Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

gh-116741: Upgrade libexpat to 2.6.2 (#117296) 

Upgrade libexpat to 2.6.2
This commit is contained in:
Seth Michael Larson 2024-04-22 18:15:08 -07:00 committed by GitHub
parent 1b85b3424c
commit c9829eec08
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 47 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst Normal file
View File

@ -0,0 +1 @@
Update bundled libexpat to 2.6.2

20
Misc/sbom.spdx.json generated
View File

@ -48,11 +48,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "90c06411f131e777e2b5c3d22b7ccf50bc46f617" "checksumValue": "4076a884f0ca96873589b5c8159e2e5bfb8b829a"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "3045f9176950aa13a54e53fa096385670c676c492705d636e977f888e4c72d48" "checksumValue": "1a434bf3d2f9fb8a0b5adb79201a942788d11824c3e5b46a0b9962c0c482016c"
} }
], ],
"fileName": "Modules/expat/expat.h" "fileName": "Modules/expat/expat.h"
@ -90,11 +90,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "9f6d9211a7b627785d5c48d10cc8eda66255113f" "checksumValue": "e23d160cc33cc2c25a4b48f7b242f906444418e0"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "9f0bdd346dd94ac4359c636a4e60bc768f4ae53ce0e836eb05fb9246ee36c7f2" "checksumValue": "f7523357d8009749e7dba94b0bd7d0fa60e011cc254e55c4ebccd6313f031122"
} }
], ],
"fileName": "Modules/expat/internal.h" "fileName": "Modules/expat/internal.h"
@ -188,11 +188,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "3b5de0ed1de33cad85b46230707403247f2851df" "checksumValue": "fed1311be8577491b7f63085a27014eabf2caec8"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "a03abd531601eef61a87e06113d218ff139b6969e15a3d4668cd85d65fc6f79b" "checksumValue": "3dc233eca5fa1bb7387c503f8a12d840707e4374b229e05d5657db9645725040"
} }
], ],
"fileName": "Modules/expat/xmlparse.c" "fileName": "Modules/expat/xmlparse.c"
@ -1562,14 +1562,14 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "a13447b9aa67d7c860783fdf6820f33ebdea996900d6d8bbc50a628f55f099f7" "checksumValue": "d4cf38d26e21a56654ffe4acd9cd5481164619626802328506a2869afab29ab3"
} }
], ],
"downloadLocation": "https://github.com/libexpat/libexpat/releases/download/R_2_6_0/expat-2.6.0.tar.gz", "downloadLocation": "https://github.com/libexpat/libexpat/releases/download/R_2_6_2/expat-2.6.2.tar.gz",
"externalRefs": [ "externalRefs": [
{ {
"referenceCategory": "SECURITY", "referenceCategory": "SECURITY",
"referenceLocator": "cpe:2.3:a:libexpat_project:libexpat:2.6.0:*:*:*:*:*:*:*", "referenceLocator": "cpe:2.3:a:libexpat_project:libexpat:2.6.2:*:*:*:*:*:*:*",
"referenceType": "cpe23Type" "referenceType": "cpe23Type"
} }
], ],
@ -1577,7 +1577,7 @@
"name": "expat", "name": "expat",
"originator": "Organization: Expat development team", "originator": "Organization: Expat development team",
"primaryPackagePurpose": "SOURCE", "primaryPackagePurpose": "SOURCE",
"versionInfo": "2.6.0" "versionInfo": "2.6.2"
}, },
{ {
"SPDXID": "SPDXRef-PACKAGE-hacl-star", "SPDXID": "SPDXRef-PACKAGE-hacl-star",

5
Modules/expat/expat.h
View File

@ -18,6 +18,7 @@
Copyright (c) 2022 Thijs Schreijer <thijs@thijsschreijer.nl> Copyright (c) 2022 Thijs Schreijer <thijs@thijsschreijer.nl>
Copyright (c) 2023 Hanno Böck <hanno@gentoo.org> Copyright (c) 2023 Hanno Böck <hanno@gentoo.org>
Copyright (c) 2023 Sony Corporation / Snild Dolkow <snild@sony.com> Copyright (c) 2023 Sony Corporation / Snild Dolkow <snild@sony.com>
Copyright (c) 2024 Taichi Haradaguchi <20001722@ymail.ne.jp>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -1042,7 +1043,7 @@ typedef struct {
XMLPARSEAPI(const XML_Feature *) XMLPARSEAPI(const XML_Feature *)
XML_GetFeatureList(void); XML_GetFeatureList(void);
#if XML_GE == 1 #if defined(XML_DTD) || (defined(XML_GE) && XML_GE == 1)
/* Added in Expat 2.4.0 for XML_DTD defined and /* Added in Expat 2.4.0 for XML_DTD defined and
* added in Expat 2.6.0 for XML_GE == 1. */ * added in Expat 2.6.0 for XML_GE == 1. */
XMLPARSEAPI(XML_Bool) XMLPARSEAPI(XML_Bool)
@ -1065,7 +1066,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled);
*/ */
#define XML_MAJOR_VERSION 2 #define XML_MAJOR_VERSION 2
#define XML_MINOR_VERSION 6 #define XML_MINOR_VERSION 6
#define XML_MICRO_VERSION 0 #define XML_MICRO_VERSION 2
#ifdef __cplusplus #ifdef __cplusplus
} }

17
Modules/expat/internal.h
View File

@ -28,10 +28,11 @@
Copyright (c) 2002-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net> Copyright (c) 2002-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2002-2006 Karl Waclawek <karl@waclawek.net> Copyright (c) 2002-2006 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2003 Greg Stein <gstein@users.sourceforge.net> Copyright (c) 2003 Greg Stein <gstein@users.sourceforge.net>
Copyright (c) 2016-2023 Sebastian Pipping <sebastian@pipping.org> Copyright (c) 2016-2024 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2018 Yury Gribov <tetra2005@gmail.com> Copyright (c) 2018 Yury Gribov <tetra2005@gmail.com>
Copyright (c) 2019 David Loffredo <loffredo@steptools.com> Copyright (c) 2019 David Loffredo <loffredo@steptools.com>
Copyright (c) 2023 Sony Corporation / Snild Dolkow <snild@sony.com> Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <snild@sony.com>
Copyright (c) 2024 Taichi Haradaguchi <20001722@ymail.ne.jp>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -155,14 +156,20 @@ extern "C" {
void _INTERNAL_trim_to_complete_utf8_characters(const char *from, void _INTERNAL_trim_to_complete_utf8_characters(const char *from,
const char **fromLimRef); const char **fromLimRef);
#if XML_GE == 1 #if defined(XML_GE) && XML_GE == 1
unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser); unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser);
unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser); unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser);
const char *unsignedCharToPrintable(unsigned char c); const char *unsignedCharToPrintable(unsigned char c);
#endif #endif
extern XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c extern
extern unsigned int g_parseAttempts; // used for testing only #if ! defined(XML_TESTING)
const
#endif
XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c
#if defined(XML_TESTING)
extern unsigned int g_bytesScanned; // used for testing only
#endif
#ifdef __cplusplus #ifdef __cplusplus
} }

30
Modules/expat/xmlparse.c
View File

@ -1,4 +1,4 @@
/* 628e24d4966bedbd4800f6ed128d06d29703765b4bce12d3b7f099f90f842fc9 (2.6.0+) /* 2a14271ad4d35e82bde8ba210b4edb7998794bcbae54deab114046a300f9639a (2.6.2+)
__ __ _ __ __ _
___\ \/ /_ __ __ _| |_ ___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __| / _ \\ /| '_ \ / _` | __|
@ -38,7 +38,7 @@
Copyright (c) 2022 Jann Horn <jannh@google.com> Copyright (c) 2022 Jann Horn <jannh@google.com>
Copyright (c) 2022 Sean McBride <sean@rogue-research.com> Copyright (c) 2022 Sean McBride <sean@rogue-research.com>
Copyright (c) 2023 Owain Davies <owaind@bath.edu> Copyright (c) 2023 Owain Davies <owaind@bath.edu>
Copyright (c) 2023 Sony Corporation / Snild Dolkow <snild@sony.com> Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <snild@sony.com>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -210,7 +210,7 @@ typedef char ICHAR;
#endif #endif
/* Round up n to be a multiple of sz, where sz is a power of 2. */ /* Round up n to be a multiple of sz, where sz is a power of 2. */
#define ROUND_UP(n, sz) (((n) + ((sz)-1)) & ~((sz)-1)) #define ROUND_UP(n, sz) (((n) + ((sz) - 1)) & ~((sz) - 1))
/* Do safe (NULL-aware) pointer arithmetic */ /* Do safe (NULL-aware) pointer arithmetic */
#define EXPAT_SAFE_PTR_DIFF(p, q) (((p) && (q)) ? ((p) - (q)) : 0) #define EXPAT_SAFE_PTR_DIFF(p, q) (((p) && (q)) ? ((p) - (q)) : 0)
@ -248,7 +248,7 @@ static void copy_salt_to_sipkey(XML_Parser parser, struct sipkey *key);
it odd, since odd numbers are always relative prime to a power of 2. it odd, since odd numbers are always relative prime to a power of 2.
*/ */
#define SECOND_HASH(hash, mask, power) \ #define SECOND_HASH(hash, mask, power) \
((((hash) & ~(mask)) >> ((power)-1)) & ((mask) >> 2)) ((((hash) & ~(mask)) >> ((power) - 1)) & ((mask) >> 2))
#define PROBE_STEP(hash, mask, power) \ #define PROBE_STEP(hash, mask, power) \
((unsigned char)((SECOND_HASH(hash, mask, power)) | 1)) ((unsigned char)((SECOND_HASH(hash, mask, power)) | 1))
@ -629,8 +629,14 @@ static unsigned long getDebugLevel(const char *variableName,
? 0 \ ? 0 \
: ((*((pool)->ptr)++ = c), 1)) : ((*((pool)->ptr)++ = c), 1))
XML_Bool g_reparseDeferralEnabledDefault = XML_TRUE; // write ONLY in runtests.c #if ! defined(XML_TESTING)
unsigned int g_parseAttempts = 0; // used for testing only const
#endif
XML_Bool g_reparseDeferralEnabledDefault
= XML_TRUE; // write ONLY in runtests.c
#if defined(XML_TESTING)
unsigned int g_bytesScanned = 0; // used for testing only
#endif
struct XML_ParserStruct { struct XML_ParserStruct {
/* The first member must be m_userData so that the XML_GetUserData /* The first member must be m_userData so that the XML_GetUserData
@ -1017,7 +1023,9 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
return XML_ERROR_NONE; return XML_ERROR_NONE;
} }
} }
g_parseAttempts += 1; #if defined(XML_TESTING)
g_bytesScanned += (unsigned)have_now;
#endif
const enum XML_Error ret = parser->m_processor(parser, start, end, endPtr); const enum XML_Error ret = parser->m_processor(parser, start, end, endPtr);
if (ret == XML_ERROR_NONE) { if (ret == XML_ERROR_NONE) {
// if we consumed nothing, remember what we had on this parse attempt. // if we consumed nothing, remember what we had on this parse attempt.
@ -6232,7 +6240,7 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc,
dtd->keepProcessing = dtd->standalone; dtd->keepProcessing = dtd->standalone;
goto endEntityValue; goto endEntityValue;
} }
if (entity->open) { if (entity->open || (entity == parser->m_declEntity)) {
if (enc == parser->m_encoding) if (enc == parser->m_encoding)
parser->m_eventPtr = entityTextPtr; parser->m_eventPtr = entityTextPtr;
result = XML_ERROR_RECURSIVE_ENTITY_REF; result = XML_ERROR_RECURSIVE_ENTITY_REF;
@ -7779,6 +7787,8 @@ copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) {
static float static float
accountingGetCurrentAmplification(XML_Parser rootParser) { accountingGetCurrentAmplification(XML_Parser rootParser) {
// 1.........1.........12 => 22
const size_t lenOfShortestInclude = sizeof("<!ENTITY a SYSTEM 'b'>") - 1;
const XmlBigCount countBytesOutput const XmlBigCount countBytesOutput
= rootParser->m_accounting.countBytesDirect = rootParser->m_accounting.countBytesDirect
+ rootParser->m_accounting.countBytesIndirect; + rootParser->m_accounting.countBytesIndirect;
@ -7786,7 +7796,9 @@ accountingGetCurrentAmplification(XML_Parser rootParser) {
= rootParser->m_accounting.countBytesDirect = rootParser->m_accounting.countBytesDirect
? (countBytesOutput ? (countBytesOutput
/ (float)(rootParser->m_accounting.countBytesDirect)) / (float)(rootParser->m_accounting.countBytesDirect))
: 1.0f; : ((lenOfShortestInclude
+ rootParser->m_accounting.countBytesIndirect)
/ (float)lenOfShortestInclude);
assert(! rootParser->m_parentParser); assert(! rootParser->m_parentParser);
return amplificationFactor; return amplificationFactor;
} }