Lines Matching +full:mingw +full:- +full:w64
14 !! - teaming up on researching and fixing future security reports and !!
15 !! ClusterFuzz findings with few-days-max response times in communication !!
18 !! - helping CPython Expat bindings with supporting Expat's billion laughs !!
20 !! - XML_SetBillionLaughsAttackProtectionActivationThreshold !!
21 !! - XML_SetBillionLaughsAttackProtectionMaximumAmplification !!
22 !! - helping Perl's XML::Parser Expat bindings with supporting Expat's !!
23 !! security API (https://github.com/cpan-authors/XML-Parser/issues/102): !!
24 !! - XML_SetBillionLaughsAttackProtectionActivationThreshold !!
25 !! - XML_SetBillionLaughsAttackProtectionMaximumAmplification !!
26 !! - XML_SetReparseDeferralEnabled !!
27 !! - implementing and auto-testing XML 1.0r5 support !!
29 !! - smart ideas on fixing the Autotools CMake files generation issue !!
31 !! - pushing migration from `int` to `size_t` further !!
32 !! including edge-cases test coverage (needs discussion before anything). !!
34 !! For details, please reach out via e-mail to sebastian@pipping.org so we !!
37 !! THANK YOU! Sebastian Pipping -- Berlin, 2024-03-09 !!
43 (that the fix to CVE-2024-8176 changed in 2.7.0);
45 - XML_GetCurrentByteCount
46 - XML_GetCurrentByteIndex
47 - XML_GetCurrentColumnNumber
48 - XML_GetCurrentLineNumber
49 - XML_GetInputContext
55 #992 docs: Promote OpenSSF Best Practices self-certification
65 #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
66 for clang-tidy
80 #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number
83 - general entities in character data ("<e>&g1;</e>")
84 - general entities in attribute values ("<e k1='&g1;'/>")
85 - parameter entities ("%p1;")
104 #953 Windows: Address warning -Wunknown-warning-option
105 about -Wno-pedantic-ms-format from LLVM MinGW
107 #969 #970 Mass-migrate links from http:// to https://
121 #961 Google's libprotobuf-mutator ("LPM")
123 #936 CI: Pass -q -q for LCOV >=2.1 in coverage.sh
128 #956 CI: Get off of about-to-be-removed Ubuntu 20.04
152 #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser
156 properly communicate this situation. // CWE-476 CWE-754
164 #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903)
174 #913 CI: Drop macos-12 and add macos-15
185 #887 #890 CVE-2024-45490 -- Calling function XML_ParseBuffer with
194 #888 #891 CVE-2024-45491 -- Internal function dtdCopy can have an
195 integer overflow for nDefaultAtts on 32-bit platforms
199 #889 #892 CVE-2024-45492 -- Internal function nextScaffoldPart can
200 have an integer overflow for m_groupSize on 32-bit
210 #869 Autotools: Support non-GNU sed
233 Dag-Erling Smørgrav
239 #839 #842 CVE-2024-28757 -- Prevent billion laughs attacks with
260 OSS-Fuzz / ClusterFuzz
269 #829 Hide test-only code behind new internal macro
272 ./configure --without-docbook && make clean all
279 #818 CI: Adapt to breaking changes in clang-format
287 #789 #814 CVE-2023-52425 -- Fix quadratic runtime issues with big tokens
290 that parsed a document in one go -- a single call to
291 functions XML_Parse or XML_ParseBuffer -- were not affected.
297 #777 CVE-2023-52426 -- Fix billion laughs attacks for users
300 Expat >=2.4.0 (and that was CVE-2013-0340 back then).
303 #753 Fix parse-size-dependent "invalid token" error for
313 #761 #770 xmlwf: Support --help and --version
319 #726 #727 Autotools: configure.ac: Support --disable-maintainer-mode
324 #815 Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
326 against static libexpat using pkg-config on Windows
328 (a de-facto requirement already since Expat 2.2.2 of 2017)
336 a build with -DEXPAT_BUILD_TESTS=ON
350 #798 #800 Address clang-tidy warnings
357 #766 docs: Improve parse buffer variables in-code documentation
368 #367 #799 Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests
374 #798 CI: Enforce clang-tidy clean code
396 OSS-Fuzz
401 #616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager
403 XML_ExternalEntityParserCreate in out-of-memory situations.
414 #656 CMake: Fix generation of pkg-config file
415 #658 MinGW|CMake: Fix static library name
435 #629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in
440 #634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
445 #638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output
450 #597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners
453 linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
454 #611 #621 MinGW|CMake: Apply MSVC .def file when linking
455 #622 #624 MinGW|CMake: Sync library name with GNU Autotools,
456 i.e. produce libexpat-1.dll rather than libexpat.dll
458 #632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
459 toolchain file "cmake/mingw-toolchain.cmake" to avoid
466 #644 Resolve use of deprecated "fgrep" by "grep -F"
470 #594 xmlwf: Fix harmless variable mix-up in function nsattcmp
481 #637 apply-clang-format.sh: Add support for BSD find
482 #633 coverage.sh: Exclude MinGW headers
483 #635 coverage.sh: Fix name collision for -funsigned-char
498 #587 pkg-config: Move "-lm" to section "Libs.private"
499 #587 CMake|MSVC: Fix pkg-config section "Libs"
501 "-compatibility_version <version>" and
502 "-current_version <version>" in a way compatible with
517 #572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
521 0123456789 % -._~ :/?#[]@ !$&'()*+,;=
551 #566 Fix a regression introduced by the fix for CVE-2022-25313
571 #562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
575 on how invalid UTF-8 is handled inside the XML
578 #561 CVE-2022-25236 -- Passing (one or more) namespace separator
586 #558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
591 #560 CVE-2022-25314 -- Fix integer overflow in function copyString;
594 takes a value in the gigabytes to trigger, and a 64-bit
596 #559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
597 needs input in the gigabytes and a 64-bit machine.
614 #550 CVE-2022-23852 -- Fix signed integer overflow
620 #551 CVE-2022-23990 -- Fix unsigned integer overflow in function
646 #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
656 (which needs argument "-n" when running xmlwf).
658 #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
662 #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
665 - CVE-2022-22822 for function addBinding
666 - CVE-2022-22823 for function build_model
667 - CVE-2022-22824 for function defineAttribute
668 - CVE-2022-22825 for function lookup
669 - CVE-2022-22826 for function nextScaffoldPart
670 - CVE-2022-22827 for function storeAtts
675 #541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
683 #529 #539 CI: Cover compilation with -m32
701 - buildconf.sh
702 - fuzz/*.c
704 #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for
705 - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
706 - multi-config CMake generators (e.g. Ninja Multi-Config)
733 #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
734 (denial-of-service; flavors targeting CPU time or RAM or both,
742 - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
744 - Two new API functions ..
745 - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
746 - XML_SetBillionLaughsAttackProtectionActivationThreshold
749 If you ever need to increase the defaults for non-attack XML
751 - Two new XML_FEATURE_* constants ..
752 - that can be queried using the XML_GetFeatureList function, and
753 - that are shown in "xmlwf -v" output.
754 - Two new environment variable switches ..
755 - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
756 - EXPAT_ENTITY_DEBUG=(0|1)
759 - Two new command line arguments "-a FACTOR" and "-b BYTES"
762 If you ever need to increase the defaults for non-attack XML
766 #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
767 or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
768 for UTF-16 payloads containing CDATA sections.
769 #485 #486 Autotools: Fix generated CMake files for non-64bit and
770 non-Linux platforms (e.g. macOS and MinGW in particular)
795 #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04"
796 #477 CI: Cover well-formedness and DocBook/XHTML validity
809 OSS-Fuzz
820 - malformed input files (documented) and
821 - invalid command-line arguments (undocumented).
822 The case of invalid command-line arguments now
826 #439 xmlwf: Add argument -k to allow continuing after
827 non-fatal errors
828 #439 xmlwf: Add section about exit status to the -h help output
832 #382 #428 testrunner: Make verbose mode (argument "-v") report
837 #448 Document use of libexpat from a CMake-based project
873 when used with "-d DIRECTORY"
874 #356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0
875 #383 #392 Autotools: Use -Werror while configure tests the compiler
881 on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
883 involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
884 #360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case
885 of -DEXPAT_BUILD_DOCS=OFF
890 #385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
892 CMake: Expose man page compilation as target "xmlwf-manpage"
894 to control generation of pkg-config file "expat.pc"
897 #366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
898 default OFF to build fuzzer code against OSS-Fuzz and
900 #354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
928 case-insensitive file systems on Windows and the fact that
938 #317 #318 CVE-2019-15903 -- Fix heap overflow triggered by
946 #341 xmlwf: Fix exit code for operation without "-d DIRECTORY";
947 previously, only "-d DIRECTORY" would give you a proper
949 # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
951 # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
966 CMake, e.g.: cmake -G"Visual Studio 15 2017" .
967 #338 xmlwf: Make "xmlwf -h" help output more friendly
969 #244 #264 Autotools: Add argument --enable-xml-attr-info
971 --with-getrandom
972 --without-getrandom
973 --with-sys-getrandom
974 --without-sys-getrandom
976 Autotools: Fix "make run-xmltest" for out-of-source builds
979 - BUILD_doc -> EXPAT_BUILD_DOCS (plural)
980 - BUILD_examples -> EXPAT_BUILD_EXAMPLES
981 - BUILD_shared -> EXPAT_SHARED_LIBS
982 - BUILD_tests -> EXPAT_BUILD_TESTS
983 - BUILD_tools -> EXPAT_BUILD_TOOLS
984 - DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged)
985 - INSTALL -> EXPAT_ENABLE_INSTALL
986 - MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT
987 - USE_libbsd -> EXPAT_WITH_LIBBSD
988 - WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS
989 - XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES
990 - XML_DEV_URANDOM -> EXPAT_DEV_URANDOM
991 - XML_DTD -> EXPAT_DTD
992 - XML_NS -> EXPAT_NS
993 - XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!)
994 - XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!)
995 #244 #264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
997 #326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
999 #328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
1002 -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
1003 -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
1010 i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
1011 #265 CMake: Fix linking with MinGW
1012 #330 CMake: Add full support for MinGW; to enable, use
1013 -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
1014 #330 CMake: Port "make run-xmltest" from GNU Autotools to CMake
1019 #308 CMake: Integrate OSS-Fuzz fuzzers, option
1020 -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
1028 #24 #293 Mass-apply clang-format 9 (and ensure conformance during CI)
1044 #186 #262 CVE-2018-20843 -- Fix extraction of namespace prefixes from
1048 use for denial-of-service attacks
1051 #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop
1052 exporting non-API symbols
1053 #227 Autotools: Add --without-examples and --without-tests
1055 #245 #246 Autotools: Fix check for -fvisibility=hidden for Clang
1056 #247 #248 Autotools: Fix compilation for lack of docbook2x-man
1080 #204 #205 Fix 2.2.5 regression with suspend-resume while parsing
1084 #165 #168 Autotools: Fix docbook-related configure syntax error
1085 #166 Autotools: Avoid grep option `-q` for Solaris
1087 ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
1091 #181 Autotools: Drop -rpath option passed to libtool
1099 #176 CMake: Create the same pkg-config file as with GNU Autotools
1139 #106 xmlwf: Add argument -N adding notation declarations
1145 #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
1149 Windows or MinGW for 2-byte wchar_t
1154 #153 #155 Improve docbook2x-man detection
1172 #115 Fix copying of partial characters for UTF-8 input
1175 #109 Fix "make check" for non-x86 architectures that default
1176 to unsigned type char (-128..127 rather than 0..255)
1177 #109 coverage.sh: Cover -funsigned-char
1178 Autotools: Introduce --without-xmlwf argument
1180 #43 CMake: Auto-detect high quality entropy extractors, add new
1182 #74 CMake: Add -fno-strict-aliasing only where supported
1184 #114 CMake: Compile man page if docbook2x-man is available, only
1186 (required for "make run-xmltest")
1200 #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
1211 #81 Pre-10.7/Lion macOS: Support entropy from arc4random
1212 #86 Check that a UTF-16 encoding in an XML declaration has the
1218 Ensure that user-defined character encodings have converter
1220 Fix mis-leading description of argument -c in xmlwf.1
1244 Unintended use of LoadLibraryW with a non-wide string
1252 [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
1271 #76 Address compile warning with -DNDEBUG (not recommended!)
1290 CVE-2017-9233 -- External entity infinite loop DoS
1291 Details: https://libexpat.github.io/doc/cve-2017-9233/
1293 [MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
1296 (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
1304 [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
1307 [MOX-005] #30 Use high quality entropy for hash initialization:
1309 (when configured with --with-libbsd), CloudABI
1312 In a way, that's still part of CVE-2016-5300.
1314 [MOX-005] For the low quality entropy extraction fallback code,
1317 [MOX-003] Prevent use of uninitialised variable; commit
1318 [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
1321 [MOX-006] * NULL checks; commits
1326 [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
1327 [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
1328 to go further with fixing CVE-2012-0876.
1335 #28 xmlwf: Auto-disable use of memory-mapping (and parsing
1342 found by Google's OSS-Fuzz; commits
1355 of Windows; 4-byte wchar_t is common on Linux
1356 (SF.net) #538 Start using -fno-strict-aliasing
1358 Allow MinGW cross-compilation
1364 Autotools: Add parameters --enable-xml-context [COUNT]
1365 and --disable-xml-context; default of context of 1024
1373 * Pre-X Mac OS (MPW Makefile)
1377 #13 Fix "make run-xmltest" order instability
1385 #1 Re-create http://libexpat.org/ project website
1405 #537 CVE-2016-0718 -- Fix crash on malformed input
1406 CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
1407 CVE-2015-2716 introduced with Expat 2.1.1
1408 #499 CVE-2016-5300 -- Use more entropy for hash initialization
1409 than the original fix to CVE-2012-0876
1410 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand
1412 when addressing CVE-2012-0876 (issue #496)
1417 Fix detection of UTF-8 character boundaries
1424 Autotools: Fix "make run-xmltest"
1425 Autotools: Have "make run-xmltest" check for expected output
1427 #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
1433 -fvisibility=hidden
1454 #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
1459 Output of "xmlwf -h" was incomplete
1465 libtool now invoked with --verbose
1468 - Security fixes:
1469 #2958794: CVE-2012-1148 - Memory leak in poolGrow.
1470 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
1471 #3496608: CVE-2012-0876 - Hash DOS attack.
1472 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
1473 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
1474 - Bug Fixes:
1476 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
1480 #2517938: xmlwf should return non-zero exit status if not well-formed.
1486 #3287849: make check fails on mingw-w64.
1487 - Patches:
1488 #1749198: pkg-config support.
1492 - New Features / API changes:
1501 Added run-benchmark target to Makefile.in - relies on testdata module
1505 - Fixed bugs #1515266, #1515600: The character data handler's calling
1508 - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
1510 - Minor cleanups of the test harness.
1511 - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
1512 - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
1513 - Fixes and improvements for Windows platform:
1515 - Build fixes for various platforms:
1516 HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
1519 without relying on GNU-Make specific features.
1521 - Fixes to Makefile.in to have make check work correctly:
1523 - Added Open Watcom support: patch #1523242.
1526 - We no longer use the "check" library for C unit testing; we
1528 - Report XML_NS setting via XML_GetFeatureList().
1529 - Fixed headers for use from C++.
1530 - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber()
1532 - Added XML_LARGE_SIZE switch to enable 64-bit integers for
1534 - Updated to use libtool 1.5.22 (the most recent).
1535 - Added support for AmigaOS.
1536 - Some mostly minor bug fixes. SF issues include: #1006708,
1540 - Major new feature: suspend/resume. Handlers can now request
1544 - Some mostly minor bug fixes, but compilation should no
1550 - Fixed enum XML_Status issue (reported on SourceForge many
1552 - Introduced an XMLCALL macro to control the calling
1557 - Improved ability to build without the configure-generated
1560 - Fixed a variety of bugs: see SF issues #458907, #609603,
1563 - Improved hash table lookups.
1564 - Added more regression tests and improved documentation.
1567 - Added XML_FreeContentModel().
1568 - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
1569 - Fixed a variety of bugs: see SF issues #615606, #616863,
1571 - Enhanced the regression test suite.
1572 - Man page improvements: includes SF issue #632146.
1575 - Added XML_UseForeignDTD() for improved SAX2 support.
1576 - Added XML_GetFeatureList().
1577 - Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
1578 - Use an incomplete struct instead of a void* for the parser
1580 - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
1581 - Finally fixed bug where default handler would report DTD
1584 - Removed unnecessary DllMain() function that caused static
1586 - Added VC++ projects for building static libraries.
1587 - Reduced line-length for all source code and headers to be
1589 - Reduced memory copying during parsing (SF patch #600964).
1590 - Fixed a variety of bugs: see SF issues #580793, #434664,
1595 - Added support for VMS, contributed by Craig Berry. See
1597 - Added Mac OS (classic) support, with a makefile for MPW,
1599 - Added Borland C++ Builder 5 / BCC 5.5 support, contributed
1601 - Fixed a variety of bugs: see SF issues #441449, #563184,
1603 - Made skippedEntityHandler conform to SAX2 (see source comment)
1604 - Re-implemented WFC: Entity Declared from XML 1.0 spec and
1607 - Re-implemented section 5.1 from XML 1.0 spec:
1611 - Added a project to the MSVC workspace to create a wchar_t
1613 - Changed the name of the Windows DLLs from expat.dll to
1615 - Added the XML_ParserReset() API function.
1616 - Fixed XML_SetReturnNSTriplet() to work for element names.
1617 - Made the XML_UNICODE builds usable (thanks, Karl!).
1618 - Allow xmlwf to read from standard input.
1619 - Install a man page for xmlwf on Unix systems.
1620 - Fixed many bugs; see SF bug reports #231864, #461380, #464837,
1626 - More changes to make MSVC happy with the build; add a single
1628 - Added a Windows installer for Windows users; includes
1630 - Added compile-time constants that can be used to determine the
1632 - Removed a lot of GNU-specific dependencies to aide portability
1634 - Fix the UTF-8 BOM bug.
1635 - Cleaned up warning messages for several compilers.
1636 - Added the -Wall, -Wstrict-prototypes options for GCC.
1639 - Changes to get expat to build under Microsoft compiler
1640 - Removed all aborts and instead return an UNEXPECTED_STATE error.
1641 - Fixed a bug where a stray '%' in an entity value would cause an
1643 - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
1645 - Changed default patterns in lib/Makefile.in to fit non-GNU makes
1648 - The reference had the wrong label for XML_SetStartNamespaceDecl.
1652 - XML_ParserCreate_MM
1655 - XML_SetReturnNSTriplet
1660 - Merged in features from perl-expat
1671 - Added reference material
1672 - Packaged into a distribution that builds a sharable library