xref: /freebsd/contrib/expat/Changes (revision 8d485a8490fe1cd60e7b6a00d3c8a8cc116a56fb)
1                           __  __            _
2                        ___\ \/ /_ __   __ _| |_
3                       / _ \\  /| '_ \ / _` | __|
4                      |  __//  \| |_) | (_| | |_
5                       \___/_/\_\ .__/ \__,_|\__|
6                                |_| XML parser
7
8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
9!! <blink>Expat is UNDERSTAFFED and WITHOUT FUNDING.</blink>                 !!
10!!                 ~~~~~~~~~~~~                                              !!
11!! The following topics need *additional skilled C developers* to progress   !!
12!! in a timely manner or at all (loosely ordered by descending priority):    !!
13!!                                                                           !!
14!! - teaming up on researching and fixing future security reports and        !!
15!!   ClusterFuzz findings with few-days-max response times in communication  !!
16!!   in order to (1) have a sound fix ready before the end of a 90 days      !!
17!!   grace period and (2) in a sustainable manner,                           !!
18!! - helping CPython Expat bindings with supporting Expat's amplification    !!
19!!   attack protection API (https://github.com/python/cpython/issues/90949): !!
20!!   - XML_SetAllocTrackerActivationThreshold                                !!
21!!   - XML_SetAllocTrackerMaximumAmplification                               !!
22!!   - XML_SetBillionLaughsAttackProtectionActivationThreshold               !!
23!!   - XML_SetBillionLaughsAttackProtectionMaximumAmplification              !!
24!! - helping Perl's XML::Parser Expat bindings with supporting Expat's       !!
25!!   security API (https://github.com/cpan-authors/XML-Parser/issues/102):   !!
26!!   - XML_SetAllocTrackerActivationThreshold                                !!
27!!   - XML_SetAllocTrackerMaximumAmplification                               !!
28!!   - XML_SetBillionLaughsAttackProtectionActivationThreshold               !!
29!!   - XML_SetBillionLaughsAttackProtectionMaximumAmplification              !!
30!!   - XML_SetReparseDeferralEnabled                                         !!
31!! - implementing and auto-testing XML 1.0r5 support                         !!
32!!   (needs discussion before pull requests),                                !!
33!! - smart ideas on fixing the Autotools CMake files generation issue        !!
34!!   without breaking CI (needs discussion before pull requests),            !!
35!! - pushing migration from `int` to `size_t` further                        !!
36!!   including edge-cases test coverage (needs discussion before anything).  !!
37!!                                                                           !!
38!! For details, please reach out via e-mail to sebastian@pipping.org so we   !!
39!! can schedule a voice call on the topic, in English or German.             !!
40!!                                                                           !!
41!! THANK YOU!                        Sebastian Pipping -- Berlin, 2024-03-09 !!
42!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
43
44Release 2.7.3 Wed September 24 2025
45        Security fixes:
46     #1046 #1048  Fix alignment of internal allocations for some non-amd64
47                    architectures (e.g. sparc32); fixes up on the fix to
48                    CVE-2025-59375 from #1034 (of Expat 2.7.2 and related
49                    backports)
50           #1059  Fix a class of false positives where input should have been
51                    rejected with error XML_ERROR_ASYNC_ENTITY; regression from
52                    CVE-2024-8176 fix pull request #973 (of Expat 2.7.0 and
53                    related backports). Please check the added unit tests for
54                    example documents.
55
56        Other changes:
57           #1043  Prove and regression-proof absence of integer overflow
58                    from function expat_realloc
59           #1062  Remove "harmless" cast that truncated a size_t to unsigned
60           #1049  Autotools: Remove "ln -s" discovery
61           #1054  docs: Be consistent with use of floating point around
62                    XML_SetAllocTrackerMaximumAmplification
63           #1056  docs: Make it explicit that XML_GetCurrentColumnNumber
64                    starts at 0
65           #1057  docs: Better integrate the effect of the activation
66                    thresholds
67           #1058  docs: Fix an in-comment typo in expat.h
68           #1045  docs: Fix a typo in README.md
69           #1041  docs: Improve change log of release 2.7.2
70           #1053  xmlwf: Resolve use of functions XML_GetErrorLineNumber
71                    and XML_GetErrorColumnNumber
72           #1032  Windows: Normalize .bat files to CRLF line endings
73     #1060 #1061  Version info bumped from 12:0:11 (libexpat*.so.1.11.0)
74                    to 12:1:11 (libexpat*.so.1.11.1); see https://verbump.de/
75                    for what these numbers do
76
77        Infrastructure:
78     #1047 #1050  CI: Cleanup UndefinedBehaviorSanitizer fatality
79           #1044  CI|Linux: Stop aborting at first job failure
80           #1052  CI|FreeBSD: Upgrade to FreeBSD 15.0
81           #1039  CI|FreeBSD: Do not install CMake meta-package
82
83        Special thanks to:
84            Bénédikt Tran
85            Berkay Eren Ürün
86            Daniel Engberg
87            Hanno Böck
88            Matthew Fernandez
89            Rolf Eike Beer
90            Sam James
91            Tim Bray
92                 and
93            Clang/GCC UndefinedBehaviorSanitizer
94            OSS-Fuzz / ClusterFuzz
95            Z3 Theorem Prover
96
97Release 2.7.2 Tue September 16 2025
98        Security fixes:
99     #1018 #1034  CVE-2025-59375 -- Disallow use of disproportional amounts of
100                    dynamic memory from within an Expat parser (e.g. previously
101                    a ~250 KiB sized document was able to cause allocation of
102                    ~800 MiB from the heap, i.e. an "amplification" of factor
103                    ~3,300); once a threshold (that defaults to 64 MiB) is
104                    reached, a maximum amplification factor (that defaults to
105                    100.0) is enforced, and violating documents are rejected
106                    with an out-of-memory error.
107                    There are two new API functions to fine-tune this new
108                    behavior:
109                      - XML_SetAllocTrackerActivationThreshold
110                      - XML_SetAllocTrackerMaximumAmplification .
111                    If you ever need to increase these defaults for non-attack
112                    XML payload, please file a bug report with libexpat.
113                      There is also a new environment variable
114                    EXPAT_MALLOC_DEBUG=(0|1|2) to control the verbosity
115                    of allocations debugging at runtime, disabled by default.
116                      Known impact is (reliable and easy) denial of service:
117                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
118                    (Base Score: 7.5, Temporal Score: 7.2)
119                    Please note that a layer of compression around XML can
120                    significantly reduce the minimum attack payload size.
121                      Distributors intending to backport (or cherry-pick) the
122                    fix need to copy 99% of the related pull request, not just
123                    the "lib: Implement tracking of dynamic memory allocations"
124                    commit, to not end up with a state that literally does both
125                    too much and too little at the same time. Appending ".diff"
126                    to the pull request URL could be of help.
127
128        Other changes:
129     #1008 #1017  Autotools|macOS: Sync CMake templates with CMake 3.31
130           #1007  CMake: Drop support for CMake <3.15
131           #1004  CMake: Fix off_t detection for -Werror
132           #1007  CMake|Windows: Fix -DEXPAT_MSVC_STATIC_CRT=ON
133           #1013  Windows: Drop support for Visual Studio <=16.0/2019
134           #1026  xmlwf: Mention supported environment variables in
135                    --help output
136           #1024  xmlwf: Fix (internal) help generator
137           #1034  docs: Promote the contract to call function
138                    XML_FreeContentModel when registering a custom
139                    element declaration handler (via a call to function
140                    XML_SetElementDeclHandler)
141           #1027  docs: Add missing <p>..</p> wrap
142            #994  docs: Drop AppVeyor badge
143           #1000  tests: Fix portable_strndup
144           #1036  Drop casts around malloc/free/realloc that C99 does not need
145           #1010  Replace empty for loops with while loops
146           #1011  Add const with internal XmlInitUnknownEncodingNS
147       #14 #1037  Drop an OpenVMS support leftover
148      #999 #1001  Address more clang-tidy warnings
149     #1030 #1038  Version info bumped from 11:2:10 (libexpat*.so.1.10.2)
150                    to 12:0:11 (libexpat*.so.1.11.0); see https://verbump.de/
151                    for what these numbers do
152
153        Infrastructure:
154           #1003  CI: Cover compilation on FreeBSD
155     #1009 #1035  CI: Upgrade Clang from 19 to 21
156           #1031  CI: Make calling Cppcheck without --suppress=objectIndex
157                    and --suppress=unknownMacro possible
158           #1013  CI|Windows: Get off of deprecated image "windows-2019"
159  #1008 #1017 ..
160     #1023 #1025  CI: Adapt to breaking changes in GitHub Actions
161
162        Special thanks to:
163            Alexander Bluhm
164            Neil Pang
165            Theo Buehler
166                 and
167            GNU Time
168            OSS-Fuzz / ClusterFuzz
169            Perl XML::Parser
170
171Release 2.7.1 Thu March 27 2025
172        Bug fixes:
173       #980 #989  Restore event pointer behavior from Expat 2.6.4
174                    (that the fix to CVE-2024-8176 changed in 2.7.0);
175                    affected API functions are:
176                    - XML_GetCurrentByteCount
177                    - XML_GetCurrentByteIndex
178                    - XML_GetCurrentColumnNumber
179                    - XML_GetCurrentLineNumber
180                    - XML_GetInputContext
181
182        Other changes:
183       #976 #977  Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
184                    with Automake that were missing from 2.7.0 release tarballs
185       #983 #984  Fix printf format specifiers for 32bit Emscripten
186            #992  docs: Promote OpenSSF Best Practices self-certification
187            #978  tests/benchmark: Resolve mistaken double close
188            #986  Address Frama-C warnings
189       #990 #993  Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
190                    to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
191                    for what these numbers do
192
193        Infrastructure:
194            #982  CI: Start running Perl XML::Parser integration tests
195            #987  CI: Enforce Clang Static Analyzer clean code
196            #991  CI: Re-enable warning clang-analyzer-valist.Uninitialized
197                    for clang-tidy
198            #981  CI: Cover compilation with musl
199       #983 #984  CI: Cover compilation with 32bit Emscripten
200       #976 #977  CI: Protect against fuzzer files missing from future
201                    release archives
202
203        Special thanks to:
204            Berkay Eren Ürün
205            Matthew Fernandez
206                 and
207            Perl XML::Parser
208
209Release 2.7.0 Thu March 13 2025
210        Security fixes:
211       #893 #973  CVE-2024-8176 -- Fix crash from chaining a large number
212                    of entities caused by stack overflow by resolving use of
213                    recursion, for all three uses of entities:
214                    - general entities in character data ("<e>&g1;</e>")
215                    - general entities in attribute values ("<e k1='&g1;'/>")
216                    - parameter entities ("%p1;")
217                    Known impact is (reliable and easy) denial of service:
218                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
219                    (Base Score: 7.5, Temporal Score: 7.2)
220                    Please note that a layer of compression around XML can
221                    significantly reduce the minimum attack payload size.
222
223        Other changes:
224       #935 #937  Autotools: Make generated CMake files look for
225                    libexpat.@SO_MAJOR@.dylib on macOS
226            #925  Autotools: Sync CMake templates with CMake 3.29
227  #945 #962 #966  CMake: Drop support for CMake <3.13
228            #942  CMake: Small fuzzing related improvements
229            #921  docs: Add missing documentation of error code
230                    XML_ERROR_NOT_STARTED that was introduced with 2.6.4
231            #941  docs: Document need for C++11 compiler for use from C++
232            #959  tests/benchmark: Fix a (harmless) TOCTTOU
233            #944  Windows: Fix installer target location of file xmlwf.xml
234                    for CMake
235            #953  Windows: Address warning -Wunknown-warning-option
236                    about -Wno-pedantic-ms-format from LLVM MinGW
237            #971  Address Cppcheck warnings
238       #969 #970  Mass-migrate links from http:// to https://
239    #947 #958 ..
240       #974 #975  Document changes since the previous release
241       #974 #975  Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
242                    to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
243                    for what these numbers do
244
245        Infrastructure:
246            #926  tests: Increase robustness
247    #927 #932 ..
248       #930 #933  tests: Increase test coverage
249    #617 #950 ..
250    #951 #952 ..
251    #954 #955 ..  Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on
252            #961    Google's libprotobuf-mutator ("LPM")
253            #957  Fuzzing|CI: Start producing fuzzing code coverage reports
254            #936  CI: Pass -q -q for LCOV >=2.1 in coverage.sh
255            #942  CI: Small fuzzing related improvements
256    #139 #203 ..
257       #791 #946  CI: Make GitHub Actions build using MSVC on Windows and
258                      produce 32bit and 64bit Windows binaries
259            #956  CI: Get off of about-to-be-removed Ubuntu 20.04
260       #960 #964  CI: Start uploading to Coverity Scan for static analysis
261            #972  CI: Stop loading DTD from the internet to address flaky CI
262            #971  CI: Adapt to breaking changes in Cppcheck
263
264        Special thanks to:
265            Alexander Gieringer
266            Berkay Eren Ürün
267            Hanno Böck
268            Jann Horn
269            Mark Brand
270            Sebastian Andrzej Siewior
271            Snild Dolkow
272            Thomas Pröll
273            Tomas Korbar
274            valord577
275                 and
276            Google Project Zero
277            Linutronix
278            Red Hat
279            Siemens
280
281Release 2.6.4 Wed November 6 2024
282        Security fixes:
283            #915  CVE-2024-50602 -- Fix crash within function XML_ResumeParser
284                    from a NULL pointer dereference by disallowing function
285                    XML_StopParser to (stop or) suspend an unstarted parser.
286                    A new error code XML_ERROR_NOT_STARTED was introduced to
287                    properly communicate this situation.  // CWE-476 CWE-754
288
289        Other changes:
290            #903  CMake: Add alias target "expat::expat"
291            #905  docs: Document use via CMake >=3.18 with FetchContent
292                    and SOURCE_SUBDIR and its consequences
293            #902  tests: Reduce use of global parser instance
294            #904  tests: Resolve duplicate handler
295       #317 #918  tests: Improve tests on doctype closing (ex CVE-2019-15903)
296            #914  Fix signedness of format strings
297            #915  For use from C++, expat.h started requiring C++11 due to
298                    use of C99 features
299       #919 #920  Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
300                    to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
301                    for what these numbers do
302
303        Infrastructure:
304            #907  CI: Upgrade Clang from 18 to 19
305            #913  CI: Drop macos-12 and add macos-15
306            #910  CI: Adapt to breaking changes in GitHub Actions
307            #898  Add missing entries to .gitignore
308
309        Special thanks to:
310            Hanno Böck
311            José Eduardo Gutiérrez Conejo
312            José Ricardo Cardona Quesada
313
314Release 2.6.3 Wed September 4 2024
315        Security fixes:
316       #887 #890  CVE-2024-45490 -- Calling function XML_ParseBuffer with
317                    len < 0 without noticing and then calling XML_GetBuffer
318                    will have XML_ParseBuffer fail to recognize the problem
319                    and XML_GetBuffer corrupt memory.
320                    With the fix, XML_ParseBuffer now complains with error
321                    XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
322                    has been doing since Expat 2.2.1, and now documented.
323                    Impact is denial of service to potentially artitrary code
324                    execution.
325       #888 #891  CVE-2024-45491 -- Internal function dtdCopy can have an
326                    integer overflow for nDefaultAtts on 32-bit platforms
327                    (where UINT_MAX equals SIZE_MAX).
328                    Impact is denial of service to potentially artitrary code
329                    execution.
330       #889 #892  CVE-2024-45492 -- Internal function nextScaffoldPart can
331                    have an integer overflow for m_groupSize on 32-bit
332                    platforms (where UINT_MAX equals SIZE_MAX).
333                    Impact is denial of service to potentially artitrary code
334                    execution.
335
336        Other changes:
337       #851 #879  Autotools: Sync CMake templates with CMake 3.28
338            #853  Autotools: Always provide path to find(1) for portability
339            #861  Autotools: Ensure that the m4 directory always exists.
340            #870  Autotools: Simplify handling of SIZEOF_VOID_P
341            #869  Autotools: Support non-GNU sed
342            #856  Autotools|CMake: Fix main() to main(void)
343            #865  Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
344            #863  Autotools|CMake: Stop requiring dos2unix
345       #854 #855  CMake: Fix check for symbols size_t and off_t
346            #864  docs|tests: Convert README to Markdown and update
347            #741  Windows: Drop support for Visual Studio <=15.0/2017
348            #886  Drop needless XML_DTD guards around is_param access
349            #885  Fix typo in a code comment
350       #894 #896  Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
351                    to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
352                    for what these numbers do
353
354        Infrastructure:
355            #880  Readme: Promote the call for help
356            #868  CI: Fix various issues
357            #849  CI: Allow triggering GitHub Actions workflows manually
358    #851 #872 ..
359       #873 #879  CI: Adapt to breaking changes in GitHub Actions
360
361        Special thanks to:
362            Alexander Bluhm
363            Berkay Eren Ürün
364            Dag-Erling Smørgrav
365            Ferenc Géczi
366            TaiYou
367
368Release 2.6.2 Wed March 13 2024
369        Security fixes:
370       #839 #842  CVE-2024-28757 -- Prevent billion laughs attacks with
371                    isolated use of external parsers.  Please see the commit
372                    message of commit 1d50b80cf31de87750103656f6eb693746854aa8
373                    for details.
374
375        Bug fixes:
376       #839 #841  Reject direct parameter entity recursion
377                    and avoid the related undefined behavior
378
379        Other changes:
380            #847  Autotools: Fix build for DOCBOOK_TO_MAN containing spaces
381            #837  Add missing #821 and #824 to 2.6.1 change log
382       #838 #843  Version info bumped from 10:1:9 (libexpat*.so.1.9.1)
383                    to 10:2:9 (libexpat*.so.1.9.2); see https://verbump.de/
384                    for what these numbers do
385
386        Special thanks to:
387            Philippe Antoine
388            Tomas Korbar
389                 and
390            Clang UndefinedBehaviorSanitizer
391            OSS-Fuzz / ClusterFuzz
392
393Release 2.6.1 Thu February 29 2024
394        Bug fixes:
395            #817  Make tests independent of CPU speed, and thus more robust
396       #828 #836  Expose billion laughs API with XML_DTD defined and
397                    XML_GE undefined, regression from 2.6.0
398
399        Other changes:
400            #829  Hide test-only code behind new internal macro
401            #833  Autotools: Reject expat_config.h.in defining SIZEOF_VOID_P
402       #821 #824  Autotools: Fix "make clean" for case:
403                    ./configure --without-docbook && make clean all
404            #819  Address compiler warnings
405       #832 #834  Version info bumped from 10:0:9 (libexpat*.so.1.9.0)
406                    to 10:1:9 (libexpat*.so.1.9.1); see https://verbump.de/
407                    for what these numbers do
408
409        Infrastructure:
410            #818  CI: Adapt to breaking changes in clang-format
411
412        Special thanks to:
413            David Hall
414            Snild Dolkow
415
416Release 2.6.0 Tue February 6 2024
417        Security fixes:
418      #789 #814  CVE-2023-52425 -- Fix quadratic runtime issues with big tokens
419                   that can cause denial of service, in partial where
420                   dealing with compressed XML input.  Applications
421                   that parsed a document in one go -- a single call to
422                   functions XML_Parse or XML_ParseBuffer -- were not affected.
423                   The smaller the chunks/buffers you use for parsing
424                   previously, the bigger the problem prior to the fix.
425                   Backporters should be careful to no omit parts of
426                   pull request #789 and to include earlier pull request #771,
427                   in order to not break the fix.
428           #777  CVE-2023-52426 -- Fix billion laughs attacks for users
429                   compiling *without* XML_DTD defined (which is not common).
430                   Users with XML_DTD defined have been protected since
431                   Expat >=2.4.0 (and that was CVE-2013-0340 back then).
432
433        Bug fixes:
434            #753  Fix parse-size-dependent "invalid token" error for
435                    external entities that start with a byte order mark
436            #780  Fix NULL pointer dereference in setContext via
437                    XML_ExternalEntityParserCreate for compilation with
438                    XML_DTD undefined
439       #812 #813  Protect against closing entities out of order
440
441        Other changes:
442            #723  Improve support for arc4random/arc4random_buf
443       #771 #788  Improve buffer growth in XML_GetBuffer and XML_Parse
444       #761 #770  xmlwf: Support --help and --version
445       #759 #770  xmlwf: Support custom buffer size for XML_GetBuffer and read
446            #744  xmlwf: Improve language and URL clickability in help output
447            #673  examples: Add new example "element_declarations.c"
448            #764  Be stricter about macro XML_CONTEXT_BYTES at build time
449            #765  Make inclusion to expat_config.h consistent
450       #726 #727  Autotools: configure.ac: Support --disable-maintainer-mode
451    #678 #705 ..
452  #706 #733 #792  Autotools: Sync CMake templates with CMake 3.26
453            #795  Autotools: Make installation of shipped man page doc/xmlwf.1
454                    independent of docbook2man availability
455            #815  Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
456                    section "Cflags.private" in order to fix compilation
457                    against static libexpat using pkg-config on Windows
458       #724 #751  Autotools|CMake: Require a C99 compiler
459                    (a de-facto requirement already since Expat 2.2.2 of 2017)
460            #793  Autotools|CMake: Fix PACKAGE_BUGREPORT variable
461       #750 #786  Autotools|CMake: Make test suite require a C++11 compiler
462            #749  CMake: Require CMake >=3.5.0
463            #672  CMake: Lowercase off_t and size_t to help a bug in Meson
464            #746  CMake: Sort xmlwf sources alphabetically
465            #785  CMake|Windows: Fix generation of DLL file version info
466            #790  CMake: Build tests/benchmark/benchmark.c as well for
467                    a build with -DEXPAT_BUILD_TESTS=ON
468       #745 #757  docs: Document the importance of isFinal + adjust tests
469                    accordingly
470            #736  docs: Improve use of "NULL" and "null"
471            #713  docs: Be specific about version of XML (XML 1.0r4)
472                    and version of C (C99); (XML 1.0r5 will need a sponsor.)
473            #762  docs: reference.html: Promote function XML_ParseBuffer more
474            #779  docs: reference.html: Add HTML anchors to XML_* macros
475            #760  docs: reference.html: Upgrade to OK.css 1.2.0
476       #763 #739  docs: Fix typos
477            #696  docs|CI: Use HTTPS URLs instead of HTTP at various places
478    #669 #670 ..
479    #692 #703 ..
480       #733 #772  Address compiler warnings
481       #798 #800  Address clang-tidy warnings
482       #775 #776  Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
483                    to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
484                    for what these numbers do
485
486        Infrastructure:
487       #700 #701  docs: Document security policy in file SECURITY.md
488            #766  docs: Improve parse buffer variables in-code documentation
489    #674 #738 ..
490    #740 #747 ..
491  #748 #781 #782  Refactor coverage and conformance tests
492       #714 #716  Refactor debug level variables to unsigned long
493            #671  Improve handling of empty environment variable value
494                    in function getDebugLevel (without visible user effect)
495    #755 #774 ..
496    #758 #783 ..
497       #784 #787  tests: Improve test coverage with regard to parse chunk size
498  #660 #797 #801  Fuzzing: Improve fuzzing coverage
499       #367 #799  Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests
500       #698 #721  CI: Resolve some Travis CI leftovers
501            #669  CI: Be robust towards absence of Git tags
502       #693 #694  CI: Set permissions to "contents: read" for security
503            #709  CI: Pin all GitHub Actions to specific commits for security
504            #739  CI: Reject spelling errors using codespell
505            #798  CI: Enforce clang-tidy clean code
506    #773 #808 ..
507       #809 #810  CI: Upgrade Clang from 15 to 18
508            #796  CI: Start using Clang's Control Flow Integrity sanitizer
509  #675 #720 #722  CI: Adapt to breaking changes in GitHub Actions Ubuntu images
510            #689  CI: Adapt to breaking changes in Clang/LLVM Debian packaging
511            #763  CI: Adapt to breaking changes in codespell
512            #803  CI: Adapt to breaking changes in Cppcheck
513
514        Special thanks to:
515            Ivan Galkin
516            Joyce Brum
517            Philippe Antoine
518            Rhodri James
519            Snild Dolkow
520            spookyahell
521            Steven Garske
522                 and
523            Clang AddressSanitizer
524            Clang UndefinedBehaviorSanitizer
525            codespell
526            GCC Farm Project
527            OSS-Fuzz
528            Sony Mobile
529
530Release 2.5.0 Tue October 25 2022
531        Security fixes:
532  #616 #649 #650  CVE-2022-43680 -- Fix heap use-after-free after overeager
533                    destruction of a shared DTD in function
534                    XML_ExternalEntityParserCreate in out-of-memory situations.
535                    Expected impact is denial of service or potentially
536                    arbitrary code execution.
537
538        Bug fixes:
539       #612 #645  Fix corruption from undefined entities
540       #613 #654  Fix case when parsing was suspended while processing nested
541                    entities
542  #616 #652 #653  Stop leaking opening tag bindings after a closing tag
543                    mismatch error where a parser is reset through
544                    XML_ParserReset and then reused to parse
545            #656  CMake: Fix generation of pkg-config file
546            #658  MinGW|CMake: Fix static library name
547
548        Other changes:
549            #663  Protect header expat_config.h from multiple inclusion
550            #666  examples: Make use of XML_GetBuffer and be more
551                    consistent across examples
552            #648  Address compiler warnings
553       #667 #668  Version info bumped from 9:9:8 to 9:10:8;
554                    see https://verbump.de/ for what these numbers do
555
556        Special thanks to:
557            Jann Horn
558            Mark Brand
559            Osyotr
560            Rhodri James
561                 and
562            Google Project Zero
563
564Release 2.4.9 Tue September 20 2022
565        Security fixes:
566       #629 #640  CVE-2022-40674 -- Heap use-after-free vulnerability in
567                    function doContent. Expected impact is denial of service
568                    or potentially arbitrary code execution.
569
570        Bug fixes:
571            #634  MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
572            #614  docs: Fix documentation on effect of switch XML_DTD on
573                    symbol visibility in doc/reference.html
574
575        Other changes:
576            #638  MinGW: Make fix-xmltest-log.sh drop more Wine bug output
577       #596 #625  Autotools: Sync CMake templates with CMake 3.22
578            #608  CMake: Migrate from use of CMAKE_*_POSTFIX to
579                    dedicated variables EXPAT_*_POSTFIX to stop affecting
580                    other projects
581       #597 #599  Windows|CMake: Add missing -DXML_STATIC to test runners
582                    and fuzzers
583       #512 #621  Windows|CMake: Render .def file from a template to fix
584                    linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
585       #611 #621  MinGW|CMake: Apply MSVC .def file when linking
586       #622 #624  MinGW|CMake: Sync library name with GNU Autotools,
587                    i.e. produce libexpat-1.dll rather than libexpat.dll
588                    by default.  Filename libexpat.dll.a is unaffected.
589            #632  MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
590                    toolchain file "cmake/mingw-toolchain.cmake" to avoid
591                    error "windres: Command not found" on e.g. Ubuntu 20.04
592       #597 #627  CMake: Unify inconsistent use of set() and option() in
593                    context of public build time options to take need for
594                    set(.. FORCE) in projects using Expat by means of
595                    add_subdirectory(..) off Expat's users' shoulders
596       #626 #641  Stop exporting API symbols when building a static library
597            #644  Resolve use of deprecated "fgrep" by "grep -F"
598            #620  CMake: Make documentation on variables a bit more consistent
599            #636  CMake: Drop leading whitespace from a #cmakedefine line in
600                    file expat_config.h.cmake
601            #594  xmlwf: Fix harmless variable mix-up in function nsattcmp
602  #592 #593 #610  Address Cppcheck warnings
603            #643  Address Clang 15 compiler warnings
604       #642 #644  Version info bumped from 9:8:8 to 9:9:8;
605                    see https://verbump.de/ for what these numbers do
606
607        Infrastructure:
608       #597 #598  CI: Windows: Start covering MSVC 2022
609            #619  CI: macOS: Migrate off deprecated macOS 10.15
610            #632  CI: Linux: Make migration off deprecated Ubuntu 18.04 work
611            #643  CI: Upgrade Clang from 14 to 15
612            #637  apply-clang-format.sh: Add support for BSD find
613            #633  coverage.sh: Exclude MinGW headers
614            #635  coverage.sh: Fix name collision for -funsigned-char
615
616        Special thanks to:
617            David Faure
618            Felix Wilhelm
619            Frank Bergmann
620            Rhodri James
621            Rosen Penev
622            Thijs Schreijer
623            Vincent Torri
624                 and
625            Google Project Zero
626
627Release 2.4.8 Mon March 28 2022
628        Other changes:
629            #587  pkg-config: Move "-lm" to section "Libs.private"
630            #587  CMake|MSVC: Fix pkg-config section "Libs"
631        #55 #582  CMake|macOS: Start using linker arguments
632                    "-compatibility_version <version>" and
633                    "-current_version <version>" in a way compatible with
634                    GNU Libtool
635       #590 #591  Version info bumped from 9:7:8 to 9:8:8;
636                    see https://verbump.de/ for what these numbers do
637
638        Infrastructure:
639            #589  CI: Upgrade Clang from 13 to 14
640
641        Special thanks to:
642            evpobr
643            Kai Pastor
644            Sam James
645
646Release 2.4.7 Fri March 4 2022
647        Bug fixes:
648       #572 #577  Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
649                    with regard to all valid URI characters (RFC 3986),
650                    i.e. the following set (excluding whitespace):
651                    ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
652                    0123456789 % -._~ :/?#[]@ !$&'()*+,;=
653
654        Other changes:
655  #555 #570 #581  CMake|Windows: Store Expat version in the DLL
656            #577  Document consequences of namespace separator choices not just
657                    in doc/reference.html but also in header <expat.h>
658            #577  Document Expat's lack of validation of namespace URIs against
659                    RFC 3986, and that the XML 1.0r4 specification doesn't
660                    require Expat to validate namespace URIs, and that Expat
661                    may do more in that regard in future releases.
662                    If you find need for strict RFC 3986 URI validation on
663                    application level today, https://uriparser.github.io/ may
664                    be of interest.
665            #579  Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
666            #575  Document that a call to XML_FreeContentModel can be done at
667                    a later time from outside the element declaration handler
668            #574  Make hardcoded namespace URIs easier to find in code
669            #573  Update documentation on use of XML_POOR_ENTOPY on Solaris
670       #569 #571  tests: Resolve use of macros NAN and INFINITY for GNU G++
671                    4.8.2 on Solaris.
672       #578 #580  Version info bumped from 9:6:8 to 9:7:8;
673                    see https://verbump.de/ for what these numbers do
674
675        Special thanks to:
676            Jeffrey Walton
677            Johnny Jazeix
678            Thijs Schreijer
679
680Release 2.4.6 Sun February 20 2022
681        Bug fixes:
682            #566  Fix a regression introduced by the fix for CVE-2022-25313
683                    in release 2.4.5 that affects applications that (1)
684                    call function XML_SetElementDeclHandler and (2) are
685                    parsing XML that contains nested element declarations
686                    (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
687
688        Other changes:
689       #567 #568  Version info bumped from 9:5:8 to 9:6:8;
690                    see https://verbump.de/ for what these numbers do
691
692        Special thanks to:
693            Matt Sergeant
694            Samanta Navarro
695            Sergei Trofimovich
696                 and
697            NixOS
698            Perl XML::Parser
699
700Release 2.4.5 Fri February 18 2022
701        Security fixes:
702            #562  CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
703                    sequences (e.g. from start tag names) to the XML
704                    processing application on top of Expat can cause
705                    arbitrary damage (e.g. code execution) depending
706                    on how invalid UTF-8 is handled inside the XML
707                    processor; validation was not their job but Expat's.
708                    Exploits with code execution are known to exist.
709            #561  CVE-2022-25236 -- Passing (one or more) namespace separator
710                    characters in "xmlns[:prefix]" attribute values
711                    made Expat send malformed tag names to the XML
712                    processor on top of Expat which can cause
713                    arbitrary damage (e.g. code execution) depending
714                    on such unexpectable cases are handled inside the XML
715                    processor; validation was not their job but Expat's.
716                    Exploits with code execution are known to exist.
717            #558  CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
718                    that could be triggered by e.g. a 2 megabytes
719                    file with a large number of opening braces.
720                    Expected impact is denial of service or potentially
721                    arbitrary code execution.
722            #560  CVE-2022-25314 -- Fix integer overflow in function copyString;
723                    only affects the encoding name parameter at parser creation
724                    time which is often hardcoded (rather than user input),
725                    takes a value in the gigabytes to trigger, and a 64-bit
726                    machine.  Expected impact is denial of service.
727            #559  CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
728                    needs input in the gigabytes and a 64-bit machine.
729                    Expected impact is denial of service or potentially
730                    arbitrary code execution.
731
732        Other changes:
733       #557 #564  Version info bumped from 9:4:8 to 9:5:8;
734                    see https://verbump.de/ for what these numbers do
735
736        Special thanks to:
737            Ivan Fratric
738            Samanta Navarro
739                 and
740            Google Project Zero
741            JetBrains
742
743Release 2.4.4 Sun January 30 2022
744        Security fixes:
745            #550  CVE-2022-23852 -- Fix signed integer overflow
746                    (undefined behavior) in function XML_GetBuffer
747                    (that is also called by function XML_Parse internally)
748                    for when XML_CONTEXT_BYTES is defined to >0 (which is both
749                    common and default).
750                    Impact is denial of service or more.
751            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
752                    doProlog triggered by large content in element type
753                    declarations when there is an element declaration handler
754                    present (from a prior call to XML_SetElementDeclHandler).
755                    Impact is denial of service or more.
756
757        Bug fixes:
758       #544 #545  xmlwf: Fix a memory leak on output file opening error
759
760        Other changes:
761            #546  Autotools: Fix broken CMake support under Cygwin
762            #554  Windows: Add missing files to the installer to fix
763                    compilation with CMake from installed sources
764       #552 #554  Version info bumped from 9:3:8 to 9:4:8;
765                    see https://verbump.de/ for what these numbers do
766
767        Special thanks to:
768            Carlo Bramini
769            hwt0415
770            Roland Illig
771            Samanta Navarro
772                 and
773            Clang LeakSan and the Clang team
774
775Release 2.4.3 Sun January 16 2022
776        Security fixes:
777       #531 #534  CVE-2021-45960 -- Fix issues with left shifts by >=29 places
778                    resulting in
779                      a) realloc acting as free
780                      b) realloc allocating too few bytes
781                      c) undefined behavior
782                    depending on architecture and precise value
783                    for XML documents with >=2^27+1 prefixed attributes
784                    on a single XML tag a la
785                    "<r xmlns:a='[..]' a:a123='[..]' [..] />"
786                    where XML_ParserCreateNS is used to create the parser
787                    (which needs argument "-n" when running xmlwf).
788                    Impact is denial of service, or more.
789       #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
790                    on variable m_groupSize in function doProlog leading
791                    to realloc acting as free.
792                    Impact is denial of service or more.
793            #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
794                    near memory allocation at multiple places.  Mitre assigned
795                    a dedicated CVE for each involved internal C function:
796                    - CVE-2022-22822 for function addBinding
797                    - CVE-2022-22823 for function build_model
798                    - CVE-2022-22824 for function defineAttribute
799                    - CVE-2022-22825 for function lookup
800                    - CVE-2022-22826 for function nextScaffoldPart
801                    - CVE-2022-22827 for function storeAtts
802                    Impact is denial of service or more.
803
804        Other changes:
805            #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
806            #541  Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
807                    and MSYS2 by not going through Wine on these platforms
808       #527 #528  Address compiler warnings
809       #533 #543  Version info bumped from 9:2:8 to 9:3:8;
810                    see https://verbump.de/ for what these numbers do
811
812        Infrastructure:
813            #536  CI: Check for realistic minimum CMake version
814       #529 #539  CI: Cover compilation with -m32
815            #529  CI: Store coverage reports as artifacts for download
816            #528  CI: Upgrade Clang from 11 to 13
817
818        Special thanks to:
819            An anonymous whitehat
820            Christopher Degawa
821            J. Peter Mugaas
822            Tyson Smith
823                 and
824            GCC Farm Project
825            Trend Micro Zero Day Initiative
826
827Release 2.4.2 Sun December 19 2021
828        Other changes:
829       #509 #510  Link againgst libm for function "isnan"
830       #513 #514  Include expat_config.h as early as possible
831            #498  Autotools: Include files with release archives:
832                    - buildconf.sh
833                    - fuzz/*.c
834       #507 #519  Autotools: Sync CMake templates with CMake 3.20
835       #495 #524  CMake: MinGW: Fix pkg-config section "Libs" for
836                    - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
837                    - multi-config CMake generators (e.g. Ninja Multi-Config)
838       #502 #503  docs: Document that function XML_GetBuffer may return NULL
839                    when asking for a buffer of 0 (zero) bytes size
840       #522 #523  docs: Fix return value docs for both
841                    XML_SetBillionLaughsAttackProtection* functions
842       #525 #526  Version info bumped from 9:1:8 to 9:2:8;
843                    see https://verbump.de/ for what these numbers do
844
845        Special thanks to:
846            Donghee Na
847            Joergen Ibsen
848            Kai Pastor
849
850Release 2.4.1 Sun May 23 2021
851        Bug fixes:
852       #488 #490  Autotools: Fix installed header expat_config.h for multilib
853                    systems; regression introduced in 2.4.0 by pull request #486
854
855        Other changes:
856       #491 #492  Version info bumped from 9:0:8 to 9:1:8;
857                    see https://verbump.de/ for what these numbers do
858
859        Special thanks to:
860            Gentoo's QA check "multilib_check_headers"
861
862Release 2.4.0 Sun May 23 2021
863        Security fixes:
864   #34 #466 #484  CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
865                    (denial-of-service; flavors targeting CPU time or RAM or both,
866                    leveraging general entities or parameter entities or both)
867                    by tracking and limiting the input amplification factor
868                    (<amplification> := (<direct> + <indirect>) / <direct>).
869                    By conservative default, amplification up to a factor of 100.0
870                    is tolerated and rejection only starts after 8 MiB of output bytes
871                    (=<direct> + <indirect>) have been processed.
872                    The fix adds the following to the API:
873                    - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
874                      signals this specific condition.
875                    - Two new API functions ..
876                      - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
877                      - XML_SetBillionLaughsAttackProtectionActivationThreshold
878                      .. to further tighten billion laughs protection parameters
879                      when desired.  Please see file "doc/reference.html" for details.
880                      If you ever need to increase the defaults for non-attack XML
881                      payload, please file a bug report with libexpat.
882                    - Two new XML_FEATURE_* constants ..
883                      - that can be queried using the XML_GetFeatureList function, and
884                      - that are shown in "xmlwf -v" output.
885                    - Two new environment variable switches ..
886                      - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
887                      - EXPAT_ENTITY_DEBUG=(0|1)
888                      .. for runtime debugging of accounting and entity processing.
889                      Specific behavior of these values may change in the future.
890                    - Two new command line arguments "-a FACTOR" and "-b BYTES"
891                      for xmlwf to further tighten billion laughs protection
892                      parameters when desired.
893                      If you ever need to increase the defaults for non-attack XML
894                      payload, please file a bug report with libexpat.
895
896        Bug fixes:
897       #332 #470  For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
898                    or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
899                    for UTF-16 payloads containing CDATA sections.
900       #485 #486  Autotools: Fix generated CMake files for non-64bit and
901                    non-Linux platforms (e.g. macOS and MinGW in particular)
902                    that were introduced with release 2.3.0
903
904        Other changes:
905       #468 #469  xmlwf: Improve help output and the xmlwf man page
906            #463  xmlwf: Improve maintainability through some refactoring
907            #477  xmlwf: Fix man page DocBook validity
908            #456  Autotools: Sync CMake templates with CMake 3.18
909       #458 #459  CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
910                    and CMAKE_INSTALL_INCLUDEDIR
911       #471 #481  CMake: Add support for standard variable BUILD_SHARED_LIBS
912            #457  Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
913            #467  Resolve macro HAVE_EXPAT_CONFIG_H
914            #472  Delete unused legacy helper file "conftools/PrintPath"
915       #473 #483  Improve attribution
916  #464 #465 #477  doc/reference.html: Fix XHTML validity
917       #475 #478  doc/reference.html: Replace the 90s look by OK.css
918            #479  Version info bumped from 8:0:7 to 9:0:8
919                    due to addition of new symbols and error codes;
920                    see https://verbump.de/ for what these numbers do
921
922        Infrastructure:
923            #456  CI: Enable periodic runs
924            #457  CI: Start covering the list of exported symbols
925            #474  CI: Isolate coverage task
926       #476 #482  CI: Adapt to breaking changes in image "ubuntu-18.04"
927            #477  CI: Cover well-formedness and DocBook/XHTML validity
928                    of doc/reference.html and doc/xmlwf.xml
929
930        Special thanks to:
931            Dimitry Andric
932            Eero Helenius
933            Nick Wellnhofer
934            Rhodri James
935            Tomas Korbar
936            Yury Gribov
937                 and
938            Clang LeakSan
939            JetBrains
940            OSS-Fuzz
941
942Release 2.3.0 Thu March 25 2021
943        Bug fixes:
944            #438  When calling XML_ParseBuffer without a prior successful call to
945                    XML_GetBuffer as a user, no longer trigger undefined behavior
946                    (by adding an integer to a NULL pointer) but rather return
947                    XML_STATUS_ERROR and set the error code to (new) code
948                    XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
949                    of Clang 11 (but not Clang 9).
950            #444  xmlwf: Exit status 2 was used for both:
951                    - malformed input files (documented) and
952                    - invalid command-line arguments (undocumented).
953                    The case of invalid command-line arguments now
954                    has its own exit status 4, resolving the ambiguity.
955
956        Other changes:
957            #439  xmlwf: Add argument -k to allow continuing after
958                    non-fatal errors
959            #439  xmlwf: Add section about exit status to the -h help output
960  #422 #426 #447  Windows: Drop support for Visual Studio <=14.0/2015
961            #434  Windows: CMake: Detect unsupported Visual Studio at
962                    configure time (rather than at compile time)
963       #382 #428  testrunner: Make verbose mode (argument "-v") report
964                    about passed tests, and make default mode report about
965                    failures, as well.
966            #442  CMake: Call "enable_language(CXX)" prior to tinkering
967                    with CMAKE_CXX_* variables
968            #448  Document use of libexpat from a CMake-based project
969            #451  Autotools: Install CMake files as generated by CMake 3.19.6
970                    so that users with "find_package(expat [..] CONFIG [..])"
971                    are served on distributions that are *not* using the CMake
972                    build system inside for libexpat packaging
973       #436 #437  Autotools: Drop obsolescent macro AC_HEADER_STDC
974       #450 #452  Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
975            #441  Address compiler warnings
976            #443  Version info bumped from 7:12:6 to 8:0:7
977                    due to addition of error code XML_ERROR_NO_BUFFER
978                    (see https://verbump.de/ for what these numbers do)
979
980        Infrastructure:
981       #435 #446  Replace Travis CI by GitHub Actions
982
983        Special thanks to:
984            Alexander Richardson
985            Oleksandr Popovych
986            Thomas Beutlich
987            Tim Bray
988                 and
989            Clang LeakSan, Clang 11 UBSan and the Clang team
990
991Release 2.2.10 Sat October 3 2020
992        Bug fixes:
993  #390 #395 #398  Fix undefined behavior during parsing caused by
994                    pointer arithmetic with NULL pointers
995       #404 #405  Fix reading uninitialized variable during parsing
996            #406  xmlwf: Add missing check for malloc NULL return
997
998        Other changes:
999            #396  Windows: Drop support for Visual Studio <=8.0/2005
1000            #409  Windows: Add missing file "Changes" to the installer
1001                    to fix compilation with CMake from installed sources
1002            #403  xmlwf: Document exit codes in xmlwf manpage and
1003                    exit with code 3 (rather than code 1) for output errors
1004                    when used with "-d DIRECTORY"
1005       #356 #359  MinGW: Provide declaration of rand_s for mingwrt <5.3.0
1006       #383 #392  Autotools: Use -Werror while configure tests the compiler
1007                    for supported compile flags to avoid false positives
1008  #383 #393 #394  Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
1009                    e.g. ensure that they have the last word over flags added
1010                    while running ./configure
1011            #360  CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
1012                    on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
1013            #360  CMake: Detect and deny unsupported build combinations
1014                    involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
1015            #360  CMake: Install pre-compiled shipped xmlwf.1 manpage in case
1016                    of -DEXPAT_BUILD_DOCS=OFF
1017  #375 #380 #419  CMake: Fix use of Expat by means of add_subdirectory
1018       #407 #408  CMake: Keep expat target name constant at "expat"
1019                    (i.e. refrain from using the target name to control
1020                    build artifact filenames)
1021            #385  CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
1022                    Windows
1023                  CMake: Expose man page compilation as target "xmlwf-manpage"
1024       #413 #414  CMake: Introduce option EXPAT_BUILD_PKGCONFIG
1025                    to control generation of pkg-config file "expat.pc"
1026            #424  CMake: Add minimalistic support for building binary packages
1027                    with CMake target "package"; based on CPack
1028            #366  CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
1029                    default OFF to build fuzzer code against OSS-Fuzz and
1030                    related environment variable LIB_FUZZING_ENGINE
1031            #354  Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
1032    #354 #355 ..
1033       #356 #412  Address compiler warnings
1034       #368 #369  Address pngcheck warnings with doc/*.png images
1035            #425  Version info bumped from 7:11:6 to 7:12:6
1036
1037        Special thanks to:
1038            asavah
1039            Ben Wagner
1040            Bhargava Shastry
1041            Frank Landgraf
1042            Jeffrey Walton
1043            Joe Orton
1044            Kleber Tarcísio
1045            Ma Lin
1046            Maciej Sroczyński
1047            Mohammed Khajapasha
1048            Vadim Zeitlin
1049                 and
1050            Cppcheck 2.0 and the Cppcheck team
1051
1052Release 2.2.9 Wed September 25 2019
1053        Other changes:
1054                  examples: Drop executable bits from elements.c
1055            #349  Windows: Change the name of the Windows DLLs from expat*.dll
1056                    to libexpat*.dll once more (regression from 2.2.8, first
1057                    fixed in 1.95.3, issue #61 on SourceForge today,
1058                    was issue #432456 back then); needs a fix due
1059                    case-insensitive file systems on Windows and the fact that
1060                    Perl's XML::Parser::Expat compiles into Expat.dll.
1061            #347  Windows: Only define _CRT_RAND_S if not defined
1062                  Version info bumped from 7:10:6 to 7:11:6
1063
1064        Special thanks to:
1065            Ben Wagner
1066
1067Release 2.2.8 Fri September 13 2019
1068        Security fixes:
1069       #317 #318  CVE-2019-15903 -- Fix heap overflow triggered by
1070                    XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
1071                    and deny internal entities closing the doctype;
1072                    fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
1073
1074        Bug fixes:
1075            #240  Fix cases where XML_StopParser did not have any effect
1076                    when called from inside of an end element handler
1077            #341  xmlwf: Fix exit code for operation without "-d DIRECTORY";
1078                    previously, only "-d DIRECTORY" would give you a proper
1079                    exit code:
1080                      # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
1081                      2
1082                      # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
1083                      0
1084                    Now both cases return exit code 2.
1085
1086        Other changes:
1087       #299 #302  Windows: Replace LoadLibrary hack to access
1088                    unofficial API function SystemFunction036 (RtlGenRandom)
1089                    by using official API function rand_s (needs WinXP+)
1090            #325  Windows: Drop support for Visual Studio <=7.1/2003
1091                    and document supported compilers in README.md
1092            #286  Windows: Remove COM code from xmlwf; in case it turns
1093                    out needed later, there will be a dedicated repository
1094                    below https://github.com/libexpat/ for that code
1095            #322  Windows: Remove explicit MSVC solution and project files.
1096                    You can generate Visual Studio solution files through
1097                    CMake, e.g.: cmake -G"Visual Studio 15 2017" .
1098            #338  xmlwf: Make "xmlwf -h" help output more friendly
1099            #339  examples: Improve elements.c
1100       #244 #264  Autotools: Add argument --enable-xml-attr-info
1101       #239 #301  Autotools: Add arguments
1102                    --with-getrandom
1103                    --without-getrandom
1104                    --with-sys-getrandom
1105                    --without-sys-getrandom
1106       #312 #343  Autotools: Fix linking issues with "./configure LD=clang"
1107                  Autotools: Fix "make run-xmltest" for out-of-source builds
1108       #329 #336  CMake: Pull all options from Expat <=2.2.7 into namespace
1109                    prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
1110                    - BUILD_doc            -> EXPAT_BUILD_DOCS (plural)
1111                    - BUILD_examples       -> EXPAT_BUILD_EXAMPLES
1112                    - BUILD_shared         -> EXPAT_SHARED_LIBS
1113                    - BUILD_tests          -> EXPAT_BUILD_TESTS
1114                    - BUILD_tools          -> EXPAT_BUILD_TOOLS
1115                    - DOCBOOK_TO_MAN       -> DOCBOOK_TO_MAN (unchanged)
1116                    - INSTALL              -> EXPAT_ENABLE_INSTALL
1117                    - MSVC_USE_STATIC_CRT  -> EXPAT_MSVC_STATIC_CRT
1118                    - USE_libbsd           -> EXPAT_WITH_LIBBSD
1119                    - WARNINGS_AS_ERRORS   -> EXPAT_WARNINGS_AS_ERRORS
1120                    - XML_CONTEXT_BYTES    -> EXPAT_CONTEXT_BYTES
1121                    - XML_DEV_URANDOM      -> EXPAT_DEV_URANDOM
1122                    - XML_DTD              -> EXPAT_DTD
1123                    - XML_NS               -> EXPAT_NS
1124                    - XML_UNICODE          -> EXPAT_CHAR_TYPE=ushort (!)
1125                    - XML_UNICODE_WCHAR_T  -> EXPAT_CHAR_TYPE=wchar_t (!)
1126       #244 #264  CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
1127                    default OFF
1128            #326  CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
1129                    default OFF
1130            #328  CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
1131                    default OFF
1132       #239 #277  CMake: Add arguments
1133                    -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
1134                    -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
1135            #326  CMake: Install expat_config.h to include directory
1136            #326  CMake: Generate and install configuration files for
1137                    future find_package(expat [..] CONFIG [..])
1138                  CMake: Now produces a summary of applied configuration
1139                  CMake: Require C++ compiler only when tests are enabled
1140            #330  CMake: Fix compilation for 16bit character types,
1141                    i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
1142            #265  CMake: Fix linking with MinGW
1143            #330  CMake: Add full support for MinGW; to enable, use
1144                    -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
1145            #330  CMake: Port "make run-xmltest" from GNU Autotools to CMake
1146            #316  CMake: Windows: Make binary postfix match MSVC
1147                    Old: expat[d].lib
1148                    New: expat[w][d][MD|MT].lib
1149                  CMake: Migrate files from Windows to Unix line endings
1150            #308  CMake: Integrate OSS-Fuzz fuzzers, option
1151                    -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
1152             #14  Drop an OpenVMS support leftover
1153    #235 #268 ..
1154    #270 #310 ..
1155  #313 #331 #333  Address compiler warnings
1156    #282 #283 ..
1157       #284 #285  Address cppcheck warnings
1158       #294 #295  Address Clang Static Analyzer warnings
1159        #24 #293  Mass-apply clang-format 9 (and ensure conformance during CI)
1160                  Version info bumped from 7:9:6 to 7:10:6
1161
1162        Special thanks to:
1163            David Loffredo
1164            Joonun Jang
1165            Kishore Kunche
1166            Marco Maggi
1167            Mitch Phillips
1168            Mohammed Khajapasha
1169            Rolf Ade
1170            xantares
1171            Zhongyuan Zhou
1172
1173Release 2.2.7 Wed June 19 2019
1174        Security fixes:
1175       #186 #262  CVE-2018-20843 -- Fix extraction of namespace prefixes from
1176                    XML names; XML names with multiple colons could end up in
1177                    the wrong namespace, and take a high amount of RAM and CPU
1178                    resources while processing, opening the door to
1179                    use for denial-of-service attacks
1180
1181        Other changes:
1182       #195 #197  Autotools/CMake: Utilize -fvisibility=hidden to stop
1183                    exporting non-API symbols
1184            #227  Autotools: Add --without-examples and --without-tests
1185            #228  Autotools: Modernize configure.ac
1186       #245 #246  Autotools: Fix check for -fvisibility=hidden for Clang
1187       #247 #248  Autotools: Fix compilation for lack of docbook2x-man
1188       #236 #258  Autotools: Produce .tar.{gz,lz,xz} release archives
1189            #212  CMake: Make libdir of pkgconfig expat.pc support multilib
1190       #158 #263  CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
1191            #219  Remove fallback to bcopy, assume that memmove(3) exists
1192            #257  Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD)
1193            #243  Windows: Fix syntax of .def module definition files
1194                  Version info bumped from 7:8:6 to 7:9:6
1195
1196        Special thanks to:
1197            Benjamin Peterson
1198            Caolán McNamara
1199            Hanno Böck
1200            KangLin
1201            Kishore Kunche
1202            Marco Maggi
1203            Rhodri James
1204            Sebastian Dröge
1205            userwithuid
1206            Yury Gribov
1207
1208Release 2.2.6 Sun August 12 2018
1209        Bug fixes:
1210       #170 #206  Avoid doing arithmetic with NULL pointers in XML_GetBuffer
1211       #204 #205  Fix 2.2.5 regression with suspend-resume while parsing
1212                    a document like '<root/>'
1213
1214        Other changes:
1215       #165 #168  Autotools: Fix docbook-related configure syntax error
1216            #166  Autotools: Avoid grep option `-q` for Solaris
1217            #167  Autotools: Support
1218                    ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
1219       #159 #167  Autotools: Support DOCBOOK_TO_MAN command which produces
1220                    xmlwf.1 rather than XMLWF.1; also covers case insensitive
1221                    file systems
1222            #181  Autotools: Drop -rpath option passed to libtool
1223            #188  Autotools: Detect and deny SGML docbook2man as ours is XML
1224            #188  Autotools/CMake: Support command db2x_docbook2man as well
1225            #174  CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
1226       #184 #185  CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
1227       #207 #208  CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
1228                    both defaulting to OFF
1229            #175  CMake: Prefer check_symbol_exists over check_function_exists
1230            #176  CMake: Create the same pkg-config file as with GNU Autotools
1231       #178 #179  CMake: Use GNUInstallDirs module to set proper defaults for
1232                    install directories
1233            #208  CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
1234            #180  Windows: Fix compilation of test suite for Visual Studio 2008
1235  #131 #173 #202  Address compiler warnings
1236  #187 #190 #200  Fix miscellaneous typos
1237                  Version info bumped from 7:7:6 to 7:8:6
1238
1239        Special thanks to:
1240            Anton Maklakov
1241            Benjamin Peterson
1242            Brad King
1243            Franek Korta
1244            Frank Rast
1245            Joe Orton
1246            luzpaz
1247            Pedro Vicente
1248            Rainer Jung
1249            Rhodri James
1250            Rolf Ade
1251            Rolf Eike Beer
1252            Thomas Beutlich
1253            Tomasz Kłoczko
1254
1255Release 2.2.5 Tue October 31 2017
1256        Bug fixes:
1257              #8  If the parser runs out of memory, make sure its internal
1258                    state reflects the memory it actually has, not the memory
1259                    it wanted to have.
1260             #11  The default handler wasn't being called when it should for
1261                    a SYSTEM or PUBLIC doctype if an entity declaration handler
1262                    was registered.
1263       #137 #138  Fix a case of mistakenly reported parsing success where
1264                    XML_StopParser was called from an element handler
1265            #162  Function XML_ErrorString was returning NULL rather than
1266                    a message for code XML_ERROR_INVALID_ARGUMENT
1267                    introduced with release 2.2.1
1268
1269        Other changes:
1270            #106  xmlwf: Add argument -N adding notation declarations
1271        #75 #106  Test suite: Resolve expected failure cases where xmlwf
1272                    output was incomplete
1273            #127  Windows: Fix test suite compilation
1274       #126 #127  Windows: Fix compilation for Visual Studio 2012
1275                  Windows: Upgrade shipped project files to Visual Studio 2017
1276        #33 #132  tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
1277            #129  examples: Fix compilation for XML_UNICODE_WCHAR_T
1278            #130  benchmark: Fix compilation for XML_UNICODE_WCHAR_T
1279            #144  xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
1280                    Windows or MinGW for 2-byte wchar_t
1281              #9  Address two Clang Static Analyzer false positives
1282             #59  Resolve troublesome macros hiding parser struct membership
1283                    and dereferencing that pointer
1284              #6  Resolve superfluous internal malloc/realloc switch
1285       #153 #155  Improve docbook2x-man detection
1286            #160  Undefine NDEBUG in the test suite (rather than rejecting it)
1287            #161  Address compiler warnings
1288                  Version info bumped from 7:6:6 to 7:7:6
1289
1290        Special thanks to:
1291            Benbuck Nason
1292            Hans Wennborg
1293            José Gutiérrez de la Concha
1294            Pedro Monreal Gonzalez
1295            Rhodri James
1296            Rolf Ade
1297            Stephen Groat
1298                 and
1299            Core Infrastructure Initiative
1300
1301Release 2.2.4 Sat August 19 2017
1302        Bug fixes:
1303            #115  Fix copying of partial characters for UTF-8 input
1304
1305        Other changes:
1306            #109  Fix "make check" for non-x86 architectures that default
1307                    to unsigned type char (-128..127 rather than 0..255)
1308            #109  coverage.sh: Cover -funsigned-char
1309                  Autotools: Introduce --without-xmlwf argument
1310             #65  Autotools: Replace handwritten Makefile with GNU Automake
1311             #43  CMake: Auto-detect high quality entropy extractors, add new
1312                    option USE_libbsd=ON to use arc4random_buf of libbsd
1313             #74  CMake: Add -fno-strict-aliasing only where supported
1314            #114  CMake: Always honor manually set BUILD_* options
1315            #114  CMake: Compile man page if docbook2x-man is available, only
1316            #117  Include file tests/xmltest.log.expected in source tarball
1317                    (required for "make run-xmltest")
1318            #117  Include (existing) Visual Studio 2013 files in source tarball
1319                  Improve test suite error output
1320            #111  Fix some typos in documentation
1321                  Version info bumped from 7:5:6 to 7:6:6
1322
1323        Special thanks to:
1324            Jakub Wilk
1325            Joe Orton
1326            Lin Tian
1327            Rolf Eike Beer
1328
1329Release 2.2.3 Wed August 2 2017
1330        Security fixes:
1331             #82  CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
1332                    using Steve Holme's LoadLibrary wrapper for/of cURL
1333
1334        Bug fixes:
1335             #85  Fix a dangling pointer issue related to realloc
1336
1337        Other changes:
1338                  Increase code coverage
1339             #91  Linux: Allow getrandom to fail if nonblocking pool has not
1340                    yet been initialized and read /dev/urandom then, instead.
1341                    This is in line with what recent Python does.
1342             #81  Pre-10.7/Lion macOS: Support entropy from arc4random
1343             #86  Check that a UTF-16 encoding in an XML declaration has the
1344                    right endianness
1345        #4 #5 #7  Recover correctly when some reallocations fail
1346                  Repair "./configure && make" for systems without any
1347                    provider of high quality entropy
1348                    and try reading /dev/urandom on those
1349                  Ensure that user-defined character encodings have converter
1350                    functions when they are needed
1351                  Fix mis-leading description of argument -c in xmlwf.1
1352                  Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
1353                    for CloudABI
1354            #100  Fix use of SIPHASH_MAIN in siphash.h
1355             #23  Test suite: Fix memory leaks
1356                  Version info bumped from 7:4:6 to 7:5:6
1357
1358        Special thanks to:
1359            Chanho Park
1360            Joe Orton
1361            Pascal Cuoq
1362            Rhodri James
1363            Simon McVittie
1364            Vadim Zeitlin
1365            Viktor Szakats
1366                 and
1367            Core Infrastructure Initiative
1368
1369Release 2.2.2 Wed July 12 2017
1370        Security fixes:
1371             #43  Protect against compilation without any source of high
1372                    quality entropy enabled, e.g. with CMake build system;
1373                    commit ff0207e6076e9828e536b8d9cd45c9c92069b895
1374             #60  Windows with _UNICODE:
1375                    Unintended use of LoadLibraryW with a non-wide string
1376                    resulted in failure to load advapi32.dll and degradation
1377                    in quality of used entropy when compiled with _UNICODE for
1378                    Windows; you can launch existing binaries with
1379                    EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
1380                    quality of entropy used during runtime; commits
1381                    * 95b95032f907ef1cd17ee7a9a1768010a825d61d
1382                    * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
1383   [MOX-006]      Fix non-NULL parser parameter validation in XML_Parse;
1384                    resulted in NULL dereference, previously;
1385                    commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
1386
1387        Bug fixes:
1388             #69  Fix improper use of unsigned long long integer literals
1389
1390        Other changes:
1391             #73  Start requiring a C99 compiler
1392             #49  Fix "==" Bashism in configure script
1393             #50  Fix too eager getrandom detection for Debian GNU/kFreeBSD
1394             #52    and macOS
1395             #51  Address lack of stdint.h in Visual Studio 2003 to 2008
1396             #58  Address compile warnings
1397             #68  Fix "./buildconf.sh && ./configure" for some versions
1398                    of Dash for /bin/sh
1399             #72  CMake: Ease use of Expat in context of a parent project
1400                    with multiple CMakeLists.txt files
1401             #72  CMake: Resolve mistaken executable permissions
1402             #76  Address compile warning with -DNDEBUG (not recommended!)
1403             #77  Address compile warning about macro redefinition
1404
1405        Special thanks to:
1406            Alexander Bluhm
1407            Ben Boeckel
1408            Cătălin Răceanu
1409            Kerin Millar
1410            László Böszörményi
1411            S. P. Zeidler
1412            Segev Finer
1413            Václav Slavík
1414            Victor Stinner
1415            Viktor Szakats
1416                 and
1417            Radically Open Security
1418
1419Release 2.2.1 Sat June 17 2017
1420        Security fixes:
1421                  CVE-2017-9233 -- External entity infinite loop DoS
1422                    Details: https://libexpat.github.io/doc/cve-2017-9233/
1423                    Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
1424   [MOX-002]      CVE-2016-9063 -- Detect integer overflow; commit
1425                    d4f735b88d9932bd5039df2335eefdd0723dbe20
1426                    (Fixed version of existing downstream patches!)
1427   (SF.net) #539  Fix regression from fix to CVE-2016-0718 cutting off
1428                    longer tag names; commits
1429                    * 896b6c1fd3b842f377d1b62135dccf0a579cf65d
1430                    * af507cef2c93cb8d40062a0abe43a4f4e9158fb2
1431             #16    * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
1432             #25  More integer overflow detection (function poolGrow); commits
1433                    * 810b74e4703dcfdd8f404e3cb177d44684775143
1434                    * 44178553f3539ce69d34abee77a05e879a7982ac
1435   [MOX-002]      Detect overflow from len=INT_MAX call to XML_Parse; commits
1436                    * 4be2cb5afcc018d996f34bbbce6374b7befad47f
1437                    * 7e5b71b748491b6e459e5c9a1d090820f94544d8
1438   [MOX-005] #30  Use high quality entropy for hash initialization:
1439                    * arc4random_buf on BSD, systems with libbsd
1440                      (when configured with --with-libbsd), CloudABI
1441                    * RtlGenRandom on Windows XP / Server 2003 and later
1442                    * getrandom on Linux 3.17+
1443                    In a way, that's still part of CVE-2016-5300.
1444                    https://github.com/libexpat/libexpat/pull/30/commits
1445   [MOX-005]      For the low quality entropy extraction fallback code,
1446                    the parser instance address can no longer leak, commit
1447                    04ad658bd3079dd15cb60fc67087900f0ff4b083
1448   [MOX-003]      Prevent use of uninitialised variable; commit
1449   [MOX-004]        a4dc944f37b664a3ca7199c624a98ee37babdb4b
1450                  Add missing parameter validation to public API functions
1451                    and dedicated error code XML_ERROR_INVALID_ARGUMENT:
1452   [MOX-006]        * NULL checks; commits
1453                      * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
1454                      * 9ed727064b675b7180c98cb3d4f75efba6966681
1455                      * 6a747c837c50114dfa413994e07c0ba477be4534
1456                    * Negative length (XML_Parse); commit
1457   [MOX-002]          70db8d2538a10f4c022655d6895e4c3e78692e7f
1458   [MOX-001] #35  Change hash algorithm to William Ahern's version of SipHash
1459                    to go further with fixing CVE-2012-0876.
1460                    https://github.com/libexpat/libexpat/pull/39/commits
1461
1462        Bug fixes:
1463             #32  Fix sharing of hash salt across parsers;
1464                    relevant where XML_ExternalEntityParserCreate is called
1465                    prior to XML_Parse, in particular (e.g. FBReader)
1466             #28  xmlwf: Auto-disable use of memory-mapping (and parsing
1467                    as a single chunk) for files larger than ~1 GB (2^30 bytes)
1468                    rather than failing with error "out of memory"
1469              #3  Fix double free after malloc failure in DTD code; commit
1470                    7ae9c3d3af433cd4defe95234eae7dc8ed15637f
1471             #17  Fix memory leak on parser error for unbound XML attribute
1472                    prefix with new namespaces defined in the same tag;
1473                    found by Google's OSS-Fuzz; commits
1474                    * 16f87daae5a16132e479e4f71862128c7a915c73
1475                    * b47dbc9745932c160893d433220e462bd605f8cd
1476                  xmlwf on Windows: Add missing calls to CloseHandle
1477
1478        New features:
1479             #30  Introduced environment switch EXPAT_ENTROPY_DEBUG=1
1480                    for runtime debugging of entropy extraction
1481
1482        Other changes:
1483                  Increase code coverage
1484             #33  Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
1485                    XML_UNICODE_WCHAR_T was never meant to be used outside
1486                    of Windows; 4-byte wchar_t is common on Linux
1487   (SF.net) #538  Start using -fno-strict-aliasing
1488   (SF.net) #540  Support compilation against cloudlibc of CloudABI
1489                  Allow MinGW cross-compilation
1490   (SF.net) #534  CMake: Introduce option "BUILD_doc" (enabled by default)
1491                    to bypass compilation of the xmlwf.1 man page
1492   (SF.net)  pr2  CMake: Introduce option "INSTALL" (enabled by default)
1493                    to bypass installation of expat files
1494                  CMake: Fix ninja support
1495                  Autotools: Add parameters --enable-xml-context [COUNT]
1496                    and --disable-xml-context; default of context of 1024
1497                    bytes enabled unchanged
1498             #14  Drop AmigaOS 4.x code and includes
1499             #14  Drop ancient build systems:
1500                    * Borland C++ Builder
1501                    * OpenVMS
1502                    * Open Watcom
1503                    * Visual Studio 6.0
1504                    * Pre-X Mac OS (MPW Makefile)
1505                    If you happen to rely on some of these, please get in
1506                    touch for joining with maintenance.
1507             #10  Move from WIN32 to _WIN32
1508             #13  Fix "make run-xmltest" order instability
1509                  Address compile warnings
1510                  Bump version info from 7:2:6 to 7:3:6
1511                  Add AUTHORS file
1512
1513        Infrastructure:
1514              #1  Migrate from SourceForge to GitHub (except downloads):
1515                    https://github.com/libexpat/
1516              #1  Re-create http://libexpat.org/ project website
1517                  Start utilizing Travis CI
1518
1519        Special thanks to:
1520            Andy Wang
1521            Don Lewis
1522            Ed Schouten
1523            Karl Waclawek
1524            Pascal Cuoq
1525            Rhodri James
1526            Sergei Nikulov
1527            Tobias Taschner
1528            Viktor Szakats
1529                 and
1530            Core Infrastructure Initiative
1531            Mozilla Foundation (MOSS Track 3: Secure Open Source)
1532            Radically Open Security
1533
1534Release 2.2.0 Tue June 21 2016
1535        Security fixes:
1536            #537  CVE-2016-0718 -- Fix crash on malformed input
1537                  CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
1538                                   CVE-2015-2716 introduced with Expat 2.1.1
1539            #499  CVE-2016-5300 -- Use more entropy for hash initialization
1540                                   than the original fix to CVE-2012-0876
1541            #519  CVE-2012-6702 -- Resolve troublesome internal call to srand
1542                                   that was introduced with Expat 2.1.0
1543                                   when addressing CVE-2012-0876 (issue #496)
1544
1545        Bug fixes:
1546                  Fix uninitialized reads of size 1
1547                    (e.g. in little2_updatePosition)
1548                  Fix detection of UTF-8 character boundaries
1549
1550        Other changes:
1551            #532  Fix compilation for Visual Studio 2010 (keyword "C99")
1552                  Autotools: Resolve use of "$<" to better support bmake
1553                  Autotools: Add QA script "qa.sh" (and make target "qa")
1554                  Autotools: Respect CXXFLAGS if given
1555                  Autotools: Fix "make run-xmltest"
1556                  Autotools: Have "make run-xmltest" check for expected output
1557             p90  CMake: Fix static build (BUILD_shared=OFF) on Windows
1558            #536  CMake: Add soversion, support -DNO_SONAME=yes to bypass
1559            #323  CMake: Add suffix "d" to differentiate debug from release
1560                  CMake: Define WIN32 with CMake on Windows
1561                  Annotate memory allocators for GCC
1562                  Address all currently known compile warnings
1563                  Make sure that API symbols remain visible despite
1564                    -fvisibility=hidden
1565                  Remove executable flag from source files
1566                  Resolve COMPILED_FROM_DSP in favor of WIN32
1567
1568        Special thanks to:
1569            Björn Lindahl
1570            Christian Heimes
1571            Cristian Rodríguez
1572            Daniel Krügler
1573            Gustavo Grieco
1574            Karl Waclawek
1575            László Böszörményi
1576            Marco Grassi
1577            Pascal Cuoq
1578            Sergei Nikulov
1579            Thomas Beutlich
1580            Warren Young
1581            Yann Droneaud
1582
1583Release 2.1.1 Sat March 12 2016
1584        Security fixes:
1585            #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
1586
1587        Bug fixes:
1588            #502: Fix potential null pointer dereference
1589            #520: Symbol XML_SetHashSalt was not exported
1590            Output of "xmlwf -h" was incomplete
1591
1592        Other changes:
1593            #503: Document behavior of calling XML_SetHashSalt with salt 0
1594            Minor improvements to man page xmlwf(1)
1595            Improvements to the experimental CMake build system
1596            libtool now invoked with --verbose
1597
1598Release 2.1.0 Sat March 24 2012
1599        - Security fixes:
1600          #2958794: CVE-2012-1148 - Memory leak in poolGrow.
1601          #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
1602          #3496608: CVE-2012-0876 - Hash DOS attack.
1603          #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
1604          #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
1605        - Bug Fixes:
1606          #1742315: Harmful XML_ParserCreateNS suggestion.
1607          #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
1608          #1983953, 2517952, 2517962, 2649838:
1609                Build modifications using autoreconf instead of buildconf.sh.
1610          #2815947, #2884086: OBJEXT and EXEEXT support while building.
1611          #2517938: xmlwf should return non-zero exit status if not well-formed.
1612          #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
1613          #2855609: Dangling positionPtr after error.
1614          #2990652: CMake support.
1615          #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
1616          #3206497: Uninitialized memory returned from XML_Parse.
1617          #3287849: make check fails on mingw-w64.
1618        - Patches:
1619          #1749198: pkg-config support.
1620          #3010222: Fix for bug #3010819.
1621          #3312568: CMake support.
1622          #3446384: Report byte offsets for attr names and values.
1623        - New Features / API changes:
1624          Added new API member XML_SetHashSalt() that allows setting an initial
1625                value (salt) for hash calculations. This is part of the fix for
1626                bug #3496608 to randomize hash parameters.
1627          When compiled with XML_ATTR_INFO defined, adds new API member
1628                XML_GetAttributeInfo() that allows retrieving the byte
1629                offsets for attribute names and values (patch #3446384).
1630          Added CMake build system.
1631                See bug #2990652 and patch #3312568.
1632          Added run-benchmark target to Makefile.in - relies on testdata module
1633                present in the same relative location as in the repository.
1634
1635Release 2.0.1 Tue June 5 2007
1636        - Fixed bugs #1515266, #1515600: The character data handler's calling
1637          of XML_StopParser() was not handled properly; if the parser was
1638          stopped and the handler set to NULL, the parser would segfault.
1639        - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
1640          some character constants to be ASCII encoded.
1641        - Minor cleanups of the test harness.
1642        - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
1643        - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
1644        - Fixes and improvements for Windows platform:
1645          bugs #1409451, #1476160, #1548182, #1602769, #1717322.
1646        - Build fixes for various platforms:
1647          HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
1648          All Unix: #1554618 (refreshed config.sub/config.guess).
1649                    #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
1650                    without relying on GNU-Make specific features.
1651          #1647805: Patched configure.in to work better with Intel compiler.
1652        - Fixes to Makefile.in to have make check work correctly:
1653          bugs #1408143, #1535603, #1536684.
1654        - Added Open Watcom support: patch #1523242.
1655
1656Release 2.0.0 Wed Jan 11 2006
1657        - We no longer use the "check" library for C unit testing; we
1658          always use the (partial) internal implementation of the API.
1659        - Report XML_NS setting via XML_GetFeatureList().
1660        - Fixed headers for use from C++.
1661        - XML_GetCurrentLineNumber() and  XML_GetCurrentColumnNumber()
1662          now return unsigned integers.
1663        - Added XML_LARGE_SIZE switch to enable 64-bit integers for
1664          byte indexes and line/column numbers.
1665        - Updated to use libtool 1.5.22 (the most recent).
1666        - Added support for AmigaOS.
1667        - Some mostly minor bug fixes. SF issues include: #1006708,
1668          #1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
1669
1670Release 1.95.8 Fri Jul 23 2004
1671        - Major new feature: suspend/resume.  Handlers can now request
1672          that a parse be suspended for later resumption or aborted
1673          altogether.  See "Temporarily Stopping Parsing" in the
1674          documentation for more details.
1675        - Some mostly minor bug fixes, but compilation should no
1676          longer generate warnings on most platforms.  SF issues
1677          include: #827319, #840173, #846309, #888329, #896188, #923913,
1678          #928113, #961698, #985192.
1679
1680Release 1.95.7 Mon Oct 20 2003
1681        - Fixed enum XML_Status issue (reported on SourceForge many
1682          times), so compilers that are properly picky will be happy.
1683        - Introduced an XMLCALL macro to control the calling
1684          convention used by the Expat API; this macro should be used
1685          to annotate prototypes and definitions of callback
1686          implementations in code compiled with a calling convention
1687          other than the default convention for the host platform.
1688        - Improved ability to build without the configure-generated
1689          expat_config.h header.  This is useful for applications
1690          which embed Expat rather than linking in the library.
1691        - Fixed a variety of bugs: see SF issues #458907, #609603,
1692          #676844, #679754, #692878, #692964, #695401, #699323, #699487,
1693          #820946.
1694        - Improved hash table lookups.
1695        - Added more regression tests and improved documentation.
1696
1697Release 1.95.6 Tue Jan 28 2003
1698        - Added XML_FreeContentModel().
1699        - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
1700        - Fixed a variety of bugs: see SF issues #615606, #616863,
1701          #618199, #653180, #673791.
1702        - Enhanced the regression test suite.
1703        - Man page improvements: includes SF issue #632146.
1704
1705Release 1.95.5 Fri Sep 6 2002
1706        - Added XML_UseForeignDTD() for improved SAX2 support.
1707        - Added XML_GetFeatureList().
1708        - Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
1709        - Use an incomplete struct instead of a void* for the parser
1710          (may not retain).
1711        - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
1712        - Finally fixed bug where default handler would report DTD
1713          events that were already handled by another handler.
1714          Initial patch contributed by Darryl Miles.
1715        - Removed unnecessary DllMain() function that caused static
1716          linking into a DLL to be difficult.
1717        - Added VC++ projects for building static libraries.
1718        - Reduced line-length for all source code and headers to be
1719          no longer than 80 characters, to help with AS/400 support.
1720        - Reduced memory copying during parsing (SF patch #600964).
1721        - Fixed a variety of bugs: see SF issues #580793, #434664,
1722          #483514, #580503, #581069, #584041, #584183, #584832, #585537,
1723          #596555, #596678, #598352, #598944, #599715, #600479, #600971.
1724
1725Release 1.95.4 Fri Jul 12 2002
1726        - Added support for VMS, contributed by Craig Berry.  See
1727          vms/README.vms for more information.
1728        - Added Mac OS (classic) support, with a makefile for MPW,
1729          contributed by Thomas Wegner and Daryle Walker.
1730        - Added Borland C++ Builder 5 / BCC 5.5 support, contributed
1731          by Patrick McConnell (SF patch #538032).
1732        - Fixed a variety of bugs: see SF issues #441449, #563184,
1733          #564342, #566334, #566901, #569461, #570263, #575168, #579196.
1734        - Made skippedEntityHandler conform to SAX2 (see source comment)
1735        - Re-implemented WFC: Entity Declared from XML 1.0 spec and
1736          added a new error "entity declared in parameter entity":
1737          see SF bug report #569461 and SF patch #578161
1738        - Re-implemented section 5.1 from XML 1.0 spec:
1739          see SF bug report #570263 and SF patch #578161
1740
1741Release 1.95.3 Mon Jun 3 2002
1742        - Added a project to the MSVC workspace to create a wchar_t
1743          version of the library; the DLLs are named libexpatw.dll.
1744        - Changed the name of the Windows DLLs from expat.dll to
1745          libexpat.dll; this fixes SF bug #432456.
1746        - Added the XML_ParserReset() API function.
1747        - Fixed XML_SetReturnNSTriplet() to work for element names.
1748        - Made the XML_UNICODE builds usable (thanks, Karl!).
1749        - Allow xmlwf to read from standard input.
1750        - Install a man page for xmlwf on Unix systems.
1751        - Fixed many bugs; see SF bug reports #231864, #461380, #464837,
1752          #466885, #469226, #477667, #484419, #487840, #494749, #496505,
1753          #547350.  Other bugs which we can't test as easily may also
1754          have been fixed, especially in the area of build support.
1755
1756Release 1.95.2 Fri Jul 27 2001
1757        - More changes to make MSVC happy with the build; add a single
1758          workspace to support both the library and xmlwf application.
1759        - Added a Windows installer for Windows users; includes
1760          xmlwf.exe.
1761        - Added compile-time constants that can be used to determine the
1762          Expat version
1763        - Removed a lot of GNU-specific dependencies to aide portability
1764          among the various Unix flavors.
1765        - Fix the UTF-8 BOM bug.
1766        - Cleaned up warning messages for several compilers.
1767        - Added the -Wall, -Wstrict-prototypes options for GCC.
1768
1769Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
1770        - Changes to get expat to build under Microsoft compiler
1771        - Removed all aborts and instead return an UNEXPECTED_STATE error.
1772        - Fixed a bug where a stray '%' in an entity value would cause an
1773          abort.
1774        - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
1775          finding this oversight.
1776        - Changed default patterns in lib/Makefile.in to fit non-GNU makes
1777          Thanks to robin@unrated.net for reporting and providing an
1778          account to test on.
1779        - The reference had the wrong label for XML_SetStartNamespaceDecl.
1780          Reported by an anonymous user.
1781
1782Release 1.95.0 Fri Sep 29 2000
1783        - XML_ParserCreate_MM
1784                Allows you to set a memory management suite to replace the
1785                standard malloc,realloc, and free.
1786        - XML_SetReturnNSTriplet
1787                If you turn this feature on when namespace processing is in
1788                effect, then qualified, prefixed element and attribute names
1789                are returned as "uri|name|prefix" where '|' is whatever
1790                separator character is used in namespace processing.
1791        - Merged in features from perl-expat
1792                o XML_SetElementDeclHandler
1793                o XML_SetAttlistDeclHandler
1794                o XML_SetXmlDeclHandler
1795                o XML_SetEntityDeclHandler
1796                o StartDoctypeDeclHandler takes 3 additional parameters:
1797                        sysid, pubid, has_internal_subset
1798                o Many paired handler setters (like XML_SetElementHandler)
1799                  now have corresponding individual handler setters
1800                o XML_GetInputContext for getting the input context of
1801                  the current parse position.
1802        - Added reference material
1803        - Packaged into a distribution that builds a sharable library
1804