vendor/expat: upgrade from 2.1.0 to 2.5.0
Summary of notable changes:
- Detect overflow from len=INT_MAX call to XML_Parse
- Fix a dangling pointer issue related to realloc
- Fix copying of partial characters for UTF-8 input
- Avoid doing arithmetic with NULL pointers in XML_GetBuffer
- Fix reading uninitialized variable during parsing
- CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
- Fix potential null pointer dereference
- Following CVEs were handled (not a complete list)
CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2012-0876
CVE-2012-6702, CVE-2017-9233, CVE-2016-9063, CVE-2018-20843
CVE-2019-15903,CVE-2013-0340/CWE-776, CVE-2021-45960
CVE-2021-46143, CVE-2022-22822 to CVE-2022-22827
CVE-2022-23852, CVE-2022-23990, CVE-2022-43680
For detailed list of all changes, bugfixes and improvements, see Changes.
32 files changed: