LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 04-27-2013, 10:23 PM   #1
binshi
LQ Newbie
 
Registered: Apr 2013
Location: Beijing, China
Distribution: Slackware64 14.0, Windows 7 (x64 EN), Debian Stable as server
Posts: 6

Rep: Reputation: Disabled
When will we get expat 2.1.0 in Slackware?


expat has been released version 2.1.0 for more than one year.
But Slackware-current is still using 2.0.1.

When will we get the latest version in official releases?

README: (From http://sourceforge.net/projects/expat/)

This new release of the Expat XML parser contains mostly bug fixes and
patches to the build system. A conditional feature to extract
attribute byte offsets has been added as well.

It is highly recommended to upgrade to this new version as it fixes all
known security vulnerabilities (see below - identified by CVE numbers).

Changes in Expat 2.1.0:

- Bug Fixes:
#1742315: Harmful XML_ParserCreateNS suggestion.
#2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
#1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
#1983953, 2517952, 2517962, 2649838:
Build modifications using autoreconf instead of buildconf.sh.
#2815947, #2884086: OBJEXT and EXEEXT support while building.
#1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
#2517938: xmlwf should return non-zero exit status if not well-formed.
#2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
#2855609: Dangling positionPtr after error.
#2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
#2958794: CVE-2012-1148 - Memory leak in poolGrow.
#2990652: CMake support.
#3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
#3206497: Unitialized memory returned from XML_Parse.
#3287849: make check fails on mingw-w64.
#3496608: CVE-2012-0876 - Hash DOS attack.

- Patches:
#1749198: pkg-config support.
#3010222: Fix for bug #3010819.
#3312568: CMake support.
#3446384: Report byte offsets for attr names and values.

- New Features / API changes:
Added new API member XML_SetHashSalt() that allows setting an intial
value (salt) for hash calculations. This is part of the fix for
bug #3496608 to randomize hash parameters.
When compiled with XML_ATTR_INFO defined, adds new API member
XML_GetAttributeInfo() that allows retrieving the byte
offsets for attribute names and values (patch #3446384).
Added CMake build system.
See bug #2990652 and patch #3312568.
Added run-benchmark target to Makefile.in - relies on testdata module
present in the same relative location as in the repository.

Last edited by binshi; 04-27-2013 at 10:27 PM.
 
Old 04-27-2013, 10:24 PM   #2
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,921

Rep: Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050
You can have it today, if you install it.

And, welcome!
 
Old 04-27-2013, 10:29 PM   #3
binshi
LQ Newbie
 
Registered: Apr 2013
Location: Beijing, China
Distribution: Slackware64 14.0, Windows 7 (x64 EN), Debian Stable as server
Posts: 6

Original Poster
Rep: Reputation: Disabled


Thank you!

I mean in the official releases... such as Slackware 15.x?

Quote:
Originally Posted by snowpine View Post
You can have it today, if you install it.

And, welcome!
 
Old 04-27-2013, 10:35 PM   #4
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 2,638

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
Next Slackware will be 14.1, not 15.0
 
Old 04-28-2013, 12:33 AM   #5
binshi
LQ Newbie
 
Registered: Apr 2013
Location: Beijing, China
Distribution: Slackware64 14.0, Windows 7 (x64 EN), Debian Stable as server
Posts: 6

Original Poster
Rep: Reputation: Disabled
Sorry, I didn't notice that.

Would you please tell me where to get such information?

Thank you.
 
Old 04-28-2013, 01:00 AM   #6
Didier Spaier
Senior Member
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slackware{,64}-{14.1,current} on a Lenovo Thinkpad W520
Posts: 4,683

Rep: Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240
Quote:
Originally Posted by binshi View Post
Sorry, I didn't notice that.

Would you please tell me where to get such information?

Thank you.
Just try to install Slackware-current and look at the title of the main dialog box (the one you see when you run 'setup').

Caveat emptor: our BDFL may change his mind any time till the release be announced

Last edited by Didier Spaier; 04-28-2013 at 01:10 AM.
 
Old 04-28-2013, 01:29 AM   #7
binshi
LQ Newbie
 
Registered: Apr 2013
Location: Beijing, China
Distribution: Slackware64 14.0, Windows 7 (x64 EN), Debian Stable as server
Posts: 6

Original Poster
Rep: Reputation: Disabled
Thank you very much. And your "Caveat emptor" is so interesting.

Quote:
Originally Posted by Didier Spaier View Post
Just try to install Slackware-current and look at the title of the main dialog box (the one you see when you run 'setup').

Caveat emptor: our BDFL may change his mind any time till the release be announced
 
Old 04-28-2013, 03:41 AM   #8
Didier Spaier
Senior Member
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slackware{,64}-{14.1,current} on a Lenovo Thinkpad W520
Posts: 4,683

Rep: Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240Reputation: 1240
Back to the topic: if Patrick Volkerding read this thread he will possibly consider it as an upgrade request. If this upgrade doesn't show in a few weeks in Slackware-current's Changelog, you could write to him directly.
 
Old 04-28-2013, 09:00 AM   #9
binshi
LQ Newbie
 
Registered: Apr 2013
Location: Beijing, China
Distribution: Slackware64 14.0, Windows 7 (x64 EN), Debian Stable as server
Posts: 6

Original Poster
Rep: Reputation: Disabled
I've seen that LQ has been mentioned many times in current Changelog.
So I tried to ask here. Wish I could see the change recently.

Thank you for your advice.

Quote:
Originally Posted by Didier Spaier View Post
Back to the topic: if Patrick Volkerding read this thread he will possibly consider it as an upgrade request. If this upgrade doesn't show in a few weeks in Slackware-current's Changelog, you could write to him directly.
 
Old 04-28-2013, 10:04 AM   #10
GazL
Senior Member
 
Registered: May 2008
Posts: 3,503

Rep: Reputation: 1027Reputation: 1027Reputation: 1027Reputation: 1027Reputation: 1027Reputation: 1027Reputation: 1027Reputation: 1027
The 2009 CVE's listed are already patched into the slackware expat package. I don't know whether Pat has looked at the 2012 CVE's for expat. Sometimes he decides that the CVE's aren't serious enough to warrant a bump and other times they manage to fly right under his radar until someone shouts "CVEs!!! 2 O'Clock low!"


Time for the Pat Signal...

Last edited by GazL; 05-23-2014 at 12:50 PM.
 
6 members found this post helpful.
Old 04-28-2013, 01:05 PM   #11
mlangdn
Senior Member
 
Registered: Mar 2005
Location: Kentucky
Distribution: Slackware64-current
Posts: 1,387

Rep: Reputation: 181Reputation: 181
Pat Signal - That's a good one!
 
Old 04-28-2013, 05:02 PM   #12
ReaperX7
Senior Member
 
Registered: Jul 2011
Location: California
Distribution: LFS-7.6, Slackware 14.1, FreeBSD 10.1
Posts: 3,851
Blog Entries: 15

Rep: Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191
Packages get updated for the mainstream of Slackware as they are needed, but this also involves a lot of testing to ensure the package works with other stuff that may depend on it without any issues.

Patrick upgrades stuff as needed or if a security issue is raised mostly, but only if compatibility and stability isn't sacrificed too much.

That's why Slackware is such a stable OS.
 
Old 04-28-2013, 06:57 PM   #13
BrZ
Member
 
Registered: Apr 2009
Distribution: Slackware
Posts: 505

Rep: Reputation: 84
Lightbulb

Can we also have an update on curl/libcurl?
 
Old 04-28-2013, 09:07 PM   #14
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 877

Rep: Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827
I'll get both curl and expat in -current. The reason we didn't have expat yet was that the sourceforge site was never updated to show that there was a new release... sorry about that. The expat CVEs from 2009 were actually serious ones, and were already patched. The new ones from 2012, not so much. A memory leak (i.e. a bug), and a possible high CPU usage issue. Since the fix for the latter has been noted to possibly cause a regression (or at least a change of program behavior), I don't think it should be backported right away.

Anyway, coming soon in -current.
 
Old 04-29-2013, 12:11 AM   #15
saulgoode
Member
 
Registered: May 2007
Distribution: Slackware
Posts: 257

Rep: Reputation: 121Reputation: 121
I sent a request to the 'info' mailing list, but I'm not sure that is the right place, so I will post here.

It would be very nice to have a more recent version of Guile in the next release of Slackware. Guile 2.0 has been out for two years now (-current has v1.8 at present) and has seen some significant improvements (not least of which is a byte code compiler).

I have no problem installing it myself (the stock SlackBuild works fine), but I am reluctant to share scripts with others since it'd require that they first upgrade their interpreter.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Install expat-1.2 on Ubuntu 10.04 shayno90 Linux - Software 10 03-05-2012 07:27 PM
[SOLVED] DBUS -> Expat.h is missing lfs_mm Linux - General 8 11-25-2011 05:05 AM
libxml or Expat slzckboy Programming 0 12-25-2005 07:29 PM
expat!!! hhegab Linux - Software 6 07-20-2003 09:46 AM
php? expat? apache? tisource Linux - Software 3 04-20-2003 02:38 PM


All times are GMT -5. The time now is 04:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration