summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #581 from libexpat/fix-windows-installerR_2_4_7Sebastian Pipping2022-03-042-2/+2
|\ | | | | Fix windows installer (related to #555, follow-up to #570)
| * Changes: Document #581Sebastian Pipping2022-03-041-1/+1
| |
| * win32: Fix version.rc destination in expat.issSebastian Pipping2022-03-041-1/+1
|/
* Merge pull request #580 from libexpat/issue-578-prepare-releaseSebastian Pipping2022-03-0412-17/+36
|\ | | | | Prepare release 2.4.7 (part of #578)
| * Set expected release date for 2.4.7Sebastian Pipping2022-03-042-2/+2
| |
| * Sync file headersSebastian Pipping2022-03-046-0/+6
| |
| * Changes: Document #555 #570 #573 #574 #575 #579Sebastian Pipping2022-03-041-0/+11
| |
| * Bump version to 2.4.7Sebastian Pipping2022-03-048-13/+13
| |
| * Bump version info from 9:6:8 to 9:7:8Sebastian Pipping2022-03-043-2/+4
|/ | | | See https://verbump.de/ for what these numbers do
* Merge pull request #577 from libexpat/namesepSebastian Pipping2022-03-045-11/+171
|\ | | | | lib: Relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters (fixes #572)
| * Changes: Document #572 and #577Sebastian Pipping2022-03-041-0/+16
| |
| * lib|doc: Add a note on namespace URI validationSebastian Pipping2022-03-042-0/+14
| |
| * lib: Document namespace separator effect right in header <expat.h>Sebastian Pipping2022-03-041-0/+5
| |
| * tests: Cover relaxed fix to CVE-2022-25236Sebastian Pipping2022-03-041-3/+5
| |
| * lib: Relax fix to CVE-2022-25236 with regard to RFC 3986 URI charactersSebastian Pipping2022-03-041-8/+131
|/
* Merge pull request #579 from Tieske/patch-1Sebastian Pipping2022-03-041-1/+1
|\ | | | | doc: Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
| * fix typoThijs Schreijer2022-03-041-1/+1
|/ | | This has already been corrected in the official API reference docs
* doc: Document that a call to XML_FreeContentModel can be done at a later ↵Thijs Schreijer2022-03-022-6/+9
| | | | time from outside the element declaration handler (#575)
* Merge pull request #574 from libexpat/hardcoded-namespace-uri-findabilitySebastian Pipping2022-02-271-0/+3
|\ | | | | lib: Make hardcoded namespace URIs easier to find
| * lib: Make hardcoded namespace URIs easier to findSebastian Pipping2022-02-271-0/+3
|/
* Update documentation on use of XML_POOR_ENTOPY on Solaris (#573)Jeffrey Walton2022-02-261-1/+1
|
* Merge pull request #570 from petitlapin/dll_infoSebastian Pipping2022-02-244-8/+36
|\ | | | | CMake/Windows: store Expat version in the dll
| * CMake/Windows: store Expat version in the dllJohnny Jazeix2022-02-244-8/+36
| | | | | | | | | | | | Fixes #555 Tested with msvc2019 and mingw8.1
* | Merge pull request #571 from ↵Sebastian Pipping2022-02-242-3/+17
|\ \ | |/ |/| | | | | libexpat/issue-569-resolve-use-of-macros-nan-and-infinity tests: Resolve use of macros NAN and INFINITY for GNU G++ 4.8.2 (fixes #569)
| * tests: Resolve use of macros NAN and INFINITY for GNU G++ 4.8.2Sebastian Pipping2022-02-232-3/+17
|/
* Merge pull request #568 from libexpat/issue-567-prepare-releaseR_2_4_6Sebastian Pipping2022-02-2011-18/+22
|\ | | | | Prepare release 2.4.6 (part of #567)
| * Set expected release date for 2.4.6Sebastian Pipping2022-02-202-2/+2
| |
| * Bump version to 2.4.6Sebastian Pipping2022-02-208-13/+13
| |
| * Bump version info from 9:5:8 to 9:6:8Sebastian Pipping2022-02-203-2/+6
| | | | | | | | See https://verbump.de/ for what these numbers do
| * Changes: Finalize entry on #566Sebastian Pipping2022-02-201-1/+1
|/
* Merge pull request #566 from ferivoz/model-regressionSebastian Pipping2022-02-203-32/+140
|\ | | | | Fix build_model regression
| * Changes: Document regression from CVE-2022-25313 fixSebastian Pipping2022-02-201-0/+16
| |
| * tests: Protect against nested element declaration model regressionsSebastian Pipping2022-02-201-0/+77
| |
| * Fix build_model regression.Samanta Navarro2022-02-201-32/+47
|/ | | | | | | | | | | | | | | | | The iterative approach in build_model failed to fill children arrays correctly. A preorder traversal is not required and turned out to be the culprit. Use an easier algorithm: Add nodes from scaffold tree starting at index 0 (root) to the target array whenever children are encountered. This ensures that children are adjacent to each other. This complies with the recursive version. Store only the scaffold index in numchildren field to prevent a direct processing of these children, which would require a recursive solution. This allows the algorithm to iterate through the target array from start to end without jumping back and forth, converting on the fly. Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
* Merge pull request #564 from libexpat/issue-557-prepare-releaseR_2_4_5Sebastian Pipping2022-02-1814-20/+40
|\ | | | | Prepare release 2.4.5 (part of #557)
| * Set expected release date for 2.4.5Sebastian Pipping2022-02-182-2/+2
| |
| * Sync file headersSebastian Pipping2022-02-183-3/+3
| |
| * Bump version to 2.4.5Sebastian Pipping2022-02-188-13/+13
| |
| * Bump version info from 9:4:8 to 9:5:8Sebastian Pipping2022-02-183-2/+6
| | | | | | | | See https://verbump.de/ for what these numbers do
| * Changes: Document #558 #559 #560Sebastian Pipping2022-02-181-0/+16
|/
* Merge pull request #562 from libexpat/utf8-securitySebastian Pipping2022-02-184-12/+127
|\ | | | | [CVE-2022-25235] lib: Protect against malformed encoding (e.g. malformed UTF-8)
| * Changes: Document CVE-2022-25235Sebastian Pipping2022-02-181-0/+7
| |
| * tests: Cover missing validation of encoding (CVE-2022-25235)Sebastian Pipping2022-02-181-0/+109
| |
| * lib: Add comments to BT_LEAD* cases where encoding has already been validatedSebastian Pipping2022-02-181-5/+5
| |
| * lib: Add missing validation of encoding (CVE-2022-25235)Sebastian Pipping2022-02-181-2/+6
| |
| * lib: Drop unused macro UTF8_GET_NAMINGSebastian Pipping2022-02-181-5/+0
|/
* Merge pull request #561 from libexpat/namesep-securitySebastian Pipping2022-02-183-4/+59
|\ | | | | [CVE-2022-25236] lib: Protect against insertion of namesep characters into namespace URIs
| * Changes: Document CVE-2022-25236Sebastian Pipping2022-02-161-0/+16
| |
| * tests: Cover CVE-2022-25236Sebastian Pipping2022-02-161-0/+30
| |
| * lib: Protect against malicious namespace declarations (CVE-2022-25236)Sebastian Pipping2022-02-161-0/+11
| |
View Lorry Controller Status