8000 [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (… · python/cpython@71572bb · GitHub
[go: up one dir, main page]

Skip to content

Commit 71572bb

Browse files
vstinnerlarryhastings
authored andcommitted
[3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2203)
* bpo-29591: Upgrade Modules/expat to libexpat 2.2 (#2164) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 * bpo-29591: Restore Python changes on expat * bpo-29591: Remove expat config of unsupported platforms Remove the configuration (Modules/expat/*config.h) of unsupported platforms: * Amiga * MacOS Classic on PPC32 * Open Watcom * bpo-29591: Remove useless XML_HAS_SET_HASH_SALT The XML_HAS_SET_HASH_SALT define of Modules/expat/expat.h became useless since our local expat copy was upgrade to expat 2.1 (it's now expat 2.2.0). (cherry picked from commit 23ec4b5) * bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) New file: Modules/expat/siphash.h. (cherry picked from commit 5ff7132) * bpo-30726: PCbuild _elementtree: remove duplicate defines (#2348) bpo-30726, bpo-29591: libexpat 2.2.1 of Modules/expat/ now uses a winconfig.h configuration file which already defines: * XML_NS * XML_DTD * BYTEORDER=1234 * XML_CONTEXT_BYTES=1024 * HAVE_MEMMOVE Remove these defines from PCbuild/_elementtree.vcxproj to prevent compiler warnings. Co-Authored-By: Jeremy Kloth <jeremy.kloth@gmail.com> (cherry picked from commit c8fb58b) * bpo-30726: Fix elementtree warnings on Windows due to expat upgrade (#2319) * bpo-30726: Fix elementtree warnings on Windows Caused by usage of `getenv` which should be safe. And a few integer truncations which should also be ok. * bpo-30726: Don't ignore libexpat warnings which haypo intends to fix upstream (cherry picked from commit 87c6555)
1 parent f734479 commit 71572bb

18 files changed

+1388
-610
lines changed
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security
2+
vulnerabilities including: CVE-2017-9233 (External entity infinite loop
3+
DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix
4+
regression bugs from 2.2.0's fix to CVE-2016-0718) and CVE-2012-0876
5+
(Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os-
6+
specific entropy sources like getrandom) doesn't impact Python, since Python
7+
already gets entropy from the OS to set the expat secret using
8+
``XML_SetHashSalt()``.
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and
2+
CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more
3+
information.

Modules/expat/COPYING

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
1-
Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
2-
and Clark Cooper
3-
Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Expat maintainers.
1+
Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper
2+
Copyright (c) 2001-2017 Expat maintainers
43

54
Permission is hereby granted, free of charge, to any person obtaining
65
a copy of this software and associated documentation files (the

Modules/expat/amigaconfig.h

Lines changed: 0 additions & 32 deletions
This file was deleted.

Modules/expat/expat.h

Lines changed: 22 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,9 @@ enum XML_Error {
9595
/* Added in 2.0. */
9696
XML_ERROR_RESERVED_PREFIX_XML,
9797
XML_ERROR_RESERVED_PREFIX_XMLNS,
98-
XML_ERROR_RESERVED_NAMESPACE_URI
98+
XML_ERROR_RESERVED_NAMESPACE_URI,
99+
/* Added in 2.2.1. */
100+
XML_ERROR_INVALID_ARGUMENT
99101
};
100102

101103
enum XML_Content_Type {
@@ -342,7 +344,7 @@ XML_SetEntityDeclHandler(XML_Parser parser,
342344
XML_EntityDeclHandler handler);
343345

344346
/* OBSOLETE -- OBSOLETE -- OBSOLETE
345-
This handler has been superceded by the EntityDeclHandler above.
347+
This handler has been superseded by the EntityDeclHandler above.
346348
It is provided here for backward compatibility.
347349
348350
This is called for a declaration of an unparsed (NDATA) entity.
@@ -706,6 +708,7 @@ XML_UseParserAsHandlerArg(XML_Parser parser);
706708
be called, despite an external subset being parsed.
707709
Note: If XML_DTD is not defined when Expat is compiled, returns
708710
XML_ERROR_FEATURE_REQUIRES_XML_DTD.
711+
Note: If parser == NULL, returns XML_ERROR_INVALID_ARGUMENT.
709712
*/
710713
XMLPARSEAPI(enum XML_Error)
711714
XML_UseForeignDTD(XML_Parser parser, XML_Bool useDTD);
@@ -729,15 +732,16 @@ XML_GetBase(XML_Parser parser);
729732
to the XML_StartElementHandler that were specified in the start-tag
730733
rather than defaulted. Each attribute/value pair counts as 2; thus
731734
this correspondds to an index into the atts array passed to the
732-
XML_StartElementHandler.
735+
XML_StartElementHandler. Returns -1 if parser == NULL.
733736
*/
734737
XMLPARSEAPI(int)
735738
XML_GetSpecifiedAttributeCount(XML_Parser parser);
736739

737740
/* Returns the index of the ID attribute passed in the last call to
738-
XML_StartElementHandler, or -1 if there is no ID attribute. Each
739-
attribute/value pair counts as 2; thus this correspondds to an
740-
index into the atts array passed to the XML_StartElementHandler.
741+
XML_StartElementHandler, or -1 if there is no ID attribute or
742+
parser == NULL. Each attribute/value pair counts as 2; thus this
743+
correspondds to an index into the atts array passed to the
744+
XML_StartElementHandler.
741745
*/
742746
XMLPARSEAPI(int)
743747
XML_GetIdAttributeIndex(XML_Parser parser);
@@ -901,6 +905,7 @@ enum XML_ParamEntityParsing {
901905
entities is requested; otherwise it will return non-zero.
902906
Note: If XML_SetParamEntityParsing is called after XML_Parse or
903907
XML_ParseBuffer, then it has no effect and will always return 0.
908+
Note: If parser == NULL, the function will do nothing and return 0.
904909
*/
905910
XMLPARSEAPI(int)
906911
XML_SetParamEntityParsing(XML_Parser parser,
@@ -910,13 +915,12 @@ XML_SetParamEntityParsing(XML_Parser parser,
910915
Helps in preventing DoS attacks based on predicting hash
911916
function behavior. This must be called before parsing is started.
912917
Returns 1 if successful, 0 when called after parsing has started.
918+
Note: If parser == NULL, the function will do nothing and return 0.
913919
*/
914920
XMLPARSEAPI(int)
915921
XML_SetHashSalt(XML_Parser parser,
916922
unsigned long hash_salt);
917923

918-
#define XML_HAS_SET_HASH_SALT /* Python Only: Defined for pyexpat.c. */
919-
920924
/* If XML_Parse or XML_ParseBuffer have returned XML_STATUS_ERROR, then
921925
XML_GetErrorCode returns information about the error.
922926
*/
@@ -938,6 +942,10 @@ XML_GetErrorCode(XML_Parser parser);
938942
the location is the location of the character at which the error
939943
was detected; otherwise the location is the location of the last
940944
parse event, as described above.
945+
946+
Note: XML_GetCurrentLineNumber and XML_GetCurrentColumnNumber
947+
return 0 to indicate an error.
948+
Note: XML_GetCurrentByteIndex returns -1 to indicate an error.
941949
*/
942950
XMLPARSEAPI(XML_Size) XML_GetCurrentLineNumber(XML_Parser parser);
943951
XMLPARSEAPI(XML_Size) XML_GetCurrentColumnNumber(XML_Parser parser);
@@ -975,9 +983,12 @@ XML_FreeContentModel(XML_Parser parser, XML_Content *model);
975983

976984
/* Exposing the memory handling functions used in Expat */
977985
XMLPARSEAPI(void *)
986+
XML_ATTR_MALLOC
987+
XML_ATTR_ALLOC_SIZE(2)
978988
XML_MemMalloc(XML_Parser parser, size_t size);
979989

980990
XMLPARSEAPI(void *)
991+
XML_ATTR_ALLOC_SIZE(3)
981992
XML_MemRealloc(XML_Parser parser, void *ptr, size_t size);
982993

983994
XMLPARSEAPI(void)
@@ -1033,13 +1044,11 @@ XMLPARSEAPI(const XML_Feature *)
10331044
XML_GetFeatureList(void);
10341045

10351046

1036-
/* Expat follows the GNU/Linux convention of odd number minor version for
1037-
beta/development releases and even number minor version for stable
1038-
releases. Micro is bumped with each release, and set to 0 with each
1039-
change to major or minor version.
1047+
/* Expat follows the semantic versioning convention.
1048+
See http://semver.org.
10401049
*/
10411050
#define XML_MAJOR_VERSION 2
1042-
#define XML_MINOR_VERSION 1
1051+
#define XML_MINOR_VERSION 2
10431052
#define XML_MICRO_VERSION 1
10441053

10451054
#ifdef __cplusplus

Modules/expat/expat_external.h

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,12 +69,26 @@
6969
#endif
7070
#endif /* not defined XML_STATIC */
7171

72+
#if !defined(XMLIMPORT) && defined(__GNUC__) && (__GNUC__ >= 4)
73+
#define XMLIMPORT __attribute__ ((visibility ("default")))
74+
#endif
7275

7376
/* If we didn't define it above, define it away: */
7477
#ifndef XMLIMPORT
7578
#define XMLIMPORT
7679
#endif
7780

81+
#if defined(__GNUC__) && (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96))
82+
#define XML_ATTR_MALLOC __attribute__((__malloc__))
83+
#else
84+
#define XML_ATTR_MALLOC
85+
#endif
86+
87+
#if defined(__GNUC__) && ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
88+
#define XML_ATTR_ALLOC_SIZE(x) __attribute__((__alloc_size__(x)))
89+
#else
90+
#define XML_ATTR_ALLOC_SIZE(x)
91+
#endif
7892

7993
#define XMLPARSEAPI(type) XMLIMPORT type XMLCALL
8094

@@ -83,7 +97,10 @@ extern "C" {
8397
#endif
8498

8599
#ifdef XML_UNICODE_WCHAR_T
86-
#define XML_UNICODE
100+
# define XML_UNICODE
101+
# if defined(__SIZEOF_WCHAR_T__) && (__SIZEOF_WCHAR_T__ != 2)
102+
# error "sizeof(wchar_t) != 2; Need -fshort-wchar for both Expat and libc"
103+
# endif
87104
#endif
88105

89106
#ifdef XML_UNICODE /* Information is UTF-16 encoded. */

Modules/expat/internal.h

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,3 +71,25 @@
7171
#define inline
7272
#endif
7373
#endif
74+
75+
#ifndef UNUSED_P
76+
# ifdef __GNUC__
77+
# define UNUSED_P(p) UNUSED_ ## p __attribute__((__unused__))
78+
# else
79+
# define UNUSED_P(p) UNUSED_ ## p
80+
# endif
81+
#endif
82+
83+
84+
#ifdef __cplusplus
85+
extern "C" {
86+
#endif
87+
88+
89+
void
90+
align_limit_to_full_utf8_characters(const char * from, const char ** fromLimRef);
91+
92+
93+
#ifdef __cplusplus
94+
}
95+
#endif

Modules/expat/macconfig.h

Lines changed: 0 additions & 53 deletions
This file was deleted.

0 commit comments

Comments
 (0)
0