5c08cf2073
* Security fixes: - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. * Other changes: - Autotools: Sync CMake templates with CMake 3.28 - Autotools: Always provide path to find(1) for portability - Autotools: Ensure that the m4 directory always exists. - Autotools: Simplify handling of SIZEOF_VOID_P - Autotools: Support non-GNU sed - Autotools|CMake: Fix main() to main(void) - Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM - Autotools|CMake: Stop requiring dos2unix OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=114
101 lines
3.0 KiB
HTML
101 lines
3.0 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
|
|
"http://www.w3.org/TR/REC-html40/loose.dtd">
|
|
|
|
<!--
|
|
Note for SuSE package maintainers: this file was taken
|
|
verbatim from http://www.jclark.com/xml/expatfaq.html
|
|
and has since has obsolete information removed.
|
|
-->
|
|
|
|
<HTML>
|
|
|
|
<TITLE>expat FAQ</TITLE>
|
|
|
|
<BODY>
|
|
|
|
<H1>Frequently Asked Questions about Expat</H1>
|
|
|
|
<H4>Where can I get help in using expat?</H4>
|
|
|
|
<p>Try the xml-dev mailing list (subscribe by mailing to <a
|
|
href="mailto:majordomo@xml.org&BODY=subscribe%20xml-dev">majordomo@xml.org</a>
|
|
with the message <code>subscribe xml-dev</code>). Alternatively try
|
|
the mailing lists hosted by <A
|
|
href="http://expat.sourceforge.net">sourceforge.net</A>.</P>
|
|
|
|
<H4>Where is expat's API documented?</H4>
|
|
|
|
<p>In <code>xmlparse/xmlparse.h</code>. There's also an advanced,
|
|
low-level API you can use which is documented in
|
|
<code>xmltok/xmltok.h</code>.</p>
|
|
|
|
<p>There's also an excellent <a
|
|
href="http://www.xml.com/pub/1999/09/expat/index.html">article</a>
|
|
about expat on XML.com by Clark Cooper.</p>
|
|
|
|
<H4>Is there a simple example of using expat's API?</H4>
|
|
|
|
<p>See <code>sample/elements.c</code></p>
|
|
|
|
<H4>How can I get expat to deal with non-ASCII characters?</H4>
|
|
|
|
<P>By default, expat assumes that documents are encoded in UTF-8. In
|
|
UTF-8, ASCII characters are represented by a single byte as they would
|
|
be in ASCII, but non-ASCII characters are represented by a sequence of
|
|
two or more bytes all with the 8th bit set. The encoding most widely
|
|
used for European languages is ISO 8859-1 which is not compatible with
|
|
UTF-8. To use this encoding, expat must be told either by supplying
|
|
an argument of <code>"iso-8859-1"</code> to
|
|
<code>XML_ParserCreate</code>, or by starting the document with
|
|
<code><?xml version="1.0" encoding="iso-8859-1"?></code>.</P>
|
|
|
|
<H4>What encodings does expat support?</H4>
|
|
|
|
<P>expat has built in support for the following encodings:</P>
|
|
|
|
<ul>
|
|
<li><code>utf-8</code></li>
|
|
<li><code>utf-16</code></li>
|
|
<li><code>iso-8859-1</code></li>
|
|
<li><code>us-ascii</code></li>
|
|
</ul>
|
|
|
|
<P>Additional encodings can be supported by using
|
|
<code>XML_SetUnknownEncodingHandler</code>.</P>
|
|
|
|
<H4>How can I get expat to validate my XML documents?</H4>
|
|
|
|
<p>You can't. expat is not a validating parser.</p>
|
|
|
|
<H4>How can I get expat to read my DTD?</H4>
|
|
|
|
<p>Compile with <code>-DXML_DTD</code> and call
|
|
<code>XML_SetParamEntityParsing</code>.</p>
|
|
|
|
<H4>How can I get expat to recover from errors?</H4>
|
|
|
|
<p>You can't. All well-formedness errors stop processing. Note that
|
|
the XML Recommendation does not permit conforming XML processors to
|
|
continue normal processing after a fatal error.</p>
|
|
|
|
<H4>How do I get at the characters between tags?</H4>
|
|
|
|
<p>Use <code>XML_SetCharacterDataHandler</code>.</p>
|
|
|
|
<H4>How can I minimize the size of expat?</H4>
|
|
|
|
<p>Compile with <code>-DXML_MIN_SIZE</code>. With Visual C++, use the
|
|
<code>Win32 MinSize</code> configuration: this creates an
|
|
<code>xmlparse.dll</code> that does not require
|
|
<code>xmltok.dll</code>.</p>
|
|
|
|
<ADDRESS>
|
|
|
|
<A HREF="mailto:jjc@jclark.com">James Clark</A>
|
|
|
|
</ADDRESS>
|
|
|
|
</BODY>
|
|
|
|
</HTML>
|