Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
| * | Bump version to 2.4.4 | Sebastian Pipping | 2022-01-29 | 8 | -13/+13 | |
| | | ||||||
| * | Bump version info from 9:3:8 to 9:4:8 | Sebastian Pipping | 2022-01-29 | 3 | -2/+4 | |
| | | | | | | | | See https://verbump.de/ for what these numbers do | |||||
| * | Changes: Document #546 | Sebastian Pipping | 2022-01-29 | 1 | -0/+4 | |
|/ | ||||||
* | Stop casting void* results from calls to .malloc_fcn (#553) | czentgr | 2022-01-29 | 1 | -8/+8 | |
| | ||||||
* | Merge pull request #551 from libexpat/prevent-doprolog-overflow | Sebastian Pipping | 2022-01-26 | 2 | -2/+14 | |
|\ | | | | | [CVE-2022-23990] lib: Prevent integer overflow in function doProlog | |||||
| * | Changes: Document CVE-2022-23990 | Sebastian Pipping | 2022-01-26 | 1 | -0/+6 | |
| | | ||||||
| * | lib: Prevent integer overflow in doProlog (CVE-2022-23990) | Sebastian Pipping | 2022-01-26 | 1 | -2/+8 | |
|/ | | | | | | | The change from "int nameLen" to "size_t nameLen" addresses the overflow on "nameLen++" in code "for (; name[nameLen++];)" right above the second change in the patch. | |||||
* | Merge pull request #545 from ↵ | Sebastian Pipping | 2022-01-24 | 2 | -2/+8 | |
|\ | | | | | | | | | libexpat/issue-544-fix-xmlwf-memleak-on-file-opening-error [>=2.3.0] xmlwf: Fix a memory leak on output file opening error (fixes #544) | |||||
| * | xmlwf: Fix a memory leak on output file opening error | Sebastian Pipping | 2022-01-24 | 2 | -2/+8 | |
|/ | ||||||
* | Merge pull request #550 from libexpat/prevent-getbuffer-overflow | Sebastian Pipping | 2022-01-24 | 3 | -0/+44 | |
|\ | | | | | [CVE-2022-23852] Prevent XML_GetBuffer signed integer overflow | |||||
| * | Changes: Document CVE-2022-23852prevent-getbuffer-overflow | Sebastian Pipping | 2022-01-24 | 1 | -0/+12 | |
| | | ||||||
| * | tests: Cover integer overflow in XML_GetBuffer (CVE-2022-23852) | Sebastian Pipping | 2022-01-24 | 1 | -0/+27 | |
| | | ||||||
| * | lib: Detect and prevent integer overflow in XML_GetBuffer (CVE-2022-23852) | Samanta Navarro | 2022-01-24 | 1 | -0/+5 | |
|/ | ||||||
* | Merge pull request #548 from ferivoz/typos | Sebastian Pipping | 2022-01-22 | 3 | -4/+4 | |
|\ | | | | | Fix typos | |||||
| * | Fix typos | Samanta Navarro | 2022-01-22 | 3 | -4/+4 | |
|/ | | | | Typos found with codespell. | |||||
* | [>=2.3.0] Autotools: Fix broken CMake support under Cygwin (#546) | Carlo Bramini | 2022-01-20 | 2 | -3/+11 | |
| | | | Autotools: Fix broken CMake support under Cygwin | |||||
* | Merge branch 'issue-533-prepare-release' (#533)R_2_4_3 | Sebastian Pipping | 2022-01-16 | 16 | -31/+36 | |
|\ | ||||||
| * | Set expected release date for 2.4.3issue-533-prepare-release | Sebastian Pipping | 2022-01-13 | 2 | -2/+2 | |
| | | ||||||
| * | Changes: Streamline item order for 2.4.3 | Sebastian Pipping | 2022-01-13 | 1 | -1/+1 | |
| | | ||||||
| * | Changes: Document #528 and #529 | Sebastian Pipping | 2022-01-13 | 1 | -0/+3 | |
| | | ||||||
| * | Sync years in file headers | Sebastian Pipping | 2022-01-13 | 13 | -13/+13 | |
| | | ||||||
| * | Bump version to 2.4.3 | Sebastian Pipping | 2022-01-13 | 8 | -13/+13 | |
| | | ||||||
| * | Bump version info from 9:2:8 to 9:3:8 | Sebastian Pipping | 2022-01-13 | 3 | -2/+4 | |
|/ | | | | See https://verbump.de/ for what these numbers do | |||||
* | Merge pull request #539 from libexpat/prevent-more-integer-overflows | Sebastian Pipping | 2022-01-13 | 3 | -2/+163 | |
|\ | | | | | [CVE-2022-22822 to CVE-2022-22827] lib: Prevent more integer overflows | |||||
| * | Changes: Document CVE-2022-22822 to CVE-2022-22827prevent-more-integer-overflows | Sebastian Pipping | 2022-01-12 | 1 | -0/+10 | |
| | | ||||||
| * | lib: Prevent integer overflow at multiple places (CVE-2022-22822 to ↵ | Sebastian Pipping | 2022-01-12 | 1 | -2/+151 | |
| | | | | | | | | | | | | | | | | | | | | | | | | CVE-2022-22827) The involved functions are: - addBinding (CVE-2022-22822) - build_model (CVE-2022-22823) - defineAttribute (CVE-2022-22824) - lookup (CVE-2022-22825) - nextScaffoldPart (CVE-2022-22826) - storeAtts (CVE-2022-22827) | |||||
| * | linux.yml: Add some -m32 coverage to -DEXPAT_ATTR_INFO=ON | Sebastian Pipping | 2022-01-10 | 1 | -0/+2 | |
|/ | ||||||
* | Merge pull request #538 from libexpat/issue-532-integer-overflow | Sebastian Pipping | 2022-01-10 | 2 | -0/+21 | |
|\ | | | | | [CVE-2021-46143] lib: Prevent integer overflow on m_groupSize in function doProlog (fixes #532) | |||||
| * | Changes: Document integer overflow CVE-2021-46143 | Sebastian Pipping | 2022-01-10 | 1 | -0/+6 | |
| | | ||||||
| * | lib: Prevent integer overflow on m_groupSize in function doProlog ↵ | Sebastian Pipping | 2022-01-10 | 1 | -0/+15 | |
|/ | | | | (CVE-2021-46143) | |||||
* | Merge pull request #541 from libexpat/fix-run-sh-in-for-native-windows | Sebastian Pipping | 2022-01-10 | 2 | -1/+14 | |
|\ | | | | | run.sh.in: Do not use Wine with Cygwin and MSYS2 | |||||
| * | run.sh.in: Do not use Wine with Cygwin and MSYS2fix-run-sh-in-for-native-windows | Sebastian Pipping | 2022-01-09 | 2 | -1/+14 | |
|/ | ||||||
* | Merge pull request #534 from libexpat/issue-531-troublesome-shifts | Sebastian Pipping | 2022-01-07 | 2 | -2/+48 | |
|\ | | | | | [CVE-2021-45960] lib: Detect and prevent troublesome left shifts in function storeAtts (fixes #531) | |||||
| * | Changes: Document CVE-2021-45960issue-531-troublesome-shifts | Sebastian Pipping | 2022-01-05 | 1 | -0/+19 | |
| | | ||||||
| * | lib: Detect and prevent troublesome left shifts in function storeAtts ↵ | Sebastian Pipping | 2022-01-05 | 1 | -2/+29 | |
|/ | | | | (CVE-2021-45960) | |||||
* | Merge pull request #536 from libexpat/actions-cover-cmake-required-version | Sebastian Pipping | 2022-01-01 | 2 | -0/+75 | |
|\ | | | | | Actions: Check for realistic minimum CMake version requirement | |||||
| * | Actions: Check for realistic minimum CMake version requirementactions-cover-cmake-required-version | Sebastian Pipping | 2022-01-01 | 2 | -0/+75 | |
|/ | ||||||
* | Merge pull request #535 from libexpat/cmake-fix-call-to-file-generate | Sebastian Pipping | 2021-12-31 | 3 | -9/+9 | |
|\ | | | | | CMake: Make call to file(GENERATE [..]) work for CMake <3.19 | |||||
| * | CMake: Make call to file(GENERATE [..]) work for CMake <3.19cmake-fix-call-to-file-generate | Sebastian Pipping | 2021-12-31 | 3 | -9/+9 | |
|/ | | | | | | | Error from CMake 3.7.2 was: CMake Error at CMakeLists.txt:482 (file): file Incorrect arguments to GENERATE subcommand. | |||||
* | Merge pull request #529 from libexpat/actions-cover-m32 | Sebastian Pipping | 2021-12-28 | 4 | -3/+50 | |
|\ | | | | | GitHub Actions: Cover -m32 + store coverage results as an artifact | |||||
| * | coverage.yml: Store coverage .info and HTML reportactions-cover-m32 | Sebastian Pipping | 2021-12-28 | 1 | -0/+7 | |
| | | ||||||
| * | linux.yml: Add some coverage to -m32 32bit mode | Sebastian Pipping | 2021-12-28 | 1 | -0/+4 | |
| | | ||||||
| * | coverage.sh: Simplify directory naming scheme | Sebastian Pipping | 2021-12-28 | 1 | -3/+9 | |
| | | ||||||
| * | coverage.sh: Start coveraging -m32 | Sebastian Pipping | 2021-12-28 | 2 | -1/+11 | |
| | | ||||||
| * | CMake: Add unofficial flag for passing 32bit compile flag -m32 | Sebastian Pipping | 2021-12-27 | 1 | -0/+20 | |
|/ | ||||||
* | Merge pull request #528 from libexpat/actions-upgrade-clang | Sebastian Pipping | 2021-12-26 | 5 | -10/+12 | |
|\ | | | | | Upgrade Clang from 11 to 13 (and fix a related warning) | |||||
| * | Actions: Upgrade Clang from 11 to 13actions-upgrade-clang | Sebastian Pipping | 2021-12-26 | 3 | -9/+9 | |
| | | ||||||
| * | xmlwf: Address Clang 13 warning -Wunused-but-set-variable | Sebastian Pipping | 2021-12-26 | 2 | -1/+3 | |
|/ | ||||||
* | Merge pull request #527 from libexpat/address-compiler-warnings | Sebastian Pipping | 2021-12-25 | 2 | -1/+5 | |
|\ | | | | | lib: Address GCC 11.2.1 compiler warning | |||||
| * | lib: Address GCC 11.2.1 compiler warningaddress-compiler-warnings | Sebastian Pipping | 2021-12-25 | 2 | -1/+5 | |
|/ | | | | | | | | | | | | | | | | | | | | | | | Symptom was: In file included from xmltok.c:58: xmltok_ns.c: In function ‘findEncodingNS’: xmltok.h:276:10: warning: ‘buf’ may be used uninitialized [-Wmaybe-uninitialized] 276 | (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim)) | ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’ 99 | XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1); | ^~~~~~~~~~~~~~ xmltok.h:276:10: note: by argument 5 of type ‘const char *’ to ‘enum XML_Convert_Result(const ENCODING *, const char **, const char *, char **, const char *)’ {aka ‘enum XML_Convert_Result(const struct encoding *, const char **, const char *, char **, const char *)’} 276 | (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim)) | ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’ 99 | XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1); | ^~~~~~~~~~~~~~ In file included from xmltok.c:1666: xmltok_ns.c:96:8: note: ‘buf’ declared here 96 | char buf[ENCODING_MAX]; | ^~~ |