XML Parser Toolkit

Edit Package expat

Expat is an XML 1.0 parser written in C. It aims to be fully
conformant. It is currently not a validating XML processor. The current
production version of expat can be downloaded from
ftp://ftp.jclark.com/pub/xml/expat.zip. The directory xmltok contains a
low-level library for tokenizing XML. The interface is documented in
xmltok/xmltok.h. The directory xmlparse contains an XML parser library
that is built on top of the xmltok library. The interface is documented
in xmlparse/xmlparse.h. The directory sample contains a simple example
program using this interface. The file sample/build.bat is a batch
file to build the example using Visual C++. The directory xmlwf
contains the xmlwf application, which uses the xmlparse library. The
arguments to xmlwf are one or more files to check for well-formedness.
An option -d dir can be specified. For each well-formed input file, the
corresponding canonical XML is written to dir/f, where f is the
filename (without any path) of the input file. A -x option causes
references to external general entities to be processed. A -s option
makes documents that are not stand-alone cause an error (a document is
considered stand-alone if it is intrinsically stand-alone because it
has no external subset and no references to parameter entities in the
internal subset or it is declared as stand-alone in the XML
declaration).

Refresh
Refresh
Source Files
Filename Size Changed
baselibs.conf 0000000179 179 Bytes
expat-2.4.4.tar.xz 0000449448 439 KB
expat-2.4.4.tar.xz.asc 0000000833 833 Bytes
expat-CVE-2022-25235.patch 0000012945 12.6 KB
expat-CVE-2022-25236-relax-fix.patch 0000007354 7.18 KB
expat-CVE-2022-25236.patch 0000004799 4.69 KB
expat-CVE-2022-25313-fix-regression.patch 0000010559 10.3 KB
expat-CVE-2022-25313.patch 0000007786 7.6 KB
expat-CVE-2022-25314.patch 0000000831 831 Bytes
expat-CVE-2022-25315.patch 0000004905 4.79 KB
expat.changes 0000040270 39.3 KB
expat.spec 0000004987 4.87 KB
expatfaq.html 0000003117 3.04 KB
Latest Revision
Stefan Weiberg's avatar Stefan Weiberg (suntorytimed) committed (revision 4)
- Security fixes:
  * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
    breaks biboumi, ClairMeta, jxmlease, libwbxml, 
    openleadr-python, rnv, xmltodict
    - Added expat-CVE-2022-25236-relax-fix.patch

- Security fixes:
  * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows 
    attackers to insert namespace-separator characters into 
    namespace URIs
    - Added expat-CVE-2022-25236.patch  
  * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before 
    2.4.5 does not check whether a UTF-8 character is valid in a 
    certain context.
    - Added expat-CVE-2022-25235.patch
  * (CVE-2022-25313, bsc#1196168) Stack exhaustion in 
    build_model() via uncontrolled recursion
    - Added expat-CVE-2022-25313.patch
    - The fix upstream introduced a regression that was later 
      amended in 2.4.6 version
      + Added expat-CVE-2022-25313-fix-regression.patch
  * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
    - Added expat-CVE-2022-25314.patch
  * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
    - Added expat-CVE-2022-25315.patch
Comments 0
openSUSE Build Service is sponsored by