search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: fd43634) | patch
vendor/expat: upgrade from 2.1.0 to 2.5.0vendor/EXPAT
commit0c65ac1dc98bdeacfd970251eb73ccf33a29b90b
authorAntonio Huete Jimenez <tuxillo@quantumachine.net>
Sat, 12 Nov 2022 15:38:24 +0000 (12 16:38 +0100)
committerAntonio Huete Jimenez <tuxillo@quantumachine.net>
Sat, 12 Nov 2022 15:53:35 +0000 (12 16:53 +0100)
tree5b8522321faea8776932017f6675094154635254tree | snapshot (tar.gz zip)
parentfd43634529f3dae75707ea9b0fd56fd06a9cad78commit | diff
vendor/expat: upgrade from 2.1.0 to 2.5.0

Summary of notable changes:

 - Detect overflow from len=INT_MAX call to XML_Parse
 - Fix a dangling pointer issue related to realloc
 - Fix copying of partial characters for UTF-8 input
 - Avoid doing arithmetic with NULL pointers in XML_GetBuffer
 - Fix reading uninitialized variable during parsing
 - CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
 - Fix potential null pointer dereference
 - Following CVEs were handled (not a complete list)
   CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2012-0876
   CVE-2012-6702, CVE-2017-9233, CVE-2016-9063, CVE-2018-20843
   CVE-2019-15903,CVE-2013-0340/CWE-776, CVE-2021-45960
   CVE-2021-46143, CVE-2022-22822 to CVE-2022-22827
   CVE-2022-23852, CVE-2022-23990, CVE-2022-43680

For detailed list of all changes, bugfixes and improvements, see Changes.
32 files changed:
contrib/expat/COPYING [changed mode: 0755->0644] diff | blob | blame | history
contrib/expat/Changes [changed mode: 0755->0644] diff | blob | blame | history
contrib/expat/expat_config.h [new file with mode: 0644] blob
contrib/expat/expat_config.h.in [deleted file] blob | blame | history
contrib/expat/lib/Makefile.MPW [deleted file] blob | blame | history
contrib/expat/lib/amigaconfig.h [deleted file] blob | blame | history
contrib/expat/lib/ascii.h diff | blob | blame | history
contrib/expat/lib/asciitab.h diff | blob | blame | history
contrib/expat/lib/expat.dsp [deleted file] blob | blame | history
contrib/expat/lib/expat.h diff | blob | blame | history
contrib/expat/lib/expat_external.h diff | blob | blame | history
contrib/expat/lib/expat_static.dsp [deleted file] blob | blame | history
contrib/expat/lib/expatw.dsp [deleted file] blob | blame | history
contrib/expat/lib/expatw_static.dsp [deleted file] blob | blame | history
contrib/expat/lib/iasciitab.h diff | blob | blame | history
contrib/expat/lib/internal.h diff | blob | blame | history
contrib/expat/lib/latin1tab.h diff | blob | blame | history
contrib/expat/lib/libexpat.def [deleted file] blob | blame | history
contrib/expat/lib/libexpatw.def [deleted file] blob | blame | history
contrib/expat/lib/macconfig.h [deleted file] blob | blame | history
contrib/expat/lib/nametab.h diff | blob | blame | history
contrib/expat/lib/siphash.h [new file with mode: 0644] blob
contrib/expat/lib/utf8tab.h diff | blob | blame | history
contrib/expat/lib/winconfig.h diff | blob | blame | history
contrib/expat/lib/xmlparse.c diff | blob | blame | history
contrib/expat/lib/xmlrole.c diff | blob | blame | history
contrib/expat/lib/xmlrole.h diff | blob | blame | history
contrib/expat/lib/xmltok.c diff | blob | blame | history
contrib/expat/lib/xmltok.h diff | blob | blame | history
contrib/expat/lib/xmltok_impl.c diff | blob | blame | history
contrib/expat/lib/xmltok_impl.h diff | blob | blame | history
contrib/expat/lib/xmltok_ns.c diff | blob | blame | history
DragonFly BSD