Permalink
Commits on Aug 15, 2018
  1. [update to 2.2.6] (#170) Prevent XML_GetBuffer doing arithmetic with …

    fenrus75 authored and clrbuilder committed Aug 15, 2018
    …NULL pointers
    
    Anton Maklakov (1):
          Fix -Wimplicit-fallthrough related warnings
    
    Benjamin Peterson (1):
          fix capitalization in comment
    
    Brad King (1):
          CMake: Prefer check_symbol_exists over check_function_exists
    
    Frank Rast (3):
          CMake: fix option XML_DEV_URANDOM to use set()
          CMake: Add options XML_UNICODE and XML_UNICODE_WCHAR_T
          CMake: Show error if combination of XML_UNICODE, XML_UNICODE_WCHAR_T and BUILD_tools is not supported.
    
    Joe Orton (1):
          Allow configure with DOCBOOK_TO_MAN="xmlto man --skip-validation".
    
    Rhodri James (5):
          Add regression test for issue #204, resume failure on empty input
          Fix for #204, XML_ResumeParser regression
          Revise (according to @hartwork's plan) nearer to original code (#204)
          Remove senseless pointer arithmetic (issue #170)
          (#170) Prevent XML_GetBuffer doing arithmetic with NULL pointers
    
    Rolf Eike Beer (4):
          CMake: create the same pkg-config file as the autotools build
          TravisCI: also test CMake build out of source
          TravisCI: simplify printing installed files
          CMake: Use GNUInstallDirs module to set proper defaults for install directories
    
    Sebastian Pipping (54):
          Changes: Document upgrade to Visual Studio 2017
          Avoid grep option `-q` for Solaris (#166)
          Changes: Document #167
          Merge branch 'notroj-doc2man' (#167)
          Changes: Limit scope of grep -q to autotools build system (#166)
          Fix configure syntax error (#165)
          Add Visual Studio const correctness compiler warnings
          qa.sh: Start using -Werror
          Address warning about sip_tobin by Visual Studio
          Address 64bit size_t loss warning for Visual Studio
          Address 64bit intptr_t loss warning for Visual Studio
          Changes: Give credit to vanklompf
          Merge branch 'vanklompf-cherry-pick' (issue #131, pr #173)
          Changes: Use vanklompf's real name (#173)
          Changes: Move 2.2.6+ changes where they belong
          Changes: Document new CMake option WARNINGS_AS_ERRORS
          Merge branch 'vanklompf-werror' (pull request #174)
          Travis CI: Cover CMake, at least superficially
          Merge branch 'bradking-check-symbol-exists' (pull request #175)
          Merge branch 'issue-165-fix-configure' (issue #165, pull request #168)
          Changes: Add missing pull request references for 2.2.6
          Changes: Document #176
          Merge branch 'DerDakon-CMake-pc' (merge request #176)
          Merge branch 'DerDakon-Travis-CMake-OOS' (merge request #177)
          Merge branch 'DerDakon-CMake-installdirs' (pull request #179)
          runtests.c: Support Visual Studio <=9.x/2008 w/o stdint.h (#180)
          Changes: Document #181
          CMakeLists.txt: Adjust style for readability and consistency (#184)
          Changes: Document #184
          expat.h: Fix comment typo (#187)
          configure.ac: Detect and report SGML docbook2man (#188)
          Travis CI: Unbreak compilation with address sanitizer
          Travis CI: Drop installation of Clang 4
          Changes: Document #190
          Merge branch 'luzpaz-misc-typos' (#190)
          Support db2x_docbook2man for man page compilation (#188)
          Merge pull request #200 from benjaminp/patch-1
          configure.ac: Limit SGML docbook2man detection to when it was found (#188)
          configure.ac: Fix wording (#188)
          Changes: Document #200
          siphash.h: Fix indentation (#202)
          Document #202
          Merge branch 'antmak-fix_fallthrough_warn' (#202)
          Changes: Document #204 and #205
          Merge branch 'issue_204_fix' (#205, fixes #204)
          Changes: Document #170 and #206
          Merge branch 'issue_170_fix' (#206, fixes #170)
          Re-add int casts dropped at 3960f6061ac4a7a54d96153613b10efc072a6eee (#170)
          Changes: Document #207 and #208, give credit to @frast
          Merge branch 'frast-issue207' (#208, fixes #207)
          Add script to create signed tarballs for upload (#193)
          tests/.gitignore: Add .log and .trs
          Bump version info from 7:7:6 to 7:8:6 (#209)
          Prepare release version 2.2.6 (#209)
    
    Tomasz Kłoczko (1):
          Drop -rpath libtool option as libexpat.so has no dependencies (#181)
    
    luz.paz (1):
          Misc. typos
    
    pedro-vicente (1):
          CMake: Add option MSVC_USE_STATIC_CRT (#184)
    
    vanklompf (3):
          Enable CRT_SECURE_NO_WARNINGS in default VC projects
          Fix missing posix functions declaration on Visual Studio build
          CMake option to treat warnings as errors
    
    Release 2.2.6 Sun August 12 2018
            Bug fixes:
           #170 #206  Avoid doing arithmetic with NULL pointers in XML_GetBuffer
           #204 #205  Fix 2.2.5 regression with suspend-resume while parsing
                        a document like '<root/>'
    
            Other changes:
           #165 #168  Autotools: Fix docbook-related configure syntax error
                #166  Autotools: Avoid grep option `-q` for Solaris
                #167  Autotools: Support
                        ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
           #159 #167  Autotools: Support DOCBOOK_TO_MAN command which produces
                        xmlwf.1 rather than XMLWF.1; also covers case insensitive
                        file systems
                #181  Autotools: Drop -rpath option passed to libtool
    
    (NEWS truncated at 15 lines)
Commits on May 14, 2018
Commits on Feb 9, 2018
Commits on Nov 10, 2017
  1. expat: Autospec creation for update from version 2.2.4 to version 2.2.5

    fenrus75 authored and clrbuilder committed Nov 9, 2017
    Release 2.2.5 Tue October 31 2017
            Bug fixes:
                  #8  If the parser runs out of memory, make sure its internal
                        state reflects the memory it actually has, not the memory
                        it wanted to have.
                 #11  The default handler wasn't being called when it should for
                        a SYSTEM or PUBLIC doctype if an entity declaration handler
                        was registered.
           #137 #138  Fix a case of mistakenly reported parsing success where
                        XML_StopParser was called from an element handler
                #162  Function XML_ErrorString was returning NULL rather than
                        a message for code XML_ERROR_INVALID_ARGUMENT
                        introduced with release 2.2.1
    
            Other changes:
    
    (NEWS truncated at 15 lines)
Commits on Aug 21, 2017
  1. expat: Autospec creation for update from version 2.2.3 to version 2.2.4

    fenrus75 authored and clrbuilder committed Aug 20, 2017
    Release 2.2.4 Sat Auguest 19 2017
            Bug fixes:
                #115  Fix copying of partial characters for UTF-8 input
    
            Other changes:
                #109  Fix "make check" for non-x86 architectures that default
                        to unsigned type char (-128..127 rather than 0..255)
                #109  coverage.sh: Cover -funsigned-char
                      Autotools: Introduce --without-xmlwf argument
                 #65  Autotools: Replace handwritten Makefile with GNU Automake
                 #43  CMake: Auto-detect high quality entropy extractors, add new
                        option USE_libbsd=ON to use arc4random_buf of libbsd
                 #74  CMake: Add -fno-strict-aliasing only where supported
                #114  CMake: Always honor manually set BUILD_* options
                #114  CMake: Compile man page if docbook2x-man is available, only
    
    (NEWS truncated at 15 lines)
Commits on Aug 4, 2017
  1. expat: Autospec creation for version 2.2.3

    fenrus75 authored and clrbuilder committed Aug 4, 2017
Commits on Jul 24, 2017
  1. expat: Autospec creation for version 2.2.2

    fenrus75 authored and clrbuilder committed Jul 21, 2017
Commits on Jul 17, 2017
Commits on Jun 19, 2017
  1. expat: Autospec creation for update from version 2.2.0 to version 2.2.1

    fenrus75 authored and clrbuilder committed Jun 18, 2017
    Release 2.2.1 Sat June 17 2017
            Security fixes:
                      CVE-2017-9233 -- External entity infinite loop DoS
                        Details: https://libexpat.github.io/doc/cve-2017-9233/
                        Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
       [MOX-002]      CVE-2016-9063 -- Detect integer overflow; commit
                        d4f735b88d9932bd5039df2335eefdd0723dbe20
                        (Fixed version of existing downstream patches!)
       (SF.net) #539  Fix regression from fix to CVE-2016-0718 cutting off
                        longer tag names; commits
                        * 896b6c1fd3b842f377d1b62135dccf0a579cf65d
                        * af507cef2c93cb8d40062a0abe43a4f4e9158fb2
                 #16    * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
                 #25  More integer overflow detection (function poolGrow); commits
                        * 810b74e4703dcfdd8f404e3cb177d44684775143
    
    (NEWS truncated at 15 lines)
    
    CVEs fixed in this build:
    CVE-2012-0876
    CVE-2016-0718
    CVE-2016-5300
    CVE-2016-9063
    CVE-2017-9233
    
    New build requirements detected
Commits on Jun 7, 2017
  1. version bump from 2.2.0-25 to 2.2.0-26

    fenrus75 authored and clrbuilder committed May 16, 2017
  2. version bump from 2.2.0-24 to 2.2.0-25

    fenrus75 authored and clrbuilder committed May 16, 2017
  3. additionaly URL for sourceforge package

    Gabib32 authored and clrbuilder committed Mar 22, 2017
    Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
  4. expat: Autospec creation for version 2.2.0

    fenrus75 authored and clrbuilder committed Dec 11, 2016
  5. expat: Autospec creation for version 2.2.0

    fenrus75 authored and clrbuilder committed Dec 11, 2016
  6. expat: Autospec creation for version 2.2.0

    mrkz authored and clrbuilder committed Jul 7, 2016
  7. remove unapplied patches

    mrkz authored and clrbuilder committed Jul 7, 2016
  8. handle cve-2016-4472

    mrkz authored and clrbuilder committed Jul 7, 2016
  9. expat: Autospec creation for version 2.2.0

    fenrus75 authored and clrbuilder committed Jun 23, 2016
  10. expat: Autospec creation for version 2.1.1

    Ikey Doherty clrbuilder
    Ikey Doherty authored and clrbuilder committed May 18, 2016
  11. Incorporate CVE patches

    Ikey Doherty clrbuilder
    Ikey Doherty authored and clrbuilder committed May 18, 2016
    Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
  12. GCC-6 rebuild: version bump from 2.1.1-18 to 2.1.1-19

    fenrus75 authored and clrbuilder committed Apr 30, 2016
  13. version bump from 2.1.1-17 to 2.1.1-18

    fenrus75 authored and clrbuilder committed Apr 29, 2016
  14. expat: Autospec creation for version 2.1.1

    fenrus75 authored and clrbuilder committed Apr 5, 2016
  15. expat: Autospec creation for update from version 2.1.0 to version 2.1.1

    mrkz authored and clrbuilder committed Mar 17, 2016
    Release 2.1.1 Sat March 12 2016
            Security fixes:
                #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
    
            Bug fixes:
                #502: Fix potential null pointer dereference
                #520: Symbol XML_SetHashSalt was not exported
                Output of "xmlwf -h" was incomplete
    
            Other changes
                #503: Document behavior of calling XML_SetHashSalt with salt 0
                Minor improvements to man page xmlwf(1)
                Improvements to the experimental CMake build system
                libtool now invoked with --verbose
  16. new CFLAGS.. version bump from 2.1.0-14 to 2.1.0-15

    fenrus75 authored and clrbuilder committed Sep 28, 2015
  17. Import.

    fenrus75 authored and clrbuilder committed Nov 27, 2014