Merge pull request #480 from libexpat/issue-479-release-expat-2-4-0

Prepare release 2.4.0 (part of #479)

expat/CMake.README

@@ -3,25 +3,25 @@
 The cmake based buildsystem for expat works on Windows (cygwin, mingw, Visual
 Studio) and should work on all other platform cmake supports.
 
-Assuming ~/expat-2.3.0 is the source directory of expat, add a subdirectory
+Assuming ~/expat-2.4.0 is the source directory of expat, add a subdirectory
 build and change into that directory:
-~/expat-2.3.0$ mkdir build && cd build
-~/expat-2.3.0/build$
+~/expat-2.4.0$ mkdir build && cd build
+~/expat-2.4.0/build$
 
 From that directory, call cmake first, then call make, make test and
 make install in the usual way:
-~/expat-2.3.0/build$ cmake ..
+~/expat-2.4.0/build$ cmake ..
 -- The C compiler identification is GNU
 -- The CXX compiler identification is GNU
 ....
 -- Configuring done
 -- Generating done
--- Build files have been written to: /home/patrick/expat-2.3.0/build
+-- Build files have been written to: /home/patrick/expat-2.4.0/build
 
 If you want to specify the install location for your files, append
 -DCMAKE_INSTALL_PREFIX=/your/install/path to the cmake call.
 
-~/expat-2.3.0/build$ make && make test && make install
+~/expat-2.4.0/build$ make && make test && make install
 Scanning dependencies of target expat
 [  5%] Building C object CMakeFiles/expat.dir/lib/xmlparse.c.o
 [ 11%] Building C object CMakeFiles/expat.dir/lib/xmlrole.c.o

expat/CMakeLists.txt

@@ -64,7 +64,7 @@ endif()
 
 project(expat
     VERSION
-        2.3.0
+        2.4.0
     LANGUAGES
         C
 )
@@ -386,9 +386,9 @@ if(EXPAT_WITH_LIBBSD)
     target_link_libraries(expat ${LIB_BSD})
 endif()
 
-set(LIBCURRENT 8)   # sync
+set(LIBCURRENT 9)   # sync
 set(LIBREVISION 0)  # with
-set(LIBAGE 7)       # configure.ac!
+set(LIBAGE 8)       # configure.ac!
 math(EXPR LIBCURRENT_MINUS_AGE "${LIBCURRENT} - ${LIBAGE}")
 
 set_property(TARGET expat PROPERTY OUTPUT_NAME "${_EXPAT_OUTPUT_NAME}")

expat/Changes

@@ -2,7 +2,7 @@ NOTE: We are looking for help with a few things:
       https://github.com/libexpat/libexpat/labels/help%20wanted
       If you can help, please get in touch.  Thanks!
 
-Release X.X.X XXX XXXXX XX XXXX
+Release 2.4.0 Sun May 23 2021
         Security fixes:
    #34 #466 #484  CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
                     (denial-of-service; flavors targeting CPU time or RAM or both,
@@ -12,8 +12,29 @@ Release X.X.X XXX XXXXX XX XXXX
                     By conservative default, amplification up to a factor of 100.0
                     is tolerated and rejection only starts after 8 MiB of output bytes
                     (=<direct> + <indirect>) have been processed.
-                    A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH signals
-                    this condition.
+                    The fix adds the following to the API:
+                    - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
+                      signals this specific condition.
+                    - Two new API functions ..
+                      - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
+                      - XML_SetBillionLaughsAttackProtectionActivationThreshold
+                      .. to further tighten billion laughs protection parameters
+                      when desired.  Please see file "doc/reference.html" for details.
+                      If you ever need to increase the defaults for non-attack XML
+                      payload, please file a bug report with libexpat.
+                    - Two new XML_FEATURE_* constants ..
+                      - that can be queried using the XML_GetFeatureList function, and
+                      - that are shown in "xmlwf -v" output.
+                    - Two new environment variable switches ..
+                      - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
+                      - EXPAT_ENTITY_DEBUG=(0|1)
+                      .. for runtime debugging of accounting and entity processing.
+                      Specific behavior of these values may change in the future.
+                    - Two new command line arguments "-a FACTOR" and "-b BYTES"
+                      for xmlwf to further tighten billion laughs protection
+                      parameters when desired.
+                      If you ever need to increase the defaults for non-attack XML
+                      payload, please file a bug report with libexpat.
 
         Bug fixes:
        #332 #470  For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
@@ -23,33 +44,37 @@ Release X.X.X XXX XXXXX XX XXXX
                     non-Linux platforms (e.g. macOS and MinGW in particular)
                     that were introduced with release 2.3.0
 
-        New features:
-   #34 #466 #484  Add two new API functions to further tighten billion laughs
-                    protection parameters when desired.
-                    - XML_SetBillionLaughsAttackProtectionMaximumAmplification
-                    - XML_SetBillionLaughsAttackProtectionActivationThreshold
-                    Please see file "doc/reference.html" for more details.
-                    If you ever need to increase the defaults for non-attack XML
-                    payload, please file a bug report with libexpat.
-   #34 #466 #484  Introduce environment switches EXPAT_ACCOUNTING_DEBUG=(0|1|2|3)
-                    and EXPAT_ENTITY_DEBUG=(0|1) for runtime debugging of accounting
-                    and entity processing; specific behavior of these values may
-                    change in the future.
-   #34 #466 #484  xmlwf: Add arguments "-a FACTOR" and "-b BYTES" to further tighten
-                    billion laughs protection parameters when desired.
-                    If you ever need to increase the defaults for non-attack XML
-                    payload, please file a bug report with libexpat.
-
         Other changes:
-            #457  Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
+       #468 #469  xmlwf: Improve help output and the xmlwf man page
+            #463  xmlwf: Improve maintainability through some refactoring
+            #477  xmlwf: Fix man page DocBook validity
        #458 #459  CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
                     and CMAKE_INSTALL_INCLUDEDIR
        #471 #481  CMake: Add support for standard variable BUILD_SHARED_LIBS
-       #468 #469  xmlwf: Improve help output and the xmlwf man page
+            #457  Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
+            #467  Resolve macro HAVE_EXPAT_CONFIG_H
+            #472  Delete unused legacy helper file "conftools/PrintPath"
+       #473 #483  Improve attribution
+  #464 #465 #477  doc/reference.html: Fix XHTML validity
+       #475 #478  doc/reference.html: Replace the 90s look by OK.css
+            #479  Version info bumped from 8:0:7 to 9:0:8
+                    due to addition of new symbols and error codes;
+                    see https://verbump.de/ for what these numbers do
+
+        Infrastructure:
+            #456  CI: Enable periodic runs
+            #457  CI: Start covering the list of exported symbols
+            #474  CI: Isolate coverage task
+       #476 #482  CI: Adapt to breaking changes in image "ubuntu-18.04"
+            #477  CI: Cover well-formedness and DocBook/XHTML validity
+                    of doc/reference.html and doc/xmlwf.xml
 
         Special thanks to:
             Dimitry Andric
+            Eero Helenius
             Nick Wellnhofer
+            Rhodri James
+            Tomas Korbar
             Yury Gribov
                  and
             Clang LeakSan

expat/README.md

@@ -5,10 +5,10 @@
 [![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases)
 
 
-# Expat, Release 2.3.0
+# Expat, Release 2.4.0
 
 This is Expat, a C library for parsing XML, started by
-[James Clark](https://en.wikipedia.org/wiki/James_Clark_(programmer)) in 1997.
+[James Clark](https://en.wikipedia.org/wiki/James_Clark_%28programmer%29) in 1997.
 Expat is a stream-oriented XML parser.  This means that you register
 handlers with the parser before starting the parse.  These handlers
 are called when the parser discovers the associated structures in the
@@ -22,7 +22,7 @@ Expat supports the following compilers:
 - Microsoft Visual Studio >=15.0/2017 (rolling `${today} minus 5 years`)
 
 Windows users can use the
-[`expat-win32bin-*.*.*.exe` installer download](https://github.com/libexpat/libexpat/releases),
+[`expat-win32bin-*.*.*.{exe,zip}` download](https://github.com/libexpat/libexpat/releases),
 which includes both pre-compiled libraries and executables, and source code for
 developers.
 
@@ -45,7 +45,7 @@ This approach leverages CMake's own [module `FindEXPAT`](https://cmake.org/cmake
 Notice the *uppercase* `EXPAT` in the following example:
 
 ```cmake
-cmake_minimum_required(VERSION 3.0)
+cmake_minimum_required(VERSION 3.0)  # or 3.10, see below
 
 project(hello VERSION 1.0.0)
 
@@ -55,12 +55,12 @@ add_executable(hello
     hello.c
 )
 
-if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.10")
-    target_link_libraries(hello PUBLIC EXPAT::EXPAT)
-else()
-    target_include_directories(hello PRIVATE ${EXPAT_INCLUDE_DIRS})
-    target_link_libraries(hello PUBLIC ${EXPAT_LIBRARIES})
-endif()
+# a) for CMake >=3.10 (see CMake's FindEXPAT docs)
+target_link_libraries(hello PUBLIC EXPAT::EXPAT)
+
+# b) for CMake >=3.0
+target_include_directories(hello PRIVATE ${EXPAT_INCLUDE_DIRS})
+target_link_libraries(hello PUBLIC ${EXPAT_LIBRARIES})
 ```
 
 ### b) Config Mode
@@ -69,7 +69,11 @@ This approach requires files from…
 
 - libexpat >=2.2.8 where packaging uses the CMake build system
 or
-- libexpat >=2.3.0 where packaging uses the GNU Autotools build system.
+- libexpat >=2.3.0 where packaging uses the GNU Autotools build system
+  on Linux
+or
+- libexpat >=2.4.0 where packaging uses the GNU Autotools build system
+  on macOS or MinGW.
 
 Notice the *lowercase* `expat` in the following example:
 

expat/configure.ac

@@ -81,9 +81,9 @@ dnl
 dnl If the API changes incompatibly set LIBAGE back to 0
 dnl
 
-LIBCURRENT=8   # sync
+LIBCURRENT=9   # sync
 LIBREVISION=0  # with
-LIBAGE=7       # CMakeLists.txt!
+LIBAGE=8       # CMakeLists.txt!
 
 AC_CONFIG_HEADERS([expat_config.h])
 

expat/doc/reference.html

@@ -48,7 +48,7 @@
   <div>
     <h1>
       The Expat XML Parser
-      <small>Release 2.3.0</small>
+      <small>Release 2.4.0</small>
     </h1>
   </div>
 <div class="content">

expat/doc/xmlwf.xml

@@ -22,7 +22,7 @@
   <!ENTITY dhfirstname "<firstname>Scott</firstname>">
   <!ENTITY dhsurname   "<surname>Bronson</surname>">
   <!-- Please adjust the date whenever revising the manpage. -->
-  <!ENTITY dhdate      "<date>May 4, 2021</date>">
+  <!ENTITY dhdate      "<date>May 23, 2021</date>">
   <!ENTITY dhsection   "<manvolnum>1</manvolnum>">
   <!ENTITY dhemail     "<email>bronson@rinspin.com</email>">
   <!ENTITY dhusername  "Scott Bronson">

expat/lib/expat.h

@@ -1040,7 +1040,7 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
    See http://semver.org.
 */
 #define XML_MAJOR_VERSION 2
-#define XML_MINOR_VERSION 3
+#define XML_MINOR_VERSION 4
 #define XML_MICRO_VERSION 0
 
 #ifdef __cplusplus

expat/lib/xmlparse.c

@@ -1,4 +1,4 @@
-/* d667b5f8e56e24fdfaf5e38596d419d924a9fadceb987d81d5613ecb7ca51b0e (2.3.0+)
+/* 40f0f9c2be99a31dd0c833cd7d5a1bbd825a95e241f6e6c689b69ce275aba9a9 (2.4.0+)
                             __  __            _
                          ___\ \/ /_ __   __ _| |_
                         / _ \\  /| '_ \ / _` | __|

expat/tests/runtests.c

@@ -7351,7 +7351,7 @@ START_TEST(test_misc_version) {
     fail("Version mismatch");
 
 #if ! defined(XML_UNICODE) || defined(XML_UNICODE_WCHAR_T)
-  if (xcstrcmp(version_text, XCS("expat_2.3.0"))) /* needs bump on releases */
+  if (xcstrcmp(version_text, XCS("expat_2.4.0"))) /* needs bump on releases */
     fail("XML_*_VERSION in expat.h out of sync?\n");
 #else
   /* If we have XML_UNICODE defined but not XML_UNICODE_WCHAR_T

expat/win32/expat.iss

@@ -36,7 +36,7 @@
 ; OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 ; USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-#define expatVer "2.3.0"
+#define expatVer "2.4.0"
 
 [Setup]
 AppName=Expat