cheng/libexpat
1
0
Fork 0
Code Issues Pull Requests Actions 8 Packages Projects Releases Wiki Activity
3,488 Commits 1 Branch 0 Tags 16 MiB
49abcfba57
Commit Graph

405 Commits

Author SHA1 Message Date
Sebastian Pipping
49abcfba57 Changes: Finalize entry on #566 2022-02-20 16:09:22 +01:00
Sebastian Pipping
2722201a5b Changes: Document regression from CVE-2022-25313 fix 2022-02-20 11:55:54 +00:00
Sebastian Pipping
bacd815ed0 Set expected release date for 2.4.5 2022-02-18 20:17:17 +01:00
Sebastian Pipping
748c618f72 Bump version info from 9:4:8 to 9:5:8 
See https://verbump.de/ for what these numbers do
 2022-02-18 20:14:29 +01:00
Sebastian Pipping
e2d43320ce Changes: Document #558 #559 #560 2022-02-18 20:14:29 +01:00
Sebastian Pipping
c16300f0bc Changes: Document CVE-2022-25235 2022-02-18 18:04:27 +01:00
Sebastian Pipping
e4d7e49782 Changes: Document CVE-2022-25236 2022-02-16 02:07:31 +01:00
Sebastian Pipping
3ce557eecb win32: Add missing files to the installer 2022-01-29 23:33:09 +01:00
Sebastian Pipping
0afb2df6a9 Set expected release date for 2.4.4 2022-01-29 23:28:05 +01:00
Sebastian Pipping
2a0add0a7a Bump version info from 9:3:8 to 9:4:8 
See https://verbump.de/ for what these numbers do
 2022-01-29 23:20:18 +01:00
Sebastian Pipping
6c7c96d98c Changes: Document #546 2022-01-29 23:20:18 +01:00
Sebastian Pipping
6e3449594f Changes: Document CVE-2022-23990 2022-01-26 19:33:23 +01:00
Sebastian Pipping
85a6f8fcdb xmlwf: Fix a memory leak on output file opening error 2022-01-24 15:41:32 +01:00
Sebastian Pipping
99cec436fb Changes: Document CVE-2022-23852 2022-01-24 02:37:47 +01:00
Sebastian Pipping
fc4652b2b3 Set expected release date for 2.4.3 2022-01-13 23:47:57 +01:00
Sebastian Pipping
87638f86fd Changes: Streamline item order for 2.4.3 2022-01-13 23:47:57 +01:00
Sebastian Pipping
09044348e1 Changes: Document #528 and #529 2022-01-13 23:47:43 +01:00
Sebastian Pipping
2a6019d0fb Bump version info from 9:2:8 to 9:3:8 
See https://verbump.de/ for what these numbers do
 2022-01-13 20:02:42 +01:00
Sebastian Pipping
8e9f6ea08c Changes: Document CVE-2022-22822 to CVE-2022-22827 2022-01-12 17:01:55 +01:00
Sebastian Pipping
f488b072b7 Changes: Document integer overflow CVE-2021-46143 2022-01-10 16:51:50 +01:00
Sebastian Pipping
572ef7a2ac run.sh.in: Do not use Wine with Cygwin and MSYS2 2022-01-09 23:04:13 +01:00
Sebastian Pipping
f82a72271c Changes: Document CVE-2021-45960 2022-01-05 18:23:42 +01:00
Sebastian Pipping
9470015a1f Actions: Check for realistic minimum CMake version requirement 2022-01-01 15:58:47 +01:00
Sebastian Pipping
2ed8e19ada CMake: Make call to file(GENERATE [..]) work for CMake <3.19 
Error from CMake 3.7.2 was:

CMake Error at CMakeLists.txt:482 (file):
  file Incorrect arguments to GENERATE subcommand.
 2021-12-31 20:49:00 +01:00
Sebastian Pipping
c2b5d52404 xmlwf: Address Clang 13 warning -Wunused-but-set-variable 2021-12-26 19:51:44 +01:00
Sebastian Pipping
5bab452b49 lib: Address GCC 11.2.1 compiler warning 
Symptom was:

In file included from xmltok.c:58:
xmltok_ns.c: In function ‘findEncodingNS’:
xmltok.h:276:10: warning: ‘buf’ may be used uninitialized [-Wmaybe-uninitialized]
  276 |   (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
      |   ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’
   99 |   XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);
      |   ^~~~~~~~~~~~~~
xmltok.h:276:10: note: by argument 5 of type ‘const char *’ to ‘enum XML_Convert_Result(const ENCODING *, const char **, const char *, char **, const char *)’ {aka ‘enum XML_Convert_Result(const struct encoding *, const char **, const char *, char **, const char *)’}
  276 |   (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
      |   ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’
   99 |   XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);
      |   ^~~~~~~~~~~~~~
In file included from xmltok.c:1666:
xmltok_ns.c:96:8: note: ‘buf’ declared here
   96 |   char buf[ENCODING_MAX];
      |        ^~~
 2021-12-25 18:15:25 +01:00
Sebastian Pipping
4d9059d3cf Set expected release date for 2.4.2 2021-12-19 19:29:54 +01:00
Sebastian Pipping
716735e56b Bump version info from 9:1:8 to 9:2:8 
See https://verbump.de/ for what these numbers do
 2021-12-17 18:01:32 +01:00
Sebastian Pipping
96ff8de1d6 Changes: Document #502 #503 #507 #519 + fix reference to #498 2021-12-17 17:50:32 +01:00
Sebastian Pipping
8589e9598a CMake: Ensure libexpat*.lib filenames with MSVC 
This fixes a post-2.4.1 regression from
commit 3486fd6e3d
introduced by pull request #495.
 2021-12-15 16:40:15 +01:00
Sebastian Pipping
8c2b1853cd doc: Fix return value docs on XML_SetBillionLaughs[..] functions (#522) 2021-12-14 01:33:49 +01:00
Sebastian Pipping
105a5c6ee7 Changes: Document #513 and #514 2021-10-17 16:32:08 +02:00
Sebastian Pipping
0b7a88b355 Autotools|CMake: Link against libm for function "isnan" 
$ git --no-pager grep -lw isnan
lib/xmlparse.c
tests/runtests.c
xmlwf/xmlwf.c
 2021-09-20 18:27:52 +02:00
Sebastian Pipping
1d4bb74c34 CMake: Fix pkg-config section "Libs" for multi-config CMake generators 2021-07-06 16:22:38 +02:00
Sebastian Pipping
3486fd6e3d CMake: Fix pkg-config section "Libs" for non-release MinGW builds 2021-07-06 16:22:38 +02:00
Sebastian Pipping
00839393f3 Makefile.am: Include buildconf.sh and fuzz/*.c with release archives 2021-06-05 21:17:25 +02:00
Sebastian Pipping
92c3cad80f Set expected release date for 2.4.1 2021-05-23 17:04:56 +02:00
Sebastian Pipping
13445938e7 Bump version info from 9:0:8 to 9:1:8 
See https://verbump.de/ for what these numbers do.
 2021-05-23 16:57:40 +02:00
Sebastian Pipping
779d147681 Keep macro SIZEOF_VOID_P out of expat_config.h(.in) for multilib support 2021-05-23 15:43:56 +02:00
Sebastian Pipping
ecdff1c906 Set expected release date for 2.4.0 2021-05-22 19:42:02 +02:00
Sebastian Pipping
e083f03235 Bump version info from 8:0:7 to 9:0:8 
See https://verbump.de/ for what these numbers do
 2021-05-22 19:07:49 +02:00
Sebastian Pipping
b913a529ae Bump version to 2.4.0 2021-05-22 19:07:49 +02:00
Sebastian Pipping
bc6495dfc0 Changes: Extend section on upcoming release 2.4.0 2021-05-22 19:07:49 +02:00
Sebastian Pipping
731bdee053 Changes: Document new XML_FEATURE_ constants 2021-05-22 19:07:49 +02:00
Sebastian Pipping
c57141d597 Changes: Combine notes on billion laughs attack protection 2021-05-22 19:07:49 +02:00
Sebastian Pipping
192af39be0 Changes: Document Autotools CMake file fixes 2021-05-21 13:15:34 +02:00
Sebastian Pipping
60959f2b49 lib: Fix accounting of CDATA sections inside of general entities 2021-05-14 20:46:09 +02:00
Sebastian Pipping
7e08029271 Changes: Document support for CMake variable BUILD_SHARED_LIBS 2021-05-12 15:05:25 +02:00
Sebastian Pipping
3f2f878662 Changes: Document protection against billion laughs attacks 2021-05-07 18:25:08 +02:00
Sebastian Pipping
ed36812db2 lib: Fix macro IS_INVALID_CHAR (for UTF-16 with macro XML_MIN_SIZE defined) 
What happens is that with macro XML_MIN_SIZE defined,
for UTF-16 macro IS_INVALID_CHAR was being set to ..

> #define IS_INVALID_CHAR(enc, p, n)  (AS_NORMAL_ENCODING(enc)->isInvalid##n(enc, p))

.. which calls NULL pointers in .isInvalid{2,3,4} at runtime.

For UTF-16 we actually need what xmltok_impl.c does for macro
IS_INVALID_CHAR when it has not yet been defined:

> #  ifndef IS_INVALID_CHAR
> #    define IS_INVALID_CHAR(enc, ptr, n) (0)
> #  endif

So the fix is a combination of these two:
- Use .isInvalid{2,3,4} where needed and available and
- return 0/false for UTF-16 where .isInvalid{2,3,4} are NULL.
 2021-04-26 14:18:00 +02:00