Update expat to 2.2.0 to fix CVE vulnerability.

Update expat to 2.2.0 to fix CVE vulnerability.

Security fixes:
    CVE-2016-0718 -- Fix crash on malformed input
    CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
    CVE-2015-2716 introduced with Expat 2.1.1
    CVE-2016-5300 -- Use more entropy for hash initialization
        than the original fix to CVE-2012-0876
    CVE-2012-6702 -- Resolve troublesome internal call to srand
            that was introduced with Expat 2.1.0
            when addressing CVE-2012-0876 (issue #496)

BUG=703537
Review-Url: https://codereview.chromium.org/2761253002
Cr-Commit-Position: refs/heads/master@{#459025}
Committed: https://chromium.googlesource.com/chromium/src/+/33a5703a620ec246ee08214e6c880068b6e9d687

[QingchengLiu, 2017-03-21 05:32:58]

Description was changed from

==========
Update expat to 2.2.0 to fix CVE vulnerability.

Security fixes:
    CVE-2016-0718 -- Fix crash on malformed input
    CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
    CVE-2015-2716 introduced with Expat 2.1.1
    CVE-2016-5300 -- Use more entropy for hash initialization
        than the original fix to CVE-2012-0876
    CVE-2012-6702 -- Resolve troublesome internal call to srand
            that was introduced with Expat 2.1.0
            when addressing CVE-2012-0876 (issue #496)

BUG=
==========

to

==========
Update expat to 2.2.0 to fix CVE vulnerability.

Security fixes:
    CVE-2016-0718 -- Fix crash on malformed input
    CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
    CVE-2015-2716 introduced with Expat 2.1.1
    CVE-2016-5300 -- Use more entropy for hash initialization
        than the original fix to CVE-2012-0876
    CVE-2012-6702 -- Resolve troublesome internal call to srand
            that was introduced with Expat 2.1.0
            when addressing CVE-2012-0876 (issue #496)

BUG=
==========

[QingchengLiu, 2017-03-21 05:32:58]

qingchengl@opera.com changed reviewers:
+ dominicc@chromium.org, nick@chromium.org

[dominicc (has gone to gerrit), 2017-03-21 06:35:59]

The CQ bit was checked by dominicc@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-21 06:36:14]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[dominicc (has gone to gerrit), 2017-03-21 06:39:33]

I'm surprised expat_config.h did not change to at least bump PACKAGE_STRING?

https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/Cha...
File third_party/expat/files/Changes (right):

https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/Cha...
third_party/expat/files/Changes:1: Release 2.2.0 Tue June 21 2016
Did you update third_party/expat/README.chromium pointing to where you got this
release and how you configured it?

https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/lib...
File third_party/expat/files/lib/amigaconfig.h (left):

https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/lib...
third_party/expat/files/lib/amigaconfig.h:10: /* Define to 1 if you have the
<check.h> header file. */
Just curious but did this disappear upstream, or are we configuring expat
differently?

https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/lib...
File third_party/expat/files/lib/xmltok_impl.c (right):

https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/lib...
third_party/expat/files/lib/xmltok_impl.c:87: #define PREFIX(ident) ident
Were the local changes we were carrying in this file all fixed upstream, and
that's why we can delete .original? Is there a regression test/clusterfuzz
case/etc.? How did you run it?

[dominicc (has gone to gerrit), 2017-03-21 06:40:13]

Incidentally, could you file a security crbug for this and CC nick and me? Then
you can set BUG=.

[commit-bot: I haz the power, 2017-03-21 06:53:33]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-21 06:53:35]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[QingchengLiu, 2017-03-21 07:44:56]

On 2017/03/21 06:40:13, dominicc wrote:
> Incidentally, could you file a security crbug for this and CC nick and me?
Then
> you can set BUG=.


https://bugs.chromium.org/p/chromium/issues/detail?id=703537

[QingchengLiu, 2017-03-21 07:49:37]

On 2017/03/21 06:39:33, dominicc wrote:
> I'm surprised expat_config.h did not change to at least bump PACKAGE_STRING?
> 
Forget to commit this file, see patch set 2.

>
https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/Cha...
> File third_party/expat/files/Changes (right):
> 
>
https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/Cha...
> third_party/expat/files/Changes:1: Release 2.2.0 Tue June 21 2016
> Did you update third_party/expat/README.chromium pointing to where you got
this
> release and how you configured it?
> 
Update in patch set 2

>
https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/lib...
> File third_party/expat/files/lib/amigaconfig.h (left):
> 
>
https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/lib...
> third_party/expat/files/lib/amigaconfig.h:10: /* Define to 1 if you have the
> <check.h> header file. */
> Just curious but did this disappear upstream, or are we configuring expat
> differently?
It's removed in upstream.

> 
>
https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/lib...
> File third_party/expat/files/lib/xmltok_impl.c (right):
> 
>
https://codereview.chromium.org/2761253002/diff/1/third_party/expat/files/lib...
> third_party/expat/files/lib/xmltok_impl.c:87: #define PREFIX(ident) ident
> Were the local changes we were carrying in this file all fixed upstream, and
> that's why we can delete .original? Is there a regression test/clusterfuzz
> case/etc.? How did you run it?
  Current version xmltok_impl.c and xmltok_impl.c.origin are exactly the same.
  So I removed xmltok_impl.c.origin and copy xmltok_impl.c from upstream.

[QingchengLiu, 2017-03-21 08:51:15]

The CQ bit was checked by qingchengl@opera.com to run a CQ dry run

[commit-bot: I haz the power, 2017-03-21 08:51:27]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-21 08:51:29]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-21 08:51:30]

Dry run: No L-G-T-M from a valid reviewer yet.
CQ run can only be started once the patch has received an L-G-T-M from a full
committer.
Even if an L-G-T-M may have been provided, it was from a non-committer,_not_ a
full super star committer.
Committers are members of the group "project-chromium-committers".
Note that this has nothing to do with OWNERS files.

[QingchengLiu, 2017-03-21 08:51:34]

The CQ bit was unchecked by qingchengl@opera.com

[QingchengLiu, 2017-03-21 08:51:35]

The CQ bit was checked by qingchengl@opera.com

[QingchengLiu, 2017-03-21 08:51:36]

The CQ bit was unchecked by qingchengl@opera.com

[QingchengLiu, 2017-03-21 08:52:00]

The CQ bit was checked by qingchengl@opera.com

[QingchengLiu, 2017-03-21 08:52:00]

The CQ bit was unchecked by qingchengl@opera.com

[QingchengLiu, 2017-03-21 09:03:01]

The CQ bit was checked by qingchengl@opera.com to run a CQ dry run

[QingchengLiu, 2017-03-21 09:03:09]

The CQ bit was unchecked by qingchengl@opera.com

[QingchengLiu, 2017-03-21 09:03:16]

The CQ bit was checked by qingchengl@opera.com

[QingchengLiu, 2017-03-21 09:03:16]

The CQ bit was unchecked by qingchengl@opera.com

[commit-bot: I haz the power, 2017-03-21 09:03:21]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-21 09:03:21]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-21 09:03:22]

No L-G-T-M from a valid reviewer yet.
CQ run can only be started once the patch has received an L-G-T-M from a full
committer.
Even if an L-G-T-M may have been provided, it was from a non-committer,_not_ a
full super star committer.
Committers are members of the group "project-chromium-committers".
Note that this has nothing to do with OWNERS files.

[Daniel Bratell, 2017-03-21 10:14:20]

The CQ bit was checked by bratell@opera.com to run a CQ dry run

[commit-bot: I haz the power, 2017-03-21 10:14:37]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-21 10:33:36]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-21 10:33:37]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[QingchengLiu, 2017-03-21 11:56:17]

The CQ bit was checked by qingchengl@opera.com to run a CQ dry run

[commit-bot: I haz the power, 2017-03-21 11:56:30]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-21 11:56:31]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-21 11:56:32]

Dry run: No L-G-T-M from a valid reviewer yet.
CQ run can only be started once the patch has received an L-G-T-M from a full
committer.
Even if an L-G-T-M may have been provided, it was from a non-committer,_not_ a
full super star committer.
Committers are members of the group "project-chromium-committers".
Note that this has nothing to do with OWNERS files.

[QingchengLiu, 2017-03-21 11:58:37]

Description was changed from

==========
Update expat to 2.2.0 to fix CVE vulnerability.

Security fixes:
    CVE-2016-0718 -- Fix crash on malformed input
    CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
    CVE-2015-2716 introduced with Expat 2.1.1
    CVE-2016-5300 -- Use more entropy for hash initialization
        than the original fix to CVE-2012-0876
    CVE-2012-6702 -- Resolve troublesome internal call to srand
            that was introduced with Expat 2.1.0
            when addressing CVE-2012-0876 (issue #496)

BUG=
==========

to

==========
Update expat to 2.2.0 to fix CVE vulnerability.

Security fixes:
    CVE-2016-0718 -- Fix crash on malformed input
    CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
    CVE-2015-2716 introduced with Expat 2.1.1
    CVE-2016-5300 -- Use more entropy for hash initialization
        than the original fix to CVE-2012-0876
    CVE-2012-6702 -- Resolve troublesome internal call to srand
            that was introduced with Expat 2.1.0
            when addressing CVE-2012-0876 (issue #496)

BUG=703537
==========

[Daniel Bratell, 2017-03-21 11:58:46]

The CQ bit was checked by bratell@opera.com to run a CQ dry run

[commit-bot: I haz the power, 2017-03-21 11:58:53]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-21 12:19:01]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-21 12:19:02]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[QingchengLiu, 2017-03-21 12:27:02]

The CQ bit was checked by qingchengl@opera.com to run a CQ dry run

[commit-bot: I haz the power, 2017-03-21 12:27:11]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-21 12:27:12]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-21 12:27:13]

Dry run: No L-G-T-M from a valid reviewer yet.
CQ run can only be started once the patch has received an L-G-T-M from a full
committer.
Even if an L-G-T-M may have been provided, it was from a non-committer,_not_ a
full super star committer.
Committers are members of the group "project-chromium-committers".
Note that this has nothing to do with OWNERS files.

[Daniel Bratell, 2017-03-22 12:07:55]

The CQ bit was checked by bratell@opera.com to run a CQ dry run

[commit-bot: I haz the power, 2017-03-22 12:08:04]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-22 12:29:52]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-22 12:29:54]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[Daniel Bratell, 2017-03-22 15:02:29]

The CQ bit was checked by bratell@opera.com to run a CQ dry run

[commit-bot: I haz the power, 2017-03-22 15:03:01]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-22 15:19:55]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-22 15:19:56]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[dominicc (has gone to gerrit), 2017-03-23 05:35:08]

The CQ bit was checked by dominicc@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-23 05:35:16]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[dominicc (has gone to gerrit), 2017-03-23 05:35:27]

Thanks for working on this. More feedback inline.

https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
File third_party/expat/README.chromium (left):

https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
third_party/expat/README.chromium:36: * Added check on line 1751 of
xmltok_impl.c to patch a
Can you point to where this was fixed upstream?

https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
third_party/expat/README.chromium:42: * Apply
https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
Likewise, was this fixed upstream?

https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
File third_party/expat/README.chromium (right):

https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
third_party/expat/README.chromium:3: URL: http://sourceforge.net/projects/expat/
Can you point to the git repository you got this from so the hashes make sense?

(Is that https://github.com/libexpat/libexpat)?

https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
third_party/expat/README.chromium:46: * Apply expat patch #539 Fix regression
from fix to CVE-2016-0718
This is imprecise; what did you apply exactly? I don't see that label but a
bunch of commits which mention an issue with that number. Just naming a commit
is good.

https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
third_party/expat/README.chromium:47: * Apply expat patch
7ae9c3d3af433cd4defe95234eae7dc8ed15637f
Is this a dup of the one a couple of lines up?

[QingchengLiu, 2017-03-23 06:07:19]

On 2017/03/23 05:35:27, dominicc wrote:
> Thanks for working on this. More feedback inline.
> 
>
https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
> File third_party/expat/README.chromium (left):
> 
>
https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
> third_party/expat/README.chromium:36: * Added check on line 1751 of
> xmltok_impl.c to patch a
> Can you point to where this was fixed upstream?
> 
>
https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
> third_party/expat/README.chromium:42: * Apply
> https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
> Likewise, was this fixed upstream?
  Ye, this was fixed in upstream.

> 
>
https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
> File third_party/expat/README.chromium (right):
> 
>
https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
> third_party/expat/README.chromium:3: URL:
http://sourceforge.net/projects/expat/
> Can you point to the git repository you got this from so the hashes make
sense?
> 
> (Is that https://github.com/libexpat/libexpat)
> 
>
https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
> third_party/expat/README.chromium:46: * Apply expat patch #539 Fix regression
> from fix to CVE-2016-0718
> This is imprecise; what did you apply exactly? I don't see that label but a
> bunch of commits which mention an issue with that number. Just naming a commit
> is good.
  See patch set 10.

> 
>
https://codereview.chromium.org/2761253002/diff/180001/third_party/expat/READ...
> third_party/expat/README.chromium:47: * Apply expat patch
> 7ae9c3d3af433cd4defe95234eae7dc8ed15637f
> Is this a dup of the one a couple of lines up?
  Yes, removed in next patch set.

I upload a new patch set which includes github url of these commits in
README.chromium

[QingchengLiu, 2017-03-23 06:25:53]

The CQ bit was checked by qingchengl@opera.com

[QingchengLiu, 2017-03-23 06:25:54]

The CQ bit was unchecked by qingchengl@opera.com

[dominicc (has gone to gerrit), 2017-03-23 07:15:23]

The CQ bit was checked by dominicc@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-23 07:15:39]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[dominicc (has gone to gerrit), 2017-03-23 07:17:01]

This looks like it is getting close.

Could you add a link to the upstream commit that fixed the issue you're removing
from README.chromium, the one in mozilla hg?

https://codereview.chromium.org/2761253002/diff/220001/third_party/expat/READ...
File third_party/expat/README.chromium (right):

https://codereview.chromium.org/2761253002/diff/220001/third_party/expat/READ...
third_party/expat/README.chromium:48: other regression. expat's issue nuber is
#539.
spelling: number

https://codereview.chromium.org/2761253002/diff/220001/third_party/expat/READ...
third_party/expat/README.chromium:55: functioin for static linked library.
spelling: function

[QingchengLiu, 2017-03-23 07:35:44]

On 2017/03/23 07:17:01, dominicc wrote:
> This looks like it is getting close.
> 
> Could you add a link to the upstream commit that fixed the issue you're
removing
> from README.chromium, the one in mozilla hg?

Done

> 
>
https://codereview.chromium.org/2761253002/diff/220001/third_party/expat/READ...
> File third_party/expat/README.chromium (right):
> 
>
https://codereview.chromium.org/2761253002/diff/220001/third_party/expat/READ...
> third_party/expat/README.chromium:48: other regression. expat's issue nuber is
> #539.
> spelling: number
> 
>
https://codereview.chromium.org/2761253002/diff/220001/third_party/expat/READ...
> third_party/expat/README.chromium:55: functioin for static linked library.
> spelling: function

[dominicc (has gone to gerrit), 2017-03-23 07:37:19]

The CQ bit was checked by dominicc@chromium.org

[dominicc (has gone to gerrit), 2017-03-23 07:37:20]

lgtm

[commit-bot: I haz the power, 2017-03-23 07:37:40]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[QingchengLiu, 2017-03-23 07:45:29]

On 2017/03/23 07:37:40, commit-bot: I haz the power wrote:
> CQ is trying da patch. Follow status at
>  
>
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-23 08:22:19]

CQ is committing da patch.

Bot data: {"patchset_id": 240001, "attempt_start_ts": 1490254639367430,
"parent_rev": "430307ef971c7bb91ac0b9f6ac80e511e6418c13", "commit_rev":
"33a5703a620ec246ee08214e6c880068b6e9d687"}

[commit-bot: I haz the power, 2017-03-23 08:23:25]

Description was changed from

==========
Update expat to 2.2.0 to fix CVE vulnerability.

Security fixes:
    CVE-2016-0718 -- Fix crash on malformed input
    CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
    CVE-2015-2716 introduced with Expat 2.1.1
    CVE-2016-5300 -- Use more entropy for hash initialization
        than the original fix to CVE-2012-0876
    CVE-2012-6702 -- Resolve troublesome internal call to srand
            that was introduced with Expat 2.1.0
            when addressing CVE-2012-0876 (issue #496)

BUG=703537
==========

to

==========
Update expat to 2.2.0 to fix CVE vulnerability.

Security fixes:
    CVE-2016-0718 -- Fix crash on malformed input
    CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
    CVE-2015-2716 introduced with Expat 2.1.1
    CVE-2016-5300 -- Use more entropy for hash initialization
        than the original fix to CVE-2012-0876
    CVE-2012-6702 -- Resolve troublesome internal call to srand
            that was introduced with Expat 2.1.0
            when addressing CVE-2012-0876 (issue #496)

BUG=703537

Review-Url: https://codereview.chromium.org/2761253002
Cr-Commit-Position: refs/heads/master@{#459025}
Committed:
https://chromium.googlesource.com/chromium/src/+/33a5703a620ec246ee08214e6c88...
==========

[commit-bot: I haz the power, 2017-03-23 08:23:27]

Committed patchset #13 (id:240001) as
https://chromium.googlesource.com/chromium/src/+/33a5703a620ec246ee08214e6c88...