homepage

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Update embedded copy of expat to 2.2.1
Type: Stage: resolved
Components: Library (Lib) Versions: Python 3.7, Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: vstinner Nosy List: jkloth, larry, ned.deily, vstinner
Priority: Keywords:

Created on 2017年06月18日 03:01 by ned.deily, last changed 2022年04月11日 14:58 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
rebuild_expat_dir.sh vstinner, 2017年06月20日 14:58
Pull Requests
URL Status Linked Edit
PR 2300 merged vstinner, 2017年06月20日 15:03
PR 2312 merged vstinner, 2017年06月21日 13:10
PR 2313 merged vstinner, 2017年06月21日 13:12
PR 2314 merged vstinner, 2017年06月21日 13:15
PR 2615 merged ned.deily, 2017年07月07日 05:14
PR 2203 merged vstinner, 2017年07月11日 20:34
PR 2204 merged vstinner, 2017年07月11日 20:41
Messages (15)
msg296254 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2017年06月18日 03:01 
From the announcement:
Expat 2.2.1 has been released. The change log has more details [2] than this mail, including commit SHA1s. For a quick overview of the security fixes and CVEs, we have:
 CVE-2017-9233 External entity infinite loop DoS [1]
 (CVE-2016-9063) Integer overflow (re-fix)
 n/a More integer overflow fixes
 (CVE-2016-0718) Fix regression bugs from 2.2.0's fix to CVE-2016-0718
 (CVE-2016-5300) Use os-specific entropy sources like getrandom
 n/a No longer leak parser pointer information
 n/a Prevent use of uninitialised variables
 n/a Add missing API parameter validation (NULL, len<0)
 (CVE-2012-0876) Counter hash flooding with SipHash
https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes
https://libexpat.github.io/doc/cve-2017-9233/
msg296447 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017年06月20日 14:58 
rebuild_expat_dir.sh: Script to update Modules/expat/ to libexpat 2.2.1. The script requires to manually revert one change in Modules/expat/expat_external.h to restore the #include "pyexpatns.h" line.
msg296494 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017年06月20日 22:03 
Oh, it seems like the compilation of expat 2.2.0 fails on Windows with VS 9.0:
http://bugs.python.org/issue30368#msg296493
But it seems like expat 2.2.1 is going to fix this compilation issue!
msg296538 - (view) Author: Jeremy Kloth (jkloth) * Date: 2017年06月21日 10:34 
Re buildbot failure: see PR on issue29591
It's not a problem with Expat, but with our project files.
msg296549 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017年06月21日 12:39 
New changeset 5ff7132313eb651107b179d20218dfe5d4e47f13 by Victor Stinner in branch 'master':
bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300)
https://github.com/python/cpython/commit/5ff7132313eb651107b179d20218dfe5d4e47f13
msg296556 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017年06月21日 14:05 
New changeset 4a66524006852fc982aebafa277f2c043d9ad149 by Victor Stinner in branch '3.6':
bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2313)
https://github.com/python/cpython/commit/4a66524006852fc982aebafa277f2c043d9ad149
msg296557 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017年06月21日 14:05 
New changeset 91d171be45942d37a973b0675521b5159a96be31 by Victor Stinner in branch '3.5':
bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2314)
https://github.com/python/cpython/commit/91d171be45942d37a973b0675521b5159a96be31
msg296559 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017年06月21日 15:12 
New changeset 2ada64d2a073f85f135461833952dbe8d656810d by Victor Stinner in branch '2.7':
[2.7] bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2312)
https://github.com/python/cpython/commit/2ada64d2a073f85f135461833952dbe8d656810d
msg296560 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017年06月21日 15:14 
I will wait for 2.7, 3.5, 3.6 and master buildbots before backporting the change to 3.3 and 3.4.
msg297859 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2017年07月07日 05:31 
New changeset 05b72ede95521b2d897cb4c7b034139b5437c592 by Ned Deily in branch '3.6':
bpo-30797, bpo-30694: Avoid _GNU_SOURCE redefined warning in xmlparse.c (#2615)
https://github.com/python/cpython/commit/05b72ede95521b2d897cb4c7b034139b5437c592
msg297862 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2017年07月07日 05:54 
See bpo-30797 for compile warning introduced here.
msg297933 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2017年07月08日 04:51 
New changeset ea1ab803ddc14ab02ffed50ecc5089897f259623 by Ned Deily (Victor Stinner) in branch '3.6':
bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2313)
https://github.com/python/cpython/commit/ea1ab803ddc14ab02ffed50ecc5089897f259623
New changeset bdabd7666032ce356d550da21c35e4bee5b3448c by Ned Deily in branch '3.6':
bpo-30797, bpo-30694: Avoid _GNU_SOURCE redefined warning in xmlparse.c (#2615)
https://github.com/python/cpython/commit/bdabd7666032ce356d550da21c35e4bee5b3448c
msg298208 - (view) Author: Larry Hastings (larry) * (Python committer) Date: 2017年07月12日 12:41 
New changeset 71572bbe82aa0836c036d44d41c8269ba6a321be by larryhastings (Victor Stinner) in branch '3.4':
[3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2203)
https://github.com/python/cpython/commit/71572bbe82aa0836c036d44d41c8269ba6a321be
msg298427 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2017年07月16日 08:48 
New changeset ab90986600ba7dea2aa41e5c1773791070725453 by Ned Deily (Victor Stinner) in branch '3.3':
[3.3] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2204)
https://github.com/python/cpython/commit/ab90986600ba7dea2aa41e5c1773791070725453
msg298437 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017年07月16日 14:13 
Yeah! It's nice to see this issue now fixed in all branches!
History
Date User Action Args
2022年04月11日 14:58:47adminsetgithub: 74879
2019年05月10日 17:54:01ned.deilysetmessages: - msg342085
2019年05月10日 17:36:37ned.deilysetmessages: + msg342085
2017年07月16日 14:13:30vstinnersetmessages: + msg298437
2017年07月16日 08:58:34ned.deilysetpriority: deferred blocker ->
status: open -> closed
resolution: fixed
stage: needs patch -> resolved
2017年07月16日 08:48:07ned.deilysetmessages: + msg298427
2017年07月12日 12:41:36larrysetnosy: + larry
messages: + msg298208
2017年07月11日 20:41:19vstinnersetpull_requests: + pull_request2738
2017年07月11日 20:34:42vstinnersetpull_requests: + pull_request2737
2017年07月08日 04:51:40ned.deilysetmessages: + msg297933
2017年07月07日 05:54:57ned.deilysetassignee: vstinner
messages: + msg297862
2017年07月07日 05:31:46ned.deilysetmessages: + msg297859
2017年07月07日 05:14:18ned.deilysetpull_requests: + pull_request2681
2017年06月21日 15:14:09vstinnersetmessages: + msg296560
2017年06月21日 15:12:50vstinnersetmessages: + msg296559
2017年06月21日 14:05:17vstinnersetmessages: + msg296557
2017年06月21日 14:05:14vstinnersetmessages: + msg296556
2017年06月21日 13:15:29vstinnersetpull_requests: + pull_request2360
2017年06月21日 13:12:06vstinnersetpull_requests: + pull_request2359
2017年06月21日 13:10:10vstinnersetpull_requests: + pull_request2358
2017年06月21日 12:39:24vstinnersetmessages: + msg296549
2017年06月21日 10:34:23jklothsetnosy: + jkloth
messages: + msg296538
2017年06月20日 22:03:57vstinnersetmessages: + msg296494
2017年06月20日 15:03:12vstinnersetpull_requests: + pull_request2347
2017年06月20日 14:58:29vstinnersetfiles: + rebuild_expat_dir.sh

messages: + msg296447
2017年06月18日 03:01:27ned.deilycreate

AltStyle によって変換されたページ (->オリジナル) /