XML Parser Toolkit
Expat is an XML 1.0 parser written in C. It aims to be fully
conformant. It is currently not a validating XML processor. The current
production version of expat can be downloaded from
ftp://ftp.jclark.com/pub/xml/expat.zip. The directory xmltok contains a
low-level library for tokenizing XML. The interface is documented in
xmltok/xmltok.h. The directory xmlparse contains an XML parser library
that is built on top of the xmltok library. The interface is documented
in xmlparse/xmlparse.h. The directory sample contains a simple example
program using this interface. The file sample/build.bat is a batch
file to build the example using Visual C++. The directory xmlwf
contains the xmlwf application, which uses the xmlparse library. The
arguments to xmlwf are one or more files to check for well-formedness.
An option -d dir can be specified. For each well-formed input file, the
corresponding canonical XML is written to dir/f, where f is the
filename (without any path) of the input file. A -x option causes
references to external general entities to be processed. A -s option
makes documents that are not stand-alone cause an error (a document is
considered stand-alone if it is intrinsically stand-alone because it
has no external subset and no references to parameter entities in the
internal subset or it is declared as stand-alone in the XML
declaration).
- Sources inherited from project SUSE:SLE-15-SP4:GA
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:15.4:Update/expat && cd $_ - Create Badge
Source Files
| Filename | Size | Changed |
|---|---|---|
| baselibs.conf | 0000000179 179 Bytes | |
| expat-2.4.1.tar.xz | 0000445024 435 KB | |
| expat-2.4.1.tar.xz.asc | 0000000833 833 Bytes | |
| expat.changes | 0000035566 34.7 KB | |
| expat.spec | 0000003530 3.45 KB | |
| expatfaq.html | 0000003117 3.04 KB |
Revision 2 (latest revision is 4)
Gustavo Yokoyama Ribeiro (gyribeiro)
committed
(revision 2)
- Update to 2.4.1 in SLE-15-SP4 [jsc#SLE-21253]
* Remove expat-CVE-2018-20843.patch upstream
- Update to 2.4.1:
* Bug fixes:
- Autotools: Fix installed header expat_config.h for multilib
systems; regression introduced in 2.4.0 by pull request #486
* Other changes:
- Version info bumped from 9:0:8 to 9:1:8; see
https://verbump.de/ for what these numbers do
- Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"]
* Security fixes:
- CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
(denial-of-service; flavors targeting CPU time or RAM or both,
leveraging general entities or parameter entities or both)
by tracking and limiting the input amplification factor
(<amplification> := (<direct> + <indirect>) / <direct>).
By conservative default, amplification up to a factor of 100.0
is tolerated and rejection only starts after 8 MiB of output bytes
(=<direct> + <indirect>) have been processed.
The fix adds the following to the API:
- A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
signals this specific condition.
- Two new API functions ..
- XML_SetBillionLaughsAttackProtectionMaximumAmplification and
- XML_SetBillionLaughsAttackProtectionActivationThreshold
.. to further tighten billion laughs protection parameters
when desired. Please see file "doc/reference.html" for details.
If you ever need to increase the defaults for non-attack XML
Comments 0