depends: expat 2.2.7 #16270

pull fanquake wants to merge 1 commits into bitcoin:master from fanquake:expat-2-2-7 changing 2 files +5 −5

fanquake commented at 9:10 AM on June 23, 2019: member
Major changes in expat 2.2.7:
- #186 #262 Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks
- #227 Autotools: Add --without-examples and --without-tests
Full changelog is available here.
fanquake added the label Build system on Jun 23, 2019
fanquake added the label Needs gitian build on Jun 23, 2019
DrahtBot removed the label Needs gitian build on Jun 24, 2019
laanwj commented at 5:48 PM on June 25, 2019: member

and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks

This would only be a problem if anything llnking expat would be importing XML from untrusted sources, right? It doesn't even end up in the final binary, it's only used indirectly for tooling (by Qt). I don't think there's any need to worry about DoS attacks from this.
MarcoFalke deleted a comment on Jul 2, 2019
MarcoFalke added the label Needs gitian build on Jul 2, 2019
DrahtBot removed the label Needs gitian build on Jul 3, 2019
DrahtBot commented at 9:52 AM on July 7, 2019: member



The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.



Conflicts

No conflicts as of last run.
dongcarl commented at 2:45 PM on July 8, 2019: member

Concept ACK

I believe it's worth it to speed up build times, as the --without-examples and --without-tests flags were only introduced in 2.2.7: https://github.com/libexpat/libexpat/commit/ba1cfbbeb47d8a97cee12c3cdd0411965794d13d
dongcarl added the label Needs rebase on Jul 8, 2019
MarcoFalke deleted a comment on Jul 8, 2019
MarcoFalke added the label Needs gitian build on Jul 8, 2019
depends: expat 2.2.7 0512f0521a
fanquake force-pushed on Jul 9, 2019
fanquake removed the label Needs rebase on Jul 9, 2019
DrahtBot commented at 4:58 PM on July 9, 2019: member


Gitian builds for commit c799976c86e2d65f129d106724fbefbf665d63d4 (master):
- a46ce7601e15b0b12b13cebdc3ca21a7... bitcoin-0.18.99-osx-unsigned.dmg
- 0040af1221bd261e8b1475e325d51951... bitcoin-0.18.99-osx64.tar.gz
- c137274d3d9970877f20a87013d370ff... bitcoin-0.18.99-win64-debug.zip
- 0b78e81445deb0661dffce9f1ba98e0d... bitcoin-0.18.99-win64-setup-unsigned.exe
- 3ce1198d033dd29efbbe19700b644149... bitcoin-0.18.99-win64.zip
- 929e5fb8e5f1009b818fe0613af56987... bitcoin-0.18.99.tar.gz
- 1351f6e1afaa51a76fdd71b21605412b... bitcoin-core-osx-0.19-res.yml
- f4bb135b7b69b9b09ed0975268f254b0... bitcoin-core-win-0.19-res.yml
- 8aff8fc4c0fb7046941cb394ef311b5a... linux-build.log
- a7f15d7542011e30cb472c1800c78782... osx-build.log
- 854df53f6195c51960ae8e9349f348c3... win-build.log
Gitian builds for commit 4eb673035f22978501390ef37e7b2f86dc819581 (master and this pull):
- 1af2abf78b22cfd0dc05b4a7481bf097... bitcoin-0.18.99-aarch64-linux-gnu-debug.tar.gz
- 917d86e678ccacb17d6cc4160c114d3d... bitcoin-0.18.99-aarch64-linux-gnu.tar.gz
- 2d9cbba87011f35d9e7f82493efc6e88... bitcoin-0.18.99-arm-linux-gnueabihf-debug.tar.gz
- 1d564b5da3f7db98969b7be89bdf994e... bitcoin-0.18.99-arm-linux-gnueabihf.tar.gz
- 8a7723a4d415caecc41de939684151cc... bitcoin-0.18.99-i686-pc-linux-gnu-debug.tar.gz
- 27614f84ae67181711442220f81eada0... bitcoin-0.18.99-i686-pc-linux-gnu.tar.gz
- e1940caa0d13c21126e534e023fc26b0... bitcoin-0.18.99-osx-unsigned.dmg
- 0ea0afa89d8a5e97d61cce79ad2e22d4... bitcoin-0.18.99-osx64.tar.gz
- 56ced89773ecb6604628e2545c1ca70d... bitcoin-0.18.99-riscv64-linux-gnu-debug.tar.gz
- 102fb07acce3d3d87d0e5e559ecea4bc... bitcoin-0.18.99-riscv64-linux-gnu.tar.gz
- 249b8c0845341b06bfbd57909fd1e8c0... bitcoin-0.18.99-win64-debug.zip
- 0ea3850efed1766a71c90b9b4ffe02ff... bitcoin-0.18.99-win64-setup-unsigned.exe
- 731019daecbbe5ea5dd609288f935e53... bitcoin-0.18.99-win64.zip
- e57c4ec5e78fa94d2fc1eb8ad56d4852... bitcoin-0.18.99-x86_64-linux-gnu-debug.tar.gz
- 8615b7ef32e7aea22745598e61c75c7c... bitcoin-0.18.99-x86_64-linux-gnu.tar.gz
- aba737862bc0b018895e81c0c8a57b93... bitcoin-0.18.99.tar.gz
- c071b8098690f25e644847156dca0744... bitcoin-core-linux-0.19-res.yml
- ab09ae646f21d644eb18056b3ec38e01... bitcoin-core-osx-0.19-res.yml
- ec84dcaa82559eafdfdc61f898c838f5... bitcoin-core-osx-0.19-res.yml.diff
- f2c26b3549743d13f94f274dfc85173d... bitcoin-core-win-0.19-res.yml
- 2c41db137c5d00ddb1ed5c222056e1cb... bitcoin-core-win-0.19-res.yml.diff
- bc22153cc693a28ea868fa91867c1a49... linux-build.log
- 1dff1e548894044e55cc6054eb747b29... linux-build.log.diff
- f242c8992e8a37138526ece72630a87f... osx-build.log
- 8e24d97f903117eaaa1a7d786f36fba7... osx-build.log.diff
- 731c7b01ed2432c110b895d1c5419962... win-build.log
- a56eac958db884d37fbcad59c8575bcc... win-build.log.diff
DrahtBot removed the label Needs gitian build on Jul 9, 2019
laanwj commented at 10:41 AM on July 10, 2019: member

ACK 0512f0521a63a4cd65e5e93ac1c44e4d54604605
laanwj merged this on Jul 10, 2019
laanwj closed this on Jul 10, 2019
laanwj referenced this in commit d1fc827300 on Jul 10, 2019
fanquake deleted the branch on Jan 22, 2020
deadalnix referenced this in commit 90457de2d4 on Apr 2, 2020
ftrader referenced this in commit 7638688c39 on Aug 13, 2021
Munkybooty referenced this in commit 6a4af37668 on Nov 4, 2021
Munkybooty referenced this in commit 51128fd9ad on Nov 6, 2021
Munkybooty referenced this in commit 09b46575b8 on Nov 12, 2021
Munkybooty referenced this in commit ca3c8daada on Nov 16, 2021
Munkybooty referenced this in commit 1e5321ab8b on Nov 18, 2021
Munkybooty referenced this in commit 7feae0c9c9 on Nov 24, 2021
Munkybooty referenced this in commit 748f43d78a on Nov 30, 2021
Munkybooty referenced this in commit 35e8922274 on Nov 30, 2021
DrahtBot locked this on Feb 15, 2022