diff options
author | Ben Wagner <bungeman@chromium.org> | 2022-03-28 01:45:50 +0000 |
---|---|---|
committer | Michal Klocek <michal.klocek@qt.io> | 2022-05-03 11:08:19 +0000 |
commit | 07a64cf64f812db90e37e4c59472821d8af44d2b (patch) | |
tree | 79f7b8661797f370a5a6e77c59c89f05c31aa034 | |
parent | 0eabfedb7d2a7b694a641d1fc082997c0433bb5a (diff) | |
download | qtwebengine-chromium-07a64cf64f812db90e37e4c59472821d8af44d2b.tar.gz |
[Backport] Security bug 1305234
Roll src/third_party/expat/src/ a28238bde..65a21f2b2 (96 commits)
https://chromium.googlesource.com/external/github.com/libexpat/libexpat.git/+log/a28238bdeebc..65a21f2b2a30
$ git log a28238bde..65a21f2b2 --date=short --no-merges --format='%ad %ae %s'
2022-02-20 sebastian Set expected release date for 2.4.6
2022-02-20 sebastian Bump version to 2.4.6
2022-02-20 sebastian Bump version info from 9:5:8 to 9:6:8
2022-02-20 sebastian Changes: Finalize entry on #566
2022-02-20 sebastian Changes: Document regression from CVE-2022-25313 fix
2022-02-20 sebastian tests: Protect against nested element declaration model regressions
2022-02-19 ferivoz Fix build_model regression.
2022-02-18 sebastian Set expected release date for 2.4.5
2022-02-18 sebastian Sync file headers
2022-02-18 sebastian Bump version to 2.4.5
2022-02-18 sebastian Bump version info from 9:4:8 to 9:5:8
2022-02-17 sebastian Changes: Document #558 #559 #560
2022-02-08 sebastian Changes: Document CVE-2022-25235
2022-02-08 sebastian tests: Cover missing validation of encoding (CVE-2022-25235)
2022-02-09 sebastian lib: Add comments to BT_LEAD* cases where encoding has already been validated
2022-02-08 sebastian lib: Add missing validation of encoding (CVE-2022-25235)
2022-02-08 sebastian lib: Drop unused macro UTF8_GET_NAMING
2022-02-12 sebastian Changes: Document CVE-2022-25236
2022-02-12 sebastian tests: Cover CVE-2022-25236
2022-02-12 sebastian lib: Protect against malicious namespace declarations (CVE-2022-25236)
2022-02-12 sebastian lib: Fix (harmless) use of uninitialized memory
2022-02-15 sebastian Sync file headers
2022-02-15 sebastian Extend .mailmap
2022-02-15 ferivoz Prevent integer overflow in storeRawNames
2022-02-15 ferivoz Prevent integer overflow in copyString
2022-02-15 ferivoz Prevent stack exhaustion in build_model
2022-01-29 sebastian win32: Add missing files to the installer
2022-01-29 sebastian doc: Drop unused file valid-xhtml10.png
2022-01-29 sebastian .gitignore: Add missing
2022-01-29 sebastian xmlwf.xml: Adapt note to current practice
2022-01-29 sebastian Set expected release date for 2.4.4
2022-01-29 sebastian Sync file headers
2022-01-29 sebastian Bump version to 2.4.4
2022-01-29 sebastian Bump version info from 9:3:8 to 9:4:8
2022-01-29 sebastian Changes: Document #546
2022-01-28 82243552+czentgr Stop casting void* results from calls to .malloc_fcn (#553)
2022-01-26 sebastian Changes: Document CVE-2022-23990
2022-01-26 sebastian lib: Prevent integer overflow in doProlog (CVE-2022-23990)
2022-01-20 sebastian xmlwf: Fix a memory leak on output file opening error
2022-01-22 sebastian Changes: Document CVE-2022-23852
2022-01-23 sebastian tests: Cover integer overflow in XML_GetBuffer (CVE-2022-23852)
2022-01-22 ferivoz lib: Detect and prevent integer overflow in XML_GetBuffer (CVE-2022-23852)
2022-01-22 ferivoz Fix typos
2022-01-20 30959007+carlo-bramini [>=2.3.0] Autotools: Fix broken CMake support under Cygwin (#546)
2022-01-13 sebastian Set expected release date for 2.4.3
2022-01-13 sebastian Changes: Streamline item order for 2.4.3
2022-01-13 sebastian Changes: Document #528 and #529
2022-01-13 sebastian Sync years in file headers
2022-01-13 sebastian Bump version to 2.4.3
2022-01-13 sebastian Bump version info from 9:2:8 to 9:3:8
2022-01-07 sebastian Changes: Document CVE-2022-22822 to CVE-2022-22827
2021-12-30 sebastian lib: Prevent integer overflow at multiple places (CVE-2022-22822 to CVE-2022-22827)
2022-01-07 sebastian linux.yml: Add some -m32 coverage to -DEXPAT_ATTR_INFO=ON
2022-01-05 sebastian Changes: Document integer overflow CVE-2021-46143
2021-12-25 sebastian lib: Prevent integer overflow on m_groupSize in function doProlog (CVE-2021-46143)
2022-01-09 sebastian run.sh.in: Do not use Wine with Cygwin and MSYS2
2022-01-05 sebastian Changes: Document CVE-2021-45960
2021-12-27 sebastian lib: Detect and prevent troublesome left shifts in function storeAtts (CVE-2021-45960)
2022-01-01 sebastian Actions: Check for realistic minimum CMake version requirement
2021-12-31 sebastian CMake: Make call to file(GENERATE [..]) work for CMake <3.19
2021-12-27 sebastian coverage.yml: Store coverage .info and HTML report
2021-12-27 sebastian linux.yml: Add some coverage to -m32 32bit mode
2021-12-27 sebastian coverage.sh: Simplify directory naming scheme
2021-12-26 sebastian coverage.sh: Start coveraging -m32
2021-12-27 sebastian CMake: Add unofficial flag for passing 32bit compile flag -m32
2021-12-26 sebastian Actions: Upgrade Clang from 11 to 13
2021-12-26 sebastian xmlwf: Address Clang 13 warning -Wunused-but-set-variable
2021-12-25 sebastian lib: Address GCC 11.2.1 compiler warning
2021-12-19 sebastian .gitignore: Fully cover ./distribute.sh output
2021-12-17 sebastian Set expected release date for 2.4.2
2021-12-17 sebastian Bump version to 2.4.2
2021-12-17 sebastian Bump version info from 9:1:8 to 9:2:8
2021-12-17 sebastian Changes: Document #502 #503 #507 #519 + fix reference to #498
2021-12-15 sebastian CMake: Ensure libexpat*.lib filenames with MSVC
2021-12-14 sebastian doc: Fix return value docs on XML_SetBillionLaughs[..] functions (#522)
2021-11-26 sebastian autotools: Sync expat.cmake to agree with CI
2021-11-08 49699333+dependabot[bot] Actions(deps): Bump actions/checkout from 2.3.5 to 2.4.0
2021-10-18 49699333+dependabot[bot] Actions(deps): Bump actions/checkout from 2.3.4 to 2.3.5
2021-10-17 sebastian Get attribution headers back in sync
2021-10-17 sebastian Changes: Document #513 and #514
2021-10-17 sebastian Apply #514 to attribution headers
2021-10-16 donghee.na Reorder the location of including expat_config.h
2021-09-08 sebastian Autotools|CMake: Link against libm for function "isnan"
2021-09-10 sebastian autotools-cmake.yml: Add missing full stop
2021-07-23 sebastian Autotools: Get CMake templates back in sync with ubuntu-20.04
2021-06-23 sebastian CMake: Improve summary output for multi-config builds
2021-06-23 sebastian CMake: Report on effective CMake generator
2021-06-23 sebastian Autotools: Simplify expat.pc templating (now that we can)
2021-06-23 sebastian CMake: Fix pkg-config section "Libs" for multi-config CMake generators
2021-06-03 dg0yt Update URL in pc file
2021-06-03 sebastian CMake: Fix pkg-config section "Libs" for non-release MinGW builds
2021-06-23 sebastian CMake: Apply -DEXPAT_MSVC_STATIC_CRT=ON to off-grid built types
2021-06-05 sebastian CMake: Avoid empty CMAKE_BUILD_TYPE
2021-06-03 sebastian CMake: Move _EXPAT_BUILD_TYPE_UPPER up for upcoming re-use
2021-07-05 nicolas.cavallari doc/reference.html: Docmument that XML_GetBuffers(parser, 0) may be NULL
2021-06-05 sebastian Makefile.am: Include buildconf.sh and fuzz/*.c with release archives
Backport review link:
https://chromium-review.googlesource.com/c/chromium/src/+/3481360
Bug: chromium:1305234
Change-Id: I6015115f9b5e1015cdb30d948dd6032d795d9c19
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/DEPS | 2 | ||||
-rw-r--r-- | chromium/third_party/expat/README.chromium | 8 | ||||
-rw-r--r-- | chromium/third_party/expat/include/expat_config/expat_config.h | 16 |
3 files changed, 14 insertions, 12 deletions
diff --git a/chromium/DEPS b/chromium/DEPS index dd20d04e69d..e291a8f1d58 100644 --- a/chromium/DEPS +++ b/chromium/DEPS @@ -336,7 +336,7 @@ vars = { # Three lines of non-changing comments so that # the commit queue can handle CLs rolling libexpat # and whatever else without interference from each other. - 'libexpat_revision': 'a28238bdeebc087071777001245df1876a11f5ee', + 'libexpat_revision': '65a21f2b2a306d29b44e70264aca948aa0454219', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling wuffs # and whatever else without interference from each other. diff --git a/chromium/third_party/expat/README.chromium b/chromium/third_party/expat/README.chromium index 79d7ccb3cdc..2dcae63adef 100644 --- a/chromium/third_party/expat/README.chromium +++ b/chromium/third_party/expat/README.chromium @@ -1,10 +1,10 @@ Name: Expat XML Parser Short Name: expat URL: https://github.com/libexpat/libexpat -Version: R_2_4_1-0-ga28238bd -CPEPrefix: cpe:/a:libexpat:expat:2.4.1 -Date: 20210524 -Revision: a28238bdeebc087071777001245df1876a11f5ee +Version: R_2_4_5-9-g65a21f2b +CPEPrefix: cpe:/a:libexpat:expat:2.4.5 +Date: 20220222 +Revision: 65a21f2b2a306d29b44e70264aca948aa0454219 Security Critical: yes License: MIT License File: src/expat/COPYING diff --git a/chromium/third_party/expat/include/expat_config/expat_config.h b/chromium/third_party/expat/include/expat_config/expat_config.h index 61834da850e..3324ceb4d53 100644 --- a/chromium/third_party/expat/include/expat_config/expat_config.h +++ b/chromium/third_party/expat/include/expat_config/expat_config.h @@ -31,15 +31,15 @@ /* Define to 1 if you have the `bsd' library (-lbsd). */ /* #undef HAVE_LIBBSD */ -/* Define to 1 if you have the <memory.h> header file. */ -#define HAVE_MEMORY_H 1 - /* Define to 1 if you have a working `mmap' system call. */ #define HAVE_MMAP 1 /* Define to 1 if you have the <stdint.h> header file. */ #define HAVE_STDINT_H 1 +/* Define to 1 if you have the <stdio.h> header file. */ +#define HAVE_STDIO_H 1 + /* Define to 1 if you have the <stdlib.h> header file. */ #define HAVE_STDLIB_H 1 @@ -77,7 +77,7 @@ #define PACKAGE_NAME "expat" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "expat 2.4.1" +#define PACKAGE_STRING "expat 2.4.6" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "expat" @@ -86,13 +86,15 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "2.4.1" +#define PACKAGE_VERSION "2.4.6" -/* Define to 1 if you have the ANSI C header files. */ +/* Define to 1 if all of the C90 standard headers exist (not just the ones + required in a freestanding environment). This macro is provided for + backward compatibility; new code need not use it. */ #define STDC_HEADERS 1 /* Version number of package */ -#define VERSION "2.4.1" +#define VERSION "2.4.6" /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ |