Sebastian Pipping
53fbdf5b89
Merge pull request #583 from libexpat/dependabot/github_actions/actions/checkout-3
...
Actions(deps): Bump actions/checkout from 2.4.0 to 3
2022-03-07 19:54:44 +01:00
Sebastian Pipping
f02c23a021
Merge pull request #584 from libexpat/dependabot/github_actions/actions/upload-artifact-3
...
Actions(deps): Bump actions/upload-artifact from 2.3.1 to 3
2022-03-07 19:54:35 +01:00
dependabot[bot]
f1205b2914
Actions(deps): Bump actions/upload-artifact from 2.3.1 to 3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v2.3.1...v3 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-07 12:05:18 +00:00
dependabot[bot]
3e200940b0
Actions(deps): Bump actions/checkout from 2.4.0 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-07 12:05:16 +00:00
Sebastian Pipping
27d5b8ba17
Merge pull request #581 from libexpat/fix-windows-installer
...
Fix windows installer (related to #555 , follow-up to #570 )
2022-03-04 22:23:07 +01:00
Sebastian Pipping
c3e9dcfc66
Changes: Document #581
2022-03-04 21:22:31 +01:00
Sebastian Pipping
c9e1ac00c6
win32: Fix version.rc destination in expat.iss
2022-03-04 21:22:31 +01:00
Sebastian Pipping
17b258471d
Merge pull request #580 from libexpat/issue-578-prepare-release
...
Prepare release 2.4.7 (part of #578 )
2022-03-04 20:41:48 +01:00
Sebastian Pipping
c08d530920
Set expected release date for 2.4.7
2022-03-04 19:16:16 +01:00
Sebastian Pipping
e07e394771
Sync file headers
2022-03-04 19:16:16 +01:00
Sebastian Pipping
99eddcd2bb
Changes: Document #555 #570 #573 #574 #575 #579
2022-03-04 19:16:16 +01:00
Sebastian Pipping
a34daa5bab
Bump version to 2.4.7
2022-03-04 18:47:59 +01:00
Sebastian Pipping
c30b80ee9c
Bump version info from 9:6:8 to 9:7:8
...
See https://verbump.de/ for what these numbers do
2022-03-04 18:46:01 +01:00
Sebastian Pipping
f178826bb1
Merge pull request #577 from libexpat/namesep
...
lib: Relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters (fixes #572 )
2022-03-04 18:43:39 +01:00
Sebastian Pipping
9579f7ea29
Changes: Document #572 and #577
2022-03-04 16:56:22 +01:00
Sebastian Pipping
c57bea96b7
lib|doc: Add a note on namespace URI validation
2022-03-04 16:56:22 +01:00
Sebastian Pipping
5dd5218297
lib: Document namespace separator effect right in header <expat.h>
2022-03-04 16:54:01 +01:00
Sebastian Pipping
e0f852db1e
tests: Cover relaxed fix to CVE-2022-25236
2022-03-04 16:54:01 +01:00
Sebastian Pipping
2ba6c76fca
lib: Relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters
2022-03-04 16:54:01 +01:00
Sebastian Pipping
c99e0e7f2b
Merge pull request #579 from Tieske/patch-1
...
doc: Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
2022-03-04 16:46:36 +01:00
Thijs Schreijer
7abe5549cb
fix typo
...
This has already been corrected in the official API reference docs
2022-03-04 11:24:31 +01:00
Thijs Schreijer
80553ff825
doc: Document that a call to XML_FreeContentModel can be done at a later time from outside the element declaration handler ( #575 )
2022-03-02 21:33:54 +01:00
Sebastian Pipping
866a8617e4
Merge pull request #574 from libexpat/hardcoded-namespace-uri-findability
...
lib: Make hardcoded namespace URIs easier to find
2022-02-27 03:49:16 +01:00
Sebastian Pipping
92527164e7
lib: Make hardcoded namespace URIs easier to find
2022-02-27 02:42:54 +01:00
Jeffrey Walton
8c4b3aa16f
Update documentation on use of XML_POOR_ENTOPY on Solaris ( #573 )
2022-02-26 22:00:16 +01:00
Sebastian Pipping
6aa6a82d24
Merge pull request #570 from petitlapin/dll_info
...
CMake/Windows: store Expat version in the dll
2022-02-24 23:09:09 +01:00
Johnny Jazeix
f294837733
CMake/Windows: store Expat version in the dll
...
Fixes #555
Tested with msvc2019 and mingw8.1
2022-02-24 22:26:40 +01:00
Sebastian Pipping
ce08faf294
Merge pull request #571 from libexpat/issue-569-resolve-use-of-macros-nan-and-infinity
...
tests: Resolve use of macros NAN and INFINITY for GNU G++ 4.8.2 (fixes #569 )
2022-02-24 00:34:52 +01:00
Sebastian Pipping
f6f5d9bb4c
tests: Resolve use of macros NAN and INFINITY for GNU G++ 4.8.2
2022-02-23 22:58:36 +01:00
Sebastian Pipping
65a21f2b2a
Merge pull request #568 from libexpat/issue-567-prepare-release
...
Prepare release 2.4.6 (part of #567 )
2022-02-20 18:01:38 +01:00
Sebastian Pipping
400e6955ff
Set expected release date for 2.4.6
2022-02-20 16:09:26 +01:00
Sebastian Pipping
28f74546b4
Bump version to 2.4.6
2022-02-20 16:09:26 +01:00
Sebastian Pipping
45732df416
Bump version info from 9:5:8 to 9:6:8
...
See https://verbump.de/ for what these numbers do
2022-02-20 16:09:26 +01:00
Sebastian Pipping
49abcfba57
Changes: Finalize entry on #566
2022-02-20 16:09:22 +01:00
Sebastian Pipping
9288cd5474
Merge pull request #566 from ferivoz/model-regression
...
Fix build_model regression
2022-02-20 15:57:54 +01:00
Sebastian Pipping
2722201a5b
Changes: Document regression from CVE-2022-25313 fix
2022-02-20 11:55:54 +00:00
Sebastian Pipping
154e565f6e
tests: Protect against nested element declaration model regressions
2022-02-20 11:55:49 +00:00
Samanta Navarro
b12f34fe32
Fix build_model regression.
...
The iterative approach in build_model failed to fill children arrays
correctly. A preorder traversal is not required and turned out to be the
culprit. Use an easier algorithm:
Add nodes from scaffold tree starting at index 0 (root) to the target
array whenever children are encountered. This ensures that children
are adjacent to each other. This complies with the recursive version.
Store only the scaffold index in numchildren field to prevent a direct
processing of these children, which would require a recursive solution.
This allows the algorithm to iterate through the target array from start
to end without jumping back and forth, converting on the fly.
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
2022-02-20 11:55:46 +00:00
Sebastian Pipping
97a4840578
Merge pull request #564 from libexpat/issue-557-prepare-release
...
Prepare release 2.4.5 (part of #557 )
2022-02-18 23:39:29 +01:00
Sebastian Pipping
bacd815ed0
Set expected release date for 2.4.5
2022-02-18 20:17:17 +01:00
Sebastian Pipping
fdbd69b12c
Sync file headers
2022-02-18 20:17:16 +01:00
Sebastian Pipping
fa379d65dd
Bump version to 2.4.5
2022-02-18 20:17:16 +01:00
Sebastian Pipping
748c618f72
Bump version info from 9:4:8 to 9:5:8
...
See https://verbump.de/ for what these numbers do
2022-02-18 20:14:29 +01:00
Sebastian Pipping
e2d43320ce
Changes: Document #558 #559 #560
2022-02-18 20:14:29 +01:00
Sebastian Pipping
306b72134f
Merge pull request #562 from libexpat/utf8-security
...
[CVE-2022-25235] lib: Protect against malformed encoding (e.g. malformed UTF-8)
2022-02-18 20:12:32 +01:00
Sebastian Pipping
c16300f0bc
Changes: Document CVE-2022-25235
2022-02-18 18:04:27 +01:00
Sebastian Pipping
6a5510bc6b
tests: Cover missing validation of encoding (CVE-2022-25235)
2022-02-18 18:02:19 +01:00
Sebastian Pipping
c85a3025e7
lib: Add comments to BT_LEAD* cases where encoding has already been validated
2022-02-18 18:02:19 +01:00
Sebastian Pipping
3f0a0cb644
lib: Add missing validation of encoding (CVE-2022-25235)
2022-02-18 18:02:19 +01:00
Sebastian Pipping
ee2a5b50e7
lib: Drop unused macro UTF8_GET_NAMING
2022-02-18 18:02:19 +01:00