1.0.6 (6 Sept 10)
~~~~~~~~~~~~~~~~~
* Security fix for CVE-2010-0405. This was reported by Mikolaj
Izdebski.
* Make the documentation build on Ubuntu 10.04
instead, which is the main thread instead of the currently executing thread
which is not what we want, since we've been running and nother thread might
have just started.
1. thread_self() returns a pointer, not an unsigned integer
2. Add NetBSD to Apple and FreeBSD defines
3. Add _NETBSD_SOURCE where needed
4. Add an extra define BEGIN_PROTECTV for void functions to avoid return
free(); where free is void.
5. Avoid weak symbol hacks to determine if we are threaded or not. We
have a threaded copy of the library, why bother?
6. change __attribute -> __attribute__ since the former is not covered by
our cdefs.h
causes gcc indigestion (internal compiler error) for all m68k ports.
mrg@ says this will do for now, and committing to this generated-
by-mknative file is ok.
Fixes CVE-2012-1147, CVE-2012-1148 and CVE-2012-0876 (other security
issues have been previously fixed in our tree)
relevant Changes:
Release 2.1.0 Sat March 24 2012
- Bug Fixes:
#1742315: Harmful XML_ParserCreateNS suggestion.
#2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
#1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
#1983953, 2517952, 2517962, 2649838:
Build modifications using autoreconf instead of buildconf.sh.
#2815947, #2884086: OBJEXT and EXEEXT support while building.
#1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
#2517938: xmlwf should return non-zero exit status if not well-formed.
#2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
#2855609: Dangling positionPtr after error.
#2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
#2958794: CVE-2012-1148 - Memory leak in poolGrow.
#2990652: CMake support.
#3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
#3206497: Unitialized memory returned from XML_Parse.
#3287849: make check fails on mingw-w64.
#3496608: CVE-2012-0876 - Hash DOS attack.
- Patches:
#1749198: pkg-config support.
#3010222: Fix for bug #3010819.
#3312568: CMake support.
#3446384: Report byte offsets for attr names and values.
- New Features / API changes:
Added new API member XML_SetHashSalt() that allows setting an intial
value (salt) for hash calculations. This is part of the fix for
bug #3496608 to randomize hash parameters.
When compiled with XML_ATTR_INFO defined, adds new API member
XML_GetAttributeInfo() that allows retrieving the byte
offsets for attribute names and values (patch #3446384).
Added CMake build system.
See bug #2990652 and patch #3312568.
Added run-benchmark target to Makefile.in - relies on testdata module
present in the same relative location as in the repository.
wiz