| OLD | NEW |
|---|
| 1 Name: Expat XML Parser | 1 Name: Expat XML Parser |
| 2 Short Name: expat | 2 Short Name: expat |
| 3 URL: http://sourceforge.net/projects/expat/ | 3 URL: http://sourceforge.net/projects/expat/ |
| 4 Version: 2.1.0 | 4 Version: 2.2.0 |
| 5 License: MIT | 5 License: MIT |
| 6 License File: files/COPYING | 6 License File: files/COPYING |
| 7 Security Critical: yes | 7 Security Critical: yes |
| 8 | 8 |
| 9 Description: | 9 Description: |
| 10 This is Expat XML parser - very lightweight C library for parsing XML. | 10 This is Expat XML parser - very lightweight C library for parsing XML. |
| 11 Expat is distributed under an MIT license detailed in files/COPYING. | 11 Expat is distributed under an MIT license detailed in files/COPYING. |
| 12 | 12 |
| 13 We include it here because libjingle depends on it. | 13 We include it here because libjingle depends on it. |
| 14 | 14 |
| 15 Local Modifications: | 15 Local Modifications: |
| 16 Removed files that Chromium didn't need: | 16 Removed files that Chromium didn't need: |
| 17 lib/expat*.dsp | 17 lib/expat*.dsp |
| 18 lib/Makefile.MPW | 18 lib/Makefile.MPW |
| 19 amiga/* | 19 amiga/* |
| 20 bcb5/* | 20 bcb5/* |
| 21 conftools/* | 21 conftools/* |
| 22 doc/* | 22 doc/* |
| 23 examples/* | 23 examples/* |
| 24 m4/* |
| 24 tests/* | 25 tests/* |
| 25 vms/* | 26 vms/* |
| 26 win32/* | 27 win32/* |
| 27 xmlwf/* | 28 xmlwf/* |
| 29 aclocal.m4 |
| 30 CMake.README |
| 31 CMakeLists.txt |
| 28 configure | 32 configure |
| 29 configure.in | 33 configure.ac |
| 34 configureChecks.cmake |
| 30 Makefile.in | 35 Makefile.in |
| 31 expat.dsw | 36 expat.dsw |
| 32 expat.dsw | 37 expat.pc.in |
| 38 expat_config.h.cmake |
| 33 expat_config.h.in | 39 expat_config.h.in |
| 40 Makefile.in |
| 34 Edited: | 41 Edited: |
| 35 lib/winconfig.h (see winconfig.h.original for unmodified version) | 42 lib/winconfig.h (see winconfig.h.original for unmodified version) |
| 36 * Added check on line 1751 of xmltok_impl.c to patch a | |
| 37 bug with the handling of utf-8 characters that leads to a crash. | |
| 38 lib/xmltok_impl.c (see xmltok_imp.c.original for unmodified version) | |
| 39 * Prevent a compiler warning when compiling with | |
| 40 WIN32_LEAN_AND_MEAN predefined. | |
| 41 lib/xmlparse.c (see xmlparse.c.original for unmodified version) | 43 lib/xmlparse.c (see xmlparse.c.original for unmodified version) |
| 42 * Apply https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c | 44 * Added line 713 of xmlparse.c to suppress compiling error. |
| 43 to prevent an integer overflow. | 45 * Apply expat patch, Fix double free error. |
| 46 https://github.com/libexpat/libexpat/commit/7ae9c3d3af433cd4defe95234eae
7dc8ed15637f |
| 47 * Apply expat patch. expat 2.2.0 fixed CVE-2016-0718 but cause |
| 48 other regression. expat's issue number is #539. |
| 49 https://github.com/libexpat/libexpat/commit/af507cef2c93cb8d40062a0abe43
a4f4e9158fb2 |
| 50 https://sourceforge.net/p/expat/bugs/539/ |
| 51 lib/xmltok.c (see xmltok.c.original for unmodified version) |
| 52 Also expat issue #539. |
| 53 https://github.com/libexpat/libexpat/commit/896b6c1fd3b842f377d1b62135dc
cf0a579cf65d |
| 54 lib/expat_external.h(see expat_external.h for unmodified version) |
| 55 * Disallow adding symbol visibility attribute automatically to |
| 56 function for static linked library. |
| 44 Added files: | 57 Added files: |
| 45 lib/expat_config.h (a generated config file) | 58 lib/expat_config.h (a generated config file) |
| 59 |
| 60 Old CVE-2015-1283 fix for expat 2.1.0 from mozilla hg |
| 61 https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c |
| 62 is included in expat 2.2.0. |
| 63 https://github.com/libexpat/libexpat/commit/ba0f9c3b40c264b8dd392e02a7a060a8
fa54f032 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2761253002:
Update expat to 2.2.0 to fix CVE vulnerability. (Closed)
