Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/external/mit/expat/dist Upgrade expat from 2.2.8 -> 2.4.6 to...



details:   https://anonhg.NetBSD.org/src/rev/5991a215a0e6
branches:  trunk
changeset: 362002:5991a215a0e6
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Feb 23 15:21:34 2022 +0000

description:
Upgrade expat from 2.2.8 -> 2.4.6 to include the security fixes from 2.4.5

Release 2.4.6 Sun February 20 2022
        Bug fixes:
            #566  Fix a regression introduced by the fix for CVE-2022-25313
                    in release 2.4.5 that affects applications that (1)
                    call function XML_SetElementDeclHandler and (2) are
                    parsing XML that contains nested element declarations
                    (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").

        Other changes:
       #567 #568  Version info bumped from 9:5:8 to 9:6:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Matt Sergeant
            Samanta Navarro
            Sergei Trofimovich
                 and
            NixOS
            Perl XML::Parser

Release 2.4.5 Fri February 18 2022
        Security fixes:
            #562  CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
                    sequences (e.g. from start tag names) to the XML
                    processing application on top of Expat can cause
                    arbitrary damage (e.g. code execution) depending
                    on how invalid UTF-8 is handled inside the XML
                    processor; validation was not their job but Expat's.
                    Exploits with code execution are known to exist.
            #561  CVE-2022-25236 -- Passing (one or more) namespace separator
                    characters in "xmlns[:prefix]" attribute values
                    made Expat send malformed tag names to the XML
                    processor on top of Expat which can cause
                    arbitrary damage (e.g. code execution) depending
                    on such unexpectable cases are handled inside the XML
                    processor; validation was not their job but Expat's.
                    Exploits with code execution are known to exist.
            #558  CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
                    that could be triggered by e.g. a 2 megabytes
                    file with a large number of opening braces.
                    Expected impact is denial of service or potentially
                    arbitrary code execution.
            #560  CVE-2022-25314 -- Fix integer overflow in function copyString;
                    only affects the encoding name parameter at parser creation
                    time which is often hardcoded (rather than user input),
                    takes a value in the gigabytes to trigger, and a 64-bit
                    machine.  Expected impact is denial of service.
            #559  CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
                    needs input in the gigabytes and a 64-bit machine.
                    Expected impact is denial of service or potentially
                    arbitrary code execution.

        Other changes:
       #557 #564  Version info bumped from 9:4:8 to 9:5:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Ivan Fratric
            Samanta Navarro
                 and
            Google Project Zero
            JetBrains

Release 2.4.4 Sun January 30 2022
        Security fixes:
            #550  CVE-2022-23852 -- Fix signed integer overflow
                    (undefined behavior) in function XML_GetBuffer
                    (that is also called by function XML_Parse internally)
                    for when XML_CONTEXT_BYTES is defined to >0 (which is both
                    common and default).
                    Impact is denial of service or more.
            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
                    doProlog triggered by large content in element type
                    declarations when there is an element declaration handler
                    present (from a prior call to XML_SetElementDeclHandler).
                    Impact is denial of service or more.

        Bug fixes:
       #544 #545  xmlwf: Fix a memory leak on output file opening error

        Other changes:
            #546  Autotools: Fix broken CMake support under Cygwin
            #554  Windows: Add missing files to the installer to fix
                    compilation with CMake from installed sources
       #552 #554  Version info bumped from 9:3:8 to 9:4:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Carlo Bramini
            hwt0415
            Roland Illig
            Samanta Navarro
                 and
            Clang LeakSan and the Clang team

Release 2.4.3 Sun January 16 2022
        Security fixes:
       #531 #534  CVE-2021-45960 -- Fix issues with left shifts by >=29 places
                    resulting in
                      a) realloc acting as free
                      b) realloc allocating too few bytes
                      c) undefined behavior
                    depending on architecture and precise value
                    for XML documents with >=2^27+1 prefixed attributes
                    on a single XML tag a la
                    "<r xmlns:a='[..]' a:a123='[..]' [..] />"
                    where XML_ParserCreateNS is used to create the parser
                    (which needs argument "-n" when running xmlwf).
                    Impact is denial of service, or more.
       #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
                    on variable m_groupSize in function doProlog leading
                    to realloc acting as free.
                    Impact is denial of service or more.
            #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
                    near memory allocation at multiple places.  Mitre assigned
                    a dedicated CVE for each involved internal C function:
                    - CVE-2022-22822 for function addBinding
                    - CVE-2022-22823 for function build_model
                    - CVE-2022-22824 for function defineAttribute
                    - CVE-2022-22825 for function lookup
                    - CVE-2022-22826 for function nextScaffoldPart
                    - CVE-2022-22827 for function storeAtts
                    Impact is denial of service or more.

        Other changes:
            #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
            #541  Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
                    and MSYS2 by not going through Wine on these platforms
       #527 #528  Address compiler warnings
       #533 #543  Version info bumped from 9:2:8 to 9:3:8;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
            #536  CI: Check for realistic minimum CMake version
       #529 #539  CI: Cover compilation with -m32
            #529  CI: Store coverage reports as artifacts for download
            #528  CI: Upgrade Clang from 11 to 13

        Special thanks to:
            An anonymous whitehat
            Christopher Degawa
            J. Peter Mugaas
            Tyson Smith
                 and
            GCC Farm Project
            Trend Micro Zero Day Initiative

Release 2.4.2 Sun December 19 2021
        Other changes:
       #509 #510  Link againgst libm for function "isnan"
       #513 #514  Include expat_config.h as early as possible
            #498  Autotools: Include files with release archives:
                    - buildconf.sh
                    - fuzz/*.c
       #507 #519  Autotools: Sync CMake templates
       #495 #524  CMake: MinGW: Fix pkg-config section "Libs" for
                    - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
                    - multi-config CMake generators (e.g. Ninja Multi-Config)
       #502 #503  docs: Document that function XML_GetBuffer may return NULL
                    when asking for a buffer of 0 (zero) bytes size
       #522 #523  docs: Fix return value docs for both
                    XML_SetBillionLaughsAttackProtection* functions
       #525 #526  Version info bumped from 9:1:8 to 9:2:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Dong-hee Na
            Joergen Ibsen
            Kai Pastor

Release 2.4.1 Sun May 23 2021
        Bug fixes:
       #488 #490  Autotools: Fix installed header expat_config.h for multilib
                    systems; regression introduced in 2.4.0 by pull request #486

        Other changes:
       #491 #492  Version info bumped from 9:0:8 to 9:1:8;
                    see https://verbump.de/ for what these numbers do

        Special thanks to:
            Gentoo's QA check "multilib_check_headers"

Release 2.4.0 Sun May 23 2021
        Security fixes:
   #34 #466 #484  CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
                    (denial-of-service; flavors targeting CPU time or RAM or both,
                    leveraging general entities or parameter entities or both)
                    by tracking and limiting the input amplification factor
                    (<amplification> := (<direct> + <indirect>) / <direct>).
                    By conservative default, amplification up to a factor of 100.0
                    is tolerated and rejection only starts after 8 MiB of output bytes
                    (=<direct> + <indirect>) have been processed.
                    The fix adds the following to the API:
                    - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
                      signals this specific condition.
                    - Two new API functions ..
                      - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
                      - XML_SetBillionLaughsAttackProtectionActivationThreshold
                      .. to further tighten billion laughs protection parameters
                      when desired.  Please see file "doc/reference.html" for details.
                      If you ever need to increase the defaults for non-attack XML
                      payload, please file a bug report with libexpat.
                    - Two new XML_FEATURE_* constants ..
                      - that can be queried using the XML_GetFeatureList function, and
                      - that are shown in "xmlwf -v" output.
                    - Two new environment variable switches ..
                      - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
                      - EXPAT_ENTITY_DEBUG=(0|1)
                      .. for runtime debugging of accounting and entity processing.
                      Specific behavior of these values may change in the future.
                    - Two new command line arguments "-a FACTOR" and "-b BYTES"
                      for xmlwf to further tighten billion laughs protection
                      parameters when desired.
                      If you ever need to increase the defaults for non-attack XML
                      payload, please file a bug report with libexpat.

        Bug fixes:
       #332 #470  For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
                    or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
                    for UTF-16 payloads containing CDATA sections.
       #485 #486  Autotools: Fix generated CMake files for non-64bit and
                    non-Linux platforms (e.g. macOS and MinGW in particular)
                    that were introduced with release 2.3.0

        Other changes:
       #468 #469  xmlwf: Improve help output and the xmlwf man page
            #463  xmlwf: Improve maintainability through some refactoring
            #477  xmlwf: Fix man page DocBook validity
       #458 #459  CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
                    and CMAKE_INSTALL_INCLUDEDIR
       #471 #481  CMake: Add support for standard variable BUILD_SHARED_LIBS
            #457  Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
            #467  Resolve macro HAVE_EXPAT_CONFIG_H
            #472  Delete unused legacy helper file "conftools/PrintPath"
       #473 #483  Improve attribution
  #464 #465 #477  doc/reference.html: Fix XHTML validity
       #475 #478  doc/reference.html: Replace the 90s look by OK.css
            #479  Version info bumped from 8:0:7 to 9:0:8
                    due to addition of new symbols and error codes;
                    see https://verbump.de/ for what these numbers do

        Infrastructure:
            #456  CI: Enable periodic runs
            #457  CI: Start covering the list of exported symbols
            #474  CI: Isolate coverage task
       #476 #482  CI: Adapt to breaking changes in image "ubuntu-18.04"
            #477  CI: Cover well-formedness and DocBook/XHTML validity
                    of doc/reference.html and doc/xmlwf.xml

        Special thanks to:
            Dimitry Andric
            Eero Helenius
            Nick Wellnhofer
            Rhodri James
            Tomas Korbar
            Yury Gribov
                 and
            Clang LeakSan
            JetBrains
            OSS-Fuzz

Release 2.3.0 Thu March 25 2021
        Bug fixes:
            #438  When calling XML_ParseBuffer without a prior successful call to
                    XML_GetBuffer as a user, no longer trigger undefined behavior
                    (by adding an integer to a NULL pointer) but rather return
                    XML_STATUS_ERROR and set the error code to (new) code
                    XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
                    of Clang 11 (but not Clang 9).
            #444  xmlwf: Exit status 2 was used for both:
                    - malformed input files (documented) and
                    - invalid command-line arguments (undocumented).
                    The case of invalid command-line arguments now
                    has its own exit status 4, resolving the ambiguity.

        Other changes:
            #439  xmlwf: Add argument -k to allow continuing after
                    non-fatal errors
            #439  xmlwf: Add section about exit status to the -h help output
  #422 #426 #447  Windows: Drop support for Visual Studio <=14.0/2015
            #434  Windows: CMake: Detect unsupported Visual Studio at
                    configure time (rather than at compile time)
       #382 #428  testrunner: Make verbose mode (argument "-v") report
                    about passed tests, and make default mode report about
                    failures, as well.
            #442  CMake: Call "enable_language(CXX)" prior to tinkering
                    with CMAKE_CXX_* variables
            #448  Document use of libexpat from a CMake-based project
            #451  Autotools: Install CMake files as generated by CMake 3.19.6
                    so that users with "find_package(expat [..] CONFIG [..])"
                    are served on distributions that are *not* using the CMake
                    build system inside for libexpat packaging
       #436 #437  Autotools: Drop obsolescent macro AC_HEADER_STDC
       #450 #452  Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
            #441  Address compiler warnings
            #443  Version info bumped from 7:12:6 to 8:0:7
                    due to addition of error code XML_ERROR_NO_BUFFER
                    (see https://verbump.de/ for what these numbers do)

        Infrastructure:
       #435 #446  Replace Travis CI by GitHub Actions

        Special thanks to:
            Alexander Richardson
            Oleksandr Popovych
            Thomas Beutlich
            Tim Bray
                 and
            Clang LeakSan, Clang 11 UBSan and the Clang team

Release 2.2.10 Sat October 3 2020
        Bug fixes:
  #390 #395 #398  Fix undefined behavior during parsing caused by
                    pointer arithmetic with NULL pointers
       #404 #405  Fix reading uninitialized variable during parsing
            #406  xmlwf: Add missing check for malloc NULL return

        Other changes:
            #396  Windows: Drop support for Visual Studio <=8.0/2005
            #409  Windows: Add missing file "Changes" to the installer
                    to fix compilation with CMake from installed sources
            #403  xmlwf: Document exit codes in xmlwf manpage and
                    exit with code 3 (rather than code 1) for output errors
                    when used with "-d DIRECTORY"
       #356 #359  MinGW: Provide declaration of rand_s for mingwrt <5.3.0
       #383 #392  Autotools: Use -Werror while configure tests the compiler
                    for supported compile flags to avoid false positives
  #383 #393 #394  Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
                    e.g. ensure that they have the last word over flags added
                    while running ./configure
            #360  CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
                    on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
            #360  CMake: Detect and deny unsupported build combinations
                    involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
            #360  CMake: Install pre-compiled shipped xmlwf.1 manpage in case
                    of -DEXPAT_BUILD_DOCS=OFF
  #375 #380 #419  CMake: Fix use of Expat by means of add_subdirectory
       #407 #408  CMake: Keep expat target name constant at "expat"
                    (i.e. refrain from using the target name to control
                    build artifact filenames)
            #385  CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
                    Windows
                  CMake: Expose man page compilation as target "xmlwf-manpage"
       #413 #414  CMake: Introduce option EXPAT_BUILD_PKGCONFIG
                    to control generation of pkg-config file "expat.pc"
            #424  CMake: Add minimalistic support for building binary packages
                    with CMake target "package"; based on CPack
            #366  CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
                    default OFF to build fuzzer code against OSS-Fuzz and
                    related environment variable LIB_FUZZING_ENGINE
            #354  Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
    #354 #355 ..
       #356 #412  Address compiler warnings
       #368 #369  Address pngcheck warnings with doc/*.png images
            #425  Version info bumped from 7:11:6 to 7:12:6

        Special thanks to:
            asavah
            Ben Wagner
            Bhargava Shastry
            Frank Landgraf
            Jeffrey Walton
            Joe Orton
            Kleber Tarcísio
            Ma Lin
            Maciej Sroczy#ski
            Mohammed Khajapasha
            Vadim Zeitlin
                 and
            Cppcheck 2.0 and the Cppcheck team

Release 2.2.9 Wed September 25 2019
        Other changes:
                  examples: Drop executable bits from elements.c
            #349  Windows: Change the name of the Windows DLLs from expat*.dll
                    to libexpat*.dll once more (regression from 2.2.8, first
                    fixed in 1.95.3, issue #61 on SourceForge today,
                    was issue #432456 back then); needs a fix due
                    case-insensitive file systems on Windows and the fact that
                    Perl's XML::Parser::Expat compiles into Expat.dll.
            #347  Windows: Only define _CRT_RAND_S if not defined
                  Version info bumped from 7:10:6 to 7:11:6

        Special thanks to:
            Ben Wagner

diffstat:

 external/mit/expat/dist/CMake.README                                     |    12 +-
 external/mit/expat/dist/CMakeLists.txt                                   |   411 +-
 external/mit/expat/dist/COPYING                                          |     2 +-
 external/mit/expat/dist/Changes                                          |   390 +-
 external/mit/expat/dist/ConfigureChecks.cmake                            |     3 +
 external/mit/expat/dist/Makefile.am                                      |    25 +-
 external/mit/expat/dist/Makefile.in                                      |   162 +-
 external/mit/expat/dist/README.md                                        |    99 +-
 external/mit/expat/dist/aclocal.m4                                       |    81 +-
 external/mit/expat/dist/buildconf.sh                                     |    55 +
 external/mit/expat/dist/cmake/autotools/expat-config-version.cmake.in    |    70 +
 external/mit/expat/dist/cmake/autotools/expat-noconfig__linux.cmake.in   |    19 +
 external/mit/expat/dist/cmake/autotools/expat-noconfig__macos.cmake.in   |    19 +
 external/mit/expat/dist/cmake/autotools/expat-noconfig__windows.cmake.in |    19 +
 external/mit/expat/dist/cmake/autotools/expat-package-init.cmake         |    25 +
 external/mit/expat/dist/cmake/autotools/expat.cmake                      |    99 +
 external/mit/expat/dist/configure                                        |  8902 +++++----
 external/mit/expat/dist/configure.ac                                     |   178 +-
 external/mit/expat/dist/conftools/ar-lib                                 |    19 +-
 external/mit/expat/dist/conftools/ax-check-compile-flag.m4               |    13 +-
 external/mit/expat/dist/conftools/compile                                |    12 +-
 external/mit/expat/dist/conftools/depcomp                                |     8 +-
 external/mit/expat/dist/conftools/get-version.sh                         |    30 +-
 external/mit/expat/dist/conftools/install-sh                             |   177 +-
 external/mit/expat/dist/conftools/missing                                |    14 +-
 external/mit/expat/dist/conftools/test-driver                            |    16 +-
 external/mit/expat/dist/doc/Makefile.am                                  |     7 +-
 external/mit/expat/dist/doc/Makefile.in                                  |    35 +-
 external/mit/expat/dist/doc/ok.min.css                                   |     2 +
 external/mit/expat/dist/doc/reference.html                               |   390 +-
 external/mit/expat/dist/doc/style.css                                    |   126 +-
 external/mit/expat/dist/doc/xmlwf.1                                      |   134 +-
 external/mit/expat/dist/doc/xmlwf.xml                                    |   212 +-
 external/mit/expat/dist/examples/Makefile.am                             |     5 +-
 external/mit/expat/dist/examples/Makefile.in                             |    34 +-
 external/mit/expat/dist/examples/elements.c                              |     7 +-
 external/mit/expat/dist/examples/outline.c                               |     8 +-
 external/mit/expat/dist/expat.pc.cmake                                   |    11 +
 external/mit/expat/dist/expat.pc.in                                      |     6 +-
 external/mit/expat/dist/expat_config.h.in                                |    10 +-
 external/mit/expat/dist/fix-xmltest-log.sh                               |     2 +-
 external/mit/expat/dist/fuzz/xml_parse_fuzzer.c                          |    64 +
 external/mit/expat/dist/fuzz/xml_parsebuffer_fuzzer.c                    |    71 +
 external/mit/expat/dist/lib/Makefile.am                                  |    16 +-
 external/mit/expat/dist/lib/Makefile.in                                  |    95 +-
 external/mit/expat/dist/lib/ascii.h                                      |     7 +-
 external/mit/expat/dist/lib/asciitab.h                                   |     4 +-
 external/mit/expat/dist/lib/expat.h                                      |    44 +-
 external/mit/expat/dist/lib/expat_external.h                             |     9 +-
 external/mit/expat/dist/lib/iasciitab.h                                  |     4 +-
 external/mit/expat/dist/lib/internal.h                                   |    58 +-
 external/mit/expat/dist/lib/latin1tab.h                                  |     4 +-
 external/mit/expat/dist/lib/libexpat.def                                 |     6 +-
 external/mit/expat/dist/lib/libexpatw.def                                |     6 +-
 external/mit/expat/dist/lib/nametab.h                                    |     4 +-
 external/mit/expat/dist/lib/siphash.h                                    |    13 +-
 external/mit/expat/dist/lib/utf8tab.h                                    |     4 +-
 external/mit/expat/dist/lib/winconfig.h                                  |    19 +-
 external/mit/expat/dist/lib/xmlrole.c                                    |    20 +-
 external/mit/expat/dist/lib/xmlrole.h                                    |     5 +-
 external/mit/expat/dist/lib/xmltok_impl.h                                |     3 +-
 external/mit/expat/dist/lib/xmltok_ns.c                                  |     8 +-
 external/mit/expat/dist/run.sh.in                                        |    41 +-
 external/mit/expat/dist/test-driver-wrapper.sh                           |     3 +-
 external/mit/expat/dist/tests/Makefile.am                                |    13 +-
 external/mit/expat/dist/tests/Makefile.in                                |    58 +-
 external/mit/expat/dist/tests/benchmark/Makefile.am                      |     5 +-
 external/mit/expat/dist/tests/benchmark/Makefile.in                      |    34 +-
 external/mit/expat/dist/tests/benchmark/benchmark.c                      |     6 +-
 external/mit/expat/dist/tests/chardata.c                                 |    12 +-
 external/mit/expat/dist/tests/chardata.h                                 |     5 +-
 external/mit/expat/dist/tests/memcheck.c                                 |     4 +-
 external/mit/expat/dist/tests/memcheck.h                                 |     4 +-
 external/mit/expat/dist/tests/minicheck.c                                |    36 +-
 external/mit/expat/dist/tests/minicheck.h                                |     5 +-
 external/mit/expat/dist/tests/runtests.c                                 |   872 +-
 external/mit/expat/dist/tests/runtestspp.cpp                             |     4 +-
 external/mit/expat/dist/tests/structdata.c                               |     8 +-
 external/mit/expat/dist/tests/structdata.h                               |     3 +-
 external/mit/expat/dist/tests/udiffer.py                                 |     3 +-
 external/mit/expat/dist/win32/MANIFEST.txt                               |     2 +-
 external/mit/expat/dist/win32/build_expat_iss.bat                        |    14 +-
 external/mit/expat/dist/win32/expat.iss                                  |    51 +-
 external/mit/expat/dist/xmlwf/Makefile.am                                |     7 +-
 external/mit/expat/dist/xmlwf/Makefile.in                                |    37 +-
 external/mit/expat/dist/xmlwf/codepage.c                                 |    31 +-
 external/mit/expat/dist/xmlwf/codepage.h                                 |     4 +-
 external/mit/expat/dist/xmlwf/ct.c                                       |     3 +-
 external/mit/expat/dist/xmlwf/filemap.h                                  |     4 +-
 external/mit/expat/dist/xmlwf/readfilemap.c                              |     7 +-
 external/mit/expat/dist/xmlwf/unixfilemap.c                              |     6 +-
 external/mit/expat/dist/xmlwf/win32filemap.c                             |     4 +-
 external/mit/expat/dist/xmlwf/xmlfile.c                                  |    17 +-
 external/mit/expat/dist/xmlwf/xmlfile.h                                  |     5 +-
 external/mit/expat/dist/xmlwf/xmlmime.c                                  |     4 +-
 external/mit/expat/dist/xmlwf/xmlmime.h                                  |     3 +-
 external/mit/expat/dist/xmlwf/xmltchar.h                                 |     7 +-
 external/mit/expat/dist/xmlwf/xmlwf.c                                    |   186 +-
 external/mit/expat/dist/xmlwf/xmlwf_helpgen.py                           |    30 +-
 external/mit/expat/dist/xmlwf/xmlwf_helpgen.sh                           |     5 +-
 100 files changed, 9025 insertions(+), 4831 deletions(-)

diffs (truncated from 22984 to 300 lines):

diff -r 79ac6a799ab5 -r 5991a215a0e6 external/mit/expat/dist/CMake.README
--- a/external/mit/expat/dist/CMake.README      Wed Feb 23 12:17:06 2022 +0000
+++ b/external/mit/expat/dist/CMake.README      Wed Feb 23 15:21:34 2022 +0000
@@ -3,25 +3,25 @@
 The cmake based buildsystem for expat works on Windows (cygwin, mingw, Visual
 Studio) and should work on all other platform cmake supports.
 
-Assuming ~/expat-2.2.8 is the source directory of expat, add a subdirectory
+Assuming ~/expat-2.4.6 is the source directory of expat, add a subdirectory
 build and change into that directory:
-~/expat-2.2.8$ mkdir build && cd build
-~/expat-2.2.8/build$
+~/expat-2.4.6$ mkdir build && cd build
+~/expat-2.4.6/build$
 
 From that directory, call cmake first, then call make, make test and
 make install in the usual way:
-~/expat-2.2.8/build$ cmake ..
+~/expat-2.4.6/build$ cmake ..
 -- The C compiler identification is GNU
 -- The CXX compiler identification is GNU
 ....
 -- Configuring done
 -- Generating done
--- Build files have been written to: /home/patrick/expat-2.2.8/build
+-- Build files have been written to: /home/patrick/expat-2.4.6/build
 
 If you want to specify the install location for your files, append
 -DCMAKE_INSTALL_PREFIX=/your/install/path to the cmake call.
 
-~/expat-2.2.8/build$ make && make test && make install
+~/expat-2.4.6/build$ make && make test && make install
 Scanning dependencies of target expat
 [  5%] Building C object CMakeFiles/expat.dir/lib/xmlparse.c.o
 [ 11%] Building C object CMakeFiles/expat.dir/lib/xmlrole.c.o
diff -r 79ac6a799ab5 -r 5991a215a0e6 external/mit/expat/dist/CMakeLists.txt
--- a/external/mit/expat/dist/CMakeLists.txt    Wed Feb 23 12:17:06 2022 +0000
+++ b/external/mit/expat/dist/CMakeLists.txt    Wed Feb 23 15:21:34 2022 +0000
@@ -1,11 +1,70 @@
-# This file is copyrighted under the BSD-license for buildsystem files of KDE
-# copyright 2010, Patrick Spendrin <ps_ml%gmx.de@localhost>
+#                          __  __            _
+#                       ___\ \/ /_ __   __ _| |_
+#                      / _ \\  /| '_ \ / _` | __|
+#                     |  __//  \| |_) | (_| | |_
+#                      \___/_/\_\ .__/ \__,_|\__|
+#                               |_| XML parser
+#
+# Copyright (c) 2010      Patrick Spendrin <ps_ml%gmx.de@localhost>
+# Copyright (c) 2012      Karl Waclawek <karl%waclawek.net@localhost>
+# Copyright (c) 2016-2022 Sebastian Pipping <sebastian%pipping.org@localhost>
+# Copyright (c) 2016      Sergei Nikulov <sergey.nikulov%gmail.com@localhost>
+# Copyright (c) 2016      Björn Lindahl <bjorn.lindahl%foi.se@localhost>
+# Copyright (c) 2016      Tobias Taschner <github%tc84.de@localhost>
+# Copyright (c) 2016      Ben Boeckel <ben.boeckel%kitware.com@localhost>
+# Copyright (c) 2017      Rhodri James <rhodri%wildebeest.org.uk@localhost>
+# Copyright (c) 2017      Rolf Eike Beer <eike%sf-mail.de@localhost>
+# Copyright (c) 2017      Stephen Groat <stephen%groat.us@localhost>
+# Copyright (c) 2017      Franek Korta <fkorta%gmail.com@localhost>
+# Copyright (c) 2018      pedro-vicente <pedro.vicente%space-research.org@localhost>
+# Copyright (c) 2018      Frank Rast <frank.rast%gefeg.com@localhost>
+# Copyright (c) 2018      userwithuid <userwithuid%gmail.com@localhost>
+# Copyright (c) 2018      Yury Gribov <tetra2005%gmail.com@localhost>
+# Copyright (c) 2019      Kishore Kunche <kishore.kunche%intel.com@localhost>
+# Copyright (c) 2019      xantares <xantares09%hotmail.com@localhost>
+# Copyright (c) 2019      Mohammed Khajapasha <mohammed.khajapasha%intel.com@localhost>
+# Copyright (c) 2019      David Loffredo <loffredo%steptools.com@localhost>
+# Copyright (c) 2019      Bhargava Shastry <bhargava.shastry%ethereum.org@localhost>
+# Copyright (c) 2020      Maciej Sroczyński <macieksroczynski%poczta.fm@localhost>
+# Copyright (c) 2020      Gulliver <gulliver%traumkristalle.net@localhost>
+# Copyright (c) 2020      Thomas Beutlich <tc%tbeu.de@localhost>
+# Copyright (c) 2021      Alex Richardson <Alexander.Richardson%cl.cam.ac.uk@localhost>
+# Unlike most of Expat,
+# this file is copyrighted under the BSD-license for buildsystem files of KDE.
 
 cmake_minimum_required(VERSION 3.1.3)
 
+# This allows controlling documented build time switches
+# when Expat is pulled in using the add_subdirectory function, e.g.
+#
+#   set(EXPAT_BUILD_DOCS OFF)
+#   set(EXPAT_BUILD_TOOLS OFF)
+#   add_subdirectory(${expat_SOURCE_DIR}/expat ${expat_BINARY_DIR})
+#
+# would disable compilation of the xmlwf CLI and its man page.
+# Without activating behaviour NEW for policy CMP0077 here,
+# a user with -Wdev enabled would see warning
+#
+#   Policy CMP0077 is not set: option() honors normal variables.  Run "cmake
+#   --help-policy CMP0077" for policy details.  Use the cmake_policy command to
+#   set the policy and suppress this warning.
+#
+#   For compatibility with older versions of CMake, option is clearing the
+#   normal variable 'EXPAT_BUILD_DOCS'.
+#
+# and effectively not be able to adjust option EXPAT_BUILD_DOCS.
+#
+# For more details please see:
+# - https://cmake.org/cmake/help/latest/policy/CMP0077.html
+# - https://github.com/libexpat/libexpat/pull/419
+#
+if(POLICY CMP0077)
+    cmake_policy(SET CMP0077 NEW)
+endif()
+
 project(expat
     VERSION
-        2.2.8
+        2.4.6
     LANGUAGES
         C
 )
@@ -37,6 +96,20 @@
         set(_EXPAT_BUILD_DOCS_DEFAULT OFF)
     endif()
 endif()
+if(MSVC)
+    set(_EXPAT_BUILD_PKGCONFIG_DEFAULT OFF)
+else()
+    set(_EXPAT_BUILD_PKGCONFIG_DEFAULT ON)
+endif()
+if(DEFINED BUILD_SHARED_LIBS)
+    set(_EXPAT_SHARED_LIBS_DEFAULT ${BUILD_SHARED_LIBS})
+else()
+    set(_EXPAT_SHARED_LIBS_DEFAULT ON)
+endif()
+if(NOT CMAKE_BUILD_TYPE)
+    set(CMAKE_BUILD_TYPE NoConfig)  # so that accessing CMAKE_*_POSTFIX will be waterproof
+endif()
+string(TOUPPER "${CMAKE_BUILD_TYPE}" _EXPAT_BUILD_TYPE_UPPER)
 
 #
 # Configuration
@@ -44,10 +117,14 @@
 option(EXPAT_BUILD_TOOLS "build the xmlwf tool for expat library" ${_EXPAT_BUILD_TOOLS_DEFAULT})
 option(EXPAT_BUILD_EXAMPLES "build the examples for expat library" ON)
 option(EXPAT_BUILD_TESTS "build the tests for expat library" ON)
-option(EXPAT_SHARED_LIBS "build a shared expat library" ON)
+option(EXPAT_SHARED_LIBS "build a shared expat library" ${_EXPAT_SHARED_LIBS_DEFAULT})
 option(EXPAT_BUILD_DOCS "build man page for xmlwf" ${_EXPAT_BUILD_DOCS_DEFAULT})
 option(EXPAT_BUILD_FUZZERS "build fuzzers for the expat library" OFF)
-option(EXPAT_WITH_LIBBSD "utilize libbsd (for arc4random_buf)" OFF)
+option(EXPAT_BUILD_PKGCONFIG "build pkg-config file" ${_EXPAT_BUILD_PKGCONFIG_DEFAULT})
+option(EXPAT_OSSFUZZ_BUILD "build fuzzers via ossfuzz for the expat library" OFF)
+if(UNIX OR _EXPAT_HELP)
+    option(EXPAT_WITH_LIBBSD "utilize libbsd (for arc4random_buf)" OFF)
+endif()
 option(EXPAT_ENABLE_INSTALL "install expat files in cmake install target" ON)
 set(EXPAT_CONTEXT_BYTES 1024 CACHE STRING "Define to specify how much context to retain around the current parse point")
 mark_as_advanced(EXPAT_CONTEXT_BYTES)
@@ -56,7 +133,7 @@
 option(EXPAT_NS "Define to make XML Namespaces functionality available" ON)
 mark_as_advanced(EXPAT_NS)
 option(EXPAT_WARNINGS_AS_ERRORS "Treat all compiler warnings as errors" OFF)
-if(NOT WIN32 OR _EXPAT_HELP)
+if(UNIX OR _EXPAT_HELP)
     option(EXPAT_DEV_URANDOM "Define to include code reading entropy from `/dev/urandom'." ON)
     set(EXPAT_WITH_GETRANDOM "AUTO" CACHE STRING
             "Make use of getrandom function (ON|OFF|AUTO) [default=AUTO]")
@@ -74,6 +151,14 @@
 if(MSVC OR _EXPAT_HELP)
     set(EXPAT_MSVC_STATIC_CRT OFF CACHE BOOL "Use /MT flag (static CRT) when compiling in MSVC")
 endif()
+if(NOT _EXPAT_HELP)
+    set(_EXPAT_M32 OFF CACHE BOOL "(Unofficial!) Produce 32bit code with -m32")
+endif()
+
+if(EXPAT_BUILD_TESTS)
+    # We have to call enable_language() before modifying any CMAKE_CXX_* variables
+    enable_language(CXX)
+endif()
 
 #
 # Environment checks
@@ -87,6 +172,26 @@
     endif()
 endif()
 
+if(MSVC)
+    # For the three types of MSVC version values, please see:
+    # - https://cmake.org/cmake/help/latest/variable/MSVC_VERSION.html
+    # - https://sourceforge.net/p/predef/wiki/Compilers/
+    # - https://en.wikipedia.org/wiki/Microsoft_Visual_Studio#History
+    set(_EXPAT_MSVC_REQUIRED_INT 1800)  # i.e. 12.0/2013/1800; see PR #426
+    set(_EXPAT_MSVC_SUPPORTED_INT 1910)
+    set(_EXPAT_MSVC_SUPPORTED_DISPLAY "Visual Studio 15.0/2017/${_EXPAT_MSVC_SUPPORTED_INT}")
+
+    if(MSVC_VERSION VERSION_LESS ${_EXPAT_MSVC_SUPPORTED_INT})
+        if(MSVC_VERSION VERSION_LESS ${_EXPAT_MSVC_REQUIRED_INT})
+            message(SEND_ERROR "MSVC_VERSION ${MSVC_VERSION} is TOO OLD to compile Expat without errors.")
+            message(SEND_ERROR "Please use officially supported ${_EXPAT_MSVC_SUPPORTED_DISPLAY} or later.  Thank you!")
+        else()
+            message(WARNING "MSVC_VERSION ${MSVC_VERSION} is NOT OFFICIALLY SUPPORTED by Expat.")
+            message(WARNING "Please use ${_EXPAT_MSVC_SUPPORTED_DISPLAY} or later.  Thank you!")
+        endif()
+    endif()
+endif()
+
 macro(_expat_copy_bool_int source_ref dest_ref)
     if(${source_ref})
         set(${dest_ref} 1)
@@ -109,12 +214,27 @@
 elseif(EXPAT_CHAR_TYPE STREQUAL "ushort")
     set(_EXPAT_UNICODE ON)
     set(_EXPAT_UNICODE_WCHAR_T OFF)
+    if(EXPAT_BUILD_EXAMPLES)
+        message(SEND_ERROR "Examples can not be built with option -DEXPAT_CHAR_TYPE=ushort. Please pass -DEXPAT_CHAR_TYPE=(char|wchar_t) or -DEXPAT_BUILD_EXAMPLES=OFF.")
+    endif()
+    if(EXPAT_BUILD_TESTS)
+        message(SEND_ERROR "The testsuite can not be built with option -DEXPAT_CHAR_TYPE=ushort. Please pass -DEXPAT_CHAR_TYPE=(char|wchar_t) or -DEXPAT_BUILD_TESTS=OFF.")
+    endif()
     if(EXPAT_BUILD_TOOLS)
         message(SEND_ERROR "The xmlwf tool can not be built with option -DEXPAT_CHAR_TYPE=ushort. Please pass -DEXPAT_CHAR_TYPE=(char|wchar_t) or -DEXPAT_BUILD_TOOLS=OFF.")
     endif()
 elseif(EXPAT_CHAR_TYPE STREQUAL "wchar_t")
     set(_EXPAT_UNICODE ON)
     set(_EXPAT_UNICODE_WCHAR_T ON)
+    if(NOT WIN32)
+        string(FIND "${CMAKE_C_FLAGS}" "-fshort-wchar" _expat_short_wchar_found)
+        if(${_expat_short_wchar_found} EQUAL "-1")
+            message(SEND_ERROR "Configuration -DEXPAT_CHAR_TYPE=wchar_t requires -DCMAKE_{C,CXX}_FLAGS=-fshort-wchar (which was not found) and libc compiled with -fshort-wchar, too.")
+        endif()
+        if (EXPAT_BUILD_TOOLS)
+            message(SEND_ERROR "The xmlwf tool can not be built with option -DEXPAT_CHAR_TYPE=wchar_t outside of Windows. Please pass -DEXPAT_CHAR_TYPE=char or -DEXPAT_BUILD_TOOLS=OFF.")
+        endif()
+    endif()
 else()
     message(SEND_ERROR "Option -DEXPAT_CHAR_TYPE=(char|ushort|wchar_t) cannot be \"${EXPAT_CHAR_TYPE}\".")
 endif()
@@ -160,7 +280,6 @@
 endmacro()
 
 configure_file(expat_config.h.cmake "${CMAKE_CURRENT_BINARY_DIR}/expat_config.h")
-add_definitions(-DHAVE_EXPAT_CONFIG_H)
 expat_install(FILES "${CMAKE_CURRENT_BINARY_DIR}/expat_config.h" DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
 
 
@@ -171,14 +290,18 @@
 if(FLAG_VISIBILITY)
   add_definitions(-DXML_ENABLE_VISIBILITY=1)
   set(EXTRA_COMPILE_FLAGS "${EXTRA_COMPILE_FLAGS} -fvisibility=hidden")
-endif(FLAG_VISIBILITY)
+endif()
+if(MINGW)
+    # Without __USE_MINGW_ANSI_STDIO the compiler produces a false positive
+    set(EXTRA_COMPILE_FLAGS "${EXTRA_COMPILE_FLAGS} -Wno-pedantic-ms-format")
+endif()
 if (EXPAT_WARNINGS_AS_ERRORS)
     if(MSVC)
         add_definitions(/WX)
-    else(MSVC)
+    else()
         set(EXTRA_COMPILE_FLAGS "${EXTRA_COMPILE_FLAGS} -Werror")
-    endif(MSVC)
-endif(EXPAT_WARNINGS_AS_ERRORS)
+    endif()
+endif()
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_COMPILE_FLAGS}")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${EXTRA_COMPILE_FLAGS}")
 
@@ -186,10 +309,12 @@
     if (EXPAT_MSVC_STATIC_CRT)
         message("-- Using static CRT ${EXPAT_MSVC_STATIC_CRT}")
         foreach(flag_var
+                CMAKE_CXX_FLAGS_${_EXPAT_BUILD_TYPE_UPPER}
                 CMAKE_CXX_FLAGS_DEBUG
                 CMAKE_CXX_FLAGS_RELEASE
                 CMAKE_CXX_FLAGS_MINSIZEREL
                 CMAKE_CXX_FLAGS_RELWITHDEBINFO
+                CMAKE_C_FLAGS_${_EXPAT_BUILD_TYPE_UPPER}
                 CMAKE_C_FLAGS_DEBUG
                 CMAKE_C_FLAGS_RELEASE
                 CMAKE_C_FLAGS_MINSIZEREL
@@ -200,38 +325,58 @@
     endif()
 endif()
 
+if(_EXPAT_M32 AND NOT MSVC)
+    foreach(flag_var
+            CMAKE_CXX_FLAGS_${_EXPAT_BUILD_TYPE_UPPER}
+            CMAKE_CXX_FLAGS_DEBUG
+            CMAKE_CXX_FLAGS_RELEASE
+            CMAKE_CXX_FLAGS_MINSIZEREL
+            CMAKE_CXX_FLAGS_RELWITHDEBINFO
+            CMAKE_C_FLAGS_${_EXPAT_BUILD_TYPE_UPPER}
+            CMAKE_C_FLAGS_DEBUG
+            CMAKE_C_FLAGS_RELEASE
+            CMAKE_C_FLAGS_MINSIZEREL
+            CMAKE_C_FLAGS_RELWITHDEBINFO
+            )
+        set(${flag_var} "${${flag_var}} -m32")
+    endforeach()
+endif()
+
 include_directories(${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/lib)
 if(MSVC)
     add_definitions(-D_CRT_SECURE_NO_WARNINGS -wd4996)
-endif(MSVC)
-if(WIN32)
-    if(_EXPAT_UNICODE_WCHAR_T)


Home | Main Index | Thread Index | Old Index