Issue 30694: Update embedded copy of expat to 2.2.1

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/74879

classification

Title:	Update embedded copy of expat to 2.2.1
Type:		Stage:	resolved
Components:	Library (Lib)	Versions:	Python 3.7, Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:	vstinner	Nosy List:	jkloth, larry, ned.deily, vstinner
Priority:		Keywords:

Created on 2017-06-18 03:01 by ned.deily, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
rebuild_expat_dir.sh	vstinner, 2017-06-20 14:58

Pull Requests
URL	Status	Linked	Edit
PR 2300	merged	vstinner, 2017-06-20 15:03
PR 2312	merged	vstinner, 2017-06-21 13:10
PR 2313	merged	vstinner, 2017-06-21 13:12
PR 2314	merged	vstinner, 2017-06-21 13:15
PR 2615	merged	ned.deily, 2017-07-07 05:14
PR 2203	merged	vstinner, 2017-07-11 20:34
PR 2204	merged	vstinner, 2017-07-11 20:41

Messages (15)
msg296254 - (view)	Author: Ned Deily (ned.deily) *	Date: 2017-06-18 03:01
From the announcement: Expat 2.2.1 has been released. The change log has more details [2] than this mail, including commit SHA1s. For a quick overview of the security fixes and CVEs, we have: CVE-2017-9233 External entity infinite loop DoS [1] (CVE-2016-9063) Integer overflow (re-fix) n/a More integer overflow fixes (CVE-2016-0718) Fix regression bugs from 2.2.0's fix to CVE-2016-0718 (CVE-2016-5300) Use os-specific entropy sources like getrandom n/a No longer leak parser pointer information n/a Prevent use of uninitialised variables n/a Add missing API parameter validation (NULL, len<0) (CVE-2012-0876) Counter hash flooding with SipHash https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes https://libexpat.github.io/doc/cve-2017-9233/
msg296447 - (view)	Author: STINNER Victor (vstinner) *	Date: 2017-06-20 14:58
rebuild_expat_dir.sh: Script to update Modules/expat/ to libexpat 2.2.1. The script requires to manually revert one change in Modules/expat/expat_external.h to restore the #include "pyexpatns.h" line.
msg296494 - (view)	Author: STINNER Victor (vstinner) *	Date: 2017-06-20 22:03
Oh, it seems like the compilation of expat 2.2.0 fails on Windows with VS 9.0: http://bugs.python.org/issue30368#msg296493 But it seems like expat 2.2.1 is going to fix this compilation issue!
msg296538 - (view)	Author: Jeremy Kloth (jkloth) *	Date: 2017-06-21 10:34
Re buildbot failure: see PR on issue29591 It's not a problem with Expat, but with our project files.
msg296549 - (view)	Author: STINNER Victor (vstinner) *	Date: 2017-06-21 12:39
New changeset 5ff7132313eb651107b179d20218dfe5d4e47f13 by Victor Stinner in branch 'master': bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) https://github.com/python/cpython/commit/5ff7132313eb651107b179d20218dfe5d4e47f13
msg296556 - (view)	Author: STINNER Victor (vstinner) *	Date: 2017-06-21 14:05
New changeset 4a66524006852fc982aebafa277f2c043d9ad149 by Victor Stinner in branch '3.6': bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2313) https://github.com/python/cpython/commit/4a66524006852fc982aebafa277f2c043d9ad149
msg296557 - (view)	Author: STINNER Victor (vstinner) *	Date: 2017-06-21 14:05
New changeset 91d171be45942d37a973b0675521b5159a96be31 by Victor Stinner in branch '3.5': bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2314) https://github.com/python/cpython/commit/91d171be45942d37a973b0675521b5159a96be31
msg296559 - (view)	Author: STINNER Victor (vstinner) *	Date: 2017-06-21 15:12
New changeset 2ada64d2a073f85f135461833952dbe8d656810d by Victor Stinner in branch '2.7': [2.7] bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2312) https://github.com/python/cpython/commit/2ada64d2a073f85f135461833952dbe8d656810d
msg296560 - (view)	Author: STINNER Victor (vstinner) *	Date: 2017-06-21 15:14
I will wait for 2.7, 3.5, 3.6 and master buildbots before backporting the change to 3.3 and 3.4.
msg297859 - (view)	Author: Ned Deily (ned.deily) *	Date: 2017-07-07 05:31
New changeset 05b72ede95521b2d897cb4c7b034139b5437c592 by Ned Deily in branch '3.6': bpo-30797, bpo-30694: Avoid _GNU_SOURCE redefined warning in xmlparse.c (#2615) https://github.com/python/cpython/commit/05b72ede95521b2d897cb4c7b034139b5437c592
msg297862 - (view)	Author: Ned Deily (ned.deily) *	Date: 2017-07-07 05:54
See bpo-30797 for compile warning introduced here.
msg297933 - (view)	Author: Ned Deily (ned.deily) *	Date: 2017-07-08 04:51
New changeset ea1ab803ddc14ab02ffed50ecc5089897f259623 by Ned Deily (Victor Stinner) in branch '3.6': bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2313) https://github.com/python/cpython/commit/ea1ab803ddc14ab02ffed50ecc5089897f259623 New changeset bdabd7666032ce356d550da21c35e4bee5b3448c by Ned Deily in branch '3.6': bpo-30797, bpo-30694: Avoid _GNU_SOURCE redefined warning in xmlparse.c (#2615) https://github.com/python/cpython/commit/bdabd7666032ce356d550da21c35e4bee5b3448c
msg298208 - (view)	Author: Larry Hastings (larry) *	Date: 2017-07-12 12:41
New changeset 71572bbe82aa0836c036d44d41c8269ba6a321be by larryhastings (Victor Stinner) in branch '3.4': [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2203) https://github.com/python/cpython/commit/71572bbe82aa0836c036d44d41c8269ba6a321be
msg298427 - (view)	Author: Ned Deily (ned.deily) *	Date: 2017-07-16 08:48
New changeset ab90986600ba7dea2aa41e5c1773791070725453 by Ned Deily (Victor Stinner) in branch '3.3': [3.3] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2204) https://github.com/python/cpython/commit/ab90986600ba7dea2aa41e5c1773791070725453
msg298437 - (view)	Author: STINNER Victor (vstinner) *	Date: 2017-07-16 14:13
Yeah! It's nice to see this issue now fixed in all branches!

History
Date	User	Action	Args
2022-04-11 14:58:47	admin	set	github: 74879
2019-05-10 17:54:01	ned.deily	set	messages: - msg342085
2019-05-10 17:36:37	ned.deily	set	messages: + msg342085
2017-07-16 14:13:30	vstinner	set	messages: + msg298437
2017-07-16 08:58:34	ned.deily	set	priority: deferred blocker -> status: open -> closed resolution: fixed stage: needs patch -> resolved
2017-07-16 08:48:07	ned.deily	set	messages: + msg298427
2017-07-12 12:41:36	larry	set	nosy: + larry messages: + msg298208
2017-07-11 20:41:19	vstinner	set	pull_requests: + pull_request2738
2017-07-11 20:34:42	vstinner	set	pull_requests: + pull_request2737
2017-07-08 04:51:40	ned.deily	set	messages: + msg297933
2017-07-07 05:54:57	ned.deily	set	assignee: vstinner messages: + msg297862
2017-07-07 05:31:46	ned.deily	set	messages: + msg297859
2017-07-07 05:14:18	ned.deily	set	pull_requests: + pull_request2681
2017-06-21 15:14:09	vstinner	set	messages: + msg296560
2017-06-21 15:12:50	vstinner	set	messages: + msg296559
2017-06-21 14:05:17	vstinner	set	messages: + msg296557
2017-06-21 14:05:14	vstinner	set	messages: + msg296556
2017-06-21 13:15:29	vstinner	set	pull_requests: + pull_request2360
2017-06-21 13:12:06	vstinner	set	pull_requests: + pull_request2359
2017-06-21 13:10:10	vstinner	set	pull_requests: + pull_request2358
2017-06-21 12:39:24	vstinner	set	messages: + msg296549
2017-06-21 10:34:23	jkloth	set	nosy: + jkloth messages: + msg296538
2017-06-20 22:03:57	vstinner	set	messages: + msg296494
2017-06-20 15:03:12	vstinner	set	pull_requests: + pull_request2347
2017-06-20 14:58:29	vstinner	set	files: + rebuild_expat_dir.sh messages: + msg296447
2017-06-18 03:01:27	ned.deily	create