diff options
Diffstat (limited to 'contrib/expat/Changes')
| -rw-r--r-- | contrib/expat/Changes | 58 |
1 files changed, 56 insertions, 2 deletions
diff --git a/contrib/expat/Changes b/contrib/expat/Changes index 092252ed1fa3..01e54b676416 100644 --- a/contrib/expat/Changes +++ b/contrib/expat/Changes @@ -41,6 +41,59 @@ !! THANK YOU! Sebastian Pipping -- Berlin, 2024-03-09 !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +Release 2.7.3 Wed September 24 2025 + Security fixes: + #1046 #1048 Fix alignment of internal allocations for some non-amd64 + architectures (e.g. sparc32); fixes up on the fix to + CVE-2025-59375 from #1034 (of Expat 2.7.2 and related + backports) + #1059 Fix a class of false positives where input should have been + rejected with error XML_ERROR_ASYNC_ENTITY; regression from + CVE-2024-8176 fix pull request #973 (of Expat 2.7.0 and + related backports). Please check the added unit tests for + example documents. + + Other changes: + #1043 Prove and regression-proof absence of integer overflow + from function expat_realloc + #1062 Remove "harmless" cast that truncated a size_t to unsigned + #1049 Autotools: Remove "ln -s" discovery + #1054 docs: Be consistent with use of floating point around + XML_SetAllocTrackerMaximumAmplification + #1056 docs: Make it explicit that XML_GetCurrentColumnNumber + starts at 0 + #1057 docs: Better integrate the effect of the activation + thresholds + #1058 docs: Fix an in-comment typo in expat.h + #1045 docs: Fix a typo in README.md + #1041 docs: Improve change log of release 2.7.2 + #1053 xmlwf: Resolve use of functions XML_GetErrorLineNumber + and XML_GetErrorColumnNumber + #1032 Windows: Normalize .bat files to CRLF line endings + #1060 #1061 Version info bumped from 12:0:11 (libexpat*.so.1.11.0) + to 12:1:11 (libexpat*.so.1.11.1); see https://verbump.de/ + for what these numbers do + + Infrastructure: + #1047 #1050 CI: Cleanup UndefinedBehaviorSanitizer fatality + #1044 CI|Linux: Stop aborting at first job failure + #1052 CI|FreeBSD: Upgrade to FreeBSD 15.0 + #1039 CI|FreeBSD: Do not install CMake meta-package + + Special thanks to: + Bénédikt Tran + Berkay Eren Ürün + Daniel Engberg + Hanno Böck + Matthew Fernandez + Rolf Eike Beer + Sam James + Tim Bray + and + Clang/GCC UndefinedBehaviorSanitizer + OSS-Fuzz / ClusterFuzz + Z3 Theorem Prover + Release 2.7.2 Tue September 16 2025 Security fixes: #1018 #1034 CVE-2025-59375 -- Disallow use of disproportional amounts of @@ -73,7 +126,7 @@ Release 2.7.2 Tue September 16 2025 to the pull request URL could be of help. Other changes: - #1008 #1017 Autotools: Sync CMake templates with CMake 3.31 for macOS + #1008 #1017 Autotools|macOS: Sync CMake templates with CMake 3.31 #1007 CMake: Drop support for CMake <3.15 #1004 CMake: Fix off_t detection for -Werror #1007 CMake|Windows: Fix -DEXPAT_MSVC_STATIC_CRT=ON @@ -89,7 +142,7 @@ Release 2.7.2 Tue September 16 2025 #994 docs: Drop AppVeyor badge #1000 tests: Fix portable_strndup #1036 Drop casts around malloc/free/realloc that C99 does not need - #1010 Replace empty for-loops with while loops + #1010 Replace empty for loops with while loops #1011 Add const with internal XmlInitUnknownEncodingNS #14 #1037 Drop an OpenVMS support leftover #999 #1001 Address more clang-tidy warnings @@ -111,6 +164,7 @@ Release 2.7.2 Tue September 16 2025 Neil Pang Theo Buehler and + GNU Time OSS-Fuzz / ClusterFuzz Perl XML::Parser |