Upgrade to 3.2.4

7 files changed, 52 insertions, 50 deletions

diff --git a/TODO b/TODO
index da80960..4d343a7 100644
--- a/TODO
+++ b/TODO
@@ -2,6 +2,11 @@ On the revision:
 
 On the release:
 
-- Use legal{} target type for legal documentation (LICENSE, AUTHORS, etc).
+  Note that here we record items that require bumping build2 version
+  requirement to the latest released version of the toolchain.
 
-  Note that this requires bumping build2 version requirement to 0.13.0.
+Additional (permanent) notes:
+
+- Review '@@ TMP' notes.
+
+- Add/remove 'priority: security' manifest value, if required.
diff --git a/libxerces-c/INSTALL b/libxerces-c/INSTALL
index 022fbf8..ce836ee 100644
--- a/libxerces-c/INSTALL
+++ b/libxerces-c/INSTALL
@@ -9,6 +9,4 @@ package manually using the standard build2 build system.
 Note that by default libxerces-c is built without network support. To enable
 it, run the following command instead:
 
-@@ Revise when the package conditional dependencies are supported.
-
-$ bpkg build libxerces-c +{ config.libxerces_c.network=true } libcurl
+$ bpkg build libxerces-c +{ config.libxerces_c.network=true }
diff --git a/libxerces-c/README-DEV b/libxerces-c/README-DEV
index b27a7ef..5ac21cd 100644
--- a/libxerces-c/README-DEV
+++ b/libxerces-c/README-DEV
@@ -6,7 +6,7 @@ Symlink the required upstream files and provide our own implementations for
 auto-generated headers:
 
 $ ln -s ../upstream/LICENSE
-$ ln -s ../../upstream/src/xercesc/{dom,framework,internal,parsers,sax,sax2,xinclude} \
+$ ln -s ../../upstream/src/xercesc/{dom,framework,parsers,sax,sax2,xinclude} \
   xercesc/
 
 $ ln -s ../../upstream/src/{stricmp,strnicmp}.{h,c} xercesc/
@@ -50,53 +50,53 @@ $ ln -s ../../../upstream/samples/src/PSVIWriter tests/psvi-writer/
 
 We also apply the following patches:
 
-- Fix of the use-after-free error (CVE-2018-1311) triggered during the
-  scanning of external DTDs (see https://security-tracker.debian.org/tracker/CVE-2018-1311
-  for details).
+1) Fix of the use-after-free error (CVE-2018-1311) triggered during the
+   scanning of external DTDs (see https://security-tracker.debian.org/tracker/CVE-2018-1311
+   for details).
 
-  There is no upstream fix and only suggested mitigations, at time of this
-  writing (see https://issues.apache.org/jira/browse/XERCESC-2188 for
-  details). Thus, we mitigate the issue at the expense of a memory leak, as it
-  is done by Debian (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947431).
+   There is no upstream fix and only suggested mitigations, at time of this
+   writing (see https://issues.apache.org/jira/browse/XERCESC-2188 for
+   details). Thus, we mitigate the issue at the expense of a memory leak, as
+   it is done by Debian (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947431).
 
-  $ cp --remove-destination ../upstream/src/xercesc/internal/IGXMLScanner.cpp \
-    xercesc/internal/
+   $ cp --remove-destination ../upstream/src/xercesc/internal/IGXMLScanner.cpp \
+     xercesc/internal/
 
-  $ git apply xercesc/dtd-decl-use-after-free.patch
+   $ git apply xercesc/dtd-decl-use-after-free.patch
 
-- The explicit template instantiation declarations and definitions patch (see
-  xercesc/util/Xerces_autoconf_config.hpp for details):
+2) The explicit template instantiation declarations and definitions patch (see
+   xercesc/util/Xerces_autoconf_config.hpp for details):
 
-  $ cp --remove-destination ../upstream/src/xercesc/util/{Janitor.hpp,JanitorExports.cpp} \
-    xercesc/util/
+   $ cp --remove-destination ../upstream/src/xercesc/util/{Janitor.hpp,JanitorExports.cpp} \
+     xercesc/util/
 
-  $ git apply xercesc/export-template-instantiations.patch
+   $ git apply xercesc/export-template-instantiations.patch
 
-- The inline functions definition/usage order change to prevent MinGW GCC
-  from complaining when compile code that uses libxerces-c:
+3) The inline functions definition/usage order change to prevent MinGW GCC
+   from complaining when compile code that uses libxerces-c:
 
-  $ cp --remove-destination ../upstream/src/xercesc/util/KVStringPair.hpp \
-    xercesc/util/
+   $ cp --remove-destination ../upstream/src/xercesc/util/KVStringPair.hpp \
+     xercesc/util/
 
-  $ git apply xercesc/inline-funcs-def-usage-order.patch
+   $ git apply xercesc/inline-funcs-def-usage-order.patch
 
-- Patch source files, so that they are properly UTF-8-encoded:
+4) Patch source files, so that they are properly UTF-8-encoded:
 
-  $ cp --remove-destination ../upstream/src/xercesc/validators/schema/TraverseSchema.cpp \
-    xercesc/validators/schema/
+   $ cp --remove-destination ../upstream/src/xercesc/validators/schema/TraverseSchema.cpp \
+     xercesc/validators/schema/
 
-  $ cp --remove-destination ../upstream/src/xercesc/util/XMLFloat.cpp \
-    xercesc/util/
+   $ cp --remove-destination ../upstream/src/xercesc/util/XMLFloat.cpp \
+     xercesc/util/
 
-  $ git apply xercesc/utf-8.patch
+   $ git apply xercesc/utf-8.patch
 
-- Patch of the net accessor test, which by some reason exits with the zero
-  status printing the diagnostics to stdout for some errors:
+5) Patch of the net accessor test, which by some reason exits with the zero
+   status printing the diagnostics to stdout for some errors:
 
-  $ cp ../upstream/tests/src/NetAccessorTest/NetAccessorTest.cpp \
-    tests/net-accessor/
+   $ cp ../upstream/tests/src/NetAccessorTest/NetAccessorTest.cpp \
+     tests/net-accessor/
 
-  $ git apply tests/net-accessor/handle-exception-as-error.patch
+   $ git apply tests/net-accessor/handle-exception-as-error.patch
 
 Note that the above patches are produced by the following commands:
 
diff --git a/libxerces-c/buildfile b/libxerces-c/buildfile
index 28aa742..7f4fe5e 100644
--- a/libxerces-c/buildfile
+++ b/libxerces-c/buildfile
@@ -1,7 +1,7 @@
 # file      : buildfile
 # license   : Apache License 2.0; see accompanying LICENSE file
 
-./: {*/ -build/} doc{LICENSE INSTALL README} manifest
+./: {*/ -build/} doc{INSTALL README} legal{LICENSE} manifest
 
 # Don't install tests or the INSTALL file.
 #
diff --git a/libxerces-c/manifest b/libxerces-c/manifest
index 77dee15..cd982d0 100644
--- a/libxerces-c/manifest
+++ b/libxerces-c/manifest
@@ -3,7 +3,7 @@ name: libxerces-c
 
 # Note: remember to update doc-url below!
 #
-version: 3.2.3+4
+version: 3.2.4-a.0.z
 
 project: xerces-c
 summary: Validating XML parsing and serialization C++ library
@@ -17,12 +17,8 @@ package-url: https://git.build2.org/cgit/packaging/xerces-c/
 email: c-users@xerces.apache.org    ; Mailing list.
 package-email: packaging@build2.org ; Mailing list.
 build-error-email: builds@build2.org
-depends: * build2 >= 0.12.0
-depends: * bpkg >= 0.12.0
-
-# @@ Disable until conditional dependencies are supported.
-#
-#depends: libcurl ^7.67.0
-
+depends: * build2 >= 0.15.0
+depends: * bpkg >= 0.15.0
+depends: libcurl ^7.67.0 ? ($config.libxerces_c.network)
 depends: libicuuc >= 65.1.0
 depends: libicui18n >= 65.1.0
diff --git a/libxerces-c/xercesc/internal/IGXMLScanner.cpp b/libxerces-c/xercesc/internal/IGXMLScanner.cpp
index aa344be..246a46a 100644
--- a/libxerces-c/xercesc/internal/IGXMLScanner.cpp
+++ b/libxerces-c/xercesc/internal/IGXMLScanner.cpp
@@ -1374,7 +1374,14 @@ void IGXMLScanner::scanDocTypeDecl()
         // Get copies of the ids we got
         pubId = XMLString::replicate(bbPubId.getRawBuffer(), fMemoryManager);
         sysId = XMLString::replicate(bbSysId.getRawBuffer(), fMemoryManager);
+    }
+
+    // Insure that the ids get cleaned up, if they got allocated
+    ArrayJanitor<XMLCh> janSysId(sysId, fMemoryManager);
+    ArrayJanitor<XMLCh> janPubId(pubId, fMemoryManager);
 
+    if (hasExtSubset)
+    {
         // Skip spaces and check again for the opening of an internal subset
         fReaderMgr.skipPastSpaces();
 
@@ -1384,10 +1391,6 @@ void IGXMLScanner::scanDocTypeDecl()
         }
     }
 
-    // Insure that the ids get cleaned up, if they got allocated
-    ArrayJanitor<XMLCh> janSysId(sysId, fMemoryManager);
-    ArrayJanitor<XMLCh> janPubId(pubId, fMemoryManager);
-
     //  If we have a doc type handler and advanced callbacks are enabled,
     //  call the doctype event.
     if (fDocTypeHandler)
diff --git a/upstream b/upstream
-Subproject cf1912ac95d4147be08aef4e78f894a3919277d
+Subproject 5052c90b067dcc347d58822b450897d16e2c31e