From cd8e329751c455090ad1e826ca313acd3c6d49fc Mon Sep 17 00:00:00 2001 From: bluhm Date: Mon, 11 May 2026 22:41:23 +0000 Subject: [PATCH] Update libexpat to version 2.8.0 Relevant for OpenBSD are other changes #1201 #1189 #1203 #1204 #1194 #1202 #1187 #1192 #1171 #1170. Minor library bump is necessary as XML_SetHashSalt16Bytes() has been added. Security fixes have been backported in previous commit. OK tb@ --- lib/libexpat/Changes | 50 ++++ lib/libexpat/Makefile | 4 +- lib/libexpat/README.md | 8 +- lib/libexpat/doc/reference.html | 57 ++++- lib/libexpat/examples/element_declarations.c | 5 +- lib/libexpat/expat_config.h | 3 +- lib/libexpat/lib/expat.h | 16 +- lib/libexpat/lib/expat_external.h | 5 +- lib/libexpat/lib/internal.h | 2 +- .../random_arc4random_buf.c} | 21 +- .../random_arc4random_buf.h} | 13 +- lib/libexpat/lib/xmlparse.c | 226 +++++------------- lib/libexpat/lib/xmlrole.c | 2 +- lib/libexpat/lib/xmltok.c | 2 +- lib/libexpat/lib/xmltok_ns.c | 2 +- lib/libexpat/shlib_version | 2 +- lib/libexpat/tests/alloc_tests_cxx.cpp | 32 --- lib/libexpat/tests/basic_tests.c | 26 ++ lib/libexpat/tests/basic_tests_cxx.cpp | 32 --- lib/libexpat/tests/chardata_cxx.cpp | 32 --- lib/libexpat/tests/common_cxx.cpp | 32 --- lib/libexpat/tests/dummy_cxx.cpp | 32 --- lib/libexpat/tests/handlers_cxx.cpp | 32 --- lib/libexpat/tests/memcheck_cxx.cpp | 32 --- lib/libexpat/tests/minicheck_cxx.cpp | 32 --- lib/libexpat/tests/misc_tests.c | 2 +- lib/libexpat/tests/misc_tests_cxx.cpp | 32 --- lib/libexpat/tests/ns_tests_cxx.cpp | 32 --- lib/libexpat/tests/nsalloc_tests.c | 11 +- lib/libexpat/tests/nsalloc_tests_cxx.cpp | 32 --- lib/libexpat/tests/structdata_cxx.cpp | 32 --- 31 files changed, 251 insertions(+), 590 deletions(-) rename lib/libexpat/{tests/runtests_cxx.cpp => lib/random_arc4random_buf.c} (81%) rename lib/libexpat/{tests/acc_tests_cxx.cpp => lib/random_arc4random_buf.h} (83%) delete mode 100644 lib/libexpat/tests/alloc_tests_cxx.cpp delete mode 100644 lib/libexpat/tests/basic_tests_cxx.cpp delete mode 100644 lib/libexpat/tests/chardata_cxx.cpp delete mode 100644 lib/libexpat/tests/common_cxx.cpp delete mode 100644 lib/libexpat/tests/dummy_cxx.cpp delete mode 100644 lib/libexpat/tests/handlers_cxx.cpp delete mode 100644 lib/libexpat/tests/memcheck_cxx.cpp delete mode 100644 lib/libexpat/tests/minicheck_cxx.cpp delete mode 100644 lib/libexpat/tests/misc_tests_cxx.cpp delete mode 100644 lib/libexpat/tests/ns_tests_cxx.cpp delete mode 100644 lib/libexpat/tests/nsalloc_tests_cxx.cpp delete mode 100644 lib/libexpat/tests/structdata_cxx.cpp diff --git a/lib/libexpat/Changes b/lib/libexpat/Changes index 8778f5043e7..87611eea5c0 100644 --- a/lib/libexpat/Changes +++ b/lib/libexpat/Changes @@ -29,6 +29,7 @@ !! THANK YOU! Sebastian Pipping -- Berlin, 2026-03-17 !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +Release 2.8.0 Fri April 24 2026 Security fixes: #47 #1183 CVE-2026-41080 -- The existing hash flooding protection (based on SipHash) only used 4 to 8 bytes of entropy for @@ -45,6 +46,55 @@ internal machinery (by *not* calling either of the two XML_SetHashSalt* functions). + Bug fixes: + #1188 Avoid propagating /dev/urandom file descriptor to child + processes + #1193 Fix interpretation of `errno` after randomization calls + #1195 Avoid assuming uint8_t is a character type + + Other changes: + #1180 #1199 Add support for `getentropy(3)` as a source of entropy; + this helps with protecting against hash flooding attacks, + in particular with WASI SDK (where none of the other + entropy sources supported by libexpat are available). + #1200 Autotools: Add `--without-arc4random` and + `--without-arc4random-buf` + #1200 Autotools: Make `./configure` output report on available + high quality entropy sources + #1173 Autotools|macOS: Sync CMake templates with CMake 4.3.0 + #1201 Autotools|CMake: Improve checks for `arc4random` and + `arc4random_buf` e.g. with modern glibc + #1201 CMake: Report on availability of functions `arc4random` and + `arc4random_buf` + #1201 CMake: Mark entropy related build switches as advanced + #1189 .. + #1203 #1204 Extract new files from entropy extraction code + #1194 Stop duplicating C tests 1:1 as C++ ("runtests_cxx") + #1202 Fix a comment typo in expat_external.h + #1187 Fix grammar in compile error message + #1192 examples: Build warning-free with -Wwrite-strings + #1171 tests: Address harmless warning from Coverity + #1170 #1176 Sync file headers + #1190 #1206 Version info bumped from 12:3:11 (libexpat*.so.1.11.3) + to 13:0:12 (libexpat*.so.1.12.0); see https://verbump.de/ + for what these numbers do + + Infrastructure: + #1166 #1167 .. + #1172 #1175 .. + #1178 #1179 .. + #1185 #1205 CI: Make Perl XML::Parser integration tests run against + both version 2.47 and the latest release 2.58 + #1169 CI: Adapt to breaking changes regarding Inno Setup + #1173 CI: Adapt to breaking changes regarding CMake + #1174 CI: Include public corpus of fuzzer `xml_lpm_fuzzer` with + regression testing + #1181 #1182 CI: Bump WASI SDK from 30 to 32 + + Special thanks to: + Jérôme Duval + Matthew Fernandez + Release 2.7.5 Tue March 17 2026 Security fixes: #1158 CVE-2026-32776 -- Fix NULL function pointer dereference for diff --git a/lib/libexpat/Makefile b/lib/libexpat/Makefile index f52157ad86e..caa1982a74b 100644 --- a/lib/libexpat/Makefile +++ b/lib/libexpat/Makefile @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile,v 1.17 2025/10/23 19:06:10 miod Exp $ +# $OpenBSD: Makefile,v 1.18 2026/05/11 22:41:23 bluhm Exp $ .PATH: ${.CURDIR}/lib LIB= expat -SRCS= xmlparse.c xmltok.c xmlrole.c +SRCS= xmlparse.c xmltok.c xmlrole.c random_arc4random_buf.c CFLAGS+=-I${.CURDIR} -fvisibility=hidden -DXML_ENABLE_VISIBILITY=1 PC_FILES=expat.pc diff --git a/lib/libexpat/README.md b/lib/libexpat/README.md index a67548be7fc..619e60b2d16 100644 --- a/lib/libexpat/README.md +++ b/lib/libexpat/README.md @@ -11,7 +11,7 @@ > at the top of the `Changes` file. -# Expat, Release 2.7.5 +# Expat, Release 2.8.0 This is Expat, a C99 library for parsing [XML 1.0 Fourth Edition](https://www.w3.org/TR/2006/REC-xml-20060816/), started by @@ -297,10 +297,4 @@ EXPAT_SYMBOL_VERSIONING:BOOL=OFF // Treat all compiler warnings as errors EXPAT_WARNINGS_AS_ERRORS:BOOL=OFF - -// Make use of getrandom function (ON|OFF|AUTO) [default=AUTO] -EXPAT_WITH_GETRANDOM:STRING=AUTO - -// Make use of syscall SYS_getrandom (ON|OFF|AUTO) [default=AUTO] -EXPAT_WITH_SYS_GETRANDOM:STRING=AUTO ``` diff --git a/lib/libexpat/doc/reference.html b/lib/libexpat/doc/reference.html index 5faa8d6515a..195bd183fd8 100644 --- a/lib/libexpat/doc/reference.html +++ b/lib/libexpat/doc/reference.html @@ -53,7 +53,7 @@

- The Expat XML Parser Release 2.7.5 + The Expat XML Parser Release 2.8.0

@@ -404,7 +404,11 @@
  • - XML_SetHashSalt + XML_SetHashSalt (deprecated) +
    • + +
  • + XML_SetHashSalt16Bytes
  • @@ -3449,22 +3453,35 @@ XML_SetParamEntityParsing(XML_Parser p,

    - XML_SetHashSalt + XML_SetHashSalt (deprecated) 

     int XMLCALL
-XML_SetHashSalt(XML_Parser p,
+XML_SetHashSalt(XML_Parser parser,
                 unsigned long hash_salt);
    Sets the hash salt to use for internal hash calculations. Helps in preventing DoS attacks based on predicting hash function behavior. In order to have an effect this must be called before parsing has started. Returns 1 if successful, 0 when - called after XML_Parse or XML_ParseBuffer. + called after XML_Parse or XML_ParseBuffer or when + parser is NULL. +

    + Note: Function XML_SetHashSalt is + deprecated. Please use function XML_SetHashSalt16Bytes instead for better + security. XML_SetHashSalt only provides 4 to 8 bytes of entropy + (depending on the size of type unsigned long) while the SipHash + implementation used by Expat can leverage up to 16 bytes of entropy — at least + twice as much. Function XML_SetHashSalt16Bytes of Expat >=2.8.0 + (and where backported) matches the amount of entropy supported by SipHash. +

    +

    Note: This call is optional, as the parser will auto-generate a new - random salt value if no value has been set at the start of parsing. + random salt value internally if no value has been set by the start of parsing.

    @@ -3475,6 +3492,34 @@ XML_SetHashSalt(XML_Parser p,

    +

    + XML_SetHashSalt16Bytes +

    + + 
    +/* Added in Expat 2.8.0. */
+XML_Bool XMLCALL
+XML_SetHashSalt16Bytes(XML_Parser parser,
+                       const uint8_t entropy[16]);
+
    +
    + Sets the hash salt to use for internal hash calculations. Helps in preventing DoS + attacks based on predicting hash function behavior. In order to have an effect + this must be called before parsing has started. Returns XML_TRUE if + successful, XML_FALSE when called after XML_Parse or + XML_ParseBuffer or when parser is NULL. +

    + Note: Setting a salt that is not from a source of high quality + entropy (like getentropy(3)) will make the parser vulnerable to + hash flooding attacks. +

    + +

    + Note: This call is optional, as the parser will auto-generate a new + random salt value internally if no value has been set by the start of parsing. +

    +
    +

    XML_UseForeignDTD

    diff --git a/lib/libexpat/examples/element_declarations.c b/lib/libexpat/examples/element_declarations.c index d644b2ffa5e..d864cf70a2f 100644 --- a/lib/libexpat/examples/element_declarations.c +++ b/lib/libexpat/examples/element_declarations.c @@ -16,6 +16,7 @@ Copyright (c) 2017 Rhodri James Copyright (c) 2019 Zhongyuan Zhou Copyright (c) 2024 Hanno Böck + Copyright (c) 2026 Matthew Fernandez Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -82,7 +83,7 @@ stackPopFree(Stack *stackTop) { return newStackTop; } -static char * +static const char * contentTypeName(enum XML_Content_Type contentType) { switch (contentType) { case XML_CTYPE_EMPTY: @@ -102,7 +103,7 @@ contentTypeName(enum XML_Content_Type contentType) { } } -static char * +static const char * contentQuantName(enum XML_Content_Quant contentQuant) { switch (contentQuant) { case XML_CQUANT_NONE: diff --git a/lib/libexpat/expat_config.h b/lib/libexpat/expat_config.h index 3860f374bbb..a3b9a195852 100644 --- a/lib/libexpat/expat_config.h +++ b/lib/libexpat/expat_config.h @@ -1,8 +1,7 @@ -/* $OpenBSD: expat_config.h,v 1.6 2024/02/11 00:56:28 bluhm Exp $ */ +/* $OpenBSD: expat_config.h,v 1.7 2026/05/11 22:41:23 bluhm Exp $ */ /* quick and dirty conf for OpenBSD */ -#define HAVE_ARC4RANDOM 1 #define HAVE_ARC4RANDOM_BUF 1 #define XML_CONTEXT_BYTES 1024 #define XML_DTD 1 diff --git a/lib/libexpat/lib/expat.h b/lib/libexpat/lib/expat.h index 18dbaebde29..79c609f19aa 100644 --- a/lib/libexpat/lib/expat.h +++ b/lib/libexpat/lib/expat.h @@ -45,6 +45,7 @@ #ifndef Expat_INCLUDED # define Expat_INCLUDED 1 +# include // for uint8_t # include # include "expat_external.h" @@ -917,10 +918,21 @@ XML_SetParamEntityParsing(XML_Parser parser, function behavior. This must be called before parsing is started. Returns 1 if successful, 0 when called after parsing has started. Note: If parser == NULL, the function will do nothing and return 0. + DEPRECATED since Expat 2.8.0. */ XMLPARSEAPI(int) XML_SetHashSalt(XML_Parser parser, unsigned long hash_salt); +/* Sets the hash salt to use for internal hash calculations. + Helps in preventing DoS attacks based on predicting hash function behavior. + This must be called before parsing is started. + Returns XML_TRUE if successful, XML_FALSE when called after parsing has + started or when parser is NULL. + Added in Expat 2.8.0. +*/ +XMLPARSEAPI(XML_Bool) +XML_SetHashSalt16Bytes(XML_Parser parser, const uint8_t entropy[16]); + /* If XML_Parse or XML_ParseBuffer have returned XML_STATUS_ERROR, then XML_GetErrorCode returns information about the error. */ @@ -1081,8 +1093,8 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled); See https://semver.org */ # define XML_MAJOR_VERSION 2 -# define XML_MINOR_VERSION 7 -# define XML_MICRO_VERSION 5 +# define XML_MINOR_VERSION 8 +# define XML_MICRO_VERSION 0 # ifdef __cplusplus } diff --git a/lib/libexpat/lib/expat_external.h b/lib/libexpat/lib/expat_external.h index d9ddeb612f6..7f5c4c3aae4 100644 --- a/lib/libexpat/lib/expat_external.h +++ b/lib/libexpat/lib/expat_external.h @@ -12,9 +12,10 @@ Copyright (c) 2001-2002 Greg Stein Copyright (c) 2002-2006 Karl Waclawek Copyright (c) 2016 Cristian Rodríguez - Copyright (c) 2016-2026 Sebastian Pipping + Copyright (c) 2016-2025 Sebastian Pipping Copyright (c) 2017 Rhodri James Copyright (c) 2018 Yury Gribov + Copyright (c) 2026 Matthew Fernandez Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -45,7 +46,7 @@ /* Expat tries very hard to make the API boundary very specifically defined. There are two macros defined to control this boundary; each of these can be defined before including this header to - achieve some different behavior, but doing so it not recommended or + achieve some different behavior, but doing so is not recommended or tested frequently. XMLCALL - The calling convention to use for all calls across the diff --git a/lib/libexpat/lib/internal.h b/lib/libexpat/lib/internal.h index 1995c17b7d9..420d4217a56 100644 --- a/lib/libexpat/lib/internal.h +++ b/lib/libexpat/lib/internal.h @@ -28,7 +28,7 @@ Copyright (c) 2002-2003 Fred L. Drake, Jr. Copyright (c) 2002-2006 Karl Waclawek Copyright (c) 2003 Greg Stein - Copyright (c) 2016-2025 Sebastian Pipping + Copyright (c) 2016-2026 Sebastian Pipping Copyright (c) 2018 Yury Gribov Copyright (c) 2019 David Loffredo Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow diff --git a/lib/libexpat/tests/runtests_cxx.cpp b/lib/libexpat/lib/random_arc4random_buf.c similarity index 81% rename from lib/libexpat/tests/runtests_cxx.cpp rename to lib/libexpat/lib/random_arc4random_buf.c index 396714560a0..1476f07ba1a 100644 --- a/lib/libexpat/tests/runtests_cxx.cpp +++ b/lib/libexpat/lib/random_arc4random_buf.c @@ -1,7 +1,4 @@ -/* C++ compilation harness for the test suite. - - This is used to ensure the Expat headers can be included from C++ - and have everything work as expected. +/* __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| @@ -9,8 +6,7 @@ \___/_/\_\ .__/ \__,_|\__| |_| XML parser - Copyright (c) 2005 Fred L. Drake, Jr. - Copyright (c) 2017-2023 Sebastian Pipping + Copyright (c) 2026 Sebastian Pipping Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -33,4 +29,15 @@ USE OR OTHER DEALINGS IN THE SOFTWARE. */ -#include "runtests.c" +#include "random_arc4random_buf.h" + +#if ! defined(_DEFAULT_SOURCE) +# define _DEFAULT_SOURCE 1 /* for glibc */ +#endif + +#include // for arc4random_buf + +void +writeRandomBytes_arc4random_buf(void *target, size_t count) { + arc4random_buf(target, count); +} diff --git a/lib/libexpat/tests/acc_tests_cxx.cpp b/lib/libexpat/lib/random_arc4random_buf.h similarity index 83% rename from lib/libexpat/tests/acc_tests_cxx.cpp rename to lib/libexpat/lib/random_arc4random_buf.h index 01644991ae5..51f7a31f285 100644 --- a/lib/libexpat/tests/acc_tests_cxx.cpp +++ b/lib/libexpat/lib/random_arc4random_buf.h @@ -1,4 +1,4 @@ -/* C++ compilation harness for the test suite. +/* __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| @@ -6,7 +6,7 @@ \___/_/\_\ .__/ \__,_|\__| |_| XML parser - Copyright (c) 2023 Sebastian Pipping + Copyright (c) 2026 Sebastian Pipping Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -29,4 +29,11 @@ USE OR OTHER DEALINGS IN THE SOFTWARE. */ -#include "acc_tests.c" +#if ! defined(RANDOM_ACR4RANDOM_BUF_H) +# define RANDOM_ACR4RANDOM_BUF_H 1 + +# include // for size_t + +void writeRandomBytes_arc4random_buf(void *target, size_t count); + +#endif // ! defined(RANDOM_ACR4RANDOM_BUF_H) diff --git a/lib/libexpat/lib/xmlparse.c b/lib/libexpat/lib/xmlparse.c index fe95a47ce22..620d1e4b46e 100644 --- a/lib/libexpat/lib/xmlparse.c +++ b/lib/libexpat/lib/xmlparse.c @@ -1,4 +1,4 @@ -/* 93c1caa66e2b0310459482516af05505b57c5cb7b96df777105308fc585c85d1 (2.7.5+) +/* a5d18f6a50f536615ac1c70304f87d94f99cc85a86b502188952440610ccf0f8 (2.8.0+) __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| @@ -41,10 +41,12 @@ Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow Copyright (c) 2024-2025 Berkay Eren Ürün Copyright (c) 2024 Hanno Böck - Copyright (c) 2025 Matthew Fernandez + Copyright (c) 2025-2026 Matthew Fernandez Copyright (c) 2025 Atrem Borovik Copyright (c) 2025 Alfonso Gregory Copyright (c) 2026 Rosen Penev + Copyright (c) 2026 Francesco Bertolaccini + Copyright (c) 2026 Christian Ng Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -84,28 +86,16 @@ # error XML_CONTEXT_BYTES must be defined, non-empty and >=0 (0 to disable, >=1 to enable; 1024 is a common default) #endif -#if defined(HAVE_SYSCALL_GETRANDOM) -# if ! defined(_GNU_SOURCE) -# define _GNU_SOURCE 1 /* syscall prototype */ -# endif -#endif - -#ifdef _WIN32 -/* force stdlib to define rand_s() */ -# if ! defined(_CRT_RAND_S) -# define _CRT_RAND_S -# endif -#endif - #include #include #include /* memset(), memcpy() */ #include #include /* INT_MAX, UINT_MAX */ #include /* fprintf */ -#include /* getenv, rand_s */ +#include /* getenv */ #include /* SIZE_MAX, uintptr_t */ #include /* isnan */ +#include #ifdef _WIN32 # define getpid GetCurrentProcessId @@ -125,26 +115,34 @@ #include "expat.h" #include "siphash.h" -#if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) -# if defined(HAVE_GETRANDOM) -# include /* getrandom */ -# else -# include /* syscall */ -# include /* SYS_getrandom */ -# endif -# if ! defined(GRND_NONBLOCK) -# define GRND_NONBLOCK 0x0001 -# endif /* defined(GRND_NONBLOCK) */ -#endif /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */ +#if defined(HAVE_ARC4RANDOM) +# include "random_arc4random.h" +#endif /* defined(HAVE_ARC4RANDOM) */ -#if defined(_WIN32) && ! defined(LOAD_LIBRARY_SEARCH_SYSTEM32) -# define LOAD_LIBRARY_SEARCH_SYSTEM32 0x00000800 -#endif +#if defined(HAVE_ARC4RANDOM_BUF) +# include "random_arc4random_buf.h" +#endif // defined(HAVE_ARC4RANDOM_BUF) + +#if defined(XML_DEV_URANDOM) +# include "random_dev_urandom.h" +#endif /* defined(XML_DEV_URANDOM) */ + +#if defined(HAVE_GETENTROPY) +# include "random_getentropy.h" +#endif // defined(HAVE_GETENTROPY) + +#if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) +# include "random_getrandom.h" +#endif /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */ + +#if defined(_WIN32) +# include "random_rand_s.h" +#endif /* defined(_WIN32) */ #if ! defined(HAVE_GETRANDOM) && ! defined(HAVE_SYSCALL_GETRANDOM) \ && ! defined(HAVE_ARC4RANDOM_BUF) && ! defined(HAVE_ARC4RANDOM) \ - && ! defined(XML_DEV_URANDOM) && ! defined(_WIN32) \ - && ! defined(XML_POOR_ENTROPY) + && ! defined(HAVE_GETENTROPY) && ! defined(XML_DEV_URANDOM) \ + && ! defined(_WIN32) && ! defined(XML_POOR_ENTROPY) # error You do not have support for any sources of high quality entropy \ enabled. For end user security, that is probably not what you want. \ \ @@ -153,10 +151,11 @@ * Linux >=3.17 + glibc (including <2.25) (syscall SYS_getrandom): HAVE_SYSCALL_GETRANDOM, \ * BSD / macOS >=10.7 / glibc >=2.36 (arc4random_buf): HAVE_ARC4RANDOM_BUF, \ * BSD / macOS (including <10.7) / glibc >=2.36 (arc4random): HAVE_ARC4RANDOM, \ + * BSD / macOS >=10.12 / glibc >=2.25 (getentropy): HAVE_GETENTROPY, \ * Linux (including <3.17) / BSD / macOS (including <10.7) / Solaris >=8 (/dev/urandom): XML_DEV_URANDOM, \ * Windows >=Vista (rand_s): _WIN32. \ \ - If insist on not using any of these, bypass this error by defining \ + If you insist on not using any of these, bypass this error by defining \ XML_POOR_ENTROPY; you have been warned. \ \ If you have reasons to patch this detection code away or need changes \ @@ -1037,135 +1036,6 @@ static const XML_Char implicitContext[] ASCII_s, ASCII_p, ASCII_a, ASCII_c, ASCII_e, '\0'}; -/* To avoid warnings about unused functions: */ -#if ! defined(HAVE_ARC4RANDOM_BUF) && ! defined(HAVE_ARC4RANDOM) - -# if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) - -/* Obtain entropy on Linux 3.17+ */ -static int -writeRandomBytes_getrandom_nonblock(void *target, size_t count) { - int success = 0; /* full count bytes written? */ - size_t bytesWrittenTotal = 0; - const unsigned int getrandomFlags = GRND_NONBLOCK; - - do { - void *const currentTarget = (void *)((char *)target + bytesWrittenTotal); - const size_t bytesToWrite = count - bytesWrittenTotal; - - assert(bytesToWrite <= INT_MAX); - - const int bytesWrittenMore = -# if defined(HAVE_GETRANDOM) - (int)getrandom(currentTarget, bytesToWrite, getrandomFlags); -# else - (int)syscall(SYS_getrandom, currentTarget, bytesToWrite, - getrandomFlags); -# endif - - if (bytesWrittenMore > 0) { - bytesWrittenTotal += bytesWrittenMore; - if (bytesWrittenTotal >= count) - success = 1; - } - } while (! success && (errno == EINTR)); - - return success; -} - -# endif /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */ - -# if ! defined(_WIN32) && defined(XML_DEV_URANDOM) - -/* Extract entropy from /dev/urandom */ -static int -writeRandomBytes_dev_urandom(void *target, size_t count) { - int success = 0; /* full count bytes written? */ - size_t bytesWrittenTotal = 0; - - const int fd = open("/dev/urandom", O_RDONLY); - if (fd < 0) { - return 0; - } - - do { - void *const currentTarget = (void *)((char *)target + bytesWrittenTotal); - const size_t bytesToWrite = count - bytesWrittenTotal; - - const ssize_t bytesWrittenMore = read(fd, currentTarget, bytesToWrite); - - if (bytesWrittenMore > 0) { - bytesWrittenTotal += bytesWrittenMore; - if (bytesWrittenTotal >= count) - success = 1; - } - } while (! success && (errno == EINTR)); - - close(fd); - return success; -} - -# endif /* ! defined(_WIN32) && defined(XML_DEV_URANDOM) */ - -#endif /* ! defined(HAVE_ARC4RANDOM_BUF) && ! defined(HAVE_ARC4RANDOM) */ - -#if defined(HAVE_ARC4RANDOM) && ! defined(HAVE_ARC4RANDOM_BUF) - -static void -writeRandomBytes_arc4random(void *target, size_t count) { - size_t bytesWrittenTotal = 0; - - while (bytesWrittenTotal < count) { - const uint32_t random32 = arc4random(); - size_t i = 0; - - for (; (i < sizeof(random32)) && (bytesWrittenTotal < count); - i++, bytesWrittenTotal++) { - const uint8_t random8 = (uint8_t)(random32 >> (i * 8)); - ((uint8_t *)target)[bytesWrittenTotal] = random8; - } - } -} - -#endif /* defined(HAVE_ARC4RANDOM) && ! defined(HAVE_ARC4RANDOM_BUF) */ - -#ifdef _WIN32 - -/* Provide declaration of rand_s() for MinGW-32 (not 64, which has it), - as it didn't declare it in its header prior to version 5.3.0 of its - runtime package (mingwrt, containing stdlib.h). The upstream fix - was introduced at https://osdn.net/projects/mingw/ticket/39658 . */ -# if defined(__MINGW32__) && defined(__MINGW32_VERSION) \ - && __MINGW32_VERSION < 5003000L && ! defined(__MINGW64_VERSION_MAJOR) -__declspec(dllimport) int rand_s(unsigned int *); -# endif - -/* Obtain entropy on Windows using the rand_s() function which - * generates cryptographically secure random numbers. Internally it - * uses RtlGenRandom API which is present in Windows XP and later. - */ -static int -writeRandomBytes_rand_s(void *target, size_t count) { - size_t bytesWrittenTotal = 0; - - while (bytesWrittenTotal < count) { - unsigned int random32 = 0; - size_t i = 0; - - if (rand_s(&random32)) - return 0; /* failure */ - - for (; (i < sizeof(random32)) && (bytesWrittenTotal < count); - i++, bytesWrittenTotal++) { - const uint8_t random8 = (uint8_t)(random32 >> (i * 8)); - ((uint8_t *)target)[bytesWrittenTotal] = random8; - } - } - return 1; /* success */ -} - -#endif /* _WIN32 */ - #if ! defined(HAVE_ARC4RANDOM_BUF) && ! defined(HAVE_ARC4RANDOM) static unsigned long @@ -1211,7 +1081,7 @@ generate_hash_secret_salt(void) { /* "Failproof" high quality providers: */ #if defined(HAVE_ARC4RANDOM_BUF) - arc4random_buf(&entropy, sizeof(entropy)); + writeRandomBytes_arc4random_buf(&entropy, sizeof(entropy)); return ENTROPY_DEBUG("arc4random_buf", entropy); #elif defined(HAVE_ARC4RANDOM) writeRandomBytes_arc4random(&entropy, sizeof(entropy)); @@ -1222,6 +1092,11 @@ generate_hash_secret_salt(void) { if (writeRandomBytes_rand_s(&entropy, sizeof(entropy))) { return ENTROPY_DEBUG("rand_s", entropy); } +# elif defined(HAVE_GETENTROPY) + if (writeRandomBytes_getentropy(&entropy, sizeof(entropy))) { + return ENTROPY_DEBUG("getentropy", entropy); + } + errno = 0; # elif defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) if (writeRandomBytes_getrandom_nonblock(&entropy, sizeof(entropy))) { return ENTROPY_DEBUG("getrandom", entropy); @@ -2328,6 +2203,7 @@ XML_SetParamEntityParsing(XML_Parser parser, #endif } +// DEPRECATED since Expat 2.8.0. int XMLCALL XML_SetHashSalt(XML_Parser parser, unsigned long hash_salt) { if (parser == NULL) @@ -2355,6 +2231,30 @@ XML_SetHashSalt(XML_Parser parser, unsigned long hash_salt) { return 1; } +XML_Bool XMLCALL +XML_SetHashSalt16Bytes(XML_Parser parser, const uint8_t entropy[16]) { + if (parser == NULL) + return XML_FALSE; + + if (entropy == NULL) + return XML_FALSE; + + const XML_Parser rootParser = getRootParserOf(parser, NULL); + assert(! rootParser->m_parentParser); + + /* block after XML_Parse()/XML_ParseBuffer() has been called */ + if (parserBusy(rootParser)) + return XML_FALSE; + + sip_tokey(&(rootParser->m_hash_secret_salt_128), entropy); + + rootParser->m_hash_secret_salt_set = XML_TRUE; + + ENTROPY_DEBUG("explicit(16)", rootParser->m_hash_secret_salt_128); + + return XML_TRUE; +} + enum XML_Status XMLCALL XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) { if ((parser == NULL) || (len < 0) || ((s == NULL) && (len != 0))) { diff --git a/lib/libexpat/lib/xmlrole.c b/lib/libexpat/lib/xmlrole.c index b1dfb456e5d..d56bee82dd2 100644 --- a/lib/libexpat/lib/xmlrole.c +++ b/lib/libexpat/lib/xmlrole.c @@ -12,7 +12,7 @@ Copyright (c) 2002-2006 Karl Waclawek Copyright (c) 2002-2003 Fred L. Drake, Jr. Copyright (c) 2005-2009 Steven Solie - Copyright (c) 2016-2026 Sebastian Pipping + Copyright (c) 2016-2023 Sebastian Pipping Copyright (c) 2017 Rhodri James Copyright (c) 2019 David Loffredo Copyright (c) 2021 Donghee Na diff --git a/lib/libexpat/lib/xmltok.c b/lib/libexpat/lib/xmltok.c index f6e5f742c92..32cd5f147e9 100644 --- a/lib/libexpat/lib/xmltok.c +++ b/lib/libexpat/lib/xmltok.c @@ -12,7 +12,7 @@ Copyright (c) 2002 Greg Stein Copyright (c) 2002-2016 Karl Waclawek Copyright (c) 2005-2009 Steven Solie - Copyright (c) 2016-2026 Sebastian Pipping + Copyright (c) 2016-2024 Sebastian Pipping Copyright (c) 2016 Pascal Cuoq Copyright (c) 2016 Don Lewis Copyright (c) 2017 Rhodri James diff --git a/lib/libexpat/lib/xmltok_ns.c b/lib/libexpat/lib/xmltok_ns.c index 1cd60de1e4f..810ca2c6d04 100644 --- a/lib/libexpat/lib/xmltok_ns.c +++ b/lib/libexpat/lib/xmltok_ns.c @@ -11,7 +11,7 @@ Copyright (c) 2002 Greg Stein Copyright (c) 2002 Fred L. Drake, Jr. Copyright (c) 2002-2006 Karl Waclawek - Copyright (c) 2017-2026 Sebastian Pipping + Copyright (c) 2017-2021 Sebastian Pipping Copyright (c) 2025 Alfonso Gregory Licensed under the MIT license: diff --git a/lib/libexpat/shlib_version b/lib/libexpat/shlib_version index ffdd3d2d569..730231c38d0 100644 --- a/lib/libexpat/shlib_version +++ b/lib/libexpat/shlib_version @@ -1,2 +1,2 @@ major=17 -minor=0 +minor=1 diff --git a/lib/libexpat/tests/alloc_tests_cxx.cpp b/lib/libexpat/tests/alloc_tests_cxx.cpp deleted file mode 100644 index 3270b1a6c98..00000000000 --- a/lib/libexpat/tests/alloc_tests_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "alloc_tests.c" diff --git a/lib/libexpat/tests/basic_tests.c b/lib/libexpat/tests/basic_tests.c index 168be9c5dac..cea306134cb 100644 --- a/lib/libexpat/tests/basic_tests.c +++ b/lib/libexpat/tests/basic_tests.c @@ -20,6 +20,7 @@ Copyright (c) 2021 Donghee Na Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow Copyright (c) 2024-2025 Berkay Eren Ürün + Copyright (c) 2026 Francesco Bertolaccini Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -204,6 +205,30 @@ START_TEST(test_hash_collision) { END_TEST #undef COLLIDING_HASH_SALT +START_TEST(test_hash_salt_setter) { + const uint8_t entropy[16] = {'0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; + XML_Parser parser = XML_ParserCreate(NULL); + + // NULL parser should be rejected + assert_true(XML_SetHashSalt16Bytes(NULL, entropy) == XML_FALSE); + + // NULL entropy should be rejected + assert_true(XML_SetHashSalt16Bytes(parser, NULL) == XML_FALSE); + + // Setting should be allowed more than once + assert_true(XML_SetHashSalt16Bytes(parser, entropy) == XML_TRUE); + assert_true(XML_SetHashSalt16Bytes(parser, entropy) == XML_TRUE); + + // But not after parsing has started + assert_true(XML_Parse(parser, "", 0, XML_FALSE /* isFinal */) + == XML_STATUS_OK); + assert_true(XML_SetHashSalt16Bytes(parser, entropy) == XML_FALSE); + + XML_ParserFree(parser); +} +END_TEST + /* Regression test for SF bug #491986. */ START_TEST(test_danish_latin1) { const char *text = "\n" @@ -6296,6 +6321,7 @@ make_basic_test_case(Suite *s) { tcase_add_test(tc_basic, test_bom_utf16_le); tcase_add_test(tc_basic, test_nobom_utf16_le); tcase_add_test(tc_basic, test_hash_collision); + tcase_add_test(tc_basic, test_hash_salt_setter); tcase_add_test(tc_basic, test_illegal_utf8); tcase_add_test(tc_basic, test_utf8_auto_align); tcase_add_test(tc_basic, test_utf16); diff --git a/lib/libexpat/tests/basic_tests_cxx.cpp b/lib/libexpat/tests/basic_tests_cxx.cpp deleted file mode 100644 index d7e75a9061c..00000000000 --- a/lib/libexpat/tests/basic_tests_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "basic_tests.c" diff --git a/lib/libexpat/tests/chardata_cxx.cpp b/lib/libexpat/tests/chardata_cxx.cpp deleted file mode 100644 index 81820c72dca..00000000000 --- a/lib/libexpat/tests/chardata_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "chardata.c" diff --git a/lib/libexpat/tests/common_cxx.cpp b/lib/libexpat/tests/common_cxx.cpp deleted file mode 100644 index 698a0ccfa9d..00000000000 --- a/lib/libexpat/tests/common_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "common.c" diff --git a/lib/libexpat/tests/dummy_cxx.cpp b/lib/libexpat/tests/dummy_cxx.cpp deleted file mode 100644 index 27c9f431ecd..00000000000 --- a/lib/libexpat/tests/dummy_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "dummy.c" diff --git a/lib/libexpat/tests/handlers_cxx.cpp b/lib/libexpat/tests/handlers_cxx.cpp deleted file mode 100644 index 86c62b159cc..00000000000 --- a/lib/libexpat/tests/handlers_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "handlers.c" diff --git a/lib/libexpat/tests/memcheck_cxx.cpp b/lib/libexpat/tests/memcheck_cxx.cpp deleted file mode 100644 index e62ac98999c..00000000000 --- a/lib/libexpat/tests/memcheck_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "memcheck.c" diff --git a/lib/libexpat/tests/minicheck_cxx.cpp b/lib/libexpat/tests/minicheck_cxx.cpp deleted file mode 100644 index 58881c60ba0..00000000000 --- a/lib/libexpat/tests/minicheck_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "minicheck.c" diff --git a/lib/libexpat/tests/misc_tests.c b/lib/libexpat/tests/misc_tests.c index 1c508bd1046..6d1a2f1488b 100644 --- a/lib/libexpat/tests/misc_tests.c +++ b/lib/libexpat/tests/misc_tests.c @@ -212,7 +212,7 @@ START_TEST(test_misc_version) { if (! versions_equal(&read_version, &parsed_version)) fail("Version mismatch"); - if (xcstrcmp(version_text, XCS("expat_2.7.5")) + if (xcstrcmp(version_text, XCS("expat_2.8.0")) != 0) /* needs bump on releases */ fail("XML_*_VERSION in expat.h out of sync?\n"); } diff --git a/lib/libexpat/tests/misc_tests_cxx.cpp b/lib/libexpat/tests/misc_tests_cxx.cpp deleted file mode 100644 index 0b84c1b1f4d..00000000000 --- a/lib/libexpat/tests/misc_tests_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "misc_tests.c" diff --git a/lib/libexpat/tests/ns_tests_cxx.cpp b/lib/libexpat/tests/ns_tests_cxx.cpp deleted file mode 100644 index b2fe187bb8b..00000000000 --- a/lib/libexpat/tests/ns_tests_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "ns_tests.c" diff --git a/lib/libexpat/tests/nsalloc_tests.c b/lib/libexpat/tests/nsalloc_tests.c index 9e26d4ee141..830bd1953b7 100644 --- a/lib/libexpat/tests/nsalloc_tests.c +++ b/lib/libexpat/tests/nsalloc_tests.c @@ -10,7 +10,7 @@ Copyright (c) 2003 Greg Stein Copyright (c) 2005-2007 Steven Solie Copyright (c) 2005-2012 Karl Waclawek - Copyright (c) 2016-2025 Sebastian Pipping + Copyright (c) 2016-2026 Sebastian Pipping Copyright (c) 2017-2022 Rhodri James Copyright (c) 2017 Joe Orton Copyright (c) 2017 José Gutiérrez de la Concha @@ -18,6 +18,7 @@ Copyright (c) 2019 David Loffredo Copyright (c) 2020 Tim Gates Copyright (c) 2021 Donghee Na + Copyright (c) 2026 Christian Ng Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -1507,7 +1508,7 @@ END_TEST /* Verify that retry after OOM in setContext() does not crash. */ -START_TEST(test_nsalloc_setContext_zombie) { +START_TEST(test_nsalloc_set_context_zombie) { const char *text = "Hello"; unsigned int i; const unsigned int max_alloc_count = 30; @@ -1519,7 +1520,9 @@ START_TEST(test_nsalloc_setContext_zombie) { break; /* Retry on the same parser — must not crash */ g_allocation_count = ALLOC_ALWAYS_SUCCEED; - XML_Parse(g_parser, text, (int)strlen(text), XML_TRUE); + const enum XML_Status status + = XML_Parse(g_parser, text, (int)strlen(text), XML_TRUE); + (void)status; nsalloc_teardown(); nsalloc_setup(); @@ -1565,5 +1568,5 @@ make_nsalloc_test_case(Suite *s) { tcase_add_test__if_xml_ge(tc_nsalloc, test_nsalloc_long_default_in_ext); tcase_add_test(tc_nsalloc, test_nsalloc_long_systemid_in_ext); tcase_add_test(tc_nsalloc, test_nsalloc_prefixed_element); - tcase_add_test(tc_nsalloc, test_nsalloc_setContext_zombie); + tcase_add_test(tc_nsalloc, test_nsalloc_set_context_zombie); } diff --git a/lib/libexpat/tests/nsalloc_tests_cxx.cpp b/lib/libexpat/tests/nsalloc_tests_cxx.cpp deleted file mode 100644 index 9ba75d1c536..00000000000 --- a/lib/libexpat/tests/nsalloc_tests_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "nsalloc_tests.c" diff --git a/lib/libexpat/tests/structdata_cxx.cpp b/lib/libexpat/tests/structdata_cxx.cpp deleted file mode 100644 index 43448f63405..00000000000 --- a/lib/libexpat/tests/structdata_cxx.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* C++ compilation harness for the test suite. - __ __ _ - ___\ \/ /_ __ __ _| |_ - / _ \\ /| '_ \ / _` | __| - | __// \| |_) | (_| | |_ - \___/_/\_\ .__/ \__,_|\__| - |_| XML parser - - Copyright (c) 2023 Sebastian Pipping - Licensed under the MIT license: - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to permit - persons to whom the Software is furnished to do so, subject to the - following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN - NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, - DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE - USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ - -#include "structdata.c"