OLD | NEW |
---|---|
1 Release 2.2.0 Tue June 21 2016 | |
dominicc (has gone to gerrit)
2017/03/21 06:39:33
Did you update third_party/expat/README.chromium p
| |
2 Security fixes: | |
3 #537 CVE-2016-0718 -- Fix crash on malformed input | |
4 CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / | |
5 CVE-2015-2716 introduced with Expat 2.1.1 | |
6 #499 CVE-2016-5300 -- Use more entropy for hash initialization | |
7 than the original fix to CVE-2012-0876 | |
8 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand | |
9 that was introduced with Expat 2.1.0 | |
10 when addressing CVE-2012-0876 (issue #496) | |
11 | |
12 Bug fixes: | |
13 Fix uninitialized reads of size 1 | |
14 (e.g. in little2_updatePosition) | |
15 Fix detection of UTF-8 character boundaries | |
16 | |
17 Other changes: | |
18 #532 Fix compilation for Visual Studio 2010 (keyword "C99") | |
19 Autotools: Resolve use of "$<" to better support bmake | |
20 Autotools: Add QA script "qa.sh" (and make target "qa") | |
21 Autotools: Respect CXXFLAGS if given | |
22 Autotools: Fix "make run-xmltest" | |
23 Autotools: Have "make run-xmltest" check for expected output | |
24 p90 CMake: Fix static build (BUILD_shared=OFF) on Windows | |
25 #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass | |
26 #323 CMake: Add suffix "d" to differentiate debug from release | |
27 CMake: Define WIN32 with CMake on Windows | |
28 Annotate memory allocators for GCC | |
29 Address all currently known compile warnings | |
30 Make sure that API symbols remain visible despite | |
31 -fvisibility=hidden | |
32 Remove executable flag from source files | |
33 Resolve COMPILED_FROM_DSP in favor of WIN32 | |
34 | |
35 Special thanks to: | |
36 Björn Lindahl | |
37 Christian Heimes | |
38 Cristian Rodríguez | |
39 Daniel Krügler | |
40 Gustavo Grieco | |
41 Karl Waclawek | |
42 László Böszörményi | |
43 Marco Grassi | |
44 Pascal Cuoq | |
45 Sergei Nikulov | |
46 Thomas Beutlich | |
47 Warren Young | |
48 Yann Droneaud | |
49 | |
50 Release 2.1.1 Sat March 12 2016 | |
51 Security fixes: | |
52 #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer | |
53 | |
54 Bug fixes: | |
55 #502: Fix potential null pointer dereference | |
56 #520: Symbol XML_SetHashSalt was not exported | |
57 Output of "xmlwf -h" was incomplete | |
58 | |
59 Other changes: | |
60 #503: Document behavior of calling XML_SetHashSalt with salt 0 | |
61 Minor improvements to man page xmlwf(1) | |
62 Improvements to the experimental CMake build system | |
63 libtool now invoked with --verbose | |
64 | |
1 Release 2.1.0 Sat March 24 2012 | 65 Release 2.1.0 Sat March 24 2012 |
2 - Bug Fixes: | 66 - Bug Fixes: |
3 #1742315: Harmful XML_ParserCreateNS suggestion. | 67 #1742315: Harmful XML_ParserCreateNS suggestion. |
4 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. | 68 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. |
5 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. | 69 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. |
6 #1983953, 2517952, 2517962, 2649838: | 70 #1983953, 2517952, 2517962, 2649838: |
7 Build modifications using autoreconf instead of buildconf.sh. | 71 Build modifications using autoreconf instead of buildconf.sh. |
8 #2815947, #2884086: OBJEXT and EXEEXT support while building. | 72 #2815947, #2884086: OBJEXT and EXEEXT support while building. |
9 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. | 73 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. |
10 #2517938: xmlwf should return non-zero exit status if not well-formed. | 74 #2517938: xmlwf should return non-zero exit status if not well-formed. |
11 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. | 75 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. |
12 #2855609: Dangling positionPtr after error. | 76 #2855609: Dangling positionPtr after error. |
13 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). | 77 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). |
14 #2958794: CVE-2012-1148 - Memory leak in poolGrow. | 78 #2958794: CVE-2012-1148 - Memory leak in poolGrow. |
15 #2990652: CMake support. | 79 #2990652: CMake support. |
16 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. | 80 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. |
17 #3206497: Unitialized memory returned from XML_Parse. | 81 #3206497: Unitialized memory returned from XML_Parse. |
18 #3287849: make check fails on mingw-w64. | 82 #3287849: make check fails on mingw-w64. |
19 #3496608: CVE-2012-0876 - Hash DOS attack. | 83 #3496608: CVE-2012-0876 - Hash DOS attack. |
20 - Patches: | 84 - Patches: |
21 #1749198: pkg-config support. | 85 #1749198: pkg-config support. |
22 #3010222: Fix for bug #3010819. | 86 #3010222: Fix for bug #3010819. |
23 #3312568: CMake support. | 87 #3312568: CMake support. |
24 #3446384: Report byte offsets for attr names and values. | 88 #3446384: Report byte offsets for attr names and values. |
25 - New Features / API changes: | 89 - New Features / API changes: |
26 Added new API member XML_SetHashSalt() that allows setting an intial | 90 Added new API member XML_SetHashSalt() that allows setting an initial |
27 value (salt) for hash calculations. This is part of the fix for | 91 value (salt) for hash calculations. This is part of the fix for |
28 bug #3496608 to randomize hash parameters. | 92 bug #3496608 to randomize hash parameters. |
29 When compiled with XML_ATTR_INFO defined, adds new API member | 93 When compiled with XML_ATTR_INFO defined, adds new API member |
30 XML_GetAttributeInfo() that allows retrieving the byte | 94 XML_GetAttributeInfo() that allows retrieving the byte |
31 offsets for attribute names and values (patch #3446384). | 95 offsets for attribute names and values (patch #3446384). |
32 Added CMake build system. | 96 Added CMake build system. |
33 See bug #2990652 and patch #3312568. | 97 See bug #2990652 and patch #3312568. |
34 Added run-benchmark target to Makefile.in - relies on testdata module | 98 Added run-benchmark target to Makefile.in - relies on testdata module |
35 present in the same relative location as in the repository. | 99 present in the same relative location as in the repository. |
36 | 100 |
(...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
196 o XML_SetXmlDeclHandler | 260 o XML_SetXmlDeclHandler |
197 o XML_SetEntityDeclHandler | 261 o XML_SetEntityDeclHandler |
198 o StartDoctypeDeclHandler takes 3 additional parameters: | 262 o StartDoctypeDeclHandler takes 3 additional parameters: |
199 sysid, pubid, has_internal_subset | 263 sysid, pubid, has_internal_subset |
200 o Many paired handler setters (like XML_SetElementHandler) | 264 o Many paired handler setters (like XML_SetElementHandler) |
201 now have corresponding individual handler setters | 265 now have corresponding individual handler setters |
202 o XML_GetInputContext for getting the input context of | 266 o XML_GetInputContext for getting the input context of |
203 the current parse position. | 267 the current parse position. |
204 - Added reference material | 268 - Added reference material |
205 - Packaged into a distribution that builds a sharable library | 269 - Packaged into a distribution that builds a sharable library |
OLD | NEW |