summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2019-06-29 00:34:01 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2019-06-29 00:34:01 +0000
commitce1d59e0f39f9cc1c7946c1cef7d2be476c66396 (patch)
tree81e082f01760f5f871e7c494f1cb7ee210260365 /lib
parent523c30bc8f1287d4d1c5e52a83fbd83829c770a1 (diff)
Update libexpat to 2.2.7. Relevant for OpenBSD is only the fix for
CVE-2018-20843, a potential denial-of-service in libexpat due to high RAM and CPU usage. OK deraadt@
Diffstat (limited to 'lib')
-rw-r--r--lib/libexpat/Changes35
-rw-r--r--lib/libexpat/Makefile4
-rw-r--r--lib/libexpat/README.md3
-rw-r--r--lib/libexpat/expat_config.h3
-rw-r--r--lib/libexpat/lib/expat.h2
-rw-r--r--lib/libexpat/lib/expat_external.h6
-rw-r--r--lib/libexpat/lib/winconfig.h4
-rw-r--r--lib/libexpat/lib/xmlparse.c26
-rw-r--r--lib/libexpat/tests/runtests.c2
9 files changed, 56 insertions, 29 deletions
diff --git a/lib/libexpat/Changes b/lib/libexpat/Changes
index b0ee42cd36c..a587e9ab7a0 100644
--- a/lib/libexpat/Changes
+++ b/lib/libexpat/Changes
@@ -2,6 +2,41 @@ NOTE: We are looking for help with a few things:
https://github.com/libexpat/libexpat/labels/help%20wanted
If you can help, please get in touch. Thanks!
+Release 2.2.7 Wed June 19 2019
+ Security fixes:
+ #186 #262 Fix extraction of namespace prefixes from XML names;
+ XML names with multiple colons could end up in the
+ wrong namespace, and take a high amount of RAM and CPU
+ resources while processing, opening the door to
+ use for denial-of-service attacks
+
+ Other changes:
+ #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop
+ exporting non-API symbols
+ #227 Autotools: Add --without-examples and --without-tests
+ #228 Autotools: Modernize configure.ac
+ #245 #246 Autotools: Fix check for -fvisibility=hidden for Clang
+ #247 #248 Autotools: Fix compilation for lack of docbook2x-man
+ #236 #258 Autotools: Produce .tar.{gz,lz,xz} release archives
+ #212 CMake: Make libdir of pkgconfig expat.pc support multilib
+ #158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
+ #219 Remove fallback to bcopy, assume that memmove(3) exists
+ #257 Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD)
+ #243 Windows: Fix syntax of .def module definition files
+ Version info bumped from 7:8:6 to 7:9:6
+
+ Special thanks to:
+ Benjamin Peterson
+ Caolán McNamara
+ Hanno Böck
+ KangLin
+ Kishore Kunche
+ Marco Maggi
+ Rhodri James
+ Sebastian Dröge
+ userwithuid
+ Yury Gribov
+
Release 2.2.6 Sun August 12 2018
Bug fixes:
#170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer
diff --git a/lib/libexpat/Makefile b/lib/libexpat/Makefile
index a6e8a62e5a3..8bb75e7408c 100644
--- a/lib/libexpat/Makefile
+++ b/lib/libexpat/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.14 2017/07/28 09:32:49 aoyama Exp $
+# $OpenBSD: Makefile,v 1.15 2019/06/29 00:33:59 bluhm Exp $
.PATH: ${.CURDIR}/lib
@@ -8,7 +8,7 @@ LIB= expat
SRCS= xmlparse.c xmltok.c xmlrole.c
CFLAGS+=-I${.CURDIR} -DHAVE_EXPAT_CONFIG_H
.if ${COMPILER_VERSION:L} != "gcc3"
-CFLAGS+=-fvisibility=hidden
+CFLAGS+=-fvisibility=hidden -DXML_ENABLE_VISIBILITY=1
.endif
PC_FILES=expat.pc
diff --git a/lib/libexpat/README.md b/lib/libexpat/README.md
index 2c7e6ac4050..fd3911ebc68 100644
--- a/lib/libexpat/README.md
+++ b/lib/libexpat/README.md
@@ -1,8 +1,9 @@
[![Travis CI Build Status](https://travis-ci.org/libexpat/libexpat.svg?branch=master)](https://travis-ci.org/libexpat/libexpat)
[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/github/libexpat/libexpat?svg=true)](https://ci.appveyor.com/project/libexpat/libexpat)
+[![Packaging status](https://repology.org/badge/tiny-repos/expat.svg)](https://repology.org/metapackage/expat/versions)
-# Expat, Release 2.2.6
+# Expat, Release 2.2.7
This is Expat, a C library for parsing XML, started by
[James Clark](https://en.wikipedia.org/wiki/James_Clark_(programmer)) in 1997.
diff --git a/lib/libexpat/expat_config.h b/lib/libexpat/expat_config.h
index 30b865c212f..ea1a6a0ec07 100644
--- a/lib/libexpat/expat_config.h
+++ b/lib/libexpat/expat_config.h
@@ -1,10 +1,9 @@
-/* $OpenBSD: expat_config.h,v 1.4 2017/08/04 16:24:03 bluhm Exp $ */
+/* $OpenBSD: expat_config.h,v 1.5 2019/06/29 00:33:59 bluhm Exp $ */
/* quick and dirty conf for OpenBSD */
#define HAVE_ARC4RANDOM 1
#define HAVE_ARC4RANDOM_BUF 1
-#define HAVE_MEMMOVE 1
#define XML_CONTEXT_BYTES 1024
#define XML_DTD 1
#define XML_NS 1
diff --git a/lib/libexpat/lib/expat.h b/lib/libexpat/lib/expat.h
index 174c3fafda3..c050f1d918c 100644
--- a/lib/libexpat/lib/expat.h
+++ b/lib/libexpat/lib/expat.h
@@ -1076,7 +1076,7 @@ XML_GetFeatureList(void);
*/
#define XML_MAJOR_VERSION 2
#define XML_MINOR_VERSION 2
-#define XML_MICRO_VERSION 6
+#define XML_MICRO_VERSION 7
#ifdef __cplusplus
}
diff --git a/lib/libexpat/lib/expat_external.h b/lib/libexpat/lib/expat_external.h
index 629483a91b2..875225d77e5 100644
--- a/lib/libexpat/lib/expat_external.h
+++ b/lib/libexpat/lib/expat_external.h
@@ -93,7 +93,11 @@
# endif
#endif /* not defined XML_STATIC */
-#if !defined(XMLIMPORT) && defined(__GNUC__) && (__GNUC__ >= 4)
+#ifndef XML_ENABLE_VISIBILITY
+# define XML_ENABLE_VISIBILITY 0
+#endif
+
+#if !defined(XMLIMPORT) && XML_ENABLE_VISIBILITY
# define XMLIMPORT __attribute__ ((visibility ("default")))
#endif
diff --git a/lib/libexpat/lib/winconfig.h b/lib/libexpat/lib/winconfig.h
index 17fea468900..28a043c6044 100644
--- a/lib/libexpat/lib/winconfig.h
+++ b/lib/libexpat/lib/winconfig.h
@@ -53,10 +53,6 @@
/* we will assume all Windows platforms are little endian */
#define BYTEORDER 1234
-/* Windows has memmove() available. */
-#define HAVE_MEMMOVE
-
-
#endif /* !defined(HAVE_EXPAT_CONFIG_H) */
diff --git a/lib/libexpat/lib/xmlparse.c b/lib/libexpat/lib/xmlparse.c
index 20a9e635003..4191824cd34 100644
--- a/lib/libexpat/lib/xmlparse.c
+++ b/lib/libexpat/lib/xmlparse.c
@@ -1,4 +1,4 @@
-/* 19ac4776051591216f1874e34ee99b6a43a3784c8bd7d70efeb9258dd22b906a (2.2.6+)
+/* 69df5be70289a11fb834869ce4a91c23c1d9dd04baffcbd10e86742d149a080c (2.2.7+)
__ __ _
___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __|
@@ -116,15 +116,6 @@ typedef char ICHAR;
/* Do safe (NULL-aware) pointer arithmetic */
#define EXPAT_SAFE_PTR_DIFF(p, q) (((p) && (q)) ? ((p) - (q)) : 0)
-/* Handle the case where memmove() doesn't exist. */
-#ifndef HAVE_MEMMOVE
-#ifdef HAVE_BCOPY
-#define memmove(d,s,l) bcopy((s),(d),(l))
-#else
-#error memmove does not exist on this platform, nor is a substitute available
-#endif /* HAVE_BCOPY */
-#endif /* HAVE_MEMMOVE */
-
#include "internal.h"
#include "xmltok.h"
#include "xmlrole.h"
@@ -627,6 +618,7 @@ static const XML_Char implicitContext[] = {
ASCII_s, ASCII_p, ASCII_a, ASCII_c, ASCII_e, '\0'
};
+
static unsigned long
generate_hash_secret_salt(XML_Parser parser)
{
@@ -2771,7 +2763,7 @@ doContent(XML_Parser parser,
enum XML_Error result;
if (parser->m_startCdataSectionHandler)
parser->m_startCdataSectionHandler(parser->m_handlerArg);
-#if 0
+/* BEGIN disabled code */
/* Suppose you doing a transformation on a document that involves
changing only the character data. You set up a defaultHandler
and a characterDataHandler. The defaultHandler simply copies
@@ -2784,9 +2776,9 @@ doContent(XML_Parser parser,
However, now we have a start/endCdataSectionHandler, so it seems
easier to let the user deal with this.
*/
- else if (parser->m_characterDataHandler)
+ else if (0 && parser->m_characterDataHandler)
parser->m_characterDataHandler(parser->m_handlerArg, parser->m_dataBuf, 0);
-#endif
+/* END disabled code */
else if (parser->m_defaultHandler)
reportDefault(parser, enc, s, next);
result = doCdataSection(parser, enc, &next, end, nextPtr, haveMore);
@@ -3483,11 +3475,11 @@ doCdataSection(XML_Parser parser,
case XML_TOK_CDATA_SECT_CLOSE:
if (parser->m_endCdataSectionHandler)
parser->m_endCdataSectionHandler(parser->m_handlerArg);
-#if 0
+/* BEGIN disabled code */
/* see comment under XML_TOK_CDATA_SECT_OPEN */
- else if (parser->m_characterDataHandler)
+ else if (0 && parser->m_characterDataHandler)
parser->m_characterDataHandler(parser->m_handlerArg, parser->m_dataBuf, 0);
-#endif
+/* END disabled code */
else if (parser->m_defaultHandler)
reportDefault(parser, enc, s, next);
*startPtr = next;
@@ -5832,7 +5824,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
else
poolDiscard(&dtd->pool);
elementType->prefix = prefix;
-
+ break;
}
}
return 1;
diff --git a/lib/libexpat/tests/runtests.c b/lib/libexpat/tests/runtests.c
index 4f4d2687f11..ccad50f4ea2 100644
--- a/lib/libexpat/tests/runtests.c
+++ b/lib/libexpat/tests/runtests.c
@@ -8062,7 +8062,7 @@ START_TEST(test_misc_version)
fail("Version mismatch");
#if ! defined(XML_UNICODE) || defined(XML_UNICODE_WCHAR_T)
- if (xcstrcmp(version_text, XCS("expat_2.2.6"))) /* needs bump on releases */
+ if (xcstrcmp(version_text, XCS("expat_2.2.7"))) /* needs bump on releases */
fail("XML_*_VERSION in expat.h out of sync?\n");
#else
/* If we have XML_UNICODE defined but not XML_UNICODE_WCHAR_T