Release ??? ???
Security fixes:
- #499: Use more entropy for hash initialization
- #519: Resolve troublesome internal call to srand
+ #537 CVE-2016-0718 -- fix crash on malformed input
+ CVE-2016-4472 -- improve insufficient fix to CVE-2015-1283 /
+ CVE-2015-2716 introduced with Expat 2.1.1
+ #499 Use more entropy for hash initialization
+ #519 Resolve troublesome internal call to srand
+ that was introduced with Expat 2.1.0
+ when addressing CVE-2012-0876 (issue #496)
+
+ Bug fixes:
+ Fix uninitialized reads of size 1
+ (e.g. in little2_updatePosition)
+ Fix detection of UTF-8 character boundaries
Other changes:
- #532: Fix compilation for Visual Studio 2010
- p90: Fix static build (BUILD_shared=OFF) with CMake on Windows
- Remove executable flag from source files
- Address some compile warnings
+ #532 Fix compilation for Visual Studio 2010 (keyword "C99")
+ p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
+ #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
+ #323 CMake: Add suffix "d" to differentiate debug from release
+ CMake: Define COMPILING_FOR_WINDOWS with CMake on Windows
+ Makefiles: Resolve use of "$<" to better support bmake
+ Makefiles: Add QA script "qa.sh" (and make target "qa")
+ Makefiles: Respect CXXFLAGS if given
+ Makefiles: Have "make run-xmltest" check for expected output
+ Makefiles: Fix "make run-xmltest"
+ Annotate memory allocators for GCC
+ Address all currently known compile warnings
+ Make sure that API symbols remain visible despite
+ -fvisibility=hidden
+ Remove executable flag from source files
+ Turn COMPILED_FROM_DSP into COMPILING_FOR_WINDOWS
+
+ Special thanks to:
+ Björn Lindahl
+ Christian Heimes
+ Cristian Rodríguez
+ Daniel Krügler
+ Gustavo Grieco
+ Karl Waclawek
+ Pascal Cuoq
+ Sergei Nikulov
+ Thomas Beutlich
+ Warren Young
+ Yann Droneaud
Release 2.1.1 Sat March 12 2016
Security fixes:
projects / libexpat / commitdiff