On Fri, Oct 8, 2010 at 5:47 PM, Rainer Jung <rainer.j...@kippdata.de> wrote: > On 08.10.2010 17:45, Jeff Trawick wrote: >> >> On Fri, Oct 8, 2010 at 9:50 AM, Rainer Jung<rainer.j...@kippdata.de> >> wrote: >>> >>> On 04.10.2010 13:00, Jeff Trawick wrote: >>>> >>>> (Both have critical fixes which are currently available only as >>>> patches.) >>>> >>>> I can T&R as long as the trees are ready by approx. Thursday (I'm on >>>> the road next week). It would be great to get expat taken care of but >>>> I can't volunteer any time on that. >>> >>> If noone else already works on it, I can try to do the update during the >>> next 24 hours. >> >> cool! > > OK, done so far. First build tests on Solaris look good. I can even do an > out of tree build. > > Some comments: > > - Tests > > I added the billion laughs test and the alpha and beta test for > CVE-2009-3720. I'm not yet sure, whether those tests really work. The > testing in 0.9 is very different from 1.3. > > Building the tests might be broken for Windows and Netware, although I'm not > aware of any obvious problem. > > - Checking expat security fixes > > I don't know how to reliably check, whether the CVEs have actually been > closed. Would be good if someone could confirm for 0.9 too. > > - Windows build files > > I didn't backport 1003370 (Windows dsp files), because those files differ > significantly. I hope Bill can have a look. > > We might also take the opportunity of adding mak and dep files, like we have > in the newer branches, but of course that's not a show stopper for 0.9
Thanks so much! I'll start looking at the status of things tomorrow a.m.