Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1149)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/expat/README.chromium

Issue 2761253002: Update expat to 2.2.0 to fix CVE vulnerability. (Closed)
Patch Set: update README.chromium Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | third_party/expat/files/COPYING » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/expat/README.chromium
diff --git a/third_party/expat/README.chromium b/third_party/expat/README.chromium
index a0af1e2d310fdc877a4e1d934c0a6e07116860d7..e3dda3aea9724a943fed3eb6473b217773582b85 100644
--- a/third_party/expat/README.chromium
+++ b/third_party/expat/README.chromium
@@ -1,7 +1,7 @@
Name: Expat XML Parser
Short Name: expat
URL: http://sourceforge.net/projects/expat/
-Version: 2.1.0
+Version: 2.2.0
License: MIT
License File: files/COPYING
Security Critical: yes
@@ -21,25 +21,43 @@ Local Modifications:
conftools/*
doc/*
examples/*
+ m4/*
tests/*
vms/*
win32/*
xmlwf/*
+ aclocal.m4
+ CMake.README
+ CMakeLists.txt
configure
- configure.in
+ configure.ac
+ configureChecks.cmake
Makefile.in
expat.dsw
- expat.dsw
+ expat.pc.in
+ expat_config.h.cmake
expat_config.h.in
+ Makefile.in
Edited:
lib/winconfig.h (see winconfig.h.original for unmodified version)
- * Added check on line 1751 of xmltok_impl.c to patch a
- bug with the handling of utf-8 characters that leads to a crash.
- lib/xmltok_impl.c (see xmltok_imp.c.original for unmodified version)
- * Prevent a compiler warning when compiling with
- WIN32_LEAN_AND_MEAN predefined.
lib/xmlparse.c (see xmlparse.c.original for unmodified version)
- * Apply https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
- to prevent an integer overflow.
+ * Added line 713 of xmlparse.c to suppress compiling error.
+ * Apply expat patch, Fix double free error.
+ https://github.com/libexpat/libexpat/commit/7ae9c3d3af433cd4defe95234eae7dc8ed15637f
+ * Apply expat patch. expat 2.2.0 fixed CVE-2016-0718 but cause
+ other regression. expat's issue number is #539.
+ https://github.com/libexpat/libexpat/commit/af507cef2c93cb8d40062a0abe43a4f4e9158fb2
+ https://sourceforge.net/p/expat/bugs/539/
+ lib/xmltok.c (see xmltok.c.original for unmodified version)
+ Also expat issue #539.
+ https://github.com/libexpat/libexpat/commit/896b6c1fd3b842f377d1b62135dccf0a579cf65d
+ lib/expat_external.h(see expat_external.h for unmodified version)
+ * Disallow adding symbol visibility attribute automatically to
+ function for static linked library.
Added files:
lib/expat_config.h (a generated config file)
+
+ Old CVE-2015-1283 fix for expat 2.1.0 from mozilla hg
+ https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
+ is included in expat 2.2.0.
+ https://github.com/libexpat/libexpat/commit/ba0f9c3b40c264b8dd392e02a7a060a8fa54f032
« no previous file with comments | « no previous file | third_party/expat/files/COPYING » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698