Commit 43de85a7 authored by Rye Mutt's avatar Rye Mutt 🍞
Browse files

vendor source 2.4.8

parent bb873401
......@@ -3,25 +3,25 @@
The cmake based buildsystem for expat works on Windows (cygwin, mingw, Visual
Studio) and should work on all other platform cmake supports.
Assuming ~/expat-2.4.4 is the source directory of expat, add a subdirectory
Assuming ~/expat-2.4.8 is the source directory of expat, add a subdirectory
build and change into that directory:
~/expat-2.4.4$ mkdir build && cd build
~/expat-2.4.4/build$
~/expat-2.4.8$ mkdir build && cd build
~/expat-2.4.8/build$
From that directory, call cmake first, then call make, make test and
make install in the usual way:
~/expat-2.4.4/build$ cmake ..
~/expat-2.4.8/build$ cmake ..
-- The C compiler identification is GNU
-- The CXX compiler identification is GNU
....
-- Configuring done
-- Generating done
-- Build files have been written to: /home/patrick/expat-2.4.4/build
-- Build files have been written to: /home/patrick/expat-2.4.8/build
If you want to specify the install location for your files, append
-DCMAKE_INSTALL_PREFIX=/your/install/path to the cmake call.
~/expat-2.4.4/build$ make && make test && make install
~/expat-2.4.8/build$ make && make test && make install
Scanning dependencies of target expat
[ 5%] Building C object CMakeFiles/expat.dir/lib/xmlparse.c.o
[ 11%] Building C object CMakeFiles/expat.dir/lib/xmlrole.c.o
......
......@@ -29,6 +29,7 @@
# Copyright (c) 2020 Gulliver <gulliver@traumkristalle.net>
# Copyright (c) 2020 Thomas Beutlich <tc@tbeu.de>
# Copyright (c) 2021 Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
# Copyright (c) 2022 Johnny Jazeix <jazeix@gmail.com>
# Unlike most of Expat,
# this file is copyrighted under the BSD-license for buildsystem files of KDE.
......@@ -64,7 +65,7 @@ endif()
project(expat
VERSION
2.4.4
2.4.8
LANGUAGES
C
)
......@@ -381,7 +382,7 @@ endforeach()
#
# C library
#
set(expat_SRCS
set(_EXPAT_C_SOURCES
lib/xmlparse.c
lib/xmlrole.c
lib/xmltok.c
......@@ -393,13 +394,18 @@ set(expat_SRCS
if(EXPAT_SHARED_LIBS)
set(_SHARED SHARED)
if(MSVC)
set(expat_SRCS ${expat_SRCS} lib/libexpat.def)
set(_EXPAT_EXTRA_SOURCES ${_EXPAT_EXTRA_SOURCES} lib/libexpat.def)
endif()
if(WIN32)
# Add DLL version
string(REPLACE "." "," _EXPAT_DLL_VERSION ${PROJECT_VERSION}.0)
set(_EXPAT_EXTRA_SOURCES ${_EXPAT_EXTRA_SOURCES} win32/version.rc)
endif()
else()
set(_SHARED STATIC)
endif()
add_library(expat ${_SHARED} ${expat_SRCS})
add_library(expat ${_SHARED} ${_EXPAT_C_SOURCES} ${_EXPAT_EXTRA_SOURCES})
if(_EXPAT_LIBM_FOUND)
target_link_libraries(expat m)
endif()
......@@ -408,7 +414,7 @@ if(EXPAT_WITH_LIBBSD)
endif()
set(LIBCURRENT 9) # sync
set(LIBREVISION 4) # with
set(LIBREVISION 8) # with
set(LIBAGE 8) # configure.ac!
math(EXPR LIBCURRENT_MINUS_AGE "${LIBCURRENT} - ${LIBAGE}")
......@@ -416,6 +422,18 @@ if(NOT WIN32)
set_property(TARGET expat PROPERTY VERSION ${LIBCURRENT_MINUS_AGE}.${LIBAGE}.${LIBREVISION})
set_property(TARGET expat PROPERTY SOVERSION ${LIBCURRENT_MINUS_AGE})
set_property(TARGET expat PROPERTY NO_SONAME ${NO_SONAME})
if(APPLE)
if(NOT CMAKE_VERSION VERSION_GREATER_EQUAL 3.17)
message(FATAL_ERROR "Expat requires CMake >=3.17 on platform \"APPLE\".")
endif()
# NOTE: This intends to talk CMake into compatiblity with GNU Libtool
math(EXPR _EXPAT_MACHO_COMPATIBILITY_VERSION "${LIBCURRENT} + 1")
set(_EXPAT_MACHO_CURRENT_VERSION "${_EXPAT_MACHO_COMPATIBILITY_VERSION}.${LIBREVISION}")
set_property(TARGET expat PROPERTY MACHO_COMPATIBILITY_VERSION ${_EXPAT_MACHO_COMPATIBILITY_VERSION})
set_property(TARGET expat PROPERTY MACHO_CURRENT_VERSION ${_EXPAT_MACHO_CURRENT_VERSION})
endif()
endif()
if(WIN32 AND NOT MINGW)
# NOTE: This avoids a name collision with Expat.dll of Perl's XML::Parser::Expat
......@@ -424,7 +442,10 @@ if(WIN32 AND NOT MINGW)
# NOTE: "set_property(TARGET expat PROPERTY PREFIX lib)" would only affect *.dll
# files but not *.lib files, so we have to rely on property OUTPUT_NAME, instead.
# Property CMAKE_*_POSTFIX still applies.
set_property(TARGET expat PROPERTY OUTPUT_NAME libexpat)
set(_EXPAT_OUTPUT_NAME libexpat)
set_property(TARGET expat PROPERTY OUTPUT_NAME ${_EXPAT_OUTPUT_NAME})
else()
set(_EXPAT_OUTPUT_NAME expat)
endif()
target_include_directories(expat
......@@ -434,8 +455,12 @@ target_include_directories(expat
$<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>
)
if(NOT EXPAT_SHARED_LIBS AND WIN32)
target_compile_definitions(expat PUBLIC -DXML_STATIC)
if(WIN32)
if(EXPAT_SHARED_LIBS)
target_compile_definitions(expat PRIVATE VER_FILEVERSION=${_EXPAT_DLL_VERSION})
else()
target_compile_definitions(expat PUBLIC -DXML_STATIC)
endif()
endif()
expat_install(TARGETS expat EXPORT expat
......@@ -472,6 +497,7 @@ if(EXPAT_BUILD_PKGCONFIG)
string(TOLOWER "${_build_type}" _build_type_lower)
string(TOUPPER "${_build_type}" _build_type_upper)
set_property(TARGET expat PROPERTY "pkgconfig_${_build_type_lower}_name" "expat${CMAKE_${_build_type_upper}_POSTFIX}")
set_property(TARGET expat PROPERTY "pkgconfig_${_build_type_lower}_output_name" "${_EXPAT_OUTPUT_NAME}${CMAKE_${_build_type_upper}_POSTFIX}")
if(_EXPAT_LIBM_FOUND)
set_property(TARGET expat PROPERTY "pkgconfig_libm" "-lm")
else()
......@@ -550,7 +576,7 @@ if(EXPAT_BUILD_TESTS)
tests/memcheck.c
tests/minicheck.c
tests/structdata.c
${expat_SRCS}
${_EXPAT_C_SOURCES}
)
if(NOT MSVC)
......@@ -619,7 +645,7 @@ if(EXPAT_BUILD_FUZZERS)
set(encoding_types UTF-16 UTF-8 ISO-8859-1 US-ASCII UTF-16BE UTF-16LE)
set(fuzz_targets xml_parse_fuzzer xml_parsebuffer_fuzzer)
add_library(fuzzpat STATIC ${expat_SRCS})
add_library(fuzzpat STATIC ${_EXPAT_C_SOURCES})
if(NOT EXPAT_OSSFUZZ_BUILD)
target_compile_options(fuzzpat PRIVATE -fsanitize=fuzzer-no-link)
endif()
......
......@@ -2,6 +2,122 @@ NOTE: We are looking for help with a few things:
https://github.com/libexpat/libexpat/labels/help%20wanted
If you can help, please get in touch. Thanks!
Release 2.4.8 Mon March 28 2022
Other changes:
#587 pkg-config: Move "-lm" to section "Libs.private"
#587 CMake|MSVC: Fix pkg-config section "Libs"
#55 #582 CMake|macOS: Start using linker arguments
"-compatibility_version <version>" and
"-current_version <version>" in a way compatible with
GNU Libtool
#590 #591 Version info bumped from 9:7:8 to 9:8:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#589 CI: Upgrade Clang from 13 to 14
Special thanks to:
evpobr
Kai Pastor
Sam James
Release 2.4.7 Fri March 4 2022
Bug fixes:
#572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
with regard to all valid URI characters (RFC 3986),
i.e. the following set (excluding whitespace):
ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
0123456789 % -._~ :/?#[]@ !$&'()*+,;=
Other changes:
#555 #570 #581 CMake|Windows: Store Expat version in the DLL
#577 Document consequences of namespace separator choices not just
in doc/reference.html but also in header <expat.h>
#577 Document Expat's lack of validation of namespace URIs against
RFC 3986, and that the XML 1.0r4 specification doesn't
require Expat to validate namespace URIs, and that Expat
may do more in that regard in future releases.
If you find need for strict RFC 3986 URI validation on
application level today, https://uriparser.github.io/ may
be of interest.
#579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
#575 Document that a call to XML_FreeContentModel can be done at
a later time from outside the element declaration handler
#574 Make hardcoded namespace URIs easier to find in code
#573 Update documentation on use of XML_POOR_ENTOPY on Solaris
#569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++
4.8.2 on Solaris.
#578 #580 Version info bumped from 9:6:8 to 9:7:8;
see https://verbump.de/ for what these numbers do
Special thanks to:
Jeffrey Walton
Johnny Jazeix
Thijs Schreijer
Release 2.4.6 Sun February 20 2022
Bug fixes:
#566 Fix a regression introduced by the fix for CVE-2022-25313
in release 2.4.5 that affects applications that (1)
call function XML_SetElementDeclHandler and (2) are
parsing XML that contains nested element declarations
(e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
Other changes:
#567 #568 Version info bumped from 9:5:8 to 9:6:8;
see https://verbump.de/ for what these numbers do
Special thanks to:
Matt Sergeant
Samanta Navarro
Sergei Trofimovich
and
NixOS
Perl XML::Parser
Release 2.4.5 Fri February 18 2022
Security fixes:
#562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
sequences (e.g. from start tag names) to the XML
processing application on top of Expat can cause
arbitrary damage (e.g. code execution) depending
on how invalid UTF-8 is handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
#561 CVE-2022-25236 -- Passing (one or more) namespace separator
characters in "xmlns[:prefix]" attribute values
made Expat send malformed tag names to the XML
processor on top of Expat which can cause
arbitrary damage (e.g. code execution) depending
on such unexpectable cases are handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
#558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
that could be triggered by e.g. a 2 megabytes
file with a large number of opening braces.
Expected impact is denial of service or potentially
arbitrary code execution.
#560 CVE-2022-25314 -- Fix integer overflow in function copyString;
only affects the encoding name parameter at parser creation
time which is often hardcoded (rather than user input),
takes a value in the gigabytes to trigger, and a 64-bit
machine. Expected impact is denial of service.
#559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
needs input in the gigabytes and a 64-bit machine.
Expected impact is denial of service or potentially
arbitrary code execution.
Other changes:
#557 #564 Version info bumped from 9:4:8 to 9:5:8;
see https://verbump.de/ for what these numbers do
Special thanks to:
Ivan Fratric
Samanta Navarro
and
Google Project Zero
JetBrains
Release 2.4.4 Sun January 30 2022
Security fixes:
#550 CVE-2022-23852 -- Fix signed integer overflow
......
......@@ -8,6 +8,7 @@
#
# Copyright (c) 2017-2021 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2018 KangLin <kl222@126.com>
# Copyright (c) 2022 Johnny Jazeix <jazeix@gmail.com>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining
......@@ -82,7 +83,8 @@ _EXTRA_DIST_WINDOWS = \
win32/build_expat_iss.bat \
win32/expat.iss \
win32/MANIFEST.txt \
win32/README.txt
win32/README.txt \
win32/version.rc
EXTRA_DIST = \
$(_EXTRA_DIST_CMAKE) \
......
......@@ -24,6 +24,7 @@
#
# Copyright (c) 2017-2021 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2018 KangLin <kl222@126.com>
# Copyright (c) 2022 Johnny Jazeix <jazeix@gmail.com>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining
......@@ -475,7 +476,8 @@ _EXTRA_DIST_WINDOWS = \
win32/build_expat_iss.bat \
win32/expat.iss \
win32/MANIFEST.txt \
win32/README.txt
win32/README.txt \
win32/version.rc
EXTRA_DIST = \
$(_EXTRA_DIST_CMAKE) \
......
......@@ -5,7 +5,7 @@
[![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases)
# Expat, Release 2.4.4
# Expat, Release 2.4.8
This is Expat, a C library for parsing XML, started by
[James Clark](https://en.wikipedia.org/wiki/James_Clark_%28programmer%29) in 1997.
......
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.71 for expat 2.4.4.
# Generated by GNU Autoconf 2.71 for expat 2.4.8.
#
# Report bugs to <expat-bugs@libexpat.org>.
#
......@@ -621,8 +621,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='expat'
PACKAGE_TARNAME='expat'
PACKAGE_VERSION='2.4.4'
PACKAGE_STRING='expat 2.4.4'
PACKAGE_VERSION='2.4.8'
PACKAGE_STRING='expat 2.4.8'
PACKAGE_BUGREPORT='expat-bugs@libexpat.org'
PACKAGE_URL=''
 
......@@ -1414,7 +1414,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures expat 2.4.4 to adapt to many kinds of systems.
\`configure' configures expat 2.4.8 to adapt to many kinds of systems.
 
Usage: $0 [OPTION]... [VAR=VALUE]...
 
......@@ -1485,7 +1485,7 @@ fi
 
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of expat 2.4.4:";;
short | recursive ) echo "Configuration of expat 2.4.8:";;
esac
cat <<\_ACEOF
 
......@@ -1619,7 +1619,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
expat configure 2.4.4
expat configure 2.4.8
generated by GNU Autoconf 2.71
 
Copyright (C) 2021 Free Software Foundation, Inc.
......@@ -2250,7 +2250,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
 
It was created by expat $as_me 2.4.4, which was
It was created by expat $as_me 2.4.8, which was
generated by GNU Autoconf 2.71. Invocation command line was
 
$ $0$ac_configure_args_raw
......@@ -3817,7 +3817,7 @@ fi
 
# Define the identity of the package.
PACKAGE='expat'
VERSION='2.4.4'
VERSION='2.4.8'
 
 
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
......@@ -3924,7 +3924,7 @@ fi
 
 
LIBCURRENT=9 # sync
LIBREVISION=4 # with
LIBREVISION=8 # with
LIBAGE=8 # CMakeLists.txt!
 
ac_config_headers="$ac_config_headers expat_config.h"
......@@ -20227,7 +20227,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by expat $as_me 2.4.4, which was
This file was extended by expat $as_me 2.4.8, which was
generated by GNU Autoconf 2.71. Invocation command line was
 
CONFIG_FILES = $CONFIG_FILES
......@@ -20295,7 +20295,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
expat config.status 2.4.4
expat config.status 2.4.8
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
 
......
......@@ -82,7 +82,7 @@ dnl If the API changes incompatibly set LIBAGE back to 0
dnl
LIBCURRENT=9 # sync
LIBREVISION=4 # with
LIBREVISION=8 # with
LIBAGE=8 # CMakeLists.txt!
AC_CONFIG_HEADERS([expat_config.h])
......
......@@ -6,7 +6,7 @@
# \___/_/\_\ .__/ \__,_|\__|
# |_| XML parser
#
# Copyright (c) 2017-2021 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2017-2022 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2017 Stephen Groat <stephen@groat.us>
# Copyright (c) 2017 Joe Orton <jorton@redhat.com>
# Licensed under the MIT license:
......
......@@ -22,7 +22,7 @@
# \___/_/\_\ .__/ \__,_|\__|
# |_| XML parser
#
# Copyright (c) 2017-2021 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2017-2022 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2017 Stephen Groat <stephen@groat.us>
# Copyright (c) 2017 Joe Orton <jorton@redhat.com>
# Licensed under the MIT license:
......
......@@ -18,6 +18,7 @@
Copyright (c) 2017 Jakub Wilk <jwilk@jwilk.net>
Copyright (c) 2021 Tomas Korbar <tkorbar@redhat.com>
Copyright (c) 2021 Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Copyright (c) 2022 Thijs Schreijer <thijs@thijsschreijer.nl>
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining
......@@ -49,7 +50,7 @@
<div>
<h1>
The Expat XML Parser
<small>Release 2.4.4</small>
<small>Release 2.4.8</small>
</h1>
</div>
<div class="content">
......@@ -974,6 +975,14 @@ the local part will be concatenated without any separator - this is intended
to support RDF processors. It is a programming error to use the null separator
with <a href= "#XML_SetReturnNSTriplet">namespace triplets</a>.</div>
<p><strong>Note:</strong>
Expat does not validate namespace URIs (beyond encoding)
against RFC 3986 today (and is not required to do so with regard to
the XML 1.0 namespaces specification) but it may start doing that
in future releases. Before that, an application using Expat must
be ready to receive namespace URIs containing non-URI characters.
</p>
<h4 id="XML_ParserCreate_MM">XML_ParserCreate_MM</h4>
<pre class="fcndec">
XML_Parser XMLCALL
......@@ -1808,10 +1817,11 @@ struct XML_cp {
</pre>
<p>Sets a handler for element declarations in a DTD. The handler gets
called with the name of the element in the declaration and a pointer
to a structure that contains the element model. It is the
application's responsibility to free this data structure using
<code><a href="#XML_FreeContentModel"
>XML_FreeContentModel</a></code>.</p>
to a structure that contains the element model. It's the user code's
responsibility to free model when finished with it. See <code>
<a href="#XML_FreeContentModel">XML_FreeContentModel</a></code>.
There is no need to free the model from the handler, it can be kept
around and freed at a later stage.</p>
<p>The <code>model</code> argument is the root of a tree of
<code>XML_Content</code> nodes. If <code>type</code> equals
......
......@@ -5,7 +5,7 @@
\\$2 \(la\\$1\(ra\\$3
..
.if \n(.g .mso www.tmac
.TH XMLWF 1 "January 30, 2022" "" ""
.TH XMLWF 1 "March 28, 2022" "" ""
.SH NAME
xmlwf \- Determines if an XML document is well-formed
.SH SYNOPSIS
......
......@@ -21,7 +21,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY dhfirstname "<firstname>Scott</firstname>">
<!ENTITY dhsurname "<surname>Bronson</surname>">
<!ENTITY dhdate "<date>January 30, 2022</date>">
<!ENTITY dhdate "<date>March 28, 2022</date>">
<!-- Please adjust this^^ date whenever cutting a new release. -->
<!ENTITY dhsection "<manvolnum>1</manvolnum>">
<!ENTITY dhemail "<email>bronson@rinspin.com</email>">
......
......@@ -13,7 +13,7 @@
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2001-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2004-2006 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2005-2007 Steven Solie <ssolie@users.sourceforge.net>
Copyright (c) 2005-2007 Steven Solie <steven@solie.ca>
Copyright (c) 2016-2019 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk>
Copyright (c) 2019 Zhongyuan Zhou <zhouzhongyuan@huawei.com>
......
......@@ -10,7 +10,7 @@
Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2001-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2005-2007 Steven Solie <ssolie@users.sourceforge.net>
Copyright (c) 2005-2007 Steven Solie <steven@solie.ca>
Copyright (c) 2005-2006 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2016-2019 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk>
......
......@@ -7,5 +7,6 @@ Name: $<TARGET_PROPERTY:expat,pkgconfig_$<LOWER_CASE:$<CONFIG>>_name>
Version: $<TARGET_PROPERTY:expat,pkgconfig_version>
Description: expat XML parser
URL: https://libexpat.github.io/
Libs: -L${libdir} -l$<TARGET_PROPERTY:expat,pkgconfig_$<LOWER_CASE:$<CONFIG>>_name> $<TARGET_PROPERTY:expat,pkgconfig_libm>
Libs: -L${libdir} -l$<TARGET_PROPERTY:expat,pkgconfig_$<LOWER_CASE:$<CONFIG>>_output_name>
Libs.private: $<TARGET_PROPERTY:expat,pkgconfig_libm>
Cflags: -I${includedir}
......@@ -7,5 +7,6 @@ Name: @PACKAGE_NAME@
Version: @PACKAGE_VERSION@
Description: expat XML parser
URL: https://libexpat.github.io/
Libs: -L${libdir} -l@PACKAGE_NAME@ @LIBM@
Libs: -L${libdir} -l@PACKAGE_NAME@
Libs.private: @LIBM@
Cflags: -I${includedir}
......@@ -77,7 +77,7 @@
#define PACKAGE_NAME "expat"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "expat 2.4.4"
#define PACKAGE_STRING "expat 2.4.8"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "expat"
......@@ -86,7 +86,7 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
#define PACKAGE_VERSION "2.4.4"
#define PACKAGE_VERSION "2.4.8"
/* Define to 1 if all of the C90 standard headers exist (not just the ones
required in a freestanding environment). This macro is provided for
......@@ -94,7 +94,7 @@
#define STDC_HEADERS 1
/* Version number of package */
#define VERSION "2.4.4"
#define VERSION "2.4.8"
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */
......
......@@ -15,6 +15,7 @@
Copyright (c) 2016 Cristian Rodríguez <crrodriguez@opensuse.org>
Copyright (c) 2016 Thomas Beutlich <tc@tbeu.de>
Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk>
Copyright (c) 2022 Thijs Schreijer <thijs@thijsschreijer.nl>
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining
......@@ -174,8 +175,10 @@ struct XML_cp {
};
/* This is called for an element declaration. See above for
description of the model argument. It's the caller's responsibility
to free model when finished with it.
description of the model argument. It's the user code's responsibility
to free model when finished with it. See XML_FreeContentModel.
There is no need to free the model from the handler, it can be kept
around and freed at a later stage.
*/
typedef void(XMLCALL *XML_ElementDeclHandler)(void *userData,
const XML_Char *name,
......@@ -237,6 +240,17 @@ XML_ParserCreate(const XML_Char *encoding);
and the local part will be concatenated without any separator.
It is a programming error to use the separator '\0' with namespace
triplets (see XML_SetReturnNSTriplet).
If a namespace separator is chosen that can be part of a URI or
part of an XML name, splitting an expanded name back into its
1, 2 or 3 original parts on application level in the element handler
may end up vulnerable, so these are advised against; sane choices for
a namespace separator are e.g. '\n' (line feed) and '|' (pipe).
Note that Expat does not validate namespace URIs (beyond encoding)
against RFC 3986 today (and is not required to do so with regard to
the XML 1.0 namespaces specification) but it may start doing that
in future releases. Before that, an application using Expat must
be ready to receive namespace URIs containing non-URI characters.
*/
XMLPARSEAPI(XML_Parser)
XML_ParserCreateNS(const XML_Char *encoding, XML_Char namespaceSeparator);
......@@ -317,7 +331,7 @@ typedef void(XMLCALL *XML_StartDoctypeDeclHandler)(void *userData,
const XML_Char *pubid,
int has_internal_subset);
/* This is called for the start of the DOCTYPE declaration when the
/* This is called for the end of the DOCTYPE declaration when the
closing > is encountered, but after processing any external
subset.
*/
......@@ -1041,7 +1055,7 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
*/
#define XML_MAJOR_VERSION 2
#define XML_MINOR_VERSION 4
#define XML_MICRO_VERSION 4
#define XML_MICRO_VERSION 8
#ifdef __cplusplus
}
......
/* 2e2c8ce5f11a473d65ec313ab20ceee6afefb355f5405afc06e7204e2e41c8c0 (2.4.4+)
/* 2722de33b8d95adcfb16db05afdec6ed1d40d51565cda2176c61806b5350eafe (2.4.8+)
__ __ _
___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __|
......@@ -11,7 +11,7 @@
Copyright (c) 2000-2006 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2001-2002 Greg Stein <gstein@users.sourceforge.net>
Copyright (c) 2002-2016 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2005-2009 Steven Solie <ssolie@users.sourceforge.net>
Copyright (c) 2005-2009 Steven Solie <steven@solie.ca>
Copyright (c) 2016 Eric Rahm <erahm@mozilla.com>
Copyright (c) 2016-2022 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2016 Gaurav <g.gupta@samsung.com>
......@@ -34,6 +34,7 @@
Copyright (c) 2019 Vadim Zeitlin <vadim@zeitlins.org>
Copyright (c) 2021 Dong-hee Na <donghee.na@python.org>
Copyright (c) 2022 Samanta Navarro <ferivoz@riseup.net>
Copyright (c) 2022 Jeffrey Walton <noloader@gmail.com>
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining
......@@ -133,7 +134,7 @@