diff --git a/expat/CMake.README b/expat/CMake.README index a512a7b7..bd7c51c5 100644 --- a/expat/CMake.README +++ b/expat/CMake.README @@ -3,25 +3,25 @@ The cmake based buildsystem for expat works on Windows (cygwin, mingw, Visual Studio) and should work on all other platform cmake supports. -Assuming ~/expat-2.3.0 is the source directory of expat, add a subdirectory +Assuming ~/expat-2.4.0 is the source directory of expat, add a subdirectory build and change into that directory: -~/expat-2.3.0$ mkdir build && cd build -~/expat-2.3.0/build$ +~/expat-2.4.0$ mkdir build && cd build +~/expat-2.4.0/build$ From that directory, call cmake first, then call make, make test and make install in the usual way: -~/expat-2.3.0/build$ cmake .. +~/expat-2.4.0/build$ cmake .. -- The C compiler identification is GNU -- The CXX compiler identification is GNU .... -- Configuring done -- Generating done --- Build files have been written to: /home/patrick/expat-2.3.0/build +-- Build files have been written to: /home/patrick/expat-2.4.0/build If you want to specify the install location for your files, append -DCMAKE_INSTALL_PREFIX=/your/install/path to the cmake call. -~/expat-2.3.0/build$ make && make test && make install +~/expat-2.4.0/build$ make && make test && make install Scanning dependencies of target expat [ 5%] Building C object CMakeFiles/expat.dir/lib/xmlparse.c.o [ 11%] Building C object CMakeFiles/expat.dir/lib/xmlrole.c.o diff --git a/expat/CMakeLists.txt b/expat/CMakeLists.txt index bf48e6d1..aa00c066 100644 --- a/expat/CMakeLists.txt +++ b/expat/CMakeLists.txt @@ -64,7 +64,7 @@ endif() project(expat VERSION - 2.3.0 + 2.4.0 LANGUAGES C ) @@ -386,9 +386,9 @@ if(EXPAT_WITH_LIBBSD) target_link_libraries(expat ${LIB_BSD}) endif() -set(LIBCURRENT 8) # sync +set(LIBCURRENT 9) # sync set(LIBREVISION 0) # with -set(LIBAGE 7) # configure.ac! +set(LIBAGE 8) # configure.ac! math(EXPR LIBCURRENT_MINUS_AGE "${LIBCURRENT} - ${LIBAGE}") set_property(TARGET expat PROPERTY OUTPUT_NAME "${_EXPAT_OUTPUT_NAME}") diff --git a/expat/Changes b/expat/Changes index 2870961f..6d926eb5 100644 --- a/expat/Changes +++ b/expat/Changes @@ -2,7 +2,7 @@ NOTE: We are looking for help with a few things: https://github.com/libexpat/libexpat/labels/help%20wanted If you can help, please get in touch. Thanks! -Release X.X.X XXX XXXXX XX XXXX +Release 2.4.0 Sun May 23 2021 Security fixes: #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks (denial-of-service; flavors targeting CPU time or RAM or both, @@ -12,8 +12,29 @@ Release X.X.X XXX XXXXX XX XXXX By conservative default, amplification up to a factor of 100.0 is tolerated and rejection only starts after 8 MiB of output bytes (= + ) have been processed. - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH signals - this condition. + The fix adds the following to the API: + - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to + signals this specific condition. + - Two new API functions .. + - XML_SetBillionLaughsAttackProtectionMaximumAmplification and + - XML_SetBillionLaughsAttackProtectionActivationThreshold + .. to further tighten billion laughs protection parameters + when desired. Please see file "doc/reference.html" for details. + If you ever need to increase the defaults for non-attack XML + payload, please file a bug report with libexpat. + - Two new XML_FEATURE_* constants .. + - that can be queried using the XML_GetFeatureList function, and + - that are shown in "xmlwf -v" output. + - Two new environment variable switches .. + - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and + - EXPAT_ENTITY_DEBUG=(0|1) + .. for runtime debugging of accounting and entity processing. + Specific behavior of these values may change in the future. + - Two new command line arguments "-a FACTOR" and "-b BYTES" + for xmlwf to further tighten billion laughs protection + parameters when desired. + If you ever need to increase the defaults for non-attack XML + payload, please file a bug report with libexpat. Bug fixes: #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) @@ -23,33 +44,37 @@ Release X.X.X XXX XXXXX XX XXXX non-Linux platforms (e.g. macOS and MinGW in particular) that were introduced with release 2.3.0 - New features: - #34 #466 #484 Add two new API functions to further tighten billion laughs - protection parameters when desired. - - XML_SetBillionLaughsAttackProtectionMaximumAmplification - - XML_SetBillionLaughsAttackProtectionActivationThreshold - Please see file "doc/reference.html" for more details. - If you ever need to increase the defaults for non-attack XML - payload, please file a bug report with libexpat. - #34 #466 #484 Introduce environment switches EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) - and EXPAT_ENTITY_DEBUG=(0|1) for runtime debugging of accounting - and entity processing; specific behavior of these values may - change in the future. - #34 #466 #484 xmlwf: Add arguments "-a FACTOR" and "-b BYTES" to further tighten - billion laughs protection parameters when desired. - If you ever need to increase the defaults for non-attack XML - payload, please file a bug report with libexpat. - Other changes: - #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters + #468 #469 xmlwf: Improve help output and the xmlwf man page + #463 xmlwf: Improve maintainability through some refactoring + #477 xmlwf: Fix man page DocBook validity #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS - #468 #469 xmlwf: Improve help output and the xmlwf man page + #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters + #467 Resolve macro HAVE_EXPAT_CONFIG_H + #472 Delete unused legacy helper file "conftools/PrintPath" + #473 #483 Improve attribution + #464 #465 #477 doc/reference.html: Fix XHTML validity + #475 #478 doc/reference.html: Replace the 90s look by OK.css + #479 Version info bumped from 8:0:7 to 9:0:8 + due to addition of new symbols and error codes; + see https://verbump.de/ for what these numbers do + + Infrastructure: + #456 CI: Enable periodic runs + #457 CI: Start covering the list of exported symbols + #474 CI: Isolate coverage task + #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04" + #477 CI: Cover well-formedness and DocBook/XHTML validity + of doc/reference.html and doc/xmlwf.xml Special thanks to: Dimitry Andric + Eero Helenius Nick Wellnhofer + Rhodri James + Tomas Korbar Yury Gribov and Clang LeakSan diff --git a/expat/README.md b/expat/README.md index b56390eb..94e0bb14 100644 --- a/expat/README.md +++ b/expat/README.md @@ -5,10 +5,10 @@ [![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases) -# Expat, Release 2.3.0 +# Expat, Release 2.4.0 This is Expat, a C library for parsing XML, started by -[James Clark](https://en.wikipedia.org/wiki/James_Clark_(programmer)) in 1997. +[James Clark](https://en.wikipedia.org/wiki/James_Clark_%28programmer%29) in 1997. Expat is a stream-oriented XML parser. This means that you register handlers with the parser before starting the parse. These handlers are called when the parser discovers the associated structures in the @@ -22,7 +22,7 @@ Expat supports the following compilers: - Microsoft Visual Studio >=15.0/2017 (rolling `${today} minus 5 years`) Windows users can use the -[`expat-win32bin-*.*.*.exe` installer download](https://github.com/libexpat/libexpat/releases), +[`expat-win32bin-*.*.*.{exe,zip}` download](https://github.com/libexpat/libexpat/releases), which includes both pre-compiled libraries and executables, and source code for developers. @@ -45,7 +45,7 @@ This approach leverages CMake's own [module `FindEXPAT`](https://cmake.org/cmake Notice the *uppercase* `EXPAT` in the following example: ```cmake -cmake_minimum_required(VERSION 3.0) +cmake_minimum_required(VERSION 3.0) # or 3.10, see below project(hello VERSION 1.0.0) @@ -55,12 +55,12 @@ add_executable(hello hello.c ) -if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.10") - target_link_libraries(hello PUBLIC EXPAT::EXPAT) -else() - target_include_directories(hello PRIVATE ${EXPAT_INCLUDE_DIRS}) - target_link_libraries(hello PUBLIC ${EXPAT_LIBRARIES}) -endif() +# a) for CMake >=3.10 (see CMake's FindEXPAT docs) +target_link_libraries(hello PUBLIC EXPAT::EXPAT) + +# b) for CMake >=3.0 +target_include_directories(hello PRIVATE ${EXPAT_INCLUDE_DIRS}) +target_link_libraries(hello PUBLIC ${EXPAT_LIBRARIES}) ``` ### b) Config Mode @@ -69,7 +69,11 @@ This approach requires files from… - libexpat >=2.2.8 where packaging uses the CMake build system or -- libexpat >=2.3.0 where packaging uses the GNU Autotools build system. +- libexpat >=2.3.0 where packaging uses the GNU Autotools build system + on Linux +or +- libexpat >=2.4.0 where packaging uses the GNU Autotools build system + on macOS or MinGW. Notice the *lowercase* `expat` in the following example: diff --git a/expat/configure.ac b/expat/configure.ac index 84319d64..b038ee41 100644 --- a/expat/configure.ac +++ b/expat/configure.ac @@ -81,9 +81,9 @@ dnl dnl If the API changes incompatibly set LIBAGE back to 0 dnl -LIBCURRENT=8 # sync +LIBCURRENT=9 # sync LIBREVISION=0 # with -LIBAGE=7 # CMakeLists.txt! +LIBAGE=8 # CMakeLists.txt! AC_CONFIG_HEADERS([expat_config.h]) diff --git a/expat/doc/reference.html b/expat/doc/reference.html index 8e77a10c..acedcf1c 100644 --- a/expat/doc/reference.html +++ b/expat/doc/reference.html @@ -48,7 +48,7 @@

The Expat XML Parser - Release 2.3.0 + Release 2.4.0

diff --git a/expat/doc/xmlwf.xml b/expat/doc/xmlwf.xml index 60a4ae00..fa1b3565 100644 --- a/expat/doc/xmlwf.xml +++ b/expat/doc/xmlwf.xml @@ -22,7 +22,7 @@ Scott"> Bronson"> - May 4, 2021"> + May 23, 2021"> 1"> bronson@rinspin.com"> diff --git a/expat/lib/expat.h b/expat/lib/expat.h index 30a064ad..016c1c5f 100644 --- a/expat/lib/expat.h +++ b/expat/lib/expat.h @@ -1040,7 +1040,7 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold( See http://semver.org. */ #define XML_MAJOR_VERSION 2 -#define XML_MINOR_VERSION 3 +#define XML_MINOR_VERSION 4 #define XML_MICRO_VERSION 0 #ifdef __cplusplus diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 6a59342c..214c93fd 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -1,4 +1,4 @@ -/* d667b5f8e56e24fdfaf5e38596d419d924a9fadceb987d81d5613ecb7ca51b0e (2.3.0+) +/* 40f0f9c2be99a31dd0c833cd7d5a1bbd825a95e241f6e6c689b69ce275aba9a9 (2.4.0+) __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c index e3944561..8cee7ee8 100644 --- a/expat/tests/runtests.c +++ b/expat/tests/runtests.c @@ -7351,7 +7351,7 @@ START_TEST(test_misc_version) { fail("Version mismatch"); #if ! defined(XML_UNICODE) || defined(XML_UNICODE_WCHAR_T) - if (xcstrcmp(version_text, XCS("expat_2.3.0"))) /* needs bump on releases */ + if (xcstrcmp(version_text, XCS("expat_2.4.0"))) /* needs bump on releases */ fail("XML_*_VERSION in expat.h out of sync?\n"); #else /* If we have XML_UNICODE defined but not XML_UNICODE_WCHAR_T diff --git a/expat/win32/expat.iss b/expat/win32/expat.iss index 2f25a501..4d37cd24 100644 --- a/expat/win32/expat.iss +++ b/expat/win32/expat.iss @@ -36,7 +36,7 @@ ; OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE ; USE OR OTHER DEALINGS IN THE SOFTWARE. -#define expatVer "2.3.0" +#define expatVer "2.4.0" [Setup] AppName=Expat