organicmaps/libexpat
13
Fork 0
mirror of https://github.com/libexpat/libexpat.git synced 2025-04-05 05:05:00 +00:00
Code Issues 1 Projects Releases Wiki Activity Actions 1

Merge pull request #896 from libexpat/issue-894-prepare-release

Browse source 
Prepare release 2.6.3 (part of #894, ETA 2024-09-04)
This commit is contained in:
Sebastian Pipping 2024-09-04 12:20:17 +02:00 committed by GitHub
commit 88b3ed553d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
32 changed files with 100 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.ci.sh
View file

@ -11,6 +11,7 @@
# Copyright (c) 2019 Mohammed Khajapasha <mohammed.khajapasha@intel.com>
# Copyright (c) 2019 Manish, Kumar <manish3.kumar@intel.com>
# Copyright (c) 2019 Philippe Antoine <contact@catenacyber.fr>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

3
.github/workflows/autotools-cmake.yml vendored
View file

@ -5,8 +5,9 @@
# \___/_/\_\ .__/ \__,_|\__|
# |_| XML parser
#
# Copyright (c) 2021-2023 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2021-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2023 Joyce Brum <joycebrum@google.com>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

3
.github/workflows/cmake-required-version.yml vendored
View file

@ -5,8 +5,9 @@
# \___/_/\_\ .__/ \__,_|\__|
# |_| XML parser
#
# Copyright (c) 2021-2023 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2021-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2023 Joyce Brum <joycebrum@google.com>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

2
.github/workflows/codespell.yml vendored
View file

@ -5,7 +5,7 @@
# \___/_/\_\ .__/ \__,_|\__|
# |_| XML parser
#
# Copyright (c) 2021-2023 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2021-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2023 Joyce Brum <joycebrum@google.com>
# Licensed under the MIT license:
#

3
.github/workflows/coverage.yml vendored
View file

@ -5,8 +5,9 @@
# \___/_/\_\ .__/ \__,_|\__|
# |_| XML parser
#
# Copyright (c) 2021-2023 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2021-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2023 Joyce Brum <joycebrum@google.com>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

1
.github/workflows/cppcheck.yml vendored
View file

@ -7,6 +7,7 @@
#
# Copyright (c) 2021-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2023 Joyce Brum <joycebrum@google.com>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

2
.github/workflows/expat_config_h.yml vendored
View file

@ -5,7 +5,7 @@
# \___/_/\_\ .__/ \__,_|\__|
# |_| XML parser
#
# Copyright (c) 2020-2023 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2020-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2023 Joyce Brum <joycebrum@google.com>
# Licensed under the MIT license:
#

1
.github/workflows/linux.yml vendored
View file

@ -8,6 +8,7 @@
# Copyright (c) 2021-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2023 Joyce Brum <joycebrum@google.com>
# Copyright (c) 2023 Hanno Böck <hanno@gentoo.org>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

3
.github/workflows/macos.yml vendored
View file

@ -5,8 +5,9 @@
# \___/_/\_\ .__/ \__,_|\__|
# |_| XML parser
#
# Copyright (c) 2020-2023 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2020-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2023 Joyce Brum <joycebrum@google.com>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

1
.github/workflows/scripts/mass-cppcheck.sh vendored
View file

@ -7,6 +7,7 @@
# |_| XML parser
#
# Copyright (c) 2021-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

2
.github/workflows/valid-xml.yml vendored
View file

@ -5,7 +5,7 @@
# \___/_/\_\ .__/ \__,_|\__|
# |_| XML parser
#
# Copyright (c) 2021-2023 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2021-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2023 Joyce Brum <joycebrum@google.com>
# Licensed under the MIT license:
#

2
appveyor.yml
View file

@ -7,7 +7,7 @@
# |_| XML parser
#
# Copyright (c) 2017 José Gutiérrez de la Concha <jose@zeroc.com>
# Copyright (c) 2017-2022 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2017-2023 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2017 Franek Korta <fkorta@gmail.com>
# Licensed under the MIT license:
#

12
expat/CMake.README
View file

@ -3,25 +3,25 @@
The cmake based buildsystem for expat works on Windows (cygwin, mingw, Visual
Studio) and should work on all other platform cmake supports.
Assuming ~/expat-2.6.2 is the source directory of expat, add a subdirectory
Assuming ~/expat-2.6.3 is the source directory of expat, add a subdirectory
build and change into that directory:
~/expat-2.6.2$ mkdir build && cd build
~/expat-2.6.2/build$
~/expat-2.6.3$ mkdir build && cd build
~/expat-2.6.3/build$
From that directory, call cmake first, then call make, make test and
make install in the usual way:
~/expat-2.6.2/build$ cmake ..
~/expat-2.6.3/build$ cmake ..
-- The C compiler identification is GNU
-- The CXX compiler identification is GNU
....
-- Configuring done
-- Generating done
-- Build files have been written to: /home/patrick/expat-2.6.2/build
-- Build files have been written to: /home/patrick/expat-2.6.3/build
If you want to specify the install location for your files, append
-DCMAKE_INSTALL_PREFIX=/your/install/path to the cmake call.
~/expat-2.6.2/build$ make && make test && make install
~/expat-2.6.3/build$ make && make test && make install
Scanning dependencies of target expat
[ 5%] Building C object CMakeFiles/expat.dir/lib/xmlparse.c.o
[ 11%] Building C object CMakeFiles/expat.dir/lib/xmlrole.c.o

4
expat/CMakeLists.txt
View file

@ -38,7 +38,7 @@ cmake_minimum_required(VERSION 3.5.0)
project(expat
VERSION
2.6.2
2.6.3
LANGUAGES
C
)
@ -466,7 +466,7 @@ foreach(build_type_upper
endforeach()
set(LIBCURRENT 10) # sync
set(LIBREVISION 2) # with
set(LIBREVISION 3) # with
set(LIBAGE 9) # configure.ac!
math(EXPR LIBCURRENT_MINUS_AGE "${LIBCURRENT} - ${LIBAGE}")

54
expat/Changes
View file

@ -30,6 +30,60 @@
!! THANK YOU! Sebastian Pipping -- Berlin, 2024-03-09 !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Release 2.6.3 Wed September 4 2024
Security fixes:
#887 #890 CVE-2024-45490 -- Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.
#888 #891 CVE-2024-45491 -- Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
#889 #892 CVE-2024-45492 -- Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
Other changes:
#851 #879 Autotools: Sync CMake templates with CMake 3.28
#853 Autotools: Always provide path to find(1) for portability
#861 Autotools: Ensure that the m4 directory always exists.
#870 Autotools: Simplify handling of SIZEOF_VOID_P
#869 Autotools: Support non-GNU sed
#856 Autotools|CMake: Fix main() to main(void)
#865 Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
#863 Autotools|CMake: Stop requiring dos2unix
#854 #855 CMake: Fix check for symbols size_t and off_t
#864 docs|tests: Convert README to Markdown and update
#741 Windows: Drop support for Visual Studio <=15.0/2017
#886 Drop needless XML_DTD guards around is_param access
#885 Fix typo in a code comment
#894 #896 Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
for what these numbers do
Infrastructure:
#880 Readme: Promote the call for help
#868 CI: Fix various issues
#849 CI: Allow triggering GitHub Actions workflows manually
#851 #872 ..
#873 #879 CI: Adapt to breaking changes in GitHub Actions
Special thanks to:
Alexander Bluhm
Berkay Eren Ürün
Dag-Erling Smørgrav
Ferenc Géczi
TaiYou
Release 2.6.2 Wed March 13 2024
Security fixes:
#839 #842 CVE-2024-28757 -- Prevent billion laughs attacks with

2
expat/Makefile.am
View file

@ -10,6 +10,8 @@
# Copyright (c) 2018 KangLin <kl222@126.com>
# Copyright (c) 2022 Johnny Jazeix <jazeix@gmail.com>
# Copyright (c) 2023 Sony Corporation / Snild Dolkow <snild@sony.com>
# Copyright (c) 2024 Alexander Bluhm <alexander.bluhm@gmx.net>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

2
expat/README.md
View file

@ -11,7 +11,7 @@
> at the top of the `Changes` file.
# Expat, Release 2.6.2
# Expat, Release 2.6.3
This is Expat, a C99 library for parsing
[XML 1.0 Fourth Edition](https://www.w3.org/TR/2006/REC-xml-20060816/), started by

1
expat/apply-clang-format.sh
View file

@ -8,6 +8,7 @@
#
# Copyright (c) 2019-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2022 Rosen Penev <rosenp@gmail.com>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

1
expat/buildconf.sh
View file

@ -8,6 +8,7 @@
#
# Copyright (c) 2017-2022 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2018 Marco Maggi <marco.maggi-ipsu@poste.it>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

4
expat/configure.ac
View file

@ -22,6 +22,8 @@ dnl Copyright (c) 2018 KangLin <kl222@126.com>
dnl Copyright (c) 2019 Mohammed Khajapasha <mohammed.khajapasha@intel.com>
dnl Copyright (c) 2019 Kishore Kunche <kishore.kunche@intel.com>
dnl Copyright (c) 2020 Jeffrey Walton <noloader@gmail.com>
dnl Copyright (c) 2024 Ferenc Géczi <ferenc.gm@gmail.com>
dnl Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
dnl Licensed under the MIT license:
dnl
dnl Permission is hereby granted, free of charge, to any person obtaining
@ -83,7 +85,7 @@ dnl If the API changes incompatibly set LIBAGE back to 0
dnl
LIBCURRENT=10 # sync
LIBREVISION=2 # with
LIBREVISION=3 # with
LIBAGE=9 # CMakeLists.txt!
AC_CONFIG_HEADERS([expat_config.h])

1
expat/doc/Makefile.am
View file

@ -9,6 +9,7 @@
# Copyright (c) 2017-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2017 Stephen Groat <stephen@groat.us>
# Copyright (c) 2017 Joe Orton <jorton@redhat.com>
# Copyright (c) 2024 Tomas Korbar <tkorbar@redhat.com>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

2
expat/doc/reference.html
View file

@ -52,7 +52,7 @@
<div>
<h1>
The Expat XML Parser
<small>Release 2.6.2</small>
<small>Release 2.6.3</small>
</h1>
</div>
<div class="content">

2
expat/doc/xmlwf.xml
View file

@ -21,7 +21,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY dhfirstname "<firstname>Scott</firstname>">
<!ENTITY dhsurname "<surname>Bronson</surname>">
<!ENTITY dhdate "<date>March 13, 2024</date>">
<!ENTITY dhdate "<date>September 4, 2024</date>">
<!-- Please adjust this^^ date whenever cutting a new release. -->
<!ENTITY dhsection "<manvolnum>1</manvolnum>">
<!ENTITY dhemail "<email>bronson@rinspin.com</email>">

1
expat/fix-xmltest-log.sh
View file

@ -7,6 +7,7 @@
# |_| XML parser
#
# Copyright (c) 2019-2022 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

2
expat/gennmtab/gennmtab.c
View file

@ -9,7 +9,7 @@
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2016-2017 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2016-2024 Sebastian Pipping <sebastian@pipping.org>
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining

2
expat/lib/expat.h
View file

@ -1066,7 +1066,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled);
*/
#define XML_MAJOR_VERSION 2
#define XML_MINOR_VERSION 6
#define XML_MICRO_VERSION 2
#define XML_MICRO_VERSION 3
#ifdef __cplusplus
}

3
expat/lib/xmlparse.c
View file

@ -1,4 +1,4 @@
/* 2a14271ad4d35e82bde8ba210b4edb7998794bcbae54deab114046a300f9639a (2.6.2+)
/* ba4cdf9bdb534f355a9def4c9e25d20ee8e72f95b0a4d930be52e563f5080196 (2.6.3+)
__ __ _
___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __|
@ -39,6 +39,7 @@
Copyright (c) 2022 Sean McBride <sean@rogue-research.com>
Copyright (c) 2023 Owain Davies <owaind@bath.edu>
Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <snild@sony.com>
Copyright (c) 2024 Berkay Eren Ürün <berkay.ueruen@siemens.com>
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining

1
expat/qa.sh
View file

@ -9,6 +9,7 @@
# Copyright (c) 2016-2023 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2019 Philippe Antoine <contact@catenacyber.fr>
# Copyright (c) 2019 Hanno Böck <hanno@gentoo.org>
# Copyright (c) 2024 Alexander Bluhm <alexander.bluhm@gmx.net>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

1
expat/tests/Makefile.am
View file

@ -9,6 +9,7 @@
# Copyright (c) 2017-2024 Sebastian Pipping <sebastian@pipping.org>
# Copyright (c) 2017-2022 Rhodri James <rhodri@wildebeest.org.uk>
# Copyright (c) 2020 Jeffrey Walton <noloader@gmail.com>
# Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
# Licensed under the MIT license:
#
# Permission is hereby granted, free of charge, to any person obtaining

2
expat/tests/misc_tests.c
View file

@ -208,7 +208,7 @@ START_TEST(test_misc_version) {
if (! versions_equal(&read_version, &parsed_version))
fail("Version mismatch");
if (xcstrcmp(version_text, XCS("expat_2.6.2"))) /* needs bump on releases */
if (xcstrcmp(version_text, XCS("expat_2.6.3"))) /* needs bump on releases */
fail("XML_*_VERSION in expat.h out of sync?\n");
}
END_TEST

2
expat/win32/build_expat_iss.bat
View file

@ -7,7 +7,7 @@ REM | __// \| |_) | (_| | |_
REM \___/_/\_\ .__/ \__,_|\__|
REM |_| XML parser
REM
REM Copyright (c) 2019-2021 Sebastian Pipping <sebastian@pipping.org>
REM Copyright (c) 2019-2024 Sebastian Pipping <sebastian@pipping.org>
REM Licensed under the MIT license:
REM
REM Permission is hereby granted, free of charge, to any person obtaining

3
expat/win32/expat.iss
View file

@ -16,6 +16,7 @@
; Copyright (c) 2006-2017 Karl Waclawek <karl@waclawek.net>
; Copyright (c) 2007-2024 Sebastian Pipping <sebastian@pipping.org>
; Copyright (c) 2022 Johnny Jazeix <jazeix@gmail.com>
; Copyright (c) 2024 Dag-Erling Smørgrav <des@des.dev>
; Licensed under the MIT license:
;
; Permission is hereby granted, free of charge, to any person obtaining
@ -37,7 +38,7 @@
; OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
; USE OR OTHER DEALINGS IN THE SOFTWARE.
#define expatVer "2.6.2"
#define expatVer "2.6.3"
[Setup]
AppName=Expat