ubuntu/+source/expat:ubuntu/trusty-updates

Last commit made on 2017-07-19
Get this branch:
git clone -b ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/expat
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-updates
Repository:
lp:ubuntu/+source/expat

Recent commits

95afdb5... by Marc Deslauriers on 2017-06-27

Import patches-unapplied version 2.1.0-4ubuntu1.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7665f6f63aee416e332e9805691a20c8e687fb05

New changelog entries:
  * SECURITY UPDATE: external entity infinite loop
    - debian/patches/CVE-2017-9233.patch: add check to lib/xmlparse.c.
    - CVE-2017-9233

7665f6f... by Marc Deslauriers on 2016-06-10

Import patches-unapplied version 2.1.0-4ubuntu1.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: db450ea99b2b6055eb4e9568d6fe752b1ffd376f

New changelog entries:
  * SECURITY UPDATE: unanticipated internal calls to srand
    - debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
      in lib/xmlparse.c.
    - debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits on
      32bit platforms in lib/xmlparse.c.
    - CVE-2012-6702
  * SECURITY UPDATE: use of too little entropy
    - debian/patches/CVE-2016-5300-1.patch: extract method
      gather_time_entropy in lib/xmlparse.c.
    - debian/patches/CVE-2016-5300-2.patch: extract entropy from XML_Parser
      address in lib/xmlparse.c.
    - CVE-2016-5300

db450ea... by Marc Deslauriers on 2016-05-16

Import patches-unapplied version 2.1.0-4ubuntu1.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: cec4680a31608440f9c0b5037a25fd261f99140f

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed documents
    - debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
      and integer overflow in lib/xmlparse.c, lib/xmltok.c, lib/xmltok.h,
      lib/xmltok_impl.c.
    - CVE-2016-0718
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283-refix.patch: improved existing fix in
      lib/xmlparse.c.
    - CVE-2015-1283

cec4680... by Marc Deslauriers on 2015-08-28

Import patches-unapplied version 2.1.0-4ubuntu1.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: c2d7458b668315d06487e28156ed75ff9f5a6788

New changelog entries:
  * SECURITY UPDATE: integer overflows in XML_GetBuffer
    - debian/patches/CVE-2015-1283.patch: add checks to lib/xmlparse.c.
    - CVE-2015-1283

c2d7458... by Matthias Klose on 2013-12-03

Import patches-unapplied version 2.1.0-4ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 358e8d7c9b17c3057cdea8b11fec027a81d57ba1

New changelog entries:
  * Use dh-autoreconf.
  * Enable parallel builds.

358e8d7... by Laszlo Boszormenyi on 2013-07-07

Import patches-unapplied version 2.1.0-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 56501817bbee0bbe490646138061d47a90c25179

New changelog entries:
  * New maintainer (closes: #660681).
  * Update to Standards-Version 3.9.4 , no changes needed.
  * Move to compat level 8 .

5650181... by Matthias Klose on 2013-05-08

Import patches-unapplied version 2.1.0-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 135cd0bb85508cf1975d3deb942b5a9a60d1b65b

New changelog entries:
  * QA upload, set maintainer address to the QA team.
  * Move expat_config.h into the multiarch include location.
  * Make libexpat1-dev Multi-Arch: same.
  * Update config.{guess,sub} for aarch64 (Wookey). Closes: #689619.
  * Don't ship the pkgconfig file in lib64expat1-dev. Closes: #706932.

135cd0b... by Matthias Klose on 2012-04-04

Import patches-unapplied version 2.1.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2f232cec83b63a9d47f9190831f1bca738cd5772

New changelog entries:
  * QA upload.
  * expat 2.1.0 release.

2f232ce... by Matthias Klose on 2012-03-23

Import patches-unapplied version 2.1.0~beta3-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a906816c3a655be69186425c4282cc8e79be54ea

New changelog entries:
  * Fix symbol version for XML_SetHashSalt. Addresses #665362.

a906816... by Matthias Klose on 2012-03-20

Import patches-unapplied version 2.1.0~beta3-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5f5306f16b6f8f813ef0ac8bc48d483549e02cba

New changelog entries:
  * QA upload.
  * Beta release 2.1.0 beta3. Closes: #663579.
    - CVE-2012-1147 - Resource leak in readfilemap.c.
    - CVE-2012-1148 - Memory leak in poolGrow.
    - CVE-2012-0876 - Hash DOS attack.
    - Remove patches applied upstream.
  * Remove Daniel from uploaders (orphaned package).
  * Update package format to 3.0.
  * Enable hardened build. Closes: #653526.
  * Add a symbols file.
  * Install expat pkgconfig file.
  * CVE-2012-0876: Randomize hashes of xml attributes in the expat library
    to avoid a denial of service due to hash collisions. Patch by David
    Malcolm with some modifications by the expat project.