From kwaclaw at gmail.com Sun Mar 4 01:06:29 2012 From: kwaclaw at gmail.com (Karl Waclawek) Date: Sat, 03 Mar 2012 19:06:29 -0500 Subject: [Expat-discuss] Announcement: Expat 2.1.0 Beta can be tested Message-ID: <4F52B205.8080304@gmail.com> Available from: https://sourceforge.net/projects/expat/files/expat/2.1.0/. This release was triggered by a hash table DOS attack fix, it also includes accumulated bug fixes and some changes to the build system - using autoreconf instead of the old code in buildconf.sh. Also added a conditional feature to make byte offsets for attributes and attribute names available. What's missing: Documentation updates (Changes file, reference.html) Karl From rainer.jung at kippdata.de Sat Mar 10 18:07:34 2012 From: rainer.jung at kippdata.de (Rainer Jung) Date: Sat, 10 Mar 2012 18:07:34 +0100 Subject: [Expat-discuss] Wrong version number in README for 2.1.0-beta 2 Message-ID: <4F5B8A56.9060103@kippdata.de> The top leve README file in 2.1.0 beta 2 contains: "Release 2.10" I guess it should be "Release 2.1.0". Regards, Rainer From karl at waclawek.net Sun Mar 11 06:51:18 2012 From: karl at waclawek.net (Karl Waclawek) Date: Sun, 11 Mar 2012 00:51:18 -0500 Subject: [Expat-discuss] Expat 2.1.0 Beta 3 Message-ID: <000001ccff4a$fede5c30$fc9b1490$@waclawek.net> A new beta has been released. An issue with the hash table DoS fix was resolved (hopefully). Also, the documentation has been updated and the run-benchmark target has been added to the make file. If no more issues are found, then this will be become the release package. Karl From kwaclaw at gmail.com Sat Mar 24 20:53:16 2012 From: kwaclaw at gmail.com (Karl Waclawek) Date: Sat, 24 Mar 2012 15:53:16 -0400 Subject: [Expat-discuss] Expat 2.1.0 Released Message-ID: <4F6E262C.5020102@gmail.com> This new release of the Expat XML parser contains mostly bug fixes and patches to the build system. A conditional feature to extract attribute byte offsets has been added as well. It is highly recommended to upgrade to this new version as it fixes all known security vulnerabilities (see below - identified by CVE numbers). Changes in Expat 2.1.0: - Bug Fixes: #1742315: Harmful XML_ParserCreateNS suggestion. #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. #1983953, 2517952, 2517962, 2649838: Build modifications using autoreconf instead of buildconf.sh. #2815947, #2884086: OBJEXT and EXEEXT support while building. #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. #2517938: xmlwf should return non-zero exit status if not well-formed. #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. #2855609: Dangling positionPtr after error. #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). #2958794: CVE-2012-1148 - Memory leak in poolGrow. #2990652: CMake support. #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. #3206497: Unitialized memory returned from XML_Parse. #3287849: make check fails on mingw-w64. #3496608: CVE-2012-0876 - Hash DOS attack. - Patches: #1749198: pkg-config support. #3010222: Fix for bug #3010819. #3312568: CMake support. #3446384: Report byte offsets for attr names and values. - New Features / API changes: Added new API member XML_SetHashSalt() that allows setting an intial value (salt) for hash calculations. This is part of the fix for bug #3496608 to randomize hash parameters. When compiled with XML_ATTR_INFO defined, adds new API member XML_GetAttributeInfo() that allows retrieving the byte offsets for attribute names and values (patch #3446384). Added CMake build system. See bug #2990652 and patch #3312568. Added run-benchmark target to Makefile.in - relies on testdata module present in the same relative location as in the repository. From gradford at krispykreme.com Fri Mar 30 20:44:15 2012 From: gradford at krispykreme.com (gradford at krispykreme.com) Date: Fri, 30 Mar 2012 14:44:15 -0400 Subject: [Expat-discuss] Upgrade from V5R4 to 7.1 with EXPAT Message-ID: We are currently running several applications using WSDL2RPG V1.13.2. We want to upgrade from 5.4 to 7.1 of the O/S. Does anyone know of any issues or special considerations about doing this? We also the EXPAT tool version 2.0.0. Anyone using this on V7R1? Thanks for any input. Greig Radford --------------------------------------------------------------------------------------------------------------------- The information contained in this electronic message is information intended for the use of only the individual or entity named above and may be PRIVILEGED and CONFIDENTIAL. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering it to the recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you received this electronic message in error, please notify me immediately by replying to this e-mail and delete the original message. --------------------------------------------------------------------------------------------------------------------