./textproc/expat, XML parser library written in C

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.2.8, Package name: expat-2.2.8, Maintainer: pkgsrc-users

This is James Clark's expat XML parser library in C. It is a stream oriented
parser that requires setting handlers to deal with the structure that the
parser discovers in the document.

Required to build:

Master sites:

SHA1: 2097c111a23d0583cc8ea42f99ebfe7e29aeba92
RMD160: ecaa41cf9bf0363fa9dcaca062a2d29015b14343
Filesize: 645.519 KB

Version history: (Expand)

CVS history: (Expand)

   2019-11-04 22:43:49 by Roland Illig | Files touched by this commit (155)
Log message:
textproc: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-09-15 15:13:47 by Nia Alarie | Files touched by this commit (2) | Package updated
Log message:
expat: Update to 2.2.8

Release 2.2.8 Fri Septemper 13 2019
        Security fixes:
       #317 #318  CVE-2019-15903 -- Fix heap overflow triggered by
                    XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
                    and deny internal entities closing the doctype;
                    fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43

        Bug fixes:
            #240  Fix cases where XML_StopParser did not have any effect
                    when called from inside of an end element handler
            #341  xmlwf: Fix exit code for operation without "-d \ 
                    previously, only "-d DIRECTORY" would give you a proper
                    exit code:
                      # xmlwf -d . <<<'<not well-formed>' \ 
2>/dev/null ; echo $?
                      # xmlwf <<<'<not well-formed>' \ 
2>/dev/null ; echo $?
                    Now both cases return exit code 2.

        Other changes:
       #299 #302  Windows: Replace LoadLibrary hack to access
                    unofficial API function SystemFunction036 (RtlGenRandom)
                    by using official API function rand_s (needs WinXP+)
            #325  Windows: Drop support for Visual Studio <=7.1/2003
                    and document supported compilers in README.md
            #286  Windows: Remove COM code from xmlwf; in case it turns
                    out needed later, there will be a dedicated repository
                    below https://github.com/libexpat/ for that code
            #322  Windows: Remove explicit MSVC solution and project files.
                    You can generate Visual Studio solution files through
                    CMake, e.g.: cmake -G"Visual Studio 15 2017" .
            #338  xmlwf: Make "xmlwf -h" help output more friendly
            #339  examples: Improve elements.c
       #244 #264  Autotools: Add argument --enable-xml-attr-info
       #239 #301  Autotools: Add arguments
       #312 #343  Autotools: Fix linking issues with "./configure LD=clang"
                  Autotools: Fix "make run-xmltest" for out-of-source \ 
       #329 #336  CMake: Pull all options from Expat <=2.2.7 into namespace
                    prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
                    - BUILD_doc            -> EXPAT_BUILD_DOCS (plural)
                    - BUILD_examples       -> EXPAT_BUILD_EXAMPLES
                    - BUILD_shared         -> EXPAT_SHARED_LIBS
                    - BUILD_tests          -> EXPAT_BUILD_TESTS
                    - BUILD_tools          -> EXPAT_BUILD_TOOLS
                    - DOCBOOK_TO_MAN       -> DOCBOOK_TO_MAN (unchanged)
                    - INSTALL              -> EXPAT_ENABLE_INSTALL
                    - USE_libbsd           -> EXPAT_WITH_LIBBSD
                    - XML_CONTEXT_BYTES    -> EXPAT_CONTEXT_BYTES
                    - XML_DEV_URANDOM      -> EXPAT_DEV_URANDOM
                    - XML_DTD              -> EXPAT_DTD
                    - XML_NS               -> EXPAT_NS
                    - XML_UNICODE          -> EXPAT_CHAR_TYPE=ushort (!)
                    - XML_UNICODE_WCHAR_T  -> EXPAT_CHAR_TYPE=wchar_t (!)
       #244 #264  CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
                    default OFF
            #326  CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
                    default OFF
            #328  CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
                    default OFF
       #239 #277  CMake: Add arguments
                    -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
                    -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
            #326  CMake: Install expat_config.h to include directory
            #326  CMake: Generate and install configuration files for
                    future find_package(expat [..] CONFIG [..])
                  CMake: Now produces a summary of applied configuration
                  CMake: Require C++ compiler only when tests are enabled
            #330  CMake: Fix compilation for 16bit character types,
                    i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
            #265  CMake: Fix linking with MinGW
            #330  CMake: Add full support for MinGW; to enable, use
            #330  CMake: Port "make run-xmltest" from GNU Autotools to \ 
            #316  CMake: Windows: Make binary postfix match MSVC
                    Old: expat[d].lib
                    New: expat[w][d][MD|MT].lib
                  CMake: Migrate files from Windows to Unix line endings
            #308  CMake: Integrate OSS-Fuzz fuzzers, option
                    -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
             #14  Drop an OpenVMS support leftover
    #235 #268 ..
    #270 #310 ..
  #313 #331 #333  Address compiler warnings
    #282 #283 ..
       #284 #285  Address cppcheck warnings
       #294 #295  Address Clang Static Analyzer warnings
        #24 #293  Mass-apply clang-format 9 (and ensure conformance during CI)
                  Version info bumped from 7:9:6 to 7:10:6

        Special thanks to:
            David Loffredo
            Joonun Jang
            Khajapasha Mohammed
            Kishore Kunche
            Marco Maggi
            Mitch Phillips
            Rolf Ade
            Zhongyuan Zhou
   2019-06-30 00:36:04 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
expat: update to 2.2.7.

For a security fix.

Release 2.2.7 Wed June 19 2019
        Security fixes:
       #186 #262  Fix extraction of namespace prefixes from XML names;
                    XML names with multiple colons could end up in the
                    wrong namespace, and take a high amount of RAM and CPU
                    resources while processing, opening the door to
                    use for denial-of-service attacks

        Other changes:
       #195 #197  Autotools/CMake: Utilize -fvisibility=hidden to stop
                    exporting non-API symbols
            #227  Autotools: Add --without-examples and --without-tests
            #228  Autotools: Modernize configure.ac
       #245 #246  Autotools: Fix check for -fvisibility=hidden for Clang
       #247 #248  Autotools: Fix compilation for lack of docbook2x-man
       #236 #258  Autotools: Produce .tar.{gz,lz,xz} release archives
            #212  CMake: Make libdir of pkgconfig expat.pc support multilib
       #158 #263  CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
            #219  Remove fallback to bcopy, assume that memmove(3) exists
            #257  Use portable "/usr/bin/env bash" shebang (e.g. for \ 
            #243  Windows: Fix syntax of .def module definition files
                  Version info bumped from 7:8:6 to 7:9:6

        Special thanks to:
            Benjamin Peterson
            Caolán McNamara
            Hanno Böck
            Kishore Kunche
            Marco Maggi
            Rhodri James
            Sebastian Dröge
            Yury Gribov
   2018-08-20 07:24:49 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
expat: update to 2.2.6.

Release 2.2.6 Sun August 12 2018
        Bug fixes:
       #170 #206  Avoid doing arithmetic with NULL pointers in XML_GetBuffer
       #204 #205  Fix 2.2.5 regression with suspend-resume while parsing
                    a document like '<root/>'

        Other changes:
       #165 #168  Autotools: Fix docbook-related configure syntax error
            #166  Autotools: Avoid grep option `-q` for Solaris
            #167  Autotools: Support
                    ./configure DOCBOOK_TO_MAN="xmlto man \ 
       #159 #167  Autotools: Support DOCBOOK_TO_MAN command which produces
                    xmlwf.1 rather than XMLWF.1; also covers case insensitive
                    file systems
            #181  Autotools: Drop -rpath option passed to libtool
            #188  Autotools: Detect and deny SGML docbook2man as ours is XML
            #188  Autotools/CMake: Support command db2x_docbook2man as well
            #174  CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
       #184 #185  CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
       #207 #208  CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
                    both defaulting to OFF
            #175  CMake: Prefer check_symbol_exists over check_function_exists
            #176  CMake: Create the same pkg-config file as with GNU Autotools
       #178 #179  CMake: Use GNUInstallDirs module to set proper defaults for
                    install directories
            #208  CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
            #180  Windows: Fix compilation of test suite for Visual Studio 2008
  #131 #173 #202  Address compiler warnings
  #187 #190 #200  Fix miscellaneous typos
                  Version info bumped from 7:7:6 to 7:8:6

Release 2.2.5 Tue October 31 2017
        Bug fixes:
              #8  If the parser runs out of memory, make sure its internal
                    state reflects the memory it actually has, not the memory
                    it wanted to have.
             #11  The default handler wasn't being called when it should for
                    a SYSTEM or PUBLIC doctype if an entity declaration handler
                    was registered.
       #137 #138  Fix a case of mistakenly reported parsing success where
                    XML_StopParser was called from an element handler
            #162  Function XML_ErrorString was returning NULL rather than
                    a message for code XML_ERROR_INVALID_ARGUMENT
                    introduced with release 2.2.1

        Other changes:
            #106  xmlwf: Add argument -N adding notation declarations
        #75 #106  Test suite: Resolve expected failure cases where xmlwf
                    output was incomplete
            #127  Windows: Fix test suite compilation
       #126 #127  Windows: Fix compilation for Visual Studio 2012
                  Windows: Upgrade shipped project files to Visual Studio 2017
        #33 #132  tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
            #129  examples: Fix compilation for XML_UNICODE_WCHAR_T
            #130  benchmark: Fix compilation for XML_UNICODE_WCHAR_T
            #144  xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
                    Windows or MinGW for 2-byte wchar_t
              #9  Address two Clang Static Analyzer false positives
             #59  Resolve troublesome macros hiding parser struct membership
                    and dereferencing that pointer
              #6  Resolve superfluous internal malloc/realloc switch
       #153 #155  Improve docbook2x-man detection
            #160  Undefine NDEBUG in the test suite (rather than rejecting it)
            #161  Address compiler warnings
                  Version info bumped from 7:6:6 to 7:7:6
   2018-08-19 22:16:42 by Thomas Klausner | Files touched by this commit (38)
Log message:
*: reset maintainer for drochner
   2018-02-18 06:09:21 by Roland Illig | Files touched by this commit (2)
Log message:
textproc/expat: move documentation to share/doc/expat
   2017-09-08 09:55:17 by Thomas Klausner | Files touched by this commit (5) | Package updated
Log message:
Updated expat to 2.2.4.

Release 2.2.4 Sat Auguest 19 2017
        Bug fixes:
            #115  Fix copying of partial characters for UTF-8 input

        Other changes:
            #109  Fix "make check" for non-x86 architectures that default
                    to unsigned type char (-128..127 rather than 0..255)
            #109  coverage.sh: Cover -funsigned-char
                  Autotools: Introduce --without-xmlwf argument
             #65  Autotools: Replace handwritten Makefile with GNU Automake
             #43  CMake: Auto-detect high quality entropy extractors, add new
                    option USE_libbsd=ON to use arc4random_buf of libbsd
             #74  CMake: Add -fno-strict-aliasing only where supported
            #114  CMake: Always honor manually set BUILD_* options
            #114  CMake: Compile man page if docbook2x-man is available, only
            #117  Include file tests/xmltest.log.expected in source tarball
                    (required for "make run-xmltest")
            #117  Include (existing) Visual Studio 2013 files in source tarball
                  Improve test suite error output
            #111  Fix some typos in documentation
                  Version info bumped from 7:5:6 to 7:6:6

        Special thanks to:
            Jakub Wilk
            Joe Orton
            Lin Tian
            Rolf Eike Beer

Release 2.2.3 Wed August 2 2017
        Security fixes:
             #82  CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
                    using Steve Holme's LoadLibrary wrapper for/of cURL

        Bug fixes:
             #85  Fix a dangling pointer issue related to realloc

        Other changes:
                  Increase code coverage
             #91  Linux: Allow getrandom to fail if nonblocking pool has not
                    yet been initialized and read /dev/urandom then, instead.
                    This is in line with what recent Python does.
             #81  Pre-10.7/Lion macOS: Support entropy from arc4random
             #86  Check that a UTF-16 encoding in an XML declaration has the
                    right endianness
        #4 #5 #7  Recover correctly when some reallocations fail
                  Repair "./configure && make" for systems \ 
without any
                    provider of high quality entropy
                    and try reading /dev/urandom on those
                  Ensure that user-defined character encodings have converter
                    functions when they are needed
                  Fix mis-leading description of argument -c in xmlwf.1
                  Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
                    for CloudABI
            #100  Fix use of SIPHASH_MAIN in siphash.h
             #23  Test suite: Fix memory leaks
                  Version info bumped from 7:4:6 to 7:5:6

        Special thanks to:
            Chanho Park
            Joe Orton
            Pascal Cuoq
            Rhodri James
            Simon McVittie
            Vadim Zeitlin
            Viktor Szakats
            Core Infrastructure Initiative

Release 2.2.2 Wed July 12 2017
        Security fixes:
             #43  Protect against compilation without any source of high
                    quality entropy enabled, e.g. with CMake build system;
                    commit ff0207e6076e9828e536b8d9cd45c9c92069b895
             #60  Windows with _UNICODE:
                    Unintended use of LoadLibraryW with a non-wide string
                    resulted in failure to load advapi32.dll and degradation
                    in quality of used entropy when compiled with _UNICODE for
                    Windows; you can launch existing binaries with
                    EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
                    quality of entropy used during runtime; commits
                    * 95b95032f907ef1cd17ee7a9a1768010a825d61d
                    * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
   [MOX-006]      Fix non-NULL parser parameter validation in XML_Parse;
                    resulted in NULL dereference, previously;
                    commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe

        Bug fixes:
             #69  Fix improper use of unsigned long long integer literals

        Other changes:
             #73  Start requiring a C99 compiler
             #49  Fix "==" Bashism in configure script
             #50  Fix too eager getrandom detection for Debian GNU/kFreeBSD
             #52    and macOS
             #51  Address lack of stdint.h in Visual Studio 2003 to 2008
             #58  Address compile warnings
             #68  Fix "./buildconf.sh && ./configure" for some \ 
                    of Dash for /bin/sh
             #72  CMake: Ease use of Expat in context of a parent project
                    with multiple CMakeLists.txt files
             #72  CMake: Resolve mistaken executable permissions
             #76  Address compile warning with -DNDEBUG (not recommended!)
             #77  Address compile warning about macro redefinition

        Special thanks to:
            Alexander Bluhm
            Ben Boeckel
            Cătălin Răceanu
            Kerin Millar
            László Böszörményi
            S. P. Zeidler
            Segev Finer
            Václav Slavík
            Victor Stinner
            Viktor Szakats
            Radically Open Security
   2017-06-20 20:53:58 by S.P.Zeidler | Files touched by this commit (2)
Log message:
use the variant upstream chose (Debian also ran into the issue)