https://github.com/python/cpython/commit/c0de6500249469e6fc5b458d6afb6bad1b6755cd
commit: c0de6500249469e6fc5b458d6afb6bad1b6755cd
branch: main
author: Gregory P. Smith <[email protected]>
committer: hugovk <[email protected]>
date: 2025-04-07T23:42:00+03:00
summary:
gh-131809: Upgrade vendored expat to 2.7.1 (#132192)
files:
A Misc/NEWS.d/next/Security/2025-04-07-04-11-08.gh-issue-131809.4MBDuy.rst
M Misc/sbom.spdx.json
M Modules/expat/expat.h
M Modules/expat/internal.h
M Modules/expat/refresh.sh
M Modules/expat/xmlparse.c
diff --git
a/Misc/NEWS.d/next/Security/2025-04-07-04-11-08.gh-issue-131809.4MBDuy.rst
b/Misc/NEWS.d/next/Security/2025-04-07-04-11-08.gh-issue-131809.4MBDuy.rst
new file mode 100644
index 00000000000000..1421b4d851dd50
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2025-04-07-04-11-08.gh-issue-131809.4MBDuy.rst
@@ -0,0 +1 @@
+Update bundled libexpat to 2.7.1
diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json
index 678a64df977432..cafda98ba2d59e 100644
--- a/Misc/sbom.spdx.json
+++ b/Misc/sbom.spdx.json
@@ -48,11 +48,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "1128a2c7acb539a7b8613aac182983c48e8d6eb9"
+ "checksumValue": "6984055af7b4e01429d8ebc910fe2be900d8ee9c"
},
{
"algorithm": "SHA256",
- "checksumValue":
"3f868d5366b7736096c6a53f1422cf2dca3795d04b5438fc1b54279effdab918"
+ "checksumValue":
"7c16a5cf0eea844ae579db083b8d75f23a71859cac77e3c4cb7a8fa3b7621685"
}
],
"fileName": "Modules/expat/expat.h"
@@ -90,11 +90,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "e23d160cc33cc2c25a4b48f7b242f906444418e0"
+ "checksumValue": "60b0ee8b4a93ef0276193ed1051c15ecab73c02e"
},
{
"algorithm": "SHA256",
- "checksumValue":
"f7523357d8009749e7dba94b0bd7d0fa60e011cc254e55c4ebccd6313f031122"
+ "checksumValue":
"6af6e8fbf5c83c1431464a2811b10ea2d1ff64c0eabfd9f18b1d4e53bf400c35"
}
],
"fileName": "Modules/expat/internal.h"
@@ -174,11 +174,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "2170362ee95a94d5c489f9430c8f63a89b7fd764"
+ "checksumValue": "3db0435d69e5eb904c9c88400a5ab073a81049bc"
},
{
"algorithm": "SHA256",
- "checksumValue":
"9da1080e3fe34cedaed53d3916978d07404dae55b3e3c2e8316abd5f13af8074"
+ "checksumValue":
"633b272fa893dfbef539edbba35f1b11ecf09a13b89189105b0dfa6c7ecfc3bf"
}
],
"fileName": "Modules/expat/xmlparse.c"
diff --git a/Modules/expat/expat.h b/Modules/expat/expat.h
index 192cfd3f07eb7e..610e1ddc0e94ba 100644
--- a/Modules/expat/expat.h
+++ b/Modules/expat/expat.h
@@ -1068,7 +1068,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool
enabled);
*/
#define XML_MAJOR_VERSION 2
#define XML_MINOR_VERSION 7
-#define XML_MICRO_VERSION 0
+#define XML_MICRO_VERSION 1
#ifdef __cplusplus
}
diff --git a/Modules/expat/internal.h b/Modules/expat/internal.h
index 167ec36804a43b..6bde6ae6b31ddd 100644
--- a/Modules/expat/internal.h
+++ b/Modules/expat/internal.h
@@ -28,7 +28,7 @@
Copyright (c) 2002-2003 Fred L. Drake, Jr. <[email protected]>
Copyright (c) 2002-2006 Karl Waclawek <[email protected]>
Copyright (c) 2003 Greg Stein <[email protected]>
- Copyright (c) 2016-2024 Sebastian Pipping <[email protected]>
+ Copyright (c) 2016-2025 Sebastian Pipping <[email protected]>
Copyright (c) 2018 Yury Gribov <[email protected]>
Copyright (c) 2019 David Loffredo <[email protected]>
Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <[email protected]>
@@ -127,6 +127,9 @@
# elif ULONG_MAX == 18446744073709551615u // 2^64-1
# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "ld"
# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "lu"
+# elif defined(EMSCRIPTEN) // 32bit mode Emscripten
+# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "ld"
+# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "zu"
# else
# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d"
# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "u"
diff --git a/Modules/expat/refresh.sh b/Modules/expat/refresh.sh
index 46e236cbb5542b..3904fc8afd63d2 100755
--- a/Modules/expat/refresh.sh
+++ b/Modules/expat/refresh.sh
@@ -12,9 +12,9 @@ fi
# Update this when updating to a new version after verifying that the changes
# the update brings in are good. These values are used for verifying the SBOM,
too.
-expected_libexpat_tag="R_2_7_0"
-expected_libexpat_version="2.7.0"
-expected_libexpat_sha256="362e89ca6b8a0d46fc5740a917eb2a8b4d6356edbe016eee09f49c0781215844"
+expected_libexpat_tag="R_2_7_1"
+expected_libexpat_version="2.7.1"
+expected_libexpat_sha256="0cce2e6e69b327fc607b8ff264f4b66bdf71ead55a87ffd5f3143f535f15cfa2"
expat_dir="$(realpath "$(dirname -- "${BASH_SOURCE[0]}")")"
cd ${expat_dir}
diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c
index 376470dd80632b..38a2d9657b6aeb 100644
--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -1,4 +1,4 @@
-/* 7d6840a33c250b74adb0ba295d6ec818dccebebaffc8c3ed27d0b29c28adbeb3 (2.7.0+)
+/* d19ae032c224863c1527ba44d228cc34b99192c3a4c5a27af1f4e054d45ee031 (2.7.1+)
__ __ _
___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __|
@@ -3402,12 +3402,13 @@ doContent(XML_Parser parser, int startTagLevel, const
ENCODING *enc,
break;
/* LCOV_EXCL_STOP */
}
- *eventPP = s = next;
switch (parser->m_parsingStatus.parsing) {
case XML_SUSPENDED:
+ *eventPP = next;
*nextPtr = next;
return XML_ERROR_NONE;
case XML_FINISHED:
+ *eventPP = next;
return XML_ERROR_ABORTED;
case XML_PARSING:
if (parser->m_reenter) {
@@ -3416,6 +3417,7 @@ doContent(XML_Parser parser, int startTagLevel, const
ENCODING *enc,
}
/* Fall through */
default:;
+ *eventPP = s = next;
}
}
/* not reached */
@@ -4332,12 +4334,13 @@ doCdataSection(XML_Parser parser, const ENCODING *enc,
const char **startPtr,
/* LCOV_EXCL_STOP */
}
- *eventPP = s = next;
switch (parser->m_parsingStatus.parsing) {
case XML_SUSPENDED:
+ *eventPP = next;
*nextPtr = next;
return XML_ERROR_NONE;
case XML_FINISHED:
+ *eventPP = next;
return XML_ERROR_ABORTED;
case XML_PARSING:
if (parser->m_reenter) {
@@ -4345,6 +4348,7 @@ doCdataSection(XML_Parser parser, const ENCODING *enc,
const char **startPtr,
}
/* Fall through */
default:;
+ *eventPP = s = next;
}
}
/* not reached */
@@ -5951,12 +5955,13 @@ epilogProcessor(XML_Parser parser, const char *s, const
char *end,
default:
return XML_ERROR_JUNK_AFTER_DOC_ELEMENT;
}
- parser->m_eventPtr = s = next;
switch (parser->m_parsingStatus.parsing) {
case XML_SUSPENDED:
+ parser->m_eventPtr = next;
*nextPtr = next;
return XML_ERROR_NONE;
case XML_FINISHED:
+ parser->m_eventPtr = next;
return XML_ERROR_ABORTED;
case XML_PARSING:
if (parser->m_reenter) {
@@ -5964,6 +5969,7 @@ epilogProcessor(XML_Parser parser, const char *s, const
char *end,
}
/* Fall through */
default:;
+ parser->m_eventPtr = s = next;
}
}
}
@@ -8245,7 +8251,7 @@ entityTrackingReportStats(XML_Parser rootParser, ENTITY
*entity,
(void *)rootParser, rootParser->m_entity_stats.countEverOpened,
rootParser->m_entity_stats.currentDepth,
rootParser->m_entity_stats.maximumDepthSeen,
- (rootParser->m_entity_stats.currentDepth - 1) * 2, "",
+ ((int)rootParser->m_entity_stats.currentDepth - 1) * 2, "",
entity->is_param ? "%" : "&", entityName, action, entity->textLen,
sourceLine);
}
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]
