expat

From AIXTOOLS
Jump to: navigation, search

Packages|Tools|aixtools.expat.2.2.5.0.I
Report Issues (via Forums) and/or TWEET:@rootvgnet

MD5 Checksum

AB38397292A96C1E6BDE12059A2C7476 aixtools.expat.2.2.5.0.I

Contents

Package Details

Version: 2.2.5
Released: 31 October 2017
Sources from: https://github.com/libexpat/libexpat/releases
Changelog: https://github.com/libexpat/libexpat/blob/R_2_2_5/expat/Changes
Depends on:

News

--Michael Felt (talk) 16:11, 25 December 2017 (CET) version 2.2.5 released by aixtools.

--Michael Felt (talk) 18:41, 21 August 2016 (UTC) version 2.2.0 released by aixtools

21 June 2016, Expat 2.2.0 released.

    Release 2.2.0 includes security & other bug fixes.
    Security fixes

    CVE-2016-0718 (issue 537)
        Fix crash on malformed input
    CVE-2016-4472
        Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1
    CVE-2016-5300 (issue 499)
        Use more entropy for hash initialization than the original fix to CVE-2012-0876
    CVE-2012-6702 (issue 519)
        Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when
        addressing CVE-2012-0876 (issue 496)

Mar 24 2012 expat-2.1.0.README

This new release of the Expat XML parser contains mostly bug fixes and
patches to the build system. A conditional feature to extract
attribute byte offsets has been added as well.

It is highly recommended to upgrade to this new version as it fixes all
known security vulnerabilities (see below - identified by CVE numbers).

Changes in Expat 2.1.0:

- Bug Fixes:
  #1742315: Harmful XML_ParserCreateNS suggestion.
  #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
  #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
  #1983953, 2517952, 2517962, 2649838: 
                Build modifications using autoreconf instead of buildconf.sh.
  #2815947, #2884086: OBJEXT and EXEEXT support while building.
  #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
  #2517938: xmlwf should return non-zero exit status if not well-formed.
  #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
  #2855609: Dangling positionPtr after error.
  #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
  #2958794: CVE-2012-1148 - Memory leak in poolGrow.
  #2990652: CMake support.
  #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
  #3206497: Unitialized memory returned from XML_Parse.
  #3287849: make check fails on mingw-w64.
  #3496608: CVE-2012-0876 - Hash DOS attack.

- Patches:
  #1749198: pkg-config support.
  #3010222: Fix for bug #3010819.
  #3312568: CMake support.
  #3446384: Report byte offsets for attr names and values.

- New Features / API changes:
  Added new API member XML_SetHashSalt() that allows setting an intial
                value (salt) for hash calculations. This is part of the fix for
                bug #3496608 to randomize hash parameters.
  When compiled with XML_ATTR_INFO defined, adds new API member
                XML_GetAttributeInfo() that allows retrieving the byte
                offsets for attribute names and values (patch #3446384).
  Added CMake build system.
                See bug #2990652 and patch #3312568.
  Added run-benchmark target to Makefile.in - relies on testdata module
                present in the same relative location as in the repository.

Older versions

06B14FF8F2F0960F8778E9ED09E2208D aixtools.expat.2.2.0.0.I
5C18BFA076FA1A21639F6A0EA16BF579 aixtools.expat.2.1.0.0.aix537.I
B02E903AEFC08FD28609DFF4B3F4B275 aixtools.expat.2.0.1.0.aix537.I
Personal tools
Namespaces

Variants
Actions
Navigation
Downloads
Toolbox