Author: Marc Deslauriers
Revision Date: 2015-08-28 09:33:01 UTC

* SECURITY UPDATE: integer overflows in XML_GetBuffer
  - debian/patches/CVE-2015-1283.patch: add checks to lib/xmlparse.c.
  - CVE-2015-1283

Author: Marc Deslauriers
Revision Date: 2015-08-28 09:31:01 UTC

* SECURITY UPDATE: integer overflows in XML_GetBuffer
  - debian/patches/CVE-2015-1283.patch: add checks to lib/xmlparse.c.
  - CVE-2015-1283

Author: Marc Deslauriers
Revision Date: 2015-08-28 09:33:01 UTC

* SECURITY UPDATE: integer overflows in XML_GetBuffer
  - debian/patches/CVE-2015-1283.patch: add checks to lib/xmlparse.c.
  - CVE-2015-1283

Author: Marc Deslauriers
Revision Date: 2015-08-28 09:31:01 UTC

* SECURITY UPDATE: integer overflows in XML_GetBuffer
  - debian/patches/CVE-2015-1283.patch: add checks to lib/xmlparse.c.
  - CVE-2015-1283

Author: Marc Deslauriers
Revision Date: 2015-08-28 09:33:57 UTC

* SECURITY UPDATE: integer overflows in XML_GetBuffer
  - debian/patches/CVE-2015-1283.dpatch: add checks to lib/xmlparse.c.
  - CVE-2015-1283

Author: Marc Deslauriers
Revision Date: 2015-08-28 09:33:57 UTC

* SECURITY UPDATE: integer overflows in XML_GetBuffer
  - debian/patches/CVE-2015-1283.dpatch: add checks to lib/xmlparse.c.
  - CVE-2015-1283

Author: Laszlo Boszormenyi
Revision Date: 2015-07-24 14:48:45 UTC

* Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
  function (closes: #793484).
* Update Standards-Version to 3.9.6 .

Author: Laszlo Boszormenyi
Revision Date: 2015-07-24 14:48:45 UTC

* Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
  function (closes: #793484).
* Update Standards-Version to 3.9.6 .

Author: Brian Murray
Revision Date: 2014-10-21 11:56:11 UTC

No-change rebuild to get debug symbols on all architectures.

Author: Brian Murray
Revision Date: 2014-10-21 11:56:11 UTC

No-change rebuild to get debug symbols on all architectures.

Author: Brian Murray
Revision Date: 2014-10-21 11:56:11 UTC

No-change rebuild to get debug symbols on all architectures.

Author: Matthias Klose
Revision Date: 2013-12-03 14:42:15 UTC

* Use dh-autoreconf.
* Enable parallel builds.

Author: Matthias Klose
Revision Date: 2013-12-03 14:42:15 UTC

* Use dh-autoreconf.
* Enable parallel builds.

Author: Laszlo Boszormenyi
Revision Date: 2013-07-07 12:43:10 UTC

* New maintainer (closes: #660681).
* Update to Standards-Version 3.9.4 , no changes needed.
* Move to compat level 8 .

Author: Laszlo Boszormenyi
Revision Date: 2013-07-07 12:43:10 UTC

* New maintainer (closes: #660681).
* Update to Standards-Version 3.9.4 , no changes needed.
* Move to compat level 8 .

Author: Matthias Klose
Revision Date: 2012-12-12 17:44:15 UTC

* QA upload, set maintainer address to the QA team.
* Stop building the 64bit packages.
* Move expat_config.h into the multiarch include location.
* Make libexpat1-dev Multi-Arch: same.
* Update config.{guess,sub} for aarch64 (Wookey). Closes: #689619.

Author: Matthias Klose
Revision Date: 2012-12-12 17:44:15 UTC

* QA upload, set maintainer address to the QA team.
* Stop building the 64bit packages.
* Move expat_config.h into the multiarch include location.
* Make libexpat1-dev Multi-Arch: same.
* Update config.{guess,sub} for aarch64 (Wookey). Closes: #689619.

Author: Wookey
Revision Date: 2012-10-01 12:57:03 UTC

Update config.guess,sub for aarch64

Author: Tyler Hicks
Revision Date: 2012-08-09 11:49:00 UTC

* SECURITY UPDATE: Denial of service via hash collisions
  - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
    hash inputs. Based on upstream patch.
  - CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
  - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
    Based on upstream patch.
  - CVE-2012-1148

Author: Tyler Hicks
Revision Date: 2012-08-09 11:53:57 UTC

* SECURITY UPDATE: Denial of service via hash collisions
  - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
    hash inputs. Based on upstream patch.
  - CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
  - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
    Based on upstream patch.
  - CVE-2012-1148

Author: Tyler Hicks
Revision Date: 2012-08-09 12:02:05 UTC

* SECURITY UPDATE: Denial of service via hash collisions
  - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
    hash inputs. Based on upstream patch.
  - CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
  - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
    Based on upstream patch.
  - CVE-2012-1148

Author: Tyler Hicks
Revision Date: 2012-08-09 11:49:00 UTC

* SECURITY UPDATE: Denial of service via hash collisions
  - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
    hash inputs. Based on upstream patch.
  - CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
  - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
    Based on upstream patch.
  - CVE-2012-1148

Author: Tyler Hicks
Revision Date: 2012-08-09 11:53:57 UTC

* SECURITY UPDATE: Denial of service via hash collisions
  - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
    hash inputs. Based on upstream patch.
  - CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
  - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
    Based on upstream patch.
  - CVE-2012-1148

Author: Tyler Hicks
Revision Date: 2012-08-09 12:02:05 UTC

* SECURITY UPDATE: Denial of service via hash collisions
  - debian/patches/577777_CVE_2012_0876.dpatch: Add random salt value to
    hash inputs. Based on upstream patch.
  - CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
  - debian/patches/588888_CVE_2012_1148.dpatch: Properly reallocate memory.
    Based on upstream patch.
  - CVE-2012-1148

Author: Tyler Hicks
Revision Date: 2012-08-09 12:05:43 UTC

* SECURITY UPDATE: Denial of service via hash collisions
  - lib/xmlparse.c: Add random salt value to hash inputs
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/expat.h?r1=1.80&r2=1.81
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.167&r2=1.168
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.168&r2=1.169
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.169&r2=1.170
  - CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
  - lib/xmlparse.c: Properly reallocate memory
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167
  - CVE-2012-1148

Author: Tyler Hicks
Revision Date: 2012-08-09 12:05:43 UTC

* SECURITY UPDATE: Denial of service via hash collisions
  - lib/xmlparse.c: Add random salt value to hash inputs
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/expat.h?r1=1.80&r2=1.81
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.167&r2=1.168
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.168&r2=1.169
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.169&r2=1.170
  - CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
  - lib/xmlparse.c: Properly reallocate memory
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167
  - CVE-2012-1148

Author: Matthias Klose
Revision Date: 2012-03-15 02:13:54 UTC

CVE-2012-0876: Randomize hashes of xml attributes in the expat library
to avoid a denial of service due to hash collisions. Patch by David
Malcolm with some modifications by the expat project.

Author: Steve Langasek
Revision Date: 2011-03-21 08:19:41 UTC

No-change rebuild against fixed pkgbinarymangler, to get correct
multiarch-safe changelogs

Author: Steve Langasek
Revision Date: 2011-03-21 08:19:41 UTC

No-change rebuild against fixed pkgbinarymangler, to get correct
multiarch-safe changelogs

Author: Steve Langasek
Revision Date: 2011-03-13 03:37:43 UTC

releasing version 2.0.1-7ubuntu1+multiarch.3

Author: Jamie Strandboge
Revision Date: 2010-01-19 09:59:07 UTC

* Merge from Debian testing. Remaining changes:
  - Install run-time libraries into /lib rather than /usr/lib, since
    dbus-daemon is in /bin and links to libexpat.

Author: Jamie Strandboge
Revision Date: 2010-01-19 11:13:59 UTC

* SECURITY UPDATE: fix DoS via malformed XML
  - update lib/xmltok_impl.c to not access beyond end of input string
  - CVE-2009-2625
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
  - update lib/xmlparse.c to properly recognize the end of a token
  - CVE-2009-3560

Author: Jamie Strandboge
Revision Date: 2010-01-19 11:13:59 UTC

* SECURITY UPDATE: fix DoS via malformed XML
  - update lib/xmltok_impl.c to not access beyond end of input string
  - CVE-2009-2625
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
  - update lib/xmlparse.c to properly recognize the end of a token
  - CVE-2009-3560

Author: Jamie Strandboge
Revision Date: 2010-01-19 11:38:30 UTC

* SECURITY UPDATE: fix DoS via malformed XML
  - update lib/xmltok_impl.c to not access beyond end of input string
  - CVE-2009-2625
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
  - update lib/xmlparse.c to properly recognize the end of a token
  - CVE-2009-3560

Author: Jamie Strandboge
Revision Date: 2010-01-19 11:38:30 UTC

* SECURITY UPDATE: fix DoS via malformed XML
  - update lib/xmltok_impl.c to not access beyond end of input string
  - CVE-2009-2625
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
  - update lib/xmlparse.c to properly recognize the end of a token
  - CVE-2009-3560

Author: Jamie Strandboge
Revision Date: 2010-01-19 11:40:03 UTC

* SECURITY UPDATE: fix DoS via malformed XML
  - update lib/xmltok_impl.c to not access beyond end of input string
  - CVE-2009-2625
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
  - update lib/xmlparse.c to properly recognize the end of a token
  - CVE-2009-3560

Author: Jamie Strandboge
Revision Date: 2010-01-19 11:40:03 UTC

* SECURITY UPDATE: fix DoS via malformed XML
  - update lib/xmltok_impl.c to not access beyond end of input string
  - CVE-2009-2625
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
  - update lib/xmlparse.c to properly recognize the end of a token
  - CVE-2009-3560

Author: Jamie Strandboge
Revision Date: 2010-01-19 11:46:25 UTC

* SECURITY UPDATE: fix DoS via malformed XML
  - update lib/xmltok_impl.c to not access beyond end of input string
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13
  - CVE-2009-2625
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
  - update lib/xmlparse.c to properly recognize the end of a token
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.166
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165
  - CVE-2009-3560

Author: Jamie Strandboge
Revision Date: 2010-01-19 11:46:25 UTC

* SECURITY UPDATE: fix DoS via malformed XML
  - update lib/xmltok_impl.c to not access beyond end of input string
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13
  - CVE-2009-2625
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
  - update lib/xmlparse.c to properly recognize the end of a token
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.166
  - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165
  - CVE-2009-3560

Author: Jamie Strandboge
Revision Date: 2010-01-19 16:44:40 UTC

* Merge from Debian testing. Remaining changes:
  - Install run-time libraries into /lib rather than /usr/lib, since
    dbus-daemon is in /bin and links to libexpat.
* debian/control (Depends): Fixed debhelper-but-no-misc-depends.
* debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
  - lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
    regressions have been detected (closes: #561658). Many thanks to
    Niko Tyni and Karl Waclawek for their help and the fix.
* debian/patches/560901_CVE_2009_3560.dpatch: Added.
  - lib/xmlparse.c (doProlog): Fix DoS vulnerability CVE-2009-3560 (closes:
    #560901).
* debian/patches/00list: Adjusted.
* debian/control (Standards-Version): Bumped to 3.8.3.
  (Priority, Section): Fixed binary-control-field-duplicates-source.
  (Description): Fixed extended-description-is-probably-too-short and
  duplicate-long-description.
* debian/rules (CFLAGS): Drop useless '-pthread -D_REENTRANT' from version
  1.95-8-1 (closes: #551079).
* debian/README.source: Added for policy compliance.
* debian/patches/551936_CVE_2009_2625.dpatch: Added.
  - lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
    and CVE-2009-3720 (closes: #551936).
* debian/patches/00list: Adjusted.

Author: Jamie Strandboge
Revision Date: 2010-01-19 16:44:40 UTC

* Merge from Debian testing. Remaining changes:
  - Install run-time libraries into /lib rather than /usr/lib, since
    dbus-daemon is in /bin and links to libexpat.
* debian/control (Depends): Fixed debhelper-but-no-misc-depends.
* debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
  - lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
    regressions have been detected (closes: #561658). Many thanks to
    Niko Tyni and Karl Waclawek for their help and the fix.
* debian/patches/560901_CVE_2009_3560.dpatch: Added.
  - lib/xmlparse.c (doProlog): Fix DoS vulnerability CVE-2009-3560 (closes:
    #560901).
* debian/patches/00list: Adjusted.
* debian/control (Standards-Version): Bumped to 3.8.3.
  (Priority, Section): Fixed binary-control-field-duplicates-source.
  (Description): Fixed extended-description-is-probably-too-short and
  duplicate-long-description.
* debian/rules (CFLAGS): Drop useless '-pthread -D_REENTRANT' from version
  1.95-8-1 (closes: #551079).
* debian/README.source: Added for policy compliance.
* debian/patches/551936_CVE_2009_2625.dpatch: Added.
  - lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
    and CVE-2009-3720 (closes: #551936).
* debian/patches/00list: Adjusted.

Author: Jamie Strandboge
Revision Date: 2010-01-19 16:44:40 UTC

* Merge from Debian testing. Remaining changes:
  - Install run-time libraries into /lib rather than /usr/lib, since
    dbus-daemon is in /bin and links to libexpat.
* debian/control (Depends): Fixed debhelper-but-no-misc-depends.
* debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
  - lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
    regressions have been detected (closes: #561658). Many thanks to
    Niko Tyni and Karl Waclawek for their help and the fix.
* debian/patches/560901_CVE_2009_3560.dpatch: Added.
  - lib/xmlparse.c (doProlog): Fix DoS vulnerability CVE-2009-3560 (closes:
    #560901).
* debian/patches/00list: Adjusted.
* debian/control (Standards-Version): Bumped to 3.8.3.
  (Priority, Section): Fixed binary-control-field-duplicates-source.
  (Description): Fixed extended-description-is-probably-too-short and
  duplicate-long-description.
* debian/rules (CFLAGS): Drop useless '-pthread -D_REENTRANT' from version
  1.95-8-1 (closes: #551079).
* debian/README.source: Added for policy compliance.
* debian/patches/551936_CVE_2009_2625.dpatch: Added.
  - lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
    and CVE-2009-3720 (closes: #551936).
* debian/patches/00list: Adjusted.

Author: Jamie Strandboge
Revision Date: 2010-01-19 09:59:07 UTC

* Merge from Debian testing. Remaining changes:
  - Install run-time libraries into /lib rather than /usr/lib, since
    dbus-daemon is in /bin and links to libexpat.

Author: Colin Watson
Revision Date: 2009-09-16 12:29:07 UTC

Install run-time libraries into /lib rather than /usr/lib, since
dbus-daemon is in /bin and links to libexpat.

Author: Daniel Leidert
Revision Date: 2008-06-09 20:48:30 UTC

debian/libexpat1-dev.install: Install the libtool .la files again and drop
them after Lenny (closes: #485460).

Author: Daniel Leidert
Revision Date: 2008-06-09 20:48:30 UTC

debian/libexpat1-dev.install: Install the libtool .la files again and drop
them after Lenny (closes: #485460).

Author: Matthias Klose
Revision Date: 2007-12-05 17:37:50 UTC

* New upstream version. LP: #133808.
* Remove the old libexpat.so.0 symlink; this bug predates Ubuntu (was
  fixed in version 1.95.5-1).
* Drop the extra build files in bcb5/.

Author: Matthias Klose
Revision Date: 2007-09-22 10:00:04 UTC

Build 64bit packages.

Author: Matthias Klose
Revision Date: 2007-03-05 01:15:45 UTC

Rebuild for changes in the amd64 toolchain.

Author: Frans Pop
Revision Date: 2006-03-28 22:09:52 UTC

* Non Maintainer Upload
* Correct mistake in patch for #355937 so that udeb: lines in shlibs file
  actually refer to the udeb package

Author: Ardo van Rangelrooij
Revision Date: 2005-04-19 21:50:50 UTC

* Makefile.in: added $(srcdir)/expat_config.h to APIHEADER
  (closes: Bug#302191)
* rebuild against latest libtool for kfreebsd-gnu
  (closes: Bug#295825)

Author: Ardo van Rangelrooij
Revision Date: 2005-04-19 21:50:50 UTC

* Makefile.in: added $(srcdir)/expat_config.h to APIHEADER
  (closes: Bug#302191)
* rebuild against latest libtool for kfreebsd-gnu
  (closes: Bug#295825)

Author: Ardo van Rangelrooij
Revision Date: 2004-10-19 19:31:03 UTC

* New upstream release
  (closes: Bug#263858)
* debian/rules: added '-pthread -D_REENTRANT' to 'CFLAGS'
* Added debian/watch

Author: Ardo van Rangelrooij
Revision Date: 2004-02-29 11:01:15 UTC

debian/control: fixed typo in maintainer's email address