diff --git a/.ci.sh b/.ci.sh index e855be9c..b75f815c 100755 --- a/.ci.sh +++ b/.ci.sh @@ -11,6 +11,7 @@ # Copyright (c) 2019 Mohammed Khajapasha # Copyright (c) 2019 Manish, Kumar # Copyright (c) 2019 Philippe Antoine +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/.github/workflows/autotools-cmake.yml b/.github/workflows/autotools-cmake.yml index 75ee603b..96e8f342 100644 --- a/.github/workflows/autotools-cmake.yml +++ b/.github/workflows/autotools-cmake.yml @@ -5,8 +5,9 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2021-2023 Sebastian Pipping +# Copyright (c) 2021-2024 Sebastian Pipping # Copyright (c) 2023 Joyce Brum +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/.github/workflows/cmake-required-version.yml b/.github/workflows/cmake-required-version.yml index f54467ea..ff7fd441 100644 --- a/.github/workflows/cmake-required-version.yml +++ b/.github/workflows/cmake-required-version.yml @@ -5,8 +5,9 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2021-2023 Sebastian Pipping +# Copyright (c) 2021-2024 Sebastian Pipping # Copyright (c) 2023 Joyce Brum +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index e49f6aa7..2871a846 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -5,7 +5,7 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2021-2023 Sebastian Pipping +# Copyright (c) 2021-2024 Sebastian Pipping # Copyright (c) 2023 Joyce Brum # Licensed under the MIT license: # diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index d84e978c..4c33b627 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -5,8 +5,9 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2021-2023 Sebastian Pipping +# Copyright (c) 2021-2024 Sebastian Pipping # Copyright (c) 2023 Joyce Brum +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml index b70a58c4..5ed43e7b 100644 --- a/.github/workflows/cppcheck.yml +++ b/.github/workflows/cppcheck.yml @@ -7,6 +7,7 @@ # # Copyright (c) 2021-2024 Sebastian Pipping # Copyright (c) 2023 Joyce Brum +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/.github/workflows/expat_config_h.yml b/.github/workflows/expat_config_h.yml index 94eeee54..ac8dbf68 100644 --- a/.github/workflows/expat_config_h.yml +++ b/.github/workflows/expat_config_h.yml @@ -5,7 +5,7 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2020-2023 Sebastian Pipping +# Copyright (c) 2020-2024 Sebastian Pipping # Copyright (c) 2023 Joyce Brum # Licensed under the MIT license: # diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index ab0f7ba1..215b4156 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -8,6 +8,7 @@ # Copyright (c) 2021-2024 Sebastian Pipping # Copyright (c) 2023 Joyce Brum # Copyright (c) 2023 Hanno Böck +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 6afaed7a..36a32732 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -5,8 +5,9 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2020-2023 Sebastian Pipping +# Copyright (c) 2020-2024 Sebastian Pipping # Copyright (c) 2023 Joyce Brum +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/.github/workflows/scripts/mass-cppcheck.sh b/.github/workflows/scripts/mass-cppcheck.sh index 8a081a8b..1a5060e8 100755 --- a/.github/workflows/scripts/mass-cppcheck.sh +++ b/.github/workflows/scripts/mass-cppcheck.sh @@ -7,6 +7,7 @@ # |_| XML parser # # Copyright (c) 2021-2024 Sebastian Pipping +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/.github/workflows/valid-xml.yml b/.github/workflows/valid-xml.yml index b090c4f7..095895c5 100644 --- a/.github/workflows/valid-xml.yml +++ b/.github/workflows/valid-xml.yml @@ -5,7 +5,7 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2021-2023 Sebastian Pipping +# Copyright (c) 2021-2024 Sebastian Pipping # Copyright (c) 2023 Joyce Brum # Licensed under the MIT license: # diff --git a/appveyor.yml b/appveyor.yml index 0e6b4fd0..8ac58020 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -7,7 +7,7 @@ # |_| XML parser # # Copyright (c) 2017 José Gutiérrez de la Concha -# Copyright (c) 2017-2022 Sebastian Pipping +# Copyright (c) 2017-2023 Sebastian Pipping # Copyright (c) 2017 Franek Korta # Licensed under the MIT license: # diff --git a/expat/CMake.README b/expat/CMake.README index 3998f4ea..6e7e852f 100644 --- a/expat/CMake.README +++ b/expat/CMake.README @@ -3,25 +3,25 @@ The cmake based buildsystem for expat works on Windows (cygwin, mingw, Visual Studio) and should work on all other platform cmake supports. -Assuming ~/expat-2.6.2 is the source directory of expat, add a subdirectory +Assuming ~/expat-2.6.3 is the source directory of expat, add a subdirectory build and change into that directory: -~/expat-2.6.2$ mkdir build && cd build -~/expat-2.6.2/build$ +~/expat-2.6.3$ mkdir build && cd build +~/expat-2.6.3/build$ From that directory, call cmake first, then call make, make test and make install in the usual way: -~/expat-2.6.2/build$ cmake .. +~/expat-2.6.3/build$ cmake .. -- The C compiler identification is GNU -- The CXX compiler identification is GNU .... -- Configuring done -- Generating done --- Build files have been written to: /home/patrick/expat-2.6.2/build +-- Build files have been written to: /home/patrick/expat-2.6.3/build If you want to specify the install location for your files, append -DCMAKE_INSTALL_PREFIX=/your/install/path to the cmake call. -~/expat-2.6.2/build$ make && make test && make install +~/expat-2.6.3/build$ make && make test && make install Scanning dependencies of target expat [ 5%] Building C object CMakeFiles/expat.dir/lib/xmlparse.c.o [ 11%] Building C object CMakeFiles/expat.dir/lib/xmlrole.c.o diff --git a/expat/CMakeLists.txt b/expat/CMakeLists.txt index afc0fcc4..b2055c18 100644 --- a/expat/CMakeLists.txt +++ b/expat/CMakeLists.txt @@ -38,7 +38,7 @@ cmake_minimum_required(VERSION 3.5.0) project(expat VERSION - 2.6.2 + 2.6.3 LANGUAGES C ) @@ -466,7 +466,7 @@ foreach(build_type_upper endforeach() set(LIBCURRENT 10) # sync -set(LIBREVISION 2) # with +set(LIBREVISION 3) # with set(LIBAGE 9) # configure.ac! math(EXPR LIBCURRENT_MINUS_AGE "${LIBCURRENT} - ${LIBAGE}") diff --git a/expat/Changes b/expat/Changes index 52b366d5..c1d22efa 100644 --- a/expat/Changes +++ b/expat/Changes @@ -30,6 +30,60 @@ !! THANK YOU! Sebastian Pipping -- Berlin, 2024-03-09 !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +Release 2.6.3 Wed September 4 2024 + Security fixes: + #887 #890 CVE-2024-45490 -- Calling function XML_ParseBuffer with + len < 0 without noticing and then calling XML_GetBuffer + will have XML_ParseBuffer fail to recognize the problem + and XML_GetBuffer corrupt memory. + With the fix, XML_ParseBuffer now complains with error + XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse + has been doing since Expat 2.2.1, and now documented. + Impact is denial of service to potentially artitrary code + execution. + #888 #891 CVE-2024-45491 -- Internal function dtdCopy can have an + integer overflow for nDefaultAtts on 32-bit platforms + (where UINT_MAX equals SIZE_MAX). + Impact is denial of service to potentially artitrary code + execution. + #889 #892 CVE-2024-45492 -- Internal function nextScaffoldPart can + have an integer overflow for m_groupSize on 32-bit + platforms (where UINT_MAX equals SIZE_MAX). + Impact is denial of service to potentially artitrary code + execution. + + Other changes: + #851 #879 Autotools: Sync CMake templates with CMake 3.28 + #853 Autotools: Always provide path to find(1) for portability + #861 Autotools: Ensure that the m4 directory always exists. + #870 Autotools: Simplify handling of SIZEOF_VOID_P + #869 Autotools: Support non-GNU sed + #856 Autotools|CMake: Fix main() to main(void) + #865 Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM + #863 Autotools|CMake: Stop requiring dos2unix + #854 #855 CMake: Fix check for symbols size_t and off_t + #864 docs|tests: Convert README to Markdown and update + #741 Windows: Drop support for Visual Studio <=15.0/2017 + #886 Drop needless XML_DTD guards around is_param access + #885 Fix typo in a code comment + #894 #896 Version info bumped from 10:2:9 (libexpat*.so.1.9.2) + to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/ + for what these numbers do + + Infrastructure: + #880 Readme: Promote the call for help + #868 CI: Fix various issues + #849 CI: Allow triggering GitHub Actions workflows manually + #851 #872 .. + #873 #879 CI: Adapt to breaking changes in GitHub Actions + + Special thanks to: + Alexander Bluhm + Berkay Eren Ürün + Dag-Erling Smørgrav + Ferenc Géczi + TaiYou + Release 2.6.2 Wed March 13 2024 Security fixes: #839 #842 CVE-2024-28757 -- Prevent billion laughs attacks with diff --git a/expat/Makefile.am b/expat/Makefile.am index 47cdd1b9..7d8e17c2 100644 --- a/expat/Makefile.am +++ b/expat/Makefile.am @@ -10,6 +10,8 @@ # Copyright (c) 2018 KangLin # Copyright (c) 2022 Johnny Jazeix # Copyright (c) 2023 Sony Corporation / Snild Dolkow +# Copyright (c) 2024 Alexander Bluhm +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/expat/README.md b/expat/README.md index b7b16f13..180a68e4 100644 --- a/expat/README.md +++ b/expat/README.md @@ -11,7 +11,7 @@ > at the top of the `Changes` file. -# Expat, Release 2.6.2 +# Expat, Release 2.6.3 This is Expat, a C99 library for parsing [XML 1.0 Fourth Edition](https://www.w3.org/TR/2006/REC-xml-20060816/), started by diff --git a/expat/apply-clang-format.sh b/expat/apply-clang-format.sh index ddff1255..c3012b5e 100755 --- a/expat/apply-clang-format.sh +++ b/expat/apply-clang-format.sh @@ -8,6 +8,7 @@ # # Copyright (c) 2019-2024 Sebastian Pipping # Copyright (c) 2022 Rosen Penev +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/expat/buildconf.sh b/expat/buildconf.sh index 1b4dc699..4e506b30 100755 --- a/expat/buildconf.sh +++ b/expat/buildconf.sh @@ -8,6 +8,7 @@ # # Copyright (c) 2017-2022 Sebastian Pipping # Copyright (c) 2018 Marco Maggi +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/expat/configure.ac b/expat/configure.ac index 1d0954b7..1a930413 100644 --- a/expat/configure.ac +++ b/expat/configure.ac @@ -22,6 +22,8 @@ dnl Copyright (c) 2018 KangLin dnl Copyright (c) 2019 Mohammed Khajapasha dnl Copyright (c) 2019 Kishore Kunche dnl Copyright (c) 2020 Jeffrey Walton +dnl Copyright (c) 2024 Ferenc Géczi +dnl Copyright (c) 2024 Dag-Erling Smørgrav dnl Licensed under the MIT license: dnl dnl Permission is hereby granted, free of charge, to any person obtaining @@ -83,7 +85,7 @@ dnl If the API changes incompatibly set LIBAGE back to 0 dnl LIBCURRENT=10 # sync -LIBREVISION=2 # with +LIBREVISION=3 # with LIBAGE=9 # CMakeLists.txt! AC_CONFIG_HEADERS([expat_config.h]) diff --git a/expat/doc/Makefile.am b/expat/doc/Makefile.am index 9d12923d..3bea96e9 100644 --- a/expat/doc/Makefile.am +++ b/expat/doc/Makefile.am @@ -9,6 +9,7 @@ # Copyright (c) 2017-2024 Sebastian Pipping # Copyright (c) 2017 Stephen Groat # Copyright (c) 2017 Joe Orton +# Copyright (c) 2024 Tomas Korbar # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/expat/doc/reference.html b/expat/doc/reference.html index c600fbba..4cfb2ce9 100644 --- a/expat/doc/reference.html +++ b/expat/doc/reference.html @@ -52,7 +52,7 @@

The Expat XML Parser - Release 2.6.2 + Release 2.6.3

diff --git a/expat/doc/xmlwf.xml b/expat/doc/xmlwf.xml index fd77f844..10b29782 100644 --- a/expat/doc/xmlwf.xml +++ b/expat/doc/xmlwf.xml @@ -21,7 +21,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ Scott"> Bronson"> - March 13, 2024"> + September 4, 2024"> 1"> bronson@rinspin.com"> diff --git a/expat/fix-xmltest-log.sh b/expat/fix-xmltest-log.sh index 9e0e5d03..4739acab 100755 --- a/expat/fix-xmltest-log.sh +++ b/expat/fix-xmltest-log.sh @@ -7,6 +7,7 @@ # |_| XML parser # # Copyright (c) 2019-2022 Sebastian Pipping +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/expat/gennmtab/gennmtab.c b/expat/gennmtab/gennmtab.c index 82cfccff..d8cfecad 100644 --- a/expat/gennmtab/gennmtab.c +++ b/expat/gennmtab/gennmtab.c @@ -9,7 +9,7 @@ Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 2000 Clark Cooper Copyright (c) 2002 Fred L. Drake, Jr. - Copyright (c) 2016-2017 Sebastian Pipping + Copyright (c) 2016-2024 Sebastian Pipping Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff --git a/expat/lib/expat.h b/expat/lib/expat.h index c2770be3..d0d6015a 100644 --- a/expat/lib/expat.h +++ b/expat/lib/expat.h @@ -1066,7 +1066,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled); */ #define XML_MAJOR_VERSION 2 #define XML_MINOR_VERSION 6 -#define XML_MICRO_VERSION 2 +#define XML_MICRO_VERSION 3 #ifdef __cplusplus } diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 0f32e1f8..d9285b21 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -1,4 +1,4 @@ -/* 2a14271ad4d35e82bde8ba210b4edb7998794bcbae54deab114046a300f9639a (2.6.2+) +/* ba4cdf9bdb534f355a9def4c9e25d20ee8e72f95b0a4d930be52e563f5080196 (2.6.3+) __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| @@ -39,6 +39,7 @@ Copyright (c) 2022 Sean McBride Copyright (c) 2023 Owain Davies Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow + Copyright (c) 2024 Berkay Eren Ürün Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff --git a/expat/qa.sh b/expat/qa.sh index 54984986..98bde15d 100755 --- a/expat/qa.sh +++ b/expat/qa.sh @@ -9,6 +9,7 @@ # Copyright (c) 2016-2023 Sebastian Pipping # Copyright (c) 2019 Philippe Antoine # Copyright (c) 2019 Hanno Böck +# Copyright (c) 2024 Alexander Bluhm # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/expat/tests/Makefile.am b/expat/tests/Makefile.am index ff192381..d25376be 100644 --- a/expat/tests/Makefile.am +++ b/expat/tests/Makefile.am @@ -9,6 +9,7 @@ # Copyright (c) 2017-2024 Sebastian Pipping # Copyright (c) 2017-2022 Rhodri James # Copyright (c) 2020 Jeffrey Walton +# Copyright (c) 2024 Dag-Erling Smørgrav # Licensed under the MIT license: # # Permission is hereby granted, free of charge, to any person obtaining diff --git a/expat/tests/misc_tests.c b/expat/tests/misc_tests.c index ffde0563..2ee9320b 100644 --- a/expat/tests/misc_tests.c +++ b/expat/tests/misc_tests.c @@ -208,7 +208,7 @@ START_TEST(test_misc_version) { if (! versions_equal(&read_version, &parsed_version)) fail("Version mismatch"); - if (xcstrcmp(version_text, XCS("expat_2.6.2"))) /* needs bump on releases */ + if (xcstrcmp(version_text, XCS("expat_2.6.3"))) /* needs bump on releases */ fail("XML_*_VERSION in expat.h out of sync?\n"); } END_TEST diff --git a/expat/win32/build_expat_iss.bat b/expat/win32/build_expat_iss.bat index a071b14e..aea73489 100644 --- a/expat/win32/build_expat_iss.bat +++ b/expat/win32/build_expat_iss.bat @@ -7,7 +7,7 @@ REM | __// \| |_) | (_| | |_ REM \___/_/\_\ .__/ \__,_|\__| REM |_| XML parser REM -REM Copyright (c) 2019-2021 Sebastian Pipping +REM Copyright (c) 2019-2024 Sebastian Pipping REM Licensed under the MIT license: REM REM Permission is hereby granted, free of charge, to any person obtaining diff --git a/expat/win32/expat.iss b/expat/win32/expat.iss index 2c9e9215..23c18d14 100644 --- a/expat/win32/expat.iss +++ b/expat/win32/expat.iss @@ -16,6 +16,7 @@ ; Copyright (c) 2006-2017 Karl Waclawek ; Copyright (c) 2007-2024 Sebastian Pipping ; Copyright (c) 2022 Johnny Jazeix +; Copyright (c) 2024 Dag-Erling Smørgrav ; Licensed under the MIT license: ; ; Permission is hereby granted, free of charge, to any person obtaining @@ -37,7 +38,7 @@ ; OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE ; USE OR OTHER DEALINGS IN THE SOFTWARE. -#define expatVer "2.6.2" +#define expatVer "2.6.3" [Setup] AppName=Expat