summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Changes: Document CVE-2022-22822 to CVE-2022-22827prevent-more-integer-overflowsSebastian Pipping2022-01-121-0/+10
|
* lib: Prevent integer overflow at multiple places (CVE-2022-22822 to ↵Sebastian Pipping2022-01-121-2/+151
| | | | | | | | | | | | CVE-2022-22827) The involved functions are: - addBinding (CVE-2022-22822) - build_model (CVE-2022-22823) - defineAttribute (CVE-2022-22824) - lookup (CVE-2022-22825) - nextScaffoldPart (CVE-2022-22826) - storeAtts (CVE-2022-22827)
* linux.yml: Add some -m32 coverage to -DEXPAT_ATTR_INFO=ONSebastian Pipping2022-01-101-0/+2
|
* Merge pull request #538 from libexpat/issue-532-integer-overflowSebastian Pipping2022-01-102-0/+21
|\ | | | | [CVE-2021-46143] lib: Prevent integer overflow on m_groupSize in function doProlog (fixes #532)
| * Changes: Document integer overflow CVE-2021-46143Sebastian Pipping2022-01-101-0/+6
| |
| * lib: Prevent integer overflow on m_groupSize in function doProlog ↵Sebastian Pipping2022-01-101-0/+15
|/ | | | (CVE-2021-46143)
* Merge pull request #541 from libexpat/fix-run-sh-in-for-native-windowsSebastian Pipping2022-01-102-1/+14
|\ | | | | run.sh.in: Do not use Wine with Cygwin and MSYS2
| * run.sh.in: Do not use Wine with Cygwin and MSYS2fix-run-sh-in-for-native-windowsSebastian Pipping2022-01-092-1/+14
|/
* Merge pull request #534 from libexpat/issue-531-troublesome-shiftsSebastian Pipping2022-01-072-2/+48
|\ | | | | [CVE-2021-45960] lib: Detect and prevent troublesome left shifts in function storeAtts (fixes #531)
| * Changes: Document CVE-2021-45960issue-531-troublesome-shiftsSebastian Pipping2022-01-051-0/+19
| |
| * lib: Detect and prevent troublesome left shifts in function storeAtts ↵Sebastian Pipping2022-01-051-2/+29
|/ | | | (CVE-2021-45960)
* Merge pull request #536 from libexpat/actions-cover-cmake-required-versionSebastian Pipping2022-01-012-0/+75
|\ | | | | Actions: Check for realistic minimum CMake version requirement
| * Actions: Check for realistic minimum CMake version requirementactions-cover-cmake-required-versionSebastian Pipping2022-01-012-0/+75
|/
* Merge pull request #535 from libexpat/cmake-fix-call-to-file-generateSebastian Pipping2021-12-313-9/+9
|\ | | | | CMake: Make call to file(GENERATE [..]) work for CMake <3.19
| * CMake: Make call to file(GENERATE [..]) work for CMake <3.19cmake-fix-call-to-file-generateSebastian Pipping2021-12-313-9/+9
|/ | | | | | | Error from CMake 3.7.2 was: CMake Error at CMakeLists.txt:482 (file): file Incorrect arguments to GENERATE subcommand.
* Merge pull request #529 from libexpat/actions-cover-m32Sebastian Pipping2021-12-284-3/+50
|\ | | | | GitHub Actions: Cover -m32 + store coverage results as an artifact
| * coverage.yml: Store coverage .info and HTML reportactions-cover-m32Sebastian Pipping2021-12-281-0/+7
| |
| * linux.yml: Add some coverage to -m32 32bit modeSebastian Pipping2021-12-281-0/+4
| |
| * coverage.sh: Simplify directory naming schemeSebastian Pipping2021-12-281-3/+9
| |
| * coverage.sh: Start coveraging -m32Sebastian Pipping2021-12-282-1/+11
| |
| * CMake: Add unofficial flag for passing 32bit compile flag -m32Sebastian Pipping2021-12-271-0/+20
|/
* Merge pull request #528 from libexpat/actions-upgrade-clangSebastian Pipping2021-12-265-10/+12
|\ | | | | Upgrade Clang from 11 to 13 (and fix a related warning)
| * Actions: Upgrade Clang from 11 to 13actions-upgrade-clangSebastian Pipping2021-12-263-9/+9
| |
| * xmlwf: Address Clang 13 warning -Wunused-but-set-variableSebastian Pipping2021-12-262-1/+3
|/
* Merge pull request #527 from libexpat/address-compiler-warningsSebastian Pipping2021-12-252-1/+5
|\ | | | | lib: Address GCC 11.2.1 compiler warning
| * lib: Address GCC 11.2.1 compiler warningaddress-compiler-warningsSebastian Pipping2021-12-252-1/+5
|/ | | | | | | | | | | | | | | | | | | | | | | Symptom was: In file included from xmltok.c:58: xmltok_ns.c: In function ‘findEncodingNS’: xmltok.h:276:10: warning: ‘buf’ may be used uninitialized [-Wmaybe-uninitialized] 276 | (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim)) | ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’ 99 | XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1); | ^~~~~~~~~~~~~~ xmltok.h:276:10: note: by argument 5 of type ‘const char *’ to ‘enum XML_Convert_Result(const ENCODING *, const char **, const char *, char **, const char *)’ {aka ‘enum XML_Convert_Result(const struct encoding *, const char **, const char *, char **, const char *)’} 276 | (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim)) | ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’ 99 | XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1); | ^~~~~~~~~~~~~~ In file included from xmltok.c:1666: xmltok_ns.c:96:8: note: ‘buf’ declared here 96 | char buf[ENCODING_MAX]; | ^~~
* .gitignore: Fully cover ./distribute.sh outputSebastian Pipping2021-12-191-2/+1
|
* Merge pull request #526 from libexpat/issue-525-prepare-releaseR_2_4_2Sebastian Pipping2021-12-1911-18/+23
|\ | | | | Release Expat 2.4.2 (part of #525)
| * Set expected release date for 2.4.2issue-525-prepare-releaseSebastian Pipping2021-12-192-2/+2
| |
| * Bump version to 2.4.2Sebastian Pipping2021-12-178-13/+13
| |
| * Bump version info from 9:1:8 to 9:2:8Sebastian Pipping2021-12-173-2/+4
| | | | | | | | See https://verbump.de/ for what these numbers do
| * Changes: Document #502 #503 #507 #519 + fix reference to #498Sebastian Pipping2021-12-171-1/+4
|/
* Merge pull request #524 from libexpat/fix-msvc-lib-files-namingSebastian Pipping2021-12-152-2/+5
|\ | | | | CMake: Ensure libexpat*.lib filenames with MSVC
| * CMake: Ensure libexpat*.lib filenames with MSVCfix-msvc-lib-files-namingSebastian Pipping2021-12-152-2/+5
|/ | | | | | This fixes a post-2.4.1 regression from commit 3486fd6e3d2bc269660cedd3befa1ae649d1dcf4 introduced by pull request #495.
* Merge pull request #523 from libexpat/issue-522-fix-return-value-docsSebastian Pipping2021-12-142-2/+4
|\ | | | | [docs] Fix return value docs on XML_SetBillionLaughs[..] functions (fixes #522)
| * doc: Fix return value docs on XML_SetBillionLaughs[..] functions (#522)issue-522-fix-return-value-docsSebastian Pipping2021-12-142-2/+4
|/
* Merge pull request #519 from libexpat/sync-autotools-cmake-templatesSebastian Pipping2021-11-261-2/+2
|\ | | | | autotools: Sync expat.cmake to agree with CI
| * autotools: Sync expat.cmake to agree with CIsync-autotools-cmake-templatesSebastian Pipping2021-11-261-2/+2
|/
* Merge pull request #517 from ↵Sebastian Pipping2021-11-087-7/+7
|\ | | | | | | | | libexpat/dependabot/github_actions/actions/checkout-2.4.0 Actions(deps): Bump actions/checkout from 2.3.5 to 2.4.0
| * Actions(deps): Bump actions/checkout from 2.3.5 to 2.4.0dependabot[bot]2021-11-087-7/+7
|/ | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.3.5...v2.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* Merge pull request #515 from ↵Sebastian Pipping2021-10-187-7/+7
|\ | | | | | | | | libexpat/dependabot/github_actions/actions/checkout-2.3.5 Actions(deps): Bump actions/checkout from 2.3.4 to 2.3.5
| * Actions(deps): Bump actions/checkout from 2.3.4 to 2.3.5dependabot[bot]2021-10-187-7/+7
|/ | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.3.5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.3.5) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* Get attribution headers back in syncSebastian Pipping2021-10-172-1/+2
| | | | Follow-up to pull requests #503 and #510
* Merge branch 'corona10-gh-513' (fixes #513, pull request #514)Sebastian Pipping2021-10-176-12/+19
|\
| * Changes: Document #513 and #514Sebastian Pipping2021-10-171-0/+2
| |
| * Apply #514 to attribution headersSebastian Pipping2021-10-175-0/+5
| |
| * Reorder the location of including expat_config.hDong-hee Na2021-10-175-12/+12
|/
* Merge pull request #510 from libexpat/issue-509-link-against-libmSebastian Pipping2021-09-2011-4/+43
|\ | | | | Link against libm for function "isnan" (fixes #509)
| * Autotools|CMake: Link against libm for function "isnan"Sebastian Pipping2021-09-2011-3/+42
| | | | | | | | | | | | | | $ git --no-pager grep -lw isnan lib/xmlparse.c tests/runtests.c xmlwf/xmlwf.c
| * autotools-cmake.yml: Add missing full stopSebastian Pipping2021-09-101-1/+1
|/
View Lorry Controller Status