Sebastian Pipping
fbc46fa2be
Move release date to 2016-06-21
2016-06-21 14:58:38 +02:00
Karl Waclawek
0672d84397
Fixed versioning comment.
2016-06-20 16:43:12 -04:00
Sebastian Pipping
eb0fd8b2b1
CMakeLists.txt: Exclude soversion config on Windows
2016-06-20 18:47:11 +02:00
Sebastian Pipping
87b38b775d
Handle XML_ParserCreate* NULL return
...
Pointed out by Pascal Cuoq
2016-06-18 23:09:20 +02:00
Sebastian Pipping
1d4bc08a37
Fix infinite loop
...
Regression from 3014589057
https://marcograss.github.io/security/android/chromium/2016/06/17/expat-xml-heap-overflow.html
2016-06-18 16:33:43 +02:00
Sebastian Pipping
5a5b157ba3
doc/xmlwf.1: Migrate from SGML to XML
2016-06-18 01:44:54 +02:00
Sebastian Pipping
80cd16cb06
Extend .gitignore
2016-06-18 00:28:55 +02:00
Sebastian Pipping
a0eaef2d67
Set version 2.2.0/2016-06-18 where missing
2016-06-18 00:16:21 +02:00
Sebastian Pipping
df324510ba
htdocs/index.html: Fix some HTML issues
2016-06-18 00:10:51 +02:00
Sebastian Pipping
3e9b6807c4
htdocs/index.html: Sync HTML change log
2016-06-18 00:09:57 +02:00
Sebastian Pipping
9751416948
Changes: Adjust case
2016-06-17 23:44:15 +02:00
Karl Waclawek
76f5dc2a70
Upgraded setup files for Win32.
2016-06-17 15:04:39 -04:00
Karl Waclawek
309ad17f97
Added Visual Studio 2013 solution/project files. Will also work in Visual Studio 2015 if VS 2013 is installed. Otherwise, open a "Visual Studio 2015 Developer Command Prompt" and execute "devenv.exe /upgrade expat.sln" in the expat directory to upgrade the main solution and project files (Tests have their own solutions).
2016-06-17 14:34:46 -04:00
Sebastian Pipping
d627982040
Address VS2010 compile warning
...
xmlparse.c(1893): warning C4244: 'return' : conversion from '__int64' to 'XML_Index', possible loss of data
Reported by tbeu <tc@tbeu.de>
2016-06-16 17:20:43 +02:00
Sebastian Pipping
92da19f153
Resolve COMPILING_FOR_WINDOWS (ex COMPILED_FROM_DSP) in favor of WIN32
2016-06-13 17:05:16 +02:00
tbeu
d4123b8f60
Fix MSVC compiler warning
2016-06-07 21:47:15 +02:00
Sebastian Pipping
5b24ad2e51
qa.sh: "set -e" inside "|| exit 1"-ed subshell did not have any effect
...
http://unix.stackexchange.com/questions/65532/why-does-set-e-not-work-inside/65564#65564
2016-06-06 22:47:52 +02:00
tbeu
da4d6f9b53
Update copyright year
2016-06-06 22:28:57 +02:00
tbeu
e1b1cf953f
Fix typos
2016-06-06 21:40:47 +02:00
Sebastian Pipping
2b9cb7f5b5
Bump soversion, skipped one for 2.1.1
2016-06-05 15:43:36 +02:00
Sebastian Pipping
b364f44701
CMake: Create .so.1 symlink, too
2016-06-05 15:41:12 +02:00
Sebastian Pipping
5cfcdc3f40
Have CMake call "$(MAKE) -C doc xmlwf.1"
...
.. so that the man page is built if missing (e.g. for a Git clone)
2016-06-05 15:17:07 +02:00
Sebastian Pipping
e33d37cb47
doc/Makefile: Do not leave nullbyte XMLWF.1 on error
2016-06-05 15:14:14 +02:00
Sebastian Pipping
3f7f01ec09
Extend change log
2016-06-04 22:17:11 +02:00
Sebastian Pipping
17be9de91d
Ensure that unistd.h is included on Linux
...
(or anywhere except non-Cygwin Windows, to be precise)
Bug reported by László Böszörményi
2016-06-04 22:17:11 +02:00
Sebastian Pipping
f00e1d752a
Handle lack of __func__ with ISO C90
...
Bug reported by László Böszörményi
2016-06-04 22:17:03 +02:00
Sebastian Pipping
43718a3e32
Improve autotools-related entries in upcoming release changes
2016-06-04 17:37:39 +02:00
Sebastian Pipping
07cc2fcacf
Mention recently assigned CVEs CVE-2012-6702 and CVE-2016-5300 in plaintext change log
2016-06-04 17:21:04 +02:00
Sebastian Pipping
56e62f1634
Sync plaintext changelog; HTML left to do
2016-06-03 23:36:01 +02:00
Sebastian Pipping
f32e06fe6b
qa.sh: Merge callgraphs into one
2016-05-30 20:59:05 +02:00
Sebastian Pipping
a01b100305
qa.sh: Add egypt support (callgraphs)
2016-05-30 20:30:30 +02:00
Sebastian Pipping
0b51c25a09
Sync .gitignore
2016-05-28 19:55:40 +02:00
Sebastian Pipping
4363739fd5
CMake: Add soversion, support -DNO_SONAME=yes to bypass (issue #536 )
2016-05-28 19:55:40 +02:00
Sebastian Pipping
293dc5f730
Merge branch 'minbpc'
2016-05-25 19:15:29 +02:00
Sebastian Pipping
7101c85433
Extract macros from end-of-input checking
2016-05-25 19:04:36 +02:00
Sebastian Pipping
687edcb52b
Take into account that CHAR_MATCHES may read >1 bytes
2016-05-25 19:04:36 +02:00
Sebastian Pipping
3014589057
Take into account that BYTE_TYPE may read >1 bytes
2016-05-25 19:04:36 +02:00
Sebastian Pipping
93acfa0bb3
qa.sh: Add ncc/nccnav support
2016-05-25 19:04:36 +02:00
Sebastian Pipping
5a912171fd
qa.sh: Polish and make more flexible
2016-05-25 19:04:03 +02:00
Sebastian Pipping
a12e78cb1b
Fix uninitialized read of size 1 in little2_updatePosition
...
Reported by Pascal Cuoq
Valgrind's view:
==4416== Conditional jump or move depends on uninitialised value(s)
==4416== at 0x41F187: little2_updatePosition (xmltok_impl.c:1748)
==4416== by 0x405F85: XML_GetCurrentColumnNumber (xmlparse.c:1931)
==4416== by 0x402F7B: reportError (xmlfile.c:67)
==4416== by 0x403041: processFile (xmlfile.c:84)
==4416== by 0x403752: filemap (unixfilemap.c:61)
==4416== by 0x403523: XML_ProcessFile (xmlfile.c:239)
==4416== by 0x402EBC: main (xmlwf.c:847)
2016-05-25 18:47:35 +02:00
Sebastian Pipping
4813526e87
Merge branch 'improve-partial-utf8-handling'
2016-05-20 22:46:51 +02:00
Sebastian Pipping
550eb6bbaa
Fix UTF-8 auto alignment
2016-05-20 22:30:45 +02:00
Sebastian Pipping
be917d9f84
Cover UTF-8 limit correction; some tests fail
...
Failing tests are:
[-] UTF-8 case 3: Expected movement by -1 chars, actually moved by 0 chars: "\xdf"
[-] UTF-8 case 4: Expected movement by 0 chars, actually moved by -1 chars: "\xdf\xbf"
[-] UTF-8 case 5: Expected movement by -1 chars, actually moved by 0 chars: "\xef"
[-] UTF-8 case 6: Expected movement by -2 chars, actually moved by -1 chars: "\xef\xbf"
[-] UTF-8 case 7: Expected movement by 0 chars, actually moved by -2 chars: "\xef\xbf\xbf"
[-] UTF-8 case 8: Expected movement by -1 chars, actually moved by 0 chars: "\xf7"
[-] UTF-8 case 9: Expected movement by -2 chars, actually moved by -1 chars: "\xf7\xbf"
[-] UTF-8 case 10: Expected movement by -3 chars, actually moved by -2 chars: "\xf7\xbf\xbf"
[-] UTF-8 case 11: Expected movement by 0 chars, actually moved by -3 chars: "\xf7\xbf\xbf\xbf"
2016-05-20 22:29:47 +02:00
Sebastian Pipping
525be92f78
Extract function align_limit_to_full_utf8_characters
2016-05-20 22:11:56 +02:00
Sebastian Pipping
be4b1c06da
Merge branch 'cve-2016-0718-fix-2-2-1'
...
Conflicts:
expat/lib/xmltok.c
2016-05-17 21:08:21 +02:00
Pascal Cuoq
a1bc009dd4
Do not compare an out-of-bounds pointer. See https://lwn.net/Articles/278137/
2016-05-16 16:11:01 +02:00
Pascal Cuoq
5c9cc0eed8
Avoid undefined behavior when computing larger blockSize. The compiler might reason that (end - start)*2 is negative only if (end - start) is negative, see https://godbolt.org/g/wVEoTM
2016-05-16 16:10:57 +02:00
Pascal Cuoq
f0bec73b01
Avoid relying on undefined behavior in CVE-2015-1283 fix. It does not really work: https://godbolt.org/g/Zl8gdF
2016-05-16 15:35:08 +02:00
Sebastian Pipping
a238d7ea7a
Makefile.in: Extend target "qa"
2016-05-15 14:11:11 +02:00
Sebastian Pipping
2106ee4050
Fix left shift signed overflow
...
lib/xmltok.c:1407:11: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
lib/xmltok.c:1409:16: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
2016-05-15 14:04:09 +02:00