cheng/libexpat
1
0
Fork 0
Code Issues Pull Requests Actions 8 Packages Projects Releases Wiki Activity
3,461 Commits 1 Branch 0 Tags 16 MiB
6881a4fc85
Commit Graph

3461 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sebastian Pipping
6881a4fc85 lib: Fix (harmless) use of uninitialized memory 2022-02-16 02:06:23 +01:00
Sebastian Pipping
f1a444ef64
Merge pull request #563 from libexpat/extend-mailmap 
Extend .mailmap
 2022-02-15 22:43:52 +01:00
Sebastian Pipping
317c91776a Sync file headers 2022-02-15 21:23:29 +01:00
Sebastian Pipping
68ed0d7e63 Extend .mailmap 2022-02-15 21:23:25 +01:00
Sebastian Pipping
81b89678e2
Merge pull request #554 from libexpat/issue-552-prepare-release 
Prepare release 2.4.4 (part of #552)
 2022-01-30 01:09:37 +01:00
Sebastian Pipping
3ce557eecb win32: Add missing files to the installer 2022-01-29 23:33:09 +01:00
Sebastian Pipping
c322e14f9f doc: Drop unused file valid-xhtml10.png 
Unused since commit 30c4aa85f5 of 2.4.0
 2022-01-29 23:28:05 +01:00
Sebastian Pipping
26b677744c .gitignore: Add missing 2022-01-29 23:28:05 +01:00
Sebastian Pipping
da3dcd4ecf xmlwf.xml: Adapt note to current practice 2022-01-29 23:28:05 +01:00
Sebastian Pipping
0afb2df6a9 Set expected release date for 2.4.4 2022-01-29 23:28:05 +01:00
Sebastian Pipping
039af6611d Sync file headers 2022-01-29 23:28:05 +01:00
Sebastian Pipping
a445be8e0d Bump version to 2.4.4 2022-01-29 23:20:49 +01:00
Sebastian Pipping
2a0add0a7a Bump version info from 9:3:8 to 9:4:8 
See https://verbump.de/ for what these numbers do
 2022-01-29 23:20:18 +01:00
Sebastian Pipping
6c7c96d98c Changes: Document #546 2022-01-29 23:20:18 +01:00
czentgr
d97a123d0b
Stop casting void* results from calls to .malloc_fcn (#553) 2022-01-29 01:21:41 +01:00
Sebastian Pipping
5c168279c5
Merge pull request #551 from libexpat/prevent-doprolog-overflow 
[CVE-2022-23990] lib: Prevent integer overflow in function doProlog
 2022-01-26 23:16:10 +01:00
Sebastian Pipping
6e3449594f Changes: Document CVE-2022-23990 2022-01-26 19:33:23 +01:00
Sebastian Pipping
ede41d1e18 lib: Prevent integer overflow in doProlog (CVE-2022-23990) 
The change from "int nameLen" to "size_t nameLen"
addresses the overflow on "nameLen++" in code
"for (; name[nameLen++];)" right above the second
change in the patch.
 2022-01-26 19:33:12 +01:00
Sebastian Pipping
5f100ffa78
Merge pull request #545 from libexpat/issue-544-fix-xmlwf-memleak-on-file-opening-error 
[>=2.3.0] xmlwf: Fix a memory leak on output file opening error (fixes #544)
 2022-01-24 18:45:26 +01:00
Sebastian Pipping
85a6f8fcdb xmlwf: Fix a memory leak on output file opening error 2022-01-24 15:41:32 +01:00
Sebastian Pipping
178d26f50a
Merge pull request #550 from libexpat/prevent-getbuffer-overflow 
[CVE-2022-23852] Prevent XML_GetBuffer signed integer overflow
 2022-01-24 15:39:04 +01:00
Sebastian Pipping
99cec436fb Changes: Document CVE-2022-23852 2022-01-24 02:37:47 +01:00
Sebastian Pipping
acf956f14b tests: Cover integer overflow in XML_GetBuffer (CVE-2022-23852) 2022-01-24 02:37:47 +01:00
Samanta Navarro
847a645152 lib: Detect and prevent integer overflow in XML_GetBuffer (CVE-2022-23852) 2022-01-24 02:35:02 +01:00
Sebastian Pipping
8fb2211e99
Merge pull request #548 from ferivoz/typos 
Fix typos
 2022-01-22 15:59:07 +01:00
Samanta Navarro
5a8f5f1d40 Fix typos 
Typos found with codespell.
 2022-01-22 12:06:45 +00:00
Carlo Bramini
1e1b52be2d
[>=2.3.0] Autotools: Fix broken CMake support under Cygwin (#546) 
Autotools: Fix broken CMake support under Cygwin
 2022-01-20 21:03:36 +01:00
Sebastian Pipping
57c7da69b7 Merge branch 'issue-533-prepare-release' (#533) 2022-01-16 14:13:19 +01:00
Sebastian Pipping
fc4652b2b3 Set expected release date for 2.4.3 2022-01-13 23:47:57 +01:00
Sebastian Pipping
87638f86fd Changes: Streamline item order for 2.4.3 2022-01-13 23:47:57 +01:00
Sebastian Pipping
09044348e1 Changes: Document #528 and #529 2022-01-13 23:47:43 +01:00
Sebastian Pipping
6496a03d40 Sync years in file headers 2022-01-13 23:45:22 +01:00
Sebastian Pipping
d102671bfe Bump version to 2.4.3 2022-01-13 20:08:47 +01:00
Sebastian Pipping
2a6019d0fb Bump version info from 9:2:8 to 9:3:8 
See https://verbump.de/ for what these numbers do
 2022-01-13 20:02:42 +01:00
Sebastian Pipping
919a2bec5e
Merge pull request #539 from libexpat/prevent-more-integer-overflows 
[CVE-2022-22822 to CVE-2022-22827] lib: Prevent more integer overflows
 2022-01-13 19:56:36 +01:00
Sebastian Pipping
8e9f6ea08c Changes: Document CVE-2022-22822 to CVE-2022-22827 2022-01-12 17:01:55 +01:00
Sebastian Pipping
9f93e8036e lib: Prevent integer overflow at multiple places (CVE-2022-22822 to CVE-2022-22827) 
The involved functions are:
- addBinding (CVE-2022-22822)
- build_model (CVE-2022-22823)
- defineAttribute (CVE-2022-22824)
- lookup (CVE-2022-22825)
- nextScaffoldPart (CVE-2022-22826)
- storeAtts (CVE-2022-22827)
 2022-01-12 17:01:55 +01:00
Sebastian Pipping
653bcf9c25 linux.yml: Add some -m32 coverage to -DEXPAT_ATTR_INFO=ON 2022-01-10 18:01:38 +01:00
Sebastian Pipping
82c11af9d3
Merge pull request #538 from libexpat/issue-532-integer-overflow 
[CVE-2021-46143] lib: Prevent integer overflow on m_groupSize in function doProlog (fixes #532)
 2022-01-10 18:01:11 +01:00
Sebastian Pipping
f488b072b7 Changes: Document integer overflow CVE-2021-46143 2022-01-10 16:51:50 +01:00
Sebastian Pipping
85ae9a2d7d lib: Prevent integer overflow on m_groupSize in function doProlog (CVE-2021-46143) 2022-01-10 16:51:14 +01:00
Sebastian Pipping
b6b432bad5
Merge pull request #541 from libexpat/fix-run-sh-in-for-native-windows 
run.sh.in: Do not use Wine with Cygwin and MSYS2
 2022-01-10 16:26:31 +01:00
Sebastian Pipping
572ef7a2ac run.sh.in: Do not use Wine with Cygwin and MSYS2 2022-01-09 23:04:13 +01:00
Sebastian Pipping
9dc50735f7
Merge pull request #534 from libexpat/issue-531-troublesome-shifts 
[CVE-2021-45960] lib: Detect and prevent troublesome left shifts in function storeAtts (fixes #531)
 2022-01-07 23:17:01 +01:00
Sebastian Pipping
f82a72271c Changes: Document CVE-2021-45960 2022-01-05 18:23:42 +01:00
Sebastian Pipping
0adcb34c49 lib: Detect and prevent troublesome left shifts in function storeAtts (CVE-2021-45960) 2022-01-05 18:23:42 +01:00
Sebastian Pipping
5cde0d78fc
Merge pull request #536 from libexpat/actions-cover-cmake-required-version 
Actions: Check for realistic minimum CMake version requirement
 2022-01-01 16:49:58 +01:00
Sebastian Pipping
9470015a1f Actions: Check for realistic minimum CMake version requirement 2022-01-01 15:58:47 +01:00
Sebastian Pipping
4a0af42c35
Merge pull request #535 from libexpat/cmake-fix-call-to-file-generate 
CMake: Make call to file(GENERATE [..]) work for CMake <3.19
 2021-12-31 22:35:46 +01:00
Sebastian Pipping
2ed8e19ada CMake: Make call to file(GENERATE [..]) work for CMake <3.19 
Error from CMake 3.7.2 was:

CMake Error at CMakeLists.txt:482 (file):
  file Incorrect arguments to GENERATE subcommand.
 2021-12-31 20:49:00 +01:00