From nobody Wed Mar 02 22:41:33 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1F68819EDA7B; Wed, 2 Mar 2022 22:41:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K88HL0JPJz3p9H; Wed, 2 Mar 2022 22:41:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646260894; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1otFDcOV0Rcwvor7QjxOLIGC7EeMb9QDv2rG7Dbf5+s=; b=fvevoT9TEeLJnlWzA1f2R3j1fEwR78pgjU94OVoIRfU45+iQfiD2QeD4y4c9mV2FcbmOl6 gAfJJl2zCSRXG1OshQOWLYyS2FuHKka/FeIOGyWQM27t2T4/JAemqVru6s4bOH0fqqI+lK M/rAS2c+MfoCRNV+GFz6TLw2s5NRCZKZbMjM7DxYJHiuxPFQSEsbuQrTyNZDv/NHObdI4p 4tTMCbjIOhGIK9NCIQ5fIL64oGjt/CqCfIqQKGofd2JbhK1QE4A7dn1eMNyf7BnYMRb4ru mqnm6PiHszVQrwM1oUpQaMdTthHjvLsAiatxxTzvhReV6Ik2NpMa4ik/AlUWUQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DED704170; Wed, 2 Mar 2022 22:41:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 222MfXPS032760; Wed, 2 Mar 2022 22:41:33 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 222MfXHx032757; Wed, 2 Mar 2022 22:41:33 GMT (envelope-from git) Date: Wed, 2 Mar 2022 22:41:33 GMT Message-Id: <202203022241.222MfXHx032757@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Eric van Gyzen Subject: git: ac69e5d47101 - main - MFV d1b143ee9a5: libbsdxml (expat) 2.4.6 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: vangyzen X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ac69e5d471014c95070cd6294db315089a62725b Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646260894; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1otFDcOV0Rcwvor7QjxOLIGC7EeMb9QDv2rG7Dbf5+s=; b=IZw6Ddxui65NZtWKXbtgwXVgDAmBRynu4oezBSv9LbnzR6n7uo7ABS38d10x5soEwqBEKB V39MNJe6cqk4kyherOZUmWCnkM5OEnRlY0MvyLItGeDolfTPG3d+ugKT2jXZK2zIa1QEJg f87wSCRtHpnXL2ceYA0H3GlRGRYXrA0+uGOyAjV6tQ5ibemDWKVZw48GXY9WubQ4TDbE58 3Bf036aBNQYjQr2DHcvywp8W3tZucqr3zWXHRYc0GNHuPFGzl/8Mi8vh6N8cRfLtOhZLRJ Bf+G9mAUd4MQvTkxj2q/bevOZFC5yRD8iidRqwVEggA/aVYU2TyvOh3KKKTgnQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1646260894; a=rsa-sha256; cv=none; b=n6beCC7mKMQN5ehuH5oSXEFEpxF4q6N3UI9W7abb+HBRqX+tfTj+rJqXq2om5otJCSGsQg pB7RfJFfCIATL2bCuN0+lAh5ZJRom755tcsMJ1fSuWyPGFLVP3x8U9V4KlI3Mdc4mghGDZ a1yPzhSVOnU82lkoHDTI8tBHpJnuB2wi1xgEY91twGlIrANeByG2Vpv53J/wsVmmR/fTFr b7XqScSX7tryCJw3v2F3+0kNVHhQoLCjJ4IofW6+SGjdvk6Jedid7COEBwW/EY9FGI6qcc s3gKNKMmAiZROmq/+ti4j6nFSIux9GgDlawdSKcx7+R1Qb3AZsi2qHpG7RqjbA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by vangyzen: URL: https://cgit.FreeBSD.org/src/commit/?id=ac69e5d471014c95070cd6294db315089a62725b commit ac69e5d471014c95070cd6294db315089a62725b Merge: 17f564a784e9 d1b143ee9a5c Author: Eric van Gyzen AuthorDate: 2022-03-02 20:07:27 +0000 Commit: Eric van Gyzen CommitDate: 2022-03-02 22:40:47 +0000 MFV d1b143ee9a5: libbsdxml (expat) 2.4.6 Update contrib/expat from 2.4.3 to 2.4.6 to fix multiple vulnerabilities. Reviewed by: delphij MFC after: 2 weeks Relnotes: yes Security: yes; see contrib/expat/Changes since 2.4.3 Sponsored by: Dell EMC Isilon contrib/expat/Changes | 95 +++++++++++ contrib/expat/Makefile.in | 1 + contrib/expat/README.md | 2 +- contrib/expat/configure.ac | 12 +- contrib/expat/doc/Makefile.am | 3 +- contrib/expat/doc/Makefile.in | 4 +- contrib/expat/doc/reference.html | 2 +- contrib/expat/doc/xmlwf.1 | 2 +- contrib/expat/doc/xmlwf.xml | 4 +- contrib/expat/examples/Makefile.in | 1 + contrib/expat/examples/elements.c | 2 +- contrib/expat/examples/outline.c | 2 +- contrib/expat/lib/Makefile.in | 1 + contrib/expat/lib/expat.h | 2 +- contrib/expat/lib/xmlparse.c | 195 ++++++++++++++++------- contrib/expat/lib/xmlrole.c | 2 +- contrib/expat/lib/xmltok.c | 9 +- contrib/expat/lib/xmltok_impl.c | 20 ++- contrib/expat/tests/Makefile.in | 1 + contrib/expat/tests/benchmark/Makefile.in | 1 + contrib/expat/tests/benchmark/benchmark.c | 2 +- contrib/expat/tests/runtests.c | 251 +++++++++++++++++++++++++++++- contrib/expat/xmlwf/Makefile.in | 1 + contrib/expat/xmlwf/xmlfile.c | 2 +- contrib/expat/xmlwf/xmlwf.c | 8 +- 25 files changed, 529 insertions(+), 96 deletions(-) diff --cc contrib/expat/README.md index 6fdd6148714b,000000000000..959c4a6e94a7 mode 100644,000000..100644 --- a/contrib/expat/README.md +++ b/contrib/expat/README.md @@@ -1,269 -1,0 +1,269 @@@ +[![Run Linux Travis CI tasks](https://github.com/libexpat/libexpat/actions/workflows/linux.yml/badge.svg)](https://github.com/libexpat/libexpat/actions/workflows/linux.yml) +[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/github/libexpat/libexpat?svg=true)](https://ci.appveyor.com/project/libexpat/libexpat) +[![Packaging status](https://repology.org/badge/tiny-repos/expat.svg)](https://repology.org/metapackage/expat/versions) +[![Downloads SourceForge](https://img.shields.io/sourceforge/dt/expat?label=Downloads%20SourceForge)](https://sourceforge.net/projects/expat/files/) +[![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases) + + - # Expat, Release 2.4.3 ++# Expat, Release 2.4.6 + +This is Expat, a C library for parsing XML, started by +[James Clark](https://en.wikipedia.org/wiki/James_Clark_%28programmer%29) in 1997. +Expat is a stream-oriented XML parser. This means that you register +handlers with the parser before starting the parse. These handlers +are called when the parser discovers the associated structures in the +document being parsed. A start tag is an example of the kind of +structures for which you may register handlers. + +Expat supports the following compilers: + +- GNU GCC >=4.5 +- LLVM Clang >=3.5 +- Microsoft Visual Studio >=15.0/2017 (rolling `${today} minus 5 years`) + +Windows users can use the +[`expat-win32bin-*.*.*.{exe,zip}` download](https://github.com/libexpat/libexpat/releases), +which includes both pre-compiled libraries and executables, and source code for +developers. + +Expat is [free software](https://www.gnu.org/philosophy/free-sw.en.html). +You may copy, distribute, and modify it under the terms of the License +contained in the file +[`COPYING`](https://github.com/libexpat/libexpat/blob/master/expat/COPYING) +distributed with this package. +This license is the same as the MIT/X Consortium license. + + +## Using libexpat in your CMake-Based Project + +There are two ways of using libexpat with CMake: + +### a) Module Mode + +This approach leverages CMake's own [module `FindEXPAT`](https://cmake.org/cmake/help/latest/module/FindEXPAT.html). + +Notice the *uppercase* `EXPAT` in the following example: + +```cmake +cmake_minimum_required(VERSION 3.0) # or 3.10, see below + +project(hello VERSION 1.0.0) + +find_package(EXPAT 2.2.8 MODULE REQUIRED) + +add_executable(hello + hello.c +) + +# a) for CMake >=3.10 (see CMake's FindEXPAT docs) +target_link_libraries(hello PUBLIC EXPAT::EXPAT) + +# b) for CMake >=3.0 +target_include_directories(hello PRIVATE ${EXPAT_INCLUDE_DIRS}) +target_link_libraries(hello PUBLIC ${EXPAT_LIBRARIES}) +``` + +### b) Config Mode + +This approach requires files from… + +- libexpat >=2.2.8 where packaging uses the CMake build system +or +- libexpat >=2.3.0 where packaging uses the GNU Autotools build system + on Linux +or +- libexpat >=2.4.0 where packaging uses the GNU Autotools build system + on macOS or MinGW. + +Notice the *lowercase* `expat` in the following example: + +```cmake +cmake_minimum_required(VERSION 3.0) + +project(hello VERSION 1.0.0) + +find_package(expat 2.2.8 CONFIG REQUIRED char dtd ns) + +add_executable(hello + hello.c +) + +target_link_libraries(hello PUBLIC expat::expat) +``` + + +## Building from a Git Clone + +If you are building Expat from a check-out from the +[Git repository](https://github.com/libexpat/libexpat/), +you need to run a script that generates the configure script using the +GNU autoconf and libtool tools. To do this, you need to have +autoconf 2.58 or newer. Run the script like this: + +```console +./buildconf.sh +``` + +Once this has been done, follow the same instructions as for building +from a source distribution. + + +## Building from a Source Distribution + +### a) Building with the configure script (i.e. GNU Autotools) + +To build Expat from a source distribution, you first run the +configuration shell script in the top level distribution directory: + +```console +./configure +``` + +There are many options which you may provide to configure (which you +can discover by running configure with the `--help` option). But the +one of most interest is the one that sets the installation directory. +By default, the configure script will set things up to install +libexpat into `/usr/local/lib`, `expat.h` into `/usr/local/include`, and +`xmlwf` into `/usr/local/bin`. If, for example, you'd prefer to install +into `/home/me/mystuff/lib`, `/home/me/mystuff/include`, and +`/home/me/mystuff/bin`, you can tell `configure` about that with: + +```console +./configure --prefix=/home/me/mystuff +``` + +Another interesting option is to enable 64-bit integer support for +line and column numbers and the over-all byte index: + +```console +./configure CPPFLAGS=-DXML_LARGE_SIZE +``` + +However, such a modification would be a breaking change to the ABI +and is therefore not recommended for general use — e.g. as part of +a Linux distribution — but rather for builds with special requirements. + +After running the configure script, the `make` command will build +things and `make install` will install things into their proper +location. Have a look at the `Makefile` to learn about additional +`make` options. Note that you need to have write permission into +the directories into which things will be installed. + +If you are interested in building Expat to provide document +information in UTF-16 encoding rather than the default UTF-8, follow +these instructions (after having run `make distclean`). +Please note that we configure with `--without-xmlwf` as xmlwf does not +support this mode of compilation (yet): + +1. Mass-patch `Makefile.am` files to use `libexpatw.la` for a library name: +
+ `find -name Makefile.am -exec sed + -e 's,libexpat\.la,libexpatw.la,' + -e 's,libexpat_la,libexpatw_la,' + -i {} +` + +1. Run `automake` to re-write `Makefile.in` files:
+ `automake` + +1. For UTF-16 output as unsigned short (and version/error strings as char), + run:
+ `./configure CPPFLAGS=-DXML_UNICODE --without-xmlwf`
+ For UTF-16 output as `wchar_t` (incl. version/error strings), run:
+ `./configure CFLAGS="-g -O2 -fshort-wchar" CPPFLAGS=-DXML_UNICODE_WCHAR_T + --without-xmlwf` +
Note: The latter requires libc compiled with `-fshort-wchar`, as well. + +1. Run `make` (which excludes xmlwf). + +1. Run `make install` (again, excludes xmlwf). + +Using `DESTDIR` is supported. It works as follows: + +```console +make install DESTDIR=/path/to/image +``` + +overrides the in-makefile set `DESTDIR`, because variable-setting priority is + +1. commandline +1. in-makefile +1. environment + +Note: This only applies to the Expat library itself, building UTF-16 versions +of xmlwf and the tests is currently not supported. + +When using Expat with a project using autoconf for configuration, you +can use the probing macro in `conftools/expat.m4` to determine how to +include Expat. See the comments at the top of that file for more +information. + +A reference manual is available in the file `doc/reference.html` in this +distribution. + + +### b) Building with CMake + +The CMake build system is still *experimental* and may replace the primary +build system based on GNU Autotools at some point when it is ready. + + +#### Available Options + +For an idea of the available (non-advanced) options for building with CMake: + +```console +# rm -f CMakeCache.txt ; cmake -D_EXPAT_HELP=ON -LH . | grep -B1 ':.*=' | sed 's,^--$,,' +// Choose the type of build, options are: None Debug Release RelWithDebInfo MinSizeRel ... +CMAKE_BUILD_TYPE:STRING= + +// Install path prefix, prepended onto install directories. +CMAKE_INSTALL_PREFIX:PATH=/usr/local + +// Path to a program. +DOCBOOK_TO_MAN:FILEPATH=/usr/bin/docbook2x-man + +// build man page for xmlwf +EXPAT_BUILD_DOCS:BOOL=ON + +// build the examples for expat library +EXPAT_BUILD_EXAMPLES:BOOL=ON + +// build fuzzers for the expat library +EXPAT_BUILD_FUZZERS:BOOL=OFF + +// build pkg-config file +EXPAT_BUILD_PKGCONFIG:BOOL=ON + +// build the tests for expat library +EXPAT_BUILD_TESTS:BOOL=ON + +// build the xmlwf tool for expat library +EXPAT_BUILD_TOOLS:BOOL=ON + +// Character type to use (char|ushort|wchar_t) [default=char] +EXPAT_CHAR_TYPE:STRING=char + +// install expat files in cmake install target +EXPAT_ENABLE_INSTALL:BOOL=ON + +// Use /MT flag (static CRT) when compiling in MSVC +EXPAT_MSVC_STATIC_CRT:BOOL=OFF + +// build fuzzers via ossfuzz for the expat library +EXPAT_OSSFUZZ_BUILD:BOOL=OFF + +// build a shared expat library +EXPAT_SHARED_LIBS:BOOL=ON + +// Treat all compiler warnings as errors +EXPAT_WARNINGS_AS_ERRORS:BOOL=OFF + +// Make use of getrandom function (ON|OFF|AUTO) [default=AUTO] +EXPAT_WITH_GETRANDOM:STRING=AUTO + +// utilize libbsd (for arc4random_buf) +EXPAT_WITH_LIBBSD:BOOL=OFF + +// Make use of syscall SYS_getrandom (ON|OFF|AUTO) [default=AUTO] +EXPAT_WITH_SYS_GETRANDOM:STRING=AUTO +```