Buried in the link to gentoo are links to 2 Coin patches that allow building against system expat:
http://hg.sim.no/Coin/coin-3.1/raw-rev/06d276e6894e http://hg.sim.no/Coin/coin-3.1/raw-rev/ac55d7d433aa ----- Forwarded message from "Tom Fredrik Klaussen (JIRA)" <[email protected]> ----- Date: Tue, 12 Jan 2010 14:28:28 +0100 (CET) From: "Tom Fredrik Klaussen (JIRA)" <[email protected]> To: [email protected] Subject: [JIRA] Commented: (COINSUPPORT-1151) Add configure option to use system expat library [ https://jira.sim.no/browse/COINSUPPORT-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21499#action_21499 ] Tom Fredrik Klaussen commented on COINSUPPORT-1151: --------------------------------------------------- Hi Steve See http://bugs.gentoo.org/show_bug.cgi?id=297644 I have solved some similar issues for them. Best regards Tom Fredrik > Add configure option to use system expat library > ------------------------------------------------ > > Key: COINSUPPORT-1151 > URL: https://jira.sim.no/browse/COINSUPPORT-1151 > Project: Coin Support > Issue Type: Improvement > Security Level: Private(only inhouse people can see these issues) > Components: GPL > Reporter: Steve M. Robbins > Assignee: Tom Fredrik Klaussen > Priority: Minor > Attachments: signature.asc > > > A bug has recently been filed against Coin in Debian > (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560928) due to a > vulnerability in the expat XML parsing library. Coin embeds a copy of expat, > and may be vulnerable (I haven't checked). > The question arises: is the Coin version of expat modified in some way, or > can Coin safely be linked to a system expat? If the latter is true, it would > be convenient to expose this in a configure option. This will protect us > from patching coin in future if another expat bug is discovered. > Thanks, > -Steve -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.sim.no/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira ----- End forwarded message -----
signature.asc
Description: Digital signature
