From 7e27f561a6b01f02413b9e288eaba04c218b58a5 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Mon, 24 Oct 2022 16:49:13 +0200 Subject: Sync file headers --- expat/examples/elements.c | 2 +- expat/examples/outline.c | 2 +- expat/lib/xmlparse.c | 1 + expat/tests/runtests.c | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/expat/examples/elements.c b/expat/examples/elements.c index 5098d7d9..e5fb850d 100644 --- a/expat/examples/elements.c +++ b/expat/examples/elements.c @@ -14,7 +14,7 @@ Copyright (c) 2001-2003 Fred L. Drake, Jr. Copyright (c) 2004-2006 Karl Waclawek Copyright (c) 2005-2007 Steven Solie - Copyright (c) 2016-2019 Sebastian Pipping + Copyright (c) 2016-2022 Sebastian Pipping Copyright (c) 2017 Rhodri James Copyright (c) 2019 Zhongyuan Zhou Licensed under the MIT license: diff --git a/expat/examples/outline.c b/expat/examples/outline.c index d23fa94b..d2df914f 100644 --- a/expat/examples/outline.c +++ b/expat/examples/outline.c @@ -12,7 +12,7 @@ Copyright (c) 2001-2003 Fred L. Drake, Jr. Copyright (c) 2005-2007 Steven Solie Copyright (c) 2005-2006 Karl Waclawek - Copyright (c) 2016-2019 Sebastian Pipping + Copyright (c) 2016-2022 Sebastian Pipping Copyright (c) 2017 Rhodri James Licensed under the MIT license: diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 57bf103c..33d6039d 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -35,6 +35,7 @@ Copyright (c) 2021 Dong-hee Na Copyright (c) 2022 Samanta Navarro Copyright (c) 2022 Jeffrey Walton + Copyright (c) 2022 Jann Horn Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c index acb744dd..ff580485 100644 --- a/expat/tests/runtests.c +++ b/expat/tests/runtests.c @@ -11,7 +11,7 @@ Copyright (c) 2005-2007 Steven Solie Copyright (c) 2005-2012 Karl Waclawek Copyright (c) 2016-2022 Sebastian Pipping - Copyright (c) 2017-2018 Rhodri James + Copyright (c) 2017-2022 Rhodri James Copyright (c) 2017 Joe Orton Copyright (c) 2017 José Gutiérrez de la Concha Copyright (c) 2018 Marco Maggi -- cgit v1.2.1 From db20f72472b846a2892277392986f36253ab974f Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Mon, 24 Oct 2022 16:57:04 +0200 Subject: Bump version info from 9:9:8 to 9:10:8 See https://verbump.de/ for what these numbers do --- expat/CMakeLists.txt | 6 +++--- expat/Changes | 2 ++ expat/configure.ac | 6 +++--- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/expat/CMakeLists.txt b/expat/CMakeLists.txt index 2bf0bcbe..a12b6dd5 100644 --- a/expat/CMakeLists.txt +++ b/expat/CMakeLists.txt @@ -436,9 +436,9 @@ foreach(build_type_upper set_property(TARGET expat PROPERTY ${build_type_upper}_POSTFIX ${EXPAT_${build_type_upper}_POSTFIX}) endforeach() -set(LIBCURRENT 9) # sync -set(LIBREVISION 9) # with -set(LIBAGE 8) # configure.ac! +set(LIBCURRENT 9) # sync +set(LIBREVISION 10) # with +set(LIBAGE 8) # configure.ac! math(EXPR LIBCURRENT_MINUS_AGE "${LIBCURRENT} - ${LIBAGE}") if(NOT WIN32) diff --git a/expat/Changes b/expat/Changes index 8af9da84..075be33b 100644 --- a/expat/Changes +++ b/expat/Changes @@ -21,6 +21,8 @@ Release x.x.x xxx xxxxxxxxxxxx xx xxxx #666 examples: Make use of XML_GetBuffer and be more consistent across examples #648 Address compiler warnings + #667 #668 Version info bumped from 9:9:8 to 9:10:8; + see https://verbump.de/ for what these numbers do Special thanks to: Jann Horn diff --git a/expat/configure.ac b/expat/configure.ac index 558f959f..d3642dea 100644 --- a/expat/configure.ac +++ b/expat/configure.ac @@ -81,9 +81,9 @@ dnl dnl If the API changes incompatibly set LIBAGE back to 0 dnl -LIBCURRENT=9 # sync -LIBREVISION=9 # with -LIBAGE=8 # CMakeLists.txt! +LIBCURRENT=9 # sync +LIBREVISION=10 # with +LIBAGE=8 # CMakeLists.txt! AC_CONFIG_HEADERS([expat_config.h]) AH_TOP([#ifndef EXPAT_CONFIG_H -- cgit v1.2.1 From 454c6105bc2d0ea2521b8f8f7a5161c2abd8c386 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Mon, 24 Oct 2022 16:57:42 +0200 Subject: Bump version to 2.5.0 --- expat/CMake.README | 12 ++++++------ expat/CMakeLists.txt | 2 +- expat/README.md | 2 +- expat/doc/reference.html | 2 +- expat/lib/expat.h | 4 ++-- expat/lib/xmlparse.c | 2 +- expat/tests/runtests.c | 2 +- expat/win32/expat.iss | 2 +- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/expat/CMake.README b/expat/CMake.README index a0502305..2b94fff5 100644 --- a/expat/CMake.README +++ b/expat/CMake.README @@ -3,25 +3,25 @@ The cmake based buildsystem for expat works on Windows (cygwin, mingw, Visual Studio) and should work on all other platform cmake supports. -Assuming ~/expat-2.4.9 is the source directory of expat, add a subdirectory +Assuming ~/expat-2.5.0 is the source directory of expat, add a subdirectory build and change into that directory: -~/expat-2.4.9$ mkdir build && cd build -~/expat-2.4.9/build$ +~/expat-2.5.0$ mkdir build && cd build +~/expat-2.5.0/build$ From that directory, call cmake first, then call make, make test and make install in the usual way: -~/expat-2.4.9/build$ cmake .. +~/expat-2.5.0/build$ cmake .. -- The C compiler identification is GNU -- The CXX compiler identification is GNU .... -- Configuring done -- Generating done --- Build files have been written to: /home/patrick/expat-2.4.9/build +-- Build files have been written to: /home/patrick/expat-2.5.0/build If you want to specify the install location for your files, append -DCMAKE_INSTALL_PREFIX=/your/install/path to the cmake call. -~/expat-2.4.9/build$ make && make test && make install +~/expat-2.5.0/build$ make && make test && make install Scanning dependencies of target expat [ 5%] Building C object CMakeFiles/expat.dir/lib/xmlparse.c.o [ 11%] Building C object CMakeFiles/expat.dir/lib/xmlrole.c.o diff --git a/expat/CMakeLists.txt b/expat/CMakeLists.txt index a12b6dd5..2b4c13c5 100644 --- a/expat/CMakeLists.txt +++ b/expat/CMakeLists.txt @@ -38,7 +38,7 @@ cmake_minimum_required(VERSION 3.1.3) project(expat VERSION - 2.4.9 + 2.5.0 LANGUAGES C ) diff --git a/expat/README.md b/expat/README.md index c0ac8b0f..e5e237fc 100644 --- a/expat/README.md +++ b/expat/README.md @@ -5,7 +5,7 @@ [![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases) -# Expat, Release 2.4.9 +# Expat, Release 2.5.0 This is Expat, a C library for parsing XML, started by [James Clark](https://en.wikipedia.org/wiki/James_Clark_%28programmer%29) in 1997. diff --git a/expat/doc/reference.html b/expat/doc/reference.html index 4ab8d5a7..8b0d47d6 100644 --- a/expat/doc/reference.html +++ b/expat/doc/reference.html @@ -50,7 +50,7 @@

The Expat XML Parser - Release 2.4.9 + Release 2.5.0

diff --git a/expat/lib/expat.h b/expat/lib/expat.h index 2b47ce2a..1c83563c 100644 --- a/expat/lib/expat.h +++ b/expat/lib/expat.h @@ -1054,8 +1054,8 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold( See http://semver.org. */ #define XML_MAJOR_VERSION 2 -#define XML_MINOR_VERSION 4 -#define XML_MICRO_VERSION 9 +#define XML_MINOR_VERSION 5 +#define XML_MICRO_VERSION 0 #ifdef __cplusplus } diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 33d6039d..b6c2eca9 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -1,4 +1,4 @@ -/* 90815a2b2c80c03b2b889fe1d427bb2b9e3282aa065e42784e001db4f23de324 (2.4.9+) +/* 5ab094ffadd6edfc94c3eee53af44a86951f9f1f0933ada3114bbce2bfb02c99 (2.5.0+) __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c index ff580485..915fa520 100644 --- a/expat/tests/runtests.c +++ b/expat/tests/runtests.c @@ -7757,7 +7757,7 @@ START_TEST(test_misc_version) { fail("Version mismatch"); #if ! defined(XML_UNICODE) || defined(XML_UNICODE_WCHAR_T) - if (xcstrcmp(version_text, XCS("expat_2.4.9"))) /* needs bump on releases */ + if (xcstrcmp(version_text, XCS("expat_2.5.0"))) /* needs bump on releases */ fail("XML_*_VERSION in expat.h out of sync?\n"); #else /* If we have XML_UNICODE defined but not XML_UNICODE_WCHAR_T diff --git a/expat/win32/expat.iss b/expat/win32/expat.iss index 5b234ecb..ce9f3bb6 100644 --- a/expat/win32/expat.iss +++ b/expat/win32/expat.iss @@ -37,7 +37,7 @@ ; OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE ; USE OR OTHER DEALINGS IN THE SOFTWARE. -#define expatVer "2.4.9" +#define expatVer "2.5.0" [Setup] AppName=Expat -- cgit v1.2.1 From 82a9c09f6c1215af22ed5b86b558ffc226772a93 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Mon, 24 Oct 2022 17:06:08 +0200 Subject: Changes: Document #656 #658 --- expat/Changes | 3 +++ 1 file changed, 3 insertions(+) diff --git a/expat/Changes b/expat/Changes index 075be33b..36bfccb2 100644 --- a/expat/Changes +++ b/expat/Changes @@ -15,6 +15,8 @@ Release x.x.x xxx xxxxxxxxxxxx xx xxxx #616 #652 #653 Stop leaking opening tag bindings after a closing tag mismatch error where a parser is reset through XML_ParserReset and then reused to parse + #656 CMake: Fix generation of pkg-config file + #658 MinGW|CMake: Fix static library name Other changes: #663 Protect header expat_config.h from multiple inclusion @@ -27,6 +29,7 @@ Release x.x.x xxx xxxxxxxxxxxx xx xxxx Special thanks to: Jann Horn Mark Brand + Osyotr Rhodri James and Google Project Zero -- cgit v1.2.1 From acbbef94204b280b2d3492e6daa9fd19e51d6cac Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Mon, 24 Oct 2022 17:09:36 +0200 Subject: Set release date for version 2.5.0 --- expat/Changes | 2 +- expat/doc/xmlwf.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/expat/Changes b/expat/Changes index 36bfccb2..fc70198e 100644 --- a/expat/Changes +++ b/expat/Changes @@ -2,7 +2,7 @@ NOTE: We are looking for help with a few things: https://github.com/libexpat/libexpat/labels/help%20wanted If you can help, please get in touch. Thanks! -Release x.x.x xxx xxxxxxxxxxxx xx xxxx +Release 2.5.0 Tue October 25 2022 Security fixes: #616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager destruction of a shared DTD in function diff --git a/expat/doc/xmlwf.xml b/expat/doc/xmlwf.xml index 09d8dc89..9603abf1 100644 --- a/expat/doc/xmlwf.xml +++ b/expat/doc/xmlwf.xml @@ -21,7 +21,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ Scott"> Bronson"> - September 20, 2022"> + October 25, 2022"> 1"> bronson@rinspin.com"> -- cgit v1.2.1 From fe8ff0345f889b322215739a3fa7b6ca8a8a6bbe Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Tue, 25 Oct 2022 15:21:40 +0200 Subject: Changes: Add note on impact of CVE-2022-43680 --- expat/Changes | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/expat/Changes b/expat/Changes index fc70198e..e6717105 100644 --- a/expat/Changes +++ b/expat/Changes @@ -6,7 +6,9 @@ Release 2.5.0 Tue October 25 2022 Security fixes: #616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager destruction of a shared DTD in function - XML_ExternalEntityParserCreate in out-of-memory situations + XML_ExternalEntityParserCreate in out-of-memory situations. + Expected impact is denial of service or potentially + arbitrary code execution. Bug fixes: #612 #645 Fix curruption from undefined entities -- cgit v1.2.1