Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge branch 'issue-533-prepare-release' (#533)R_2_4_3 | Sebastian Pipping | 2022-01-16 | 16 | -31/+36 |
|\ | |||||
| * | Set expected release date for 2.4.3issue-533-prepare-release | Sebastian Pipping | 2022-01-13 | 2 | -2/+2 |
| | | |||||
| * | Changes: Streamline item order for 2.4.3 | Sebastian Pipping | 2022-01-13 | 1 | -1/+1 |
| | | |||||
| * | Changes: Document #528 and #529 | Sebastian Pipping | 2022-01-13 | 1 | -0/+3 |
| | | |||||
| * | Sync years in file headers | Sebastian Pipping | 2022-01-13 | 13 | -13/+13 |
| | | |||||
| * | Bump version to 2.4.3 | Sebastian Pipping | 2022-01-13 | 8 | -13/+13 |
| | | |||||
| * | Bump version info from 9:2:8 to 9:3:8 | Sebastian Pipping | 2022-01-13 | 3 | -2/+4 |
|/ | | | | See https://verbump.de/ for what these numbers do | ||||
* | Merge pull request #539 from libexpat/prevent-more-integer-overflows | Sebastian Pipping | 2022-01-13 | 3 | -2/+163 |
|\ | | | | | [CVE-2022-22822 to CVE-2022-22827] lib: Prevent more integer overflows | ||||
| * | Changes: Document CVE-2022-22822 to CVE-2022-22827prevent-more-integer-overflows | Sebastian Pipping | 2022-01-12 | 1 | -0/+10 |
| | | |||||
| * | lib: Prevent integer overflow at multiple places (CVE-2022-22822 to ↵ | Sebastian Pipping | 2022-01-12 | 1 | -2/+151 |
| | | | | | | | | | | | | | | | | | | | | | | | | CVE-2022-22827) The involved functions are: - addBinding (CVE-2022-22822) - build_model (CVE-2022-22823) - defineAttribute (CVE-2022-22824) - lookup (CVE-2022-22825) - nextScaffoldPart (CVE-2022-22826) - storeAtts (CVE-2022-22827) | ||||
| * | linux.yml: Add some -m32 coverage to -DEXPAT_ATTR_INFO=ON | Sebastian Pipping | 2022-01-10 | 1 | -0/+2 |
|/ | |||||
* | Merge pull request #538 from libexpat/issue-532-integer-overflow | Sebastian Pipping | 2022-01-10 | 2 | -0/+21 |
|\ | | | | | [CVE-2021-46143] lib: Prevent integer overflow on m_groupSize in function doProlog (fixes #532) | ||||
| * | Changes: Document integer overflow CVE-2021-46143 | Sebastian Pipping | 2022-01-10 | 1 | -0/+6 |
| | | |||||
| * | lib: Prevent integer overflow on m_groupSize in function doProlog ↵ | Sebastian Pipping | 2022-01-10 | 1 | -0/+15 |
|/ | | | | (CVE-2021-46143) | ||||
* | Merge pull request #541 from libexpat/fix-run-sh-in-for-native-windows | Sebastian Pipping | 2022-01-10 | 2 | -1/+14 |
|\ | | | | | run.sh.in: Do not use Wine with Cygwin and MSYS2 | ||||
| * | run.sh.in: Do not use Wine with Cygwin and MSYS2fix-run-sh-in-for-native-windows | Sebastian Pipping | 2022-01-09 | 2 | -1/+14 |
|/ | |||||
* | Merge pull request #534 from libexpat/issue-531-troublesome-shifts | Sebastian Pipping | 2022-01-07 | 2 | -2/+48 |
|\ | | | | | [CVE-2021-45960] lib: Detect and prevent troublesome left shifts in function storeAtts (fixes #531) | ||||
| * | Changes: Document CVE-2021-45960issue-531-troublesome-shifts | Sebastian Pipping | 2022-01-05 | 1 | -0/+19 |
| | | |||||
| * | lib: Detect and prevent troublesome left shifts in function storeAtts ↵ | Sebastian Pipping | 2022-01-05 | 1 | -2/+29 |
|/ | | | | (CVE-2021-45960) | ||||
* | Merge pull request #536 from libexpat/actions-cover-cmake-required-version | Sebastian Pipping | 2022-01-01 | 2 | -0/+75 |
|\ | | | | | Actions: Check for realistic minimum CMake version requirement | ||||
| * | Actions: Check for realistic minimum CMake version requirementactions-cover-cmake-required-version | Sebastian Pipping | 2022-01-01 | 2 | -0/+75 |
|/ | |||||
* | Merge pull request #535 from libexpat/cmake-fix-call-to-file-generate | Sebastian Pipping | 2021-12-31 | 3 | -9/+9 |
|\ | | | | | CMake: Make call to file(GENERATE [..]) work for CMake <3.19 | ||||
| * | CMake: Make call to file(GENERATE [..]) work for CMake <3.19cmake-fix-call-to-file-generate | Sebastian Pipping | 2021-12-31 | 3 | -9/+9 |
|/ | | | | | | | Error from CMake 3.7.2 was: CMake Error at CMakeLists.txt:482 (file): file Incorrect arguments to GENERATE subcommand. | ||||
* | Merge pull request #529 from libexpat/actions-cover-m32 | Sebastian Pipping | 2021-12-28 | 4 | -3/+50 |
|\ | | | | | GitHub Actions: Cover -m32 + store coverage results as an artifact | ||||
| * | coverage.yml: Store coverage .info and HTML reportactions-cover-m32 | Sebastian Pipping | 2021-12-28 | 1 | -0/+7 |
| | | |||||
| * | linux.yml: Add some coverage to -m32 32bit mode | Sebastian Pipping | 2021-12-28 | 1 | -0/+4 |
| | | |||||
| * | coverage.sh: Simplify directory naming scheme | Sebastian Pipping | 2021-12-28 | 1 | -3/+9 |
| | | |||||
| * | coverage.sh: Start coveraging -m32 | Sebastian Pipping | 2021-12-28 | 2 | -1/+11 |
| | | |||||
| * | CMake: Add unofficial flag for passing 32bit compile flag -m32 | Sebastian Pipping | 2021-12-27 | 1 | -0/+20 |
|/ | |||||
* | Merge pull request #528 from libexpat/actions-upgrade-clang | Sebastian Pipping | 2021-12-26 | 5 | -10/+12 |
|\ | | | | | Upgrade Clang from 11 to 13 (and fix a related warning) | ||||
| * | Actions: Upgrade Clang from 11 to 13actions-upgrade-clang | Sebastian Pipping | 2021-12-26 | 3 | -9/+9 |
| | | |||||
| * | xmlwf: Address Clang 13 warning -Wunused-but-set-variable | Sebastian Pipping | 2021-12-26 | 2 | -1/+3 |
|/ | |||||
* | Merge pull request #527 from libexpat/address-compiler-warnings | Sebastian Pipping | 2021-12-25 | 2 | -1/+5 |
|\ | | | | | lib: Address GCC 11.2.1 compiler warning | ||||
| * | lib: Address GCC 11.2.1 compiler warningaddress-compiler-warnings | Sebastian Pipping | 2021-12-25 | 2 | -1/+5 |
|/ | | | | | | | | | | | | | | | | | | | | | | | Symptom was: In file included from xmltok.c:58: xmltok_ns.c: In function ‘findEncodingNS’: xmltok.h:276:10: warning: ‘buf’ may be used uninitialized [-Wmaybe-uninitialized] 276 | (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim)) | ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’ 99 | XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1); | ^~~~~~~~~~~~~~ xmltok.h:276:10: note: by argument 5 of type ‘const char *’ to ‘enum XML_Convert_Result(const ENCODING *, const char **, const char *, char **, const char *)’ {aka ‘enum XML_Convert_Result(const struct encoding *, const char **, const char *, char **, const char *)’} 276 | (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim)) | ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’ 99 | XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1); | ^~~~~~~~~~~~~~ In file included from xmltok.c:1666: xmltok_ns.c:96:8: note: ‘buf’ declared here 96 | char buf[ENCODING_MAX]; | ^~~ | ||||
* | .gitignore: Fully cover ./distribute.sh output | Sebastian Pipping | 2021-12-19 | 1 | -2/+1 |
| | |||||
* | Merge pull request #526 from libexpat/issue-525-prepare-releaseR_2_4_2 | Sebastian Pipping | 2021-12-19 | 11 | -18/+23 |
|\ | | | | | Release Expat 2.4.2 (part of #525) | ||||
| * | Set expected release date for 2.4.2issue-525-prepare-release | Sebastian Pipping | 2021-12-19 | 2 | -2/+2 |
| | | |||||
| * | Bump version to 2.4.2 | Sebastian Pipping | 2021-12-17 | 8 | -13/+13 |
| | | |||||
| * | Bump version info from 9:1:8 to 9:2:8 | Sebastian Pipping | 2021-12-17 | 3 | -2/+4 |
| | | | | | | | | See https://verbump.de/ for what these numbers do | ||||
| * | Changes: Document #502 #503 #507 #519 + fix reference to #498 | Sebastian Pipping | 2021-12-17 | 1 | -1/+4 |
|/ | |||||
* | Merge pull request #524 from libexpat/fix-msvc-lib-files-naming | Sebastian Pipping | 2021-12-15 | 2 | -2/+5 |
|\ | | | | | CMake: Ensure libexpat*.lib filenames with MSVC | ||||
| * | CMake: Ensure libexpat*.lib filenames with MSVCfix-msvc-lib-files-naming | Sebastian Pipping | 2021-12-15 | 2 | -2/+5 |
|/ | | | | | | This fixes a post-2.4.1 regression from commit 3486fd6e3d2bc269660cedd3befa1ae649d1dcf4 introduced by pull request #495. | ||||
* | Merge pull request #523 from libexpat/issue-522-fix-return-value-docs | Sebastian Pipping | 2021-12-14 | 2 | -2/+4 |
|\ | | | | | [docs] Fix return value docs on XML_SetBillionLaughs[..] functions (fixes #522) | ||||
| * | doc: Fix return value docs on XML_SetBillionLaughs[..] functions (#522)issue-522-fix-return-value-docs | Sebastian Pipping | 2021-12-14 | 2 | -2/+4 |
|/ | |||||
* | Merge pull request #519 from libexpat/sync-autotools-cmake-templates | Sebastian Pipping | 2021-11-26 | 1 | -2/+2 |
|\ | | | | | autotools: Sync expat.cmake to agree with CI | ||||
| * | autotools: Sync expat.cmake to agree with CIsync-autotools-cmake-templates | Sebastian Pipping | 2021-11-26 | 1 | -2/+2 |
|/ | |||||
* | Merge pull request #517 from ↵ | Sebastian Pipping | 2021-11-08 | 7 | -7/+7 |
|\ | | | | | | | | | libexpat/dependabot/github_actions/actions/checkout-2.4.0 Actions(deps): Bump actions/checkout from 2.3.5 to 2.4.0 | ||||
| * | Actions(deps): Bump actions/checkout from 2.3.5 to 2.4.0 | dependabot[bot] | 2021-11-08 | 7 | -7/+7 |
|/ | | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.3.5...v2.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> | ||||
* | Merge pull request #515 from ↵ | Sebastian Pipping | 2021-10-18 | 7 | -7/+7 |
|\ | | | | | | | | | libexpat/dependabot/github_actions/actions/checkout-2.3.5 Actions(deps): Bump actions/checkout from 2.3.4 to 2.3.5 | ||||
| * | Actions(deps): Bump actions/checkout from 2.3.4 to 2.3.5 | dependabot[bot] | 2021-10-18 | 7 | -7/+7 |
|/ | | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.3.5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.3.5) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> |