Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

[3.13] gh-123678: Upgrade libexpat 2.6.3 (GH-123689) (GH-123707) 

gh-123678: Upgrade libexpat 2.6.3 (GH-123689)

(cherry picked from commit 40bdb0deee)

Co-authored-by: Seth Michael Larson <seth@python.org>
This commit is contained in:
Miss Islington (bot) 2024-09-05 13:37:40 +02:00 committed by GitHub
parent 3765181359
commit 9810dfa352
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 46 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Misc/NEWS.d/next/Security/2024-09-04-12-41-35.gh-issue-123678.N41y9n.rst Normal file
View File

@ -0,0 +1 @@
Upgrade libexpat to 2.6.3

20
Misc/sbom.spdx.json generated
View File

@ -48,11 +48,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "4076a884f0ca96873589b5c8159e2e5bfb8b829a" "checksumValue": "6aaee1b194bea30f0a60d1cce71eada8b14d3526"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "1a434bf3d2f9fb8a0b5adb79201a942788d11824c3e5b46a0b9962c0c482016c" "checksumValue": "7bd4e53a8015534b5bbb58afe1a131b3989d3d4fca29bca685c44d34bcaa2555"
} }
], ],
"fileName": "Modules/expat/expat.h" "fileName": "Modules/expat/expat.h"
@ -146,11 +146,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "4c49b5df2bc702f663ba3b5a52d1940ec363226b" "checksumValue": "aca27f46d9fd387b63ce7ff2e4f172cad130b39b"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "b5ec29f6560acc183f1ee8ab92bb3aea17b87b4c2120cd2e3f78deba7a12491e" "checksumValue": "f537add526ecda8389503b7ef45fb52b6217e4dc171dcc3a8dc6903ff6134726"
} }
], ],
"fileName": "Modules/expat/siphash.h" "fileName": "Modules/expat/siphash.h"
@ -188,11 +188,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "fed1311be8577491b7f63085a27014eabf2caec8" "checksumValue": "b2ec0ad170ccc21e63fbcfc8d7404cdd756eedd3"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "3dc233eca5fa1bb7387c503f8a12d840707e4374b229e05d5657db9645725040" "checksumValue": "92159d4e17393e56ee85f47d9fb31348695a58589899aa01e7536cdc88f60b85"
} }
], ],
"fileName": "Modules/expat/xmlparse.c" "fileName": "Modules/expat/xmlparse.c"
@ -1562,14 +1562,14 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "d4cf38d26e21a56654ffe4acd9cd5481164619626802328506a2869afab29ab3" "checksumValue": "17aa6cfc5c4c219c09287abfc10bc13f0c06f30bb654b28bfe6f567ca646eb79"
} }
], ],
"downloadLocation": "https://github.com/libexpat/libexpat/releases/download/R_2_6_2/expat-2.6.2.tar.gz", "downloadLocation": "https://github.com/libexpat/libexpat/releases/download/R_2_6_3/expat-2.6.3.tar.gz",
"externalRefs": [ "externalRefs": [
{ {
"referenceCategory": "SECURITY", "referenceCategory": "SECURITY",
"referenceLocator": "cpe:2.3:a:libexpat_project:libexpat:2.6.2:*:*:*:*:*:*:*", "referenceLocator": "cpe:2.3:a:libexpat_project:libexpat:2.6.3:*:*:*:*:*:*:*",
"referenceType": "cpe23Type" "referenceType": "cpe23Type"
} }
], ],
@ -1577,7 +1577,7 @@
"name": "expat", "name": "expat",
"originator": "Organization: Expat development team", "originator": "Organization: Expat development team",
"primaryPackagePurpose": "SOURCE", "primaryPackagePurpose": "SOURCE",
"versionInfo": "2.6.2" "versionInfo": "2.6.3"
}, },
{ {
"SPDXID": "SPDXRef-PACKAGE-hacl-star", "SPDXID": "SPDXRef-PACKAGE-hacl-star",

2
Modules/expat/expat.h
View File

@ -1066,7 +1066,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled);
*/ */
#define XML_MAJOR_VERSION 2 #define XML_MAJOR_VERSION 2
#define XML_MINOR_VERSION 6 #define XML_MINOR_VERSION 6
#define XML_MICRO_VERSION 2 #define XML_MICRO_VERSION 3
#ifdef __cplusplus #ifdef __cplusplus
} }

3
Modules/expat/siphash.h
View File

@ -126,8 +126,7 @@
| ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) \ | ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) \
| ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56)) | ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56))
#define SIPHASH_INITIALIZER \ #define SIPHASH_INITIALIZER {0, 0, 0, 0, {0}, 0, 0}
{ 0, 0, 0, 0, {0}, 0, 0 }
struct siphash { struct siphash {
uint64_t v0, v1, v2, v3; uint64_t v0, v1, v2, v3;

45
Modules/expat/xmlparse.c
View File

@ -1,4 +1,4 @@
/* 2a14271ad4d35e82bde8ba210b4edb7998794bcbae54deab114046a300f9639a (2.6.2+) /* ba4cdf9bdb534f355a9def4c9e25d20ee8e72f95b0a4d930be52e563f5080196 (2.6.3+)
__ __ _ __ __ _
___\ \/ /_ __ __ _| |_ ___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __| / _ \\ /| '_ \ / _` | __|
@ -39,6 +39,7 @@
Copyright (c) 2022 Sean McBride <sean@rogue-research.com> Copyright (c) 2022 Sean McBride <sean@rogue-research.com>
Copyright (c) 2023 Owain Davies <owaind@bath.edu> Copyright (c) 2023 Owain Davies <owaind@bath.edu>
Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <snild@sony.com> Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <snild@sony.com>
Copyright (c) 2024 Berkay Eren Ürün <berkay.ueruen@siemens.com>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -294,7 +295,7 @@ typedef struct {
The name of the element is stored in both the document and API The name of the element is stored in both the document and API
encodings. The memory buffer 'buf' is a separately-allocated encodings. The memory buffer 'buf' is a separately-allocated
memory area which stores the name. During the XML_Parse()/ memory area which stores the name. During the XML_Parse()/
XMLParseBuffer() when the element is open, the memory for the 'raw' XML_ParseBuffer() when the element is open, the memory for the 'raw'
version of the name (in the document encoding) is shared with the version of the name (in the document encoding) is shared with the
document buffer. If the element is open across calls to document buffer. If the element is open across calls to
XML_Parse()/XML_ParseBuffer(), the buffer is re-allocated to XML_Parse()/XML_ParseBuffer(), the buffer is re-allocated to
@ -2038,6 +2039,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) {
if (parser == NULL) if (parser == NULL)
return XML_STATUS_ERROR; return XML_STATUS_ERROR;
if (len < 0) {
parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT;
return XML_STATUS_ERROR;
}
switch (parser->m_parsingStatus.parsing) { switch (parser->m_parsingStatus.parsing) {
case XML_SUSPENDED: case XML_SUSPENDED:
parser->m_errorCode = XML_ERROR_SUSPENDED; parser->m_errorCode = XML_ERROR_SUSPENDED;
@ -5846,18 +5853,17 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) {
/* Set a safe default value in case 'next' does not get set */ /* Set a safe default value in case 'next' does not get set */
next = textStart; next = textStart;
#ifdef XML_DTD
if (entity->is_param) { if (entity->is_param) {
int tok int tok
= XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
tok, next, &next, XML_FALSE, XML_FALSE, tok, next, &next, XML_FALSE, XML_FALSE,
XML_ACCOUNT_ENTITY_EXPANSION); XML_ACCOUNT_ENTITY_EXPANSION);
} else } else {
#endif /* XML_DTD */
result = doContent(parser, parser->m_tagLevel, parser->m_internalEncoding, result = doContent(parser, parser->m_tagLevel, parser->m_internalEncoding,
textStart, textEnd, &next, XML_FALSE, textStart, textEnd, &next, XML_FALSE,
XML_ACCOUNT_ENTITY_EXPANSION); XML_ACCOUNT_ENTITY_EXPANSION);
}
if (result == XML_ERROR_NONE) { if (result == XML_ERROR_NONE) {
if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) { if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
@ -5894,18 +5900,17 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
/* Set a safe default value in case 'next' does not get set */ /* Set a safe default value in case 'next' does not get set */
next = textStart; next = textStart;
#ifdef XML_DTD
if (entity->is_param) { if (entity->is_param) {
int tok int tok
= XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
tok, next, &next, XML_FALSE, XML_TRUE, tok, next, &next, XML_FALSE, XML_TRUE,
XML_ACCOUNT_ENTITY_EXPANSION); XML_ACCOUNT_ENTITY_EXPANSION);
} else } else {
#endif /* XML_DTD */
result = doContent(parser, openEntity->startTagLevel, result = doContent(parser, openEntity->startTagLevel,
parser->m_internalEncoding, textStart, textEnd, &next, parser->m_internalEncoding, textStart, textEnd, &next,
XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION); XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION);
}
if (result != XML_ERROR_NONE) if (result != XML_ERROR_NONE)
return result; return result;
@ -5932,7 +5937,6 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
return XML_ERROR_NONE; return XML_ERROR_NONE;
} }
#ifdef XML_DTD
if (entity->is_param) { if (entity->is_param) {
int tok; int tok;
parser->m_processor = prologProcessor; parser->m_processor = prologProcessor;
@ -5940,9 +5944,7 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
(XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE, (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE,
XML_ACCOUNT_DIRECT); XML_ACCOUNT_DIRECT);
} else } else {
#endif /* XML_DTD */
{
parser->m_processor = contentProcessor; parser->m_processor = contentProcessor;
/* see externalEntityContentProcessor vs contentProcessor */ /* see externalEntityContentProcessor vs contentProcessor */
result = doContent(parser, parser->m_parentParser ? 1 : 0, result = doContent(parser, parser->m_parentParser ? 1 : 0,
@ -7016,6 +7018,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd,
if (! newE) if (! newE)
return 0; return 0;
if (oldE->nDefaultAtts) { if (oldE->nDefaultAtts) {
/* Detect and prevent integer overflow.
* The preprocessor guard addresses the "always false" warning
* from -Wtype-limits on platforms where
* sizeof(int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
if ((size_t)oldE->nDefaultAtts
> ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
return 0;
}
#endif
newE->defaultAtts newE->defaultAtts
= ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE)); = ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
if (! newE->defaultAtts) { if (! newE->defaultAtts) {
@ -7558,6 +7570,15 @@ nextScaffoldPart(XML_Parser parser) {
int next; int next;
if (! dtd->scaffIndex) { if (! dtd->scaffIndex) {
/* Detect and prevent integer overflow.
* The preprocessor guard addresses the "always false" warning
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) {
return -1;
}
#endif
dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int)); dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int));
if (! dtd->scaffIndex) if (! dtd->scaffIndex)
return -1; return -1;