| msg296254 - (view) |
Author: Ned Deily (ned.deily) *  |
Date: 2017-06-18 03:01 |
| From the announcement: Expat 2.2.1 has been released. The change log has more details [2] than this mail, including commit SHA1s. For a quick overview of the security fixes and CVEs, we have: CVE-2017-9233 External entity infinite loop DoS [1] (CVE-2016-9063) Integer overflow (re-fix) n/a More integer overflow fixes (CVE-2016-0718) Fix regression bugs from 2.2.0's fix to CVE-2016-0718 (CVE-2016-5300) Use os-specific entropy sources like getrandom n/a No longer leak parser pointer information n/a Prevent use of uninitialised variables n/a Add missing API parameter validation (NULL, len<0) (CVE-2012-0876) Counter hash flooding with SipHash https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes https://libexpat.github.io/doc/cve-2017-9233/ |
|
|
| msg296447 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2017-06-20 14:58 |
| rebuild_expat_dir.sh: Script to update Modules/expat/ to libexpat 2.2.1. The script requires to manually revert one change in Modules/expat/expat_external.h to restore the #include "pyexpatns.h" line. |
|
|
| msg296494 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2017-06-20 22:03 |
| Oh, it seems like the compilation of expat 2.2.0 fails on Windows with VS 9.0: http://bugs.python.org/issue30368#msg296493 But it seems like expat 2.2.1 is going to fix this compilation issue! |
|
|
| msg296538 - (view) |
Author: Jeremy Kloth (jkloth) * |
Date: 2017-06-21 10:34 |
| Re buildbot failure: see PR on It's not a problem with Expat, but with our project files. |
|
|
| msg296549 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2017-06-21 12:39 |
| New changeset 5ff7132313eb651107b179d20218dfe5d4e47f13 by Victor Stinner in branch 'master': bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) https://github.com/python/cpython/commit/5ff7132313eb651107b179d20218dfe5d4e47f13 |
|
|
| msg296556 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2017-06-21 14:05 |
| New changeset 4a66524006852fc982aebafa277f2c043d9ad149 by Victor Stinner in branch '3.6': bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2313) https://github.com/python/cpython/commit/4a66524006852fc982aebafa277f2c043d9ad149 |
|
|
| msg296557 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2017-06-21 14:05 |
| New changeset 91d171be45942d37a973b0675521b5159a96be31 by Victor Stinner in branch '3.5': bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2314) https://github.com/python/cpython/commit/91d171be45942d37a973b0675521b5159a96be31 |
|
|
| msg296559 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2017-06-21 15:12 |
| New changeset 2ada64d2a073f85f135461833952dbe8d656810d by Victor Stinner in branch '2.7': [2.7] bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2312) https://github.com/python/cpython/commit/2ada64d2a073f85f135461833952dbe8d656810d |
|
|
| msg296560 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2017-06-21 15:14 |
| I will wait for 2.7, 3.5, 3.6 and master buildbots before backporting the change to 3.3 and 3.4. |
|
|
| msg297859 - (view) |
Author: Ned Deily (ned.deily) * |
Date: 2017-07-07 05:31 |
| New changeset 05b72ede95521b2d897cb4c7b034139b5437c592 by Ned Deily in branch '3.6': bpo-30797, bpo-30694: Avoid _GNU_SOURCE redefined warning in xmlparse.c (#2615) https://github.com/python/cpython/commit/05b72ede95521b2d897cb4c7b034139b5437c592 |
|
|
| msg297862 - (view) |
Author: Ned Deily (ned.deily) * |
Date: 2017-07-07 05:54 |
| See bpo-30797 for compile warning introduced here. |
|
|
| msg297933 - (view) |
Author: Ned Deily (ned.deily) * |
Date: 2017-07-08 04:51 |
| New changeset ea1ab803ddc14ab02ffed50ecc5089897f259623 by Ned Deily (Victor Stinner) in branch '3.6': bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2313) https://github.com/python/cpython/commit/ea1ab803ddc14ab02ffed50ecc5089897f259623 New changeset bdabd7666032ce356d550da21c35e4bee5b3448c by Ned Deily in branch '3.6': bpo-30797, bpo-30694: Avoid _GNU_SOURCE redefined warning in xmlparse.c (#2615) https://github.com/python/cpython/commit/bdabd7666032ce356d550da21c35e4bee5b3448c |
|
|
| msg298208 - (view) |
Author: Larry Hastings (larry) * |
Date: 2017-07-12 12:41 |
| New changeset 71572bbe82aa0836c036d44d41c8269ba6a321be by larryhastings (Victor Stinner) in branch '3.4': [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2203) https://github.com/python/cpython/commit/71572bbe82aa0836c036d44d41c8269ba6a321be |
|
|
| msg298427 - (view) |
Author: Ned Deily (ned.deily) * |
Date: 2017-07-16 08:48 |
| New changeset ab90986600ba7dea2aa41e5c1773791070725453 by Ned Deily (Victor Stinner) in branch '3.3': [3.3] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2204) https://github.com/python/cpython/commit/ab90986600ba7dea2aa41e5c1773791070725453 |
|
|
| msg298437 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2017-07-16 14:13 |
| Yeah! It's nice to see this issue now fixed in all branches! |
|
|