git: ffd294a1f4c2 - main - MFV: expat 2.6.3
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 28 Sep 2024 14:24:25 UTC
The branch main has been updated by ngie: URL: https://cgit.FreeBSD.org/src/commit/?id=ffd294a1f4c23863c3e515d16dce31d5509bcb01 commit ffd294a1f4c23863c3e515d16dce31d5509bcb01 Merge: 911b3c3aa648 8e1eae2319cd Author: Enji Cooper <ngie@FreeBSD.org> AuthorDate: 2024-09-28 14:19:59 +0000 Commit: Enji Cooper <ngie@FreeBSD.org> CommitDate: 2024-09-28 14:19:59 +0000 MFV: expat 2.6.3 The 2.6.1 - 2.6.3 releases address several security issues with the library. The release notes for the 2.6.1-2.6.3 releases can be found at https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes . MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D46829 Merge commit '8e1eae2319cd3a651941c88b46d95e8ee8507c6c' contrib/expat/Changes | 136 ++++++++++++++++++- contrib/expat/Makefile.am | 6 +- contrib/expat/Makefile.in | 8 +- contrib/expat/README.md | 14 +- contrib/expat/buildconf.sh | 24 +--- contrib/expat/configure.ac | 39 ++++-- contrib/expat/doc/Makefile.am | 21 ++- contrib/expat/doc/Makefile.in | 58 ++++----- contrib/expat/doc/reference.html | 19 ++- contrib/expat/doc/xmlwf.1 | 2 +- contrib/expat/doc/xmlwf.xml | 2 +- contrib/expat/examples/Makefile.in | 2 +- contrib/expat/expat_config.h.in | 3 - contrib/expat/fix-xmltest-log.sh | 12 +- contrib/expat/lib/Makefile.am | 19 +-- contrib/expat/lib/Makefile.in | 79 ++++++++---- contrib/expat/lib/expat.h | 5 +- contrib/expat/lib/internal.h | 17 ++- contrib/expat/lib/siphash.h | 3 +- contrib/expat/lib/xmlparse.c | 73 ++++++++--- contrib/expat/tests/Makefile.am | 11 +- contrib/expat/tests/Makefile.in | 19 +-- contrib/expat/tests/README.md | 11 ++ contrib/expat/tests/README.txt | 13 -- contrib/expat/tests/acc_tests.c | 59 +++++++++ contrib/expat/tests/basic_tests.c | 208 ++++++++++++++++++++---------- contrib/expat/tests/benchmark/Makefile.in | 2 +- contrib/expat/tests/misc_tests.c | 2 +- contrib/expat/xmlwf/Makefile.in | 2 +- 29 files changed, 605 insertions(+), 264 deletions(-) diff --cc contrib/expat/README.md index 43c4f4f3dbb3,000000000000..180a68e4abbe mode 100644,000000..100644 --- a/contrib/expat/README.md +++ b/contrib/expat/README.md @@@ -1,270 -1,0 +1,276 @@@ +[![Run Linux CI tasks](https://github.com/libexpat/libexpat/actions/workflows/linux.yml/badge.svg)](https://github.com/libexpat/libexpat/actions/workflows/linux.yml) +[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/github/libexpat/libexpat?svg=true)](https://ci.appveyor.com/project/libexpat/libexpat) +[![Packaging status](https://repology.org/badge/tiny-repos/expat.svg)](https://repology.org/metapackage/expat/versions) +[![Downloads SourceForge](https://img.shields.io/sourceforge/dt/expat?label=Downloads%20SourceForge)](https://sourceforge.net/projects/expat/files/) +[![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases) + ++> [!CAUTION] ++> ++> Expat is **understaffed** and without funding. ++> There is a [call for help with details](https://github.com/libexpat/libexpat/blob/master/expat/Changes) ++> at the top of the `Changes` file. + - # Expat, Release 2.6.0 ++ ++# Expat, Release 2.6.3 + +This is Expat, a C99 library for parsing +[XML 1.0 Fourth Edition](https://www.w3.org/TR/2006/REC-xml-20060816/), started by +[James Clark](https://en.wikipedia.org/wiki/James_Clark_%28programmer%29) in 1997. +Expat is a stream-oriented XML parser. This means that you register +handlers with the parser before starting the parse. These handlers +are called when the parser discovers the associated structures in the +document being parsed. A start tag is an example of the kind of +structures for which you may register handlers. + +Expat supports the following compilers: + +- GNU GCC >=4.5 +- LLVM Clang >=3.5 - - Microsoft Visual Studio >=15.0/2017 (rolling `${today} minus 5 years`) ++- Microsoft Visual Studio >=16.0/2019 (rolling `${today} minus 5 years`) + +Windows users can use the +[`expat-win32bin-*.*.*.{exe,zip}` download](https://github.com/libexpat/libexpat/releases), +which includes both pre-compiled libraries and executables, and source code for +developers. + +Expat is [free software](https://www.gnu.org/philosophy/free-sw.en.html). +You may copy, distribute, and modify it under the terms of the License +contained in the file +[`COPYING`](https://github.com/libexpat/libexpat/blob/master/expat/COPYING) +distributed with this package. +This license is the same as the MIT/X Consortium license. + + +## Using libexpat in your CMake-Based Project + +There are two ways of using libexpat with CMake: + +### a) Module Mode + +This approach leverages CMake's own [module `FindEXPAT`](https://cmake.org/cmake/help/latest/module/FindEXPAT.html). + +Notice the *uppercase* `EXPAT` in the following example: + +```cmake +cmake_minimum_required(VERSION 3.0) # or 3.10, see below + +project(hello VERSION 1.0.0) + +find_package(EXPAT 2.2.8 MODULE REQUIRED) + +add_executable(hello + hello.c +) + +# a) for CMake >=3.10 (see CMake's FindEXPAT docs) +target_link_libraries(hello PUBLIC EXPAT::EXPAT) + +# b) for CMake >=3.0 +target_include_directories(hello PRIVATE ${EXPAT_INCLUDE_DIRS}) +target_link_libraries(hello PUBLIC ${EXPAT_LIBRARIES}) +``` + +### b) Config Mode + +This approach requires files from… + +- libexpat >=2.2.8 where packaging uses the CMake build system +or +- libexpat >=2.3.0 where packaging uses the GNU Autotools build system + on Linux +or +- libexpat >=2.4.0 where packaging uses the GNU Autotools build system + on macOS or MinGW. + +Notice the *lowercase* `expat` in the following example: + +```cmake +cmake_minimum_required(VERSION 3.0) + +project(hello VERSION 1.0.0) + +find_package(expat 2.2.8 CONFIG REQUIRED char dtd ns) + +add_executable(hello + hello.c +) + +target_link_libraries(hello PUBLIC expat::expat) +``` + + +## Building from a Git Clone + +If you are building Expat from a check-out from the +[Git repository](https://github.com/libexpat/libexpat/), +you need to run a script that generates the configure script using the +GNU autoconf and libtool tools. To do this, you need to have +autoconf 2.58 or newer. Run the script like this: + +```console +./buildconf.sh +``` + +Once this has been done, follow the same instructions as for building +from a source distribution. + + +## Building from a Source Distribution + +### a) Building with the configure script (i.e. GNU Autotools) + +To build Expat from a source distribution, you first run the +configuration shell script in the top level distribution directory: + +```console +./configure +``` + +There are many options which you may provide to configure (which you +can discover by running configure with the `--help` option). But the +one of most interest is the one that sets the installation directory. +By default, the configure script will set things up to install +libexpat into `/usr/local/lib`, `expat.h` into `/usr/local/include`, and +`xmlwf` into `/usr/local/bin`. If, for example, you'd prefer to install +into `/home/me/mystuff/lib`, `/home/me/mystuff/include`, and +`/home/me/mystuff/bin`, you can tell `configure` about that with: + +```console +./configure --prefix=/home/me/mystuff +``` + +Another interesting option is to enable 64-bit integer support for +line and column numbers and the over-all byte index: + +```console +./configure CPPFLAGS=-DXML_LARGE_SIZE +``` + +However, such a modification would be a breaking change to the ABI +and is therefore not recommended for general use — e.g. as part of +a Linux distribution — but rather for builds with special requirements. + +After running the configure script, the `make` command will build +things and `make install` will install things into their proper +location. Have a look at the `Makefile` to learn about additional +`make` options. Note that you need to have write permission into +the directories into which things will be installed. + +If you are interested in building Expat to provide document +information in UTF-16 encoding rather than the default UTF-8, follow +these instructions (after having run `make distclean`). +Please note that we configure with `--without-xmlwf` as xmlwf does not +support this mode of compilation (yet): + +1. Mass-patch `Makefile.am` files to use `libexpatw.la` for a library name: + <br/> - `find -name Makefile.am -exec sed ++ `find . -name Makefile.am -exec sed + -e 's,libexpat\.la,libexpatw.la,' + -e 's,libexpat_la,libexpatw_la,' - -i {} +` ++ -i.bak {} +` + +1. Run `automake` to re-write `Makefile.in` files:<br/> + `automake` + +1. For UTF-16 output as unsigned short (and version/error strings as char), + run:<br/> + `./configure CPPFLAGS=-DXML_UNICODE --without-xmlwf`<br/> + For UTF-16 output as `wchar_t` (incl. version/error strings), run:<br/> + `./configure CFLAGS="-g -O2 -fshort-wchar" CPPFLAGS=-DXML_UNICODE_WCHAR_T + --without-xmlwf` + <br/>Note: The latter requires libc compiled with `-fshort-wchar`, as well. + +1. Run `make` (which excludes xmlwf). + +1. Run `make install` (again, excludes xmlwf). + +Using `DESTDIR` is supported. It works as follows: + +```console +make install DESTDIR=/path/to/image +``` + +overrides the in-makefile set `DESTDIR`, because variable-setting priority is + +1. commandline +1. in-makefile +1. environment + +Note: This only applies to the Expat library itself, building UTF-16 versions +of xmlwf and the tests is currently not supported. + +When using Expat with a project using autoconf for configuration, you +can use the probing macro in `conftools/expat.m4` to determine how to +include Expat. See the comments at the top of that file for more +information. + +A reference manual is available in the file `doc/reference.html` in this +distribution. + + +### b) Building with CMake + +The CMake build system is still *experimental* and may replace the primary +build system based on GNU Autotools at some point when it is ready. + + +#### Available Options + +For an idea of the available (non-advanced) options for building with CMake: + +```console +# rm -f CMakeCache.txt ; cmake -D_EXPAT_HELP=ON -LH . | grep -B1 ':.*=' | sed 's,^--$,,' +// Choose the type of build, options are: None Debug Release RelWithDebInfo MinSizeRel ... +CMAKE_BUILD_TYPE:STRING= + +// Install path prefix, prepended onto install directories. +CMAKE_INSTALL_PREFIX:PATH=/usr/local + +// Path to a program. +DOCBOOK_TO_MAN:FILEPATH=/usr/bin/docbook2x-man + +// Build man page for xmlwf +EXPAT_BUILD_DOCS:BOOL=ON + +// Build the examples for expat library +EXPAT_BUILD_EXAMPLES:BOOL=ON + +// Build fuzzers for the expat library +EXPAT_BUILD_FUZZERS:BOOL=OFF + +// Build pkg-config file +EXPAT_BUILD_PKGCONFIG:BOOL=ON + +// Build the tests for expat library +EXPAT_BUILD_TESTS:BOOL=ON + +// Build the xmlwf tool for expat library +EXPAT_BUILD_TOOLS:BOOL=ON + +// Character type to use (char|ushort|wchar_t) [default=char] +EXPAT_CHAR_TYPE:STRING=char + +// Install expat files in cmake install target +EXPAT_ENABLE_INSTALL:BOOL=ON + +// Use /MT flag (static CRT) when compiling in MSVC +EXPAT_MSVC_STATIC_CRT:BOOL=OFF + +// Build fuzzers via ossfuzz for the expat library +EXPAT_OSSFUZZ_BUILD:BOOL=OFF + +// Build a shared expat library +EXPAT_SHARED_LIBS:BOOL=ON + +// Treat all compiler warnings as errors +EXPAT_WARNINGS_AS_ERRORS:BOOL=OFF + +// Make use of getrandom function (ON|OFF|AUTO) [default=AUTO] +EXPAT_WITH_GETRANDOM:STRING=AUTO + +// Utilize libbsd (for arc4random_buf) +EXPAT_WITH_LIBBSD:BOOL=OFF + +// Make use of syscall SYS_getrandom (ON|OFF|AUTO) [default=AUTO] +EXPAT_WITH_SYS_GETRANDOM:STRING=AUTO +``` diff --cc contrib/expat/tests/README.md index 000000000000,010ca95e9e21..010ca95e9e21 mode 000000,100644..100644 --- a/contrib/expat/tests/README.md +++ b/contrib/expat/tests/README.md