diff --git a/expat/CMake.README b/expat/CMake.README index 2adae7c2..5d5f43e8 100644 --- a/expat/CMake.README +++ b/expat/CMake.README @@ -3,25 +3,25 @@ The cmake based buildsystem for expat works on Windows (cygwin, mingw, Visual Studio) and should work on all other platform cmake supports. -Assuming ~/expat-2.6.1 is the source directory of expat, add a subdirectory +Assuming ~/expat-2.6.2 is the source directory of expat, add a subdirectory build and change into that directory: -~/expat-2.6.1$ mkdir build && cd build -~/expat-2.6.1/build$ +~/expat-2.6.2$ mkdir build && cd build +~/expat-2.6.2/build$ From that directory, call cmake first, then call make, make test and make install in the usual way: -~/expat-2.6.1/build$ cmake .. +~/expat-2.6.2/build$ cmake .. -- The C compiler identification is GNU -- The CXX compiler identification is GNU .... -- Configuring done -- Generating done --- Build files have been written to: /home/patrick/expat-2.6.1/build +-- Build files have been written to: /home/patrick/expat-2.6.2/build If you want to specify the install location for your files, append -DCMAKE_INSTALL_PREFIX=/your/install/path to the cmake call. -~/expat-2.6.1/build$ make && make test && make install +~/expat-2.6.2/build$ make && make test && make install Scanning dependencies of target expat [ 5%] Building C object CMakeFiles/expat.dir/lib/xmlparse.c.o [ 11%] Building C object CMakeFiles/expat.dir/lib/xmlrole.c.o diff --git a/expat/CMakeLists.txt b/expat/CMakeLists.txt index 4f482b28..ff081550 100644 --- a/expat/CMakeLists.txt +++ b/expat/CMakeLists.txt @@ -38,7 +38,7 @@ cmake_minimum_required(VERSION 3.5.0) project(expat VERSION - 2.6.1 + 2.6.2 LANGUAGES C ) @@ -466,7 +466,7 @@ foreach(build_type_upper endforeach() set(LIBCURRENT 10) # sync -set(LIBREVISION 1) # with +set(LIBREVISION 2) # with set(LIBAGE 9) # configure.ac! math(EXPR LIBCURRENT_MINUS_AGE "${LIBCURRENT} - ${LIBAGE}") diff --git a/expat/Changes b/expat/Changes index 64eb3de7..52b366d5 100644 --- a/expat/Changes +++ b/expat/Changes @@ -1,6 +1,59 @@ -NOTE: We are looking for help with a few things: - https://github.com/libexpat/libexpat/labels/help%20wanted - If you can help, please get in touch. Thanks! + __ __ _ + ___\ \/ /_ __ __ _| |_ + / _ \\ /| '_ \ / _` | __| + | __// \| |_) | (_| | |_ + \___/_/\_\ .__/ \__,_|\__| + |_| XML parser + +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!! Expat is UNDERSTAFFED and WITHOUT FUNDING. !! +!! ~~~~~~~~~~~~ !! +!! The following topics need *additional skilled C developers* to progress !! +!! in a timely manner or at all (loosely ordered by descending priority): !! +!! !! +!! - fixing a complex non-public security issue, !! +!! - teaming up on researching and fixing future security reports and !! +!! ClusterFuzz findings with few-days-max response times in communication !! +!! in order to (1) have a sound fix ready before the end of a 90 days !! +!! grace period and (2) in a sustainable manner, !! +!! - implementing and auto-testing XML 1.0r5 support !! +!! (needs discussion before pull requests), !! +!! - smart ideas on fixing the Autotools CMake files generation issue !! +!! without breaking CI (needs discussion before pull requests), !! +!! - the Windows binaries topic (needs requirements engineering first), !! +!! - pushing migration from `int` to `size_t` further !! +!! including edge-cases test coverage (needs discussion before anything). !! +!! !! +!! For details, please reach out via e-mail to sebastian@pipping.org so we !! +!! can schedule a voice call on the topic, in English or German. !! +!! !! +!! THANK YOU! Sebastian Pipping -- Berlin, 2024-03-09 !! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +Release 2.6.2 Wed March 13 2024 + Security fixes: + #839 #842 CVE-2024-28757 -- Prevent billion laughs attacks with + isolated use of external parsers. Please see the commit + message of commit 1d50b80cf31de87750103656f6eb693746854aa8 + for details. + + Bug fixes: + #839 #841 Reject direct parameter entity recursion + and avoid the related undefined behavior + + Other changes: + #847 Autotools: Fix build for DOCBOOK_TO_MAN containing spaces + #837 Add missing #821 and #824 to 2.6.1 change log + #838 #843 Version info bumped from 10:1:9 (libexpat*.so.1.9.1) + to 10:2:9 (libexpat*.so.1.9.2); see https://verbump.de/ + for what these numbers do + + Special thanks to: + Philippe Antoine + Tomas Korbar + and + Clang UndefinedBehaviorSanitizer + OSS-Fuzz / ClusterFuzz Release 2.6.1 Thu February 29 2024 Bug fixes: diff --git a/expat/README.md b/expat/README.md index 9b6ca08f..3c20adbe 100644 --- a/expat/README.md +++ b/expat/README.md @@ -5,7 +5,7 @@ [![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases) -# Expat, Release 2.6.1 +# Expat, Release 2.6.2 This is Expat, a C99 library for parsing [XML 1.0 Fourth Edition](https://www.w3.org/TR/2006/REC-xml-20060816/), started by diff --git a/expat/configure.ac b/expat/configure.ac index f9935f84..04415e36 100644 --- a/expat/configure.ac +++ b/expat/configure.ac @@ -83,7 +83,7 @@ dnl If the API changes incompatibly set LIBAGE back to 0 dnl LIBCURRENT=10 # sync -LIBREVISION=1 # with +LIBREVISION=2 # with LIBAGE=9 # CMakeLists.txt! AC_CONFIG_HEADERS([expat_config.h]) diff --git a/expat/doc/reference.html b/expat/doc/reference.html index 1fd4c14b..5614dc34 100644 --- a/expat/doc/reference.html +++ b/expat/doc/reference.html @@ -52,7 +52,7 @@

The Expat XML Parser - Release 2.6.1 + Release 2.6.2

diff --git a/expat/doc/xmlwf.xml b/expat/doc/xmlwf.xml index d59c9dfe..fd77f844 100644 --- a/expat/doc/xmlwf.xml +++ b/expat/doc/xmlwf.xml @@ -21,7 +21,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ Scott"> Bronson"> - February 29, 2024"> + March 13, 2024"> 1"> bronson@rinspin.com"> diff --git a/expat/lib/expat.h b/expat/lib/expat.h index 6dfc4544..c2770be3 100644 --- a/expat/lib/expat.h +++ b/expat/lib/expat.h @@ -1066,7 +1066,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled); */ #define XML_MAJOR_VERSION 2 #define XML_MINOR_VERSION 6 -#define XML_MICRO_VERSION 1 +#define XML_MICRO_VERSION 2 #ifdef __cplusplus } diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index b9f50aba..2951fec7 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -1,4 +1,4 @@ -/* dd2a9703e301882afe16d198a82689ab225277057f5eab9d079d8606eab736b4 (2.6.1+) +/* 2a14271ad4d35e82bde8ba210b4edb7998794bcbae54deab114046a300f9639a (2.6.2+) __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| diff --git a/expat/tests/misc_tests.c b/expat/tests/misc_tests.c index 2df5d96f..ffde0563 100644 --- a/expat/tests/misc_tests.c +++ b/expat/tests/misc_tests.c @@ -208,7 +208,7 @@ START_TEST(test_misc_version) { if (! versions_equal(&read_version, &parsed_version)) fail("Version mismatch"); - if (xcstrcmp(version_text, XCS("expat_2.6.1"))) /* needs bump on releases */ + if (xcstrcmp(version_text, XCS("expat_2.6.2"))) /* needs bump on releases */ fail("XML_*_VERSION in expat.h out of sync?\n"); } END_TEST diff --git a/expat/win32/expat.iss b/expat/win32/expat.iss index 1aec6418..2a4c87e6 100644 --- a/expat/win32/expat.iss +++ b/expat/win32/expat.iss @@ -37,7 +37,7 @@ ; OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE ; USE OR OTHER DEALINGS IN THE SOFTWARE. -#define expatVer "2.6.1" +#define expatVer "2.6.2" [Setup] AppName=Expat