Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(78)

Side by Side Diff: third_party/expat/files/Changes

Issue 2761253002: Update expat to 2.2.0 to fix CVE vulnerability. (Closed)
Patch Set: update README.chromium Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/expat/files/COPYING ('k') | third_party/expat/files/MANIFEST » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 Release 2.2.0 Tue June 21 2016
2 Security fixes:
3 #537 CVE-2016-0718 -- Fix crash on malformed input
4 CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
5 CVE-2015-2716 introduced with Expat 2.1.1
6 #499 CVE-2016-5300 -- Use more entropy for hash initialization
7 than the original fix to CVE-2012-0876
8 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand
9 that was introduced with Expat 2.1.0
10 when addressing CVE-2012-0876 (issue #496)
11
12 Bug fixes:
13 Fix uninitialized reads of size 1
14 (e.g. in little2_updatePosition)
15 Fix detection of UTF-8 character boundaries
16
17 Other changes:
18 #532 Fix compilation for Visual Studio 2010 (keyword "C99")
19 Autotools: Resolve use of "$<" to better support bmake
20 Autotools: Add QA script "qa.sh" (and make target "qa")
21 Autotools: Respect CXXFLAGS if given
22 Autotools: Fix "make run-xmltest"
23 Autotools: Have "make run-xmltest" check for expected output
24 p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
25 #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
26 #323 CMake: Add suffix "d" to differentiate debug from release
27 CMake: Define WIN32 with CMake on Windows
28 Annotate memory allocators for GCC
29 Address all currently known compile warnings
30 Make sure that API symbols remain visible despite
31 -fvisibility=hidden
32 Remove executable flag from source files
33 Resolve COMPILED_FROM_DSP in favor of WIN32
34
35 Special thanks to:
36 Björn Lindahl
37 Christian Heimes
38 Cristian Rodríguez
39 Daniel Krügler
40 Gustavo Grieco
41 Karl Waclawek
42 László Böszörményi
43 Marco Grassi
44 Pascal Cuoq
45 Sergei Nikulov
46 Thomas Beutlich
47 Warren Young
48 Yann Droneaud
49
50 Release 2.1.1 Sat March 12 2016
51 Security fixes:
52 #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
53
54 Bug fixes:
55 #502: Fix potential null pointer dereference
56 #520: Symbol XML_SetHashSalt was not exported
57 Output of "xmlwf -h" was incomplete
58
59 Other changes:
60 #503: Document behavior of calling XML_SetHashSalt with salt 0
61 Minor improvements to man page xmlwf(1)
62 Improvements to the experimental CMake build system
63 libtool now invoked with --verbose
64
1 Release 2.1.0 Sat March 24 2012 65 Release 2.1.0 Sat March 24 2012
2 - Bug Fixes: 66 - Bug Fixes:
3 #1742315: Harmful XML_ParserCreateNS suggestion. 67 #1742315: Harmful XML_ParserCreateNS suggestion.
4 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. 68 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
5 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. 69 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
6 #1983953, 2517952, 2517962, 2649838: 70 #1983953, 2517952, 2517962, 2649838:
7 Build modifications using autoreconf instead of buildconf.sh. 71 Build modifications using autoreconf instead of buildconf.sh.
8 #2815947, #2884086: OBJEXT and EXEEXT support while building. 72 #2815947, #2884086: OBJEXT and EXEEXT support while building.
9 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. 73 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
10 #2517938: xmlwf should return non-zero exit status if not well-formed. 74 #2517938: xmlwf should return non-zero exit status if not well-formed.
11 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. 75 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
12 #2855609: Dangling positionPtr after error. 76 #2855609: Dangling positionPtr after error.
13 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). 77 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
14 #2958794: CVE-2012-1148 - Memory leak in poolGrow. 78 #2958794: CVE-2012-1148 - Memory leak in poolGrow.
15 #2990652: CMake support. 79 #2990652: CMake support.
16 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. 80 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
17 #3206497: Unitialized memory returned from XML_Parse. 81 #3206497: Unitialized memory returned from XML_Parse.
18 #3287849: make check fails on mingw-w64. 82 #3287849: make check fails on mingw-w64.
19 #3496608: CVE-2012-0876 - Hash DOS attack. 83 #3496608: CVE-2012-0876 - Hash DOS attack.
20 - Patches: 84 - Patches:
21 #1749198: pkg-config support. 85 #1749198: pkg-config support.
22 #3010222: Fix for bug #3010819. 86 #3010222: Fix for bug #3010819.
23 #3312568: CMake support. 87 #3312568: CMake support.
24 #3446384: Report byte offsets for attr names and values. 88 #3446384: Report byte offsets for attr names and values.
25 - New Features / API changes: 89 - New Features / API changes:
26 Added new API member XML_SetHashSalt() that allows setting an intial 90 Added new API member XML_SetHashSalt() that allows setting an initial
27 value (salt) for hash calculations. This is part of the fix for 91 value (salt) for hash calculations. This is part of the fix for
28 bug #3496608 to randomize hash parameters. 92 bug #3496608 to randomize hash parameters.
29 When compiled with XML_ATTR_INFO defined, adds new API member 93 When compiled with XML_ATTR_INFO defined, adds new API member
30 XML_GetAttributeInfo() that allows retrieving the byte 94 XML_GetAttributeInfo() that allows retrieving the byte
31 offsets for attribute names and values (patch #3446384). 95 offsets for attribute names and values (patch #3446384).
32 Added CMake build system. 96 Added CMake build system.
33 See bug #2990652 and patch #3312568. 97 See bug #2990652 and patch #3312568.
34 Added run-benchmark target to Makefile.in - relies on testdata module 98 Added run-benchmark target to Makefile.in - relies on testdata module
35 present in the same relative location as in the repository. 99 present in the same relative location as in the repository.
36 100
(...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after
196 o XML_SetXmlDeclHandler 260 o XML_SetXmlDeclHandler
197 o XML_SetEntityDeclHandler 261 o XML_SetEntityDeclHandler
198 o StartDoctypeDeclHandler takes 3 additional parameters: 262 o StartDoctypeDeclHandler takes 3 additional parameters:
199 sysid, pubid, has_internal_subset 263 sysid, pubid, has_internal_subset
200 o Many paired handler setters (like XML_SetElementHandler) 264 o Many paired handler setters (like XML_SetElementHandler)
201 now have corresponding individual handler setters 265 now have corresponding individual handler setters
202 o XML_GetInputContext for getting the input context of 266 o XML_GetInputContext for getting the input context of
203 the current parse position. 267 the current parse position.
204 - Added reference material 268 - Added reference material
205 - Packaged into a distribution that builds a sharable library 269 - Packaged into a distribution that builds a sharable library
OLDNEW
« no previous file with comments | « third_party/expat/files/COPYING ('k') | third_party/expat/files/MANIFEST » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698