On 08.10.2010 17:45, Jeff Trawick wrote:
On Fri, Oct 8, 2010 at 9:50 AM, Rainer Jung<[email protected]> wrote:
On 04.10.2010 13:00, Jeff Trawick wrote:
(Both have critical fixes which are currently available only as patches.)
I can T&R as long as the trees are ready by approx. Thursday (I'm on
the road next week). It would be great to get expat taken care of but
I can't volunteer any time on that.
If noone else already works on it, I can try to do the update during the
next 24 hours.
cool!
OK, done so far. First build tests on Solaris look good. I can even do
an out of tree build.
Some comments:
- Tests
I added the billion laughs test and the alpha and beta test for
CVE-2009-3720. I'm not yet sure, whether those tests really work. The
testing in 0.9 is very different from 1.3.
Building the tests might be broken for Windows and Netware, although I'm
not aware of any obvious problem.
- Checking expat security fixes
I don't know how to reliably check, whether the CVEs have actually been
closed. Would be good if someone could confirm for 0.9 too.
- Windows build files
I didn't backport 1003370 (Windows dsp files), because those files
differ significantly. I hope Bill can have a look.
We might also take the opportunity of adding mak and dep files, like we
have in the newer branches, but of course that's not a show stopper for 0.9
Cheers,
Rainer
