Expat 2.2.2

Source commit: b572e0c7d61b7449fa39e153f751eccd9e6761c7

libs/expat/CMake.README

@@ -3,25 +3,25 @@
 The cmake based buildsystem for expat works on Windows (cygwin, mingw, Visual 
 Studio) and should work on all other platform cmake supports.
 
-Assuming ~/expat-2.2.1 is the source directory of expat, add a subdirectory
+Assuming ~/expat-2.2.2 is the source directory of expat, add a subdirectory
 build and change into that directory:
-~/expat-2.2.1$ mkdir build && cd build
-~/expat-2.2.1/build$
+~/expat-2.2.2$ mkdir build && cd build
+~/expat-2.2.2/build$
 
 From that directory, call cmake first, then call make, make test and 
 make install in the usual way:
-~/expat-2.2.1/build$ cmake ..
+~/expat-2.2.2/build$ cmake ..
 -- The C compiler identification is GNU
 -- The CXX compiler identification is GNU
 ....
 -- Configuring done
 -- Generating done
--- Build files have been written to: /home/patrick/expat-2.2.1/build
+-- Build files have been written to: /home/patrick/expat-2.2.2/build
 
 If you want to specify the install location for your files, append 
 -DCMAKE_INSTALL_PREFIX=/your/install/path to the cmake call.
 
-~/expat-2.2.1/build$ make && make test && make install
+~/expat-2.2.2/build$ make && make test && make install
 Scanning dependencies of target expat
 [  5%] Building C object CMakeFiles/expat.dir/lib/xmlparse.c.o
 [ 11%] Building C object CMakeFiles/expat.dir/lib/xmlrole.c.o

libs/expat/CMakeLists.txt

@@ -6,7 +6,7 @@ project(expat)
 cmake_minimum_required(VERSION 2.6)
 set(PACKAGE_BUGREPORT "[email protected]")
 set(PACKAGE_NAME "expat")
-set(PACKAGE_VERSION "2.2.1")
+set(PACKAGE_VERSION "2.2.2")
 set(PACKAGE_STRING "${PACKAGE_NAME} ${PACKAGE_VERSION}")
 set(PACKAGE_TARNAME "${PACKAGE_NAME}")
 
@@ -37,7 +37,7 @@ if(BUILD_tests)
     enable_testing()
 endif(BUILD_tests)
 
-include(ConfigureChecks.cmake)
+include(${CMAKE_CURRENT_LIST_DIR}/ConfigureChecks.cmake)
 
 set(EXTRA_LINK_AND_COMPILE_FLAGS "-fno-strict-aliasing")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_LINK_AND_COMPILE_FLAGS}")
@@ -45,7 +45,7 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${EXTRA_LINK_AND_COMPILE_FLAGS}")
 set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${EXTRA_LINK_AND_COMPILE_FLAGS}")
 set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${EXTRA_LINK_AND_COMPILE_FLAGS}")
 
-include_directories(${CMAKE_BINARY_DIR} ${CMAKE_SOURCE_DIR}/lib)
+include_directories(${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/lib)
 if(MSVC)
     add_definitions(-D_CRT_SECURE_NO_WARNINGS -wd4996)
 endif(MSVC)
@@ -76,7 +76,7 @@ endif(BUILD_shared)
 add_library(expat ${_SHARED} ${expat_SRCS})
 
 set(LIBCURRENT 7)   # sync
-set(LIBREVISION 3)  # with
+set(LIBREVISION 4)  # with
 set(LIBAGE 6)       # configure.ac!
 math(EXPR LIBCURRENT_MINUS_AGE "${LIBCURRENT} - ${LIBAGE}")
 

libs/expat/Changes

@@ -2,6 +2,56 @@ NOTE: We are looking for help with a few things:
       https://github.com/libexpat/libexpat/labels/help%20wanted
       If you can help, please get in touch.  Thanks!
 
+Release 2.2.2 Wed July 12 2017
+        Security fixes:
+             #43  Protect against compilation without any source of high
+                    quality entropy enabled, e.g. with CMake build system;
+                    commit ff0207e6076e9828e536b8d9cd45c9c92069b895
+             #60  Windows with _UNICODE:
+                    Unintended use of LoadLibraryW with a non-wide string
+                    resulted in failure to load advapi32.dll and degradation
+                    in quality of used entropy when compiled with _UNICODE for
+                    Windows; you can launch existing binaries with
+                    EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
+                    quality of entropy used during runtime; commits
+                    * 95b95032f907ef1cd17ee7a9a1768010a825d61d
+                    * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
+   [MOX-006]      Fix non-NULL parser parameter validation in XML_Parse;
+                    resulted in NULL dereference, previously;
+                    commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
+
+        Bug fixes:
+             #69  Fix improper use of unsigned long long integer literals
+
+        Other changes:
+             #73  Start requiring a C99 compiler
+             #49  Fix "==" Bashism in configure script
+             #50  Fix too eager getrandom detection for Debian GNU/kFreeBSD
+             #52    and macOS
+             #51  Address lack of stdint.h in Visual Studio 2003 to 2008
+             #58  Address compile warnings
+             #68  Fix "./buildconf.sh && ./configure" for some versions
+                    of Dash for /bin/sh
+             #72  CMake: Ease use of Expat in context of a parent project
+                    with multipe CMakeLists.txt files
+             #72  CMake: Resolve mistaken executable permissions
+             #76  Address compile warning with -DNDEBUG (not recommended!)
+             #77  Address compile warning about macro redefinition
+
+        Special thanks to:
+            Alexander Bluhm
+            Ben Boeckel
+            Cătălin Răceanu
+            Kerin Millar
+            László Böszörményi
+            S. P. Zeidler
+            Segev Finer
+            Václav Slavík
+            Victor Stinner
+            Viktor Szakats
+                 and
+            Radically Open Security
+
 Release 2.2.1 Sat June 17 2017
         Security fixes:
                   CVE-2017-9233 -- External entity infinite loop DoS

libs/expat/ConfigureChecks.cmake

@@ -40,5 +40,5 @@ else(HAVE_SYS_TYPES_H)
     set(SIZE_T "unsigned")
 endif(HAVE_SYS_TYPES_H)
 
-configure_file(expat_config.h.cmake expat_config.h)
+configure_file(expat_config.h.cmake "${CMAKE_CURRENT_BINARY_DIR}/expat_config.h")
 add_definitions(-DHAVE_EXPAT_CONFIG_H)

libs/expat/Makefile.in

@@ -181,15 +181,20 @@ run-benchmark: tests/benchmark/benchmark
 	tests/benchmark/benchmark@EXEEXT@ -n $(top_srcdir)/../testdata/largefiles/recset.xml 65535 3
 
 tests/xmlts.zip:
-	wget --output-document=tests/xmlts.zip \
-		https://www.w3.org/XML/Test/xmlts20080827.zip
+	if test "$(XMLTS_ZIP)" = ""; then \
+		wget --output-document=tests/xmlts.zip \
+			https://www.w3.org/XML/Test/xmlts20080827.zip; \
+	else \
+		cp $(XMLTS_ZIP) tests/xmlts.zip; \
+	fi
 
 tests/xmlconf: tests/xmlts.zip
 	cd tests && unzip -q xmlts.zip
 
 run-xmltest: xmlwf/xmlwf@EXEEXT@ tests/xmlconf
 	tests/xmltest.sh "$(PWD)/run.sh $(PWD)/xmlwf/xmlwf@EXEEXT@" 2>&1 | tee tests/xmltest.log
-	diff -u -b tests/xmltest.log.expected tests/xmltest.log
+	dos2unix tests/xmltest.log
+	diff -u tests/xmltest.log.expected tests/xmltest.log
 
 .PHONY: qa
 qa:

libs/expat/README

@@ -1,5 +1,5 @@
 
-                        Expat, Release 2.2.1
+                        Expat, Release 2.2.2
 
 This is Expat, a C library for parsing XML, written by James Clark.
 Expat is a stream-oriented XML parser.  This means that you register

libs/expat/aclocal.m4

@@ -1,6 +1,6 @@
-# generated automatically by aclocal 1.15 -*- Autoconf -*-
+# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
 
-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
 
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,

libs/expat/configure.ac

@@ -46,7 +46,7 @@ dnl If the API changes incompatibly set LIBAGE back to 0
 dnl
 
 LIBCURRENT=7   # sync
-LIBREVISION=3  # with
+LIBREVISION=4  # with
 LIBAGE=6       # CMakeLists.txt!
 
 AC_CONFIG_HEADER(expat_config.h)
@@ -61,7 +61,7 @@ AC_SUBST(LIBREVISION)
 AC_SUBST(LIBAGE)
 
 dnl Checks for programs.
-AC_PROG_CC
+AC_PROG_CC_C99
 AC_PROG_CXX
 AC_PROG_INSTALL
 
@@ -130,7 +130,7 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([
 
 
 AC_MSG_CHECKING([for getrandom (Linux 3.17+, glibc 2.25+)])
-AC_COMPILE_IFELSE([AC_LANG_SOURCE([
+AC_LINK_IFELSE([AC_LANG_SOURCE([
   #include <stdlib.h>  /* for NULL */
   #include <sys/random.h>
   int main() {
@@ -174,37 +174,6 @@ else
 fi
 AC_SUBST(FILEMAP)
 
-dnl Needed for the test support code; this was found at
-dnl http://lists.gnu.org/archive/html/bug-autoconf/2002-07/msg00028.html
-
-# AC_CPP_FUNC
-# ------------------ #
-# Checks to see if ANSI C99 CPP variable __func__ works.
-# If not, perhaps __FUNCTION__ works instead. 
-# If not, we'll just define __func__ to "". 
-AC_DEFUN([AC_CPP_FUNC],
-[AC_REQUIRE([AC_PROG_CC_STDC])dnl
-AC_CACHE_CHECK([for an ANSI C99-conforming __func__], ac_cv_cpp_func,
-[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],
-[[const char *foo = __func__;]])],
-  [ac_cv_cpp_func=yes], 
-  [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],
-[[const char *foo = __FUNCTION__;]])],
-  [ac_cv_cpp_func=__FUNCTION__], 
-  [ac_cv_cpp_func=no])])])
-if test $ac_cv_cpp_func = __FUNCTION__; then
-  AC_DEFINE(__func__,__FUNCTION__,
-            [Define to __FUNCTION__ or "" if `__func__' does not conform to 
-ANSI C.])
-elif test $ac_cv_cpp_func = no; then
-  AC_DEFINE(__func__,"",
-            [Define to __FUNCTION__ or "" if `__func__' does not conform to 
-ANSI C.])
-fi
-])# AC_CPP_FUNC
-
-AC_CPP_FUNC
-
 
 dnl Some basic configuration:
 AC_DEFINE([XML_NS], 1,
@@ -220,8 +189,8 @@ AS_HELP_STRING([--disable-xml-context],
     [Do not retain context around the current parse point]),
   [enable_xml_context=${enableval}])
 AS_IF([test "x${enable_xml_context}" != "xno"], [
-  AS_IF([test "x${enable_xml_context}" == "xyes" \
-      -o "x${enable_xml_context}" == "x"], [
+  AS_IF([test "x${enable_xml_context}" = "xyes" \
+      -o "x${enable_xml_context}" = "x"], [
     enable_xml_context=1024
   ])
   AC_DEFINE_UNQUOTED([XML_CONTEXT_BYTES], [${enable_xml_context}],

libs/expat/conftools/get-version.sh

@@ -28,19 +28,8 @@ if test ! -r "$hdr"; then
   exit 1
 fi
 
-MAJOR_VERSION="`sed -n -e '/MAJOR_VERSION/s/[^0-9]*//gp' $hdr`"
-MINOR_VERSION="`sed -n -e '/MINOR_VERSION/s/[^0-9]*//gp' $hdr`"
-MICRO_VERSION="`sed -n -e '/MICRO_VERSION/s/[^0-9]*//gp' $hdr`"
+MAJOR_VERSION=$(sed -n -e '/MAJOR_VERSION/s/[^0-9]*//gp' "$hdr")
+MINOR_VERSION=$(sed -n -e '/MINOR_VERSION/s/[^0-9]*//gp' "$hdr")
+MICRO_VERSION=$(sed -n -e '/MICRO_VERSION/s/[^0-9]*//gp' "$hdr")
 
-# Determine how to tell echo not to print the trailing \n. This is
-# similar to Autoconf's @ECHO_C@ and @ECHO_N@; however, we don't
-#  generate this file via autoconf (in fact, get-version.sh is used
-# to *create* ./configure), so we just do something similar inline.
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
-  *c*,-n*) ECHO_N= ECHO_C='
-' ;;
-  *c*,*  ) ECHO_N=-n ECHO_C= ;;
-  *)      ECHO_N= ECHO_C='\c' ;;
-esac
-
-echo $ECHO_N "$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION$ECHO_C"
+printf '%s.%s.%s' "$MAJOR_VERSION" "$MINOR_VERSION" "$MICRO_VERSION"

libs/expat/conftools/install-sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 # install - install a program, script, or datafile
 
-scriptversion=2013-12-25.23; # UTC
+scriptversion=2016-01-11.22; # UTC
 
 # This originates from X11R5 (mit/util/scripts/install.sh), which was
 # later released in X11R6 (xc/config/util/install.sh) with the
@@ -496,6 +496,6 @@ done
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
 # time-stamp-end: "; # UTC"
 # End:

libs/expat/expat_config.h.in

@@ -100,9 +100,6 @@
 /* Define to make XML Namespaces functionality available. */
 #undef XML_NS
 
-/* Define to __FUNCTION__ or "" if `__func__' does not conform to ANSI C. */
-#undef __func__
-
 /* Define to empty if `const' does not conform to ANSI C. */
 #undef const
 

libs/expat/lib/expat.h

@@ -24,7 +24,6 @@ extern "C" {
 struct XML_ParserStruct;
 typedef struct XML_ParserStruct *XML_Parser;
 
-/* Should this be defined using stdbool.h when C99 is available? */
 typedef unsigned char XML_Bool;
 #define XML_TRUE   ((XML_Bool) 1)
 #define XML_FALSE  ((XML_Bool) 0)
@@ -1049,7 +1048,7 @@ XML_GetFeatureList(void);
 */
 #define XML_MAJOR_VERSION 2
 #define XML_MINOR_VERSION 2
-#define XML_MICRO_VERSION 1
+#define XML_MICRO_VERSION 2
 
 #ifdef __cplusplus
 }

libs/expat/lib/siphash.h

@@ -2,9 +2,8 @@
  * siphash.h - SipHash-2-4 in a single header file
  * --------------------------------------------------------------------------
  * Derived by William Ahern from the reference implementation[1] published[2]
- * by Jean-Philippe Aumasson and Daniel J. Berstein. Licensed in kind.
  * by Jean-Philippe Aumasson and Daniel J. Berstein.
- * Minimal changes by Sebastian Pipping on top, details below.
+ * Minimal changes by Sebastian Pipping and Victor Stinner on top, see below.
  * Licensed under the CC0 Public Domain Dedication license.
  *
  * 1. https://www.131002.net/siphash/siphash24.c
@@ -12,14 +11,22 @@
  * --------------------------------------------------------------------------
  * HISTORY:
  *
- * 2017-06-10  (Sebastian Pipping)
+ * 2017-07-05  (Sebastian Pipping)
+ *   - Use _SIP_ULL macro to not require a C++11 compiler if compiled as C++
+ *   - Add const qualifiers at two places
+ *   - Ensure <=80 characters line length (assuming tab width 4)
+ *
+ * 2017-06-23  (Victor Stinner)
+ *   - Address Win64 compile warnings
+ *
+ * 2017-06-18  (Sebastian Pipping)
  *   - Clarify license note in the header
  *   - Address C89 issues:
  *     - Stop using inline keyword (and let compiler decide)
- *     - Turn integer suffix ULL to UL
  *     - Replace _Bool by int
  *     - Turn macro siphash24 into a function
  *     - Address invalid conversion (void pointer) by explicit cast
+ *   - Address lack of stdint.h for Visual Studio 2003 to 2008
  *   - Always expose sip24_valid (for self-tests)
  *
  * 2012-11-04 - Born.  (William Ahern)
@@ -76,7 +83,23 @@
 #define SIPHASH_H
 
 #include <stddef.h> /* size_t */
-#include <stdint.h> /* uint64_t uint32_t uint8_t */
+
+#if defined(_WIN32) && defined(_MSC_VER) && (_MSC_VER < 1600)
+  /* For vs2003/7.1 up to vs2008/9.0; _MSC_VER 1600 is vs2010/10.0 */
+  typedef unsigned __int8   uint8_t;
+  typedef unsigned __int32 uint32_t;
+  typedef unsigned __int64 uint64_t;
+#else
+ #include <stdint.h> /* uint64_t uint32_t uint8_t */
+#endif
+
+
+/*
+ * Workaround to not require a C++11 compiler for using ULL suffix
+ * if this code is included and compiled as C++; related GCC warning is:
+ * warning: use of C++11 long long integer constant [-Wlong-long]
+ */
+#define _SIP_ULL(high, low)  (((uint64_t)high << 32) | low)
 
 
 #define SIP_ROTL(x, b) (uint64_t)(((x) << (b)) | ( (x) >> (64 - (b))))
@@ -158,11 +181,12 @@ static void sip_round(struct siphash *H, const int rounds) {
 } /* sip_round() */
 
 
-static struct siphash *sip24_init(struct siphash *H, const struct sipkey *key) {
-	H->v0 = 0x736f6d6570736575UL ^ key->k[0];
-	H->v1 = 0x646f72616e646f6dUL ^ key->k[1];
-	H->v2 = 0x6c7967656e657261UL ^ key->k[0];
-	H->v3 = 0x7465646279746573UL ^ key->k[1];
+static struct siphash *sip24_init(struct siphash *H,
+		const struct sipkey *key) {
+	H->v0 = _SIP_ULL(0x736f6d65U, 0x70736575U) ^ key->k[0];
+	H->v1 = _SIP_ULL(0x646f7261U, 0x6e646f6dU) ^ key->k[1];
+	H->v2 = _SIP_ULL(0x6c796765U, 0x6e657261U) ^ key->k[0];
+	H->v3 = _SIP_ULL(0x74656462U, 0x79746573U) ^ key->k[1];
 
 	H->p = H->buf;
 	H->c = 0;
@@ -173,7 +197,8 @@ static struct siphash *sip24_init(struct siphash *H, const struct sipkey *key) {
 
 #define sip_endof(a) (&(a)[sizeof (a) / sizeof *(a)])
 
-static struct siphash *sip24_update(struct siphash *H, const void *src, size_t len) {
+static struct siphash *sip24_update(struct siphash *H, const void *src,
+		size_t len) {
 	const unsigned char *p = (const unsigned char *)src, *pe = p + len;
 	uint64_t m;
 
@@ -198,7 +223,7 @@ static struct siphash *sip24_update(struct siphash *H, const void *src, size_t l
 
 
 static uint64_t sip24_final(struct siphash *H) {
-	char left = H->p - H->buf;
+	const char left = (char)(H->p - H->buf);
 	uint64_t b = (H->c + left) << 56;
 
 	switch (left) {
@@ -222,7 +247,8 @@ static uint64_t sip24_final(struct siphash *H) {
 } /* sip24_final() */
 
 
-static uint64_t siphash24(const void *src, size_t len, const struct sipkey *key) {
+static uint64_t siphash24(const void *src, size_t len,
+		const struct sipkey *key) {
 	struct siphash state = SIPHASH_INITIALIZER;
 	return sip24_final(sip24_update(sip24_init(&state, key), src, len));
 } /* siphash24() */
@@ -310,10 +336,11 @@ static int sip24_valid(void) {
 	struct sipkey k;
 	size_t i;
 
-	sip_tokey(&k, "\000\001\002\003\004\005\006\007\010\011\012\013\014\015\016\017");
+	sip_tokey(&k, "\000\001\002\003\004\005\006\007\010\011"
+			"\012\013\014\015\016\017");
 
 	for (i = 0; i < sizeof in; ++i) {
-		in[i] = i;
+		in[i] = (unsigned char)i;
 
 		if (siphash24(in, i, &k) != SIP_U8TO64_LE(vectors[i]))
 			return 0;
@@ -328,7 +355,7 @@ static int sip24_valid(void) {
 #include <stdio.h>
 
 int main(void) {
-	int ok = sip24_valid();
+	const int ok = sip24_valid();
 
 	if (ok)
 		puts("OK");

libs/expat/lib/xmlparse.c

@@ -1,10 +1,12 @@
 /* Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
    See the file COPYING for copying permission.
 
-   77fea421d361dca90041d0040ecf1dca651167fadf2af79e990e35168d70d933 (2.2.1+)
+   cd4063469a95eab9a93001afb109e3dee122cdda4635bbec36257fc01c327348 (2.2.2+)
 */
 
-#define _GNU_SOURCE                     /* syscall prototype */
+#if !defined(_GNU_SOURCE)
+# define _GNU_SOURCE 1                  /* syscall prototype */
+#endif
 
 #include <stddef.h>
 #include <string.h>                     /* memset(), memcpy() */
@@ -33,6 +35,46 @@
 #include "expat.h"
 #include "siphash.h"
 
+#if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM)
+# include <errno.h>
+# if defined(HAVE_GETRANDOM)
+#  include <sys/random.h>    /* getrandom */
+# else
+#  include <unistd.h>        /* syscall */
+#  include <sys/syscall.h>   /* SYS_getrandom */
+# endif
+#endif  /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */
+
+#if defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_LIBBSD)
+# include <bsd/stdlib.h>
+#endif
+
+
+#if !defined(HAVE_GETRANDOM) && !defined(HAVE_SYSCALL_GETRANDOM) \
+    && !defined(HAVE_ARC4RANDOM_BUF) && !defined(_WIN32) \
+    && !defined(XML_POOR_ENTROPY)
+# error  \
+    You do not have support for any sources of high quality entropy \
+    enabled.  For end user security, that is probably not what you want. \
+    \
+    Your options include: \
+      * Linux + glibc >=2.25 (getrandom): HAVE_GETRANDOM, \
+      * Linux + glibc <2.25 (syscall SYS_getrandom): HAVE_SYSCALL_GETRANDOM, \
+      * BSD / macOS (arc4random_buf): HAVE_ARC4RANDOM_BUF, \
+      * libbsd (arc4random_buf): HAVE_ARC4RANDOM_BUF + HAVE_LIBBSD, \
+      * Windows (RtlGenRandom): _WIN32. \
+    \
+    If insist on not using any of these, bypass this error by defining \
+    XML_POOR_ENTROPY; you have been warned. \
+    \
+    For CMake, one way to pass the define is: \
+        cmake -DCMAKE_C_FLAGS="-pipe -O2 -DHAVE_SYSCALL_GETRANDOM" . \
+    \
+    If you have reasons to patch this detection code away or need changes \
+    to the build system, please open a bug.  Thank you!
+#endif
+
+
 #ifdef XML_UNICODE
 #define XML_ENCODE_MAX XML_UTF16_ENCODE_MAX
 #define XmlConvert XmlUtf16Convert
@@ -436,6 +478,9 @@ static ELEMENT_TYPE *
 getElementType(XML_Parser parser, const ENCODING *enc,
                const char *ptr, const char *end);
 
+static XML_Char *copyString(const XML_Char *s,
+                            const XML_Memory_Handling_Suite *memsuite);
+
 static unsigned long generate_hash_secret_salt(XML_Parser parser);
 static XML_Bool startParsing(XML_Parser parser);
 
@@ -696,14 +741,6 @@ static const XML_Char implicitContext[] = {
 
 
 #if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM)
-# include <errno.h>
-
-# if defined(HAVE_GETRANDOM)
-#  include <sys/random.h>    /* getrandom */
-# else
-#  include <unistd.h>        /* syscall */
-#  include <sys/syscall.h>   /* SYS_getrandom */
-# endif
 
 /* Obtain entropy on Linux 3.17+ */
 static int
@@ -749,7 +786,7 @@ typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG);
 static int
 writeRandomBytes_RtlGenRandom(void * target, size_t count) {
   int success = 0;  /* full count bytes written? */
-  const HMODULE advapi32 = LoadLibrary("ADVAPI32.DLL");
+  const HMODULE advapi32 = LoadLibrary(TEXT("ADVAPI32.DLL"));
 
   if (advapi32) {
     const RTLGENRANDOM_FUNC RtlGenRandom
@@ -780,17 +817,18 @@ gather_time_entropy(void)
   int gettimeofday_res;
 
   gettimeofday_res = gettimeofday(&tv, NULL);
+
+#if defined(NDEBUG)
+  (void)gettimeofday_res;
+#else
   assert (gettimeofday_res == 0);
+#endif  /* defined(NDEBUG) */
 
   /* Microseconds time is <20 bits entropy */
   return tv.tv_usec;
 #endif
 }
 
-#if defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_LIBBSD)
-# include <bsd/stdlib.h>
-#endif
-
 static unsigned long
 ENTROPY_DEBUG(const char * label, unsigned long entropy) {
   const char * const EXPAT_ENTROPY_DEBUG = getenv("EXPAT_ENTROPY_DEBUG");
@@ -833,7 +871,7 @@ generate_hash_secret_salt(XML_Parser parser)
     return ENTROPY_DEBUG("fallback(4)", entropy * 2147483647);
   } else {
     return ENTROPY_DEBUG("fallback(8)",
-        entropy * (unsigned long)2305843009213693951);
+        entropy * (unsigned long)2305843009213693951ULL);
   }
 #endif
 }
@@ -962,6 +1000,8 @@ parserCreate(const XML_Char *encodingName,
   nsAttsVersion = 0;
   nsAttsPower = 0;
 
+  protocolEncodingName = NULL;
+
   poolInit(&tempPool, &(parser->m_mem));
   poolInit(&temp2Pool, &(parser->m_mem));
   parserInit(parser, encodingName);
@@ -988,9 +1028,9 @@ parserInit(XML_Parser parser, const XML_Char *encodingName)
 {
   processor = prologInitProcessor;
   XmlPrologStateInit(&prologState);
-  protocolEncodingName = (encodingName != NULL
-                          ? poolCopyString(&tempPool, encodingName)
-                          : NULL);
+  if (encodingName != NULL) {
+    protocolEncodingName = copyString(encodingName, &(parser->m_mem));
+  }
   curBase = NULL;
   XmlInitEncoding(&initEncoding, &encoding, 0);
   userData = NULL;
@@ -1103,6 +1143,8 @@ XML_ParserReset(XML_Parser parser, const XML_Char *encodingName)
     unknownEncodingRelease(unknownEncodingData);
   poolClear(&tempPool);
   poolClear(&temp2Pool);
+  FREE((void *)protocolEncodingName);
+  protocolEncodingName = NULL;
   parserInit(parser, encodingName);
   dtdReset(_dtd, &parser->m_mem);
   return XML_TRUE;
@@ -1119,10 +1161,16 @@ XML_SetEncoding(XML_Parser parser, const XML_Char *encodingName)
   */
   if (ps_parsing == XML_PARSING || ps_parsing == XML_SUSPENDED)
     return XML_STATUS_ERROR;
+
+  /* Get rid of any previous encoding name */
+  FREE((void *)protocolEncodingName);
+
   if (encodingName == NULL)
+    /* No new encoding name */
     protocolEncodingName = NULL;
   else {
-    protocolEncodingName = poolCopyString(&tempPool, encodingName);
+    /* Copy the new encoding name into allocated memory */
+    protocolEncodingName = copyString(encodingName, &(parser->m_mem));
     if (!protocolEncodingName)
       return XML_STATUS_ERROR;
   }
@@ -1357,6 +1405,7 @@ XML_ParserFree(XML_Parser parser)
   destroyBindings(inheritedBindings, parser);
   poolDestroy(&tempPool);
   poolDestroy(&temp2Pool);
+  FREE((void *)protocolEncodingName);
 #ifdef XML_DTD
   /* external parameter entity parsers share the DTD structure
      parser->m_dtd with the root parser, so we must not destroy it
@@ -1748,7 +1797,8 @@ enum XML_Status XMLCALL
 XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)
 {
   if ((parser == NULL) || (len < 0) || ((s == NULL) && (len != 0))) {
-    errorCode = XML_ERROR_INVALID_ARGUMENT;
+    if (parser != NULL)
+      parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT;
     return XML_STATUS_ERROR;
   }
   switch (ps_parsing) {
@@ -3734,6 +3784,7 @@ initializeEncoding(XML_Parser parser)
   const char *s;
 #ifdef XML_UNICODE
   char encodingBuf[128];
+  /* See comments abount `protoclEncodingName` in parserInit() */
   if (!protocolEncodingName)
     s = NULL;
   else {
@@ -6827,3 +6878,26 @@ getElementType(XML_Parser parser,
   }
   return ret;
 }
+
+static XML_Char *
+copyString(const XML_Char *s,
+           const XML_Memory_Handling_Suite *memsuite)
+{
+    int charsRequired = 0;
+    XML_Char *result;
+
+    /* First determine how long the string is */
+    while (s[charsRequired] != 0) {
+      charsRequired++;
+    }
+    /* Include the terminator */
+    charsRequired++;
+
+    /* Now allocate space for the copy */
+    result = memsuite->malloc_fcn(charsRequired * sizeof(XML_Char));
+    if (result == NULL)
+        return NULL;
+    /* Copy the original into place */
+    memcpy(result, s, charsRequired * sizeof(XML_Char));
+    return result;
+}

libs/expat/tests/memcheck.c

@@ -167,7 +167,7 @@ tracking_report(void)
     for (entry = alloc_head; entry != NULL; entry = entry->next)
     {
         printf("Allocated %lu bytes at %p\n",
-               entry->num_bytes, entry->allocation);
+                (long unsigned)entry->num_bytes, entry->allocation);
     }
     return 0;
 }

libs/expat/tests/minicheck.h

@@ -26,12 +26,6 @@ extern "C" {
 #define __func__ __FUNCTION__
 #endif
 
-/* ISO C90 does not support '__func__' predefined identifier */
-#if (defined(__STDC_VERSION__) && (__STDC_VERSION__ < 199901)) || \
-    (defined(__GNUC__) && !defined(__STDC_VERSION__))
-# define __func__ "(unknown)"
-#endif
-
 #define START_TEST(testname) static void testname(void) { \
     _check_set_test_info(__func__, __FILE__, __LINE__);   \
     {

libs/expat/tests/runtests.c

@@ -33,6 +33,18 @@
 #define XML_FMT_INT_MOD "l"
 #endif
 
+
+#if defined(NDEBUG)
+# error  \
+    The test suite relies on assert(...) at the moment. \
+    You have NDEBUG defined which removes that code so that failures in the \
+    test suite can go unnoticed. \
+    \
+    While we rely on assert(...), compiling the test suite with NDEBUG \
+    defined is not supported.
+#endif
+
+
 static XML_Parser parser = NULL;
 
 
@@ -247,7 +259,7 @@ START_TEST(test_siphash_spec)
     const char message[] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09"
             "\x0a\x0b\x0c\x0d\x0e";
     const size_t len = sizeof(message) - 1;
-    const uint64_t expected = 0xa129ca6149be45e5U;
+    const uint64_t expected = _SIP_ULL(0xa129ca61U, 0x49be45e5U);
     struct siphash state;
     struct sipkey key;
     (void)sip_tobin;
@@ -489,9 +501,11 @@ START_TEST(test_utf8_auto_align)
         if (actualMovementInChars != cases[i].expectedMovementInChars) {
             size_t j = 0;
             success = false;
-            printf("[-] UTF-8 case %2lu: Expected movement by %2ld chars"
-                    ", actually moved by %2ld chars: \"",
-                    i + 1, cases[i].expectedMovementInChars, actualMovementInChars);
+            printf("[-] UTF-8 case %2u: Expected movement by %2d chars"
+                    ", actually moved by %2d chars: \"",
+                    (unsigned)(i + 1),
+                    (int)cases[i].expectedMovementInChars,
+                    (int)actualMovementInChars);
             for (; j < strlen(cases[i].input); j++) {
                 printf("\\x%02x", (unsigned char)cases[i].input[j]);
             }

libs/expat/win32/expat.iss

@@ -7,17 +7,17 @@
 [Setup]
 AppName=Expat
 AppId=expat
-AppVersion=2.2.1
-AppVerName=Expat 2.2.1
+AppVersion=2.2.2
+AppVerName=Expat 2.2.2
 AppCopyright=Copyright � 1998-2017 Thai Open Source Software Center, Clark Cooper, and the Expat maintainers
 AppPublisher=The Expat Developers
 AppPublisherURL=http://www.libexpat.org/
 AppSupportURL=http://www.libexpat.org/
 AppUpdatesURL=http://www.libexpat.org/
-UninstallDisplayName=Expat XML Parser 2.2.1
-VersionInfoVersion=2.2.1
+UninstallDisplayName=Expat XML Parser 2.2.2
+VersionInfoVersion=2.2.2
 
-DefaultDirName={pf}\Expat 2.2.1
+DefaultDirName={pf}\Expat 2.2.2
 UninstallFilesDir={app}\Uninstall
 
 Compression=lzma

libs/expat/xmlwf/readfilemap.c

@@ -40,7 +40,7 @@ filemap(const char *name,
 {
   size_t nbytes;
   int fd;
-  int n;
+  ssize_t n;
   struct stat sb;
   void *p;
 
@@ -85,7 +85,7 @@ filemap(const char *name,
     close(fd);
     return 0;
   }
-  if (n != nbytes) {
+  if (n != (ssize_t)nbytes) {
     fprintf(stderr, "%s: read unexpected number of bytes\n", name);
     free(p);
     close(fd);