diff options
author | Paul Duffin <paulduffin@google.com> | 2017-02-27 14:40:16 +0000 |
---|---|---|
committer | Paul Duffin <paulduffin@google.com> | 2017-02-27 14:57:56 +0000 |
commit | ba34a0c0eeed7538bd405826bf3ac25cecf71c90 (patch) | |
tree | d56437913aba209d6ed7494e81936dccb916fb72 /Changes | |
parent | b05dbe320cc7cecb104c1b7ae38a57d5f3cecc89 (diff) | |
download | expat-ba34a0c0eeed7538bd405826bf3ac25cecf71c90.tar.gz |
Upgrade to expat 2.2.0
The version of 2.2.0 from upstream. This will not yet compile on
Android. Following changes will fix issues that prevent
compilation.
Bug: 30157673
Test: cannot test as does not yet compile
Change-Id: I50a7fc074cff17367177cc733ab1e7286f4b63d6
Diffstat (limited to 'Changes')
-rw-r--r-- | Changes | 51 |
1 files changed, 50 insertions, 1 deletions
@@ -1,3 +1,52 @@ +Release 2.2.0 Tue June 21 2016 + Security fixes: + #537 CVE-2016-0718 -- Fix crash on malformed input + CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / + CVE-2015-2716 introduced with Expat 2.1.1 + #499 CVE-2016-5300 -- Use more entropy for hash initialization + than the original fix to CVE-2012-0876 + #519 CVE-2012-6702 -- Resolve troublesome internal call to srand + that was introduced with Expat 2.1.0 + when addressing CVE-2012-0876 (issue #496) + + Bug fixes: + Fix uninitialized reads of size 1 + (e.g. in little2_updatePosition) + Fix detection of UTF-8 character boundaries + + Other changes: + #532 Fix compilation for Visual Studio 2010 (keyword "C99") + Autotools: Resolve use of "$<" to better support bmake + Autotools: Add QA script "qa.sh" (and make target "qa") + Autotools: Respect CXXFLAGS if given + Autotools: Fix "make run-xmltest" + Autotools: Have "make run-xmltest" check for expected output + p90 CMake: Fix static build (BUILD_shared=OFF) on Windows + #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass + #323 CMake: Add suffix "d" to differentiate debug from release + CMake: Define WIN32 with CMake on Windows + Annotate memory allocators for GCC + Address all currently known compile warnings + Make sure that API symbols remain visible despite + -fvisibility=hidden + Remove executable flag from source files + Resolve COMPILED_FROM_DSP in favor of WIN32 + + Special thanks to: + Björn Lindahl + Christian Heimes + Cristian Rodríguez + Daniel Krügler + Gustavo Grieco + Karl Waclawek + László Böszörményi + Marco Grassi + Pascal Cuoq + Sergei Nikulov + Thomas Beutlich + Warren Young + Yann Droneaud + Release 2.1.1 Sat March 12 2016 Security fixes: #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer @@ -7,7 +56,7 @@ Release 2.1.1 Sat March 12 2016 #520: Symbol XML_SetHashSalt was not exported Output of "xmlwf -h" was incomplete - Other changes + Other changes: #503: Document behavior of calling XML_SetHashSalt with salt 0 Minor improvements to man page xmlwf(1) Improvements to the experimental CMake build system |