summaryrefslogtreecommitdiffstats
path: root/lib/libexpat (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Update libexpat to 2.2.10. Relevant are only bug fixes #390 #395bluhm2020-12-2910-116/+253
| | | | | #398 #404 #405 and other changes #354 #355 #412. OK deraadt@
* Update libexpat to 2.2.8. CVE-2019-15903 has been fixed earlierbluhm2019-09-2534-13950/+12611
| | | | | | in our tree. Relevant is only bug fix #240. Most of the upstream diff is automated source format change. OK deraadt@
* Fix heap overflow in libexpat 2.2.7 triggered by XML_GetCurrentLineNumberbluhm2019-09-101-7/+13
| | | | | | | (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype; CVE-2019-15903 fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43 OK tb@
* Update libexpat to 2.2.7. Relevant for OpenBSD is only the fix forbluhm2019-06-299-29/+56
| | | | | | CVE-2018-20843, a potential denial-of-service in libexpat due to high RAM and CPU usage. OK deraadt@
* Update libexpat to 2.2.6. Relevant for OpenBSD isbluhm2018-08-229-317/+448
| | | | | | | | - Avoid doing arithmetic with NULL pointers in XML_GetBuffer - Fix 2.2.5 regression with suspend-resume while parsing a document like '<root/>' - Address compiler warnings - Fix miscellaneous typos
* Update libexpat to 2.2.5. Changes for OpenBSD include a few bugbluhm2017-11-0218-2015/+2432
| | | | | fixes, no library bump needed. OK deraadt@
* Update libexpat to 2.2.4. Fix copying partial UTF-8 characters.bluhm2017-08-2332-159/+983
| | | | OK deraadt@
* Update libexpat to 2.2.3. Only few changes affect OpenBSD.bluhm2017-08-0414-629/+9387
| | | | OK deraadt@
* Gcc3 does not have -fvisibility feature, so skip -fvisibility=hiddenaoyama2017-07-281-2/+7
| | | | | | flag when compiling with gcc3. ok espie@
* Update libexpat to 2.2.2. Fixes NULL parser dereference.bluhm2017-07-198-36/+162
| | | | no objections deraadt@
* Add ULL suffix to 64 bit constants. This avoids compiler warningsbluhm2017-07-062-6/+5
| | | | | | | on i386 and allows to compile the C++ test. Upstream dropped the ULL in an insufficient attempt to make the siphash code C89 compatible. Their fix will be more complicated. No binary change.
* Compile libexpat with -fvisibility=hidden. This restricts thebluhm2017-07-063-9/+3
| | | | | | | | exported symbols to the indended API. We do not need a Symbols.map anymore. Major library bump is necessary as some internal functions vanish from the ABI. Discussed upstream with Sebastian Pipping; ports bulk build ajacoutot@; OK deraadt@
* Add test suite source files for expat 2.2.1.bluhm2017-06-3012-0/+4557
|
* AmigaOS and pre-X Mac OS support has been dropped in upstreambluhm2017-06-302-82/+0
| | | | libexpat. Remove obsolete header files, missed in previous commit.
* Update libexpat to version 2.2.1 which has some security fixes.bluhm2017-06-3019-454/+1341
| | | | | | | | | | | | | | | | | | - CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718 CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been addressed. Not all of them affect OpenBSD as we had fixes before. - Upstream uses arc4random_buf(3) now. Delete all code for other entropy sources to make sure to compile the correct one. Our library already used arc4random(3) before. - The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c have been commited upstream in a different way. Use the upstream code to make maintenance easier. - Although it should be ABI compatible, there is a new global symbol align_limit_to_full_utf8_characters. As it is in lib/internal.h, add a Symbols.map to restrict the export. Do not bump the shared library version. - Use the internal expat's siphash.h. ports build ajacoutot@; move ahead deraadt@
* Generate pkg-config files at build time like everything else. Thisnatano2016-09-141-2/+3
| | | | | | | avoids permission problems due to the build and install stages being run by different users. ok deraadt jasper
* only regen pkg-config files when required; ok jaspernatano2016-09-041-2/+4
|
* Fix regression introduced by patch to CVE-2016-0718: Tag names were cut off in some cases.rpointel2016-07-291-1/+1
|
* fix CVE-2016-0718.rpointel2016-05-314-75/+146
|
* re-add the check we have in revision 1.12.rpointel2016-05-131-6/+6
| | | | ok jca@ (thanks).
* update libexpat to 2.1.1.rpointel2016-05-097-23/+47
| | | | ok deraadt@ (thanks to sebastian[@]pipping[.]org for information).
* " the the " -> " the ", or in a couple of cases replace the superfluouskrw2016-03-201-1/+1
| | | | | | "the" with the obviously intended word. Started with a "the the" spotted by Mihal Mazurek.
* More overflow checks in XML_GetBuffer(), adapted from FreeBSD securitymiod2015-08-261-1/+5
| | | | | | | advisory FreeBSD-SA-15:20. Most of them were already fixed by niallo@'s work, which unfortunately got removed in r1.10 /-: With help from doug@
* Put back local changes (revisions 1.2 to 1.4), which unfortunately got lost inmiod2015-08-261-2/+12
| | | | | the last upgrade. ok deraadt@
* define BYTEORDER so the endian tests will workjsg2015-05-231-1/+10
| | | | ok deraadt@ miod@
* Switch time_t, ino_t, clock_t, and struct kevent's ident and dataguenther2013-08-131-1/+1
| | | | | | | | | | | | | | | | | | | | members to 64bit types. Assign new syscall numbers for (almost all) the syscalls that involve the affected types, including anything with time_t, timeval, itimerval, timespec, rusage, dirent, stat, or kevent arguments. Add a d_off member to struct dirent and replace getdirentries() with getdents(), thus immensely simplifying and accelerating telldir/seekdir. Build perl with -DBIG_TIME. Bump the major on every single base library: the compat bits included here are only good enough to make the transition; the T32 compat option will be burned as soon as we've reached the new world are are happy with the snapshots for all architectures. DANGER: ABI incompatibility. Updating to this kernel requires extra work or you won't be able to login: install a snapshot instead. Much assistance in fixing userland issues from deraadt@ and tedu@ and build assistance from todd@ and otto@
* remove leftover NOLINT, WANTLINT, LINTFLAGS, LOBJ vars and lint targets.okan2012-08-021-2/+1
| | | | ok guenther@
* unbreak, pointed out by theojasper2012-07-071-2/+1
|
* actually, make this identical to what upstream expat ships nowadays by addingjasper2012-07-071-2/+2
| | | | a URL field and removing the empty Requires.
* add expat.pcjasper2012-07-072-1/+82
| | | | | based on a diff by brad ok sthen@
* update libexpat to 2.1.0.rpointel2012-04-017-81/+302
| | | | | | use arc4random instead of rand/srand in generate_hash_secret_salt, spotted by nicm@ and deraadt@. ok nicm@ deraadt@.
* sync libexpat with upstream. mostly formating cleanup, no binary change.eric2010-06-265-85/+86
| | | | ok deraadt nicm
* merge fixes from upstream (up to rev 1.167)eric2010-05-131-12/+17
| | | | | | notably fix a regression in parsing DTD parameter entities. ok miod@ nicm@
* Security fix for CVE-2009-3560, which could allow attackers to causejasper2009-12-271-1/+0
| | | | | | | a DoS using a specially crafted XML document with malformed UTF-8 sequences. Patch taken from upstream CVS.
* slightly more robust fix in not relying on utf-8 sequences being wellpvalchev2008-06-141-4/+1
| | | | formed after discussion w/ upstream
* fix parser crash w/ invalid UTF-8 char sequences (all apps that use expatpvalchev2008-06-121-0/+3
| | | | | | for XML parsing are affected) reported & fixed in upstream cvs
* prettyderaadt2007-10-191-1/+2
|
* do not install them silentlyderaadt2007-10-191-3/+3
|
* synch expat major number with xenocara, and then some.espie2007-10-181-1/+1
| | | | activate it in the build.
* Update to expat 2.0.1. ok deraadt@matthieu2007-08-3015-186/+228
|
* Update to 2.0.0; keep our local changesalek2006-05-0621-822/+2321
| | | | ok espie@, djm@
* use WANTLINT= (on all architectures)deraadt2005-11-241-1/+2
|
* - simplify integer overflow checks.niallo2005-11-091-3/+2
| | | | ok otto@
* - update comments about integer overflows to reflect reality.niallo2005-11-061-3/+2
|
* - fix a couple of integer overflows; the only code change so far resulting fromniallo2005-11-061-0/+8
| | | | | | my audit at v2k5. ok espie@
* Do not use __attribute__(regparm) on !x86 !amd64 platforms; ok espie@miod2005-09-121-1/+1
|
* people who import gnu fdl should stay away from the tree.jolan2005-04-182-724/+0
|
* OpenBSD tag.espie2004-09-221-0/+1
|
* OpenBSD infrastructure to compile simply, and install include files.espie2004-09-223-0/+22
|
* from port:espie2004-09-221-21/+24
| | | | | fix expat.h (from expat CVS) breakage reported by naddy@: http://sourceforge.net/tracker/index.php?func=detail&aid=676844&group_id=10127&atid=110127
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.