Merge branch 'poco-1.12.4'

CHANGELOG

@@ -1,5 +1,12 @@
 This is the changelog file for the POCO C++ Libraries.
 
+Release 1.12.3 (2022-10-31)
+===========================
+
+- GH #3849: Upgrade bundled libexpat to 2.5.0 [fixes CVE]
+- GH #3852: SocketReactor - 100 % CPU usage on single-core system
+
+
 Release 1.12.3 (2022-10-24)
 ===========================
 

DLLVersion.rc

@@ -4,8 +4,8 @@
 
 #include "winres.h"
 
-#define POCO_VERSION 1,12,3,0
+#define POCO_VERSION 1,12,4,0
-#define POCO_VERSION_STR "1.12.3"
+#define POCO_VERSION_STR "1.12.4"
 
 VS_VERSION_INFO VERSIONINFO
  FILEVERSION POCO_VERSION

Foundation/include/Poco/Version.h

@@ -36,6 +36,6 @@
 //      Bx: beta releases
 //
 
-#define POCO_VERSION 0x010C0300
+#define POCO_VERSION 0x010C0400
 
 #endif // Foundation_Version_INCLUDED

Net/src/PollSet.cpp

@@ -63,7 +63,7 @@ int close(HANDLE h)
 class PollSetImpl
 {
 public:
-	using Mutex = Poco::SpinlockMutex;
+	using Mutex = Poco::FastMutex;
 	using ScopedLock = Mutex::ScopedLock;
 	using SocketMode = std::pair<Socket, int>;
 	using SocketMap = std::map<void*, SocketMode>;
@@ -163,6 +163,7 @@ public:
 		PollSet::SocketModeMap result;
 		Poco::Timespan remainingTime(timeout);
 		int rc;
+
 		ScopedLock lock(_mutex);
 		do
 		{

XML/include/Poco/XML/expat.h

@@ -1054,8 +1054,8 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
    See http://semver.org.
 */
 #define XML_MAJOR_VERSION 2
-#define XML_MINOR_VERSION 4
+#define XML_MINOR_VERSION 5
-#define XML_MICRO_VERSION 9
+#define XML_MICRO_VERSION 0
 
 #ifdef __cplusplus
 }

XML/src/xmlparse.cpp

@@ -1,4 +1,4 @@
-/* fcb1a62fefa945567301146eb98e3ad3413e823a41c4378e84e8b6b6f308d824 (2.4.7+)
+/* 5ab094ffadd6edfc94c3eee53af44a86951f9f1f0933ada3114bbce2bfb02c99 (2.5.0+)
                             __  __            _
                          ___\ \/ /_ __   __ _| |_
                         / _ \\  /| '_ \ / _` | __|
@@ -35,6 +35,7 @@
    Copyright (c) 2021      Dong-hee Na <donghee.na@python.org>
    Copyright (c) 2022      Samanta Navarro <ferivoz@riseup.net>
    Copyright (c) 2022      Jeffrey Walton <noloader@gmail.com>
+   Copyright (c) 2022      Jann Horn <jannh@google.com>
    Licensed under the MIT license:
 
    Permission is  hereby granted,  free of charge,  to any  person obtaining
@@ -1088,6 +1089,14 @@ parserCreate(const XML_Char *encodingName,
   parserInit(parser, encodingName);
 
   if (encodingName && ! parser->m_protocolEncodingName) {
+    if (dtd) {
+      // We need to stop the upcoming call to XML_ParserFree from happily
+      // destroying parser->m_dtd because the DTD is shared with the parent
+      // parser and the only guard that keeps XML_ParserFree from destroying
+      // parser->m_dtd is parser->m_isParamEntity but it will be set to
+      // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
+      parser->m_dtd = NULL;
+    }
     XML_ParserFree(parser);
     return NULL;
   }
@@ -3031,9 +3040,6 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
         int len;
         const char *rawName;
         TAG *tag = parser->m_tagStack;
-        parser->m_tagStack = tag->parent;
-        tag->parent = parser->m_freeTagList;
-        parser->m_freeTagList = tag;
         rawName = s + enc->minBytesPerChar * 2;
         len = XmlNameLength(enc, rawName);
         if (len != tag->rawNameLength
@@ -3041,6 +3047,9 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
           *eventPP = rawName;
           return XML_ERROR_TAG_MISMATCH;
         }
+        parser->m_tagStack = tag->parent;
+        tag->parent = parser->m_freeTagList;
+        parser->m_freeTagList = tag;
         --parser->m_tagLevel;
         if (parser->m_endElementHandler) {
           const XML_Char *localPart;
@@ -4995,10 +5004,10 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
               parser->m_handlerArg, parser->m_declElementType->name,
               parser->m_declAttributeId->name, parser->m_declAttributeType, 0,
               role == XML_ROLE_REQUIRED_ATTRIBUTE_VALUE);
-          poolClear(&parser->m_tempPool);
           handleDefault = XML_FALSE;
         }
       }
+      poolClear(&parser->m_tempPool);
       break;
     case XML_ROLE_DEFAULT_ATTRIBUTE_VALUE:
     case XML_ROLE_FIXED_ATTRIBUTE_VALUE:
@@ -5406,7 +5415,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
              *
              * If 'standalone' is false, the DTD must have no
              * parameter entities or we wouldn't have passed the outer
-             * 'if' statement.  That measn the only entity in the hash
+             * 'if' statement.  That means the only entity in the hash
              * table is the external subset name "#" which cannot be
              * given as a parameter entity name in XML syntax, so the
              * lookup must have returned NULL and we don't even reach
@@ -5818,19 +5827,27 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
 
   if (result != XML_ERROR_NONE)
     return result;
-  else if (textEnd != next
+
-           && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
+  if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
     entity->processed = (int)(next - (const char *)entity->textPtr);
     return result;
-  } else {
+  }
+
 #ifdef XML_DTD
-    entityTrackingOnClose(parser, entity, __LINE__);
+  entityTrackingOnClose(parser, entity, __LINE__);
 #endif
-    entity->open = XML_FALSE;
+  entity->open = XML_FALSE;
-    parser->m_openInternalEntities = openEntity->next;
+  parser->m_openInternalEntities = openEntity->next;
-    /* put openEntity back in list of free instances */
+  /* put openEntity back in list of free instances */
-    openEntity->next = parser->m_freeInternalEntities;
+  openEntity->next = parser->m_freeInternalEntities;
-    parser->m_freeInternalEntities = openEntity;
+  parser->m_freeInternalEntities = openEntity;
+
+  // If there are more open entities we want to stop right here and have the
+  // upcoming call to XML_ResumeParser continue with entity content, or it would
+  // be ignored altogether.
+  if (parser->m_openInternalEntities != NULL
+      && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
+    return XML_ERROR_NONE;
   }
 
 #ifdef XML_DTD

XML/src/xmltok_impl.h

@@ -45,7 +45,7 @@ enum {
   BT_LF,       /* line feed = "\n" */
   BT_GT,       /* greater than = ">" */
   BT_QUOT,     /* quotation character = "\"" */
-  BT_APOS,     /* aposthrophe = "'" */
+  BT_APOS,     /* apostrophe = "'" */
   BT_EQUALS,   /* equal sign = "=" */
   BT_QUEST,    /* question mark = "?" */
   BT_EXCL,     /* exclamation mark = "!" */

doc/99100-ReleaseNotes.page

@@ -2,6 +2,14 @@ POCO C++ Libraries Release Notes
 AAAIntroduction
 
 
+!!!Release 1.12.4
+
+!!Summary of Changes
+
+  - GH #3849: Upgrade bundled libexpat to 2.5.0 [fixes CVE]
+  - GH #3852: SocketReactor - 100 % CPU usage on single-core system
+
+
 !!!Release 1.12.3
 
 !!Summary of Changes

libversion

@@ -1 +1 @@
-93
+94