organicmaps/libexpat
13
Fork 0
mirror of https://github.com/libexpat/libexpat.git synced 2025-04-13 08:02:56 +00:00
Code Issues 1 Projects Releases Wiki Activity Actions
4186 commits 2 branches 65 tags 40 MiB
Commit graph

4186 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot[bot]
2ddf759f59
Actions(deps): Bump actions/checkout from 4.1.3 to 4.1.4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](1d96c772d1...0ad4b8fada)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-29 12:06:18 +00:00
Sebastian Pipping
a2b44bd2d2
Merge pull request #864 from dag-erling/des/tests-readme 
tests: Convert README to Markdown and update.
 2024-04-27 23:19:35 +02:00
Dag-Erling Smørgrav
abb1c4a380 tests: Convert README to Markdown and update. 2024-04-27 15:04:57 +02:00
Sebastian Pipping
9134d0d6e0
Merge pull request #861 from dag-erling/des/mkdir-m4 
Ensure that the m4 directory always exists.
 2024-04-23 03:17:22 +02:00
Sebastian Pipping
46062b600d
Merge pull request #862 from dag-erling/des/squiggle 
Protect us against Emacs users.
 2024-04-23 03:09:57 +02:00
Sebastian Pipping
8fd3e86f28
Merge pull request #859 from libexpat/dependabot/github_actions/actions/upload-artifact-4.3.2 
Actions(deps): Bump actions/upload-artifact from 4.3.1 to 4.3.2
 2024-04-22 23:41:55 +02:00
Sebastian Pipping
4c64d11182
Merge pull request #860 from libexpat/dependabot/github_actions/actions/checkout-4.1.3 
Actions(deps): Bump actions/checkout from 4.1.2 to 4.1.3
 2024-04-22 23:40:34 +02:00
Dag-Erling Smørgrav
886f7ea7b7 Protect us against Emacs users. 2024-04-22 16:37:53 +02:00
Dag-Erling Smørgrav
1b6a4f19c6 Ensure that the m4 directory always exists. 2024-04-22 16:34:07 +02:00
dependabot[bot]
cd36384231
Actions(deps): Bump actions/checkout from 4.1.2 to 4.1.3 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](9bb56186c3...1d96c772d1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-22 12:20:20 +00:00
dependabot[bot]
f16b7aa1ec
Actions(deps): Bump actions/upload-artifact from 4.3.1 to 4.3.2 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](5d5d22a312...1746f4ab65)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-22 12:20:09 +00:00
Sebastian Pipping
e48ab6604f
Merge pull request #851 from libexpat/autotools-sync-cmake-files 
autotools: Sync CMake templates with CMake 3.27
 2024-04-07 22:30:04 +02:00
Sebastian Pipping
ef50fb208b
Merge pull request #855 from libexpat/issue-854-cmake-fix-use-of-check-symbol-exists 
cmake: Fix check for symbols `size_t` and `off_t` (fixes #854)
 2024-04-04 18:31:28 +02:00
Sebastian Pipping
059a4aa71d
Merge pull request #856 from libexpat/fix-main 
Fix `main()` to `main(void)`
 2024-04-04 01:09:38 +02:00
Sebastian Pipping
26f7cbbf4a cmake: Fix check for symbols size_t and off_t 
The two issues with the previous approach were that:

1. `check_symbol_exists` would store "1" or "" into
   variable `off_t` rather than string "off_t", and

2. (`check_symbol_exists` would not find `off_t` or
   `size_t` on modern Linux).

Was reported with NetBSD 9.3.

`size_t` is part of C99 (which Expat requires), so
only the `off_t` half remains.
 2024-04-04 00:01:22 +02:00
Sebastian Pipping
5434a74081
Merge pull request #853 from bluhm/find-path 
Always provide path to find(1) for portability
 2024-04-03 23:51:03 +02:00
Sebastian Pipping
13e84bb374 Fix main() to main(void) 2024-04-03 02:21:37 +02:00
Alexander Bluhm
2b8492d622
Always provide path to find. 
Running find without path is a GNU extension.  GNU find uses current
directory as starting-point in this case.  Better always use an
explicit . in build scripts to support find on other systems.
 2024-04-01 23:15:15 +02:00
Sebastian Pipping
d420c32d67 autotools: Sync CMake templates with CMake 3.27 2024-03-29 22:17:56 +01:00
Sebastian Pipping
d450c1b439
Merge pull request #741 from libexpat/drop-support-msvc-2017 
[>=2024-04-02] Drop support for Visual Studio 15 2017
 2024-03-23 19:37:22 +01:00
Sebastian Pipping
2874a26eeb win32/build_expat_iss.bat: Add missing "-A Win32" for Visual Studio 16 2019 2024-03-23 17:53:46 +01:00
Sebastian Pipping
f8fb85ec8c Drop support for Visual Studio 15 2017 2024-03-23 17:22:05 +01:00
Sebastian Pipping
d04f8ef887
Merge pull request #850 from libexpat/dependabot/github_actions/actions/checkout-4.1.2 
Actions(deps): Bump actions/checkout from 4.1.1 to 4.1.2
 2024-03-19 22:50:07 +01:00
dependabot[bot]
571a62c8f5
Actions(deps): Bump actions/checkout from 4.1.1 to 4.1.2 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](b4ffde65f4...9bb56186c3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-18 12:03:05 +00:00
Sebastian Pipping
a59c3edffa
Merge pull request #849 from libexpat/allow-triggering-github-actions-workflows-manually 
Allow triggering GitHub Actions workflows manually
 2024-03-17 23:00:53 +01:00
Sebastian Pipping
91116dfa7e Allow triggering GitHub Actions workflows manually 
Some already had "workflow_dispatch" enabled.
 2024-03-17 15:30:47 +01:00
Sebastian Pipping
fa75b96546
Merge pull request #843 from libexpat/issue-838-prepare-release 
Prepare release 2.6.2 (part of #838, ETA 2024-03-13)
 2024-03-13 17:37:37 +01:00
Sebastian Pipping
8548bc03fd Changes: Add call for help 2024-03-13 14:37:05 +01:00
Sebastian Pipping
86d6052c5e Set release date for 2.6.2 2024-03-13 14:37:05 +01:00
Sebastian Pipping
13cff445fa Bump version to 2.6.2 2024-03-13 14:37:05 +01:00
Sebastian Pipping
557f1255f9 Bump version info from 10:1:9 to 10:2:9 
See https://verbump.de/ for what these numbers do
 2024-03-13 14:37:05 +01:00
Sebastian Pipping
98ee1baef8 Changes: Document changes in release Expat 2.6.2 2024-03-13 14:37:05 +01:00
Sebastian Pipping
5bf8ed66ef
Merge pull request #847 from TomasKorbar/doc-makefile 
[2.6.1] Fix DOCBOOK_TO_MAN variable use in doc Makefile
 2024-03-13 14:22:48 +01:00
Tomas Korbar
c32ed08191 Fix DOCBOOK_TO_MAN variable use in doc Makefile 
Not using quotes causes problems when DOCBOOK_TO_MAN contains
command and argument
 2024-03-13 11:01:52 +01:00
Sebastian Pipping
5026213864
Merge pull request #842 from libexpat/issue-839-billion-laughs-isolated-external-parser 
Prevent billion laughs attacks in isolated external parser (part of #839)
 2024-03-07 22:14:09 +01:00
Sebastian Pipping
27525adabd
Merge pull request #841 from libexpat/issue-839-reject-direct-parameter-entity-recursion 
Reject direct parameter entity recursion (part of #839)
 2024-03-07 20:24:13 +01:00
Sebastian Pipping
072eca0b72 tests: Cover amplification tracking for isolated external parser 2024-03-06 23:41:33 +01:00
Sebastian Pipping
1d50b80cf3 lib/xmlparse.c: Detect billion laughs attack with isolated external parser 
When parsing DTD content with code like ..

  XML_Parser parser = XML_ParserCreate(NULL);
  XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
  enum XML_Status status = XML_Parse(ext_parser, doc, (int)strlen(doc), XML_TRUE);

.. there are 0 bytes accounted as direct input and all input from `doc` accounted
as indirect input.  Now function accountingGetCurrentAmplification cannot calculate
the current amplification ratio as "(direct + indirect) / direct", and it did refuse
to divide by 0 as one would expect, but it returned 1.0 for this case to indicate
no amplification over direct input.  As a result, billion laughs attacks from
DTD-only input were not detected with this isolated way of using an external parser.

The new approach is to assume direct input of length not 0 but 22 -- derived from
ghost input "<!ENTITY a SYSTEM 'b'>", the shortest possible way to include an external
DTD --, and do the usual "(direct + indirect) / direct" math with "direct := 22".

GitHub issue #839 has more details on this issue and its origin in ClusterFuzz
finding 66812.
 2024-03-06 23:41:07 +01:00
Sebastian Pipping
565ab44a42 tests: Cover rejection of direct parameter entity recursion 2024-03-06 22:34:26 +01:00
Sebastian Pipping
a4c86a395e lib/xmlparse.c: Reject directly recursive parameter entities 2024-03-06 22:34:26 +01:00
Sebastian Pipping
6bcb991574
Merge pull request #837 from libexpat/extend-2-6-1-change-log 
Add missing #821 #824 to 2.6.1 change log
 2024-03-01 20:15:09 +01:00
Sebastian Pipping
8f75c53615 Changes: Add missing #821 #824 to 2.6.1 change log 2024-02-29 22:09:53 +01:00
Sebastian Pipping
a590b2d584
Merge pull request #834 from libexpat/issue-832-prepare-release 
Prepare release 2.6.1 (part of #832, ETA 2024-02-29)
 2024-02-29 21:19:01 +01:00
Sebastian Pipping
1cf882e79c
Merge pull request #836 from libexpat/issue-828-expose-billion-laughs-api-with-xml-dtd-without-xml-ge 
Expose billion laughs API with `XML_DTD` without `XML_GE` (fixes #828)
 2024-02-29 20:07:11 +01:00
Sebastian Pipping
58ff7c39ea Sync file headers 2024-02-28 23:41:43 +01:00
Sebastian Pipping
fce4b9f3b3 Set release date for 2.6.1 2024-02-28 23:41:42 +01:00
Sebastian Pipping
dfe043fe6a Bump version to 2.6.1 2024-02-28 23:41:31 +01:00
Sebastian Pipping
fbe7b9345b Bump version info from 10:0:9 to 10:1:9 
See https://verbump.de/ for what these numbers do
 2024-02-28 23:41:31 +01:00
Sebastian Pipping
3dc137ea05 Changes: Document changes in release Expat 2.6.1 2024-02-28 23:41:29 +01:00
Sebastian Pipping
ea52834709 doc/reference.html: Drop inaccurate statement about XML_* macros 
The statement is falsified by these macros:
- XML_ATTR_INFO
- XML_DTD
- XML_GE
 2024-02-28 20:47:45 +01:00