On Fri, Oct 8, 2010 at 5:47 PM, Rainer Jung <rainer.j...@kippdata.de> wrote:
> On 08.10.2010 17:45, Jeff Trawick wrote:
>>
>> On Fri, Oct 8, 2010 at 9:50 AM, Rainer Jung<rainer.j...@kippdata.de>
>>  wrote:
>>>
>>> On 04.10.2010 13:00, Jeff Trawick wrote:
>>>>
>>>> (Both have critical fixes which are currently available only as
>>>> patches.)
>>>>
>>>> I can T&R as long as the trees are ready by approx. Thursday (I'm on
>>>> the road next week).  It would be great to get expat taken care of but
>>>> I can't volunteer any time on that.
>>>
>>> If noone else already works on it, I can try to do the update during the
>>> next 24 hours.
>>
>> cool!
>
> OK, done so far. First build tests on Solaris look good. I can even do an
> out of tree build.
>
> Some comments:
>
> - Tests
>
> I added the billion laughs test and the alpha and beta test for
> CVE-2009-3720. I'm not yet sure, whether those tests really work. The
> testing in 0.9 is very different from 1.3.
>
> Building the tests might be broken for Windows and Netware, although I'm not
> aware of any obvious problem.
>
> - Checking expat security fixes
>
> I don't know how to reliably check, whether the CVEs have actually been
> closed. Would be good if someone could confirm for 0.9 too.
>
> - Windows build files
>
> I didn't backport 1003370 (Windows dsp files), because those files differ
> significantly. I hope Bill can have a look.
>
> We might also take the opportunity of adding mak and dep files, like we have
> in the newer branches, but of course that's not a show stopper for 0.9

Thanks so much!  I'll start looking at the status of things tomorrow a.m.

Reply via email to