diff --git a/expat/CMake.README b/expat/CMake.README
index a0502305..2b94fff5 100644
--- a/expat/CMake.README
+++ b/expat/CMake.README
@@ -3,25 +3,25 @@
The cmake based buildsystem for expat works on Windows (cygwin, mingw, Visual
Studio) and should work on all other platform cmake supports.
-Assuming ~/expat-2.4.9 is the source directory of expat, add a subdirectory
+Assuming ~/expat-2.5.0 is the source directory of expat, add a subdirectory
build and change into that directory:
-~/expat-2.4.9$ mkdir build && cd build
-~/expat-2.4.9/build$
+~/expat-2.5.0$ mkdir build && cd build
+~/expat-2.5.0/build$
From that directory, call cmake first, then call make, make test and
make install in the usual way:
-~/expat-2.4.9/build$ cmake ..
+~/expat-2.5.0/build$ cmake ..
-- The C compiler identification is GNU
-- The CXX compiler identification is GNU
....
-- Configuring done
-- Generating done
--- Build files have been written to: /home/patrick/expat-2.4.9/build
+-- Build files have been written to: /home/patrick/expat-2.5.0/build
If you want to specify the install location for your files, append
-DCMAKE_INSTALL_PREFIX=/your/install/path to the cmake call.
-~/expat-2.4.9/build$ make && make test && make install
+~/expat-2.5.0/build$ make && make test && make install
Scanning dependencies of target expat
[ 5%] Building C object CMakeFiles/expat.dir/lib/xmlparse.c.o
[ 11%] Building C object CMakeFiles/expat.dir/lib/xmlrole.c.o
diff --git a/expat/CMakeLists.txt b/expat/CMakeLists.txt
index 2bf0bcbe..2b4c13c5 100644
--- a/expat/CMakeLists.txt
+++ b/expat/CMakeLists.txt
@@ -38,7 +38,7 @@ cmake_minimum_required(VERSION 3.1.3)
project(expat
VERSION
- 2.4.9
+ 2.5.0
LANGUAGES
C
)
@@ -436,9 +436,9 @@ foreach(build_type_upper
set_property(TARGET expat PROPERTY ${build_type_upper}_POSTFIX ${EXPAT_${build_type_upper}_POSTFIX})
endforeach()
-set(LIBCURRENT 9) # sync
-set(LIBREVISION 9) # with
-set(LIBAGE 8) # configure.ac!
+set(LIBCURRENT 9) # sync
+set(LIBREVISION 10) # with
+set(LIBAGE 8) # configure.ac!
math(EXPR LIBCURRENT_MINUS_AGE "${LIBCURRENT} - ${LIBAGE}")
if(NOT WIN32)
diff --git a/expat/Changes b/expat/Changes
index 8af9da84..e6717105 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -2,11 +2,13 @@ NOTE: We are looking for help with a few things:
https://github.com/libexpat/libexpat/labels/help%20wanted
If you can help, please get in touch. Thanks!
-Release x.x.x xxx xxxxxxxxxxxx xx xxxx
+Release 2.5.0 Tue October 25 2022
Security fixes:
#616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager
destruction of a shared DTD in function
- XML_ExternalEntityParserCreate in out-of-memory situations
+ XML_ExternalEntityParserCreate in out-of-memory situations.
+ Expected impact is denial of service or potentially
+ arbitrary code execution.
Bug fixes:
#612 #645 Fix curruption from undefined entities
@@ -15,16 +17,21 @@ Release x.x.x xxx xxxxxxxxxxxx xx xxxx
#616 #652 #653 Stop leaking opening tag bindings after a closing tag
mismatch error where a parser is reset through
XML_ParserReset and then reused to parse
+ #656 CMake: Fix generation of pkg-config file
+ #658 MinGW|CMake: Fix static library name
Other changes:
#663 Protect header expat_config.h from multiple inclusion
#666 examples: Make use of XML_GetBuffer and be more
consistent across examples
#648 Address compiler warnings
+ #667 #668 Version info bumped from 9:9:8 to 9:10:8;
+ see https://verbump.de/ for what these numbers do
Special thanks to:
Jann Horn
Mark Brand
+ Osyotr
Rhodri James
and
Google Project Zero
diff --git a/expat/README.md b/expat/README.md
index c0ac8b0f..e5e237fc 100644
--- a/expat/README.md
+++ b/expat/README.md
@@ -5,7 +5,7 @@
[](https://github.com/libexpat/libexpat/releases)
-# Expat, Release 2.4.9
+# Expat, Release 2.5.0
This is Expat, a C library for parsing XML, started by
[James Clark](https://en.wikipedia.org/wiki/James_Clark_%28programmer%29) in 1997.
diff --git a/expat/configure.ac b/expat/configure.ac
index 558f959f..d3642dea 100644
--- a/expat/configure.ac
+++ b/expat/configure.ac
@@ -81,9 +81,9 @@ dnl
dnl If the API changes incompatibly set LIBAGE back to 0
dnl
-LIBCURRENT=9 # sync
-LIBREVISION=9 # with
-LIBAGE=8 # CMakeLists.txt!
+LIBCURRENT=9 # sync
+LIBREVISION=10 # with
+LIBAGE=8 # CMakeLists.txt!
AC_CONFIG_HEADERS([expat_config.h])
AH_TOP([#ifndef EXPAT_CONFIG_H
diff --git a/expat/doc/reference.html b/expat/doc/reference.html
index 4ab8d5a7..8b0d47d6 100644
--- a/expat/doc/reference.html
+++ b/expat/doc/reference.html
@@ -50,7 +50,7 @@
The Expat XML Parser
- Release 2.4.9
+ Release 2.5.0
diff --git a/expat/doc/xmlwf.xml b/expat/doc/xmlwf.xml
index 09d8dc89..9603abf1 100644
--- a/expat/doc/xmlwf.xml
+++ b/expat/doc/xmlwf.xml
@@ -21,7 +21,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
Scott">
Bronson">
- September 20, 2022">
+ October 25, 2022">
1">
bronson@rinspin.com">
diff --git a/expat/examples/elements.c b/expat/examples/elements.c
index 5098d7d9..e5fb850d 100644
--- a/expat/examples/elements.c
+++ b/expat/examples/elements.c
@@ -14,7 +14,7 @@
Copyright (c) 2001-2003 Fred L. Drake, Jr.
Copyright (c) 2004-2006 Karl Waclawek
Copyright (c) 2005-2007 Steven Solie
- Copyright (c) 2016-2019 Sebastian Pipping
+ Copyright (c) 2016-2022 Sebastian Pipping
Copyright (c) 2017 Rhodri James
Copyright (c) 2019 Zhongyuan Zhou
Licensed under the MIT license:
diff --git a/expat/examples/outline.c b/expat/examples/outline.c
index d23fa94b..d2df914f 100644
--- a/expat/examples/outline.c
+++ b/expat/examples/outline.c
@@ -12,7 +12,7 @@
Copyright (c) 2001-2003 Fred L. Drake, Jr.
Copyright (c) 2005-2007 Steven Solie
Copyright (c) 2005-2006 Karl Waclawek
- Copyright (c) 2016-2019 Sebastian Pipping
+ Copyright (c) 2016-2022 Sebastian Pipping
Copyright (c) 2017 Rhodri James
Licensed under the MIT license:
diff --git a/expat/lib/expat.h b/expat/lib/expat.h
index 2b47ce2a..1c83563c 100644
--- a/expat/lib/expat.h
+++ b/expat/lib/expat.h
@@ -1054,8 +1054,8 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
See http://semver.org.
*/
#define XML_MAJOR_VERSION 2
-#define XML_MINOR_VERSION 4
-#define XML_MICRO_VERSION 9
+#define XML_MINOR_VERSION 5
+#define XML_MICRO_VERSION 0
#ifdef __cplusplus
}
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index 57bf103c..b6c2eca9 100644
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -1,4 +1,4 @@
-/* 90815a2b2c80c03b2b889fe1d427bb2b9e3282aa065e42784e001db4f23de324 (2.4.9+)
+/* 5ab094ffadd6edfc94c3eee53af44a86951f9f1f0933ada3114bbce2bfb02c99 (2.5.0+)
__ __ _
___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __|
@@ -35,6 +35,7 @@
Copyright (c) 2021 Dong-hee Na
Copyright (c) 2022 Samanta Navarro
Copyright (c) 2022 Jeffrey Walton
+ Copyright (c) 2022 Jann Horn
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining
diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
index acb744dd..915fa520 100644
--- a/expat/tests/runtests.c
+++ b/expat/tests/runtests.c
@@ -11,7 +11,7 @@
Copyright (c) 2005-2007 Steven Solie
Copyright (c) 2005-2012 Karl Waclawek
Copyright (c) 2016-2022 Sebastian Pipping
- Copyright (c) 2017-2018 Rhodri James
+ Copyright (c) 2017-2022 Rhodri James
Copyright (c) 2017 Joe Orton
Copyright (c) 2017 José Gutiérrez de la Concha
Copyright (c) 2018 Marco Maggi
@@ -7757,7 +7757,7 @@ START_TEST(test_misc_version) {
fail("Version mismatch");
#if ! defined(XML_UNICODE) || defined(XML_UNICODE_WCHAR_T)
- if (xcstrcmp(version_text, XCS("expat_2.4.9"))) /* needs bump on releases */
+ if (xcstrcmp(version_text, XCS("expat_2.5.0"))) /* needs bump on releases */
fail("XML_*_VERSION in expat.h out of sync?\n");
#else
/* If we have XML_UNICODE defined but not XML_UNICODE_WCHAR_T
diff --git a/expat/win32/expat.iss b/expat/win32/expat.iss
index 5b234ecb..ce9f3bb6 100644
--- a/expat/win32/expat.iss
+++ b/expat/win32/expat.iss
@@ -37,7 +37,7 @@
; OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
; USE OR OTHER DEALINGS IN THE SOFTWARE.
-#define expatVer "2.4.9"
+#define expatVer "2.5.0"
[Setup]
AppName=Expat