Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update embedded copy of expat to 2.2.1 #74879

Closed
ned-deily opened this issue Jun 18, 2017 · 15 comments
Closed

Update embedded copy of expat to 2.2.1 #74879

ned-deily opened this issue Jun 18, 2017 · 15 comments
Assignees
Labels
3.7 stdlib Python modules in the Lib dir

Comments

@ned-deily
Copy link
Member

ned-deily commented Jun 18, 2017

BPO 30694
Nosy @vstinner, @larryhastings, @jkloth, @ned-deily
PRs
  • bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 #2300
  • [2.7] bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) #2312
  • [3.6] bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) #2313
  • [3.5] bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) #2314
  • bpo-30797, bpo-30694: Avoid _GNU_SOURCE redefined warning in xmlparse.c #2615
  • [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) #2203
  • [3.3] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) #2204
  • Files
  • rebuild_expat_dir.sh
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/vstinner'
    closed_at = <Date 2017-07-16.08:58:34.950>
    created_at = <Date 2017-06-18.03:01:27.531>
    labels = ['3.7', 'library']
    title = 'Update embedded copy of expat to 2.2.1'
    updated_at = <Date 2019-05-10.17:54:01.777>
    user = 'https://github.com/ned-deily'

    bugs.python.org fields:

    activity = <Date 2019-05-10.17:54:01.777>
    actor = 'ned.deily'
    assignee = 'vstinner'
    closed = True
    closed_date = <Date 2017-07-16.08:58:34.950>
    closer = 'ned.deily'
    components = ['Library (Lib)']
    creation = <Date 2017-06-18.03:01:27.531>
    creator = 'ned.deily'
    dependencies = []
    files = ['46962']
    hgrepos = []
    issue_num = 30694
    keywords = []
    message_count = 15.0
    messages = ['296254', '296447', '296494', '296538', '296549', '296556', '296557', '296559', '296560', '297859', '297862', '297933', '298208', '298427', '298437']
    nosy_count = 4.0
    nosy_names = ['vstinner', 'larry', 'jkloth', 'ned.deily']
    pr_nums = ['2300', '2312', '2313', '2314', '2615', '2203', '2204']
    priority = None
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = None
    url = 'https://bugs.python.org/issue30694'
    versions = ['Python 2.7', 'Python 3.3', 'Python 3.4', 'Python 3.5', 'Python 3.6', 'Python 3.7']

    @ned-deily
    Copy link
    Member Author

    ned-deily commented Jun 18, 2017

    From the announcement:

    Expat 2.2.1 has been released. The change log has more details [2] than this mail, including commit SHA1s. For a quick overview of the security fixes and CVEs, we have:

    CVE-2017-9233 External entity infinite loop DoS [1]
    (CVE-2016-9063) Integer overflow (re-fix)
    n/a More integer overflow fixes
    (CVE-2016-0718) Fix regression bugs from 2.2.0's fix to CVE-2016-0718
    (CVE-2016-5300) Use os-specific entropy sources like getrandom
    n/a No longer leak parser pointer information
    n/a Prevent use of uninitialised variables
    n/a Add missing API parameter validation (NULL, len<0)
    (CVE-2012-0876) Counter hash flooding with SipHash

    https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes

    https://libexpat.github.io/doc/cve-2017-9233/

    @ned-deily ned-deily added deferred-blocker 3.7 stdlib Python modules in the Lib dir labels Jun 18, 2017
    @vstinner
    Copy link
    Member

    vstinner commented Jun 20, 2017

    rebuild_expat_dir.sh: Script to update Modules/expat/ to libexpat 2.2.1. The script requires to manually revert one change in Modules/expat/expat_external.h to restore the #include "pyexpatns.h" line.

    @vstinner
    Copy link
    Member

    vstinner commented Jun 20, 2017

    Oh, it seems like the compilation of expat 2.2.0 fails on Windows with VS 9.0:
    http://bugs.python.org/issue30368#msg296493

    But it seems like expat 2.2.1 is going to fix this compilation issue!

    @jkloth
    Copy link
    Contributor

    jkloth commented Jun 21, 2017

    Re buildbot failure: see PR on bpo-29591

    It's not a problem with Expat, but with our project files.

    @vstinner
    Copy link
    Member

    vstinner commented Jun 21, 2017

    New changeset 5ff7132 by Victor Stinner in branch 'master':
    bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (bpo-2300)
    5ff7132

    @vstinner
    Copy link
    Member

    vstinner commented Jun 21, 2017

    New changeset 4a66524 by Victor Stinner in branch '3.6':
    bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (bpo-2300) (bpo-2313)
    4a66524

    @vstinner
    Copy link
    Member

    vstinner commented Jun 21, 2017

    New changeset 91d171b by Victor Stinner in branch '3.5':
    bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (bpo-2300) (bpo-2314)
    91d171b

    @vstinner
    Copy link
    Member

    vstinner commented Jun 21, 2017

    New changeset 2ada64d by Victor Stinner in branch '2.7':
    [2.7] bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (bpo-2300) (bpo-2312)
    2ada64d

    @vstinner
    Copy link
    Member

    vstinner commented Jun 21, 2017

    I will wait for 2.7, 3.5, 3.6 and master buildbots before backporting the change to 3.3 and 3.4.

    @ned-deily
    Copy link
    Member Author

    ned-deily commented Jul 7, 2017

    New changeset 05b72ed by Ned Deily in branch '3.6':
    bpo-30797, bpo-30694: Avoid _GNU_SOURCE redefined warning in xmlparse.c (bpo-2615)
    05b72ed

    @ned-deily
    Copy link
    Member Author

    ned-deily commented Jul 7, 2017

    See bpo-30797 for compile warning introduced here.

    @ned-deily
    Copy link
    Member Author

    ned-deily commented Jul 8, 2017

    New changeset ea1ab80 by Ned Deily (Victor Stinner) in branch '3.6':
    bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (bpo-2300) (bpo-2313)
    ea1ab80

    New changeset bdabd76 by Ned Deily in branch '3.6':
    bpo-30797, bpo-30694: Avoid _GNU_SOURCE redefined warning in xmlparse.c (bpo-2615)
    bdabd76

    @larryhastings
    Copy link
    Contributor

    larryhastings commented Jul 12, 2017

    New changeset 71572bb by larryhastings (Victor Stinner) in branch '3.4':
    [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (bpo-2164) (bpo-2203)
    71572bb

    @ned-deily
    Copy link
    Member Author

    ned-deily commented Jul 16, 2017

    New changeset ab90986 by Ned Deily (Victor Stinner) in branch '3.3':
    [3.3] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (bpo-2164) (bpo-2204)
    ab90986

    @vstinner
    Copy link
    Member

    vstinner commented Jul 16, 2017

    Yeah! It's nice to see this issue now fixed in all branches!

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.7 stdlib Python modules in the Lib dir
    Projects
    None yet
    Development

    No branches or pull requests

    4 participants