsuse.com
- add automake as buildrequire to avoid implicit dependency

Sun Oct 30 13:00:00 2011 crrodriguezAATTopensuse.org
- Hide non public symbols reusing existing win32 API export/imports
- annotate malloc/realloc-like functions with attribute alloc_size
to catch possible misuses in calling code.

Sun Sep 18 14:00:00 2011 jengelhAATTmedozas.de
- Remove redundant/obsolete tags/sections from specfile
(cf. packaging guidelines)
- Use %_smp_mflags for parallel build
- Add libexpat-devel to baselibs

Fri Feb 25 13:00:00 2011 prusnakAATTopensuse.org
- fix license (MIT) in spec file

Fri Jan 8 13:00:00 2010 prusnakAATTsuse.cz
- fix CVE-2009-3560.patch [bnc#566434]

Sun Dec 13 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source

Fri Dec 4 13:00:00 2009 prusnakAATTsuse.cz
- fix DoS (CVE-2009-3560.patch) [bnc#558892]

Thu Oct 29 13:00:00 2009 prusnakAATTsuse.cz
- fix DoS (CVE-2009-2625.patch) [bnc#550664]

Sun Apr 5 14:00:00 2009 crrodriguezAATTsuse.de
- test suite requires gcc-c++ to compile


  
ICM