Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Changes: Document CVE-2022-23852prevent-getbuffer-overflow | Sebastian Pipping | 2022-01-24 | 1 | -0/+12 |
| | |||||
* | tests: Cover integer overflow in XML_GetBuffer (CVE-2022-23852) | Sebastian Pipping | 2022-01-24 | 1 | -0/+27 |
| | |||||
* | lib: Detect and prevent integer overflow in XML_GetBuffer (CVE-2022-23852) | Samanta Navarro | 2022-01-24 | 1 | -0/+5 |
| | |||||
* | Merge pull request #548 from ferivoz/typos | Sebastian Pipping | 2022-01-22 | 3 | -4/+4 |
|\ | | | | | Fix typos | ||||
| * | Fix typos | Samanta Navarro | 2022-01-22 | 3 | -4/+4 |
|/ | | | | Typos found with codespell. | ||||
* | [>=2.3.0] Autotools: Fix broken CMake support under Cygwin (#546) | Carlo Bramini | 2022-01-20 | 2 | -3/+11 |
| | | | Autotools: Fix broken CMake support under Cygwin | ||||
* | Merge branch 'issue-533-prepare-release' (#533)R_2_4_3 | Sebastian Pipping | 2022-01-16 | 16 | -31/+36 |
|\ | |||||
| * | Set expected release date for 2.4.3issue-533-prepare-release | Sebastian Pipping | 2022-01-13 | 2 | -2/+2 |
| | | |||||
| * | Changes: Streamline item order for 2.4.3 | Sebastian Pipping | 2022-01-13 | 1 | -1/+1 |
| | | |||||
| * | Changes: Document #528 and #529 | Sebastian Pipping | 2022-01-13 | 1 | -0/+3 |
| | | |||||
| * | Sync years in file headers | Sebastian Pipping | 2022-01-13 | 13 | -13/+13 |
| | | |||||
| * | Bump version to 2.4.3 | Sebastian Pipping | 2022-01-13 | 8 | -13/+13 |
| | | |||||
| * | Bump version info from 9:2:8 to 9:3:8 | Sebastian Pipping | 2022-01-13 | 3 | -2/+4 |
|/ | | | | See https://verbump.de/ for what these numbers do | ||||
* | Merge pull request #539 from libexpat/prevent-more-integer-overflows | Sebastian Pipping | 2022-01-13 | 3 | -2/+163 |
|\ | | | | | [CVE-2022-22822 to CVE-2022-22827] lib: Prevent more integer overflows | ||||
| * | Changes: Document CVE-2022-22822 to CVE-2022-22827prevent-more-integer-overflows | Sebastian Pipping | 2022-01-12 | 1 | -0/+10 |
| | | |||||
| * | lib: Prevent integer overflow at multiple places (CVE-2022-22822 to ↵ | Sebastian Pipping | 2022-01-12 | 1 | -2/+151 |
| | | | | | | | | | | | | | | | | | | | | | | | | CVE-2022-22827) The involved functions are: - addBinding (CVE-2022-22822) - build_model (CVE-2022-22823) - defineAttribute (CVE-2022-22824) - lookup (CVE-2022-22825) - nextScaffoldPart (CVE-2022-22826) - storeAtts (CVE-2022-22827) | ||||
| * | linux.yml: Add some -m32 coverage to -DEXPAT_ATTR_INFO=ON | Sebastian Pipping | 2022-01-10 | 1 | -0/+2 |
|/ | |||||
* | Merge pull request #538 from libexpat/issue-532-integer-overflow | Sebastian Pipping | 2022-01-10 | 2 | -0/+21 |
|\ | | | | | [CVE-2021-46143] lib: Prevent integer overflow on m_groupSize in function doProlog (fixes #532) | ||||
| * | Changes: Document integer overflow CVE-2021-46143 | Sebastian Pipping | 2022-01-10 | 1 | -0/+6 |
| | | |||||
| * | lib: Prevent integer overflow on m_groupSize in function doProlog ↵ | Sebastian Pipping | 2022-01-10 | 1 | -0/+15 |
|/ | | | | (CVE-2021-46143) | ||||
* | Merge pull request #541 from libexpat/fix-run-sh-in-for-native-windows | Sebastian Pipping | 2022-01-10 | 2 | -1/+14 |
|\ | | | | | run.sh.in: Do not use Wine with Cygwin and MSYS2 | ||||
| * | run.sh.in: Do not use Wine with Cygwin and MSYS2fix-run-sh-in-for-native-windows | Sebastian Pipping | 2022-01-09 | 2 | -1/+14 |
|/ | |||||
* | Merge pull request #534 from libexpat/issue-531-troublesome-shifts | Sebastian Pipping | 2022-01-07 | 2 | -2/+48 |
|\ | | | | | [CVE-2021-45960] lib: Detect and prevent troublesome left shifts in function storeAtts (fixes #531) | ||||
| * | Changes: Document CVE-2021-45960issue-531-troublesome-shifts | Sebastian Pipping | 2022-01-05 | 1 | -0/+19 |
| | | |||||
| * | lib: Detect and prevent troublesome left shifts in function storeAtts ↵ | Sebastian Pipping | 2022-01-05 | 1 | -2/+29 |
|/ | | | | (CVE-2021-45960) | ||||
* | Merge pull request #536 from libexpat/actions-cover-cmake-required-version | Sebastian Pipping | 2022-01-01 | 2 | -0/+75 |
|\ | | | | | Actions: Check for realistic minimum CMake version requirement | ||||
| * | Actions: Check for realistic minimum CMake version requirementactions-cover-cmake-required-version | Sebastian Pipping | 2022-01-01 | 2 | -0/+75 |
|/ | |||||
* | Merge pull request #535 from libexpat/cmake-fix-call-to-file-generate | Sebastian Pipping | 2021-12-31 | 3 | -9/+9 |
|\ | | | | | CMake: Make call to file(GENERATE [..]) work for CMake <3.19 | ||||
| * | CMake: Make call to file(GENERATE [..]) work for CMake <3.19cmake-fix-call-to-file-generate | Sebastian Pipping | 2021-12-31 | 3 | -9/+9 |
|/ | | | | | | | Error from CMake 3.7.2 was: CMake Error at CMakeLists.txt:482 (file): file Incorrect arguments to GENERATE subcommand. | ||||
* | Merge pull request #529 from libexpat/actions-cover-m32 | Sebastian Pipping | 2021-12-28 | 4 | -3/+50 |
|\ | | | | | GitHub Actions: Cover -m32 + store coverage results as an artifact | ||||
| * | coverage.yml: Store coverage .info and HTML reportactions-cover-m32 | Sebastian Pipping | 2021-12-28 | 1 | -0/+7 |
| | | |||||
| * | linux.yml: Add some coverage to -m32 32bit mode | Sebastian Pipping | 2021-12-28 | 1 | -0/+4 |
| | | |||||
| * | coverage.sh: Simplify directory naming scheme | Sebastian Pipping | 2021-12-28 | 1 | -3/+9 |
| | | |||||
| * | coverage.sh: Start coveraging -m32 | Sebastian Pipping | 2021-12-28 | 2 | -1/+11 |
| | | |||||
| * | CMake: Add unofficial flag for passing 32bit compile flag -m32 | Sebastian Pipping | 2021-12-27 | 1 | -0/+20 |
|/ | |||||
* | Merge pull request #528 from libexpat/actions-upgrade-clang | Sebastian Pipping | 2021-12-26 | 5 | -10/+12 |
|\ | | | | | Upgrade Clang from 11 to 13 (and fix a related warning) | ||||
| * | Actions: Upgrade Clang from 11 to 13actions-upgrade-clang | Sebastian Pipping | 2021-12-26 | 3 | -9/+9 |
| | | |||||
| * | xmlwf: Address Clang 13 warning -Wunused-but-set-variable | Sebastian Pipping | 2021-12-26 | 2 | -1/+3 |
|/ | |||||
* | Merge pull request #527 from libexpat/address-compiler-warnings | Sebastian Pipping | 2021-12-25 | 2 | -1/+5 |
|\ | | | | | lib: Address GCC 11.2.1 compiler warning | ||||
| * | lib: Address GCC 11.2.1 compiler warningaddress-compiler-warnings | Sebastian Pipping | 2021-12-25 | 2 | -1/+5 |
|/ | | | | | | | | | | | | | | | | | | | | | | | Symptom was: In file included from xmltok.c:58: xmltok_ns.c: In function ‘findEncodingNS’: xmltok.h:276:10: warning: ‘buf’ may be used uninitialized [-Wmaybe-uninitialized] 276 | (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim)) | ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’ 99 | XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1); | ^~~~~~~~~~~~~~ xmltok.h:276:10: note: by argument 5 of type ‘const char *’ to ‘enum XML_Convert_Result(const ENCODING *, const char **, const char *, char **, const char *)’ {aka ‘enum XML_Convert_Result(const struct encoding *, const char **, const char *, char **, const char *)’} 276 | (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim)) | ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’ 99 | XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1); | ^~~~~~~~~~~~~~ In file included from xmltok.c:1666: xmltok_ns.c:96:8: note: ‘buf’ declared here 96 | char buf[ENCODING_MAX]; | ^~~ | ||||
* | .gitignore: Fully cover ./distribute.sh output | Sebastian Pipping | 2021-12-19 | 1 | -2/+1 |
| | |||||
* | Merge pull request #526 from libexpat/issue-525-prepare-releaseR_2_4_2 | Sebastian Pipping | 2021-12-19 | 11 | -18/+23 |
|\ | | | | | Release Expat 2.4.2 (part of #525) | ||||
| * | Set expected release date for 2.4.2issue-525-prepare-release | Sebastian Pipping | 2021-12-19 | 2 | -2/+2 |
| | | |||||
| * | Bump version to 2.4.2 | Sebastian Pipping | 2021-12-17 | 8 | -13/+13 |
| | | |||||
| * | Bump version info from 9:1:8 to 9:2:8 | Sebastian Pipping | 2021-12-17 | 3 | -2/+4 |
| | | | | | | | | See https://verbump.de/ for what these numbers do | ||||
| * | Changes: Document #502 #503 #507 #519 + fix reference to #498 | Sebastian Pipping | 2021-12-17 | 1 | -1/+4 |
|/ | |||||
* | Merge pull request #524 from libexpat/fix-msvc-lib-files-naming | Sebastian Pipping | 2021-12-15 | 2 | -2/+5 |
|\ | | | | | CMake: Ensure libexpat*.lib filenames with MSVC | ||||
| * | CMake: Ensure libexpat*.lib filenames with MSVCfix-msvc-lib-files-naming | Sebastian Pipping | 2021-12-15 | 2 | -2/+5 |
|/ | | | | | | This fixes a post-2.4.1 regression from commit 3486fd6e3d2bc269660cedd3befa1ae649d1dcf4 introduced by pull request #495. | ||||
* | Merge pull request #523 from libexpat/issue-522-fix-return-value-docs | Sebastian Pipping | 2021-12-14 | 2 | -2/+4 |
|\ | | | | | [docs] Fix return value docs on XML_SetBillionLaughs[..] functions (fixes #522) | ||||
| * | doc: Fix return value docs on XML_SetBillionLaughs[..] functions (#522)issue-522-fix-return-value-docs | Sebastian Pipping | 2021-12-14 | 2 | -2/+4 |
|/ |