git: 563c277f95f7 - stable/12 - MFC cc68614, ac69e5d, 7ed8e14: Update contrib/expat to 2.4.7.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 01 Apr 2022 04:39:47 UTC
The branch stable/12 has been updated by delphij:
URL: https://cgit.FreeBSD.org/src/commit/?id=563c277f95f7758d73cfdfe87e7ec3bdf570312a
commit 563c277f95f7758d73cfdfe87e7ec3bdf570312a
Author: Xin LI <delphij@FreeBSD.org>
AuthorDate: 2022-03-28 05:22:07 +0000
Commit: Xin LI <delphij@FreeBSD.org>
CommitDate: 2022-04-01 04:39:27 +0000
MFC cc68614, ac69e5d, 7ed8e14: Update contrib/expat to 2.4.7.
(cherry picked from commit cc68614da8232d8baaca0ae0d0dd8f890f06623e)
(cherry picked from commit ac69e5d471014c95070cd6294db315089a62725b)
(cherry picked from commit 7ed8e142a00d4b711dd2021b37b84a6e7f86516e)
---
contrib/expat/COPYING | 2 +-
contrib/expat/Changes | 411 ++++++-
contrib/expat/Makefile.am | 29 +-
contrib/expat/Makefile.in | 166 ++-
contrib/expat/README.md | 97 +-
contrib/expat/buildconf.sh | 55 +
contrib/expat/configure.ac | 174 ++-
contrib/expat/doc/Makefile.am | 7 +-
contrib/expat/doc/Makefile.in | 35 +-
contrib/expat/doc/expat.png | Bin 1029 -> 0 bytes
contrib/expat/doc/ok.min.css | 2 +
contrib/expat/doc/reference.html | 408 ++++--
contrib/expat/doc/style.css | 134 +-
contrib/expat/doc/xmlwf.1 | 134 +-
contrib/expat/doc/xmlwf.xml | 212 +++-
contrib/expat/examples/Makefile.am | 5 +-
contrib/expat/examples/Makefile.in | 34 +-
contrib/expat/examples/elements.c | 7 +-
contrib/expat/examples/outline.c | 8 +-
contrib/expat/expat_config.h.in | 10 +-
contrib/expat/fix-xmltest-log.sh | 2 +-
contrib/expat/fuzz/xml_parse_fuzzer.c | 64 +
contrib/expat/fuzz/xml_parsebuffer_fuzzer.c | 71 ++
contrib/expat/lib/Makefile.am | 16 +-
contrib/expat/lib/Makefile.in | 95 +-
contrib/expat/lib/ascii.h | 7 +-
contrib/expat/lib/asciitab.h | 4 +-
contrib/expat/lib/expat.h | 64 +-
contrib/expat/lib/expat_external.h | 9 +-
contrib/expat/lib/iasciitab.h | 4 +-
contrib/expat/lib/internal.h | 58 +-
contrib/expat/lib/latin1tab.h | 4 +-
contrib/expat/lib/loadlibrary.c | 143 ---
contrib/expat/lib/nametab.h | 4 +-
contrib/expat/lib/siphash.h | 13 +-
contrib/expat/lib/utf8tab.h | 4 +-
contrib/expat/lib/xmlparse.c | 1781 ++++++++++++++++++++++++---
contrib/expat/lib/xmlrole.c | 20 +-
contrib/expat/lib/xmlrole.h | 5 +-
contrib/expat/lib/xmltok.c | 52 +-
contrib/expat/lib/xmltok.h | 6 +-
contrib/expat/lib/xmltok_impl.c | 39 +-
contrib/expat/lib/xmltok_impl.h | 3 +-
contrib/expat/lib/xmltok_ns.c | 8 +-
contrib/expat/run.sh.in | 41 +-
contrib/expat/test-driver-wrapper.sh | 3 +-
contrib/expat/tests/Makefile.am | 13 +-
contrib/expat/tests/Makefile.in | 58 +-
contrib/expat/tests/benchmark/Makefile.am | 5 +-
contrib/expat/tests/benchmark/Makefile.in | 34 +-
contrib/expat/tests/benchmark/benchmark.c | 6 +-
contrib/expat/tests/benchmark/benchmark.sln | 25 -
contrib/expat/tests/chardata.c | 12 +-
contrib/expat/tests/chardata.h | 5 +-
contrib/expat/tests/memcheck.c | 4 +-
contrib/expat/tests/memcheck.h | 4 +-
contrib/expat/tests/minicheck.c | 36 +-
contrib/expat/tests/minicheck.h | 5 +-
contrib/expat/tests/runtests.c | 883 +++++++++++--
contrib/expat/tests/runtests.sln | 24 -
contrib/expat/tests/runtestspp.cpp | 4 +-
contrib/expat/tests/structdata.c | 8 +-
contrib/expat/tests/structdata.h | 3 +-
contrib/expat/tests/udiffer.py | 3 +-
contrib/expat/tests/xmltest.sh | 43 +-
contrib/expat/xmlwf/Makefile.am | 7 +-
contrib/expat/xmlwf/Makefile.in | 37 +-
contrib/expat/xmlwf/codepage.c | 31 +-
contrib/expat/xmlwf/codepage.h | 4 +-
contrib/expat/xmlwf/ct.c | 3 +-
contrib/expat/xmlwf/filemap.h | 4 +-
contrib/expat/xmlwf/readfilemap.c | 7 +-
contrib/expat/xmlwf/unixfilemap.c | 6 +-
contrib/expat/xmlwf/win32filemap.c | 4 +-
contrib/expat/xmlwf/xmlfile.c | 17 +-
contrib/expat/xmlwf/xmlfile.h | 5 +-
contrib/expat/xmlwf/xmlmime.c | 4 +-
contrib/expat/xmlwf/xmlmime.h | 3 +-
contrib/expat/xmlwf/xmltchar.h | 7 +-
contrib/expat/xmlwf/xmlurl.h | 45 -
contrib/expat/xmlwf/xmlwf.c | 186 ++-
contrib/expat/xmlwf/xmlwf_helpgen.py | 30 +-
contrib/expat/xmlwf/xmlwf_helpgen.sh | 5 +-
contrib/expat/xmlwf/xmlwin32url.cxx | 427 -------
lib/libexpat/expat_config.h | 18 +-
85 files changed, 4894 insertions(+), 1581 deletions(-)
diff --git a/contrib/expat/COPYING b/contrib/expat/COPYING
index 8d288f0f28fd..3c0142e71c8d 100644
--- a/contrib/expat/COPYING
+++ b/contrib/expat/COPYING
@@ -1,5 +1,5 @@
Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper
-Copyright (c) 2001-2017 Expat maintainers
+Copyright (c) 2001-2019 Expat maintainers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
diff --git a/contrib/expat/Changes b/contrib/expat/Changes
index 340947118a3f..95f697b39a48 100644
--- a/contrib/expat/Changes
+++ b/contrib/expat/Changes
@@ -2,7 +2,412 @@ NOTE: We are looking for help with a few things:
https://github.com/libexpat/libexpat/labels/help%20wanted
If you can help, please get in touch. Thanks!
-Release 2.2.9 Wed Septemper 25 2019
+Release 2.4.7 Fri March 4 2022
+ Bug fixes:
+ #572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
+ with regard to all valid URI characters (RFC 3986),
+ i.e. the following set (excluding whitespace):
+ ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
+ 0123456789 % -._~ :/?#[]@ !$&'()*+,;=
+
+ Other changes:
+ #555 #570 #581 CMake|Windows: Store Expat version in the DLL
+ #577 Document consequences of namespace separator choices not just
+ in doc/reference.html but also in header <expat.h>
+ #577 Document Expat's lack of validation of namespace URIs against
+ RFC 3986, and that the XML 1.0r4 specification doesn't
+ require Expat to validate namespace URIs, and that Expat
+ may do more in that regard in future releases.
+ If you find need for strict RFC 3986 URI validation on
+ application level today, https://uriparser.github.io/ may
+ be of interest.
+ #579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
+ #575 Document that a call to XML_FreeContentModel can be done at
+ a later time from outside the element declaration handler
+ #574 Make hardcoded namespace URIs easier to find in code
+ #573 Update documentation on use of XML_POOR_ENTOPY on Solaris
+ #569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++
+ 4.8.2 on Solaris.
+ #578 #580 Version info bumped from 9:6:8 to 9:7:8;
+ see https://verbump.de/ for what these numbers do
+
+ Special thanks to:
+ Jeffrey Walton
+ Johnny Jazeix
+ Thijs Schreijer
+
+Release 2.4.6 Sun February 20 2022
+ Bug fixes:
+ #566 Fix a regression introduced by the fix for CVE-2022-25313
+ in release 2.4.5 that affects applications that (1)
+ call function XML_SetElementDeclHandler and (2) are
+ parsing XML that contains nested element declarations
+ (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
+
+ Other changes:
+ #567 #568 Version info bumped from 9:5:8 to 9:6:8;
+ see https://verbump.de/ for what these numbers do
+
+ Special thanks to:
+ Matt Sergeant
+ Samanta Navarro
+ Sergei Trofimovich
+ and
+ NixOS
+ Perl XML::Parser
+
+Release 2.4.5 Fri February 18 2022
+ Security fixes:
+ #562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
+ sequences (e.g. from start tag names) to the XML
+ processing application on top of Expat can cause
+ arbitrary damage (e.g. code execution) depending
+ on how invalid UTF-8 is handled inside the XML
+ processor; validation was not their job but Expat's.
+ Exploits with code execution are known to exist.
+ #561 CVE-2022-25236 -- Passing (one or more) namespace separator
+ characters in "xmlns[:prefix]" attribute values
+ made Expat send malformed tag names to the XML
+ processor on top of Expat which can cause
+ arbitrary damage (e.g. code execution) depending
+ on such unexpectable cases are handled inside the XML
+ processor; validation was not their job but Expat's.
+ Exploits with code execution are known to exist.
+ #558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
+ that could be triggered by e.g. a 2 megabytes
+ file with a large number of opening braces.
+ Expected impact is denial of service or potentially
+ arbitrary code execution.
+ #560 CVE-2022-25314 -- Fix integer overflow in function copyString;
+ only affects the encoding name parameter at parser creation
+ time which is often hardcoded (rather than user input),
+ takes a value in the gigabytes to trigger, and a 64-bit
+ machine. Expected impact is denial of service.
+ #559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
+ needs input in the gigabytes and a 64-bit machine.
+ Expected impact is denial of service or potentially
+ arbitrary code execution.
+
+ Other changes:
+ #557 #564 Version info bumped from 9:4:8 to 9:5:8;
+ see https://verbump.de/ for what these numbers do
+
+ Special thanks to:
+ Ivan Fratric
+ Samanta Navarro
+ and
+ Google Project Zero
+ JetBrains
+
+Release 2.4.4 Sun January 30 2022
+ Security fixes:
+ #550 CVE-2022-23852 -- Fix signed integer overflow
+ (undefined behavior) in function XML_GetBuffer
+ (that is also called by function XML_Parse internally)
+ for when XML_CONTEXT_BYTES is defined to >0 (which is both
+ common and default).
+ Impact is denial of service or more.
+ #551 CVE-2022-23990 -- Fix unsigned integer overflow in function
+ doProlog triggered by large content in element type
+ declarations when there is an element declaration handler
+ present (from a prior call to XML_SetElementDeclHandler).
+ Impact is denial of service or more.
+
+ Bug fixes:
+ #544 #545 xmlwf: Fix a memory leak on output file opening error
+
+ Other changes:
+ #546 Autotools: Fix broken CMake support under Cygwin
+ #554 Windows: Add missing files to the installer to fix
+ compilation with CMake from installed sources
+ #552 #554 Version info bumped from 9:3:8 to 9:4:8;
+ see https://verbump.de/ for what these numbers do
+
+ Special thanks to:
+ Carlo Bramini
+ hwt0415
+ Roland Illig
+ Samanta Navarro
+ and
+ Clang LeakSan and the Clang team
+
+Release 2.4.3 Sun January 16 2022
+ Security fixes:
+ #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
+ resulting in
+ a) realloc acting as free
+ b) realloc allocating too few bytes
+ c) undefined behavior
+ depending on architecture and precise value
+ for XML documents with >=2^27+1 prefixed attributes
+ on a single XML tag a la
+ "<r xmlns:a='[..]' a:a123='[..]' [..] />"
+ where XML_ParserCreateNS is used to create the parser
+ (which needs argument "-n" when running xmlwf).
+ Impact is denial of service, or more.
+ #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
+ on variable m_groupSize in function doProlog leading
+ to realloc acting as free.
+ Impact is denial of service or more.
+ #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
+ near memory allocation at multiple places. Mitre assigned
+ a dedicated CVE for each involved internal C function:
+ - CVE-2022-22822 for function addBinding
+ - CVE-2022-22823 for function build_model
+ - CVE-2022-22824 for function defineAttribute
+ - CVE-2022-22825 for function lookup
+ - CVE-2022-22826 for function nextScaffoldPart
+ - CVE-2022-22827 for function storeAtts
+ Impact is denial of service or more.
+
+ Other changes:
+ #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19
+ #541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
+ and MSYS2 by not going through Wine on these platforms
+ #527 #528 Address compiler warnings
+ #533 #543 Version info bumped from 9:2:8 to 9:3:8;
+ see https://verbump.de/ for what these numbers do
+
+ Infrastructure:
+ #536 CI: Check for realistic minimum CMake version
+ #529 #539 CI: Cover compilation with -m32
+ #529 CI: Store coverage reports as artifacts for download
+ #528 CI: Upgrade Clang from 11 to 13
+
+ Special thanks to:
+ An anonymous whitehat
+ Christopher Degawa
+ J. Peter Mugaas
+ Tyson Smith
+ and
+ GCC Farm Project
+ Trend Micro Zero Day Initiative
+
+Release 2.4.2 Sun December 19 2021
+ Other changes:
+ #509 #510 Link againgst libm for function "isnan"
+ #513 #514 Include expat_config.h as early as possible
+ #498 Autotools: Include files with release archives:
+ - buildconf.sh
+ - fuzz/*.c
+ #507 #519 Autotools: Sync CMake templates
+ #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for
+ - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
+ - multi-config CMake generators (e.g. Ninja Multi-Config)
+ #502 #503 docs: Document that function XML_GetBuffer may return NULL
+ when asking for a buffer of 0 (zero) bytes size
+ #522 #523 docs: Fix return value docs for both
+ XML_SetBillionLaughsAttackProtection* functions
+ #525 #526 Version info bumped from 9:1:8 to 9:2:8;
+ see https://verbump.de/ for what these numbers do
+
+ Special thanks to:
+ Dong-hee Na
+ Joergen Ibsen
+ Kai Pastor
+
+Release 2.4.1 Sun May 23 2021
+ Bug fixes:
+ #488 #490 Autotools: Fix installed header expat_config.h for multilib
+ systems; regression introduced in 2.4.0 by pull request #486
+
+ Other changes:
+ #491 #492 Version info bumped from 9:0:8 to 9:1:8;
+ see https://verbump.de/ for what these numbers do
+
+ Special thanks to:
+ Gentoo's QA check "multilib_check_headers"
+
+Release 2.4.0 Sun May 23 2021
+ Security fixes:
+ #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
+ (denial-of-service; flavors targeting CPU time or RAM or both,
+ leveraging general entities or parameter entities or both)
+ by tracking and limiting the input amplification factor
+ (<amplification> := (<direct> + <indirect>) / <direct>).
+ By conservative default, amplification up to a factor of 100.0
+ is tolerated and rejection only starts after 8 MiB of output bytes
+ (=<direct> + <indirect>) have been processed.
+ The fix adds the following to the API:
+ - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
+ signals this specific condition.
+ - Two new API functions ..
+ - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
+ - XML_SetBillionLaughsAttackProtectionActivationThreshold
+ .. to further tighten billion laughs protection parameters
+ when desired. Please see file "doc/reference.html" for details.
+ If you ever need to increase the defaults for non-attack XML
+ payload, please file a bug report with libexpat.
+ - Two new XML_FEATURE_* constants ..
+ - that can be queried using the XML_GetFeatureList function, and
+ - that are shown in "xmlwf -v" output.
+ - Two new environment variable switches ..
+ - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
+ - EXPAT_ENTITY_DEBUG=(0|1)
+ .. for runtime debugging of accounting and entity processing.
+ Specific behavior of these values may change in the future.
+ - Two new command line arguments "-a FACTOR" and "-b BYTES"
+ for xmlwf to further tighten billion laughs protection
+ parameters when desired.
+ If you ever need to increase the defaults for non-attack XML
+ payload, please file a bug report with libexpat.
+
+ Bug fixes:
+ #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
+ or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
+ for UTF-16 payloads containing CDATA sections.
+ #485 #486 Autotools: Fix generated CMake files for non-64bit and
+ non-Linux platforms (e.g. macOS and MinGW in particular)
+ that were introduced with release 2.3.0
+
+ Other changes:
+ #468 #469 xmlwf: Improve help output and the xmlwf man page
+ #463 xmlwf: Improve maintainability through some refactoring
+ #477 xmlwf: Fix man page DocBook validity
+ #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
+ and CMAKE_INSTALL_INCLUDEDIR
+ #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS
+ #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
+ #467 Resolve macro HAVE_EXPAT_CONFIG_H
+ #472 Delete unused legacy helper file "conftools/PrintPath"
+ #473 #483 Improve attribution
+ #464 #465 #477 doc/reference.html: Fix XHTML validity
+ #475 #478 doc/reference.html: Replace the 90s look by OK.css
+ #479 Version info bumped from 8:0:7 to 9:0:8
+ due to addition of new symbols and error codes;
+ see https://verbump.de/ for what these numbers do
+
+ Infrastructure:
+ #456 CI: Enable periodic runs
+ #457 CI: Start covering the list of exported symbols
+ #474 CI: Isolate coverage task
+ #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04"
+ #477 CI: Cover well-formedness and DocBook/XHTML validity
+ of doc/reference.html and doc/xmlwf.xml
+
+ Special thanks to:
+ Dimitry Andric
+ Eero Helenius
+ Nick Wellnhofer
+ Rhodri James
+ Tomas Korbar
+ Yury Gribov
+ and
+ Clang LeakSan
+ JetBrains
+ OSS-Fuzz
+
+Release 2.3.0 Thu March 25 2021
+ Bug fixes:
+ #438 When calling XML_ParseBuffer without a prior successful call to
+ XML_GetBuffer as a user, no longer trigger undefined behavior
+ (by adding an integer to a NULL pointer) but rather return
+ XML_STATUS_ERROR and set the error code to (new) code
+ XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
+ of Clang 11 (but not Clang 9).
+ #444 xmlwf: Exit status 2 was used for both:
+ - malformed input files (documented) and
+ - invalid command-line arguments (undocumented).
+ The case of invalid command-line arguments now
+ has its own exit status 4, resolving the ambiguity.
+
+ Other changes:
+ #439 xmlwf: Add argument -k to allow continuing after
+ non-fatal errors
+ #439 xmlwf: Add section about exit status to the -h help output
+ #422 #426 #447 Windows: Drop support for Visual Studio <=14.0/2015
+ #434 Windows: CMake: Detect unsupported Visual Studio at
+ configure time (rather than at compile time)
+ #382 #428 testrunner: Make verbose mode (argument "-v") report
+ about passed tests, and make default mode report about
+ failures, as well.
+ #442 CMake: Call "enable_language(CXX)" prior to tinkering
+ with CMAKE_CXX_* variables
+ #448 Document use of libexpat from a CMake-based project
+ #451 Autotools: Install CMake files as generated by CMake 3.19.6
+ so that users with "find_package(expat [..] CONFIG [..])"
+ are served on distributions that are *not* using the CMake
+ build system inside for libexpat packaging
+ #436 #437 Autotools: Drop obsolescent macro AC_HEADER_STDC
+ #450 #452 Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
+ #441 Address compiler warnings
+ #443 Version info bumped from 7:12:6 to 8:0:7
+ due to addition of error code XML_ERROR_NO_BUFFER
+ (see https://verbump.de/ for what these numbers do)
+
+ Infrastructure:
+ #435 #446 Replace Travis CI by GitHub Actions
+
+ Special thanks to:
+ Alexander Richardson
+ Oleksandr Popovych
+ Thomas Beutlich
+ Tim Bray
+ and
+ Clang LeakSan, Clang 11 UBSan and the Clang team
+
+Release 2.2.10 Sat October 3 2020
+ Bug fixes:
+ #390 #395 #398 Fix undefined behavior during parsing caused by
+ pointer arithmetic with NULL pointers
+ #404 #405 Fix reading uninitialized variable during parsing
+ #406 xmlwf: Add missing check for malloc NULL return
+
+ Other changes:
+ #396 Windows: Drop support for Visual Studio <=8.0/2005
+ #409 Windows: Add missing file "Changes" to the installer
+ to fix compilation with CMake from installed sources
+ #403 xmlwf: Document exit codes in xmlwf manpage and
+ exit with code 3 (rather than code 1) for output errors
+ when used with "-d DIRECTORY"
+ #356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0
+ #383 #392 Autotools: Use -Werror while configure tests the compiler
+ for supported compile flags to avoid false positives
+ #383 #393 #394 Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
+ e.g. ensure that they have the last word over flags added
+ while running ./configure
+ #360 CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
+ on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
+ #360 CMake: Detect and deny unsupported build combinations
+ involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
+ #360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case
+ of -DEXPAT_BUILD_DOCS=OFF
+ #375 #380 #419 CMake: Fix use of Expat by means of add_subdirectory
+ #407 #408 CMake: Keep expat target name constant at "expat"
+ (i.e. refrain from using the target name to control
+ build artifact filenames)
+ #385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
+ Windows
+ CMake: Expose man page compilation as target "xmlwf-manpage"
+ #413 #414 CMake: Introduce option EXPAT_BUILD_PKGCONFIG
+ to control generation of pkg-config file "expat.pc"
+ #424 CMake: Add minimalistic support for building binary packages
+ with CMake target "package"; based on CPack
+ #366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
+ default OFF to build fuzzer code against OSS-Fuzz and
+ related environment variable LIB_FUZZING_ENGINE
+ #354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
+ #354 #355 ..
+ #356 #412 Address compiler warnings
+ #368 #369 Address pngcheck warnings with doc/*.png images
+ #425 Version info bumped from 7:11:6 to 7:12:6
+
+ Special thanks to:
+ asavah
+ Ben Wagner
+ Bhargava Shastry
+ Frank Landgraf
+ Jeffrey Walton
+ Joe Orton
+ Kleber Tarcísio
+ Ma Lin
+ Maciej Sroczyński
+ Mohammed Khajapasha
+ Vadim Zeitlin
+ and
+ Cppcheck 2.0 and the Cppcheck team
+
+Release 2.2.9 Wed September 25 2019
Other changes:
examples: Drop executable bits from elements.c
#349 Windows: Change the name of the Windows DLLs from expat*.dll
@@ -17,7 +422,7 @@ Release 2.2.9 Wed Septemper 25 2019
Special thanks to:
Ben Wagner
-Release 2.2.8 Fri Septemper 13 2019
+Release 2.2.8 Fri September 13 2019
Security fixes:
#317 #318 CVE-2019-15903 -- Fix heap overflow triggered by
XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
@@ -115,10 +520,10 @@ Release 2.2.8 Fri Septemper 13 2019
Special thanks to:
David Loffredo
Joonun Jang
- Khajapasha Mohammed
Kishore Kunche
Marco Maggi
Mitch Phillips
+ Mohammed Khajapasha
Rolf Ade
xantares
Zhongyuan Zhou
diff --git a/contrib/expat/Makefile.am b/contrib/expat/Makefile.am
index 5e1d37dd1a83..37ae3738edd3 100644
--- a/contrib/expat/Makefile.am
+++ b/contrib/expat/Makefile.am
@@ -6,7 +6,9 @@
# \___/_/\_\ .__/ \__,_|\__|
# |_| XML parser
#
-# Copyright (c) 2017 Expat development team
+# Copyright (c) 2017-2021 Sebastian Pipping <sebastian@pipping.org>
+# Copyright (c) 2018 KangLin <kl222@126.com>
+# Copyright (c) 2022 Johnny Jazeix <jazeix@gmail.com>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -53,20 +55,36 @@ pkgconfig_DATA = expat.pc
pkgconfigdir = $(libdir)/pkgconfig
+dist_cmake_DATA = \
+ cmake/autotools/expat.cmake
+
+nodist_cmake_DATA = \
+ cmake/autotools/expat-config-version.cmake \
+ cmake/autotools/expat-noconfig.cmake \
+ cmake/expat-config.cmake
+
+cmakedir = $(libdir)/cmake/expat-@PACKAGE_VERSION@
+
+
_EXTRA_DIST_CMAKE = \
- cmake/expat-config.cmake.in \
+ cmake/autotools/expat-noconfig__linux.cmake.in \
+ cmake/autotools/expat-noconfig__macos.cmake.in \
+ cmake/autotools/expat-noconfig__windows.cmake.in \
+ cmake/autotools/expat-package-init.cmake \
cmake/mingw-toolchain.cmake \
\
CMakeLists.txt \
CMake.README \
ConfigureChecks.cmake \
+ expat.pc.cmake \
expat_config.h.cmake
_EXTRA_DIST_WINDOWS = \
win32/build_expat_iss.bat \
win32/expat.iss \
win32/MANIFEST.txt \
- win32/README.txt
+ win32/README.txt \
+ win32/version.rc
EXTRA_DIST = \
$(_EXTRA_DIST_CMAKE) \
@@ -74,11 +92,14 @@ EXTRA_DIST = \
\
conftools/expat.m4 \
conftools/get-version.sh \
- conftools/PrintPath \
+ \
+ fuzz/xml_parsebuffer_fuzzer.c \
+ fuzz/xml_parse_fuzzer.c \
\
xmlwf/xmlwf_helpgen.py \
xmlwf/xmlwf_helpgen.sh \
\
+ buildconf.sh \
Changes \
README.md \
\
diff --git a/contrib/expat/Makefile.in b/contrib/expat/Makefile.in
index 89bf68febc48..ea8c72e80ea3 100644
--- a/contrib/expat/Makefile.in
+++ b/contrib/expat/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -22,7 +22,9 @@
# \___/_/\_\ .__/ \__,_|\__|
# |_| XML parser
#
-# Copyright (c) 2017 Expat development team
+# Copyright (c) 2017-2021 Sebastian Pipping <sebastian@pipping.org>
+# Copyright (c) 2018 KangLin <kl222@126.com>
+# Copyright (c) 2022 Johnny Jazeix <jazeix@gmail.com>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining
@@ -138,12 +140,14 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
- $(am__configure_deps) $(am__DIST_COMMON)
+ $(am__configure_deps) $(dist_cmake_DATA) $(am__DIST_COMMON)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = expat_config.h
-CONFIG_CLEAN_FILES = expat.pc run.sh
+CONFIG_CLEAN_FILES = expat.pc cmake/expat-config.cmake \
+ cmake/autotools/expat-config-version.cmake \
+ cmake/autotools/expat-noconfig.cmake run.sh
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
@@ -199,8 +203,9 @@ am__uninstall_files_from_dir = { \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
-am__installdirs = "$(DESTDIR)$(pkgconfigdir)"
-DATA = $(pkgconfig_DATA)
+am__installdirs = "$(DESTDIR)$(cmakedir)" "$(DESTDIR)$(cmakedir)" \
+ "$(DESTDIR)$(pkgconfigdir)"
+DATA = $(dist_cmake_DATA) $(nodist_cmake_DATA) $(pkgconfig_DATA)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
am__recursive_targets = \
@@ -209,8 +214,8 @@ am__recursive_targets = \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
cscope distdir distdir-am dist dist-all distcheck
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
- $(LISP)expat_config.h.in
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \
+ expat_config.h.in
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
@@ -227,18 +232,17 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-CSCOPE = cscope
DIST_SUBDIRS = lib examples tests xmlwf doc
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/expat.pc.in \
$(srcdir)/expat_config.h.in $(srcdir)/run.sh.in \
+ $(top_srcdir)/cmake/autotools/expat-config-version.cmake.in \
+ $(top_srcdir)/cmake/expat-config.cmake.in \
$(top_srcdir)/conftools/ar-lib $(top_srcdir)/conftools/compile \
$(top_srcdir)/conftools/config.guess \
$(top_srcdir)/conftools/config.sub \
$(top_srcdir)/conftools/install-sh \
$(top_srcdir)/conftools/ltmain.sh \
- $(top_srcdir)/conftools/missing AUTHORS COPYING \
+ $(top_srcdir)/conftools/missing AUTHORS COPYING README.md \
conftools/ar-lib conftools/compile conftools/config.guess \
conftools/config.sub conftools/depcomp conftools/install-sh \
conftools/ltmain.sh conftools/missing
@@ -281,13 +285,19 @@ DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.bz2 $(distdir).tar.lz \
$(distdir).tar.xz
GZIP_ENV = --best
DIST_TARGETS = dist-lzip dist-xz dist-bzip2 dist-gzip
+# Exists only to be overridden by the user if desired.
+AM_DISTCHECK_DVI_TARGET = dvi
distuninstallcheck_listfiles = find . -type f -print
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
distcleancheck_listfiles = find . -type f -print
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
+AM_CFLAGS = @AM_CFLAGS@
+AM_CPPFLAGS = @AM_CPPFLAGS@
+AM_CXXFLAGS = @AM_CXXFLAGS@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AM_LDFLAGS = @AM_LDFLAGS@
AR = @AR@
AS = @AS@
AUTOCONF = @AUTOCONF@
@@ -297,8 +307,10 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
+CMAKE_SHARED_LIBRARY_PREFIX = @CMAKE_SHARED_LIBRARY_PREFIX@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CXX = @CXX@
CXXCPP = @CXXCPP@
CXXDEPMODE = @CXXDEPMODE@
@@ -314,7 +326,15 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
+EXPAT_ATTR_INFO = @EXPAT_ATTR_INFO@
+EXPAT_CHAR_TYPE = @EXPAT_CHAR_TYPE@
+EXPAT_CONTEXT_BYTES = @EXPAT_CONTEXT_BYTES@
+EXPAT_DTD = @EXPAT_DTD@
+EXPAT_LARGE_SIZE = @EXPAT_LARGE_SIZE@
+EXPAT_MIN_SIZE = @EXPAT_MIN_SIZE@
+EXPAT_NS = @EXPAT_NS@
FGREP = @FGREP@
FILEMAP = @FILEMAP@
GREP = @GREP@
@@ -327,6 +347,8 @@ LD = @LD@
LDFLAGS = @LDFLAGS@
LIBAGE = @LIBAGE@
LIBCURRENT = @LIBCURRENT@
+LIBDIR_BASENAME = @LIBDIR_BASENAME@
+LIBM = @LIBM@
LIBOBJS = @LIBOBJS@
LIBREVISION = @LIBREVISION@
LIBS = @LIBS@
@@ -356,6 +378,9 @@ RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SO_MAJOR = @SO_MAJOR@
+SO_MINOR = @SO_MINOR@
+SO_PATCH = @SO_PATCH@
STRIP = @STRIP@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
@@ -366,6 +391,7 @@ ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+ac_cv_sizeof_void_p = @ac_cv_sizeof_void_p@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
@@ -403,6 +429,7 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@@ -423,20 +450,34 @@ LIBTOOLFLAGS = --verbose
SUBDIRS = lib $(am__append_1) $(am__append_2) $(am__append_3)
pkgconfig_DATA = expat.pc
pkgconfigdir = $(libdir)/pkgconfig
+dist_cmake_DATA = \
+ cmake/autotools/expat.cmake
+
+nodist_cmake_DATA = \
+ cmake/autotools/expat-config-version.cmake \
+ cmake/autotools/expat-noconfig.cmake \
+ cmake/expat-config.cmake
+
+cmakedir = $(libdir)/cmake/expat-@PACKAGE_VERSION@
_EXTRA_DIST_CMAKE = \
- cmake/expat-config.cmake.in \
+ cmake/autotools/expat-noconfig__linux.cmake.in \
+ cmake/autotools/expat-noconfig__macos.cmake.in \
+ cmake/autotools/expat-noconfig__windows.cmake.in \
+ cmake/autotools/expat-package-init.cmake \
cmake/mingw-toolchain.cmake \
\
CMakeLists.txt \
CMake.README \
ConfigureChecks.cmake \
+ expat.pc.cmake \
expat_config.h.cmake
_EXTRA_DIST_WINDOWS = \
win32/build_expat_iss.bat \
win32/expat.iss \
win32/MANIFEST.txt \
- win32/README.txt
+ win32/README.txt \
+ win32/version.rc
EXTRA_DIST = \
$(_EXTRA_DIST_CMAKE) \
@@ -444,11 +485,14 @@ EXTRA_DIST = \
\
conftools/expat.m4 \
conftools/get-version.sh \
- conftools/PrintPath \
+ \
+ fuzz/xml_parsebuffer_fuzzer.c \
+ fuzz/xml_parse_fuzzer.c \
\
xmlwf/xmlwf_helpgen.py \
xmlwf/xmlwf_helpgen.sh \
\
+ buildconf.sh \
Changes \
README.md \
\
@@ -509,6 +553,12 @@ distclean-hdr:
-rm -f expat_config.h stamp-h1
expat.pc: $(top_builddir)/config.status $(srcdir)/expat.pc.in
cd $(top_builddir) && $(SHELL) ./config.status $@
+cmake/expat-config.cmake: $(top_builddir)/config.status $(top_srcdir)/cmake/expat-config.cmake.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+cmake/autotools/expat-config-version.cmake: $(top_builddir)/config.status $(top_srcdir)/cmake/autotools/expat-config-version.cmake.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+cmake/autotools/expat-noconfig.cmake: $(top_builddir)/config.status
+ cd $(top_builddir) && $(SHELL) ./config.status $@
run.sh: $(top_builddir)/config.status $(srcdir)/run.sh.in
cd $(top_builddir) && $(SHELL) ./config.status $@
@@ -520,6 +570,48 @@ clean-libtool:
distclean-libtool:
-rm -f libtool config.lt
+install-dist_cmakeDATA: $(dist_cmake_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(dist_cmake_DATA)'; test -n "$(cmakedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(cmakedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(cmakedir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(cmakedir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(cmakedir)" || exit $$?; \
+ done
+
+uninstall-dist_cmakeDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_cmake_DATA)'; test -n "$(cmakedir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(cmakedir)'; $(am__uninstall_files_from_dir)
+install-nodist_cmakeDATA: $(nodist_cmake_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(nodist_cmake_DATA)'; test -n "$(cmakedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(cmakedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(cmakedir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(cmakedir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(cmakedir)" || exit $$?; \
+ done
+
+uninstall-nodist_cmakeDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nodist_cmake_DATA)'; test -n "$(cmakedir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(cmakedir)'; $(am__uninstall_files_from_dir)
install-pkgconfigDATA: $(pkgconfig_DATA)
@$(NORMAL_INSTALL)
@list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
@@ -647,7 +739,6 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
-
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
@@ -728,6 +819,10 @@ dist-xz: distdir
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
$(am__post_remove_distdir)
+dist-zstd: distdir
+ tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
+ $(am__post_remove_distdir)
+
dist-tarZ: distdir
@echo WARNING: "Support for distribution archives compressed with" \
"legacy program 'compress' is deprecated." >&2
@@ -770,6 +865,8 @@ distcheck: dist
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
+ *.tar.zst*) \
+ zstd -dc $(distdir).tar.zst | $(am__untar) ;;\
esac
chmod -R a-w $(distdir)
chmod u+w $(distdir)
@@ -785,7 +882,7 @@ distcheck: dist
$(DISTCHECK_CONFIGURE_FLAGS) \
--srcdir=../.. --prefix="$$dc_install_base" \
&& $(MAKE) $(AM_MAKEFLAGS) \
- && $(MAKE) $(AM_MAKEFLAGS) dvi \
+ && $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
&& $(MAKE) $(AM_MAKEFLAGS) check \
&& $(MAKE) $(AM_MAKEFLAGS) install \
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
@@ -841,7 +938,7 @@ check: check-recursive
all-am: Makefile $(DATA) expat_config.h
installdirs: installdirs-recursive
installdirs-am:
- for dir in "$(DESTDIR)$(pkgconfigdir)"; do \
+ for dir in "$(DESTDIR)$(cmakedir)" "$(DESTDIR)$(cmakedir)" "$(DESTDIR)$(pkgconfigdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-recursive
@@ -896,7 +993,8 @@ info: info-recursive
info-am:
-install-data-am: install-pkgconfigDATA
+install-data-am: install-dist_cmakeDATA install-nodist_cmakeDATA \
+ install-pkgconfigDATA
install-dvi: install-dvi-recursive
@@ -942,7 +1040,8 @@ ps: ps-recursive
ps-am:
-uninstall-am: uninstall-pkgconfigDATA
+uninstall-am: uninstall-dist_cmakeDATA uninstall-nodist_cmakeDATA \
+ uninstall-pkgconfigDATA
.MAKE: $(am__recursive_targets) all install-am install-strip
@@ -950,18 +1049,21 @@ uninstall-am: uninstall-pkgconfigDATA
am--refresh check check-am clean clean-cscope clean-generic \
clean-libtool cscope cscopelist-am ctags ctags-am dist \
dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
- dist-xz dist-zip distcheck distclean distclean-generic \
- distclean-hdr distclean-libtool distclean-tags distcleancheck \
- distdir distuninstallcheck dvi dvi-am html html-am info \
- info-am install install-am install-data install-data-am \
+ dist-xz dist-zip dist-zstd distcheck distclean \
+ distclean-generic distclean-hdr distclean-libtool \
+ distclean-tags distcleancheck distdir distuninstallcheck dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dist_cmakeDATA \
*** 9875 LINES SKIPPED ***