diff -Nru python3.7-3.7.12/debian/changelog python3.7-3.7.10/debian/changelog --- python3.7-3.7.12/debian/changelog 2021-09-10 00:20:04.000000000 +0000 +++ python3.7-3.7.10/debian/changelog 2021-02-20 21:21:42.000000000 +0000 @@ -1,50 +1,26 @@ -python3.7 (3.7.12-1+focal1) focal; urgency=medium - - * Python 3.7.12 release. - - -- Anthony Sottile Thu, 09 Sep 2021 20:20:04 -0400 - -python3.7 (3.7.11-1+focal1) focal; urgency=medium - - * Python 3.7.11 release. - - -- Anthony Sottile Sat, 03 Jul 2021 10:58:19 -0700 - -python3.7 (3.7.10-1+focal3) focal; urgency=medium - - * add -full package - - -- Anthony Sottile Sun, 02 May 2021 19:44:43 -0700 - -python3.7 (3.7.10-1+focal2) focal; urgency=medium +python3.7 (3.7.10-1+xenial2) xenial; urgency=medium * libpython-stdlib: recommends ca-certificates - -- Anthony Sottile Sat, 20 Feb 2021 13:15:28 -0800 + -- Anthony Sottile Sat, 20 Feb 2021 13:21:24 -0800 -python3.7 (3.7.10-1+focal1) focal; urgency=medium +python3.7 (3.7.10-1+xenial1) xenial; urgency=medium * Python 3.7.10 release. - -- Anthony Sottile Fri, 19 Feb 2021 13:59:12 -0800 + -- Anthony Sottile Fri, 19 Feb 2021 14:03:59 -0800 -python3.7 (3.7.9-1+focal1) focal; urgency=medium +python3.7 (3.7.9-1+xenial1) xenial; urgency=medium * Python 3.7.9 release. - -- Anthony Sottile Mon, 17 Aug 2020 19:07:21 -0700 + -- Anthony Sottile Mon, 17 Aug 2020 23:24:24 -0700 -python3.7 (3.7.8-1+focal1) focal; urgency=medium +python3.7 (3.7.8-1+xenial1) xenial; urgency=medium * Python 3.7.8 release. - -- Anthony Sottile Sun, 28 Jun 2020 21:26:04 -0700 - -python3.7 (3.7.7-1+focal1) focal; urgency=medium - - * Update packaging for focal - - -- Anthony Sottile Fri, 17 Apr 2020 19:59:53 -0700 + -- Anthony Sottile Sun, 28 Jun 2020 22:46:05 -0700 python3.7 (3.7.7-1+xenial1) xenial; urgency=medium diff -Nru python3.7-3.7.12/debian/control python3.7-3.7.10/debian/control --- python3.7-3.7.12/debian/control 2021-09-10 00:20:04.000000000 +0000 +++ python3.7-3.7.10/debian/control 2021-02-20 21:21:42.000000000 +0000 @@ -5,7 +5,7 @@ Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.17.11), quilt, autoconf, lsb-release, sharutils, - libreadline-dev, libncurses-dev (>= 5.3), + libreadline-dev, libncursesw5-dev (>= 5.3), zlib1g-dev, libbz2-dev, liblzma-dev, libgdbm-dev, libdb-dev, tk-dev, blt-dev (>= 2.4z), libssl-dev, @@ -282,31 +282,3 @@ Description: lib2to3 package for Python (version 3.7) Lib2to3 package for Python (version 3.7). This package contains the lib2to3 module from the Python standard library. - -Package: python3.7-full -Architecture: any -Multi-Arch: allowed -Depends: python3.7 (= ${binary:Version}), - libpython3.7-testsuite, - python3.7-venv (= ${binary:Version}), - idle-python3.7, - python3.7-distutils, - python3.7-gdbm, - python3.7-lib2to3, - python3.7-tk, - ca-certificates, - ${shlibs:Depends}, ${misc:Depends} -Recommends: python3.7-doc, python3.7-examples, -Suggests: python3.7-dev -Description: Python Interpreter with complete class library (version 3.7) - Python, the high-level, interactive object oriented language, - includes an extensive class library with lots of goodies for - network programming, system administration, sounds and graphics. - . - This package is a dependency package, which depends on the full - standard library of Python for Python developers. Including modules - used only at build-time, such as venv and distutils, and modules with - complex dependencies, such as tk and IDLE. All batteries included. - . - According to the Debian Python policy, this package must not be used in - build dependencies, dependencies and recommendations. diff -Nru python3.7-3.7.12/debian/control.in python3.7-3.7.10/debian/control.in --- python3.7-3.7.12/debian/control.in 2021-09-10 00:20:04.000000000 +0000 +++ python3.7-3.7.10/debian/control.in 2021-02-20 21:21:42.000000000 +0000 @@ -5,7 +5,7 @@ Build-Depends: debhelper (>= 9), @bd_dpkgdev@ quilt, autoconf, lsb-release, sharutils, - libreadline-dev, libncurses-dev (>= 5.3), @bd_gcc@ + libreadline-dev, libncursesw5-dev (>= 5.3), @bd_gcc@ zlib1g-dev, libbz2-dev, liblzma-dev, libgdbm-dev, libdb-dev, tk-dev, blt-dev (>= 2.4z), libssl-dev, @@ -282,31 +282,3 @@ Description: lib2to3 package for Python (version @VER@) Lib2to3 package for Python (version @VER@). This package contains the lib2to3 module from the Python standard library. - -Package: @PVER@-full -Architecture: any -Multi-Arch: allowed -Depends: @PVER@ (= ${binary:Version}), - lib@PVER@-testsuite, - @PVER@-venv (= ${binary:Version}), - idle-@PVER@, - @PVER@-distutils, - @PVER@-gdbm, - @PVER@-lib2to3, - @PVER@-tk, - ca-certificates, - ${shlibs:Depends}, ${misc:Depends} -Recommends: @PVER@-doc, @PVER@-examples, -Suggests: @PVER@-dev -Description: Python Interpreter with complete class library (version @VER@) - Python, the high-level, interactive object oriented language, - includes an extensive class library with lots of goodies for - network programming, system administration, sounds and graphics. - . - This package is a dependency package, which depends on the full - standard library of Python for Python developers. Including modules - used only at build-time, such as venv and distutils, and modules with - complex dependencies, such as tk and IDLE. All batteries included. - . - According to the Debian Python policy, this package must not be used in - build dependencies, dependencies and recommendations. diff -Nru python3.7-3.7.12/debian/patches/deb-locations.diff python3.7-3.7.10/debian/patches/deb-locations.diff --- python3.7-3.7.12/debian/patches/deb-locations.diff 2021-09-10 00:20:04.000000000 +0000 +++ python3.7-3.7.10/debian/patches/deb-locations.diff 2021-02-20 21:21:42.000000000 +0000 @@ -9,7 +9,7 @@ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Lib/pydoc.py b/Lib/pydoc.py -index 9677c0d..3ec4f56 100644 +index 978e4cd..9c91c7b 100644 --- a/Lib/pydoc.py +++ b/Lib/pydoc.py @@ -31,6 +31,10 @@ to a file named ".html". diff -Nru python3.7-3.7.12/debian/patches/distutils-install-layout.diff python3.7-3.7.10/debian/patches/distutils-install-layout.diff --- python3.7-3.7.12/debian/patches/distutils-install-layout.diff 2021-09-10 00:20:04.000000000 +0000 +++ python3.7-3.7.10/debian/patches/distutils-install-layout.diff 2021-02-20 21:21:42.000000000 +0000 @@ -214,7 +214,7 @@ def test_debug_mode(self): diff --git a/Lib/pydoc.py b/Lib/pydoc.py -index 3ec4f56..59ccb87 100644 +index 9c91c7b..0038987 100644 --- a/Lib/pydoc.py +++ b/Lib/pydoc.py @@ -419,6 +419,7 @@ class Doc: diff -Nru python3.7-3.7.12/debian/patches/pydoc-use-pager.diff python3.7-3.7.10/debian/patches/pydoc-use-pager.diff --- python3.7-3.7.12/debian/patches/pydoc-use-pager.diff 2021-09-10 00:20:04.000000000 +0000 +++ python3.7-3.7.10/debian/patches/pydoc-use-pager.diff 2021-02-20 21:21:42.000000000 +0000 @@ -8,7 +8,7 @@ 1 file changed, 2 insertions(+) diff --git a/Lib/pydoc.py b/Lib/pydoc.py -index 59ccb87..240eb54 100644 +index 0038987..8f6418d 100644 --- a/Lib/pydoc.py +++ b/Lib/pydoc.py @@ -1472,6 +1472,8 @@ def getpager(): diff -Nru python3.7-3.7.12/debian/rules python3.7-3.7.10/debian/rules --- python3.7-3.7.12/debian/rules 2021-09-10 00:20:04.000000000 +0000 +++ python3.7-3.7.10/debian/rules 2021-02-20 21:21:42.000000000 +0000 @@ -77,7 +77,7 @@ distrelease := $(shell lsb_release -cs) VER=3.7 -SVER=3.7.12 +SVER=3.7.10 NVER=3.8 PVER=python$(VER) EXT_VER=$(subst .,,$(VER)) @@ -229,7 +229,6 @@ p_gdbm_dbg := $(PVER)-gdbm-dbg p_dist := $(PVER)-distutils p_2to3 := $(PVER)-lib2to3 -p_full := $(PVER)-full p_lbase := lib$(PVER)-stdlib p_lmin := lib$(PVER)-minimal @@ -1410,7 +1409,7 @@ -dh_icons -a || dh_iconcache -a # dh_installmime -a dh_installchangelogs -a - for i in $(p_dev) $(p_dbg) $(p_venv) $(p_full); do \ + for i in $(p_dev) $(p_dbg) $(p_venv); do \ rm -rf debian/$$i/usr/share/doc/$$i; \ ln -s $(p_base) debian/$$i/usr/share/doc/$$i; \ done diff -Nru python3.7-3.7.12/Doc/library/threading.rst python3.7-3.7.10/Doc/library/threading.rst --- python3.7-3.7.12/Doc/library/threading.rst 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Doc/library/threading.rst 2021-02-16 01:29:22.000000000 +0000 @@ -21,18 +21,6 @@ supported by this module. -.. impl-detail:: - - In CPython, due to the :term:`Global Interpreter Lock`, only one thread - can execute Python code at once (even though certain performance-oriented - libraries might overcome this limitation). - If you want your application to make better use of the computational - resources of multi-core machines, you are advised to use - :mod:`multiprocessing` or :class:`concurrent.futures.ProcessPoolExecutor`. - However, threading is still an appropriate model if you want to run - multiple I/O-bound tasks simultaneously. - - This module defines the following functions: @@ -335,6 +323,18 @@ property instead. +.. impl-detail:: + + In CPython, due to the :term:`Global Interpreter Lock`, only one thread + can execute Python code at once (even though certain performance-oriented + libraries might overcome this limitation). + If you want your application to make better use of the computational + resources of multi-core machines, you are advised to use + :mod:`multiprocessing` or :class:`concurrent.futures.ProcessPoolExecutor`. + However, threading is still an appropriate model if you want to run + multiple I/O-bound tasks simultaneously. + + .. _lock-objects: Lock Objects diff -Nru python3.7-3.7.12/Doc/library/urllib.parse.rst python3.7-3.7.10/Doc/library/urllib.parse.rst --- python3.7-3.7.12/Doc/library/urllib.parse.rst 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Doc/library/urllib.parse.rst 2021-02-16 01:29:22.000000000 +0000 @@ -311,9 +311,6 @@ ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is decomposed before parsing, no error will be raised. - Following the `WHATWG spec`_ that updates RFC 3986, ASCII newline - ``\n``, ``\r`` and tab ``\t`` characters are stripped from the URL. - .. versionchanged:: 3.6 Out-of-range port numbers now raise :exc:`ValueError`, instead of returning :const:`None`. @@ -322,10 +319,6 @@ Characters that affect netloc parsing under NFKC normalization will now raise :exc:`ValueError`. - .. versionchanged:: 3.7.11 - ASCII newline and tab characters are stripped from the URL. - -.. _WHATWG spec: https://url.spec.whatwg.org/#concept-basic-url-parser .. function:: urlunsplit(parts) @@ -667,10 +660,6 @@ .. seealso:: - `WHATWG`_ - URL Living standard - Working Group for the URL Standard that defines URLs, domains, IP addresses, the - application/x-www-form-urlencoded format, and their API. - :rfc:`3986` - Uniform Resource Identifiers This is the current standard (STD66). Any changes to urllib.parse module should conform to this. Certain deviations could be observed, which are @@ -694,5 +683,3 @@ :rfc:`1738` - Uniform Resource Locators (URL) This specifies the formal syntax and semantics of absolute URLs. - -.. _WHATWG: https://url.spec.whatwg.org/ diff -Nru python3.7-3.7.12/Doc/library/xml.rst python3.7-3.7.10/Doc/library/xml.rst --- python3.7-3.7.12/Doc/library/xml.rst 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Doc/library/xml.rst 2021-02-16 01:29:22.000000000 +0000 @@ -60,26 +60,22 @@ The following table gives an overview of the known attacks and whether the various modules are vulnerable to them. -========================= ================== ================== ================== ================== ================== -kind sax etree minidom pulldom xmlrpc -========================= ================== ================== ================== ================== ================== -billion laughs **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1) -quadratic blowup **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1) -external entity expansion Safe (5) Safe (2) Safe (3) Safe (5) Safe (4) -`DTD`_ retrieval Safe (5) Safe Safe Safe (5) Safe -decompression bomb Safe Safe Safe Safe **Vulnerable** -========================= ================== ================== ================== ================== ================== +========================= ============== =============== ============== ============== ============== +kind sax etree minidom pulldom xmlrpc +========================= ============== =============== ============== ============== ============== +billion laughs **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** +quadratic blowup **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** +external entity expansion Safe (4) Safe (1) Safe (2) Safe (4) Safe (3) +`DTD`_ retrieval Safe (4) Safe Safe Safe (4) Safe +decompression bomb Safe Safe Safe Safe **Vulnerable** +========================= ============== =============== ============== ============== ============== -1. Expat 2.4.1 and newer is not vulnerable to the "billion laughs" and - "quadratic blowup" vulnerabilities. Items still listed as vulnerable due to - potential reliance on system-provided libraries. Check - :data:`pyexpat.EXPAT_VERSION`. -2. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a +1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a :exc:`ParserError` when an entity occurs. -3. :mod:`xml.dom.minidom` doesn't expand external entities and simply returns +2. :mod:`xml.dom.minidom` doesn't expand external entities and simply returns the unexpanded entity verbatim. -4. :mod:`xmlrpclib` doesn't expand external entities and omits them. -5. Since Python 3.7.1, external general entities are no longer processed by +3. :mod:`xmlrpclib` doesn't expand external entities and omits them. +4. Since Python 3.7.1, external general entities are no longer processed by default. diff -Nru python3.7-3.7.12/Doc/whatsnew/3.7.rst python3.7-3.7.10/Doc/whatsnew/3.7.rst --- python3.7-3.7.12/Doc/whatsnew/3.7.rst 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Doc/whatsnew/3.7.rst 2021-02-16 01:29:22.000000000 +0000 @@ -2585,22 +2585,3 @@ functions internally. For more details, please see their respective documentation. (Contributed by Adam Goldschmidt, Senthil Kumaran and Ken Jin in :issue:`42967`.) - -Notable changes in Python 3.7.11 -================================ - -A security fix alters the :class:`ftplib.FTP` behavior to not trust the -IPv4 address sent from the remote server when setting up a passive data -channel. We reuse the ftp server IP address instead. For unusual code -requiring the old behavior, set a ``trust_server_pasv_ipv4_address`` -attribute on your FTP instance to ``True``. (See :issue:`43285`) - - -The presence of newline or tab characters in parts of a URL allows for some -forms of attacks. Following the WHATWG specification that updates RFC 3986, -ASCII newline ``\n``, ``\r`` and tab ``\t`` characters are stripped from the -URL by the parser :func:`urllib.parse` preventing such attacks. The removal -characters are controlled by a new module level variable -``urllib.parse._UNSAFE_URL_BYTES_TO_REMOVE``. (See :issue:`43882`) - - diff -Nru python3.7-3.7.12/Include/patchlevel.h python3.7-3.7.10/Include/patchlevel.h --- python3.7-3.7.12/Include/patchlevel.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Include/patchlevel.h 2021-02-16 01:29:22.000000000 +0000 @@ -18,12 +18,12 @@ /*--start constants--*/ #define PY_MAJOR_VERSION 3 #define PY_MINOR_VERSION 7 -#define PY_MICRO_VERSION 12 +#define PY_MICRO_VERSION 10 #define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_FINAL #define PY_RELEASE_SERIAL 0 /* Version as a string */ -#define PY_VERSION "3.7.12" +#define PY_VERSION "3.7.10" /*--end constants--*/ /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2. diff -Nru python3.7-3.7.12/Lib/email/_parseaddr.py python3.7-3.7.10/Lib/email/_parseaddr.py --- python3.7-3.7.12/Lib/email/_parseaddr.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/email/_parseaddr.py 2021-02-16 01:29:22.000000000 +0000 @@ -67,8 +67,6 @@ if not data: return data = data.split() - if not data: # This happens for whitespace-only input. - return None # The FWS after the comma after the day-of-week is optional, so search and # adjust for this. if data[0].endswith(',') or data[0].lower() in _daynames: diff -Nru python3.7-3.7.12/Lib/ftplib.py python3.7-3.7.10/Lib/ftplib.py --- python3.7-3.7.12/Lib/ftplib.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/ftplib.py 2021-02-16 01:29:22.000000000 +0000 @@ -104,8 +104,6 @@ welcome = None passiveserver = 1 encoding = "latin-1" - # Disables https://bugs.python.org/issue43285 security if set to True. - trust_server_pasv_ipv4_address = False # Initialization method (called by class instantiation). # Initialize host to localhost, port to standard ftp port @@ -335,13 +333,8 @@ return sock def makepasv(self): - """Internal: Does the PASV or EPSV handshake -> (address, port)""" if self.af == socket.AF_INET: - untrusted_host, port = parse227(self.sendcmd('PASV')) - if self.trust_server_pasv_ipv4_address: - host = untrusted_host - else: - host = self.sock.getpeername()[0] + host, port = parse227(self.sendcmd('PASV')) else: host, port = parse229(self.sendcmd('EPSV'), self.sock.getpeername()) return host, port diff -Nru python3.7-3.7.12/Lib/http/client.py python3.7-3.7.10/Lib/http/client.py --- python3.7-3.7.12/Lib/http/client.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/http/client.py 2021-02-16 01:29:22.000000000 +0000 @@ -204,11 +204,15 @@ lst.append(line) return lst -def _read_headers(fp): - """Reads potential header lines into a list from a file pointer. +def parse_headers(fp, _class=HTTPMessage): + """Parses only RFC2822 headers from a file pointer. + + email Parser wants to see strings rather than bytes. + But a TextIOWrapper around self.rfile would buffer too many bytes + from the stream, bytes which we later need to read as bytes. + So we read the correct bytes here, as bytes, for email Parser + to parse. - Length of line is limited by _MAXLINE, and number of - headers is limited by _MAXHEADERS. """ headers = [] while True: @@ -220,19 +224,6 @@ raise HTTPException("got more than %d headers" % _MAXHEADERS) if line in (b'\r\n', b'\n', b''): break - return headers - -def parse_headers(fp, _class=HTTPMessage): - """Parses only RFC2822 headers from a file pointer. - - email Parser wants to see strings rather than bytes. - But a TextIOWrapper around self.rfile would buffer too many bytes - from the stream, bytes which we later need to read as bytes. - So we read the correct bytes here, as bytes, for email Parser - to parse. - - """ - headers = _read_headers(fp) hstring = b''.join(headers).decode('iso-8859-1') return email.parser.Parser(_class=_class).parsestr(hstring) @@ -320,10 +311,15 @@ if status != CONTINUE: break # skip the header from the 100 response - skipped_headers = _read_headers(self.fp) - if self.debuglevel > 0: - print("headers:", skipped_headers) - del skipped_headers + while True: + skip = self.fp.readline(_MAXLINE + 1) + if len(skip) > _MAXLINE: + raise LineTooLong("header line") + skip = skip.strip() + if not skip: + break + if self.debuglevel > 0: + print("header:", skip) self.code = self.status = status self.reason = reason.strip() diff -Nru python3.7-3.7.12/Lib/pydoc_data/topics.py python3.7-3.7.10/Lib/pydoc_data/topics.py --- python3.7-3.7.12/Lib/pydoc_data/topics.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/pydoc_data/topics.py 2021-02-16 01:29:22.000000000 +0000 @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Autogenerated by Sphinx on Fri Sep 3 23:33:01 2021 +# Autogenerated by Sphinx on Mon Feb 15 20:10:03 2021 topics = {'assert': 'The "assert" statement\n' '**********************\n' '\n' @@ -5118,7 +5118,7 @@ 'character that can be any character and defaults to a space ' 'if\n' 'omitted. It is not possible to use a literal curly brace ' - '(”"{"” or\n' + '(“"{"” or\n' '“"}"”) as the *fill* character in a formatted string ' 'literal or when\n' 'using the "str.format()" method. However, it is possible ' @@ -6742,7 +6742,7 @@ '\n' 'Note that numeric literals do not include a sign; a phrase like ' '"-1"\n' - 'is actually an expression composed of the unary operator ‘"-"’ ' + 'is actually an expression composed of the unary operator ‘"-"‘ ' 'and the\n' 'literal "1".\n', 'numeric-types': 'Emulating numeric types\n' diff -Nru python3.7-3.7.12/Lib/pydoc.py python3.7-3.7.10/Lib/pydoc.py --- python3.7-3.7.12/Lib/pydoc.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/pydoc.py 2021-02-16 01:29:22.000000000 +0000 @@ -2348,6 +2348,9 @@ %s%s
%s
''' % (title, css_link, html_navbar(), contents) + def filelink(self, url, path): + return '%s' % (url, path) + html = _HTMLDoc() @@ -2433,6 +2436,19 @@ 'key = %s' % key, '#ffffff', '#ee77aa', '
'.join(results)) return 'Search Results', contents + def html_getfile(path): + """Get and display a source file listing safely.""" + path = urllib.parse.unquote(path) + with tokenize.open(path) as fp: + lines = html.escape(fp.read()) + body = '
%s
' % lines + heading = html.heading( + 'File Listing', + '#ffffff', '#7799ee') + contents = heading + html.bigsection( + 'File: %s' % path, '#ffffff', '#ee77aa', body) + return 'getfile %s' % path, contents + def html_topics(): """Index of topic texts available.""" @@ -2524,6 +2540,8 @@ op, _, url = url.partition('=') if op == "search?key": title, content = html_search(url) + elif op == "getfile?key": + title, content = html_getfile(url) elif op == "topic?key": # try topics first, then objects. try: diff -Nru python3.7-3.7.12/Lib/smtplib.py python3.7-3.7.10/Lib/smtplib.py --- python3.7-3.7.12/Lib/smtplib.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/smtplib.py 2021-02-16 01:29:22.000000000 +0000 @@ -361,15 +361,10 @@ def putcmd(self, cmd, args=""): """Send a command to the server.""" if args == "": - s = cmd + str = '%s%s' % (cmd, CRLF) else: - s = f'{cmd} {args}' - if '\r' in s or '\n' in s: - s = s.replace('\n', '\\n').replace('\r', '\\r') - raise ValueError( - f'command and arguments contain prohibited newline characters: {s}' - ) - self.send(f'{s}{CRLF}') + str = '%s %s%s' % (cmd, args, CRLF) + self.send(str) def getreply(self): """Get a reply from the server. diff -Nru python3.7-3.7.12/Lib/test/test_email/test_email.py python3.7-3.7.10/Lib/test/test_email/test_email.py --- python3.7-3.7.12/Lib/test/test_email/test_email.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/test/test_email/test_email.py 2021-02-16 01:29:22.000000000 +0000 @@ -2967,8 +2967,6 @@ def test_parsedate_returns_None_for_invalid_strings(self): self.assertIsNone(utils.parsedate('')) self.assertIsNone(utils.parsedate_tz('')) - self.assertIsNone(utils.parsedate(' ')) - self.assertIsNone(utils.parsedate_tz(' ')) self.assertIsNone(utils.parsedate('0')) self.assertIsNone(utils.parsedate_tz('0')) self.assertIsNone(utils.parsedate('A Complete Waste of Time')) diff -Nru python3.7-3.7.12/Lib/test/test_ftplib.py python3.7-3.7.10/Lib/test/test_ftplib.py --- python3.7-3.7.12/Lib/test/test_ftplib.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/test/test_ftplib.py 2021-02-16 01:29:22.000000000 +0000 @@ -94,10 +94,6 @@ self.rest = None self.next_retr_data = RETR_DATA self.push('220 welcome') - # We use this as the string IPv4 address to direct the client - # to in response to a PASV command. To test security behavior. - # https://bugs.python.org/issue43285/. - self.fake_pasv_server_ip = '252.253.254.255' def collect_incoming_data(self, data): self.in_buffer.append(data) @@ -140,8 +136,7 @@ sock.bind((self.socket.getsockname()[0], 0)) sock.listen() sock.settimeout(TIMEOUT) - port = sock.getsockname()[1] - ip = self.fake_pasv_server_ip + ip, port = sock.getsockname()[:2] ip = ip.replace('.', ','); p1 = port / 256; p2 = port % 256 self.push('227 entering passive mode (%s,%d,%d)' %(ip, p1, p2)) conn, addr = sock.accept() @@ -703,26 +698,6 @@ # IPv4 is in use, just make sure send_epsv has not been used self.assertEqual(self.server.handler_instance.last_received_cmd, 'pasv') - def test_makepasv_issue43285_security_disabled(self): - """Test the opt-in to the old vulnerable behavior.""" - self.client.trust_server_pasv_ipv4_address = True - bad_host, port = self.client.makepasv() - self.assertEqual( - bad_host, self.server.handler_instance.fake_pasv_server_ip) - # Opening and closing a connection keeps the dummy server happy - # instead of timing out on accept. - socket.create_connection((self.client.sock.getpeername()[0], port), - timeout=TIMEOUT).close() - - def test_makepasv_issue43285_security_enabled_default(self): - self.assertFalse(self.client.trust_server_pasv_ipv4_address) - trusted_host, port = self.client.makepasv() - self.assertNotEqual( - trusted_host, self.server.handler_instance.fake_pasv_server_ip) - # Opening and closing a connection keeps the dummy server happy - # instead of timing out on accept. - socket.create_connection((trusted_host, port), timeout=TIMEOUT).close() - def test_with_statement(self): self.client.quit() diff -Nru python3.7-3.7.12/Lib/test/test_httplib.py python3.7-3.7.10/Lib/test/test_httplib.py --- python3.7-3.7.12/Lib/test/test_httplib.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/test/test_httplib.py 2021-02-16 01:29:22.000000000 +0000 @@ -998,19 +998,6 @@ resp = client.HTTPResponse(FakeSocket(body)) self.assertRaises(client.LineTooLong, resp.begin) - def test_overflowing_header_limit_after_100(self): - body = ( - 'HTTP/1.1 100 OK\r\n' - 'r\n' * 32768 - ) - resp = client.HTTPResponse(FakeSocket(body)) - with self.assertRaises(client.HTTPException) as cm: - resp.begin() - # We must assert more because other reasonable errors that we - # do not want can also be HTTPException derived. - self.assertIn('got more than ', str(cm.exception)) - self.assertIn('headers', str(cm.exception)) - def test_overflowing_chunked_line(self): body = ( 'HTTP/1.1 200 OK\r\n' @@ -1415,7 +1402,7 @@ class OfflineTest(TestCase): def test_all(self): # Documented objects defined in the module should be in __all__ - expected = {"responses"} # Allowlist documented dict() object + expected = {"responses"} # White-list documented dict() object # HTTPMessage, parse_headers(), and the HTTP status code constants are # intentionally omitted for simplicity blacklist = {"HTTPMessage", "parse_headers"} diff -Nru python3.7-3.7.12/Lib/test/test_pydoc.py python3.7-3.7.10/Lib/test/test_pydoc.py --- python3.7-3.7.12/Lib/test/test_pydoc.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/test/test_pydoc.py 2021-02-16 01:29:22.000000000 +0000 @@ -1049,12 +1049,18 @@ ("topic?key=def", "Pydoc: KEYWORD def"), ("topic?key=STRINGS", "Pydoc: TOPIC STRINGS"), ("foobar", "Pydoc: Error - foobar"), + ("getfile?key=foobar", "Pydoc: Error - getfile?key=foobar"), ] with self.restrict_walk_packages(): for url, title in requests: self.call_url_handler(url, title) + path = string.__file__ + title = "Pydoc: getfile " + path + url = "getfile?key=" + path + self.call_url_handler(url, title) + class TestHelper(unittest.TestCase): def test_keywords(self): diff -Nru python3.7-3.7.12/Lib/test/test_smtplib.py python3.7-3.7.10/Lib/test/test_smtplib.py --- python3.7-3.7.12/Lib/test/test_smtplib.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/test/test_smtplib.py 2021-02-16 01:29:22.000000000 +0000 @@ -282,16 +282,6 @@ self.assertEqual(smtp.getreply(), expected) smtp.quit() - def test_issue43124_putcmd_escapes_newline(self): - # see: https://bugs.python.org/issue43124 - smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', - timeout=10) # support.LOOPBACK_TIMEOUT in newer Pythons - self.addCleanup(smtp.close) - with self.assertRaises(ValueError) as exc: - smtp.putcmd('helo\nX-INJECTED') - self.assertIn("prohibited newline characters", str(exc.exception)) - smtp.quit() - def testVRFY(self): smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=3) expected = (252, b'Cannot VRFY user, but will accept message ' + \ @@ -361,51 +351,6 @@ mexpect = '%s%s\n%s' % (MSG_BEGIN, m, MSG_END) self.assertEqual(self.output.getvalue(), mexpect) - def test_issue43124_escape_localhostname(self): - # see: https://bugs.python.org/issue43124 - # connect and send mail - m = 'wazzuuup\nlinetwo' - smtp = smtplib.SMTP(HOST, self.port, local_hostname='hi\nX-INJECTED', - timeout=10) # support.LOOPBACK_TIMEOUT in newer Pythons - self.addCleanup(smtp.close) - with self.assertRaises(ValueError) as exc: - smtp.sendmail("hi@me.com", "you@me.com", m) - self.assertIn( - "prohibited newline characters: ehlo hi\\nX-INJECTED", - str(exc.exception), - ) - # XXX (see comment in testSend) - time.sleep(0.01) - smtp.quit() - - debugout = smtpd.DEBUGSTREAM.getvalue() - self.assertNotIn("X-INJECTED", debugout) - - def test_issue43124_escape_options(self): - # see: https://bugs.python.org/issue43124 - # connect and send mail - m = 'wazzuuup\nlinetwo' - smtp = smtplib.SMTP( - HOST, self.port, local_hostname='localhost', - timeout=10) # support.LOOPBACK_TIMEOUT in newer Pythons - - self.addCleanup(smtp.close) - smtp.sendmail("hi@me.com", "you@me.com", m) - with self.assertRaises(ValueError) as exc: - smtp.mail("hi@me.com", ["X-OPTION\nX-INJECTED-1", "X-OPTION2\nX-INJECTED-2"]) - msg = str(exc.exception) - self.assertIn("prohibited newline characters", msg) - self.assertIn("X-OPTION\\nX-INJECTED-1 X-OPTION2\\nX-INJECTED-2", msg) - # XXX (see comment in testSend) - time.sleep(0.01) - smtp.quit() - - debugout = smtpd.DEBUGSTREAM.getvalue() - self.assertNotIn("X-OPTION", debugout) - self.assertNotIn("X-OPTION2", debugout) - self.assertNotIn("X-INJECTED-1", debugout) - self.assertNotIn("X-INJECTED-2", debugout) - def testSendNullSender(self): m = 'A test message' smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost', timeout=3) diff -Nru python3.7-3.7.12/Lib/test/test_socket.py python3.7-3.7.10/Lib/test/test_socket.py --- python3.7-3.7.12/Lib/test/test_socket.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/test/test_socket.py 2021-02-16 01:29:22.000000000 +0000 @@ -1863,10 +1863,8 @@ def testSendFrame(self): cf, addr = self.s.recvfrom(self.bufsize) self.assertEqual(self.cf, cf) - # XXX: This may not be strictly correct, but the ship has sailed for - # 3.7. This is different in 3.8+; we just want the test to pass - # in 3.7 at this point. -- ZW 6May21 - self.assertEqual(addr, self.interface) + self.assertEqual(addr[0], self.interface) + self.assertEqual(addr[1], socket.AF_CAN) def _testSendFrame(self): self.cf = self.build_can_frame(0x00, b'\x01\x02\x03\x04\x05') diff -Nru python3.7-3.7.12/Lib/test/test_ssl.py python3.7-3.7.10/Lib/test/test_ssl.py --- python3.7-3.7.12/Lib/test/test_ssl.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/test/test_ssl.py 2021-02-16 01:29:22.000000000 +0000 @@ -142,30 +142,6 @@ OP_CIPHER_SERVER_PREFERENCE = getattr(ssl, "OP_CIPHER_SERVER_PREFERENCE", 0) OP_ENABLE_MIDDLEBOX_COMPAT = getattr(ssl, "OP_ENABLE_MIDDLEBOX_COMPAT", 0) -# Ubuntu has patched OpenSSL and changed behavior of security level 2 -# see https://bugs.python.org/issue41561#msg389003 -def is_ubuntu(): - try: - # Assume that any references of "ubuntu" implies Ubuntu-like distro - # The workaround is not required for 18.04, but doesn't hurt either. - with open("/etc/os-release", encoding="utf-8") as f: - return "ubuntu" in f.read() - except FileNotFoundError: - return False - -if is_ubuntu(): - def seclevel_workaround(*ctxs): - """"Lower security level to '1' and allow all ciphers for TLS 1.0/1""" - for ctx in ctxs: - if ( - hasattr(ctx, "minimum_version") and - ctx.minimum_version <= ssl.TLSVersion.TLSv1_1 - ): - ctx.set_ciphers("@SECLEVEL=1:ALL") -else: - def seclevel_workaround(*ctxs): - pass - def has_tls_protocol(protocol): """Check if a TLS protocol is available and enabled @@ -2802,8 +2778,6 @@ if client_context.protocol == ssl.PROTOCOL_TLS: client_context.set_ciphers("ALL") - seclevel_workaround(server_context, client_context) - for ctx in (client_context, server_context): ctx.verify_mode = certsreqs ctx.load_cert_chain(SIGNED_CERTFILE) @@ -2846,7 +2820,6 @@ with self.subTest(protocol=ssl._PROTOCOL_NAMES[protocol]): context = ssl.SSLContext(protocol) context.load_cert_chain(CERTFILE) - seclevel_workaround(context) server_params_test(context, context, chatty=True, connectionchatty=True) @@ -3852,7 +3825,6 @@ client_context.maximum_version = ssl.TLSVersion.TLSv1_2 server_context.minimum_version = ssl.TLSVersion.TLSv1 server_context.maximum_version = ssl.TLSVersion.TLSv1_1 - seclevel_workaround(client_context, server_context) with ThreadedEchoServer(context=server_context) as server: with client_context.wrap_socket(socket.socket(), @@ -3869,8 +3841,6 @@ server_context.maximum_version = ssl.TLSVersion.TLSv1_2 client_context.minimum_version = ssl.TLSVersion.TLSv1 client_context.maximum_version = ssl.TLSVersion.TLSv1 - seclevel_workaround(client_context, server_context) - with ThreadedEchoServer(context=server_context) as server: with client_context.wrap_socket(socket.socket(), server_hostname=hostname) as s: @@ -3885,8 +3855,6 @@ server_context.minimum_version = ssl.TLSVersion.SSLv3 client_context.minimum_version = ssl.TLSVersion.SSLv3 client_context.maximum_version = ssl.TLSVersion.SSLv3 - seclevel_workaround(client_context, server_context) - with ThreadedEchoServer(context=server_context) as server: with client_context.wrap_socket(socket.socket(), server_hostname=hostname) as s: diff -Nru python3.7-3.7.12/Lib/test/test_sys.py python3.7-3.7.10/Lib/test/test_sys.py --- python3.7-3.7.12/Lib/test/test_sys.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/test/test_sys.py 2021-02-16 01:29:22.000000000 +0000 @@ -1292,21 +1292,6 @@ self.assertIsNone(cur.firstiter) self.assertIsNone(cur.finalizer) - def test_changing_sys_stderr_and_removing_reference(self): - # If the default displayhook doesn't take a strong reference - # to sys.stderr the following code can crash. See bpo-43660 - # for more details. - code = textwrap.dedent(''' - import sys - class MyStderr: - def write(self, s): - sys.stderr = None - sys.stderr = MyStderr() - 1/0 - ''') - rc, out, err = assert_python_failure('-c', code) - self.assertEqual(out, b"") - self.assertEqual(err, b"") def test_main(): test.support.run_unittest(SysModuleTest, SizeofTest) diff -Nru python3.7-3.7.12/Lib/test/test_urlparse.py python3.7-3.7.10/Lib/test/test_urlparse.py --- python3.7-3.7.12/Lib/test/test_urlparse.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/test/test_urlparse.py 2021-02-16 01:29:22.000000000 +0000 @@ -612,54 +612,6 @@ with self.assertRaisesRegex(ValueError, "out of range"): p.port - def test_urlsplit_remove_unsafe_bytes(self): - # Remove ASCII tabs and newlines from input, for http common case scenario. - url = "h\nttp://www.python\n.org\t/java\nscript:\talert('msg\r\n')/?query\n=\tsomething#frag\nment" - p = urllib.parse.urlsplit(url) - self.assertEqual(p.scheme, "http") - self.assertEqual(p.netloc, "www.python.org") - self.assertEqual(p.path, "/javascript:alert('msg')/") - self.assertEqual(p.query, "query=something") - self.assertEqual(p.fragment, "fragment") - self.assertEqual(p.username, None) - self.assertEqual(p.password, None) - self.assertEqual(p.hostname, "www.python.org") - self.assertEqual(p.port, None) - self.assertEqual(p.geturl(), "http://www.python.org/javascript:alert('msg')/?query=something#fragment") - - # Remove ASCII tabs and newlines from input as bytes, for http common case scenario. - url = b"h\nttp://www.python\n.org\t/java\nscript:\talert('msg\r\n')/?query\n=\tsomething#frag\nment" - p = urllib.parse.urlsplit(url) - self.assertEqual(p.scheme, b"http") - self.assertEqual(p.netloc, b"www.python.org") - self.assertEqual(p.path, b"/javascript:alert('msg')/") - self.assertEqual(p.query, b"query=something") - self.assertEqual(p.fragment, b"fragment") - self.assertEqual(p.username, None) - self.assertEqual(p.password, None) - self.assertEqual(p.hostname, b"www.python.org") - self.assertEqual(p.port, None) - self.assertEqual(p.geturl(), b"http://www.python.org/javascript:alert('msg')/?query=something#fragment") - - # any scheme - url = "x-new-scheme\t://www.python\n.org\t/java\nscript:\talert('msg\r\n')/?query\n=\tsomething#frag\nment" - p = urllib.parse.urlsplit(url) - self.assertEqual(p.geturl(), "x-new-scheme://www.python.org/javascript:alert('msg')/?query=something#fragment") - - # Remove ASCII tabs and newlines from input as bytes, any scheme. - url = b"x-new-scheme\t://www.python\n.org\t/java\nscript:\talert('msg\r\n')/?query\n=\tsomething#frag\nment" - p = urllib.parse.urlsplit(url) - self.assertEqual(p.geturl(), b"x-new-scheme://www.python.org/javascript:alert('msg')/?query=something#fragment") - - # Unsafe bytes is not returned from urlparse cache. - # scheme is stored after parsing, sending an scheme with unsafe bytes *will not* return an unsafe scheme - url = "https://www.python\n.org\t/java\nscript:\talert('msg\r\n')/?query\n=\tsomething#frag\nment" - scheme = "htt\nps" - for _ in range(2): - p = urllib.parse.urlsplit(url, scheme=scheme) - self.assertEqual(p.scheme, "https") - self.assertEqual(p.geturl(), "https://www.python.org/javascript:alert('msg')/?query=something#fragment") - def test_attributes_bad_port(self): """Check handling of invalid ports.""" for bytes in (False, True): diff -Nru python3.7-3.7.12/Lib/urllib/parse.py python3.7-3.7.10/Lib/urllib/parse.py --- python3.7-3.7.12/Lib/urllib/parse.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/urllib/parse.py 2021-02-16 01:29:22.000000000 +0000 @@ -76,9 +76,6 @@ '0123456789' '+-.') -# Unsafe bytes to be removed per WHATWG spec -_UNSAFE_URL_BYTES_TO_REMOVE = ['\t', '\r', '\n'] - # XXX: Consider replacing with functools.lru_cache MAX_CACHE_SIZE = 20 _parse_cache = {} @@ -412,11 +409,6 @@ raise ValueError("netloc '" + netloc + "' contains invalid " + "characters under NFKC normalization") -def _remove_unsafe_bytes_from_url(url): - for b in _UNSAFE_URL_BYTES_TO_REMOVE: - url = url.replace(b, "") - return url - def urlsplit(url, scheme='', allow_fragments=True): """Parse a URL into 5 components: :///?# @@ -424,8 +416,6 @@ Note that we don't break the components up in smaller bits (e.g. netloc is a single string) and we don't expand % escapes.""" url, scheme, _coerce_result = _coerce_args(url, scheme) - url = _remove_unsafe_bytes_from_url(url) - scheme = _remove_unsafe_bytes_from_url(scheme) allow_fragments = bool(allow_fragments) key = url, scheme, allow_fragments, type(url), type(scheme) cached = _parse_cache.get(key, None) diff -Nru python3.7-3.7.12/Lib/urllib/request.py python3.7-3.7.10/Lib/urllib/request.py --- python3.7-3.7.12/Lib/urllib/request.py 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Lib/urllib/request.py 2021-02-16 01:29:22.000000000 +0000 @@ -946,7 +946,7 @@ # (single quotes are a violation of the RFC, but appear in the wild) rx = re.compile('(?:^|,)' # start of the string or ',' '[ \t]*' # optional whitespaces - '([^ \t,]+)' # scheme like "Basic" + '([^ \t]+)' # scheme like "Basic" '[ \t]+' # mandatory whitespaces # realm=xxx # realm='xxx' diff -Nru python3.7-3.7.12/Misc/NEWS python3.7-3.7.10/Misc/NEWS --- python3.7-3.7.12/Misc/NEWS 2021-09-04 05:47:15.000000000 +0000 +++ python3.7-3.7.10/Misc/NEWS 2021-02-16 02:11:57.000000000 +0000 @@ -2,82 +2,6 @@ Python News +++++++++++ -What's New in Python 3.7.12 final? -================================== - -*Release date: 2021-09-03* - -Security --------- - -- bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to - get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This - copy is most used on Windows and macOS. - -- bpo-43124: Made the internal ``putcmd`` function in :mod:`smtplib` - sanitize input for presence of ``\r`` and ``\n`` characters to avoid - (unlikely) command injection. - -Library -------- - -- bpo-45001: Made email date parsing more robust against malformed input, - namely a whitespace-only ``Date:`` header. Patch by Wouter Bolsterlee. - - -What's New in Python 3.7.11 final? -================================== - -*Release date: 2021-06-28* - -Security --------- - -- bpo-44022: :mod:`http.client` now avoids infinitely reading potential HTTP - headers after a ``100 Continue`` status response from the server. - -- bpo-43882: The presence of newline or tab characters in parts of a URL - could allow some forms of attacks. - - Following the controlling specification for URLs defined by WHATWG - :func:`urllib.parse` now removes ASCII newlines and tabs from URLs, - preventing such attacks. - -- bpo-42988: CVE-2021-3426: Remove the ``getfile`` feature of the - :mod:`pydoc` module which could be abused to read arbitrary files on the - disk (directory traversal vulnerability). Moreover, even source code of - Python modules can contain sensitive data like passwords. Vulnerability - reported by David Schwörer. - -- bpo-43285: :mod:`ftplib` no longer trusts the IP address value returned - from the server in response to the PASV command by default. This prevents - a malicious FTP server from using the response to probe IPv4 address and - port combinations on the client network. - - Code that requires the former vulnerable behavior may set a - ``trust_server_pasv_ipv4_address`` attribute on their :class:`ftplib.FTP` - instances to ``True`` to re-enable it. - -- bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability - in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable - regex has quadratic worst-case complexity and it allows cause a denial of - service when identifying crafted invalid RFCs. This ReDoS issue is on the - client side and needs remote attackers to control the HTTP server. - -Core and Builtins ------------------ - -- bpo-43660: Fix crash that happens when replacing ``sys.stderr`` with a - callable that can remove the object while an exception is being printed. - Patch by Pablo Galindo. - -Tests ------ - -- bpo-41561: Add workaround for Ubuntu's custom OpenSSL security level - policy. - - What's New in Python 3.7.10 final? ================================== diff -Nru python3.7-3.7.12/Modules/expat/ascii.h python3.7-3.7.10/Modules/expat/ascii.h --- python3.7-3.7.12/Modules/expat/ascii.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/ascii.h 2021-02-16 01:29:22.000000000 +0000 @@ -6,11 +6,8 @@ \___/_/\_\ .__/ \__,_|\__| |_| XML parser - Copyright (c) 1999-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2002 Fred L. Drake, Jr. - Copyright (c) 2007 Karl Waclawek - Copyright (c) 2017 Sebastian Pipping + Copyright (c) 1997-2000 Thai Open Source Software Center Ltd + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff -Nru python3.7-3.7.12/Modules/expat/asciitab.h python3.7-3.7.10/Modules/expat/asciitab.h --- python3.7-3.7.12/Modules/expat/asciitab.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/asciitab.h 2021-02-16 01:29:22.000000000 +0000 @@ -7,9 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2002 Fred L. Drake, Jr. - Copyright (c) 2017 Sebastian Pipping + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff -Nru python3.7-3.7.12/Modules/expat/COPYING python3.7-3.7.10/Modules/expat/COPYING --- python3.7-3.7.12/Modules/expat/COPYING 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/COPYING 2021-02-16 01:29:22.000000000 +0000 @@ -1,5 +1,5 @@ Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper -Copyright (c) 2001-2019 Expat maintainers +Copyright (c) 2001-2017 Expat maintainers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff -Nru python3.7-3.7.12/Modules/expat/expat_external.h python3.7-3.7.10/Modules/expat/expat_external.h --- python3.7-3.7.12/Modules/expat/expat_external.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/expat_external.h 2021-02-16 01:29:22.000000000 +0000 @@ -7,14 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2000-2004 Fred L. Drake, Jr. - Copyright (c) 2001-2002 Greg Stein - Copyright (c) 2002-2006 Karl Waclawek - Copyright (c) 2016 Cristian Rodríguez - Copyright (c) 2016-2019 Sebastian Pipping - Copyright (c) 2017 Rhodri James - Copyright (c) 2018 Yury Gribov + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff -Nru python3.7-3.7.12/Modules/expat/expat.h python3.7-3.7.10/Modules/expat/expat.h --- python3.7-3.7.12/Modules/expat/expat.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/expat.h 2021-02-16 01:29:22.000000000 +0000 @@ -7,14 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2000-2005 Fred L. Drake, Jr. - Copyright (c) 2001-2002 Greg Stein - Copyright (c) 2002-2016 Karl Waclawek - Copyright (c) 2016-2021 Sebastian Pipping - Copyright (c) 2016 Cristian Rodríguez - Copyright (c) 2016 Thomas Beutlich - Copyright (c) 2017 Rhodri James + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -122,11 +115,7 @@ XML_ERROR_RESERVED_PREFIX_XMLNS, XML_ERROR_RESERVED_NAMESPACE_URI, /* Added in 2.2.1. */ - XML_ERROR_INVALID_ARGUMENT, - /* Added in 2.3.0. */ - XML_ERROR_NO_BUFFER, - /* Added in 2.4.0. */ - XML_ERROR_AMPLIFICATION_LIMIT_BREACH + XML_ERROR_INVALID_ARGUMENT }; enum XML_Content_Type { @@ -329,7 +318,7 @@ For internal entities (), value will be non-NULL and systemId, publicID, and notationName will be NULL. - The value string is NOT null-terminated; the length is provided in + The value string is NOT nul-terminated; the length is provided in the value_length argument. Since it is legal to have zero-length values, do not use this argument to test for internal entities. @@ -524,7 +513,7 @@ Otherwise it must return XML_STATUS_ERROR. If info does not describe a suitable encoding, then the parser will - return an XML_ERROR_UNKNOWN_ENCODING error. + return an XML_UNKNOWN_ENCODING error. */ typedef int(XMLCALL *XML_UnknownEncodingHandler)(void *encodingHandlerData, const XML_Char *name, @@ -718,7 +707,7 @@ /* Returns the number of the attribute/value pairs passed in last call to the XML_StartElementHandler that were specified in the start-tag rather than defaulted. Each attribute/value pair counts as 2; thus - this corresponds to an index into the atts array passed to the + this correspondds to an index into the atts array passed to the XML_StartElementHandler. Returns -1 if parser == NULL. */ XMLPARSEAPI(int) @@ -727,7 +716,7 @@ /* Returns the index of the ID attribute passed in the last call to XML_StartElementHandler, or -1 if there is no ID attribute or parser == NULL. Each attribute/value pair counts as 2; thus this - corresponds to an index into the atts array passed to the + correspondds to an index into the atts array passed to the XML_StartElementHandler. */ XMLPARSEAPI(int) @@ -1008,10 +997,7 @@ XML_FEATURE_SIZEOF_XML_LCHAR, XML_FEATURE_NS, XML_FEATURE_LARGE_SIZE, - XML_FEATURE_ATTR_INFO, - /* Added in Expat 2.4.0. */ - XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT, - XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT + XML_FEATURE_ATTR_INFO /* Additional features must be added to the end of this enum. */ }; @@ -1024,24 +1010,12 @@ XMLPARSEAPI(const XML_Feature *) XML_GetFeatureList(void); -#ifdef XML_DTD -/* Added in Expat 2.4.0. */ -XMLPARSEAPI(XML_Bool) -XML_SetBillionLaughsAttackProtectionMaximumAmplification( - XML_Parser parser, float maximumAmplificationFactor); - -/* Added in Expat 2.4.0. */ -XMLPARSEAPI(XML_Bool) -XML_SetBillionLaughsAttackProtectionActivationThreshold( - XML_Parser parser, unsigned long long activationThresholdBytes); -#endif - /* Expat follows the semantic versioning convention. See http://semver.org. */ #define XML_MAJOR_VERSION 2 -#define XML_MINOR_VERSION 4 -#define XML_MICRO_VERSION 1 +#define XML_MINOR_VERSION 2 +#define XML_MICRO_VERSION 8 #ifdef __cplusplus } diff -Nru python3.7-3.7.12/Modules/expat/iasciitab.h python3.7-3.7.10/Modules/expat/iasciitab.h --- python3.7-3.7.12/Modules/expat/iasciitab.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/iasciitab.h 2021-02-16 01:29:22.000000000 +0000 @@ -7,9 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2002 Fred L. Drake, Jr. - Copyright (c) 2017 Sebastian Pipping + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff -Nru python3.7-3.7.12/Modules/expat/internal.h python3.7-3.7.10/Modules/expat/internal.h --- python3.7-3.7.12/Modules/expat/internal.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/internal.h 2021-02-16 01:29:22.000000000 +0000 @@ -25,12 +25,8 @@ \___/_/\_\ .__/ \__,_|\__| |_| XML parser - Copyright (c) 2002-2003 Fred L. Drake, Jr. - Copyright (c) 2002-2006 Karl Waclawek - Copyright (c) 2003 Greg Stein - Copyright (c) 2016-2021 Sebastian Pipping - Copyright (c) 2018 Yury Gribov - Copyright (c) 2019 David Loffredo + Copyright (c) 1997-2000 Thai Open Source Software Center Ltd + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -105,58 +101,22 @@ # endif #endif -#include // ULONG_MAX - -#if defined(_WIN32) && ! defined(__USE_MINGW_ANSI_STDIO) -# define EXPAT_FMT_ULL(midpart) "%" midpart "I64u" -# if defined(_WIN64) // Note: modifiers "td" and "zu" do not work for MinGW -# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "I64d" -# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "I64u" -# else -# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d" -# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "u" -# endif -#else -# define EXPAT_FMT_ULL(midpart) "%" midpart "llu" -# if ! defined(ULONG_MAX) -# error Compiler did not define ULONG_MAX for us -# elif ULONG_MAX == 18446744073709551615u // 2^64-1 -# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "ld" -# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "lu" -# else -# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d" -# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "u" -# endif -#endif - #ifndef UNUSED_P # define UNUSED_P(p) (void)p #endif -/* NOTE BEGIN If you ever patch these defaults to greater values - for non-attack XML payload in your environment, - please file a bug report with libexpat. Thank you! -*/ -#define EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT \ - 100.0f -#define EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT \ - 8388608 // 8 MiB, 2^23 -/* NOTE END */ - -#include "expat.h" // so we can use type XML_Parser below - #ifdef __cplusplus extern "C" { #endif -void _INTERNAL_trim_to_complete_utf8_characters(const char *from, - const char **fromLimRef); - -#if defined(XML_DTD) -unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser); -unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser); -const char *unsignedCharToPrintable(unsigned char c); +#ifdef XML_ENABLE_VISIBILITY +# if XML_ENABLE_VISIBILITY +__attribute__((visibility("default"))) +# endif #endif +void +_INTERNAL_trim_to_complete_utf8_characters(const char *from, + const char **fromLimRef); #ifdef __cplusplus } diff -Nru python3.7-3.7.12/Modules/expat/latin1tab.h python3.7-3.7.10/Modules/expat/latin1tab.h --- python3.7-3.7.12/Modules/expat/latin1tab.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/latin1tab.h 2021-02-16 01:29:22.000000000 +0000 @@ -7,9 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2002 Fred L. Drake, Jr. - Copyright (c) 2017 Sebastian Pipping + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff -Nru python3.7-3.7.12/Modules/expat/nametab.h python3.7-3.7.10/Modules/expat/nametab.h --- python3.7-3.7.12/Modules/expat/nametab.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/nametab.h 2021-02-16 01:29:22.000000000 +0000 @@ -6,8 +6,8 @@ \___/_/\_\ .__/ \__,_|\__| |_| XML parser - Copyright (c) 2000 Clark Cooper - Copyright (c) 2017 Sebastian Pipping + Copyright (c) 1997-2000 Thai Open Source Software Center Ltd + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff -Nru python3.7-3.7.12/Modules/expat/siphash.h python3.7-3.7.10/Modules/expat/siphash.h --- python3.7-3.7.12/Modules/expat/siphash.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/siphash.h 2021-02-16 01:29:22.000000000 +0000 @@ -11,9 +11,6 @@ * -------------------------------------------------------------------------- * HISTORY: * - * 2020-10-03 (Sebastian Pipping) - * - Drop support for Visual Studio 9.0/2008 and earlier - * * 2019-08-03 (Sebastian Pipping) * - Mark part of sip24_valid as to be excluded from clang-format * - Re-format code using clang-format 9 @@ -99,7 +96,15 @@ #define SIPHASH_H #include /* size_t */ -#include /* uint64_t uint32_t uint8_t */ + +#if defined(_WIN32) && defined(_MSC_VER) && (_MSC_VER < 1600) +/* For vs2003/7.1 up to vs2008/9.0; _MSC_VER 1600 is vs2010/10.0 */ +typedef unsigned __int8 uint8_t; +typedef unsigned __int32 uint32_t; +typedef unsigned __int64 uint64_t; +#else +# include /* uint64_t uint32_t uint8_t */ +#endif /* * Workaround to not require a C++11 compiler for using ULL suffix diff -Nru python3.7-3.7.12/Modules/expat/utf8tab.h python3.7-3.7.10/Modules/expat/utf8tab.h --- python3.7-3.7.12/Modules/expat/utf8tab.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/utf8tab.h 2021-02-16 01:29:22.000000000 +0000 @@ -7,9 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2002 Fred L. Drake, Jr. - Copyright (c) 2017 Sebastian Pipping + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff -Nru python3.7-3.7.12/Modules/expat/winconfig.h python3.7-3.7.10/Modules/expat/winconfig.h --- python3.7-3.7.12/Modules/expat/winconfig.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/winconfig.h 2021-02-16 01:29:22.000000000 +0000 @@ -6,10 +6,8 @@ \___/_/\_\ .__/ \__,_|\__| |_| XML parser - Copyright (c) 2000 Clark Cooper - Copyright (c) 2002 Greg Stein - Copyright (c) 2005 Karl Waclawek - Copyright (c) 2017-2021 Sebastian Pipping + Copyright (c) 1997-2000 Thai Open Source Software Center Ltd + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -42,4 +40,17 @@ #include #include +#if defined(HAVE_EXPAT_CONFIG_H) /* e.g. MinGW */ +# include +#else /* !defined(HAVE_EXPAT_CONFIG_H) */ + +# define XML_NS 1 +# define XML_DTD 1 +# define XML_CONTEXT_BYTES 1024 + +/* we will assume all Windows platforms are little endian */ +# define BYTEORDER 1234 + +#endif /* !defined(HAVE_EXPAT_CONFIG_H) */ + #endif /* ndef WINCONFIG_H */ diff -Nru python3.7-3.7.12/Modules/expat/xmlparse.c python3.7-3.7.10/Modules/expat/xmlparse.c --- python3.7-3.7.12/Modules/expat/xmlparse.c 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/xmlparse.c 2021-02-16 01:29:22.000000000 +0000 @@ -1,4 +1,4 @@ -/* 8539b9040d9d901366a62560a064af7cb99811335784b363abc039c5b0ebc416 (2.4.1+) +/* f2d0ab6d1d4422a08cf1cf3bbdfba96b49dea42fb5ff4615e03a2a25c306e769 (2.2.8+) __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| @@ -7,31 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2000-2006 Fred L. Drake, Jr. - Copyright (c) 2001-2002 Greg Stein - Copyright (c) 2002-2016 Karl Waclawek - Copyright (c) 2005-2009 Steven Solie - Copyright (c) 2016 Eric Rahm - Copyright (c) 2016-2021 Sebastian Pipping - Copyright (c) 2016 Gaurav - Copyright (c) 2016 Thomas Beutlich - Copyright (c) 2016 Gustavo Grieco - Copyright (c) 2016 Pascal Cuoq - Copyright (c) 2016 Ed Schouten - Copyright (c) 2017-2018 Rhodri James - Copyright (c) 2017 Václav Slavík - Copyright (c) 2017 Viktor Szakats - Copyright (c) 2017 Chanho Park - Copyright (c) 2017 Rolf Eike Beer - Copyright (c) 2017 Hans Wennborg - Copyright (c) 2018 Anton Maklakov - Copyright (c) 2018 Benjamin Peterson - Copyright (c) 2018 Marco Maggi - Copyright (c) 2018 Mariusz Zaborski - Copyright (c) 2019 David Loffredo - Copyright (c) 2019-2020 Ben Wagner - Copyright (c) 2019 Vadim Zeitlin + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -60,9 +36,7 @@ #ifdef _WIN32 /* force stdlib to define rand_s() */ -# if ! defined(_CRT_RAND_S) -# define _CRT_RAND_S -# endif +# define _CRT_RAND_S #endif #include @@ -71,8 +45,6 @@ #include /* UINT_MAX */ #include /* fprintf */ #include /* getenv, rand_s */ -#include /* uintptr_t */ -#include /* isnan */ #ifdef _WIN32 # define getpid GetCurrentProcessId @@ -88,9 +60,9 @@ #ifdef _WIN32 # include "winconfig.h" -#endif - -#include +#elif defined(HAVE_EXPAT_CONFIG_H) +# include +#endif /* ndef _WIN32 */ #include "ascii.h" #include "expat.h" @@ -125,14 +97,14 @@ enabled. For end user security, that is probably not what you want. \ \ Your options include: \ - * Linux >=3.17 + glibc >=2.25 (getrandom): HAVE_GETRANDOM, \ - * Linux >=3.17 + glibc (including <2.25) (syscall SYS_getrandom): HAVE_SYSCALL_GETRANDOM, \ + * Linux + glibc >=2.25 (getrandom): HAVE_GETRANDOM, \ + * Linux + glibc <2.25 (syscall SYS_getrandom): HAVE_SYSCALL_GETRANDOM, \ * BSD / macOS >=10.7 (arc4random_buf): HAVE_ARC4RANDOM_BUF, \ - * BSD / macOS (including <10.7) (arc4random): HAVE_ARC4RANDOM, \ + * BSD / macOS <10.7 (arc4random): HAVE_ARC4RANDOM, \ * libbsd (arc4random_buf): HAVE_ARC4RANDOM_BUF + HAVE_LIBBSD, \ * libbsd (arc4random): HAVE_ARC4RANDOM + HAVE_LIBBSD, \ - * Linux (including <3.17) / BSD / macOS (including <10.7) (/dev/urandom): XML_DEV_URANDOM, \ - * Windows >=Vista (rand_s): _WIN32. \ + * Linux / BSD / macOS (/dev/urandom): XML_DEV_URANDOM \ + * Windows (rand_s): _WIN32. \ \ If insist on not using any of these, bypass this error by defining \ XML_POOR_ENTROPY; you have been warned. \ @@ -147,7 +119,9 @@ # define XmlGetInternalEncoding XmlGetUtf16InternalEncoding # define XmlGetInternalEncodingNS XmlGetUtf16InternalEncodingNS # define XmlEncode XmlUtf16Encode -# define MUST_CONVERT(enc, s) (! (enc)->isUtf16 || (((uintptr_t)(s)) & 1)) +/* Using pointer subtraction to convert to integer type. */ +# define MUST_CONVERT(enc, s) \ + (! (enc)->isUtf16 || (((char *)(s) - (char *)NULL) & 1)) typedef unsigned short ICHAR; #else # define XML_ENCODE_MAX XML_UTF8_ENCODE_MAX @@ -397,31 +371,6 @@ XML_Bool betweenDecl; /* WFC: PE Between Declarations */ } OPEN_INTERNAL_ENTITY; -enum XML_Account { - XML_ACCOUNT_DIRECT, /* bytes directly passed to the Expat parser */ - XML_ACCOUNT_ENTITY_EXPANSION, /* intermediate bytes produced during entity - expansion */ - XML_ACCOUNT_NONE /* i.e. do not account, was accounted already */ -}; - -#ifdef XML_DTD -typedef unsigned long long XmlBigCount; -typedef struct accounting { - XmlBigCount countBytesDirect; - XmlBigCount countBytesIndirect; - int debugLevel; - float maximumAmplificationFactor; // >=1.0 - unsigned long long activationThresholdBytes; -} ACCOUNTING; - -typedef struct entity_stats { - unsigned int countEverOpened; - unsigned int currentDepth; - unsigned int maximumDepthSeen; - int debugLevel; -} ENTITY_STATS; -#endif /* XML_DTD */ - typedef enum XML_Error PTRCALL Processor(XML_Parser parser, const char *start, const char *end, const char **endPtr); @@ -452,18 +401,16 @@ static enum XML_Error doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, int tok, const char *next, const char **nextPtr, - XML_Bool haveMore, XML_Bool allowClosingDoctype, - enum XML_Account account); + XML_Bool haveMore, XML_Bool allowClosingDoctype); static enum XML_Error processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl); static enum XML_Error doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, const char *start, const char *end, const char **endPtr, - XML_Bool haveMore, enum XML_Account account); + XML_Bool haveMore); static enum XML_Error doCdataSection(XML_Parser parser, const ENCODING *, const char **startPtr, const char *end, - const char **nextPtr, XML_Bool haveMore, - enum XML_Account account); + const char **nextPtr, XML_Bool haveMore); #ifdef XML_DTD static enum XML_Error doIgnoreSection(XML_Parser parser, const ENCODING *, const char **startPtr, const char *end, @@ -473,8 +420,7 @@ static void freeBindings(XML_Parser parser, BINDING *bindings); static enum XML_Error storeAtts(XML_Parser parser, const ENCODING *, const char *s, TAG_NAME *tagNamePtr, - BINDING **bindingsPtr, - enum XML_Account account); + BINDING **bindingsPtr); static enum XML_Error addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId, const XML_Char *uri, BINDING **bindingsPtr); @@ -483,18 +429,15 @@ XML_Parser parser); static enum XML_Error storeAttributeValue(XML_Parser parser, const ENCODING *, XML_Bool isCdata, const char *, - const char *, STRING_POOL *, - enum XML_Account account); + const char *, STRING_POOL *); static enum XML_Error appendAttributeValue(XML_Parser parser, const ENCODING *, XML_Bool isCdata, const char *, - const char *, STRING_POOL *, - enum XML_Account account); + const char *, STRING_POOL *); static ATTRIBUTE_ID *getAttributeId(XML_Parser parser, const ENCODING *enc, const char *start, const char *end); static int setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *); static enum XML_Error storeEntityValue(XML_Parser parser, const ENCODING *enc, - const char *start, const char *end, - enum XML_Account account); + const char *start, const char *end); static int reportProcessingInstruction(XML_Parser parser, const ENCODING *enc, const char *start, const char *end); static int reportComment(XML_Parser parser, const ENCODING *enc, @@ -558,34 +501,6 @@ static void parserInit(XML_Parser parser, const XML_Char *encodingName); -#ifdef XML_DTD -static float accountingGetCurrentAmplification(XML_Parser rootParser); -static void accountingReportStats(XML_Parser originParser, const char *epilog); -static void accountingOnAbort(XML_Parser originParser); -static void accountingReportDiff(XML_Parser rootParser, - unsigned int levelsAwayFromRootParser, - const char *before, const char *after, - ptrdiff_t bytesMore, int source_line, - enum XML_Account account); -static XML_Bool accountingDiffTolerated(XML_Parser originParser, int tok, - const char *before, const char *after, - int source_line, - enum XML_Account account); - -static void entityTrackingReportStats(XML_Parser parser, ENTITY *entity, - const char *action, int sourceLine); -static void entityTrackingOnOpen(XML_Parser parser, ENTITY *entity, - int sourceLine); -static void entityTrackingOnClose(XML_Parser parser, ENTITY *entity, - int sourceLine); - -static XML_Parser getRootParserOf(XML_Parser parser, - unsigned int *outLevelDiff); -#endif /* XML_DTD */ - -static unsigned long getDebugLevel(const char *variableName, - unsigned long defaultDebugLevel); - #define poolStart(pool) ((pool)->start) #define poolEnd(pool) ((pool)->ptr) #define poolLength(pool) ((pool)->ptr - (pool)->start) @@ -699,10 +614,6 @@ enum XML_ParamEntityParsing m_paramEntityParsing; #endif unsigned long m_hash_secret_salt; -#ifdef XML_DTD - ACCOUNTING m_accounting; - ENTITY_STATS m_entity_stats; -#endif }; #define MALLOC(parser, s) (parser->m_mem.malloc_fcn((s))) @@ -823,15 +734,6 @@ #ifdef _WIN32 -/* Provide declaration of rand_s() for MinGW-32 (not 64, which has it), - as it didn't declare it in its header prior to version 5.3.0 of its - runtime package (mingwrt, containing stdlib.h). The upstream fix - was introduced at https://osdn.net/projects/mingw/ticket/39658 . */ -# if defined(__MINGW32__) && defined(__MINGW32_VERSION) \ - && __MINGW32_VERSION < 5003000L && ! defined(__MINGW64_VERSION_MAJOR) -__declspec(dllimport) int rand_s(unsigned int *); -# endif - /* Obtain entropy on Windows using the rand_s() function which * generates cryptographically secure random numbers. Internally it * uses RtlGenRandom API which is present in Windows XP and later. @@ -887,8 +789,9 @@ static unsigned long ENTROPY_DEBUG(const char *label, unsigned long entropy) { - if (getDebugLevel("EXPAT_ENTROPY_DEBUG", 0) >= 1u) { - fprintf(stderr, "expat: Entropy: %s --> 0x%0*lx (%lu bytes)\n", label, + const char *const EXPAT_ENTROPY_DEBUG = getenv("EXPAT_ENTROPY_DEBUG"); + if (EXPAT_ENTROPY_DEBUG && ! strcmp(EXPAT_ENTROPY_DEBUG, "1")) { + fprintf(stderr, "Entropy: %s --> 0x%0*lx (%lu bytes)\n", label, (int)sizeof(entropy) * 2, entropy, (unsigned long)sizeof(entropy)); } return entropy; @@ -1150,18 +1053,6 @@ parser->m_paramEntityParsing = XML_PARAM_ENTITY_PARSING_NEVER; #endif parser->m_hash_secret_salt = 0; - -#ifdef XML_DTD - memset(&parser->m_accounting, 0, sizeof(ACCOUNTING)); - parser->m_accounting.debugLevel = getDebugLevel("EXPAT_ACCOUNTING_DEBUG", 0u); - parser->m_accounting.maximumAmplificationFactor - = EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT; - parser->m_accounting.activationThresholdBytes - = EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT; - - memset(&parser->m_entity_stats, 0, sizeof(ENTITY_STATS)); - parser->m_entity_stats.debugLevel = getDebugLevel("EXPAT_ENTITY_DEBUG", 0u); -#endif } /* moves list of bindings to m_freeBindingList */ @@ -1508,7 +1399,6 @@ parser->m_useForeignDTD = useDTD; return XML_ERROR_NONE; #else - UNUSED_P(useDTD); return XML_ERROR_FEATURE_REQUIRES_XML_DTD; #endif } @@ -1890,7 +1780,7 @@ int nLeftOver; enum XML_Status result; /* Detect overflow (a+b > MAX <==> b > MAX-a) */ - if ((XML_Size)len > ((XML_Size)-1) / 2 - parser->m_parseEndByteIndex) { + if (len > ((XML_Size)-1) / 2 - parser->m_parseEndByteIndex) { parser->m_errorCode = XML_ERROR_NO_MEMORY; parser->m_eventPtr = parser->m_eventEndPtr = NULL; parser->m_processor = errorProcessor; @@ -1982,12 +1872,6 @@ parser->m_errorCode = XML_ERROR_FINISHED; return XML_STATUS_ERROR; case XML_INITIALIZED: - /* Has someone called XML_GetBuffer successfully before? */ - if (! parser->m_bufferPtr) { - parser->m_errorCode = XML_ERROR_NO_BUFFER; - return XML_STATUS_ERROR; - } - if (parser->m_parentParser == NULL && ! startParsing(parser)) { parser->m_errorCode = XML_ERROR_NO_MEMORY; return XML_STATUS_ERROR; @@ -2271,7 +2155,7 @@ (void)offset; (void)size; #endif /* defined XML_CONTEXT_BYTES */ - return (const char *)0; + return (char *)0; } XML_Size XMLCALL @@ -2432,14 +2316,6 @@ /* Added in 2.2.5. */ case XML_ERROR_INVALID_ARGUMENT: /* Constant added in 2.2.1, already */ return XML_L("invalid argument"); - /* Added in 2.3.0. */ - case XML_ERROR_NO_BUFFER: - return XML_L( - "a successful prior call to function XML_GetBuffer is required"); - /* Added in 2.4.0. */ - case XML_ERROR_AMPLIFICATION_LIMIT_BREACH: - return XML_L( - "limit on input amplification factor (from DTD and entities) breached"); } return NULL; } @@ -2476,75 +2352,41 @@ const XML_Feature *XMLCALL XML_GetFeatureList(void) { - static const XML_Feature features[] = { - {XML_FEATURE_SIZEOF_XML_CHAR, XML_L("sizeof(XML_Char)"), - sizeof(XML_Char)}, - {XML_FEATURE_SIZEOF_XML_LCHAR, XML_L("sizeof(XML_LChar)"), - sizeof(XML_LChar)}, + static const XML_Feature features[] + = {{XML_FEATURE_SIZEOF_XML_CHAR, XML_L("sizeof(XML_Char)"), + sizeof(XML_Char)}, + {XML_FEATURE_SIZEOF_XML_LCHAR, XML_L("sizeof(XML_LChar)"), + sizeof(XML_LChar)}, #ifdef XML_UNICODE - {XML_FEATURE_UNICODE, XML_L("XML_UNICODE"), 0}, + {XML_FEATURE_UNICODE, XML_L("XML_UNICODE"), 0}, #endif #ifdef XML_UNICODE_WCHAR_T - {XML_FEATURE_UNICODE_WCHAR_T, XML_L("XML_UNICODE_WCHAR_T"), 0}, + {XML_FEATURE_UNICODE_WCHAR_T, XML_L("XML_UNICODE_WCHAR_T"), 0}, #endif #ifdef XML_DTD - {XML_FEATURE_DTD, XML_L("XML_DTD"), 0}, + {XML_FEATURE_DTD, XML_L("XML_DTD"), 0}, #endif #ifdef XML_CONTEXT_BYTES - {XML_FEATURE_CONTEXT_BYTES, XML_L("XML_CONTEXT_BYTES"), - XML_CONTEXT_BYTES}, + {XML_FEATURE_CONTEXT_BYTES, XML_L("XML_CONTEXT_BYTES"), + XML_CONTEXT_BYTES}, #endif #ifdef XML_MIN_SIZE - {XML_FEATURE_MIN_SIZE, XML_L("XML_MIN_SIZE"), 0}, + {XML_FEATURE_MIN_SIZE, XML_L("XML_MIN_SIZE"), 0}, #endif #ifdef XML_NS - {XML_FEATURE_NS, XML_L("XML_NS"), 0}, + {XML_FEATURE_NS, XML_L("XML_NS"), 0}, #endif #ifdef XML_LARGE_SIZE - {XML_FEATURE_LARGE_SIZE, XML_L("XML_LARGE_SIZE"), 0}, + {XML_FEATURE_LARGE_SIZE, XML_L("XML_LARGE_SIZE"), 0}, #endif #ifdef XML_ATTR_INFO - {XML_FEATURE_ATTR_INFO, XML_L("XML_ATTR_INFO"), 0}, + {XML_FEATURE_ATTR_INFO, XML_L("XML_ATTR_INFO"), 0}, #endif -#ifdef XML_DTD - /* Added in Expat 2.4.0. */ - {XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT, - XML_L("XML_BLAP_MAX_AMP"), - (long int) - EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT}, - {XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT, - XML_L("XML_BLAP_ACT_THRES"), - EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT}, -#endif - {XML_FEATURE_END, NULL, 0}}; + {XML_FEATURE_END, NULL, 0}}; return features; } -#ifdef XML_DTD -XML_Bool XMLCALL -XML_SetBillionLaughsAttackProtectionMaximumAmplification( - XML_Parser parser, float maximumAmplificationFactor) { - if ((parser == NULL) || (parser->m_parentParser != NULL) - || isnan(maximumAmplificationFactor) - || (maximumAmplificationFactor < 1.0f)) { - return XML_FALSE; - } - parser->m_accounting.maximumAmplificationFactor = maximumAmplificationFactor; - return XML_TRUE; -} - -XML_Bool XMLCALL -XML_SetBillionLaughsAttackProtectionActivationThreshold( - XML_Parser parser, unsigned long long activationThresholdBytes) { - if ((parser == NULL) || (parser->m_parentParser != NULL)) { - return XML_FALSE; - } - parser->m_accounting.activationThresholdBytes = activationThresholdBytes; - return XML_TRUE; -} -#endif /* XML_DTD */ - /* Initially tag->rawName always points into the parse buffer; for those TAG instances opened while the current parse buffer was processed, and not yet closed, we need to store tag->rawName in a more @@ -2597,9 +2439,9 @@ static enum XML_Error PTRCALL contentProcessor(XML_Parser parser, const char *start, const char *end, const char **endPtr) { - enum XML_Error result = doContent( - parser, 0, parser->m_encoding, start, end, endPtr, - (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_ACCOUNT_DIRECT); + enum XML_Error result + = doContent(parser, 0, parser->m_encoding, start, end, endPtr, + (XML_Bool)! parser->m_parsingStatus.finalBuffer); if (result == XML_ERROR_NONE) { if (! storeRawNames(parser)) return XML_ERROR_NO_MEMORY; @@ -2624,14 +2466,6 @@ int tok = XmlContentTok(parser->m_encoding, start, end, &next); switch (tok) { case XML_TOK_BOM: -#ifdef XML_DTD - if (! accountingDiffTolerated(parser, tok, start, next, __LINE__, - XML_ACCOUNT_DIRECT)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - } -#endif /* XML_DTD */ - /* If we are at the end of the buffer, this would cause the next stage, i.e. externalEntityInitProcessor3, to pass control directly to doContent (by detecting XML_TOK_NONE) without processing any xml text @@ -2669,10 +2503,6 @@ const char *next = start; /* XmlContentTok doesn't always set the last arg */ parser->m_eventPtr = start; tok = XmlContentTok(parser->m_encoding, start, end, &next); - /* Note: These bytes are accounted later in: - - processXmlDecl - - externalEntityContentProcessor - */ parser->m_eventEndPtr = next; switch (tok) { @@ -2714,8 +2544,7 @@ const char *end, const char **endPtr) { enum XML_Error result = doContent(parser, 1, parser->m_encoding, start, end, endPtr, - (XML_Bool)! parser->m_parsingStatus.finalBuffer, - XML_ACCOUNT_ENTITY_EXPANSION); + (XML_Bool)! parser->m_parsingStatus.finalBuffer); if (result == XML_ERROR_NONE) { if (! storeRawNames(parser)) return XML_ERROR_NO_MEMORY; @@ -2726,7 +2555,7 @@ static enum XML_Error doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, const char *s, const char *end, const char **nextPtr, - XML_Bool haveMore, enum XML_Account account) { + XML_Bool haveMore) { /* save one level of indirection */ DTD *const dtd = parser->m_dtd; @@ -2744,17 +2573,6 @@ for (;;) { const char *next = s; /* XmlContentTok doesn't always set the last arg */ int tok = XmlContentTok(enc, s, end, &next); -#ifdef XML_DTD - const char *accountAfter - = ((tok == XML_TOK_TRAILING_RSQB) || (tok == XML_TOK_TRAILING_CR)) - ? (haveMore ? s /* i.e. 0 bytes */ : end) - : next; - if (! accountingDiffTolerated(parser, tok, s, accountAfter, __LINE__, - account)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - } -#endif *eventEndPP = next; switch (tok) { case XML_TOK_TRAILING_CR: @@ -2810,14 +2628,6 @@ XML_Char ch = (XML_Char)XmlPredefinedEntityName( enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (ch) { -#ifdef XML_DTD - /* NOTE: We are replacing 4-6 characters original input for 1 character - * so there is no amplification and hence recording without - * protection. */ - accountingDiffTolerated(parser, tok, (char *)&ch, - ((char *)&ch) + sizeof(XML_Char), __LINE__, - XML_ACCOUNT_ENTITY_EXPANSION); -#endif /* XML_DTD */ if (parser->m_characterDataHandler) parser->m_characterDataHandler(parser->m_handlerArg, &ch, 1); else if (parser->m_defaultHandler) @@ -2936,8 +2746,7 @@ } tag->name.str = (XML_Char *)tag->buf; *toPtr = XML_T('\0'); - result - = storeAtts(parser, enc, s, &(tag->name), &(tag->bindings), account); + result = storeAtts(parser, enc, s, &(tag->name), &(tag->bindings)); if (result) return result; if (parser->m_startElementHandler) @@ -2961,8 +2770,7 @@ if (! name.str) return XML_ERROR_NO_MEMORY; poolFinish(&parser->m_tempPool); - result = storeAtts(parser, enc, s, &name, &bindings, - XML_ACCOUNT_NONE /* token spans whole start tag */); + result = storeAtts(parser, enc, s, &name, &bindings); if (result != XML_ERROR_NONE) { freeBindings(parser, bindings); return result; @@ -3097,8 +2905,7 @@ /* END disabled code */ else if (parser->m_defaultHandler) reportDefault(parser, enc, s, next); - result - = doCdataSection(parser, enc, &next, end, nextPtr, haveMore, account); + result = doCdataSection(parser, enc, &next, end, nextPtr, haveMore); if (result != XML_ERROR_NONE) return result; else if (! next) { @@ -3227,8 +3034,7 @@ */ static enum XML_Error storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, - TAG_NAME *tagNamePtr, BINDING **bindingsPtr, - enum XML_Account account) { + TAG_NAME *tagNamePtr, BINDING **bindingsPtr) { DTD *const dtd = parser->m_dtd; /* save one level of indirection */ ELEMENT_TYPE *elementType; int nDefaultAtts; @@ -3338,7 +3144,7 @@ /* normalize the attribute value */ result = storeAttributeValue( parser, enc, isCdata, parser->m_atts[i].valuePtr, - parser->m_atts[i].valueEnd, &parser->m_tempPool, account); + parser->m_atts[i].valueEnd, &parser->m_tempPool); if (result) return result; appAtts[attIndex] = poolStart(&parser->m_tempPool); @@ -3727,9 +3533,9 @@ static enum XML_Error PTRCALL cdataSectionProcessor(XML_Parser parser, const char *start, const char *end, const char **endPtr) { - enum XML_Error result = doCdataSection( - parser, parser->m_encoding, &start, end, endPtr, - (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_ACCOUNT_DIRECT); + enum XML_Error result + = doCdataSection(parser, parser->m_encoding, &start, end, endPtr, + (XML_Bool)! parser->m_parsingStatus.finalBuffer); if (result != XML_ERROR_NONE) return result; if (start) { @@ -3749,8 +3555,7 @@ */ static enum XML_Error doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr, - const char *end, const char **nextPtr, XML_Bool haveMore, - enum XML_Account account) { + const char *end, const char **nextPtr, XML_Bool haveMore) { const char *s = *startPtr; const char **eventPP; const char **eventEndPP; @@ -3766,16 +3571,8 @@ *startPtr = NULL; for (;;) { - const char *next = s; /* in case of XML_TOK_NONE or XML_TOK_PARTIAL */ + const char *next; int tok = XmlCdataSectionTok(enc, s, end, &next); -#ifdef XML_DTD - if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, account)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - } -#else - UNUSED_P(account); -#endif *eventEndPP = next; switch (tok) { case XML_TOK_CDATA_SECT_CLOSE: @@ -3892,7 +3689,7 @@ static enum XML_Error doIgnoreSection(XML_Parser parser, const ENCODING *enc, const char **startPtr, const char *end, const char **nextPtr, XML_Bool haveMore) { - const char *next = *startPtr; /* in case of XML_TOK_NONE or XML_TOK_PARTIAL */ + const char *next; int tok; const char *s = *startPtr; const char **eventPP; @@ -3920,13 +3717,6 @@ *eventPP = s; *startPtr = NULL; tok = XmlIgnoreSectionTok(enc, s, end, &next); -# ifdef XML_DTD - if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, - XML_ACCOUNT_DIRECT)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - } -# endif *eventEndPP = next; switch (tok) { case XML_TOK_IGNORE_SECT: @@ -4011,15 +3801,6 @@ const char *versionend; const XML_Char *storedversion = NULL; int standalone = -1; - -#ifdef XML_DTD - if (! accountingDiffTolerated(parser, XML_TOK_XML_DECL, s, next, __LINE__, - XML_ACCOUNT_DIRECT)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - } -#endif - if (! (parser->m_ns ? XmlParseXmlDeclNS : XmlParseXmlDecl)( isGeneralTextEntity, parser->m_encoding, s, next, &parser->m_eventPtr, &version, &versionend, &encodingName, &newEncoding, &standalone)) { @@ -4169,10 +3950,6 @@ for (;;) { tok = XmlPrologTok(parser->m_encoding, start, end, &next); - /* Note: Except for XML_TOK_BOM below, these bytes are accounted later in: - - storeEntityValue - - processXmlDecl - */ parser->m_eventEndPtr = next; if (tok <= 0) { if (! parser->m_parsingStatus.finalBuffer && tok != XML_TOK_INVALID) { @@ -4191,8 +3968,7 @@ break; } /* found end of entity value - can store it now */ - return storeEntityValue(parser, parser->m_encoding, s, end, - XML_ACCOUNT_DIRECT); + return storeEntityValue(parser, parser->m_encoding, s, end); } else if (tok == XML_TOK_XML_DECL) { enum XML_Error result; result = processXmlDecl(parser, 0, start, next); @@ -4219,14 +3995,6 @@ */ else if (tok == XML_TOK_BOM && next == end && ! parser->m_parsingStatus.finalBuffer) { -# ifdef XML_DTD - if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, - XML_ACCOUNT_DIRECT)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - } -# endif - *nextPtr = next; return XML_ERROR_NONE; } @@ -4269,24 +4037,16 @@ } /* This would cause the next stage, i.e. doProlog to be passed XML_TOK_BOM. However, when parsing an external subset, doProlog will not accept a BOM - as valid, and report a syntax error, so we have to skip the BOM, and - account for the BOM bytes. + as valid, and report a syntax error, so we have to skip the BOM */ else if (tok == XML_TOK_BOM) { - if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, - XML_ACCOUNT_DIRECT)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - } - s = next; tok = XmlPrologTok(parser->m_encoding, s, end, &next); } parser->m_processor = prologProcessor; return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, - (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE, - XML_ACCOUNT_DIRECT); + (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE); } static enum XML_Error PTRCALL @@ -4299,9 +4059,6 @@ for (;;) { tok = XmlPrologTok(enc, start, end, &next); - /* Note: These bytes are accounted later in: - - storeEntityValue - */ if (tok <= 0) { if (! parser->m_parsingStatus.finalBuffer && tok != XML_TOK_INVALID) { *nextPtr = s; @@ -4319,7 +4076,7 @@ break; } /* found end of entity value - can store it now */ - return storeEntityValue(parser, enc, s, end, XML_ACCOUNT_DIRECT); + return storeEntityValue(parser, enc, s, end); } start = next; } @@ -4333,14 +4090,13 @@ const char *next = s; int tok = XmlPrologTok(parser->m_encoding, s, end, &next); return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, - (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE, - XML_ACCOUNT_DIRECT); + (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE); } static enum XML_Error doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, int tok, const char *next, const char **nextPtr, XML_Bool haveMore, - XML_Bool allowClosingDoctype, enum XML_Account account) { + XML_Bool allowClosingDoctype) { #ifdef XML_DTD static const XML_Char externalSubsetName[] = {ASCII_HASH, '\0'}; #endif /* XML_DTD */ @@ -4367,10 +4123,6 @@ static const XML_Char enumValueSep[] = {ASCII_PIPE, '\0'}; static const XML_Char enumValueStart[] = {ASCII_LPAREN, '\0'}; -#ifndef XML_DTD - UNUSED_P(account); -#endif - /* save one level of indirection */ DTD *const dtd = parser->m_dtd; @@ -4435,19 +4187,6 @@ } } role = XmlTokenRole(&parser->m_prologState, tok, s, next, enc); -#ifdef XML_DTD - switch (role) { - case XML_ROLE_INSTANCE_START: // bytes accounted in contentProcessor - case XML_ROLE_XML_DECL: // bytes accounted in processXmlDecl - case XML_ROLE_TEXT_DECL: // bytes accounted in processXmlDecl - break; - default: - if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, account)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - } - } -#endif switch (role) { case XML_ROLE_XML_DECL: { enum XML_Error result = processXmlDecl(parser, 0, s, next); @@ -4723,8 +4462,7 @@ const XML_Char *attVal; enum XML_Error result = storeAttributeValue( parser, enc, parser->m_declAttributeIsCdata, - s + enc->minBytesPerChar, next - enc->minBytesPerChar, &dtd->pool, - XML_ACCOUNT_NONE); + s + enc->minBytesPerChar, next - enc->minBytesPerChar, &dtd->pool); if (result) return result; attVal = poolStart(&dtd->pool); @@ -4757,9 +4495,8 @@ break; case XML_ROLE_ENTITY_VALUE: if (dtd->keepProcessing) { - enum XML_Error result - = storeEntityValue(parser, enc, s + enc->minBytesPerChar, - next - enc->minBytesPerChar, XML_ACCOUNT_NONE); + enum XML_Error result = storeEntityValue( + parser, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (parser->m_declEntity) { parser->m_declEntity->textPtr = poolStart(&dtd->entityValuePool); parser->m_declEntity->textLen @@ -5149,15 +4886,12 @@ if (parser->m_externalEntityRefHandler) { dtd->paramEntityRead = XML_FALSE; entity->open = XML_TRUE; - entityTrackingOnOpen(parser, entity, __LINE__); if (! parser->m_externalEntityRefHandler( parser->m_externalEntityRefHandlerArg, 0, entity->base, entity->systemId, entity->publicId)) { - entityTrackingOnClose(parser, entity, __LINE__); entity->open = XML_FALSE; return XML_ERROR_EXTERNAL_ENTITY_HANDLING; } - entityTrackingOnClose(parser, entity, __LINE__); entity->open = XML_FALSE; handleDefault = XML_FALSE; if (! dtd->paramEntityRead) { @@ -5355,13 +5089,6 @@ for (;;) { const char *next = NULL; int tok = XmlPrologTok(parser->m_encoding, s, end, &next); -#ifdef XML_DTD - if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, - XML_ACCOUNT_DIRECT)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - } -#endif parser->m_eventEndPtr = next; switch (tok) { /* report partial linebreak - it might be the last token */ @@ -5435,9 +5162,6 @@ return XML_ERROR_NO_MEMORY; } entity->open = XML_TRUE; -#ifdef XML_DTD - entityTrackingOnOpen(parser, entity, __LINE__); -#endif entity->processed = 0; openEntity->next = parser->m_openInternalEntities; parser->m_openInternalEntities = openEntity; @@ -5446,8 +5170,8 @@ openEntity->betweenDecl = betweenDecl; openEntity->internalEventPtr = NULL; openEntity->internalEventEndPtr = NULL; - textStart = (const char *)entity->textPtr; - textEnd = (const char *)(entity->textPtr + entity->textLen); + textStart = (char *)entity->textPtr; + textEnd = (char *)(entity->textPtr + entity->textLen); /* Set a safe default value in case 'next' does not get set */ next = textStart; @@ -5456,22 +5180,17 @@ int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, - tok, next, &next, XML_FALSE, XML_FALSE, - XML_ACCOUNT_ENTITY_EXPANSION); + tok, next, &next, XML_FALSE, XML_FALSE); } else #endif /* XML_DTD */ result = doContent(parser, parser->m_tagLevel, parser->m_internalEncoding, - textStart, textEnd, &next, XML_FALSE, - XML_ACCOUNT_ENTITY_EXPANSION); + textStart, textEnd, &next, XML_FALSE); if (result == XML_ERROR_NONE) { if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) { entity->processed = (int)(next - textStart); parser->m_processor = internalEntityProcessor; } else { -#ifdef XML_DTD - entityTrackingOnClose(parser, entity, __LINE__); -#endif /* XML_DTD */ entity->open = XML_FALSE; parser->m_openInternalEntities = openEntity->next; /* put openEntity back in list of free instances */ @@ -5494,8 +5213,8 @@ return XML_ERROR_UNEXPECTED_STATE; entity = openEntity->entity; - textStart = ((const char *)entity->textPtr) + entity->processed; - textEnd = (const char *)(entity->textPtr + entity->textLen); + textStart = ((char *)entity->textPtr) + entity->processed; + textEnd = (char *)(entity->textPtr + entity->textLen); /* Set a safe default value in case 'next' does not get set */ next = textStart; @@ -5504,24 +5223,20 @@ int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, - tok, next, &next, XML_FALSE, XML_TRUE, - XML_ACCOUNT_ENTITY_EXPANSION); + tok, next, &next, XML_FALSE, XML_TRUE); } else #endif /* XML_DTD */ result = doContent(parser, openEntity->startTagLevel, parser->m_internalEncoding, textStart, textEnd, &next, - XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION); + XML_FALSE); if (result != XML_ERROR_NONE) return result; else if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) { - entity->processed = (int)(next - (const char *)entity->textPtr); + entity->processed = (int)(next - (char *)entity->textPtr); return result; } else { -#ifdef XML_DTD - entityTrackingOnClose(parser, entity, __LINE__); -#endif entity->open = XML_FALSE; parser->m_openInternalEntities = openEntity->next; /* put openEntity back in list of free instances */ @@ -5535,8 +5250,7 @@ parser->m_processor = prologProcessor; tok = XmlPrologTok(parser->m_encoding, s, end, &next); return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, - (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE, - XML_ACCOUNT_DIRECT); + (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE); } else #endif /* XML_DTD */ { @@ -5544,8 +5258,7 @@ /* see externalEntityContentProcessor vs contentProcessor */ return doContent(parser, parser->m_parentParser ? 1 : 0, parser->m_encoding, s, end, nextPtr, - (XML_Bool)! parser->m_parsingStatus.finalBuffer, - XML_ACCOUNT_DIRECT); + (XML_Bool)! parser->m_parsingStatus.finalBuffer); } } @@ -5560,10 +5273,9 @@ static enum XML_Error storeAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata, - const char *ptr, const char *end, STRING_POOL *pool, - enum XML_Account account) { + const char *ptr, const char *end, STRING_POOL *pool) { enum XML_Error result - = appendAttributeValue(parser, enc, isCdata, ptr, end, pool, account); + = appendAttributeValue(parser, enc, isCdata, ptr, end, pool); if (result) return result; if (! isCdata && poolLength(pool) && poolLastChar(pool) == 0x20) @@ -5575,23 +5287,11 @@ static enum XML_Error appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata, - const char *ptr, const char *end, STRING_POOL *pool, - enum XML_Account account) { + const char *ptr, const char *end, STRING_POOL *pool) { DTD *const dtd = parser->m_dtd; /* save one level of indirection */ -#ifndef XML_DTD - UNUSED_P(account); -#endif - for (;;) { - const char *next - = ptr; /* XmlAttributeValueTok doesn't always set the last arg */ + const char *next; int tok = XmlAttributeValueTok(enc, ptr, end, &next); -#ifdef XML_DTD - if (! accountingDiffTolerated(parser, tok, ptr, next, __LINE__, account)) { - accountingOnAbort(parser); - return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - } -#endif switch (tok) { case XML_TOK_NONE: return XML_ERROR_NONE; @@ -5651,14 +5351,6 @@ XML_Char ch = (XML_Char)XmlPredefinedEntityName( enc, ptr + enc->minBytesPerChar, next - enc->minBytesPerChar); if (ch) { -#ifdef XML_DTD - /* NOTE: We are replacing 4-6 characters original input for 1 character - * so there is no amplification and hence recording without - * protection. */ - accountingDiffTolerated(parser, tok, (char *)&ch, - ((char *)&ch) + sizeof(XML_Char), __LINE__, - XML_ACCOUNT_ENTITY_EXPANSION); -#endif /* XML_DTD */ if (! poolAppendChar(pool, ch)) return XML_ERROR_NO_MEMORY; break; @@ -5736,16 +5428,9 @@ enum XML_Error result; const XML_Char *textEnd = entity->textPtr + entity->textLen; entity->open = XML_TRUE; -#ifdef XML_DTD - entityTrackingOnOpen(parser, entity, __LINE__); -#endif result = appendAttributeValue(parser, parser->m_internalEncoding, - isCdata, (const char *)entity->textPtr, - (const char *)textEnd, pool, - XML_ACCOUNT_ENTITY_EXPANSION); -#ifdef XML_DTD - entityTrackingOnClose(parser, entity, __LINE__); -#endif + isCdata, (char *)entity->textPtr, + (char *)textEnd, pool); entity->open = XML_FALSE; if (result) return result; @@ -5775,16 +5460,13 @@ static enum XML_Error storeEntityValue(XML_Parser parser, const ENCODING *enc, - const char *entityTextPtr, const char *entityTextEnd, - enum XML_Account account) { + const char *entityTextPtr, const char *entityTextEnd) { DTD *const dtd = parser->m_dtd; /* save one level of indirection */ STRING_POOL *pool = &(dtd->entityValuePool); enum XML_Error result = XML_ERROR_NONE; #ifdef XML_DTD int oldInEntityValue = parser->m_prologState.inEntityValue; parser->m_prologState.inEntityValue = 1; -#else - UNUSED_P(account); #endif /* XML_DTD */ /* never return Null for the value argument in EntityDeclHandler, since this would indicate an external entity; therefore we @@ -5795,19 +5477,8 @@ } for (;;) { - const char *next - = entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */ + const char *next; int tok = XmlEntityValueTok(enc, entityTextPtr, entityTextEnd, &next); - -#ifdef XML_DTD - if (! accountingDiffTolerated(parser, tok, entityTextPtr, next, __LINE__, - account)) { - accountingOnAbort(parser); - result = XML_ERROR_AMPLIFICATION_LIMIT_BREACH; - goto endEntityValue; - } -#endif - switch (tok) { case XML_TOK_PARAM_ENTITY_REF: #ifdef XML_DTD @@ -5843,16 +5514,13 @@ if (parser->m_externalEntityRefHandler) { dtd->paramEntityRead = XML_FALSE; entity->open = XML_TRUE; - entityTrackingOnOpen(parser, entity, __LINE__); if (! parser->m_externalEntityRefHandler( parser->m_externalEntityRefHandlerArg, 0, entity->base, entity->systemId, entity->publicId)) { - entityTrackingOnClose(parser, entity, __LINE__); entity->open = XML_FALSE; result = XML_ERROR_EXTERNAL_ENTITY_HANDLING; goto endEntityValue; } - entityTrackingOnClose(parser, entity, __LINE__); entity->open = XML_FALSE; if (! dtd->paramEntityRead) dtd->keepProcessing = dtd->standalone; @@ -5860,12 +5528,9 @@ dtd->keepProcessing = dtd->standalone; } else { entity->open = XML_TRUE; - entityTrackingOnOpen(parser, entity, __LINE__); result = storeEntityValue( - parser, parser->m_internalEncoding, (const char *)entity->textPtr, - (const char *)(entity->textPtr + entity->textLen), - XML_ACCOUNT_ENTITY_EXPANSION); - entityTrackingOnClose(parser, entity, __LINE__); + parser, parser->m_internalEncoding, (char *)entity->textPtr, + (char *)(entity->textPtr + entity->textLen)); entity->open = XML_FALSE; if (result) goto endEntityValue; @@ -6820,7 +6485,7 @@ static void FASTCALL hashTableIterInit(HASH_TABLE_ITER *iter, const HASH_TABLE *table) { iter->p = table->v; - iter->end = iter->p ? iter->p + table->size : NULL; + iter->end = iter->p + table->size; } static NAMED *FASTCALL @@ -7226,755 +6891,3 @@ memcpy(result, s, charsRequired * sizeof(XML_Char)); return result; } - -#ifdef XML_DTD - -static float -accountingGetCurrentAmplification(XML_Parser rootParser) { - const XmlBigCount countBytesOutput - = rootParser->m_accounting.countBytesDirect - + rootParser->m_accounting.countBytesIndirect; - const float amplificationFactor - = rootParser->m_accounting.countBytesDirect - ? (countBytesOutput - / (float)(rootParser->m_accounting.countBytesDirect)) - : 1.0f; - assert(! rootParser->m_parentParser); - return amplificationFactor; -} - -static void -accountingReportStats(XML_Parser originParser, const char *epilog) { - const XML_Parser rootParser = getRootParserOf(originParser, NULL); - assert(! rootParser->m_parentParser); - - if (rootParser->m_accounting.debugLevel < 1) { - return; - } - - const float amplificationFactor - = accountingGetCurrentAmplification(rootParser); - fprintf(stderr, - "expat: Accounting(%p): Direct " EXPAT_FMT_ULL( - "10") ", indirect " EXPAT_FMT_ULL("10") ", amplification %8.2f%s", - (void *)rootParser, rootParser->m_accounting.countBytesDirect, - rootParser->m_accounting.countBytesIndirect, - (double)amplificationFactor, epilog); -} - -static void -accountingOnAbort(XML_Parser originParser) { - accountingReportStats(originParser, " ABORTING\n"); -} - -static void -accountingReportDiff(XML_Parser rootParser, - unsigned int levelsAwayFromRootParser, const char *before, - const char *after, ptrdiff_t bytesMore, int source_line, - enum XML_Account account) { - assert(! rootParser->m_parentParser); - - fprintf(stderr, - " (+" EXPAT_FMT_PTRDIFF_T("6") " bytes %s|%d, xmlparse.c:%d) %*s\"", - bytesMore, (account == XML_ACCOUNT_DIRECT) ? "DIR" : "EXP", - levelsAwayFromRootParser, source_line, 10, ""); - - const char ellipis[] = "[..]"; - const size_t ellipsisLength = sizeof(ellipis) /* because compile-time */ - 1; - const unsigned int contextLength = 10; - - /* Note: Performance is of no concern here */ - const char *walker = before; - if ((rootParser->m_accounting.debugLevel >= 3) - || (after - before) - <= (ptrdiff_t)(contextLength + ellipsisLength + contextLength)) { - for (; walker < after; walker++) { - fprintf(stderr, "%s", unsignedCharToPrintable(walker[0])); - } - } else { - for (; walker < before + contextLength; walker++) { - fprintf(stderr, "%s", unsignedCharToPrintable(walker[0])); - } - fprintf(stderr, ellipis); - walker = after - contextLength; - for (; walker < after; walker++) { - fprintf(stderr, "%s", unsignedCharToPrintable(walker[0])); - } - } - fprintf(stderr, "\"\n"); -} - -static XML_Bool -accountingDiffTolerated(XML_Parser originParser, int tok, const char *before, - const char *after, int source_line, - enum XML_Account account) { - /* Note: We need to check the token type *first* to be sure that - * we can even access variable , safely. - * E.g. for XML_TOK_NONE may hold an invalid pointer. */ - switch (tok) { - case XML_TOK_INVALID: - case XML_TOK_PARTIAL: - case XML_TOK_PARTIAL_CHAR: - case XML_TOK_NONE: - return XML_TRUE; - } - - if (account == XML_ACCOUNT_NONE) - return XML_TRUE; /* because these bytes have been accounted for, already */ - - unsigned int levelsAwayFromRootParser; - const XML_Parser rootParser - = getRootParserOf(originParser, &levelsAwayFromRootParser); - assert(! rootParser->m_parentParser); - - const int isDirect - = (account == XML_ACCOUNT_DIRECT) && (originParser == rootParser); - const ptrdiff_t bytesMore = after - before; - - XmlBigCount *const additionTarget - = isDirect ? &rootParser->m_accounting.countBytesDirect - : &rootParser->m_accounting.countBytesIndirect; - - /* Detect and avoid integer overflow */ - if (*additionTarget > (XmlBigCount)(-1) - (XmlBigCount)bytesMore) - return XML_FALSE; - *additionTarget += bytesMore; - - const XmlBigCount countBytesOutput - = rootParser->m_accounting.countBytesDirect - + rootParser->m_accounting.countBytesIndirect; - const float amplificationFactor - = accountingGetCurrentAmplification(rootParser); - const XML_Bool tolerated - = (countBytesOutput < rootParser->m_accounting.activationThresholdBytes) - || (amplificationFactor - <= rootParser->m_accounting.maximumAmplificationFactor); - - if (rootParser->m_accounting.debugLevel >= 2) { - accountingReportStats(rootParser, ""); - accountingReportDiff(rootParser, levelsAwayFromRootParser, before, after, - bytesMore, source_line, account); - } - - return tolerated; -} - -unsigned long long -testingAccountingGetCountBytesDirect(XML_Parser parser) { - if (! parser) - return 0; - return parser->m_accounting.countBytesDirect; -} - -unsigned long long -testingAccountingGetCountBytesIndirect(XML_Parser parser) { - if (! parser) - return 0; - return parser->m_accounting.countBytesIndirect; -} - -static void -entityTrackingReportStats(XML_Parser rootParser, ENTITY *entity, - const char *action, int sourceLine) { - assert(! rootParser->m_parentParser); - if (rootParser->m_entity_stats.debugLevel < 1) - return; - -# if defined(XML_UNICODE) - const char *const entityName = "[..]"; -# else - const char *const entityName = entity->name; -# endif - - fprintf( - stderr, - "expat: Entities(%p): Count %9d, depth %2d/%2d %*s%s%s; %s length %d (xmlparse.c:%d)\n", - (void *)rootParser, rootParser->m_entity_stats.countEverOpened, - rootParser->m_entity_stats.currentDepth, - rootParser->m_entity_stats.maximumDepthSeen, - (rootParser->m_entity_stats.currentDepth - 1) * 2, "", - entity->is_param ? "%" : "&", entityName, action, entity->textLen, - sourceLine); -} - -static void -entityTrackingOnOpen(XML_Parser originParser, ENTITY *entity, int sourceLine) { - const XML_Parser rootParser = getRootParserOf(originParser, NULL); - assert(! rootParser->m_parentParser); - - rootParser->m_entity_stats.countEverOpened++; - rootParser->m_entity_stats.currentDepth++; - if (rootParser->m_entity_stats.currentDepth - > rootParser->m_entity_stats.maximumDepthSeen) { - rootParser->m_entity_stats.maximumDepthSeen++; - } - - entityTrackingReportStats(rootParser, entity, "OPEN ", sourceLine); -} - -static void -entityTrackingOnClose(XML_Parser originParser, ENTITY *entity, int sourceLine) { - const XML_Parser rootParser = getRootParserOf(originParser, NULL); - assert(! rootParser->m_parentParser); - - entityTrackingReportStats(rootParser, entity, "CLOSE", sourceLine); - rootParser->m_entity_stats.currentDepth--; -} - -static XML_Parser -getRootParserOf(XML_Parser parser, unsigned int *outLevelDiff) { - XML_Parser rootParser = parser; - unsigned int stepsTakenUpwards = 0; - while (rootParser->m_parentParser) { - rootParser = rootParser->m_parentParser; - stepsTakenUpwards++; - } - assert(! rootParser->m_parentParser); - if (outLevelDiff != NULL) { - *outLevelDiff = stepsTakenUpwards; - } - return rootParser; -} - -const char * -unsignedCharToPrintable(unsigned char c) { - switch (c) { - case 0: - return "\\0"; - case 1: - return "\\x1"; - case 2: - return "\\x2"; - case 3: - return "\\x3"; - case 4: - return "\\x4"; - case 5: - return "\\x5"; - case 6: - return "\\x6"; - case 7: - return "\\x7"; - case 8: - return "\\x8"; - case 9: - return "\\t"; - case 10: - return "\\n"; - case 11: - return "\\xB"; - case 12: - return "\\xC"; - case 13: - return "\\r"; - case 14: - return "\\xE"; - case 15: - return "\\xF"; - case 16: - return "\\x10"; - case 17: - return "\\x11"; - case 18: - return "\\x12"; - case 19: - return "\\x13"; - case 20: - return "\\x14"; - case 21: - return "\\x15"; - case 22: - return "\\x16"; - case 23: - return "\\x17"; - case 24: - return "\\x18"; - case 25: - return "\\x19"; - case 26: - return "\\x1A"; - case 27: - return "\\x1B"; - case 28: - return "\\x1C"; - case 29: - return "\\x1D"; - case 30: - return "\\x1E"; - case 31: - return "\\x1F"; - case 32: - return " "; - case 33: - return "!"; - case 34: - return "\\\""; - case 35: - return "#"; - case 36: - return "$"; - case 37: - return "%"; - case 38: - return "&"; - case 39: - return "'"; - case 40: - return "("; - case 41: - return ")"; - case 42: - return "*"; - case 43: - return "+"; - case 44: - return ","; - case 45: - return "-"; - case 46: - return "."; - case 47: - return "/"; - case 48: - return "0"; - case 49: - return "1"; - case 50: - return "2"; - case 51: - return "3"; - case 52: - return "4"; - case 53: - return "5"; - case 54: - return "6"; - case 55: - return "7"; - case 56: - return "8"; - case 57: - return "9"; - case 58: - return ":"; - case 59: - return ";"; - case 60: - return "<"; - case 61: - return "="; - case 62: - return ">"; - case 63: - return "?"; - case 64: - return "@"; - case 65: - return "A"; - case 66: - return "B"; - case 67: - return "C"; - case 68: - return "D"; - case 69: - return "E"; - case 70: - return "F"; - case 71: - return "G"; - case 72: - return "H"; - case 73: - return "I"; - case 74: - return "J"; - case 75: - return "K"; - case 76: - return "L"; - case 77: - return "M"; - case 78: - return "N"; - case 79: - return "O"; - case 80: - return "P"; - case 81: - return "Q"; - case 82: - return "R"; - case 83: - return "S"; - case 84: - return "T"; - case 85: - return "U"; - case 86: - return "V"; - case 87: - return "W"; - case 88: - return "X"; - case 89: - return "Y"; - case 90: - return "Z"; - case 91: - return "["; - case 92: - return "\\\\"; - case 93: - return "]"; - case 94: - return "^"; - case 95: - return "_"; - case 96: - return "`"; - case 97: - return "a"; - case 98: - return "b"; - case 99: - return "c"; - case 100: - return "d"; - case 101: - return "e"; - case 102: - return "f"; - case 103: - return "g"; - case 104: - return "h"; - case 105: - return "i"; - case 106: - return "j"; - case 107: - return "k"; - case 108: - return "l"; - case 109: - return "m"; - case 110: - return "n"; - case 111: - return "o"; - case 112: - return "p"; - case 113: - return "q"; - case 114: - return "r"; - case 115: - return "s"; - case 116: - return "t"; - case 117: - return "u"; - case 118: - return "v"; - case 119: - return "w"; - case 120: - return "x"; - case 121: - return "y"; - case 122: - return "z"; - case 123: - return "{"; - case 124: - return "|"; - case 125: - return "}"; - case 126: - return "~"; - case 127: - return "\\x7F"; - case 128: - return "\\x80"; - case 129: - return "\\x81"; - case 130: - return "\\x82"; - case 131: - return "\\x83"; - case 132: - return "\\x84"; - case 133: - return "\\x85"; - case 134: - return "\\x86"; - case 135: - return "\\x87"; - case 136: - return "\\x88"; - case 137: - return "\\x89"; - case 138: - return "\\x8A"; - case 139: - return "\\x8B"; - case 140: - return "\\x8C"; - case 141: - return "\\x8D"; - case 142: - return "\\x8E"; - case 143: - return "\\x8F"; - case 144: - return "\\x90"; - case 145: - return "\\x91"; - case 146: - return "\\x92"; - case 147: - return "\\x93"; - case 148: - return "\\x94"; - case 149: - return "\\x95"; - case 150: - return "\\x96"; - case 151: - return "\\x97"; - case 152: - return "\\x98"; - case 153: - return "\\x99"; - case 154: - return "\\x9A"; - case 155: - return "\\x9B"; - case 156: - return "\\x9C"; - case 157: - return "\\x9D"; - case 158: - return "\\x9E"; - case 159: - return "\\x9F"; - case 160: - return "\\xA0"; - case 161: - return "\\xA1"; - case 162: - return "\\xA2"; - case 163: - return "\\xA3"; - case 164: - return "\\xA4"; - case 165: - return "\\xA5"; - case 166: - return "\\xA6"; - case 167: - return "\\xA7"; - case 168: - return "\\xA8"; - case 169: - return "\\xA9"; - case 170: - return "\\xAA"; - case 171: - return "\\xAB"; - case 172: - return "\\xAC"; - case 173: - return "\\xAD"; - case 174: - return "\\xAE"; - case 175: - return "\\xAF"; - case 176: - return "\\xB0"; - case 177: - return "\\xB1"; - case 178: - return "\\xB2"; - case 179: - return "\\xB3"; - case 180: - return "\\xB4"; - case 181: - return "\\xB5"; - case 182: - return "\\xB6"; - case 183: - return "\\xB7"; - case 184: - return "\\xB8"; - case 185: - return "\\xB9"; - case 186: - return "\\xBA"; - case 187: - return "\\xBB"; - case 188: - return "\\xBC"; - case 189: - return "\\xBD"; - case 190: - return "\\xBE"; - case 191: - return "\\xBF"; - case 192: - return "\\xC0"; - case 193: - return "\\xC1"; - case 194: - return "\\xC2"; - case 195: - return "\\xC3"; - case 196: - return "\\xC4"; - case 197: - return "\\xC5"; - case 198: - return "\\xC6"; - case 199: - return "\\xC7"; - case 200: - return "\\xC8"; - case 201: - return "\\xC9"; - case 202: - return "\\xCA"; - case 203: - return "\\xCB"; - case 204: - return "\\xCC"; - case 205: - return "\\xCD"; - case 206: - return "\\xCE"; - case 207: - return "\\xCF"; - case 208: - return "\\xD0"; - case 209: - return "\\xD1"; - case 210: - return "\\xD2"; - case 211: - return "\\xD3"; - case 212: - return "\\xD4"; - case 213: - return "\\xD5"; - case 214: - return "\\xD6"; - case 215: - return "\\xD7"; - case 216: - return "\\xD8"; - case 217: - return "\\xD9"; - case 218: - return "\\xDA"; - case 219: - return "\\xDB"; - case 220: - return "\\xDC"; - case 221: - return "\\xDD"; - case 222: - return "\\xDE"; - case 223: - return "\\xDF"; - case 224: - return "\\xE0"; - case 225: - return "\\xE1"; - case 226: - return "\\xE2"; - case 227: - return "\\xE3"; - case 228: - return "\\xE4"; - case 229: - return "\\xE5"; - case 230: - return "\\xE6"; - case 231: - return "\\xE7"; - case 232: - return "\\xE8"; - case 233: - return "\\xE9"; - case 234: - return "\\xEA"; - case 235: - return "\\xEB"; - case 236: - return "\\xEC"; - case 237: - return "\\xED"; - case 238: - return "\\xEE"; - case 239: - return "\\xEF"; - case 240: - return "\\xF0"; - case 241: - return "\\xF1"; - case 242: - return "\\xF2"; - case 243: - return "\\xF3"; - case 244: - return "\\xF4"; - case 245: - return "\\xF5"; - case 246: - return "\\xF6"; - case 247: - return "\\xF7"; - case 248: - return "\\xF8"; - case 249: - return "\\xF9"; - case 250: - return "\\xFA"; - case 251: - return "\\xFB"; - case 252: - return "\\xFC"; - case 253: - return "\\xFD"; - case 254: - return "\\xFE"; - case 255: - return "\\xFF"; - default: - assert(0); /* never gets here */ - return "dead code"; - } - assert(0); /* never gets here */ -} - -#endif /* XML_DTD */ - -static unsigned long -getDebugLevel(const char *variableName, unsigned long defaultDebugLevel) { - const char *const valueOrNull = getenv(variableName); - if (valueOrNull == NULL) { - return defaultDebugLevel; - } - const char *const value = valueOrNull; - - errno = 0; - char *afterValue = (char *)value; - unsigned long debugLevel = strtoul(value, &afterValue, 10); - if ((errno != 0) || (afterValue[0] != '\0')) { - errno = 0; - return defaultDebugLevel; - } - - return debugLevel; -} diff -Nru python3.7-3.7.12/Modules/expat/xmlrole.c python3.7-3.7.10/Modules/expat/xmlrole.c --- python3.7-3.7.12/Modules/expat/xmlrole.c 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/xmlrole.c 2021-02-16 01:29:22.000000000 +0000 @@ -7,14 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2002 Greg Stein - Copyright (c) 2002-2006 Karl Waclawek - Copyright (c) 2002-2003 Fred L. Drake, Jr. - Copyright (c) 2005-2009 Steven Solie - Copyright (c) 2016-2021 Sebastian Pipping - Copyright (c) 2017 Rhodri James - Copyright (c) 2019 David Loffredo + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -41,9 +34,11 @@ #ifdef _WIN32 # include "winconfig.h" -#endif - -#include +#else +# ifdef HAVE_EXPAT_CONFIG_H +# include +# endif +#endif /* ndef _WIN32 */ #include "expat_external.h" #include "internal.h" @@ -1225,8 +1220,6 @@ #ifdef XML_DTD if (! state->documentEntity && tok == XML_TOK_PARAM_ENTITY_REF) return XML_ROLE_INNER_PARAM_ENTITY_REF; -#else - UNUSED_P(tok); #endif state->handler = error; return XML_ROLE_ERROR; diff -Nru python3.7-3.7.12/Modules/expat/xmlrole.h python3.7-3.7.10/Modules/expat/xmlrole.h --- python3.7-3.7.12/Modules/expat/xmlrole.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/xmlrole.h 2021-02-16 01:29:22.000000000 +0000 @@ -7,10 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2002 Karl Waclawek - Copyright (c) 2002 Fred L. Drake, Jr. - Copyright (c) 2017 Sebastian Pipping + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff -Nru python3.7-3.7.12/Modules/expat/xmltok.c python3.7-3.7.10/Modules/expat/xmltok.c --- python3.7-3.7.12/Modules/expat/xmltok.c 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/xmltok.c 2021-02-16 01:29:22.000000000 +0000 @@ -7,19 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2001-2003 Fred L. Drake, Jr. - Copyright (c) 2002 Greg Stein - Copyright (c) 2002-2016 Karl Waclawek - Copyright (c) 2005-2009 Steven Solie - Copyright (c) 2016-2021 Sebastian Pipping - Copyright (c) 2016 Pascal Cuoq - Copyright (c) 2016 Don Lewis - Copyright (c) 2017 Rhodri James - Copyright (c) 2017 Alexander Bluhm - Copyright (c) 2017 Benbuck Nason - Copyright (c) 2017 José Gutiérrez de la Concha - Copyright (c) 2019 David Loffredo + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -44,13 +32,23 @@ #include #include /* memcpy */ -#include -#ifdef _WIN32 -# include "winconfig.h" +#if defined(_MSC_VER) && (_MSC_VER <= 1700) +/* for vs2012/11.0/1700 and earlier Visual Studio compilers */ +# define bool int +# define false 0 +# define true 1 +#else +# include #endif -#include +#ifdef _WIN32 +# include "winconfig.h" +#else +# ifdef HAVE_EXPAT_CONFIG_H +# include +# endif +#endif /* ndef _WIN32 */ #include "expat_external.h" #include "internal.h" @@ -271,14 +269,8 @@ #define IS_NAME_CHAR(enc, p, n) (AS_NORMAL_ENCODING(enc)->isName##n(enc, p)) #define IS_NMSTRT_CHAR(enc, p, n) (AS_NORMAL_ENCODING(enc)->isNmstrt##n(enc, p)) -#ifdef XML_MIN_SIZE -# define IS_INVALID_CHAR(enc, p, n) \ - (AS_NORMAL_ENCODING(enc)->isInvalid##n \ - && AS_NORMAL_ENCODING(enc)->isInvalid##n(enc, p)) -#else -# define IS_INVALID_CHAR(enc, p, n) \ - (AS_NORMAL_ENCODING(enc)->isInvalid##n(enc, p)) -#endif +#define IS_INVALID_CHAR(enc, p, n) \ + (AS_NORMAL_ENCODING(enc)->isInvalid##n(enc, p)) #ifdef XML_MIN_SIZE # define IS_NAME_CHAR_MINBPC(enc, p) \ @@ -597,13 +589,13 @@ static int PTRFASTCALL unicode_byte_type(char hi, char lo) { switch ((unsigned char)hi) { - /* 0xD800-0xDBFF first 16-bit code unit or high surrogate (W1) */ + /* 0xD800–0xDBFF first 16-bit code unit or high surrogate (W1) */ case 0xD8: case 0xD9: case 0xDA: case 0xDB: return BT_LEAD4; - /* 0xDC00-0xDFFF second 16-bit code unit or low surrogate (W2) */ + /* 0xDC00–0xDFFF second 16-bit code unit or low surrogate (W2) */ case 0xDC: case 0xDD: case 0xDE: diff -Nru python3.7-3.7.12/Modules/expat/xmltok.h python3.7-3.7.10/Modules/expat/xmltok.h --- python3.7-3.7.12/Modules/expat/xmltok.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/xmltok.h 2021-02-16 01:29:22.000000000 +0000 @@ -7,11 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2002 Fred L. Drake, Jr. - Copyright (c) 2002-2005 Karl Waclawek - Copyright (c) 2016-2017 Sebastian Pipping - Copyright (c) 2017 Rhodri James + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff -Nru python3.7-3.7.12/Modules/expat/xmltok_impl.c python3.7-3.7.10/Modules/expat/xmltok_impl.c --- python3.7-3.7.12/Modules/expat/xmltok_impl.c 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/xmltok_impl.c 2021-02-16 01:29:22.000000000 +0000 @@ -1,4 +1,4 @@ -/* This file is included (from xmltok.c, 1-3 times depending on XML_MIN_SIZE)! +/* This file is included! __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| @@ -7,15 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2002 Fred L. Drake, Jr. - Copyright (c) 2002-2016 Karl Waclawek - Copyright (c) 2016-2021 Sebastian Pipping - Copyright (c) 2017 Rhodri James - Copyright (c) 2018 Benjamin Peterson - Copyright (c) 2018 Anton Maklakov - Copyright (c) 2019 David Loffredo - Copyright (c) 2020 Boris Kolpackov + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -40,7 +32,7 @@ #ifdef XML_TOK_IMPL_C -# ifndef IS_INVALID_CHAR // i.e. for UTF-16 and XML_MIN_SIZE not defined +# ifndef IS_INVALID_CHAR # define IS_INVALID_CHAR(enc, ptr, n) (0) # endif @@ -1776,14 +1768,13 @@ # define LEAD_CASE(n) \ case BT_LEAD##n: \ ptr += n; \ - pos->columnNumber++; \ break; LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4) # undef LEAD_CASE case BT_LF: - pos->columnNumber = 0; + pos->columnNumber = (XML_Size)-1; pos->lineNumber++; ptr += MINBPC(enc); break; @@ -1792,13 +1783,13 @@ ptr += MINBPC(enc); if (HAS_CHAR(enc, ptr, end) && BYTE_TYPE(enc, ptr) == BT_LF) ptr += MINBPC(enc); - pos->columnNumber = 0; + pos->columnNumber = (XML_Size)-1; break; default: ptr += MINBPC(enc); - pos->columnNumber++; break; } + pos->columnNumber++; } } diff -Nru python3.7-3.7.12/Modules/expat/xmltok_impl.h python3.7-3.7.10/Modules/expat/xmltok_impl.h --- python3.7-3.7.12/Modules/expat/xmltok_impl.h 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/xmltok_impl.h 2021-02-16 01:29:22.000000000 +0000 @@ -7,8 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2017-2019 Sebastian Pipping + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff -Nru python3.7-3.7.12/Modules/expat/xmltok_ns.c python3.7-3.7.10/Modules/expat/xmltok_ns.c --- python3.7-3.7.12/Modules/expat/xmltok_ns.c 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Modules/expat/xmltok_ns.c 2021-02-16 01:29:22.000000000 +0000 @@ -7,11 +7,7 @@ |_| XML parser Copyright (c) 1997-2000 Thai Open Source Software Center Ltd - Copyright (c) 2000 Clark Cooper - Copyright (c) 2002 Greg Stein - Copyright (c) 2002 Fred L. Drake, Jr. - Copyright (c) 2002-2006 Karl Waclawek - Copyright (c) 2017 Sebastian Pipping + Copyright (c) 2000-2017 Expat development team Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining diff -Nru python3.7-3.7.12/Python/pythonrun.c python3.7-3.7.10/Python/pythonrun.c --- python3.7-3.7.12/Python/pythonrun.c 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/Python/pythonrun.c 2021-02-16 01:29:22.000000000 +0000 @@ -932,9 +932,7 @@ seen = PySet_New(NULL); if (seen == NULL) PyErr_Clear(); - Py_INCREF(f); print_exception_recursive(f, value, seen); - Py_DECREF(f); Py_XDECREF(seen); } } diff -Nru python3.7-3.7.12/README.rst python3.7-3.7.10/README.rst --- python3.7-3.7.12/README.rst 2021-09-04 03:49:21.000000000 +0000 +++ python3.7-3.7.10/README.rst 2021-02-16 01:29:22.000000000 +0000 @@ -1,4 +1,4 @@ -This is Python version 3.7.12 +This is Python version 3.7.10 ============================= .. image:: https://travis-ci.org/python/cpython.svg?branch=3.7