kmx git

Commit	Date	Message
84a4f84c	2024-06-22T02:11:24	build: Don't check for required headers and functions Unless we are on Windows, the following POSIX headers are required. They're part of the earliest POSIX specs and it doesn't make sense to check for them. - fcntl.h - unistd.h - sys/stat.h - sys/time.h On Windows, io.h, fcntl.h and sys/stat.h are always available.
2def7b4b	2024-06-18T13:55:34	clang-tidy: move assignments out of if Found with bugprone-assignment-in-if-condition Signed-off-by: Rosen Penev <rosenp@gmail.com>
217e9b7a	2024-06-08T12:27:45	clang-tidy: don't return in void functions Found with readability-redundant-control-flow Signed-off-by: Rosen Penev <rosenp@gmail.com>
0bef93bf	2023-12-23T04:03:41	io: More refactoring and unescaping fixes Merge Windows wrappers into relevant functions. Remove more unnecessary unescaping. Merge OpenW into Open functions. Use unbuffered IO for output.
e62b0dbd	2023-12-19T19:47:07	xzlib: Fix harmless unsigned integer overflow
7e14c05d	2023-12-19T17:05:08	io: Fix detection of compressed streams Make sure that we don't try to open uncompressed streams with a compression handler in copying mode.
f24ffddb	2023-05-08T23:33:04	Stop using sprintf Switch remaining users to snprintf.
1a6a9d68	2023-03-14T14:19:03	xzlib: Fix implicit sign change in xz_open
cfbe68e4	2022-11-22T15:20:53	sources: Silence C4013 warnings on Visual Studio The read(), close(), open(), lseek() functions are found in io.h on Visual Studio, which does not ship unistd.h, so include io.h on Windows if unistd.h is not found. C4013 (aka implicit declaration of ...) warnings can often ring alarm bells.
5bffa33a	2022-09-02T05:03:03	Stop including sys/types.h
0f568c0b	2022-08-26T01:22:33	Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.
776d15d3	2022-03-02T00:29:17	Don't check for standard C89 headers Don't check for - ctype.h - errno.h - float.h - limits.h - math.h - signal.h - stdarg.h - stdlib.h - string.h - time.h Stop including non-standard headers - malloc.h - strings.h
c41bc10d	2022-02-22T19:57:12	Fix unused variable warnings with disabled features
2a350ee9	2019-09-30T17:04:54	Large batch of typo fixes Closes #109.
2240fbf5	2018-07-30T13:14:11	Fix infinite loop in LZMA decompression Check the liblzma error code more thoroughly to avoid infinite loops. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13 Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914 This is CVE-2018-9251 and CVE-2018-14567. Thanks to Dongliang Mu and Simon Wörner for the reports.
cb5541c9	2017-11-13T17:08:38	Fix libz and liblzma detection If libz or liblzma are detected with pkg-config, AC_CHECK_HEADERS must not be run because the correct CPPFLAGS aren't set. It is actually not required have separate checks for LIBXML_ZLIB_ENABLED and HAVE_ZLIB_H. Only check for LIBXML_ZLIB_ENABLED and remove HAVE_ZLIB_H macro. Fixes bug 764657, bug 787041.
07e227ed	2017-09-07T18:55:46	Fix memory leak in LZMA decompressor
e2a9122b	2017-09-07T18:36:01	Set memory limit for LZMA decompression Otherwise malicious LZMA compressed files could consume large amounts of memory when decompressed. According to the xz man page, files compressed with `xz -9` currently require 65 MB to decompress, so set the limit to 100 MB. Should fix bug 786696.
18b89885	2015-11-03T15:46:29	Reenable xz support by default For https://bugzilla.gnome.org/show_bug.cgi?id=757466 problem was introduced by commit f3f86ff465c92c79f834d7b981f3c7274a8bb5c8 for https://bugzilla.gnome.org/show_bug.cgi?id=711026
f0709e3c	2015-11-03T15:31:25	CVE-2015-8035 Fix XZ compression support loop For https://bugzilla.gnome.org/show_bug.cgi?id=757466 DoS when parsing specially crafted XML document if XZ support is compiled in (which wasn't the case for 2.9.2 and master since Nov 2013, fixed in next commit !)
a1313a6f	2013-11-28T23:21:23	Fix a bug loading some compressed files For https://bugzilla.gnome.org/show_bug.cgi?id=712528 Related to https://bugzilla.redhat.com/show_bug.cgi?id=877567 There is a bug in xzlib.c which causes certain compressed XML files to fail to load correctly. The code in xz_decomp which attempts to verify the checksum and length of the expanded data fails if the checksum or length at the end of the file crosses a 1024 byte boundary. It calls gz_next4 to get those two values. This function uses the stream state in state->zstrm, but calls xz_avail which uses the state->strm stream info. This causes gz_next4 to signal a premature EOF if the data it is fetching crosses a 1024 byte boundary.
63588f47	2013-05-10T14:01:46	Fix a regression in xmlGetDocCompressMode() The switch to xzlib had for consequence that the compression level of the input was not gathered anymore in ctxt->input->buf, then the parser compression flags was left to -1 and propagated to the resulting document. Fix the I/O layer to get compression detection in xzlib, then carry it in the input buffer and the resulting document This should fix https://lsbbugs.linuxfoundation.org/show_bug.cgi?id=3456
94431ecb	2012-05-15T10:45:05	Fix various bugs in new code raised by the API checking * testapi.c: regenerated and covering new APIs * tree.c: xmlBufferDetach can't work on immutable buffers * xzlib.c: fix a deallocation error
9f3cdef0	2012-05-15T09:38:13	Fix a memory leak in the xzlib code The freeing function wasn't called due to a bogus #ifdef surrounding value. Also switch the code to use the normal libxml2 allocation and freeing routines.
99644927	2012-05-07T18:41:42	fixed a 64bit big endian issue For https://bugzilla.gnome.org/show_bug.cgi?id=671176 patch fixes a 64bit endian issue, making libxml2 work (again) on ppc64 unsigned int and size_t are differently sized on 64bit.
72789ef2	2012-04-02T17:52:20	Do not use unsigned but unsigned int as this breaks the API generator
adf5ec94	2012-01-26T16:56:22	Cleanups of lzma support - fix inclusion of the separated file - use namespaced name for the 4 non-static routines - add padding after external structures included in-situ - add new requirement to spec file - general cleanup of code
6bdc7743	2011-09-19T09:53:20	move xz/lzma helpers to separate included files

84a4f84c

2024-06-22T02:11:24

build: Don't check for required headers and functions Unless we are on Windows, the following POSIX headers are required. They're part of the earliest POSIX specs and it doesn't make sense to check for them. - fcntl.h - unistd.h - sys/stat.h - sys/time.h On Windows, io.h, fcntl.h and sys/stat.h are always available.

2def7b4b

2024-06-18T13:55:34

clang-tidy: move assignments out of if Found with bugprone-assignment-in-if-condition Signed-off-by: Rosen Penev <rosenp@gmail.com>

217e9b7a

2024-06-08T12:27:45

clang-tidy: don't return in void functions Found with readability-redundant-control-flow Signed-off-by: Rosen Penev <rosenp@gmail.com>

0bef93bf

2023-12-23T04:03:41

io: More refactoring and unescaping fixes Merge Windows wrappers into relevant functions. Remove more unnecessary unescaping. Merge *OpenW into *Open functions. Use unbuffered IO for output.

e62b0dbd

2023-12-19T19:47:07

xzlib: Fix harmless unsigned integer overflow

7e14c05d

2023-12-19T17:05:08

io: Fix detection of compressed streams Make sure that we don't try to open uncompressed streams with a compression handler in copying mode.

f24ffddb

2023-05-08T23:33:04

Stop using sprintf Switch remaining users to snprintf.

1a6a9d68

2023-03-14T14:19:03

xzlib: Fix implicit sign change in xz_open

cfbe68e4

2022-11-22T15:20:53

sources: Silence C4013 warnings on Visual Studio The read(), close(), open(), lseek() functions are found in io.h on Visual Studio, which does not ship unistd.h, so include io.h on Windows if unistd.h is not found. C4013 (aka implicit declaration of ...) warnings can often ring alarm bells.

5bffa33a

2022-09-02T05:03:03

Stop including sys/types.h

0f568c0b

2022-08-26T01:22:33

Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.

776d15d3

2022-03-02T00:29:17

Don't check for standard C89 headers Don't check for - ctype.h - errno.h - float.h - limits.h - math.h - signal.h - stdarg.h - stdlib.h - string.h - time.h Stop including non-standard headers - malloc.h - strings.h

c41bc10d

2022-02-22T19:57:12

Fix unused variable warnings with disabled features

2a350ee9

2019-09-30T17:04:54

Large batch of typo fixes Closes #109.

2240fbf5

2018-07-30T13:14:11

Fix infinite loop in LZMA decompression Check the liblzma error code more thoroughly to avoid infinite loops. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13 Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914 This is CVE-2018-9251 and CVE-2018-14567. Thanks to Dongliang Mu and Simon Wörner for the reports.

cb5541c9

2017-11-13T17:08:38

Fix libz and liblzma detection If libz or liblzma are detected with pkg-config, AC_CHECK_HEADERS must not be run because the correct CPPFLAGS aren't set. It is actually not required have separate checks for LIBXML_ZLIB_ENABLED and HAVE_ZLIB_H. Only check for LIBXML_ZLIB_ENABLED and remove HAVE_ZLIB_H macro. Fixes bug 764657, bug 787041.

07e227ed

2017-09-07T18:55:46

Fix memory leak in LZMA decompressor

e2a9122b

2017-09-07T18:36:01

Set memory limit for LZMA decompression Otherwise malicious LZMA compressed files could consume large amounts of memory when decompressed. According to the xz man page, files compressed with `xz -9` currently require 65 MB to decompress, so set the limit to 100 MB. Should fix bug 786696.

18b89885

2015-11-03T15:46:29

Reenable xz support by default For https://bugzilla.gnome.org/show_bug.cgi?id=757466 problem was introduced by commit f3f86ff465c92c79f834d7b981f3c7274a8bb5c8 for https://bugzilla.gnome.org/show_bug.cgi?id=711026

f0709e3c

2015-11-03T15:31:25

CVE-2015-8035 Fix XZ compression support loop For https://bugzilla.gnome.org/show_bug.cgi?id=757466 DoS when parsing specially crafted XML document if XZ support is compiled in (which wasn't the case for 2.9.2 and master since Nov 2013, fixed in next commit !)

a1313a6f

2013-11-28T23:21:23

Fix a bug loading some compressed files For https://bugzilla.gnome.org/show_bug.cgi?id=712528 Related to https://bugzilla.redhat.com/show_bug.cgi?id=877567 There is a bug in xzlib.c which causes certain compressed XML files to fail to load correctly. The code in xz_decomp which attempts to verify the checksum and length of the expanded data fails if the checksum or length at the end of the file crosses a 1024 byte boundary. It calls gz_next4 to get those two values. This function uses the stream state in state->zstrm, but calls xz_avail which uses the state->strm stream info. This causes gz_next4 to signal a premature EOF if the data it is fetching crosses a 1024 byte boundary.

63588f47

2013-05-10T14:01:46

Fix a regression in xmlGetDocCompressMode() The switch to xzlib had for consequence that the compression level of the input was not gathered anymore in ctxt->input->buf, then the parser compression flags was left to -1 and propagated to the resulting document. Fix the I/O layer to get compression detection in xzlib, then carry it in the input buffer and the resulting document This should fix https://lsbbugs.linuxfoundation.org/show_bug.cgi?id=3456

94431ecb

2012-05-15T10:45:05

Fix various bugs in new code raised by the API checking * testapi.c: regenerated and covering new APIs * tree.c: xmlBufferDetach can't work on immutable buffers * xzlib.c: fix a deallocation error

9f3cdef0

2012-05-15T09:38:13

Fix a memory leak in the xzlib code The freeing function wasn't called due to a bogus #ifdef surrounding value. Also switch the code to use the normal libxml2 allocation and freeing routines.

99644927

2012-05-07T18:41:42

fixed a 64bit big endian issue For https://bugzilla.gnome.org/show_bug.cgi?id=671176 patch fixes a 64bit endian issue, making libxml2 work (again) on ppc64 unsigned int and size_t are differently sized on 64bit.

72789ef2

2012-04-02T17:52:20

Do not use unsigned but unsigned int as this breaks the API generator

adf5ec94

2012-01-26T16:56:22

Cleanups of lzma support - fix inclusion of the separated file - use namespaced name for the 4 non-static routines - add padding after external structures included in-situ - add new requirement to spec file - general cleanup of code

6bdc7743

2011-09-19T09:53:20

move xz/lzma helpers to separate included files

kc3-lang/libxml2/xzlib.c

xzlib.c

Log