Commit Graph

1391 Commits

Author SHA1 Message Date
Sebastian Pipping
fbc46fa2be Move release date to 2016-06-21 2016-06-21 14:58:38 +02:00
Karl Waclawek
0672d84397 Fixed versioning comment. 2016-06-20 16:43:12 -04:00
Sebastian Pipping
eb0fd8b2b1 CMakeLists.txt: Exclude soversion config on Windows 2016-06-20 18:47:11 +02:00
Sebastian Pipping
87b38b775d Handle XML_ParserCreate* NULL return
Pointed out by Pascal Cuoq
2016-06-18 23:09:20 +02:00
Sebastian Pipping
1d4bc08a37 Fix infinite loop
Regression from 3014589057

https://marcograss.github.io/security/android/chromium/2016/06/17/expat-xml-heap-overflow.html
2016-06-18 16:33:43 +02:00
Sebastian Pipping
5a5b157ba3 doc/xmlwf.1: Migrate from SGML to XML 2016-06-18 01:44:54 +02:00
Sebastian Pipping
80cd16cb06 Extend .gitignore 2016-06-18 00:28:55 +02:00
Sebastian Pipping
a0eaef2d67 Set version 2.2.0/2016-06-18 where missing 2016-06-18 00:16:21 +02:00
Sebastian Pipping
df324510ba htdocs/index.html: Fix some HTML issues 2016-06-18 00:10:51 +02:00
Sebastian Pipping
3e9b6807c4 htdocs/index.html: Sync HTML change log 2016-06-18 00:09:57 +02:00
Sebastian Pipping
9751416948 Changes: Adjust case 2016-06-17 23:44:15 +02:00
Karl Waclawek
76f5dc2a70 Upgraded setup files for Win32. 2016-06-17 15:04:39 -04:00
Karl Waclawek
309ad17f97 Added Visual Studio 2013 solution/project files. Will also work in Visual Studio 2015 if VS 2013 is installed. Otherwise, open a "Visual Studio 2015 Developer Command Prompt" and execute "devenv.exe /upgrade expat.sln" in the expat directory to upgrade the main solution and project files (Tests have their own solutions). 2016-06-17 14:34:46 -04:00
Sebastian Pipping
d627982040 Address VS2010 compile warning
xmlparse.c(1893): warning C4244: 'return' : conversion from '__int64' to 'XML_Index', possible loss of data

Reported by tbeu <tc@tbeu.de>
2016-06-16 17:20:43 +02:00
Sebastian Pipping
92da19f153 Resolve COMPILING_FOR_WINDOWS (ex COMPILED_FROM_DSP) in favor of WIN32 2016-06-13 17:05:16 +02:00
tbeu
d4123b8f60 Fix MSVC compiler warning 2016-06-07 21:47:15 +02:00
Sebastian Pipping
5b24ad2e51 qa.sh: "set -e" inside "|| exit 1"-ed subshell did not have any effect
http://unix.stackexchange.com/questions/65532/why-does-set-e-not-work-inside/65564#65564
2016-06-06 22:47:52 +02:00
tbeu
da4d6f9b53 Update copyright year 2016-06-06 22:28:57 +02:00
tbeu
e1b1cf953f Fix typos 2016-06-06 21:40:47 +02:00
Sebastian Pipping
2b9cb7f5b5 Bump soversion, skipped one for 2.1.1 2016-06-05 15:43:36 +02:00
Sebastian Pipping
b364f44701 CMake: Create .so.1 symlink, too 2016-06-05 15:41:12 +02:00
Sebastian Pipping
5cfcdc3f40 Have CMake call "$(MAKE) -C doc xmlwf.1"
.. so that the man page is built if missing (e.g. for a Git clone)
2016-06-05 15:17:07 +02:00
Sebastian Pipping
e33d37cb47 doc/Makefile: Do not leave nullbyte XMLWF.1 on error 2016-06-05 15:14:14 +02:00
Sebastian Pipping
3f7f01ec09 Extend change log 2016-06-04 22:17:11 +02:00
Sebastian Pipping
17be9de91d Ensure that unistd.h is included on Linux
(or anywhere except non-Cygwin Windows, to be precise)

Bug reported by László Böszörményi
2016-06-04 22:17:11 +02:00
Sebastian Pipping
f00e1d752a Handle lack of __func__ with ISO C90
Bug reported by László Böszörményi
2016-06-04 22:17:03 +02:00
Sebastian Pipping
43718a3e32 Improve autotools-related entries in upcoming release changes 2016-06-04 17:37:39 +02:00
Sebastian Pipping
07cc2fcacf Mention recently assigned CVEs CVE-2012-6702 and CVE-2016-5300 in plaintext change log 2016-06-04 17:21:04 +02:00
Sebastian Pipping
56e62f1634 Sync plaintext changelog; HTML left to do 2016-06-03 23:36:01 +02:00
Sebastian Pipping
f32e06fe6b qa.sh: Merge callgraphs into one 2016-05-30 20:59:05 +02:00
Sebastian Pipping
a01b100305 qa.sh: Add egypt support (callgraphs) 2016-05-30 20:30:30 +02:00
Sebastian Pipping
0b51c25a09 Sync .gitignore 2016-05-28 19:55:40 +02:00
Sebastian Pipping
4363739fd5 CMake: Add soversion, support -DNO_SONAME=yes to bypass (issue #536) 2016-05-28 19:55:40 +02:00
Sebastian Pipping
293dc5f730 Merge branch 'minbpc' 2016-05-25 19:15:29 +02:00
Sebastian Pipping
7101c85433 Extract macros from end-of-input checking 2016-05-25 19:04:36 +02:00
Sebastian Pipping
687edcb52b Take into account that CHAR_MATCHES may read >1 bytes 2016-05-25 19:04:36 +02:00
Sebastian Pipping
3014589057 Take into account that BYTE_TYPE may read >1 bytes 2016-05-25 19:04:36 +02:00
Sebastian Pipping
93acfa0bb3 qa.sh: Add ncc/nccnav support 2016-05-25 19:04:36 +02:00
Sebastian Pipping
5a912171fd qa.sh: Polish and make more flexible 2016-05-25 19:04:03 +02:00
Sebastian Pipping
a12e78cb1b Fix uninitialized read of size 1 in little2_updatePosition
Reported by Pascal Cuoq

Valgrind's view:
==4416== Conditional jump or move depends on uninitialised value(s)
==4416==    at 0x41F187: little2_updatePosition (xmltok_impl.c:1748)
==4416==    by 0x405F85: XML_GetCurrentColumnNumber (xmlparse.c:1931)
==4416==    by 0x402F7B: reportError (xmlfile.c:67)
==4416==    by 0x403041: processFile (xmlfile.c:84)
==4416==    by 0x403752: filemap (unixfilemap.c:61)
==4416==    by 0x403523: XML_ProcessFile (xmlfile.c:239)
==4416==    by 0x402EBC: main (xmlwf.c:847)
2016-05-25 18:47:35 +02:00
Sebastian Pipping
4813526e87 Merge branch 'improve-partial-utf8-handling' 2016-05-20 22:46:51 +02:00
Sebastian Pipping
550eb6bbaa Fix UTF-8 auto alignment 2016-05-20 22:30:45 +02:00
Sebastian Pipping
be917d9f84 Cover UTF-8 limit correction; some tests fail
Failing tests are:
[-] UTF-8 case  3: Expected movement by -1 chars, actually moved by  0 chars: "\xdf"
[-] UTF-8 case  4: Expected movement by  0 chars, actually moved by -1 chars: "\xdf\xbf"
[-] UTF-8 case  5: Expected movement by -1 chars, actually moved by  0 chars: "\xef"
[-] UTF-8 case  6: Expected movement by -2 chars, actually moved by -1 chars: "\xef\xbf"
[-] UTF-8 case  7: Expected movement by  0 chars, actually moved by -2 chars: "\xef\xbf\xbf"
[-] UTF-8 case  8: Expected movement by -1 chars, actually moved by  0 chars: "\xf7"
[-] UTF-8 case  9: Expected movement by -2 chars, actually moved by -1 chars: "\xf7\xbf"
[-] UTF-8 case 10: Expected movement by -3 chars, actually moved by -2 chars: "\xf7\xbf\xbf"
[-] UTF-8 case 11: Expected movement by  0 chars, actually moved by -3 chars: "\xf7\xbf\xbf\xbf"
2016-05-20 22:29:47 +02:00
Sebastian Pipping
525be92f78 Extract function align_limit_to_full_utf8_characters 2016-05-20 22:11:56 +02:00
Sebastian Pipping
be4b1c06da Merge branch 'cve-2016-0718-fix-2-2-1'
Conflicts:
  expat/lib/xmltok.c
2016-05-17 21:08:21 +02:00
Pascal Cuoq
a1bc009dd4 Do not compare an out-of-bounds pointer. See https://lwn.net/Articles/278137/ 2016-05-16 16:11:01 +02:00
Pascal Cuoq
5c9cc0eed8 Avoid undefined behavior when computing larger blockSize. The compiler might reason that (end - start)*2 is negative only if (end - start) is negative, see https://godbolt.org/g/wVEoTM 2016-05-16 16:10:57 +02:00
Pascal Cuoq
f0bec73b01 Avoid relying on undefined behavior in CVE-2015-1283 fix. It does not really work: https://godbolt.org/g/Zl8gdF 2016-05-16 15:35:08 +02:00
Sebastian Pipping
a238d7ea7a Makefile.in: Extend target "qa" 2016-05-15 14:11:11 +02:00
Sebastian Pipping
2106ee4050 Fix left shift signed overflow
lib/xmltok.c:1407:11: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
lib/xmltok.c:1409:16: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
2016-05-15 14:04:09 +02:00