diff --git a/expat/Changes b/expat/Changes index d6385238..b3e6854a 100644 --- a/expat/Changes +++ b/expat/Changes @@ -1,13 +1,48 @@ Release ??? ??? Security fixes: - #499: Use more entropy for hash initialization - #519: Resolve troublesome internal call to srand + #537 CVE-2016-0718 -- fix crash on malformed input + CVE-2016-4472 -- improve insufficient fix to CVE-2015-1283 / + CVE-2015-2716 introduced with Expat 2.1.1 + #499 Use more entropy for hash initialization + #519 Resolve troublesome internal call to srand + that was introduced with Expat 2.1.0 + when addressing CVE-2012-0876 (issue #496) + + Bug fixes: + Fix uninitialized reads of size 1 + (e.g. in little2_updatePosition) + Fix detection of UTF-8 character boundaries Other changes: - #532: Fix compilation for Visual Studio 2010 - p90: Fix static build (BUILD_shared=OFF) with CMake on Windows - Remove executable flag from source files - Address some compile warnings + #532 Fix compilation for Visual Studio 2010 (keyword "C99") + p90 CMake: Fix static build (BUILD_shared=OFF) on Windows + #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass + #323 CMake: Add suffix "d" to differentiate debug from release + CMake: Define COMPILING_FOR_WINDOWS with CMake on Windows + Makefiles: Resolve use of "$<" to better support bmake + Makefiles: Add QA script "qa.sh" (and make target "qa") + Makefiles: Respect CXXFLAGS if given + Makefiles: Have "make run-xmltest" check for expected output + Makefiles: Fix "make run-xmltest" + Annotate memory allocators for GCC + Address all currently known compile warnings + Make sure that API symbols remain visible despite + -fvisibility=hidden + Remove executable flag from source files + Turn COMPILED_FROM_DSP into COMPILING_FOR_WINDOWS + + Special thanks to: + Björn Lindahl + Christian Heimes + Cristian Rodríguez + Daniel Krügler + Gustavo Grieco + Karl Waclawek + Pascal Cuoq + Sergei Nikulov + Thomas Beutlich + Warren Young + Yann Droneaud Release 2.1.1 Sat March 12 2016 Security fixes: