From a8a0eacb8148c8d68f059dc7eba585c92cbe937e Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Fri, 30 Sep 2022 14:34:51 +0300
Subject: Upgrade to 2.4.9

This in particular fixes CVE-2022-40674.
---
 libexpat/README-DEV                  | 16 +++++++-
 libexpat/build/bootstrap.build       |  4 +-
 libexpat/build/root.build            |  2 +
 libexpat/libexpat/.gitignore         |  1 +
 libexpat/libexpat/buildfile          | 13 ++++++
 libexpat/libexpat/libexpat.def       |  1 -
 libexpat/libexpat/libexpat.def.cmake |  1 +
 libexpat/libexpat/libexpat.def.in    | 79 ++++++++++++++++++++++++++++++++++++
 libexpat/manifest                    |  2 +-
 9 files changed, 114 insertions(+), 5 deletions(-)
 create mode 100644 libexpat/libexpat/.gitignore
 delete mode 120000 libexpat/libexpat/libexpat.def
 create mode 120000 libexpat/libexpat/libexpat.def.cmake
 create mode 100644 libexpat/libexpat/libexpat.def.in

(limited to 'libexpat')

diff --git a/libexpat/README-DEV b/libexpat/README-DEV
index 9eb0455..d552e9c 100644
--- a/libexpat/README-DEV
+++ b/libexpat/README-DEV
@@ -6,10 +6,24 @@ Symlink the required upstream files:
 
 $ ln -s ../COPYING
 $ pushd libexpat
-$ ln -s ../../upstream/expat/lib/{*.{c,h},libexpat.def} ./
+$ ln -s ../../upstream/expat/lib/{*.{c,h},libexpat.def.cmake} ./
 $ ln -s ../../upstream/expat/expat_config.h.cmake expat_config.h.cmake.orig
 $ popd
 
+@@ TMP Note that the in module can't be used directly for libexpat.def.cmake
+       since the substitution variables we need to use start with the
+       underscore character, which ends up with the following error:
+
+       buildfile:28:3: error: variable name '_EXPAT_COMMENT_ATTR_INFO' is reserved
+         info: variable name starts with underscore
+
+       This can be fixed when the build2 version 0.16.0 is released, which
+       introduces the in.substitutions variable, which can be set to the list
+       of substitutions (key-value pairs).
+
+       For now we just copy libexpat.def.cmake to libexpat.def.in and patch it
+       manually, removing the leading underscores.
+
 Use some of the upstream's tests for testing:
 
 $ pushd unit-tests/regression/
diff --git a/libexpat/build/bootstrap.build b/libexpat/build/bootstrap.build
index 8a55359..71ba29a 100644
--- a/libexpat/build/bootstrap.build
+++ b/libexpat/build/bootstrap.build
@@ -18,10 +18,10 @@ using install
 # from the comment in expat/configure.ac, the major version (current - age) is
 # incremented for backwards-incompatible ABI changes.
 #
-if ($version.major == 2 && $version.minor == 4 && $version.patch == 7)
+if ($version.major == 2 && $version.minor == 4 && $version.patch == 9)
 {
   abi_version_major = 1
-  abi_version = "$abi_version_major.8.7" # <current - age>.<age>.<revision>
+  abi_version = "$abi_version_major.8.9" # <current - age>.<age>.<revision>
 }
 else
   fail 'increment the ABI version?'
diff --git a/libexpat/build/root.build b/libexpat/build/root.build
index f34f548..58e2e9c 100644
--- a/libexpat/build/root.build
+++ b/libexpat/build/root.build
@@ -1,6 +1,8 @@
 # file      : build/root.build
 # license   : MIT; see accompanying COPYING file
 
+using in
+
 using c
 
 h{*}: extension = h
diff --git a/libexpat/libexpat/.gitignore b/libexpat/libexpat/.gitignore
new file mode 100644
index 0000000..e75e9a2
--- /dev/null
+++ b/libexpat/libexpat/.gitignore
@@ -0,0 +1 @@
+libexpat.def
diff --git a/libexpat/libexpat/buildfile b/libexpat/libexpat/buildfile
index c20e977..7e9514c 100644
--- a/libexpat/libexpat/buildfile
+++ b/libexpat/libexpat/buildfile
@@ -21,6 +21,19 @@ msvc_runtime = ($c.target.system == 'win32-msvc')
 #
 libs{expat}: def{libexpat}: include = $msvc_runtime
 
+def{libexpat}: in{libexpat}
+{
+  in.symbol = '@'
+
+  # @@ TMP Use the in.substitutions variable instead when build2 0.16.0 is
+  #        released (see README-DEV for details).
+  #
+  in.substitution = lax
+
+  EXPAT_COMMENT_ATTR_INFO = ';'
+  EXPAT_COMMENT_DTD       = ' '
+}
+
 # Build options.
 #
 c.poptions += -DHAVE_EXPAT_CONFIG_H -DXML_BUILDING_EXPAT
diff --git a/libexpat/libexpat/libexpat.def b/libexpat/libexpat/libexpat.def
deleted file mode 120000
index 7f3cd3c..0000000
--- a/libexpat/libexpat/libexpat.def
+++ /dev/null
@@ -1 +0,0 @@
-../../upstream/expat/lib/libexpat.def
\ No newline at end of file
diff --git a/libexpat/libexpat/libexpat.def.cmake b/libexpat/libexpat/libexpat.def.cmake
new file mode 120000
index 0000000..b5949f5
--- /dev/null
+++ b/libexpat/libexpat/libexpat.def.cmake
@@ -0,0 +1 @@
+../../upstream/expat/lib/libexpat.def.cmake
\ No newline at end of file
diff --git a/libexpat/libexpat/libexpat.def.in b/libexpat/libexpat/libexpat.def.in
new file mode 100644
index 0000000..2ab5c02
--- /dev/null
+++ b/libexpat/libexpat/libexpat.def.in
@@ -0,0 +1,79 @@
+; DEF file for MS VC++
+
+EXPORTS
+  XML_DefaultCurrent @1
+  XML_ErrorString @2
+  XML_ExpatVersion @3
+  XML_ExpatVersionInfo @4
+  XML_ExternalEntityParserCreate @5
+  XML_GetBase @6
+  XML_GetBuffer @7
+  XML_GetCurrentByteCount @8
+  XML_GetCurrentByteIndex @9
+  XML_GetCurrentColumnNumber @10
+  XML_GetCurrentLineNumber @11
+  XML_GetErrorCode @12
+  XML_GetIdAttributeIndex @13
+  XML_GetInputContext @14
+  XML_GetSpecifiedAttributeCount @15
+  XML_Parse @16
+  XML_ParseBuffer @17
+  XML_ParserCreate @18
+  XML_ParserCreateNS @19
+  XML_ParserCreate_MM @20
+  XML_ParserFree @21
+  XML_SetAttlistDeclHandler @22
+  XML_SetBase @23
+  XML_SetCdataSectionHandler @24
+  XML_SetCharacterDataHandler @25
+  XML_SetCommentHandler @26
+  XML_SetDefaultHandler @27
+  XML_SetDefaultHandlerExpand @28
+  XML_SetDoctypeDeclHandler @29
+  XML_SetElementDeclHandler @30
+  XML_SetElementHandler @31
+  XML_SetEncoding @32
+  XML_SetEndCdataSectionHandler @33
+  XML_SetEndDoctypeDeclHandler @34
+  XML_SetEndElementHandler @35
+  XML_SetEndNamespaceDeclHandler @36
+  XML_SetEntityDeclHandler @37
+  XML_SetExternalEntityRefHandler @38
+  XML_SetExternalEntityRefHandlerArg @39
+  XML_SetNamespaceDeclHandler @40
+  XML_SetNotStandaloneHandler @41
+  XML_SetNotationDeclHandler @42
+  XML_SetParamEntityParsing @43
+  XML_SetProcessingInstructionHandler @44
+  XML_SetReturnNSTriplet @45
+  XML_SetStartCdataSectionHandler @46
+  XML_SetStartDoctypeDeclHandler @47
+  XML_SetStartElementHandler @48
+  XML_SetStartNamespaceDeclHandler @49
+  XML_SetUnknownEncodingHandler @50
+  XML_SetUnparsedEntityDeclHandler @51
+  XML_SetUserData @52
+  XML_SetXmlDeclHandler @53
+  XML_UseParserAsHandlerArg @54
+; added with version 1.95.3
+  XML_ParserReset @55
+  XML_SetSkippedEntityHandler @56
+; added with version 1.95.5
+  XML_GetFeatureList @57
+  XML_UseForeignDTD @58
+; added with version 1.95.6
+  XML_FreeContentModel @59
+  XML_MemMalloc @60
+  XML_MemRealloc @61
+  XML_MemFree @62
+; added with version 1.95.8
+  XML_StopParser @63
+  XML_ResumeParser @64
+  XML_GetParsingStatus @65
+; added with version 2.1.1
+@EXPAT_COMMENT_ATTR_INFO@ XML_GetAttributeInfo @66
+  XML_SetHashSalt @67
+; internal @68 removed with version 2.3.1
+; added with version 2.4.0
+@EXPAT_COMMENT_DTD@ XML_SetBillionLaughsAttackProtectionActivationThreshold @69
+@EXPAT_COMMENT_DTD@ XML_SetBillionLaughsAttackProtectionMaximumAmplification @70
diff --git a/libexpat/manifest b/libexpat/manifest
index fc252c1..770b82e 100644
--- a/libexpat/manifest
+++ b/libexpat/manifest
@@ -1,6 +1,6 @@
 : 1
 name: libexpat
-version: 2.4.7
+version: 2.4.9-a.0.z
 project: expat
 priority: security
 summary: Stream-oriented XML parsing C library
-- 
cgit v1.1