cheng/libexpat
1
0
Fork 0
Code Issues Pull Requests Actions 8 Packages Projects Releases Wiki Activity
3,527 Commits 1 Branch 0 Tags 16 MiB
ef31c8681e
Commit Graph

3527 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sebastian Pipping
919a2bec5e
Merge pull request #539 from libexpat/prevent-more-integer-overflows 
[CVE-2022-22822 to CVE-2022-22827] lib: Prevent more integer overflows
 2022-01-13 19:56:36 +01:00
Sebastian Pipping
8e9f6ea08c Changes: Document CVE-2022-22822 to CVE-2022-22827 2022-01-12 17:01:55 +01:00
Sebastian Pipping
9f93e8036e lib: Prevent integer overflow at multiple places (CVE-2022-22822 to CVE-2022-22827) 
The involved functions are:
- addBinding (CVE-2022-22822)
- build_model (CVE-2022-22823)
- defineAttribute (CVE-2022-22824)
- lookup (CVE-2022-22825)
- nextScaffoldPart (CVE-2022-22826)
- storeAtts (CVE-2022-22827)
 2022-01-12 17:01:55 +01:00
Sebastian Pipping
653bcf9c25 linux.yml: Add some -m32 coverage to -DEXPAT_ATTR_INFO=ON 2022-01-10 18:01:38 +01:00
Sebastian Pipping
82c11af9d3
Merge pull request #538 from libexpat/issue-532-integer-overflow 
[CVE-2021-46143] lib: Prevent integer overflow on m_groupSize in function doProlog (fixes #532)
 2022-01-10 18:01:11 +01:00
Sebastian Pipping
f488b072b7 Changes: Document integer overflow CVE-2021-46143 2022-01-10 16:51:50 +01:00
Sebastian Pipping
85ae9a2d7d lib: Prevent integer overflow on m_groupSize in function doProlog (CVE-2021-46143) 2022-01-10 16:51:14 +01:00
Sebastian Pipping
b6b432bad5
Merge pull request #541 from libexpat/fix-run-sh-in-for-native-windows 
run.sh.in: Do not use Wine with Cygwin and MSYS2
 2022-01-10 16:26:31 +01:00
Sebastian Pipping
572ef7a2ac run.sh.in: Do not use Wine with Cygwin and MSYS2 2022-01-09 23:04:13 +01:00
Sebastian Pipping
9dc50735f7
Merge pull request #534 from libexpat/issue-531-troublesome-shifts 
[CVE-2021-45960] lib: Detect and prevent troublesome left shifts in function storeAtts (fixes #531)
 2022-01-07 23:17:01 +01:00
Sebastian Pipping
f82a72271c Changes: Document CVE-2021-45960 2022-01-05 18:23:42 +01:00
Sebastian Pipping
0adcb34c49 lib: Detect and prevent troublesome left shifts in function storeAtts (CVE-2021-45960) 2022-01-05 18:23:42 +01:00
Sebastian Pipping
5cde0d78fc
Merge pull request #536 from libexpat/actions-cover-cmake-required-version 
Actions: Check for realistic minimum CMake version requirement
 2022-01-01 16:49:58 +01:00
Sebastian Pipping
9470015a1f Actions: Check for realistic minimum CMake version requirement 2022-01-01 15:58:47 +01:00
Sebastian Pipping
4a0af42c35
Merge pull request #535 from libexpat/cmake-fix-call-to-file-generate 
CMake: Make call to file(GENERATE [..]) work for CMake <3.19
 2021-12-31 22:35:46 +01:00
Sebastian Pipping
2ed8e19ada CMake: Make call to file(GENERATE [..]) work for CMake <3.19 
Error from CMake 3.7.2 was:

CMake Error at CMakeLists.txt:482 (file):
  file Incorrect arguments to GENERATE subcommand.
 2021-12-31 20:49:00 +01:00
Sebastian Pipping
60bbbe560c
Merge pull request #529 from libexpat/actions-cover-m32 
GitHub Actions: Cover -m32 + store coverage results as an artifact
 2021-12-28 16:11:41 +01:00
Sebastian Pipping
5aaa96e1a2 coverage.yml: Store coverage .info and HTML report 2021-12-28 04:18:10 +01:00
Sebastian Pipping
28e427e689 linux.yml: Add some coverage to -m32 32bit mode 2021-12-28 04:06:05 +01:00
Sebastian Pipping
f4adc65cc8 coverage.sh: Simplify directory naming scheme 2021-12-28 01:25:16 +01:00
Sebastian Pipping
23e820aa25 coverage.sh: Start coveraging -m32 2021-12-28 01:25:16 +01:00
Sebastian Pipping
befef7e52a CMake: Add unofficial flag for passing 32bit compile flag -m32 2021-12-27 22:14:18 +01:00
Sebastian Pipping
58d1f13d31
Merge pull request #528 from libexpat/actions-upgrade-clang 
Upgrade Clang from 11 to 13 (and fix a related warning)
 2021-12-26 23:52:48 +01:00
Sebastian Pipping
98bb7f287e Actions: Upgrade Clang from 11 to 13 2021-12-26 19:51:44 +01:00
Sebastian Pipping
c2b5d52404 xmlwf: Address Clang 13 warning -Wunused-but-set-variable 2021-12-26 19:51:44 +01:00
Sebastian Pipping
9542ad2471
Merge pull request #527 from libexpat/address-compiler-warnings 
lib: Address GCC 11.2.1 compiler warning
 2021-12-25 21:11:03 +01:00
Sebastian Pipping
5bab452b49 lib: Address GCC 11.2.1 compiler warning 
Symptom was:

In file included from xmltok.c:58:
xmltok_ns.c: In function ‘findEncodingNS’:
xmltok.h:276:10: warning: ‘buf’ may be used uninitialized [-Wmaybe-uninitialized]
  276 |   (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
      |   ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’
   99 |   XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);
      |   ^~~~~~~~~~~~~~
xmltok.h:276:10: note: by argument 5 of type ‘const char *’ to ‘enum XML_Convert_Result(const ENCODING *, const char **, const char *, char **, const char *)’ {aka ‘enum XML_Convert_Result(const struct encoding *, const char **, const char *, char **, const char *)’}
  276 |   (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
      |   ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’
   99 |   XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);
      |   ^~~~~~~~~~~~~~
In file included from xmltok.c:1666:
xmltok_ns.c:96:8: note: ‘buf’ declared here
   96 |   char buf[ENCODING_MAX];
      |        ^~~
 2021-12-25 18:15:25 +01:00
Sebastian Pipping
9c42ebdd4a .gitignore: Fully cover ./distribute.sh output 2021-12-19 23:48:00 +01:00
Sebastian Pipping
e26a263aa9
Merge pull request #526 from libexpat/issue-525-prepare-release 
Release Expat 2.4.2 (part of #525)
 2021-12-19 23:21:30 +01:00
Sebastian Pipping
4d9059d3cf Set expected release date for 2.4.2 2021-12-19 19:29:54 +01:00
Sebastian Pipping
f3f6ae617c Bump version to 2.4.2 2021-12-17 18:01:39 +01:00
Sebastian Pipping
716735e56b Bump version info from 9:1:8 to 9:2:8 
See https://verbump.de/ for what these numbers do
 2021-12-17 18:01:32 +01:00
Sebastian Pipping
96ff8de1d6 Changes: Document #502 #503 #507 #519 + fix reference to #498 2021-12-17 17:50:32 +01:00
Sebastian Pipping
2829a27505
Merge pull request #524 from libexpat/fix-msvc-lib-files-naming 
CMake: Ensure libexpat*.lib filenames with MSVC
 2021-12-15 18:38:17 +01:00
Sebastian Pipping
8589e9598a CMake: Ensure libexpat*.lib filenames with MSVC 
This fixes a post-2.4.1 regression from
commit 3486fd6e3d
introduced by pull request #495.
 2021-12-15 16:40:15 +01:00
Sebastian Pipping
bf2c3f3d89
Merge pull request #523 from libexpat/issue-522-fix-return-value-docs 
[docs] Fix return value docs on XML_SetBillionLaughs[..] functions (fixes #522)
 2021-12-14 14:56:30 +01:00
Sebastian Pipping
8c2b1853cd doc: Fix return value docs on XML_SetBillionLaughs[..] functions (#522) 2021-12-14 01:33:49 +01:00
Sebastian Pipping
59d5c6eacd
Merge pull request #519 from libexpat/sync-autotools-cmake-templates 
autotools: Sync expat.cmake to agree with CI
 2021-11-26 16:23:21 +01:00
Sebastian Pipping
5a4ec4cf7f autotools: Sync expat.cmake to agree with CI 2021-11-26 15:15:07 +01:00
Sebastian Pipping
08d29debae
Merge pull request #517 from libexpat/dependabot/github_actions/actions/checkout-2.4.0 
Actions(deps): Bump actions/checkout from 2.3.5 to 2.4.0
 2021-11-08 14:54:41 +01:00
dependabot[bot]
761db909b0
Actions(deps): Bump actions/checkout from 2.3.5 to 2.4.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.5...v2.4.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-08 12:04:47 +00:00
Sebastian Pipping
ade2c09774
Merge pull request #515 from libexpat/dependabot/github_actions/actions/checkout-2.3.5 
Actions(deps): Bump actions/checkout from 2.3.4 to 2.3.5
 2021-10-18 14:48:24 +02:00
dependabot[bot]
5be9361183
Actions(deps): Bump actions/checkout from 2.3.4 to 2.3.5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.3.5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-18 12:05:03 +00:00
Sebastian Pipping
c3300c9bf2 Get attribution headers back in sync 
Follow-up to pull requests #503 and #510
 2021-10-17 16:35:12 +02:00
Sebastian Pipping
2996968b11 Merge branch 'corona10-gh-513' (fixes #513, pull request #514) 2021-10-17 16:33:50 +02:00
Sebastian Pipping
105a5c6ee7 Changes: Document #513 and #514 2021-10-17 16:32:08 +02:00
Sebastian Pipping
c05efa1fbf Apply #514 to attribution headers 2021-10-17 16:28:01 +02:00
Dong-hee Na
59734d6e31 Reorder the location of including expat_config.h 2021-10-17 20:45:24 +09:00
Sebastian Pipping
72d7ce9538
Merge pull request #510 from libexpat/issue-509-link-against-libm 
Link against libm for function "isnan" (fixes #509)
 2021-09-20 19:19:02 +02:00
Sebastian Pipping
0b7a88b355 Autotools|CMake: Link against libm for function "isnan" 
$ git --no-pager grep -lw isnan
lib/xmlparse.c
tests/runtests.c
xmlwf/xmlwf.c
 2021-09-20 18:27:52 +02:00