Update libexpat to version 2.6.0.

This fixes CVE-2023-52425. OpenBSD is not affected by CVE-2023-52426.
Relevant for OpenBSD are security fixes #789 #814, bug fixes #753
#812 #813, other changes #771 #788 #764 #765, and examples, docs,
compiler warnings, clang-tidy, tests. Only a minor library bump
is necessary, this has been discussed with tb@ guenther@ kettenis@.

OK deraadt@

Update libexpat to 2.4.9. This fixes CVE-2022-40674. Relevant for
OpenBSD are security fixes #629 #640 and other changes #610 #643.
No library bump necessary.
OK deraadt@

branches: 1.15.2;
Update libexpat to 2.4.6. This fixes CVE-2022-25235, CVE-2022-25236
CVE-2022-25313, CVE-2022-25314, and CVE-2022-25315. Relevant for
OpenBSD are security fixes #558 #559 #560 #561 #562 and bug fixes
#566. No library bump necessary.
OK tb@

Update libexpat to 2.4.3. This fixes CVE-2021-45960, CVE-2021-46143,
and CVE-2022-22822 to CVE-2022-22827. Relevant for OpenBSD are
security fixes #531 #534 #532 #538 #539 and other changes #527 #513
#514 #502 #503. No library bump necessary.
OK millert@

branches: 1.13.2;
Update libexpat to 2.4.1. This fixes CVE-2013-0340. Relevant for
OpenBSD are security fixes #34 #466 #484 and other changes #467
#473 #483. A new error number in a public header requires a major
library bump. Two functions have been added to API.
OK tb@

Update libexpat to 2.3.0. Relevant for OpenBSD are only bug fix
#438 and other change #443. A new error constant has been added
to a public header file. According to guenther@ this is an ABI
break that requires a major bump.
OK tb@; tested by matthieu@

branches: 1.11.2;
Update libexpat to 2.2.10. Relevant are only bug fixes #390 #395
#398 #404 #405 and other changes #354 #355 #412.
OK deraadt@

Update libexpat to 2.2.8. CVE-2019-15903 has been fixed earlier
in our tree. Relevant is only bug fix #240. Most of the upstream
diff is automated source format change.
OK deraadt@

Update libexpat to 2.2.5. Changes for OpenBSD include a few bug
fixes, no library bump needed.
OK deraadt@

Update libexpat to 2.2.4. Fix copying partial UTF-8 characters.
OK deraadt@

Update libexpat to 2.2.3. Only few changes affect OpenBSD.
OK deraadt@

Update libexpat to version 2.2.1 which has some security fixes.
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been
addressed. Not all of them affect OpenBSD as we had fixes before.
- Upstream uses arc4random_buf(3) now. Delete all code for other
entropy sources to make sure to compile the correct one. Our
library already used arc4random(3) before.
- The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c
have been commited upstream in a different way. Use the upstream
code to make maintenance easier.
- Although it should be ABI compatible, there is a new global
symbol align_limit_to_full_utf8_characters. As it is in
lib/internal.h, add a Symbols.map to restrict the export. Do not
bump the shared library version.
- Use the internal expat's siphash.h.
ports build ajacoutot@; move ahead deraadt@

fix CVE-2016-0718.

branches: 1.4.22; 1.4.24;
sync libexpat with upstream. mostly formating cleanup, no binary change.

ok deraadt nicm

Update to expat 2.0.1. ok deraadt@

Update to 2.0.0; keep our local changes

ok espie@, djm@

branches: 1.1.1;
Initial revision

Update libexpat to 2.4.9. This fixes CVE-2022-40674. Relevant for
OpenBSD are security fixes #629 #640 and other changes #610 #643.
No library bump necessary.
OK deraadt@

branches: 1.15.2;
Update libexpat to 2.4.6. This fixes CVE-2022-25235, CVE-2022-25236
CVE-2022-25313, CVE-2022-25314, and CVE-2022-25315. Relevant for
OpenBSD are security fixes #558 #559 #560 #561 #562 and bug fixes
#566. No library bump necessary.
OK tb@

Update libexpat to 2.4.3. This fixes CVE-2021-45960, CVE-2021-46143,
and CVE-2022-22822 to CVE-2022-22827. Relevant for OpenBSD are
security fixes #531 #534 #532 #538 #539 and other changes #527 #513
#514 #502 #503. No library bump necessary.
OK millert@

branches: 1.13.2;
Update libexpat to 2.4.1. This fixes CVE-2013-0340. Relevant for
OpenBSD are security fixes #34 #466 #484 and other changes #467
#473 #483. A new error number in a public header requires a major
library bump. Two functions have been added to API.
OK tb@

Update libexpat to 2.3.0. Relevant for OpenBSD are only bug fix
#438 and other change #443. A new error constant has been added
to a public header file. According to guenther@ this is an ABI
break that requires a major bump.
OK tb@; tested by matthieu@

branches: 1.11.2;
Update libexpat to 2.2.10. Relevant are only bug fixes #390 #395
#398 #404 #405 and other changes #354 #355 #412.
OK deraadt@

Update libexpat to 2.2.8. CVE-2019-15903 has been fixed earlier
in our tree. Relevant is only bug fix #240. Most of the upstream
diff is automated source format change.
OK deraadt@

Update libexpat to 2.2.5. Changes for OpenBSD include a few bug
fixes, no library bump needed.
OK deraadt@

Update libexpat to 2.2.4. Fix copying partial UTF-8 characters.
OK deraadt@

Update libexpat to 2.2.3. Only few changes affect OpenBSD.
OK deraadt@

Update libexpat to version 2.2.1 which has some security fixes.
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been
addressed. Not all of them affect OpenBSD as we had fixes before.
- Upstream uses arc4random_buf(3) now. Delete all code for other
entropy sources to make sure to compile the correct one. Our
library already used arc4random(3) before.
- The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c
have been commited upstream in a different way. Use the upstream
code to make maintenance easier.
- Although it should be ABI compatible, there is a new global
symbol align_limit_to_full_utf8_characters. As it is in
lib/internal.h, add a Symbols.map to restrict the export. Do not
bump the shared library version.
- Use the internal expat's siphash.h.
ports build ajacoutot@; move ahead deraadt@

fix CVE-2016-0718.

branches: 1.4.22; 1.4.24;
sync libexpat with upstream. mostly formating cleanup, no binary change.

ok deraadt nicm

Update to expat 2.0.1. ok deraadt@

Update to 2.0.0; keep our local changes

ok espie@, djm@

branches: 1.1.1;
Initial revision

Update libexpat to 2.4.6. This fixes CVE-2022-25235, CVE-2022-25236
CVE-2022-25313, CVE-2022-25314, and CVE-2022-25315. Relevant for
OpenBSD are security fixes #558 #559 #560 #561 #562 and bug fixes
#566. No library bump necessary.
OK tb@

Update libexpat to 2.4.3. This fixes CVE-2021-45960, CVE-2021-46143,
and CVE-2022-22822 to CVE-2022-22827. Relevant for OpenBSD are
security fixes #531 #534 #532 #538 #539 and other changes #527 #513
#514 #502 #503. No library bump necessary.
OK millert@

branches: 1.13.2;
Update libexpat to 2.4.1. This fixes CVE-2013-0340. Relevant for
OpenBSD are security fixes #34 #466 #484 and other changes #467
#473 #483. A new error number in a public header requires a major
library bump. Two functions have been added to API.
OK tb@

Update libexpat to 2.3.0. Relevant for OpenBSD are only bug fix
#438 and other change #443. A new error constant has been added
to a public header file. According to guenther@ this is an ABI
break that requires a major bump.
OK tb@; tested by matthieu@

Update libexpat to 2.2.10. Relevant are only bug fixes #390 #395
#398 #404 #405 and other changes #354 #355 #412.
OK deraadt@

Update libexpat to 2.2.8. CVE-2019-15903 has been fixed earlier
in our tree. Relevant is only bug fix #240. Most of the upstream
diff is automated source format change.
OK deraadt@

Update libexpat to 2.2.5. Changes for OpenBSD include a few bug
fixes, no library bump needed.
OK deraadt@

Update libexpat to 2.2.4. Fix copying partial UTF-8 characters.
OK deraadt@

Update libexpat to 2.2.3. Only few changes affect OpenBSD.
OK deraadt@

Update libexpat to version 2.2.1 which has some security fixes.
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been
addressed. Not all of them affect OpenBSD as we had fixes before.
- Upstream uses arc4random_buf(3) now. Delete all code for other
entropy sources to make sure to compile the correct one. Our
library already used arc4random(3) before.
- The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c
have been commited upstream in a different way. Use the upstream
code to make maintenance easier.
- Although it should be ABI compatible, there is a new global
symbol align_limit_to_full_utf8_characters. As it is in
lib/internal.h, add a Symbols.map to restrict the export. Do not
bump the shared library version.
- Use the internal expat's siphash.h.
ports build ajacoutot@; move ahead deraadt@

fix CVE-2016-0718.

branches: 1.4.22; 1.4.24;
sync libexpat with upstream. mostly formating cleanup, no binary change.

ok deraadt nicm

Update to expat 2.0.1. ok deraadt@

Update to 2.0.0; keep our local changes

ok espie@, djm@

branches: 1.1.1;
Initial revision

Update libexpat to 2.4.3. This fixes CVE-2021-45960, CVE-2021-46143,
and CVE-2022-22822 to CVE-2022-22827. Relevant for OpenBSD are
security fixes #531 #534 #532 #538 #539 and other changes #527 #513
#514 #502 #503. No library bump necessary.
OK millert@

branches: 1.13.2;
Update libexpat to 2.4.1. This fixes CVE-2013-0340. Relevant for
OpenBSD are security fixes #34 #466 #484 and other changes #467
#473 #483. A new error number in a public header requires a major
library bump. Two functions have been added to API.
OK tb@

Update libexpat to 2.3.0. Relevant for OpenBSD are only bug fix
#438 and other change #443. A new error constant has been added
to a public header file. According to guenther@ this is an ABI
break that requires a major bump.
OK tb@; tested by matthieu@

Update libexpat to 2.2.10. Relevant are only bug fixes #390 #395
#398 #404 #405 and other changes #354 #355 #412.
OK deraadt@

Update libexpat to 2.2.8. CVE-2019-15903 has been fixed earlier
in our tree. Relevant is only bug fix #240. Most of the upstream
diff is automated source format change.
OK deraadt@

Update libexpat to 2.2.5. Changes for OpenBSD include a few bug
fixes, no library bump needed.
OK deraadt@

Update libexpat to 2.2.4. Fix copying partial UTF-8 characters.
OK deraadt@

Update libexpat to 2.2.3. Only few changes affect OpenBSD.
OK deraadt@

Update libexpat to version 2.2.1 which has some security fixes.
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been
addressed. Not all of them affect OpenBSD as we had fixes before.
- Upstream uses arc4random_buf(3) now. Delete all code for other
entropy sources to make sure to compile the correct one. Our
library already used arc4random(3) before.
- The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c
have been commited upstream in a different way. Use the upstream
code to make maintenance easier.
- Although it should be ABI compatible, there is a new global
symbol align_limit_to_full_utf8_characters. As it is in
lib/internal.h, add a Symbols.map to restrict the export. Do not
bump the shared library version.
- Use the internal expat's siphash.h.
ports build ajacoutot@; move ahead deraadt@

fix CVE-2016-0718.

branches: 1.4.22; 1.4.24;
sync libexpat with upstream. mostly formating cleanup, no binary change.

ok deraadt nicm

Update to expat 2.0.1. ok deraadt@

Update to 2.0.0; keep our local changes

ok espie@, djm@

branches: 1.1.1;
Initial revision

Update libexpat to 2.4.1. This fixes CVE-2013-0340. Relevant for
OpenBSD are security fixes #34 #466 #484 and other changes #467
#473 #483. A new error number in a public header requires a major
library bump. Two functions have been added to API.
OK tb@

Update libexpat to 2.3.0. Relevant for OpenBSD are only bug fix
#438 and other change #443. A new error constant has been added
to a public header file. According to guenther@ this is an ABI
break that requires a major bump.
OK tb@; tested by matthieu@

Update libexpat to 2.2.10. Relevant are only bug fixes #390 #395
#398 #404 #405 and other changes #354 #355 #412.
OK deraadt@

Update libexpat to 2.2.8. CVE-2019-15903 has been fixed earlier
in our tree. Relevant is only bug fix #240. Most of the upstream
diff is automated source format change.
OK deraadt@

Update libexpat to 2.2.5. Changes for OpenBSD include a few bug
fixes, no library bump needed.
OK deraadt@

Update libexpat to 2.2.4. Fix copying partial UTF-8 characters.
OK deraadt@

Update libexpat to 2.2.3. Only few changes affect OpenBSD.
OK deraadt@

Update libexpat to version 2.2.1 which has some security fixes.
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been
addressed. Not all of them affect OpenBSD as we had fixes before.
- Upstream uses arc4random_buf(3) now. Delete all code for other
entropy sources to make sure to compile the correct one. Our
library already used arc4random(3) before.
- The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c
have been commited upstream in a different way. Use the upstream
code to make maintenance easier.
- Although it should be ABI compatible, there is a new global
symbol align_limit_to_full_utf8_characters. As it is in
lib/internal.h, add a Symbols.map to restrict the export. Do not
bump the shared library version.
- Use the internal expat's siphash.h.
ports build ajacoutot@; move ahead deraadt@

fix CVE-2016-0718.

branches: 1.4.22; 1.4.24;
sync libexpat with upstream. mostly formating cleanup, no binary change.

ok deraadt nicm

Update to expat 2.0.1. ok deraadt@

Update to 2.0.0; keep our local changes

ok espie@, djm@

branches: 1.1.1;
Initial revision

Update libexpat to 2.3.0. Relevant for OpenBSD are only bug fix
#438 and other change #443. A new error constant has been added
to a public header file. According to guenther@ this is an ABI
break that requires a major bump.
OK tb@; tested by matthieu@

Update libexpat to 2.2.10. Relevant are only bug fixes #390 #395
#398 #404 #405 and other changes #354 #355 #412.
OK deraadt@

Update libexpat to 2.2.8. CVE-2019-15903 has been fixed earlier
in our tree. Relevant is only bug fix #240. Most of the upstream
diff is automated source format change.
OK deraadt@

Update libexpat to 2.2.5. Changes for OpenBSD include a few bug
fixes, no library bump needed.
OK deraadt@

Update libexpat to 2.2.4. Fix copying partial UTF-8 characters.
OK deraadt@

Update libexpat to 2.2.3. Only few changes affect OpenBSD.
OK deraadt@

Update libexpat to version 2.2.1 which has some security fixes.
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been
addressed. Not all of them affect OpenBSD as we had fixes before.
- Upstream uses arc4random_buf(3) now. Delete all code for other
entropy sources to make sure to compile the correct one. Our
library already used arc4random(3) before.
- The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c
have been commited upstream in a different way. Use the upstream
code to make maintenance easier.
- Although it should be ABI compatible, there is a new global
symbol align_limit_to_full_utf8_characters. As it is in
lib/internal.h, add a Symbols.map to restrict the export. Do not
bump the shared library version.
- Use the internal expat's siphash.h.
ports build ajacoutot@; move ahead deraadt@

fix CVE-2016-0718.

branches: 1.4.22; 1.4.24;
sync libexpat with upstream. mostly formating cleanup, no binary change.

ok deraadt nicm

Update to expat 2.0.1. ok deraadt@

Update to 2.0.0; keep our local changes

ok espie@, djm@

branches: 1.1.1;
Initial revision

Update libexpat to 2.2.10. Relevant are only bug fixes #390 #395
#398 #404 #405 and other changes #354 #355 #412.
OK deraadt@

Update libexpat to 2.2.8. CVE-2019-15903 has been fixed earlier
in our tree. Relevant is only bug fix #240. Most of the upstream
diff is automated source format change.
OK deraadt@

Update libexpat to 2.2.5. Changes for OpenBSD include a few bug
fixes, no library bump needed.
OK deraadt@

Update libexpat to 2.2.4. Fix copying partial UTF-8 characters.
OK deraadt@

Update libexpat to 2.2.3. Only few changes affect OpenBSD.
OK deraadt@

Update libexpat to version 2.2.1 which has some security fixes.
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been
addressed. Not all of them affect OpenBSD as we had fixes before.
- Upstream uses arc4random_buf(3) now. Delete all code for other
entropy sources to make sure to compile the correct one. Our
library already used arc4random(3) before.
- The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c
have been commited upstream in a different way. Use the upstream
code to make maintenance easier.
- Although it should be ABI compatible, there is a new global
symbol align_limit_to_full_utf8_characters. As it is in
lib/internal.h, add a Symbols.map to restrict the export. Do not
bump the shared library version.
- Use the internal expat's siphash.h.
ports build ajacoutot@; move ahead deraadt@

fix CVE-2016-0718.

branches: 1.4.22; 1.4.24;
sync libexpat with upstream. mostly formating cleanup, no binary change.

ok deraadt nicm

Update to expat 2.0.1. ok deraadt@

Update to 2.0.0; keep our local changes

ok espie@, djm@

branches: 1.1.1;
Initial revision

Update libexpat to 2.2.8. CVE-2019-15903 has been fixed earlier
in our tree. Relevant is only bug fix #240. Most of the upstream
diff is automated source format change.
OK deraadt@

Update libexpat to 2.2.5. Changes for OpenBSD include a few bug
fixes, no library bump needed.
OK deraadt@

Update libexpat to 2.2.4. Fix copying partial UTF-8 characters.
OK deraadt@

Update libexpat to 2.2.3. Only few changes affect OpenBSD.
OK deraadt@

Update libexpat to version 2.2.1 which has some security fixes.
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been
addressed. Not all of them affect OpenBSD as we had fixes before.
- Upstream uses arc4random_buf(3) now. Delete all code for other
entropy sources to make sure to compile the correct one. Our
library already used arc4random(3) before.
- The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c
have been commited upstream in a different way. Use the upstream
code to make maintenance easier.
- Although it should be ABI compatible, there is a new global
symbol align_limit_to_full_utf8_characters. As it is in
lib/internal.h, add a Symbols.map to restrict the export. Do not
bump the shared library version.
- Use the internal expat's siphash.h.
ports build ajacoutot@; move ahead deraadt@

fix CVE-2016-0718.

branches: 1.4.22; 1.4.24;
sync libexpat with upstream. mostly formating cleanup, no binary change.

ok deraadt nicm

Update to expat 2.0.1. ok deraadt@

Update to 2.0.0; keep our local changes

ok espie@, djm@

branches: 1.1.1;
Initial revision

Update libexpat to 2.2.5. Changes for OpenBSD include a few bug
fixes, no library bump needed.
OK deraadt@

Update libexpat to 2.2.4. Fix copying partial UTF-8 characters.
OK deraadt@

Update libexpat to 2.2.3. Only few changes affect OpenBSD.
OK deraadt@

Update libexpat to version 2.2.1 which has some security fixes.
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been
addressed. Not all of them affect OpenBSD as we had fixes before.
- Upstream uses arc4random_buf(3) now. Delete all code for other
entropy sources to make sure to compile the correct one. Our
library already used arc4random(3) before.
- The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c
have been commited upstream in a different way. Use the upstream
code to make maintenance easier.
- Although it should be ABI compatible, there is a new global
symbol align_limit_to_full_utf8_characters. As it is in
lib/internal.h, add a Symbols.map to restrict the export. Do not
bump the shared library version.
- Use the internal expat's siphash.h.
ports build ajacoutot@; move ahead deraadt@

fix CVE-2016-0718.

branches: 1.4.22; 1.4.24;
sync libexpat with upstream. mostly formating cleanup, no binary change.

ok deraadt nicm

Update to expat 2.0.1. ok deraadt@

Update to 2.0.0; keep our local changes

ok espie@, djm@

branches: 1.1.1;
Initial revision