Opened 8 months ago

Closed 8 months ago

#5685 closed enhancement (fixed)

expat-2.7.1

Reported by: Bruce Dubbs Owned by: lfs-book
Priority: normal Milestone: 12.4
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (2)

comment:1 by Bruce Dubbs, 8 months ago

Release 2.7.1 Thu March 27 2025

Bug fixes:

  • Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0);

Affected API functions are:

  • XML_GetCurrentByteCount
  • XML_GetCurrentByteIndex
  • XML_GetCurrentColumnNumber
  • XML_GetCurrentLineNumber
  • XML_GetInputContext

Other changes:

  • Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}" with Automake that were missing from 2.7.0 release tarballs
  • Fix printf format specifiers for 32bit Emscripten
  • docs: Promote OpenSSF Best Practices self-certification
  • tests/benchmark: Resolve mistaken double close
  • Address compiler warnings
  • Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do

Infrastructure:

  • CI: Start running Perl XML::Parser integration tests
  • CI: Enforce Clang Static Analyzer clean code
  • CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy
  • CI: Cover compilation with musl
  • CI: Cover compilation with 32bit Emscripten
  • CI: Protect against fuzzer files missing from future release archives

comment:2 by Bruce Dubbs, 8 months ago

Resolution: fixed
Status: newclosed

Fixed at commit a05804f155.

Note: See TracTickets for help on using tickets.