CVSROOT: /cvs Module name: src Changes by: bl...@cvs.openbsd.org 2017/06/30 05:25:29
Modified files: lib/libexpat : COPYING Changes Makefile README expat_config.h lib/libexpat/doc: reference.html lib/libexpat/examples: elements.c outline.c lib/libexpat/lib: expat.h expat_external.h internal.h winconfig.h xmlparse.c xmlrole.c xmltok.c xmltok_impl.c Added files: lib/libexpat : AUTHORS Symbols.map lib/libexpat/lib: siphash.h Log message: Update libexpat to version 2.2.1 which has some security fixes. - CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718 CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been addressed. Not all of them affect OpenBSD as we had fixes before. - Upstream uses arc4random_buf(3) now. Delete all code for other entropy sources to make sure to compile the correct one. Our library already used arc4random(3) before. - The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c have been commited upstream in a different way. Use the upstream code to make maintenance easier. - Although it should be ABI compatible, there is a new global symbol align_limit_to_full_utf8_characters. As it is in lib/internal.h, add a Symbols.map to restrict the export. Do not bump the shared library version. - Use the internal expat's siphash.h. ports build ajacoutot@; move ahead deraadt@