third_party/expat/README.chromium - Issue 2761253002: Update expat to 2.2.0 to fix CVE vulnerability.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/expat/README.chromium

Issue 2761253002: Update expat to 2.2.0 to fix CVE vulnerability. (Closed)

Patch Set: Add original copy of expat_external.h Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/expat/README.chromium

diff --git a/third_party/expat/README.chromium b/third_party/expat/README.chromium

index a0af1e2d310fdc877a4e1d934c0a6e07116860d7..4a144d01495e92a914301557fed718552aad6dcb 100644

--- a/third_party/expat/README.chromium

+++ b/third_party/expat/README.chromium

@@ -1,7 +1,7 @@

Name: Expat XML Parser

Short Name: expat

URL: http://sourceforge.net/projects/expat/

-Version: 2.1.0

+Version: 2.2.0

License: MIT

License File: files/COPYING

Security Critical: yes

@@ -21,25 +21,38 @@ Local Modifications:

conftools/*

doc/*

examples/*

+ m4/*

tests/*

vms/*

win32/*

xmlwf/*

+ aclocal.m4

+ CMake.README

+ CMakeLists.txt

configure

- configure.in

+ configure.ac

+ configureChecks.cmake

Makefile.in

expat.dsw

- expat.dsw

+ expat.pc.in

+ expat_config.h.cmake

expat_config.h.in

+ Makefile.in

Edited:

lib/winconfig.h (see winconfig.h.original for unmodified version)

- * Added check on line 1751 of xmltok_impl.c to patch a

- bug with the handling of utf-8 characters that leads to a crash.

- lib/xmltok_impl.c (see xmltok_imp.c.original for unmodified version)

- * Prevent a compiler warning when compiling with

- WIN32_LEAN_AND_MEAN predefined.

lib/xmlparse.c (see xmlparse.c.original for unmodified version)

- * Apply https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c

- to prevent an integer overflow.

+ * Added line 713 of xmlparse.c to suppress compiling error.

+ * Apply expat patch, Fix double free error.

+ https://github.com/libexpat/libexpat/commit/7ae9c3d3af433cd4defe95234eae7dc8ed15637f

+ * Apply expat patch. expat 2.2.0 fixed CVE-2016-0718 but cause

+ other regression. expat's issue nuber is #539.

dominicc (has gone to gerrit) 2017/03/23 07:17:01 spelling: number

+ https://github.com/libexpat/libexpat/commit/af507cef2c93cb8d40062a0abe43a4f4e9158fb2

+ lib/xmltok.c (see xmltok.c.original for unmodified version)

+ Also expat issue #539.

+ https://github.com/libexpat/libexpat/commit/896b6c1fd3b842f377d1b62135dccf0a579cf65d

+ lib/expat_external.h(see expat_external.h for unmodified version)

+ * Disallow adding symbol visibility attribute automatically to

+ functioin for static linked library.

dominicc (has gone to gerrit) 2017/03/23 07:17:01 spelling: function

Added files:

lib/expat_config.h (a generated config file)

« no previous file with comments | « no previous file | third_party/expat/files/COPYING » ('j') | no next file with comments »