git: 8a7b2fbbaae4 - stable/12 - MFV 66082b6c88b9: libbsdxml (expat) 2.4.9
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 23 Sep 2022 15:28:18 UTC
The branch stable/12 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=8a7b2fbbaae423161ba8f92b0cff6f710d12b2a7 commit 8a7b2fbbaae423161ba8f92b0cff6f710d12b2a7 Author: Xin LI <delphij@FreeBSD.org> AuthorDate: 2022-09-21 06:54:38 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2022-09-23 15:28:11 +0000 MFV 66082b6c88b9: libbsdxml (expat) 2.4.9 (cherry picked from commit 71f0c44a045421bed4f27fefdb3caf30e1b54fe4) --- contrib/expat/COPYING | 2 +- contrib/expat/Changes | 85 ++++++++++++++++++++++++++++++- contrib/expat/Makefile.in | 1 + contrib/expat/README.md | 22 ++++---- contrib/expat/buildconf.sh | 4 +- contrib/expat/configure.ac | 7 +-- contrib/expat/doc/Makefile.in | 1 + contrib/expat/doc/reference.html | 10 ++-- contrib/expat/doc/xmlwf.1 | 2 +- contrib/expat/doc/xmlwf.xml | 2 +- contrib/expat/examples/Makefile.in | 1 + contrib/expat/fix-xmltest-log.sh | 4 +- contrib/expat/lib/Makefile.am | 5 +- contrib/expat/lib/Makefile.in | 6 +-- contrib/expat/lib/expat.h | 2 +- contrib/expat/lib/internal.h | 6 ++- contrib/expat/lib/siphash.h | 2 +- contrib/expat/lib/xmlparse.c | 19 ++++--- contrib/expat/lib/xmltok.c | 7 +-- contrib/expat/lib/xmltok_impl.c | 6 ++- contrib/expat/tests/Makefile.in | 1 + contrib/expat/tests/benchmark/Makefile.in | 1 + contrib/expat/tests/runtests.c | 80 +++++++++++++++++++++++++++-- contrib/expat/xmlwf/Makefile.in | 1 + contrib/expat/xmlwf/win32filemap.c | 5 +- contrib/expat/xmlwf/xmlwf.c | 3 +- lib/libexpat/expat_config.h | 6 +-- lib/libexpat/libbsdxml.3 | 4 +- 28 files changed, 238 insertions(+), 57 deletions(-) diff --git a/contrib/expat/COPYING b/contrib/expat/COPYING index 3c0142e71c8d..ce9e5939291e 100644 --- a/contrib/expat/COPYING +++ b/contrib/expat/COPYING @@ -1,5 +1,5 @@ Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper -Copyright (c) 2001-2019 Expat maintainers +Copyright (c) 2001-2022 Expat maintainers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/contrib/expat/Changes b/contrib/expat/Changes index 95f697b39a48..cfc83a09dae3 100644 --- a/contrib/expat/Changes +++ b/contrib/expat/Changes @@ -2,6 +2,88 @@ NOTE: We are looking for help with a few things: https://github.com/libexpat/libexpat/labels/help%20wanted If you can help, please get in touch. Thanks! +Release 2.4.9 Tue September 20 2022 + Security fixes: + #629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in + function doContent. Expected impact is denial of service + or potentially arbitrary code execution. + + Bug fixes: + #634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0 + #614 docs: Fix documentation on effect of switch XML_DTD on + symbol visibility in doc/reference.html + + Other changes: + #638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output + #596 #625 Autotools: Sync CMake templates with CMake 3.22 + #608 CMake: Migrate from use of CMAKE_*_POSTFIX to + dedicated variables EXPAT_*_POSTFIX to stop affecting + other projects + #597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners + and fuzzers + #512 #621 Windows|CMake: Render .def file from a template to fix + linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON + #611 #621 MinGW|CMake: Apply MSVC .def file when linking + #622 #624 MinGW|CMake: Sync library name with GNU Autotools, + i.e. produce libexpat-1.dll rather than libexpat.dll + by default. Filename libexpat.dll.a is unaffected. + #632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in + toolchain file "cmake/mingw-toolchain.cmake" to avoid + error "windres: Command not found" on e.g. Ubuntu 20.04 + #597 #627 CMake: Unify inconsistent use of set() and option() in + context of public build time options to take need for + set(.. FORCE) in projects using Expat by means of + add_subdirectory(..) off Expat's users' shoulders + #626 #641 Stop exporting API symbols when building a static library + #644 Resolve use of deprecated "fgrep" by "grep -F" + #620 CMake: Make documentation on variables a bit more consistent + #636 CMake: Drop leading whitespace from a #cmakedefine line in + file expat_config.h.cmake + #594 xmlwf: Fix harmless variable mix-up in function nsattcmp + #592 #593 #610 Address Cppcheck warnings + #643 Address Clang 15 compiler warnings + #642 #644 Version info bumped from 9:8:8 to 9:9:8; + see https://verbump.de/ for what these numbers do + + Infrastructure: + #597 #598 CI: Windows: Start covering MSVC 2022 + #619 CI: macOS: Migrate off deprecated macOS 10.15 + #632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work + #643 CI: Upgrade Clang from 14 to 15 + #637 apply-clang-format.sh: Add support for BSD find + #633 coverage.sh: Exclude MinGW headers + #635 coverage.sh: Fix name collision for -funsigned-char + + Special thanks to: + David Faure + Felix Wilhelm + Frank Bergmann + Rhodri James + Rosen Penev + Thijs Schreijer + Vincent Torri + and + Google Project Zero + +Release 2.4.8 Mon March 28 2022 + Other changes: + #587 pkg-config: Move "-lm" to section "Libs.private" + #587 CMake|MSVC: Fix pkg-config section "Libs" + #55 #582 CMake|macOS: Start using linker arguments + "-compatibility_version <version>" and + "-current_version <version>" in a way compatible with + GNU Libtool + #590 #591 Version info bumped from 9:7:8 to 9:8:8; + see https://verbump.de/ for what these numbers do + + Infrastructure: + #589 CI: Upgrade Clang from 13 to 14 + + Special thanks to: + evpobr + Kai Pastor + Sam James + Release 2.4.7 Fri March 4 2022 Bug fixes: #572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5) @@ -190,7 +272,7 @@ Release 2.4.2 Sun December 19 2021 #498 Autotools: Include files with release archives: - buildconf.sh - fuzz/*.c - #507 #519 Autotools: Sync CMake templates + #507 #519 Autotools: Sync CMake templates with CMake 3.20 #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug) - multi-config CMake generators (e.g. Ninja Multi-Config) @@ -264,6 +346,7 @@ Release 2.4.0 Sun May 23 2021 #468 #469 xmlwf: Improve help output and the xmlwf man page #463 xmlwf: Improve maintainability through some refactoring #477 xmlwf: Fix man page DocBook validity + #456 Autotools: Sync CMake templates with CMake 3.18 #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS diff --git a/contrib/expat/Makefile.in b/contrib/expat/Makefile.in index ea8c72e80ea3..008c4109b793 100644 --- a/contrib/expat/Makefile.in +++ b/contrib/expat/Makefile.in @@ -336,6 +336,7 @@ EXPAT_LARGE_SIZE = @EXPAT_LARGE_SIZE@ EXPAT_MIN_SIZE = @EXPAT_MIN_SIZE@ EXPAT_NS = @EXPAT_NS@ FGREP = @FGREP@ +FILECMD = @FILECMD@ FILEMAP = @FILEMAP@ GREP = @GREP@ INSTALL = @INSTALL@ diff --git a/contrib/expat/README.md b/contrib/expat/README.md index 6bfbf130dbf3..c0ac8b0fb23a 100644 --- a/contrib/expat/README.md +++ b/contrib/expat/README.md @@ -5,7 +5,7 @@ [![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases) -# Expat, Release 2.4.7 +# Expat, Release 2.4.9 This is Expat, a C library for parsing XML, started by [James Clark](https://en.wikipedia.org/wiki/James_Clark_%28programmer%29) in 1997. @@ -222,37 +222,37 @@ CMAKE_INSTALL_PREFIX:PATH=/usr/local // Path to a program. DOCBOOK_TO_MAN:FILEPATH=/usr/bin/docbook2x-man -// build man page for xmlwf +// Build man page for xmlwf EXPAT_BUILD_DOCS:BOOL=ON -// build the examples for expat library +// Build the examples for expat library EXPAT_BUILD_EXAMPLES:BOOL=ON -// build fuzzers for the expat library +// Build fuzzers for the expat library EXPAT_BUILD_FUZZERS:BOOL=OFF -// build pkg-config file +// Build pkg-config file EXPAT_BUILD_PKGCONFIG:BOOL=ON -// build the tests for expat library +// Build the tests for expat library EXPAT_BUILD_TESTS:BOOL=ON -// build the xmlwf tool for expat library +// Build the xmlwf tool for expat library EXPAT_BUILD_TOOLS:BOOL=ON // Character type to use (char|ushort|wchar_t) [default=char] EXPAT_CHAR_TYPE:STRING=char -// install expat files in cmake install target +// Install expat files in cmake install target EXPAT_ENABLE_INSTALL:BOOL=ON // Use /MT flag (static CRT) when compiling in MSVC EXPAT_MSVC_STATIC_CRT:BOOL=OFF -// build fuzzers via ossfuzz for the expat library +// Build fuzzers via ossfuzz for the expat library EXPAT_OSSFUZZ_BUILD:BOOL=OFF -// build a shared expat library +// Build a shared expat library EXPAT_SHARED_LIBS:BOOL=ON // Treat all compiler warnings as errors @@ -261,7 +261,7 @@ EXPAT_WARNINGS_AS_ERRORS:BOOL=OFF // Make use of getrandom function (ON|OFF|AUTO) [default=AUTO] EXPAT_WITH_GETRANDOM:STRING=AUTO -// utilize libbsd (for arc4random_buf) +// Utilize libbsd (for arc4random_buf) EXPAT_WITH_LIBBSD:BOOL=OFF // Make use of syscall SYS_getrandom (ON|OFF|AUTO) [default=AUTO] diff --git a/contrib/expat/buildconf.sh b/contrib/expat/buildconf.sh index 5edbc565bc27..5e2b3269c256 100755 --- a/contrib/expat/buildconf.sh +++ b/contrib/expat/buildconf.sh @@ -6,7 +6,7 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2017-2021 Sebastian Pipping <sebastian@pipping.org> +# Copyright (c) 2017-2022 Sebastian Pipping <sebastian@pipping.org> # Copyright (c) 2018 Marco Maggi <marco.maggi-ipsu@poste.it> # Licensed under the MIT license: # @@ -40,7 +40,7 @@ set -e # not put SIZEOF_VOID_P in the eventual expat_config.h. patch_expat_config_h_in() { local filename="$1" - local sizeof_void_p_line_number="$(fgrep -n SIZEOF_VOID_P "${filename}" | awk -F: '{print $1}')" + local sizeof_void_p_line_number="$(grep -F -n SIZEOF_VOID_P "${filename}" | awk -F: '{print $1}')" [[ ${sizeof_void_p_line_number} =~ ^[0-9]+$ ]] # cheap assert local first_line_to_delete=$(( sizeof_void_p_line_number - 1 )) local last_line_to_delete=$(( sizeof_void_p_line_number + 1 )) diff --git a/contrib/expat/configure.ac b/contrib/expat/configure.ac index 7a7f013febc9..47216941658b 100644 --- a/contrib/expat/configure.ac +++ b/contrib/expat/configure.ac @@ -82,7 +82,7 @@ dnl If the API changes incompatibly set LIBAGE back to 0 dnl LIBCURRENT=9 # sync -LIBREVISION=7 # with +LIBREVISION=9 # with LIBAGE=8 # CMakeLists.txt! AC_CONFIG_HEADERS([expat_config.h]) @@ -134,8 +134,9 @@ AS_CASE(["$LD"],[*clang*], [*linux*],[archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'])]) EXPATCFG_COMPILER_SUPPORTS_VISIBILITY([ - AX_APPEND_FLAG([-fvisibility=hidden], [AM_CFLAGS]) - AX_APPEND_FLAG([-DXML_ENABLE_VISIBILITY=1], [AM_CPPFLAGS])]) + AX_APPEND_FLAG([-fvisibility=hidden], [AM_CFLAGS]) + AS_IF([test "${enable_shared}" = yes], + [AX_APPEND_FLAG([-DXML_ENABLE_VISIBILITY=1], [AM_CPPFLAGS])])]) dnl Checks for typedefs, structures, and compiler characteristics. diff --git a/contrib/expat/doc/Makefile.in b/contrib/expat/doc/Makefile.in index 9c7d76da2ce0..7fef3eda1897 100644 --- a/contrib/expat/doc/Makefile.in +++ b/contrib/expat/doc/Makefile.in @@ -238,6 +238,7 @@ EXPAT_LARGE_SIZE = @EXPAT_LARGE_SIZE@ EXPAT_MIN_SIZE = @EXPAT_MIN_SIZE@ EXPAT_NS = @EXPAT_NS@ FGREP = @FGREP@ +FILECMD = @FILECMD@ FILEMAP = @FILEMAP@ GREP = @GREP@ INSTALL = @INSTALL@ diff --git a/contrib/expat/doc/reference.html b/contrib/expat/doc/reference.html index 87ace02d456e..4ab8d5a76b2c 100644 --- a/contrib/expat/doc/reference.html +++ b/contrib/expat/doc/reference.html @@ -50,7 +50,7 @@ <div> <h1> The Expat XML Parser - <small>Release 2.4.7</small> + <small>Release 2.4.9</small> </h1> </div> <div class="content"> @@ -365,8 +365,12 @@ this is defined, default attribute values from an external DTD subset are reported and attribute value normalization occurs based on the type of attributes defined in the external subset. Without this, Expat has a smaller memory footprint and can be faster, but will -not load external entities or process conditional sections. This does -not affect the set of functions available in the API.</dd> +not load external entities or process conditional sections. If defined, makes +the functions <code><a +href="#XML_SetBillionLaughsAttackProtectionMaximumAmplification"> +XML_SetBillionLaughsAttackProtectionMaximumAmplification</a></code> and <code> +<a href="#XML_SetBillionLaughsAttackProtectionActivationThreshold"> +XML_SetBillionLaughsAttackProtectionActivationThreshold</a></code> available.</dd> <dt>XML_NS</dt> <dd>When defined, support for the <cite><a href= diff --git a/contrib/expat/doc/xmlwf.1 b/contrib/expat/doc/xmlwf.1 index aa024e0abed5..1c810df7d0c4 100644 --- a/contrib/expat/doc/xmlwf.1 +++ b/contrib/expat/doc/xmlwf.1 @@ -5,7 +5,7 @@ \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac -.TH XMLWF 1 "March 4, 2022" "" "" +.TH XMLWF 1 "September 20, 2022" "" "" .SH NAME xmlwf \- Determines if an XML document is well-formed .SH SYNOPSIS diff --git a/contrib/expat/doc/xmlwf.xml b/contrib/expat/doc/xmlwf.xml index 8b43a11ef3a8..09d8dc8940a7 100644 --- a/contrib/expat/doc/xmlwf.xml +++ b/contrib/expat/doc/xmlwf.xml @@ -21,7 +21,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ <!ENTITY dhfirstname "<firstname>Scott</firstname>"> <!ENTITY dhsurname "<surname>Bronson</surname>"> - <!ENTITY dhdate "<date>March 4, 2022</date>"> + <!ENTITY dhdate "<date>September 20, 2022</date>"> <!-- Please adjust this^^ date whenever cutting a new release. --> <!ENTITY dhsection "<manvolnum>1</manvolnum>"> <!ENTITY dhemail "<email>bronson@rinspin.com</email>"> diff --git a/contrib/expat/examples/Makefile.in b/contrib/expat/examples/Makefile.in index 8528d439290b..05c24409e9cc 100644 --- a/contrib/expat/examples/Makefile.in +++ b/contrib/expat/examples/Makefile.in @@ -259,6 +259,7 @@ EXPAT_LARGE_SIZE = @EXPAT_LARGE_SIZE@ EXPAT_MIN_SIZE = @EXPAT_MIN_SIZE@ EXPAT_NS = @EXPAT_NS@ FGREP = @FGREP@ +FILECMD = @FILECMD@ FILEMAP = @FILEMAP@ GREP = @GREP@ INSTALL = @INSTALL@ diff --git a/contrib/expat/fix-xmltest-log.sh b/contrib/expat/fix-xmltest-log.sh index 164ea4e3597f..7981cf3b00c8 100755 --- a/contrib/expat/fix-xmltest-log.sh +++ b/contrib/expat/fix-xmltest-log.sh @@ -6,7 +6,7 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2019 Sebastian Pipping <sebastian@pipping.org> +# Copyright (c) 2019-2022 Sebastian Pipping <sebastian@pipping.org> # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining @@ -42,6 +42,8 @@ sed \ -e '/^Application tried to create a window, but no driver could be loaded.$/d' \ -e '/^Make sure that your X server is running and that $DISPLAY is set correctly.$/d' \ -e '/^err:systray:initialize_systray Could not create tray window$/d' \ + -e '/^[0-9a-f]\+:err:/d' \ + -e '/^wine client error:/d' \ -e '/^In ibm\/invalid\/P49\/: Unhandled exception: unimplemented .\+/d' \ \ "${filename}" > "${tempfile}" diff --git a/contrib/expat/lib/Makefile.am b/contrib/expat/lib/Makefile.am index d5402496a299..0e0185b59120 100644 --- a/contrib/expat/lib/Makefile.am +++ b/contrib/expat/lib/Makefile.am @@ -6,7 +6,7 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2017-2021 Sebastian Pipping <sebastian@pipping.org> +# Copyright (c) 2017-2022 Sebastian Pipping <sebastian@pipping.org> # Copyright (c) 2017 Tomasz Kłoczko <kloczek@fedoraproject.org> # Copyright (c) 2019 David Loffredo <loffredo@steptools.com> # Licensed under the MIT license: @@ -74,8 +74,7 @@ EXTRA_DIST = \ iasciitab.h \ internal.h \ latin1tab.h \ - libexpat.def \ - libexpatw.def \ + libexpat.def.cmake \ nametab.h \ siphash.h \ utf8tab.h \ diff --git a/contrib/expat/lib/Makefile.in b/contrib/expat/lib/Makefile.in index 3581b6bf66b0..34bd215bc1a9 100644 --- a/contrib/expat/lib/Makefile.in +++ b/contrib/expat/lib/Makefile.in @@ -22,7 +22,7 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2017-2021 Sebastian Pipping <sebastian@pipping.org> +# Copyright (c) 2017-2022 Sebastian Pipping <sebastian@pipping.org> # Copyright (c) 2017 Tomasz Kłoczko <kloczek@fedoraproject.org> # Copyright (c) 2019 David Loffredo <loffredo@steptools.com> # Licensed under the MIT license: @@ -297,6 +297,7 @@ EXPAT_LARGE_SIZE = @EXPAT_LARGE_SIZE@ EXPAT_MIN_SIZE = @EXPAT_MIN_SIZE@ EXPAT_NS = @EXPAT_NS@ FGREP = @FGREP@ +FILECMD = @FILECMD@ FILEMAP = @FILEMAP@ GREP = @GREP@ INSTALL = @INSTALL@ @@ -435,8 +436,7 @@ EXTRA_DIST = \ iasciitab.h \ internal.h \ latin1tab.h \ - libexpat.def \ - libexpatw.def \ + libexpat.def.cmake \ nametab.h \ siphash.h \ utf8tab.h \ diff --git a/contrib/expat/lib/expat.h b/contrib/expat/lib/expat.h index c9214f64070a..2b47ce2a8d3a 100644 --- a/contrib/expat/lib/expat.h +++ b/contrib/expat/lib/expat.h @@ -1055,7 +1055,7 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold( */ #define XML_MAJOR_VERSION 2 #define XML_MINOR_VERSION 4 -#define XML_MICRO_VERSION 7 +#define XML_MICRO_VERSION 9 #ifdef __cplusplus } diff --git a/contrib/expat/lib/internal.h b/contrib/expat/lib/internal.h index 444eba0fb031..e09f533b23c9 100644 --- a/contrib/expat/lib/internal.h +++ b/contrib/expat/lib/internal.h @@ -28,7 +28,7 @@ Copyright (c) 2002-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net> Copyright (c) 2002-2006 Karl Waclawek <karl@waclawek.net> Copyright (c) 2003 Greg Stein <gstein@users.sourceforge.net> - Copyright (c) 2016-2021 Sebastian Pipping <sebastian@pipping.org> + Copyright (c) 2016-2022 Sebastian Pipping <sebastian@pipping.org> Copyright (c) 2018 Yury Gribov <tetra2005@gmail.com> Copyright (c) 2019 David Loffredo <loffredo@steptools.com> Licensed under the MIT license: @@ -107,7 +107,9 @@ #include <limits.h> // ULONG_MAX -#if defined(_WIN32) && ! defined(__USE_MINGW_ANSI_STDIO) +#if defined(_WIN32) \ + && (! defined(__USE_MINGW_ANSI_STDIO) \ + || (1 - __USE_MINGW_ANSI_STDIO - 1 == 0)) # define EXPAT_FMT_ULL(midpart) "%" midpart "I64u" # if defined(_WIN64) // Note: modifiers "td" and "zu" do not work for MinGW # define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "I64d" diff --git a/contrib/expat/lib/siphash.h b/contrib/expat/lib/siphash.h index e5406d7ee9eb..303283ad2de9 100644 --- a/contrib/expat/lib/siphash.h +++ b/contrib/expat/lib/siphash.h @@ -106,7 +106,7 @@ * if this code is included and compiled as C++; related GCC warning is: * warning: use of C++11 long long integer constant [-Wlong-long] */ -#define _SIP_ULL(high, low) (((uint64_t)high << 32) | low) +#define _SIP_ULL(high, low) ((((uint64_t)high) << 32) | (low)) #define SIP_ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b)))) diff --git a/contrib/expat/lib/xmlparse.c b/contrib/expat/lib/xmlparse.c index 05216d997b07..c0bece51d700 100644 --- a/contrib/expat/lib/xmlparse.c +++ b/contrib/expat/lib/xmlparse.c @@ -1,4 +1,4 @@ -/* fcb1a62fefa945567301146eb98e3ad3413e823a41c4378e84e8b6b6f308d824 (2.4.7+) +/* 90815a2b2c80c03b2b889fe1d427bb2b9e3282aa065e42784e001db4f23de324 (2.4.9+) __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| @@ -19,7 +19,7 @@ Copyright (c) 2016 Gustavo Grieco <gustavo.grieco@imag.fr> Copyright (c) 2016 Pascal Cuoq <cuoq@trust-in-soft.com> Copyright (c) 2016 Ed Schouten <ed@nuxi.nl> - Copyright (c) 2017-2018 Rhodri James <rhodri@wildebeest.org.uk> + Copyright (c) 2017-2022 Rhodri James <rhodri@wildebeest.org.uk> Copyright (c) 2017 Václav Slavík <vaclav@slavik.io> Copyright (c) 2017 Viktor Szakats <commit@vsz.me> Copyright (c) 2017 Chanho Park <chanho61.park@samsung.com> @@ -4271,7 +4271,7 @@ processXmlDecl(XML_Parser parser, int isGeneralTextEntity, const char *s, const XML_Char *storedEncName = NULL; const ENCODING *newEncoding = NULL; const char *version = NULL; - const char *versionend; + const char *versionend = NULL; const XML_Char *storedversion = NULL; int standalone = -1; @@ -5826,10 +5826,15 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end, { parser->m_processor = contentProcessor; /* see externalEntityContentProcessor vs contentProcessor */ - return doContent(parser, parser->m_parentParser ? 1 : 0, parser->m_encoding, - s, end, nextPtr, - (XML_Bool)! parser->m_parsingStatus.finalBuffer, - XML_ACCOUNT_DIRECT); + result = doContent(parser, parser->m_parentParser ? 1 : 0, + parser->m_encoding, s, end, nextPtr, + (XML_Bool)! parser->m_parsingStatus.finalBuffer, + XML_ACCOUNT_DIRECT); + if (result == XML_ERROR_NONE) { + if (! storeRawNames(parser)) + return XML_ERROR_NO_MEMORY; + } + return result; } } diff --git a/contrib/expat/lib/xmltok.c b/contrib/expat/lib/xmltok.c index c659983b4008..2b7012a58be4 100644 --- a/contrib/expat/lib/xmltok.c +++ b/contrib/expat/lib/xmltok.c @@ -21,6 +21,7 @@ Copyright (c) 2017 José Gutiérrez de la Concha <jose@zeroc.com> Copyright (c) 2019 David Loffredo <loffredo@steptools.com> Copyright (c) 2021 Dong-hee Na <donghee.na@python.org> + Copyright (c) 2022 Martin Ettl <ettl.martin78@googlemail.com> Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -296,7 +297,7 @@ sb_charMatches(const ENCODING *enc, const char *p, int c) { } #else /* c is an ASCII character */ -# define CHAR_MATCHES(enc, p, c) (*(p) == c) +# define CHAR_MATCHES(enc, p, c) (*(p) == (c)) #endif #define PREFIX(ident) normal_##ident @@ -740,7 +741,7 @@ DEFINE_UTF16_TO_UTF16(big2_) ((p)[1] == 0 ? ((struct normal_encoding *)(enc))->type[(unsigned char)*(p)] \ : unicode_byte_type((p)[1], (p)[0])) #define LITTLE2_BYTE_TO_ASCII(p) ((p)[1] == 0 ? (p)[0] : -1) -#define LITTLE2_CHAR_MATCHES(p, c) ((p)[1] == 0 && (p)[0] == c) +#define LITTLE2_CHAR_MATCHES(p, c) ((p)[1] == 0 && (p)[0] == (c)) #define LITTLE2_IS_NAME_CHAR_MINBPC(p) \ UCS2_GET_NAMING(namePages, (unsigned char)p[1], (unsigned char)p[0]) #define LITTLE2_IS_NMSTRT_CHAR_MINBPC(p) \ @@ -875,7 +876,7 @@ static const struct normal_encoding internal_little2_encoding ? ((struct normal_encoding *)(enc))->type[(unsigned char)(p)[1]] \ : unicode_byte_type((p)[0], (p)[1])) #define BIG2_BYTE_TO_ASCII(p) ((p)[0] == 0 ? (p)[1] : -1) -#define BIG2_CHAR_MATCHES(p, c) ((p)[0] == 0 && (p)[1] == c) +#define BIG2_CHAR_MATCHES(p, c) ((p)[0] == 0 && (p)[1] == (c)) #define BIG2_IS_NAME_CHAR_MINBPC(p) \ UCS2_GET_NAMING(namePages, (unsigned char)p[0], (unsigned char)p[1]) #define BIG2_IS_NMSTRT_CHAR_MINBPC(p) \ diff --git a/contrib/expat/lib/xmltok_impl.c b/contrib/expat/lib/xmltok_impl.c index 4072b06497d1..1971d74bf8c9 100644 --- a/contrib/expat/lib/xmltok_impl.c +++ b/contrib/expat/lib/xmltok_impl.c @@ -16,6 +16,7 @@ Copyright (c) 2018 Anton Maklakov <antmak.pub@gmail.com> Copyright (c) 2019 David Loffredo <loffredo@steptools.com> Copyright (c) 2020 Boris Kolpackov <boris@codesynthesis.com> + Copyright (c) 2022 Martin Ettl <ettl.martin78@googlemail.com> Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -96,7 +97,7 @@ # define CHECK_NMSTRT_CASE(n, enc, ptr, end, nextTokPtr) \ case BT_LEAD##n: \ - if (end - ptr < n) \ + if ((end) - (ptr) < (n)) \ return XML_TOK_PARTIAL_CHAR; \ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \ *nextTokPtr = ptr; \ @@ -124,7 +125,8 @@ # define PREFIX(ident) ident # endif -# define HAS_CHARS(enc, ptr, end, count) (end - ptr >= count * MINBPC(enc)) +# define HAS_CHARS(enc, ptr, end, count) \ + ((end) - (ptr) >= ((count)*MINBPC(enc))) # define HAS_CHAR(enc, ptr, end) HAS_CHARS(enc, ptr, end, 1) diff --git a/contrib/expat/tests/Makefile.in b/contrib/expat/tests/Makefile.in index 024ddd98cf29..fb8ad54efde9 100644 --- a/contrib/expat/tests/Makefile.in +++ b/contrib/expat/tests/Makefile.in @@ -545,6 +545,7 @@ EXPAT_LARGE_SIZE = @EXPAT_LARGE_SIZE@ EXPAT_MIN_SIZE = @EXPAT_MIN_SIZE@ EXPAT_NS = @EXPAT_NS@ FGREP = @FGREP@ +FILECMD = @FILECMD@ FILEMAP = @FILEMAP@ GREP = @GREP@ INSTALL = @INSTALL@ diff --git a/contrib/expat/tests/benchmark/Makefile.in b/contrib/expat/tests/benchmark/Makefile.in index 64238f1da99a..0079e7a2f6de 100644 --- a/contrib/expat/tests/benchmark/Makefile.in +++ b/contrib/expat/tests/benchmark/Makefile.in @@ -256,6 +256,7 @@ EXPAT_LARGE_SIZE = @EXPAT_LARGE_SIZE@ EXPAT_MIN_SIZE = @EXPAT_MIN_SIZE@ EXPAT_NS = @EXPAT_NS@ FGREP = @FGREP@ +FILECMD = @FILECMD@ FILEMAP = @FILEMAP@ GREP = @GREP@ INSTALL = @INSTALL@ diff --git a/contrib/expat/tests/runtests.c b/contrib/expat/tests/runtests.c index 3309bbaa076b..530f1844b5e1 100644 --- a/contrib/expat/tests/runtests.c +++ b/contrib/expat/tests/runtests.c @@ -4990,6 +4990,78 @@ START_TEST(test_suspend_resume_internal_entity) { } END_TEST +void +suspending_comment_handler(void *userData, const XML_Char *data) { + UNUSED_P(data); + XML_Parser parser = (XML_Parser)userData; + XML_StopParser(parser, XML_TRUE); +} + +START_TEST(test_suspend_resume_internal_entity_issue_629) { + const char *const text + = "<!DOCTYPE a [<!ENTITY e '<!--COMMENT-->a'>]><a>&e;<b>\n" + "<" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "/>" + "</b></a>"; + const size_t firstChunkSizeBytes = 54; + + XML_Parser parser = XML_ParserCreate(NULL); + XML_SetUserData(parser, parser); + XML_SetCommentHandler(parser, suspending_comment_handler); + + if (XML_Parse(parser, text, (int)firstChunkSizeBytes, XML_FALSE) + != XML_STATUS_SUSPENDED) + xml_failure(parser); + if (XML_ResumeParser(parser) != XML_STATUS_OK) + xml_failure(parser); + if (XML_Parse(parser, text + firstChunkSizeBytes, + (int)(strlen(text) - firstChunkSizeBytes), XML_TRUE) + != XML_STATUS_OK) + xml_failure(parser); + XML_ParserFree(parser); +} +END_TEST + /* Test syntax error is caught at parse resumption */ START_TEST(test_resume_entity_with_syntax_error) { const char *text = "<!DOCTYPE doc [\n" @@ -7589,7 +7661,7 @@ START_TEST(test_misc_version) { fail("Version mismatch"); #if ! defined(XML_UNICODE) || defined(XML_UNICODE_WCHAR_T) - if (xcstrcmp(version_text, XCS("expat_2.4.7"))) /* needs bump on releases */ + if (xcstrcmp(version_text, XCS("expat_2.4.9"))) /* needs bump on releases */ fail("XML_*_VERSION in expat.h out of sync?\n"); #else /* If we have XML_UNICODE defined but not XML_UNICODE_WCHAR_T @@ -11764,12 +11836,12 @@ START_TEST(test_accounting_precision) { END_TEST static float -portableNAN() { +portableNAN(void) { return strtof("nan", NULL); } static float -portableINFINITY() { +portableINFINITY(void) { return strtof("infinity", NULL); } @@ -12016,6 +12088,8 @@ make_suite(void) { tcase_add_test(tc_basic, test_partial_char_in_epilog); tcase_add_test(tc_basic, test_hash_collision); tcase_add_test__ifdef_xml_dtd(tc_basic, test_suspend_resume_internal_entity); + tcase_add_test__ifdef_xml_dtd(tc_basic, + test_suspend_resume_internal_entity_issue_629); tcase_add_test__ifdef_xml_dtd(tc_basic, test_resume_entity_with_syntax_error); tcase_add_test__ifdef_xml_dtd(tc_basic, test_suspend_resume_parameter_entity); tcase_add_test(tc_basic, test_restart_on_error); diff --git a/contrib/expat/xmlwf/Makefile.in b/contrib/expat/xmlwf/Makefile.in index 93b13a9fda48..9179e1cb1119 100644 --- a/contrib/expat/xmlwf/Makefile.in +++ b/contrib/expat/xmlwf/Makefile.in @@ -264,6 +264,7 @@ EXPAT_LARGE_SIZE = @EXPAT_LARGE_SIZE@ EXPAT_MIN_SIZE = @EXPAT_MIN_SIZE@ EXPAT_NS = @EXPAT_NS@ FGREP = @FGREP@ +FILECMD = @FILECMD@ FILEMAP = @FILEMAP@ GREP = @GREP@ INSTALL = @INSTALL@ diff --git a/contrib/expat/xmlwf/win32filemap.c b/contrib/expat/xmlwf/win32filemap.c index bde477772cb0..a2db8eafc43c 100644 --- a/contrib/expat/xmlwf/win32filemap.c +++ b/contrib/expat/xmlwf/win32filemap.c @@ -9,7 +9,8 @@ Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net> Copyright (c) 2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net> - Copyright (c) 2016-2017 Sebastian Pipping <sebastian@pipping.org> + Copyright (c) 2016-2022 Sebastian Pipping <sebastian@pipping.org> + Copyright (c) 2022 Martin Ettl <ettl.martin78@googlemail.com> Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -107,7 +108,7 @@ filemap(const TCHAR *name, static void win32perror(const TCHAR *s) { - LPVOID buf; + LPVOID buf = NULL; if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&buf, 0, diff --git a/contrib/expat/xmlwf/xmlwf.c b/contrib/expat/xmlwf/xmlwf.c index b0cd212f78ae..471f2a20f57c 100644 --- a/contrib/expat/xmlwf/xmlwf.c +++ b/contrib/expat/xmlwf/xmlwf.c @@ -17,6 +17,7 @@ Copyright (c) 2020 Joe Orton <jorton@redhat.com> Copyright (c) 2020 Kleber Tarcísio <klebertarcisio@yahoo.com.br> Copyright (c) 2021 Tim Bray <tbray@textuality.com> + Copyright (c) 2022 Martin Ettl <ettl.martin78@googlemail.com> Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -217,7 +218,7 @@ nsattcmp(const void *p1, const void *p2) { const XML_Char *att1 = *(const XML_Char **)p1; const XML_Char *att2 = *(const XML_Char **)p2; int sep1 = (tcsrchr(att1, NSSEP) != 0); - int sep2 = (tcsrchr(att1, NSSEP) != 0); + int sep2 = (tcsrchr(att2, NSSEP) != 0); if (sep1 != sep2) return sep1 - sep2; return tcscmp(att1, att2); diff --git a/lib/libexpat/expat_config.h b/lib/libexpat/expat_config.h index e2ffcb15c7ef..bebee0d28d62 100644 --- a/lib/libexpat/expat_config.h +++ b/lib/libexpat/expat_config.h @@ -83,7 +83,7 @@ #define PACKAGE_NAME "expat" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "expat 2.4.3" +#define PACKAGE_STRING "expat 2.4.9" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "expat" @@ -92,7 +92,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "2.4.3" +#define PACKAGE_VERSION "2.4.9" /* Define to 1 if all of the C90 standard headers exist (not just the ones required in a freestanding environment). This macro is provided for @@ -100,7 +100,7 @@ #define STDC_HEADERS 1 /* Version number of package */ -#define VERSION "2.4.3" +#define VERSION "2.4.9" /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ diff --git a/lib/libexpat/libbsdxml.3 b/lib/libexpat/libbsdxml.3 index 87de2adf2854..d50d552e3edb 100644 --- a/lib/libexpat/libbsdxml.3 +++ b/lib/libexpat/libbsdxml.3 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\"/ -.Dd November 25, 2019 +.Dd September 20, 2022 .Dt LIBBSDXML 3 .Os .Sh NAME @@ -36,7 +36,7 @@ .Sh DESCRIPTION The .Nm -library is a verbatim copy of the eXpat XML library version 2.2.9. +library is a verbatim copy of the eXpat XML library version 2.4.9. .Pp The .Nm