XML Parser Toolkit
Expat is an XML 1.0 parser written in C. It aims to be fully
conformant. It is currently not a validating XML processor. The current
production version of expat can be downloaded from
ftp://ftp.jclark.com/pub/xml/expat.zip. The directory xmltok contains a
low-level library for tokenizing XML. The interface is documented in
xmltok/xmltok.h. The directory xmlparse contains an XML parser library
that is built on top of the xmltok library. The interface is documented
in xmlparse/xmlparse.h. The directory sample contains a simple example
program using this interface. The file sample/build.bat is a batch
file to build the example using Visual C++. The directory xmlwf
contains the xmlwf application, which uses the xmlparse library. The
arguments to xmlwf are one or more files to check for well-formedness.
An option -d dir can be specified. For each well-formed input file, the
corresponding canonical XML is written to dir/f, where f is the
filename (without any path) of the input file. A -x option causes
references to external general entities to be processed. A -s option
makes documents that are not stand-alone cause an error (a document is
considered stand-alone if it is intrinsically stand-alone because it
has no external subset and no references to parameter entities in the
internal subset or it is declared as stand-alone in the XML
declaration).
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout SUSE:SLE-15-SP4:GA/expat && cd $_
- Create Badge
Source Files
Filename | Size | Changed |
---|---|---|
baselibs.conf | 0000000179 179 Bytes | |
expat-2.4.1.tar.xz | 0000445024 435 KB | |
expat-2.4.1.tar.xz.asc | 0000000833 833 Bytes | |
expat.changes | 0000035566 34.7 KB | |
expat.spec | 0000003530 3.45 KB | |
expatfaq.html | 0000003117 3.04 KB |
Revision 2 (latest revision is 4)
- Update to 2.4.1 in SLE-15-SP4 [jsc#SLE-21253] * Remove expat-CVE-2018-20843.patch upstream - Update to 2.4.1: * Bug fixes: - Autotools: Fix installed header expat_config.h for multilib systems; regression introduced in 2.4.0 by pull request #486 * Other changes: - Version info bumped from 9:0:8 to 9:1:8; see https://verbump.de/ for what these numbers do - Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"] * Security fixes: - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks (denial-of-service; flavors targeting CPU time or RAM or both, leveraging general entities or parameter entities or both) by tracking and limiting the input amplification factor (<amplification> := (<direct> + <indirect>) / <direct>). By conservative default, amplification up to a factor of 100.0 is tolerated and rejection only starts after 8 MiB of output bytes (=<direct> + <indirect>) have been processed. The fix adds the following to the API: - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to signals this specific condition. - Two new API functions .. - XML_SetBillionLaughsAttackProtectionMaximumAmplification and - XML_SetBillionLaughsAttackProtectionActivationThreshold .. to further tighten billion laughs protection parameters when desired. Please see file "doc/reference.html" for details. If you ever need to increase the defaults for non-attack XML
Comments 0