New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
depends: expat 2.2.7 #16270
depends: expat 2.2.7 #16270
Conversation
This would only be a problem if anything llnking expat would be importing XML from untrusted sources, right? |
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsNo conflicts as of last run. |
Concept ACK I believe it's worth it to speed up build times, as the |
Gitian builds for commit c799976 (master):
Gitian builds for commit 4eb6730 (master and this pull):
|
ACK 0512f05 |
0512f05 depends: expat 2.2.7 (fanquake) Pull request description: Major changes in expat 2.2.7: * [#186](libexpat/libexpat#186) [#262](libexpat/libexpat#262) Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks * [#227](libexpat/libexpat#227) Autotools: Add --without-examples and --without-tests Full changelog is available [here](https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5). ACKs for top commit: laanwj: ACK 0512f05 Tree-SHA512: 45162a9b0011107fd59a97dae7b5eb61989dafbec26b1ee497d1b11bf5c6a119971096899caa2998648b82a62db57c629a1560453557146c2496b39a7f3f8de9
Summary: ``` Major changes in expat 2.2.7: - #186 #262 Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks - #227 Autotools: Add --without-examples and --without-tests ``` Backport of core [[bitcoin/bitcoin#16270 | PR16270]]. Test Plan: Run the Gitian builds. Reviewers: #bitcoin_abc, deadalnix Reviewed By: #bitcoin_abc, deadalnix Differential Revision: https://reviews.bitcoinabc.org/D5631
Summary: ``` Major changes in expat 2.2.7: - Bitcoin-ABC#186 Bitcoin-ABC#262 Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks - Bitcoin-ABC#227 Autotools: Add --without-examples and --without-tests ``` Backport of core [[bitcoin/bitcoin#16270 | PR16270]]. Test Plan: Run the Gitian builds. Reviewers: #bitcoin_abc, deadalnix Reviewed By: #bitcoin_abc, deadalnix Differential Revision: https://reviews.bitcoinabc.org/D5631
0512f05 depends: expat 2.2.7 (fanquake) Pull request description: Major changes in expat 2.2.7: * [dashpay#186](libexpat/libexpat#186) [dashpay#262](libexpat/libexpat#262) Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks * [dashpay#227](libexpat/libexpat#227) Autotools: Add --without-examples and --without-tests Full changelog is available [here](https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5). ACKs for top commit: laanwj: ACK 0512f05 Tree-SHA512: 45162a9b0011107fd59a97dae7b5eb61989dafbec26b1ee497d1b11bf5c6a119971096899caa2998648b82a62db57c629a1560453557146c2496b39a7f3f8de9
0512f05 depends: expat 2.2.7 (fanquake) Pull request description: Major changes in expat 2.2.7: * [dashpay#186](libexpat/libexpat#186) [dashpay#262](libexpat/libexpat#262) Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks * [dashpay#227](libexpat/libexpat#227) Autotools: Add --without-examples and --without-tests Full changelog is available [here](https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5). ACKs for top commit: laanwj: ACK 0512f05 Tree-SHA512: 45162a9b0011107fd59a97dae7b5eb61989dafbec26b1ee497d1b11bf5c6a119971096899caa2998648b82a62db57c629a1560453557146c2496b39a7f3f8de9
0512f05 depends: expat 2.2.7 (fanquake) Pull request description: Major changes in expat 2.2.7: * [dashpay#186](libexpat/libexpat#186) [dashpay#262](libexpat/libexpat#262) Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks * [dashpay#227](libexpat/libexpat#227) Autotools: Add --without-examples and --without-tests Full changelog is available [here](https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5). ACKs for top commit: laanwj: ACK 0512f05 Tree-SHA512: 45162a9b0011107fd59a97dae7b5eb61989dafbec26b1ee497d1b11bf5c6a119971096899caa2998648b82a62db57c629a1560453557146c2496b39a7f3f8de9
0512f05 depends: expat 2.2.7 (fanquake) Pull request description: Major changes in expat 2.2.7: * [dashpay#186](libexpat/libexpat#186) [dashpay#262](libexpat/libexpat#262) Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks * [dashpay#227](libexpat/libexpat#227) Autotools: Add --without-examples and --without-tests Full changelog is available [here](https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5). ACKs for top commit: laanwj: ACK 0512f05 Tree-SHA512: 45162a9b0011107fd59a97dae7b5eb61989dafbec26b1ee497d1b11bf5c6a119971096899caa2998648b82a62db57c629a1560453557146c2496b39a7f3f8de9
0512f05 depends: expat 2.2.7 (fanquake) Pull request description: Major changes in expat 2.2.7: * [dashpay#186](libexpat/libexpat#186) [dashpay#262](libexpat/libexpat#262) Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks * [dashpay#227](libexpat/libexpat#227) Autotools: Add --without-examples and --without-tests Full changelog is available [here](https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5). ACKs for top commit: laanwj: ACK 0512f05 Tree-SHA512: 45162a9b0011107fd59a97dae7b5eb61989dafbec26b1ee497d1b11bf5c6a119971096899caa2998648b82a62db57c629a1560453557146c2496b39a7f3f8de9
0512f05 depends: expat 2.2.7 (fanquake) Pull request description: Major changes in expat 2.2.7: * [dashpay#186](libexpat/libexpat#186) [dashpay#262](libexpat/libexpat#262) Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks * [dashpay#227](libexpat/libexpat#227) Autotools: Add --without-examples and --without-tests Full changelog is available [here](https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5). ACKs for top commit: laanwj: ACK 0512f05 Tree-SHA512: 45162a9b0011107fd59a97dae7b5eb61989dafbec26b1ee497d1b11bf5c6a119971096899caa2998648b82a62db57c629a1560453557146c2496b39a7f3f8de9
0512f05 depends: expat 2.2.7 (fanquake) Pull request description: Major changes in expat 2.2.7: * [dashpay#186](libexpat/libexpat#186) [dashpay#262](libexpat/libexpat#262) Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks * [dashpay#227](libexpat/libexpat#227) Autotools: Add --without-examples and --without-tests Full changelog is available [here](https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5). ACKs for top commit: laanwj: ACK 0512f05 Tree-SHA512: 45162a9b0011107fd59a97dae7b5eb61989dafbec26b1ee497d1b11bf5c6a119971096899caa2998648b82a62db57c629a1560453557146c2496b39a7f3f8de9
0512f05 depends: expat 2.2.7 (fanquake) Pull request description: Major changes in expat 2.2.7: * [dashpay#186](libexpat/libexpat#186) [dashpay#262](libexpat/libexpat#262) Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks * [dashpay#227](libexpat/libexpat#227) Autotools: Add --without-examples and --without-tests Full changelog is available [here](https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5). ACKs for top commit: laanwj: ACK 0512f05 Tree-SHA512: 45162a9b0011107fd59a97dae7b5eb61989dafbec26b1ee497d1b11bf5c6a119971096899caa2998648b82a62db57c629a1560453557146c2496b39a7f3f8de9
Major changes in expat 2.2.7:
XML names with multiple colons could end up in the
wrong namespace, and take a high amount of RAM and CPU
resources while processing, opening the door to use for denial-of-service attacks
Full changelog is available here.