From d3f7bbd37bef2565d64f31b549e197a3a414574e Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Thu, 26 Oct 2023 01:39:39 +0200 Subject: [PATCH] doc/reference.html: Document build time macro XML_GE CVE: CVE-2023-52426 Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/d3f7bbd37bef2565d64f31b549e197a3a414574e] Signed-off-by: Meenali Gupta --- doc/reference.html | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/doc/reference.html b/doc/reference.html index 8b0d47d..74ba012 100644 --- a/doc/reference.html +++ b/doc/reference.html @@ -359,6 +359,33 @@ and the definition of character types in the case of XML_UNICODE_WCHAR_T. The symbols are:

+
XML_GE
+
+Added in Expat 2.6.0. +Include support for +general entities +(syntax &e1; to reference and +syntax <!ENTITY e1 'value1'> (an internal general entity) or +<!ENTITY e2 SYSTEM 'file2'> (an external general entity) to declare). +With XML_GE enabled, general entities will be replaced by their declared replacement text; +for this to work for external general entities, in addition an +XML_ExternalEntityRefHandler must be set using +XML_SetExternalEntityRefHandler. +Also, enabling XML_GE makes +the functions +XML_SetBillionLaughsAttackProtectionMaximumAmplification and + +XML_SetBillionLaughsAttackProtectionActivationThreshold available. +
+With XML_GE disabled, Expat has a smaller memory footprint and can be faster, but will +not load external general entities and will replace all general entities +(except the predefined five: +amp, apos, gt, lt, quot) +with a self-reference: +for example, referencing an entity e1 via &e1; will be replaced +by text &e1;. +
+
XML_DTD
Include support for using and reporting DTD-based content. If this is defined, default attribute values from an external DTD subset -- 2.40.0