Message300365
Expat 2.2.3 was released:
Release 2.2.3 Wed August 2 2017
Security fixes:
#82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
using Steve Holme's LoadLibrary wrapper for/of cURL
Bug fixes:
#85 Fix a dangling pointer issue related to realloc
Other changes:
Increase code coverage
#91 Linux: Allow getrandom to fail if nonblocking pool has not
yet been initialized and read /dev/urandom then, instead.
This is in line with what recent Python does.
#81 Pre-10.7/Lion macOS: Support entropy from arc4random
#86 Check that a UTF-16 encoding in an XML declaration has the
right endianness
#4 #5 #7 Recover correctly when some reallocations fail
Repair "./configure && make" for systems without any
provider of high quality entropy
and try reading /dev/urandom on those
Ensure that user-defined character encodings have converter
functions when they are needed
Fix mis-leading description of argument -c in xmlwf.1
Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
for CloudABI
#100 Fix use of SIPHASH_MAIN in siphash.h
#23 Test suite: Fix memory leaks
Version info bumped from 7:4:6 to 7:5:6
Special thanks to:
Chanho Park
Joe Orton
Pascal Cuoq
Rhodri James
Simon McVittie
Vadim Zeitlin
Viktor Szakats
and
Core Infrastructure Initiative |
|
Date |
User |
Action |
Args |
2017-08-16 14:21:19 | vstinner | set | recipients:
+ vstinner, gregory.p.smith, christian.heimes, ned.deily |
2017-08-16 14:21:19 | vstinner | set | messageid: <1502893279.89.0.0271174970663.issue30947@psf.upfronthosting.co.za> |
2017-08-16 14:21:19 | vstinner | link | issue30947 messages |
2017-08-16 14:21:19 | vstinner | create | |
|