commit c205a741b46526ec0351cb8b6d992698ca7fd4b7
author Fred L. Drake, Jr. <fdrake@users.sourceforge.net> Sat Apr 14 19:56:38 2012 +0000
committer Fred L. Drake, Jr. <fdrake@users.sourceforge.net> Sat Apr 14 19:56:38 2012 +0000
tree 567b3dd6149e7948feab5c1bc9c07d27b5284bf3
parent dbc2e3c638e515cd62f33b5aabe7498e76066e18

update news for www.libexpat.org

htdocs/index.html

diff --git a/htdocs/index.html b/htdocs/index.html
index 1edb0d7..c576518 100644
--- a/htdocs/index.html
+++ b/htdocs/index.html
@@ -51,6 +51,105 @@
 <h3 id="news">News</h3>
 
 <dl>
+  <dt><em>24 March 2012</em>,
+      Expat 2.1.0 released.
+    </dt>
+  <dd><p>Release 2.1.0 includes security &amp; other bug fixes, new
+    features, and updated build support.</p>
+    <h4>Security fixes</h4>
+    <ul>
+      <li>Memory leak in poolGrow (<a
+        href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148"
+        >CVE-2012-1148</a>)</li>
+      <li>Resource leak in readfilemap.c (<a
+        href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1147"
+        >CVE-2012-1147</a>)</li>
+      <li>Hash DOS attack (<a
+        href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876"
+        >CVE-2012-0876</a>)</li>
+      <li>Buffer over-read and crash in big2_toUtf8 (<a
+        href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3560"
+        >CVE-2009-3560</a>)</li>
+      <li>Parser crash with special UTF-8 sequences (<a
+        href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3720"
+        >CVE-2009-3270</a>)</li>
+    </ul>
+    <h4>New features</h4>
+    <ul>
+      <li>Added function XML_SetHashSalt that allows setting an initial
+        value (salt) for hash calculations (part of the fix for bug <a
+        href="https://sourceforge.net/tracker/?func=detail&aid=3496608&group_id=10127&atid=110127"
+        >3496608</a>).
+      <li>When compiled with XML_ATTR_INFO defined, adds new API member
+        XML_GetAttributeInfo() that allows retrieving the byte offsets
+        for attribute names and values (patch <a
+        href="https://sourceforge.net/tracker/?func=detail&aid=3446384&group_id=10127&atid=310127"
+        >3446384</a>).</li>
+      <li>Added CMake build system (bug <a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2990652&group_id=10127&atid=110127"
+        >2990652</a>, patch <a
+        href="https://sourceforge.net/tracker/?func=detail&aid=3312568&group_id=10127&atid=310127"
+        >3312568</a>).</li>
+      <li>Added run-benchmark target to Makefile.in - relies on testdata
+        module present in the same relative location as in the repository.
+        </li>
+    </ul>
+    <h4>Bug fixes</h4>
+    <ul>
+      <li>Harmful XML_ParserCreateNS suggestion (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=1742315&group_id=10127&atid=110127"
+        >1742315</a>)</li>
+      <li>CVE-2012-1147 - Resource leak in readfilemap.c (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127"
+        >2895533</a>)</li>
+      <li>Expat build fails on linux-amd64 with gcc version&gt;=4.1 -O3 (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=1785430&group_id=10127&atid=110127"
+        >1785430</a>)</li>
+      <li>Build modifications using autoreconf instead of buildconf.sh (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=1983953&group_id=10127&atid=110127"
+        >1983953</a>, <a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2517952&group_id=10127&atid=110127"
+        >2517952</a>, <a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2517962&group_id=10127&atid=110127"
+        >2517962</a>, <a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2649838&group_id=10127&atid=110127"
+        >2649838</a>)</li>
+      <li>OBJEXT and EXEEXT support while building (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2815947&group_id=10127&atid=110127"
+        >2815947</a>, <a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2884086&group_id=10127&atid=110127"
+        >2884086</a>)</li>
+      <li>CVE-2009-3720 - Parser crash with special UTF-8 sequences (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=1990430&group_id=10127&atid=110127"
+        >1990430</a>)</li>
+      <li>xmlwf should return non-zero exit status if not well-formed (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2517938&group_id=10127&atid=110127"
+        >2517938</a>)</li>
+      <li>Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2517946&group_id=10127&atid=110127"
+        >2517946</a>)</li>
+      <li>Dangling positionPtr after error (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2855609&group_id=10127&atid=110127"
+        >2855609</a>)</li>
+      <li>CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8() (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2894085&group_id=10127&atid=110127"
+        >2894085</a>)</li>
+      <li>CVE-2012-1148 - Memory leak in poolGrow (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=2958794&group_id=10127&atid=110127"
+        >2958794</a>)</li>
+      <li>UNEXPECTED_STATE with a trailing "%" in entity value (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=3010819&group_id=10127&atid=110127"
+        >3010819</a>)</li>
+      <li>Unitialized memory returned from XML_Parse (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=3206497&group_id=10127&atid=110127"
+        >3206497</a>)</li>
+      <li>make check fails on mingw-w64 (<a
+        href="https://sourceforge.net/tracker/?func=detail&aid=87849&group_id=10127&atid=110127"
+        >87849</a>)</li>
+    </ul>
+  </dd>
+</dl>
+<dl>
   <dt><em>5 June 2007</em>,
       Expat 2.0.1 released.
     </dt>