xref: /freebsd/contrib/expat/Changes (revision 627b778d9e6b603a44a010d22d823ca7c392b363)
1                           __  __            _
2                        ___\ \/ /_ __   __ _| |_
3                       / _ \\  /| '_ \ / _` | __|
4                      |  __//  \| |_) | (_| | |_
5                       \___/_/\_\ .__/ \__,_|\__|
6                                |_| XML parser
7
8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
9!! <blink>Expat is UNDERSTAFFED and WITHOUT FUNDING.</blink>                 !!
10!!                 ~~~~~~~~~~~~                                              !!
11!! The following topics need *additional skilled C developers* to progress   !!
12!! in a timely manner or at all (loosely ordered by descending priority):    !!
13!!                                                                           !!
14!! - teaming up on researching and fixing future security reports and        !!
15!!   ClusterFuzz findings with few-days-max response times in communication  !!
16!!   in order to (1) have a sound fix ready before the end of a 90 days      !!
17!!   grace period and (2) in a sustainable manner,                           !!
18!! - helping CPython Expat bindings with supporting Expat's amplification    !!
19!!   attack protection API (https://github.com/python/cpython/issues/90949): !!
20!!   - XML_SetAllocTrackerActivationThreshold                                !!
21!!   - XML_SetAllocTrackerMaximumAmplification                               !!
22!!   - XML_SetBillionLaughsAttackProtectionActivationThreshold               !!
23!!   - XML_SetBillionLaughsAttackProtectionMaximumAmplification              !!
24!! - helping Perl's XML::Parser Expat bindings with supporting Expat's       !!
25!!   security API (https://github.com/cpan-authors/XML-Parser/issues/102):   !!
26!!   - XML_SetAllocTrackerActivationThreshold                                !!
27!!   - XML_SetAllocTrackerMaximumAmplification                               !!
28!!   - XML_SetBillionLaughsAttackProtectionActivationThreshold               !!
29!!   - XML_SetBillionLaughsAttackProtectionMaximumAmplification              !!
30!!   - XML_SetReparseDeferralEnabled                                         !!
31!! - implementing and auto-testing XML 1.0r5 support                         !!
32!!   (needs discussion before pull requests),                                !!
33!! - smart ideas on fixing the Autotools CMake files generation issue        !!
34!!   without breaking CI (needs discussion before pull requests),            !!
35!! - pushing migration from `int` to `size_t` further                        !!
36!!   including edge-cases test coverage (needs discussion before anything).  !!
37!!                                                                           !!
38!! For details, please reach out via e-mail to sebastian@pipping.org so we   !!
39!! can schedule a voice call on the topic, in English or German.             !!
40!!                                                                           !!
41!! THANK YOU!                        Sebastian Pipping -- Berlin, 2024-03-09 !!
42!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
43
44Release 2.7.2 Tue September 16 2025
45        Security fixes:
46     #1018 #1034  CVE-2025-59375 -- Disallow use of disproportional amounts of
47                    dynamic memory from within an Expat parser (e.g. previously
48                    a ~250 KiB sized document was able to cause allocation of
49                    ~800 MiB from the heap, i.e. an "amplification" of factor
50                    ~3,300); once a threshold (that defaults to 64 MiB) is
51                    reached, a maximum amplification factor (that defaults to
52                    100.0) is enforced, and violating documents are rejected
53                    with an out-of-memory error.
54                    There are two new API functions to fine-tune this new
55                    behavior:
56                      - XML_SetAllocTrackerActivationThreshold
57                      - XML_SetAllocTrackerMaximumAmplification .
58                    If you ever need to increase these defaults for non-attack
59                    XML payload, please file a bug report with libexpat.
60                      There is also a new environment variable
61                    EXPAT_MALLOC_DEBUG=(0|1|2) to control the verbosity
62                    of allocations debugging at runtime, disabled by default.
63                      Known impact is (reliable and easy) denial of service:
64                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
65                    (Base Score: 7.5, Temporal Score: 7.2)
66                    Please note that a layer of compression around XML can
67                    significantly reduce the minimum attack payload size.
68                      Distributors intending to backport (or cherry-pick) the
69                    fix need to copy 99% of the related pull request, not just
70                    the "lib: Implement tracking of dynamic memory allocations"
71                    commit, to not end up with a state that literally does both
72                    too much and too little at the same time. Appending ".diff"
73                    to the pull request URL could be of help.
74
75        Other changes:
76     #1008 #1017  Autotools: Sync CMake templates with CMake 3.31 for macOS
77           #1007  CMake: Drop support for CMake <3.15
78           #1004  CMake: Fix off_t detection for -Werror
79           #1007  CMake|Windows: Fix -DEXPAT_MSVC_STATIC_CRT=ON
80           #1013  Windows: Drop support for Visual Studio <=16.0/2019
81           #1026  xmlwf: Mention supported environment variables in
82                    --help output
83           #1024  xmlwf: Fix (internal) help generator
84           #1034  docs: Promote the contract to call function
85                    XML_FreeContentModel when registering a custom
86                    element declaration handler (via a call to function
87                    XML_SetElementDeclHandler)
88           #1027  docs: Add missing <p>..</p> wrap
89            #994  docs: Drop AppVeyor badge
90           #1000  tests: Fix portable_strndup
91           #1036  Drop casts around malloc/free/realloc that C99 does not need
92           #1010  Replace empty for-loops with while loops
93           #1011  Add const with internal XmlInitUnknownEncodingNS
94       #14 #1037  Drop an OpenVMS support leftover
95      #999 #1001  Address more clang-tidy warnings
96     #1030 #1038  Version info bumped from 11:2:10 (libexpat*.so.1.10.2)
97                    to 12:0:11 (libexpat*.so.1.11.0); see https://verbump.de/
98                    for what these numbers do
99
100        Infrastructure:
101           #1003  CI: Cover compilation on FreeBSD
102     #1009 #1035  CI: Upgrade Clang from 19 to 21
103           #1031  CI: Make calling Cppcheck without --suppress=objectIndex
104                    and --suppress=unknownMacro possible
105           #1013  CI|Windows: Get off of deprecated image "windows-2019"
106  #1008 #1017 ..
107     #1023 #1025  CI: Adapt to breaking changes in GitHub Actions
108
109        Special thanks to:
110            Alexander Bluhm
111            Neil Pang
112            Theo Buehler
113                 and
114            OSS-Fuzz / ClusterFuzz
115            Perl XML::Parser
116
117Release 2.7.1 Thu March 27 2025
118        Bug fixes:
119       #980 #989  Restore event pointer behavior from Expat 2.6.4
120                    (that the fix to CVE-2024-8176 changed in 2.7.0);
121                    affected API functions are:
122                    - XML_GetCurrentByteCount
123                    - XML_GetCurrentByteIndex
124                    - XML_GetCurrentColumnNumber
125                    - XML_GetCurrentLineNumber
126                    - XML_GetInputContext
127
128        Other changes:
129       #976 #977  Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
130                    with Automake that were missing from 2.7.0 release tarballs
131       #983 #984  Fix printf format specifiers for 32bit Emscripten
132            #992  docs: Promote OpenSSF Best Practices self-certification
133            #978  tests/benchmark: Resolve mistaken double close
134            #986  Address Frama-C warnings
135       #990 #993  Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
136                    to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
137                    for what these numbers do
138
139        Infrastructure:
140            #982  CI: Start running Perl XML::Parser integration tests
141            #987  CI: Enforce Clang Static Analyzer clean code
142            #991  CI: Re-enable warning clang-analyzer-valist.Uninitialized
143                    for clang-tidy
144            #981  CI: Cover compilation with musl
145       #983 #984  CI: Cover compilation with 32bit Emscripten
146       #976 #977  CI: Protect against fuzzer files missing from future
147                    release archives
148
149        Special thanks to:
150            Berkay Eren Ürün
151            Matthew Fernandez
152                 and
153            Perl XML::Parser
154
155Release 2.7.0 Thu March 13 2025
156        Security fixes:
157       #893 #973  CVE-2024-8176 -- Fix crash from chaining a large number
158                    of entities caused by stack overflow by resolving use of
159                    recursion, for all three uses of entities:
160                    - general entities in character data ("<e>&g1;</e>")
161                    - general entities in attribute values ("<e k1='&g1;'/>")
162                    - parameter entities ("%p1;")
163                    Known impact is (reliable and easy) denial of service:
164                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
165                    (Base Score: 7.5, Temporal Score: 7.2)
166                    Please note that a layer of compression around XML can
167                    significantly reduce the minimum attack payload size.
168
169        Other changes:
170       #935 #937  Autotools: Make generated CMake files look for
171                    libexpat.@SO_MAJOR@.dylib on macOS
172            #925  Autotools: Sync CMake templates with CMake 3.29
173  #945 #962 #966  CMake: Drop support for CMake <3.13
174            #942  CMake: Small fuzzing related improvements
175            #921  docs: Add missing documentation of error code
176                    XML_ERROR_NOT_STARTED that was introduced with 2.6.4
177            #941  docs: Document need for C++11 compiler for use from C++
178            #959  tests/benchmark: Fix a (harmless) TOCTTOU
179            #944  Windows: Fix installer target location of file xmlwf.xml
180                    for CMake
181            #953  Windows: Address warning -Wunknown-warning-option
182                    about -Wno-pedantic-ms-format from LLVM MinGW
183            #971  Address Cppcheck warnings
184       #969 #970  Mass-migrate links from http:// to https://
185    #947 #958 ..
186       #974 #975  Document changes since the previous release
187       #974 #975  Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
188                    to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
189                    for what these numbers do
190
191        Infrastructure:
192            #926  tests: Increase robustness
193    #927 #932 ..
194       #930 #933  tests: Increase test coverage
195    #617 #950 ..
196    #951 #952 ..
197    #954 #955 ..  Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on
198            #961    Google's libprotobuf-mutator ("LPM")
199            #957  Fuzzing|CI: Start producing fuzzing code coverage reports
200            #936  CI: Pass -q -q for LCOV >=2.1 in coverage.sh
201            #942  CI: Small fuzzing related improvements
202    #139 #203 ..
203       #791 #946  CI: Make GitHub Actions build using MSVC on Windows and
204                      produce 32bit and 64bit Windows binaries
205            #956  CI: Get off of about-to-be-removed Ubuntu 20.04
206       #960 #964  CI: Start uploading to Coverity Scan for static analysis
207            #972  CI: Stop loading DTD from the internet to address flaky CI
208            #971  CI: Adapt to breaking changes in Cppcheck
209
210        Special thanks to:
211            Alexander Gieringer
212            Berkay Eren Ürün
213            Hanno Böck
214            Jann Horn
215            Mark Brand
216            Sebastian Andrzej Siewior
217            Snild Dolkow
218            Thomas Pröll
219            Tomas Korbar
220            valord577
221                 and
222            Google Project Zero
223            Linutronix
224            Red Hat
225            Siemens
226
227Release 2.6.4 Wed November 6 2024
228        Security fixes:
229            #915  CVE-2024-50602 -- Fix crash within function XML_ResumeParser
230                    from a NULL pointer dereference by disallowing function
231                    XML_StopParser to (stop or) suspend an unstarted parser.
232                    A new error code XML_ERROR_NOT_STARTED was introduced to
233                    properly communicate this situation.  // CWE-476 CWE-754
234
235        Other changes:
236            #903  CMake: Add alias target "expat::expat"
237            #905  docs: Document use via CMake >=3.18 with FetchContent
238                    and SOURCE_SUBDIR and its consequences
239            #902  tests: Reduce use of global parser instance
240            #904  tests: Resolve duplicate handler
241       #317 #918  tests: Improve tests on doctype closing (ex CVE-2019-15903)
242            #914  Fix signedness of format strings
243            #915  For use from C++, expat.h started requiring C++11 due to
244                    use of C99 features
245       #919 #920  Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
246                    to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
247                    for what these numbers do
248
249        Infrastructure:
250            #907  CI: Upgrade Clang from 18 to 19
251            #913  CI: Drop macos-12 and add macos-15
252            #910  CI: Adapt to breaking changes in GitHub Actions
253            #898  Add missing entries to .gitignore
254
255        Special thanks to:
256            Hanno Böck
257            José Eduardo Gutiérrez Conejo
258            José Ricardo Cardona Quesada
259
260Release 2.6.3 Wed September 4 2024
261        Security fixes:
262       #887 #890  CVE-2024-45490 -- Calling function XML_ParseBuffer with
263                    len < 0 without noticing and then calling XML_GetBuffer
264                    will have XML_ParseBuffer fail to recognize the problem
265                    and XML_GetBuffer corrupt memory.
266                    With the fix, XML_ParseBuffer now complains with error
267                    XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
268                    has been doing since Expat 2.2.1, and now documented.
269                    Impact is denial of service to potentially artitrary code
270                    execution.
271       #888 #891  CVE-2024-45491 -- Internal function dtdCopy can have an
272                    integer overflow for nDefaultAtts on 32-bit platforms
273                    (where UINT_MAX equals SIZE_MAX).
274                    Impact is denial of service to potentially artitrary code
275                    execution.
276       #889 #892  CVE-2024-45492 -- Internal function nextScaffoldPart can
277                    have an integer overflow for m_groupSize on 32-bit
278                    platforms (where UINT_MAX equals SIZE_MAX).
279                    Impact is denial of service to potentially artitrary code
280                    execution.
281
282        Other changes:
283       #851 #879  Autotools: Sync CMake templates with CMake 3.28
284            #853  Autotools: Always provide path to find(1) for portability
285            #861  Autotools: Ensure that the m4 directory always exists.
286            #870  Autotools: Simplify handling of SIZEOF_VOID_P
287            #869  Autotools: Support non-GNU sed
288            #856  Autotools|CMake: Fix main() to main(void)
289            #865  Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
290            #863  Autotools|CMake: Stop requiring dos2unix
291       #854 #855  CMake: Fix check for symbols size_t and off_t
292            #864  docs|tests: Convert README to Markdown and update
293            #741  Windows: Drop support for Visual Studio <=15.0/2017
294            #886  Drop needless XML_DTD guards around is_param access
295            #885  Fix typo in a code comment
296       #894 #896  Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
297                    to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
298                    for what these numbers do
299
300        Infrastructure:
301            #880  Readme: Promote the call for help
302            #868  CI: Fix various issues
303            #849  CI: Allow triggering GitHub Actions workflows manually
304    #851 #872 ..
305       #873 #879  CI: Adapt to breaking changes in GitHub Actions
306
307        Special thanks to:
308            Alexander Bluhm
309            Berkay Eren Ürün
310            Dag-Erling Smørgrav
311            Ferenc Géczi
312            TaiYou
313
314Release 2.6.2 Wed March 13 2024
315        Security fixes:
316       #839 #842  CVE-2024-28757 -- Prevent billion laughs attacks with
317                    isolated use of external parsers.  Please see the commit
318                    message of commit 1d50b80cf31de87750103656f6eb693746854aa8
319                    for details.
320
321        Bug fixes:
322       #839 #841  Reject direct parameter entity recursion
323                    and avoid the related undefined behavior
324
325        Other changes:
326            #847  Autotools: Fix build for DOCBOOK_TO_MAN containing spaces
327            #837  Add missing #821 and #824 to 2.6.1 change log
328       #838 #843  Version info bumped from 10:1:9 (libexpat*.so.1.9.1)
329                    to 10:2:9 (libexpat*.so.1.9.2); see https://verbump.de/
330                    for what these numbers do
331
332        Special thanks to:
333            Philippe Antoine
334            Tomas Korbar
335                 and
336            Clang UndefinedBehaviorSanitizer
337            OSS-Fuzz / ClusterFuzz
338
339Release 2.6.1 Thu February 29 2024
340        Bug fixes:
341            #817  Make tests independent of CPU speed, and thus more robust
342       #828 #836  Expose billion laughs API with XML_DTD defined and
343                    XML_GE undefined, regression from 2.6.0
344
345        Other changes:
346            #829  Hide test-only code behind new internal macro
347            #833  Autotools: Reject expat_config.h.in defining SIZEOF_VOID_P
348       #821 #824  Autotools: Fix "make clean" for case:
349                    ./configure --without-docbook && make clean all
350            #819  Address compiler warnings
351       #832 #834  Version info bumped from 10:0:9 (libexpat*.so.1.9.0)
352                    to 10:1:9 (libexpat*.so.1.9.1); see https://verbump.de/
353                    for what these numbers do
354
355        Infrastructure:
356            #818  CI: Adapt to breaking changes in clang-format
357
358        Special thanks to:
359            David Hall
360            Snild Dolkow
361
362Release 2.6.0 Tue February 6 2024
363        Security fixes:
364      #789 #814  CVE-2023-52425 -- Fix quadratic runtime issues with big tokens
365                   that can cause denial of service, in partial where
366                   dealing with compressed XML input.  Applications
367                   that parsed a document in one go -- a single call to
368                   functions XML_Parse or XML_ParseBuffer -- were not affected.
369                   The smaller the chunks/buffers you use for parsing
370                   previously, the bigger the problem prior to the fix.
371                   Backporters should be careful to no omit parts of
372                   pull request #789 and to include earlier pull request #771,
373                   in order to not break the fix.
374           #777  CVE-2023-52426 -- Fix billion laughs attacks for users
375                   compiling *without* XML_DTD defined (which is not common).
376                   Users with XML_DTD defined have been protected since
377                   Expat >=2.4.0 (and that was CVE-2013-0340 back then).
378
379        Bug fixes:
380            #753  Fix parse-size-dependent "invalid token" error for
381                    external entities that start with a byte order mark
382            #780  Fix NULL pointer dereference in setContext via
383                    XML_ExternalEntityParserCreate for compilation with
384                    XML_DTD undefined
385       #812 #813  Protect against closing entities out of order
386
387        Other changes:
388            #723  Improve support for arc4random/arc4random_buf
389       #771 #788  Improve buffer growth in XML_GetBuffer and XML_Parse
390       #761 #770  xmlwf: Support --help and --version
391       #759 #770  xmlwf: Support custom buffer size for XML_GetBuffer and read
392            #744  xmlwf: Improve language and URL clickability in help output
393            #673  examples: Add new example "element_declarations.c"
394            #764  Be stricter about macro XML_CONTEXT_BYTES at build time
395            #765  Make inclusion to expat_config.h consistent
396       #726 #727  Autotools: configure.ac: Support --disable-maintainer-mode
397    #678 #705 ..
398  #706 #733 #792  Autotools: Sync CMake templates with CMake 3.26
399            #795  Autotools: Make installation of shipped man page doc/xmlwf.1
400                    independent of docbook2man availability
401            #815  Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
402                    section "Cflags.private" in order to fix compilation
403                    against static libexpat using pkg-config on Windows
404       #724 #751  Autotools|CMake: Require a C99 compiler
405                    (a de-facto requirement already since Expat 2.2.2 of 2017)
406            #793  Autotools|CMake: Fix PACKAGE_BUGREPORT variable
407       #750 #786  Autotools|CMake: Make test suite require a C++11 compiler
408            #749  CMake: Require CMake >=3.5.0
409            #672  CMake: Lowercase off_t and size_t to help a bug in Meson
410            #746  CMake: Sort xmlwf sources alphabetically
411            #785  CMake|Windows: Fix generation of DLL file version info
412            #790  CMake: Build tests/benchmark/benchmark.c as well for
413                    a build with -DEXPAT_BUILD_TESTS=ON
414       #745 #757  docs: Document the importance of isFinal + adjust tests
415                    accordingly
416            #736  docs: Improve use of "NULL" and "null"
417            #713  docs: Be specific about version of XML (XML 1.0r4)
418                    and version of C (C99); (XML 1.0r5 will need a sponsor.)
419            #762  docs: reference.html: Promote function XML_ParseBuffer more
420            #779  docs: reference.html: Add HTML anchors to XML_* macros
421            #760  docs: reference.html: Upgrade to OK.css 1.2.0
422       #763 #739  docs: Fix typos
423            #696  docs|CI: Use HTTPS URLs instead of HTTP at various places
424    #669 #670 ..
425    #692 #703 ..
426       #733 #772  Address compiler warnings
427       #798 #800  Address clang-tidy warnings
428       #775 #776  Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
429                    to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
430                    for what these numbers do
431
432        Infrastructure:
433       #700 #701  docs: Document security policy in file SECURITY.md
434            #766  docs: Improve parse buffer variables in-code documentation
435    #674 #738 ..
436    #740 #747 ..
437  #748 #781 #782  Refactor coverage and conformance tests
438       #714 #716  Refactor debug level variables to unsigned long
439            #671  Improve handling of empty environment variable value
440                    in function getDebugLevel (without visible user effect)
441    #755 #774 ..
442    #758 #783 ..
443       #784 #787  tests: Improve test coverage with regard to parse chunk size
444  #660 #797 #801  Fuzzing: Improve fuzzing coverage
445       #367 #799  Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests
446       #698 #721  CI: Resolve some Travis CI leftovers
447            #669  CI: Be robust towards absence of Git tags
448       #693 #694  CI: Set permissions to "contents: read" for security
449            #709  CI: Pin all GitHub Actions to specific commits for security
450            #739  CI: Reject spelling errors using codespell
451            #798  CI: Enforce clang-tidy clean code
452    #773 #808 ..
453       #809 #810  CI: Upgrade Clang from 15 to 18
454            #796  CI: Start using Clang's Control Flow Integrity sanitizer
455  #675 #720 #722  CI: Adapt to breaking changes in GitHub Actions Ubuntu images
456            #689  CI: Adapt to breaking changes in Clang/LLVM Debian packaging
457            #763  CI: Adapt to breaking changes in codespell
458            #803  CI: Adapt to breaking changes in Cppcheck
459
460        Special thanks to:
461            Ivan Galkin
462            Joyce Brum
463            Philippe Antoine
464            Rhodri James
465            Snild Dolkow
466            spookyahell
467            Steven Garske
468                 and
469            Clang AddressSanitizer
470            Clang UndefinedBehaviorSanitizer
471            codespell
472            GCC Farm Project
473            OSS-Fuzz
474            Sony Mobile
475
476Release 2.5.0 Tue October 25 2022
477        Security fixes:
478  #616 #649 #650  CVE-2022-43680 -- Fix heap use-after-free after overeager
479                    destruction of a shared DTD in function
480                    XML_ExternalEntityParserCreate in out-of-memory situations.
481                    Expected impact is denial of service or potentially
482                    arbitrary code execution.
483
484        Bug fixes:
485       #612 #645  Fix corruption from undefined entities
486       #613 #654  Fix case when parsing was suspended while processing nested
487                    entities
488  #616 #652 #653  Stop leaking opening tag bindings after a closing tag
489                    mismatch error where a parser is reset through
490                    XML_ParserReset and then reused to parse
491            #656  CMake: Fix generation of pkg-config file
492            #658  MinGW|CMake: Fix static library name
493
494        Other changes:
495            #663  Protect header expat_config.h from multiple inclusion
496            #666  examples: Make use of XML_GetBuffer and be more
497                    consistent across examples
498            #648  Address compiler warnings
499       #667 #668  Version info bumped from 9:9:8 to 9:10:8;
500                    see https://verbump.de/ for what these numbers do
501
502        Special thanks to:
503            Jann Horn
504            Mark Brand
505            Osyotr
506            Rhodri James
507                 and
508            Google Project Zero
509
510Release 2.4.9 Tue September 20 2022
511        Security fixes:
512       #629 #640  CVE-2022-40674 -- Heap use-after-free vulnerability in
513                    function doContent. Expected impact is denial of service
514                    or potentially arbitrary code execution.
515
516        Bug fixes:
517            #634  MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
518            #614  docs: Fix documentation on effect of switch XML_DTD on
519                    symbol visibility in doc/reference.html
520
521        Other changes:
522            #638  MinGW: Make fix-xmltest-log.sh drop more Wine bug output
523       #596 #625  Autotools: Sync CMake templates with CMake 3.22
524            #608  CMake: Migrate from use of CMAKE_*_POSTFIX to
525                    dedicated variables EXPAT_*_POSTFIX to stop affecting
526                    other projects
527       #597 #599  Windows|CMake: Add missing -DXML_STATIC to test runners
528                    and fuzzers
529       #512 #621  Windows|CMake: Render .def file from a template to fix
530                    linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
531       #611 #621  MinGW|CMake: Apply MSVC .def file when linking
532       #622 #624  MinGW|CMake: Sync library name with GNU Autotools,
533                    i.e. produce libexpat-1.dll rather than libexpat.dll
534                    by default.  Filename libexpat.dll.a is unaffected.
535            #632  MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
536                    toolchain file "cmake/mingw-toolchain.cmake" to avoid
537                    error "windres: Command not found" on e.g. Ubuntu 20.04
538       #597 #627  CMake: Unify inconsistent use of set() and option() in
539                    context of public build time options to take need for
540                    set(.. FORCE) in projects using Expat by means of
541                    add_subdirectory(..) off Expat's users' shoulders
542       #626 #641  Stop exporting API symbols when building a static library
543            #644  Resolve use of deprecated "fgrep" by "grep -F"
544            #620  CMake: Make documentation on variables a bit more consistent
545            #636  CMake: Drop leading whitespace from a #cmakedefine line in
546                    file expat_config.h.cmake
547            #594  xmlwf: Fix harmless variable mix-up in function nsattcmp
548  #592 #593 #610  Address Cppcheck warnings
549            #643  Address Clang 15 compiler warnings
550       #642 #644  Version info bumped from 9:8:8 to 9:9:8;
551                    see https://verbump.de/ for what these numbers do
552
553        Infrastructure:
554       #597 #598  CI: Windows: Start covering MSVC 2022
555            #619  CI: macOS: Migrate off deprecated macOS 10.15
556            #632  CI: Linux: Make migration off deprecated Ubuntu 18.04 work
557            #643  CI: Upgrade Clang from 14 to 15
558            #637  apply-clang-format.sh: Add support for BSD find
559            #633  coverage.sh: Exclude MinGW headers
560            #635  coverage.sh: Fix name collision for -funsigned-char
561
562        Special thanks to:
563            David Faure
564            Felix Wilhelm
565            Frank Bergmann
566            Rhodri James
567            Rosen Penev
568            Thijs Schreijer
569            Vincent Torri
570                 and
571            Google Project Zero
572
573Release 2.4.8 Mon March 28 2022
574        Other changes:
575            #587  pkg-config: Move "-lm" to section "Libs.private"
576            #587  CMake|MSVC: Fix pkg-config section "Libs"
577        #55 #582  CMake|macOS: Start using linker arguments
578                    "-compatibility_version <version>" and
579                    "-current_version <version>" in a way compatible with
580                    GNU Libtool
581       #590 #591  Version info bumped from 9:7:8 to 9:8:8;
582                    see https://verbump.de/ for what these numbers do
583
584        Infrastructure:
585            #589  CI: Upgrade Clang from 13 to 14
586
587        Special thanks to:
588            evpobr
589            Kai Pastor
590            Sam James
591
592Release 2.4.7 Fri March 4 2022
593        Bug fixes:
594       #572 #577  Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
595                    with regard to all valid URI characters (RFC 3986),
596                    i.e. the following set (excluding whitespace):
597                    ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
598                    0123456789 % -._~ :/?#[]@ !$&'()*+,;=
599
600        Other changes:
601  #555 #570 #581  CMake|Windows: Store Expat version in the DLL
602            #577  Document consequences of namespace separator choices not just
603                    in doc/reference.html but also in header <expat.h>
604            #577  Document Expat's lack of validation of namespace URIs against
605                    RFC 3986, and that the XML 1.0r4 specification doesn't
606                    require Expat to validate namespace URIs, and that Expat
607                    may do more in that regard in future releases.
608                    If you find need for strict RFC 3986 URI validation on
609                    application level today, https://uriparser.github.io/ may
610                    be of interest.
611            #579  Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
612            #575  Document that a call to XML_FreeContentModel can be done at
613                    a later time from outside the element declaration handler
614            #574  Make hardcoded namespace URIs easier to find in code
615            #573  Update documentation on use of XML_POOR_ENTOPY on Solaris
616       #569 #571  tests: Resolve use of macros NAN and INFINITY for GNU G++
617                    4.8.2 on Solaris.
618       #578 #580  Version info bumped from 9:6:8 to 9:7:8;
619                    see https://verbump.de/ for what these numbers do
620
621        Special thanks to:
622            Jeffrey Walton
623            Johnny Jazeix
624            Thijs Schreijer
625
626Release 2.4.6 Sun February 20 2022
627        Bug fixes:
628            #566  Fix a regression introduced by the fix for CVE-2022-25313
629                    in release 2.4.5 that affects applications that (1)
630                    call function XML_SetElementDeclHandler and (2) are
631                    parsing XML that contains nested element declarations
632                    (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
633
634        Other changes:
635       #567 #568  Version info bumped from 9:5:8 to 9:6:8;
636                    see https://verbump.de/ for what these numbers do
637
638        Special thanks to:
639            Matt Sergeant
640            Samanta Navarro
641            Sergei Trofimovich
642                 and
643            NixOS
644            Perl XML::Parser
645
646Release 2.4.5 Fri February 18 2022
647        Security fixes:
648            #562  CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
649                    sequences (e.g. from start tag names) to the XML
650                    processing application on top of Expat can cause
651                    arbitrary damage (e.g. code execution) depending
652                    on how invalid UTF-8 is handled inside the XML
653                    processor; validation was not their job but Expat's.
654                    Exploits with code execution are known to exist.
655            #561  CVE-2022-25236 -- Passing (one or more) namespace separator
656                    characters in "xmlns[:prefix]" attribute values
657                    made Expat send malformed tag names to the XML
658                    processor on top of Expat which can cause
659                    arbitrary damage (e.g. code execution) depending
660                    on such unexpectable cases are handled inside the XML
661                    processor; validation was not their job but Expat's.
662                    Exploits with code execution are known to exist.
663            #558  CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
664                    that could be triggered by e.g. a 2 megabytes
665                    file with a large number of opening braces.
666                    Expected impact is denial of service or potentially
667                    arbitrary code execution.
668            #560  CVE-2022-25314 -- Fix integer overflow in function copyString;
669                    only affects the encoding name parameter at parser creation
670                    time which is often hardcoded (rather than user input),
671                    takes a value in the gigabytes to trigger, and a 64-bit
672                    machine.  Expected impact is denial of service.
673            #559  CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
674                    needs input in the gigabytes and a 64-bit machine.
675                    Expected impact is denial of service or potentially
676                    arbitrary code execution.
677
678        Other changes:
679       #557 #564  Version info bumped from 9:4:8 to 9:5:8;
680                    see https://verbump.de/ for what these numbers do
681
682        Special thanks to:
683            Ivan Fratric
684            Samanta Navarro
685                 and
686            Google Project Zero
687            JetBrains
688
689Release 2.4.4 Sun January 30 2022
690        Security fixes:
691            #550  CVE-2022-23852 -- Fix signed integer overflow
692                    (undefined behavior) in function XML_GetBuffer
693                    (that is also called by function XML_Parse internally)
694                    for when XML_CONTEXT_BYTES is defined to >0 (which is both
695                    common and default).
696                    Impact is denial of service or more.
697            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
698                    doProlog triggered by large content in element type
699                    declarations when there is an element declaration handler
700                    present (from a prior call to XML_SetElementDeclHandler).
701                    Impact is denial of service or more.
702
703        Bug fixes:
704       #544 #545  xmlwf: Fix a memory leak on output file opening error
705
706        Other changes:
707            #546  Autotools: Fix broken CMake support under Cygwin
708            #554  Windows: Add missing files to the installer to fix
709                    compilation with CMake from installed sources
710       #552 #554  Version info bumped from 9:3:8 to 9:4:8;
711                    see https://verbump.de/ for what these numbers do
712
713        Special thanks to:
714            Carlo Bramini
715            hwt0415
716            Roland Illig
717            Samanta Navarro
718                 and
719            Clang LeakSan and the Clang team
720
721Release 2.4.3 Sun January 16 2022
722        Security fixes:
723       #531 #534  CVE-2021-45960 -- Fix issues with left shifts by >=29 places
724                    resulting in
725                      a) realloc acting as free
726                      b) realloc allocating too few bytes
727                      c) undefined behavior
728                    depending on architecture and precise value
729                    for XML documents with >=2^27+1 prefixed attributes
730                    on a single XML tag a la
731                    "<r xmlns:a='[..]' a:a123='[..]' [..] />"
732                    where XML_ParserCreateNS is used to create the parser
733                    (which needs argument "-n" when running xmlwf).
734                    Impact is denial of service, or more.
735       #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
736                    on variable m_groupSize in function doProlog leading
737                    to realloc acting as free.
738                    Impact is denial of service or more.
739            #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
740                    near memory allocation at multiple places.  Mitre assigned
741                    a dedicated CVE for each involved internal C function:
742                    - CVE-2022-22822 for function addBinding
743                    - CVE-2022-22823 for function build_model
744                    - CVE-2022-22824 for function defineAttribute
745                    - CVE-2022-22825 for function lookup
746                    - CVE-2022-22826 for function nextScaffoldPart
747                    - CVE-2022-22827 for function storeAtts
748                    Impact is denial of service or more.
749
750        Other changes:
751            #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
752            #541  Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
753                    and MSYS2 by not going through Wine on these platforms
754       #527 #528  Address compiler warnings
755       #533 #543  Version info bumped from 9:2:8 to 9:3:8;
756                    see https://verbump.de/ for what these numbers do
757
758        Infrastructure:
759            #536  CI: Check for realistic minimum CMake version
760       #529 #539  CI: Cover compilation with -m32
761            #529  CI: Store coverage reports as artifacts for download
762            #528  CI: Upgrade Clang from 11 to 13
763
764        Special thanks to:
765            An anonymous whitehat
766            Christopher Degawa
767            J. Peter Mugaas
768            Tyson Smith
769                 and
770            GCC Farm Project
771            Trend Micro Zero Day Initiative
772
773Release 2.4.2 Sun December 19 2021
774        Other changes:
775       #509 #510  Link againgst libm for function "isnan"
776       #513 #514  Include expat_config.h as early as possible
777            #498  Autotools: Include files with release archives:
778                    - buildconf.sh
779                    - fuzz/*.c
780       #507 #519  Autotools: Sync CMake templates with CMake 3.20
781       #495 #524  CMake: MinGW: Fix pkg-config section "Libs" for
782                    - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
783                    - multi-config CMake generators (e.g. Ninja Multi-Config)
784       #502 #503  docs: Document that function XML_GetBuffer may return NULL
785                    when asking for a buffer of 0 (zero) bytes size
786       #522 #523  docs: Fix return value docs for both
787                    XML_SetBillionLaughsAttackProtection* functions
788       #525 #526  Version info bumped from 9:1:8 to 9:2:8;
789                    see https://verbump.de/ for what these numbers do
790
791        Special thanks to:
792            Donghee Na
793            Joergen Ibsen
794            Kai Pastor
795
796Release 2.4.1 Sun May 23 2021
797        Bug fixes:
798       #488 #490  Autotools: Fix installed header expat_config.h for multilib
799                    systems; regression introduced in 2.4.0 by pull request #486
800
801        Other changes:
802       #491 #492  Version info bumped from 9:0:8 to 9:1:8;
803                    see https://verbump.de/ for what these numbers do
804
805        Special thanks to:
806            Gentoo's QA check "multilib_check_headers"
807
808Release 2.4.0 Sun May 23 2021
809        Security fixes:
810   #34 #466 #484  CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
811                    (denial-of-service; flavors targeting CPU time or RAM or both,
812                    leveraging general entities or parameter entities or both)
813                    by tracking and limiting the input amplification factor
814                    (<amplification> := (<direct> + <indirect>) / <direct>).
815                    By conservative default, amplification up to a factor of 100.0
816                    is tolerated and rejection only starts after 8 MiB of output bytes
817                    (=<direct> + <indirect>) have been processed.
818                    The fix adds the following to the API:
819                    - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
820                      signals this specific condition.
821                    - Two new API functions ..
822                      - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
823                      - XML_SetBillionLaughsAttackProtectionActivationThreshold
824                      .. to further tighten billion laughs protection parameters
825                      when desired.  Please see file "doc/reference.html" for details.
826                      If you ever need to increase the defaults for non-attack XML
827                      payload, please file a bug report with libexpat.
828                    - Two new XML_FEATURE_* constants ..
829                      - that can be queried using the XML_GetFeatureList function, and
830                      - that are shown in "xmlwf -v" output.
831                    - Two new environment variable switches ..
832                      - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
833                      - EXPAT_ENTITY_DEBUG=(0|1)
834                      .. for runtime debugging of accounting and entity processing.
835                      Specific behavior of these values may change in the future.
836                    - Two new command line arguments "-a FACTOR" and "-b BYTES"
837                      for xmlwf to further tighten billion laughs protection
838                      parameters when desired.
839                      If you ever need to increase the defaults for non-attack XML
840                      payload, please file a bug report with libexpat.
841
842        Bug fixes:
843       #332 #470  For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
844                    or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
845                    for UTF-16 payloads containing CDATA sections.
846       #485 #486  Autotools: Fix generated CMake files for non-64bit and
847                    non-Linux platforms (e.g. macOS and MinGW in particular)
848                    that were introduced with release 2.3.0
849
850        Other changes:
851       #468 #469  xmlwf: Improve help output and the xmlwf man page
852            #463  xmlwf: Improve maintainability through some refactoring
853            #477  xmlwf: Fix man page DocBook validity
854            #456  Autotools: Sync CMake templates with CMake 3.18
855       #458 #459  CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
856                    and CMAKE_INSTALL_INCLUDEDIR
857       #471 #481  CMake: Add support for standard variable BUILD_SHARED_LIBS
858            #457  Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
859            #467  Resolve macro HAVE_EXPAT_CONFIG_H
860            #472  Delete unused legacy helper file "conftools/PrintPath"
861       #473 #483  Improve attribution
862  #464 #465 #477  doc/reference.html: Fix XHTML validity
863       #475 #478  doc/reference.html: Replace the 90s look by OK.css
864            #479  Version info bumped from 8:0:7 to 9:0:8
865                    due to addition of new symbols and error codes;
866                    see https://verbump.de/ for what these numbers do
867
868        Infrastructure:
869            #456  CI: Enable periodic runs
870            #457  CI: Start covering the list of exported symbols
871            #474  CI: Isolate coverage task
872       #476 #482  CI: Adapt to breaking changes in image "ubuntu-18.04"
873            #477  CI: Cover well-formedness and DocBook/XHTML validity
874                    of doc/reference.html and doc/xmlwf.xml
875
876        Special thanks to:
877            Dimitry Andric
878            Eero Helenius
879            Nick Wellnhofer
880            Rhodri James
881            Tomas Korbar
882            Yury Gribov
883                 and
884            Clang LeakSan
885            JetBrains
886            OSS-Fuzz
887
888Release 2.3.0 Thu March 25 2021
889        Bug fixes:
890            #438  When calling XML_ParseBuffer without a prior successful call to
891                    XML_GetBuffer as a user, no longer trigger undefined behavior
892                    (by adding an integer to a NULL pointer) but rather return
893                    XML_STATUS_ERROR and set the error code to (new) code
894                    XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
895                    of Clang 11 (but not Clang 9).
896            #444  xmlwf: Exit status 2 was used for both:
897                    - malformed input files (documented) and
898                    - invalid command-line arguments (undocumented).
899                    The case of invalid command-line arguments now
900                    has its own exit status 4, resolving the ambiguity.
901
902        Other changes:
903            #439  xmlwf: Add argument -k to allow continuing after
904                    non-fatal errors
905            #439  xmlwf: Add section about exit status to the -h help output
906  #422 #426 #447  Windows: Drop support for Visual Studio <=14.0/2015
907            #434  Windows: CMake: Detect unsupported Visual Studio at
908                    configure time (rather than at compile time)
909       #382 #428  testrunner: Make verbose mode (argument "-v") report
910                    about passed tests, and make default mode report about
911                    failures, as well.
912            #442  CMake: Call "enable_language(CXX)" prior to tinkering
913                    with CMAKE_CXX_* variables
914            #448  Document use of libexpat from a CMake-based project
915            #451  Autotools: Install CMake files as generated by CMake 3.19.6
916                    so that users with "find_package(expat [..] CONFIG [..])"
917                    are served on distributions that are *not* using the CMake
918                    build system inside for libexpat packaging
919       #436 #437  Autotools: Drop obsolescent macro AC_HEADER_STDC
920       #450 #452  Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
921            #441  Address compiler warnings
922            #443  Version info bumped from 7:12:6 to 8:0:7
923                    due to addition of error code XML_ERROR_NO_BUFFER
924                    (see https://verbump.de/ for what these numbers do)
925
926        Infrastructure:
927       #435 #446  Replace Travis CI by GitHub Actions
928
929        Special thanks to:
930            Alexander Richardson
931            Oleksandr Popovych
932            Thomas Beutlich
933            Tim Bray
934                 and
935            Clang LeakSan, Clang 11 UBSan and the Clang team
936
937Release 2.2.10 Sat October 3 2020
938        Bug fixes:
939  #390 #395 #398  Fix undefined behavior during parsing caused by
940                    pointer arithmetic with NULL pointers
941       #404 #405  Fix reading uninitialized variable during parsing
942            #406  xmlwf: Add missing check for malloc NULL return
943
944        Other changes:
945            #396  Windows: Drop support for Visual Studio <=8.0/2005
946            #409  Windows: Add missing file "Changes" to the installer
947                    to fix compilation with CMake from installed sources
948            #403  xmlwf: Document exit codes in xmlwf manpage and
949                    exit with code 3 (rather than code 1) for output errors
950                    when used with "-d DIRECTORY"
951       #356 #359  MinGW: Provide declaration of rand_s for mingwrt <5.3.0
952       #383 #392  Autotools: Use -Werror while configure tests the compiler
953                    for supported compile flags to avoid false positives
954  #383 #393 #394  Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
955                    e.g. ensure that they have the last word over flags added
956                    while running ./configure
957            #360  CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
958                    on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
959            #360  CMake: Detect and deny unsupported build combinations
960                    involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
961            #360  CMake: Install pre-compiled shipped xmlwf.1 manpage in case
962                    of -DEXPAT_BUILD_DOCS=OFF
963  #375 #380 #419  CMake: Fix use of Expat by means of add_subdirectory
964       #407 #408  CMake: Keep expat target name constant at "expat"
965                    (i.e. refrain from using the target name to control
966                    build artifact filenames)
967            #385  CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
968                    Windows
969                  CMake: Expose man page compilation as target "xmlwf-manpage"
970       #413 #414  CMake: Introduce option EXPAT_BUILD_PKGCONFIG
971                    to control generation of pkg-config file "expat.pc"
972            #424  CMake: Add minimalistic support for building binary packages
973                    with CMake target "package"; based on CPack
974            #366  CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
975                    default OFF to build fuzzer code against OSS-Fuzz and
976                    related environment variable LIB_FUZZING_ENGINE
977            #354  Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
978    #354 #355 ..
979       #356 #412  Address compiler warnings
980       #368 #369  Address pngcheck warnings with doc/*.png images
981            #425  Version info bumped from 7:11:6 to 7:12:6
982
983        Special thanks to:
984            asavah
985            Ben Wagner
986            Bhargava Shastry
987            Frank Landgraf
988            Jeffrey Walton
989            Joe Orton
990            Kleber Tarcísio
991            Ma Lin
992            Maciej Sroczyński
993            Mohammed Khajapasha
994            Vadim Zeitlin
995                 and
996            Cppcheck 2.0 and the Cppcheck team
997
998Release 2.2.9 Wed September 25 2019
999        Other changes:
1000                  examples: Drop executable bits from elements.c
1001            #349  Windows: Change the name of the Windows DLLs from expat*.dll
1002                    to libexpat*.dll once more (regression from 2.2.8, first
1003                    fixed in 1.95.3, issue #61 on SourceForge today,
1004                    was issue #432456 back then); needs a fix due
1005                    case-insensitive file systems on Windows and the fact that
1006                    Perl's XML::Parser::Expat compiles into Expat.dll.
1007            #347  Windows: Only define _CRT_RAND_S if not defined
1008                  Version info bumped from 7:10:6 to 7:11:6
1009
1010        Special thanks to:
1011            Ben Wagner
1012
1013Release 2.2.8 Fri September 13 2019
1014        Security fixes:
1015       #317 #318  CVE-2019-15903 -- Fix heap overflow triggered by
1016                    XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
1017                    and deny internal entities closing the doctype;
1018                    fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
1019
1020        Bug fixes:
1021            #240  Fix cases where XML_StopParser did not have any effect
1022                    when called from inside of an end element handler
1023            #341  xmlwf: Fix exit code for operation without "-d DIRECTORY";
1024                    previously, only "-d DIRECTORY" would give you a proper
1025                    exit code:
1026                      # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
1027                      2
1028                      # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
1029                      0
1030                    Now both cases return exit code 2.
1031
1032        Other changes:
1033       #299 #302  Windows: Replace LoadLibrary hack to access
1034                    unofficial API function SystemFunction036 (RtlGenRandom)
1035                    by using official API function rand_s (needs WinXP+)
1036            #325  Windows: Drop support for Visual Studio <=7.1/2003
1037                    and document supported compilers in README.md
1038            #286  Windows: Remove COM code from xmlwf; in case it turns
1039                    out needed later, there will be a dedicated repository
1040                    below https://github.com/libexpat/ for that code
1041            #322  Windows: Remove explicit MSVC solution and project files.
1042                    You can generate Visual Studio solution files through
1043                    CMake, e.g.: cmake -G"Visual Studio 15 2017" .
1044            #338  xmlwf: Make "xmlwf -h" help output more friendly
1045            #339  examples: Improve elements.c
1046       #244 #264  Autotools: Add argument --enable-xml-attr-info
1047       #239 #301  Autotools: Add arguments
1048                    --with-getrandom
1049                    --without-getrandom
1050                    --with-sys-getrandom
1051                    --without-sys-getrandom
1052       #312 #343  Autotools: Fix linking issues with "./configure LD=clang"
1053                  Autotools: Fix "make run-xmltest" for out-of-source builds
1054       #329 #336  CMake: Pull all options from Expat <=2.2.7 into namespace
1055                    prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
1056                    - BUILD_doc            -> EXPAT_BUILD_DOCS (plural)
1057                    - BUILD_examples       -> EXPAT_BUILD_EXAMPLES
1058                    - BUILD_shared         -> EXPAT_SHARED_LIBS
1059                    - BUILD_tests          -> EXPAT_BUILD_TESTS
1060                    - BUILD_tools          -> EXPAT_BUILD_TOOLS
1061                    - DOCBOOK_TO_MAN       -> DOCBOOK_TO_MAN (unchanged)
1062                    - INSTALL              -> EXPAT_ENABLE_INSTALL
1063                    - MSVC_USE_STATIC_CRT  -> EXPAT_MSVC_STATIC_CRT
1064                    - USE_libbsd           -> EXPAT_WITH_LIBBSD
1065                    - WARNINGS_AS_ERRORS   -> EXPAT_WARNINGS_AS_ERRORS
1066                    - XML_CONTEXT_BYTES    -> EXPAT_CONTEXT_BYTES
1067                    - XML_DEV_URANDOM      -> EXPAT_DEV_URANDOM
1068                    - XML_DTD              -> EXPAT_DTD
1069                    - XML_NS               -> EXPAT_NS
1070                    - XML_UNICODE          -> EXPAT_CHAR_TYPE=ushort (!)
1071                    - XML_UNICODE_WCHAR_T  -> EXPAT_CHAR_TYPE=wchar_t (!)
1072       #244 #264  CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
1073                    default OFF
1074            #326  CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
1075                    default OFF
1076            #328  CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
1077                    default OFF
1078       #239 #277  CMake: Add arguments
1079                    -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
1080                    -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
1081            #326  CMake: Install expat_config.h to include directory
1082            #326  CMake: Generate and install configuration files for
1083                    future find_package(expat [..] CONFIG [..])
1084                  CMake: Now produces a summary of applied configuration
1085                  CMake: Require C++ compiler only when tests are enabled
1086            #330  CMake: Fix compilation for 16bit character types,
1087                    i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
1088            #265  CMake: Fix linking with MinGW
1089            #330  CMake: Add full support for MinGW; to enable, use
1090                    -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
1091            #330  CMake: Port "make run-xmltest" from GNU Autotools to CMake
1092            #316  CMake: Windows: Make binary postfix match MSVC
1093                    Old: expat[d].lib
1094                    New: expat[w][d][MD|MT].lib
1095                  CMake: Migrate files from Windows to Unix line endings
1096            #308  CMake: Integrate OSS-Fuzz fuzzers, option
1097                    -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
1098             #14  Drop an OpenVMS support leftover
1099    #235 #268 ..
1100    #270 #310 ..
1101  #313 #331 #333  Address compiler warnings
1102    #282 #283 ..
1103       #284 #285  Address cppcheck warnings
1104       #294 #295  Address Clang Static Analyzer warnings
1105        #24 #293  Mass-apply clang-format 9 (and ensure conformance during CI)
1106                  Version info bumped from 7:9:6 to 7:10:6
1107
1108        Special thanks to:
1109            David Loffredo
1110            Joonun Jang
1111            Kishore Kunche
1112            Marco Maggi
1113            Mitch Phillips
1114            Mohammed Khajapasha
1115            Rolf Ade
1116            xantares
1117            Zhongyuan Zhou
1118
1119Release 2.2.7 Wed June 19 2019
1120        Security fixes:
1121       #186 #262  CVE-2018-20843 -- Fix extraction of namespace prefixes from
1122                    XML names; XML names with multiple colons could end up in
1123                    the wrong namespace, and take a high amount of RAM and CPU
1124                    resources while processing, opening the door to
1125                    use for denial-of-service attacks
1126
1127        Other changes:
1128       #195 #197  Autotools/CMake: Utilize -fvisibility=hidden to stop
1129                    exporting non-API symbols
1130            #227  Autotools: Add --without-examples and --without-tests
1131            #228  Autotools: Modernize configure.ac
1132       #245 #246  Autotools: Fix check for -fvisibility=hidden for Clang
1133       #247 #248  Autotools: Fix compilation for lack of docbook2x-man
1134       #236 #258  Autotools: Produce .tar.{gz,lz,xz} release archives
1135            #212  CMake: Make libdir of pkgconfig expat.pc support multilib
1136       #158 #263  CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
1137            #219  Remove fallback to bcopy, assume that memmove(3) exists
1138            #257  Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD)
1139            #243  Windows: Fix syntax of .def module definition files
1140                  Version info bumped from 7:8:6 to 7:9:6
1141
1142        Special thanks to:
1143            Benjamin Peterson
1144            Caolán McNamara
1145            Hanno Böck
1146            KangLin
1147            Kishore Kunche
1148            Marco Maggi
1149            Rhodri James
1150            Sebastian Dröge
1151            userwithuid
1152            Yury Gribov
1153
1154Release 2.2.6 Sun August 12 2018
1155        Bug fixes:
1156       #170 #206  Avoid doing arithmetic with NULL pointers in XML_GetBuffer
1157       #204 #205  Fix 2.2.5 regression with suspend-resume while parsing
1158                    a document like '<root/>'
1159
1160        Other changes:
1161       #165 #168  Autotools: Fix docbook-related configure syntax error
1162            #166  Autotools: Avoid grep option `-q` for Solaris
1163            #167  Autotools: Support
1164                    ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
1165       #159 #167  Autotools: Support DOCBOOK_TO_MAN command which produces
1166                    xmlwf.1 rather than XMLWF.1; also covers case insensitive
1167                    file systems
1168            #181  Autotools: Drop -rpath option passed to libtool
1169            #188  Autotools: Detect and deny SGML docbook2man as ours is XML
1170            #188  Autotools/CMake: Support command db2x_docbook2man as well
1171            #174  CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
1172       #184 #185  CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
1173       #207 #208  CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
1174                    both defaulting to OFF
1175            #175  CMake: Prefer check_symbol_exists over check_function_exists
1176            #176  CMake: Create the same pkg-config file as with GNU Autotools
1177       #178 #179  CMake: Use GNUInstallDirs module to set proper defaults for
1178                    install directories
1179            #208  CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
1180            #180  Windows: Fix compilation of test suite for Visual Studio 2008
1181  #131 #173 #202  Address compiler warnings
1182  #187 #190 #200  Fix miscellaneous typos
1183                  Version info bumped from 7:7:6 to 7:8:6
1184
1185        Special thanks to:
1186            Anton Maklakov
1187            Benjamin Peterson
1188            Brad King
1189            Franek Korta
1190            Frank Rast
1191            Joe Orton
1192            luzpaz
1193            Pedro Vicente
1194            Rainer Jung
1195            Rhodri James
1196            Rolf Ade
1197            Rolf Eike Beer
1198            Thomas Beutlich
1199            Tomasz Kłoczko
1200
1201Release 2.2.5 Tue October 31 2017
1202        Bug fixes:
1203              #8  If the parser runs out of memory, make sure its internal
1204                    state reflects the memory it actually has, not the memory
1205                    it wanted to have.
1206             #11  The default handler wasn't being called when it should for
1207                    a SYSTEM or PUBLIC doctype if an entity declaration handler
1208                    was registered.
1209       #137 #138  Fix a case of mistakenly reported parsing success where
1210                    XML_StopParser was called from an element handler
1211            #162  Function XML_ErrorString was returning NULL rather than
1212                    a message for code XML_ERROR_INVALID_ARGUMENT
1213                    introduced with release 2.2.1
1214
1215        Other changes:
1216            #106  xmlwf: Add argument -N adding notation declarations
1217        #75 #106  Test suite: Resolve expected failure cases where xmlwf
1218                    output was incomplete
1219            #127  Windows: Fix test suite compilation
1220       #126 #127  Windows: Fix compilation for Visual Studio 2012
1221                  Windows: Upgrade shipped project files to Visual Studio 2017
1222        #33 #132  tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
1223            #129  examples: Fix compilation for XML_UNICODE_WCHAR_T
1224            #130  benchmark: Fix compilation for XML_UNICODE_WCHAR_T
1225            #144  xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
1226                    Windows or MinGW for 2-byte wchar_t
1227              #9  Address two Clang Static Analyzer false positives
1228             #59  Resolve troublesome macros hiding parser struct membership
1229                    and dereferencing that pointer
1230              #6  Resolve superfluous internal malloc/realloc switch
1231       #153 #155  Improve docbook2x-man detection
1232            #160  Undefine NDEBUG in the test suite (rather than rejecting it)
1233            #161  Address compiler warnings
1234                  Version info bumped from 7:6:6 to 7:7:6
1235
1236        Special thanks to:
1237            Benbuck Nason
1238            Hans Wennborg
1239            José Gutiérrez de la Concha
1240            Pedro Monreal Gonzalez
1241            Rhodri James
1242            Rolf Ade
1243            Stephen Groat
1244                 and
1245            Core Infrastructure Initiative
1246
1247Release 2.2.4 Sat August 19 2017
1248        Bug fixes:
1249            #115  Fix copying of partial characters for UTF-8 input
1250
1251        Other changes:
1252            #109  Fix "make check" for non-x86 architectures that default
1253                    to unsigned type char (-128..127 rather than 0..255)
1254            #109  coverage.sh: Cover -funsigned-char
1255                  Autotools: Introduce --without-xmlwf argument
1256             #65  Autotools: Replace handwritten Makefile with GNU Automake
1257             #43  CMake: Auto-detect high quality entropy extractors, add new
1258                    option USE_libbsd=ON to use arc4random_buf of libbsd
1259             #74  CMake: Add -fno-strict-aliasing only where supported
1260            #114  CMake: Always honor manually set BUILD_* options
1261            #114  CMake: Compile man page if docbook2x-man is available, only
1262            #117  Include file tests/xmltest.log.expected in source tarball
1263                    (required for "make run-xmltest")
1264            #117  Include (existing) Visual Studio 2013 files in source tarball
1265                  Improve test suite error output
1266            #111  Fix some typos in documentation
1267                  Version info bumped from 7:5:6 to 7:6:6
1268
1269        Special thanks to:
1270            Jakub Wilk
1271            Joe Orton
1272            Lin Tian
1273            Rolf Eike Beer
1274
1275Release 2.2.3 Wed August 2 2017
1276        Security fixes:
1277             #82  CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
1278                    using Steve Holme's LoadLibrary wrapper for/of cURL
1279
1280        Bug fixes:
1281             #85  Fix a dangling pointer issue related to realloc
1282
1283        Other changes:
1284                  Increase code coverage
1285             #91  Linux: Allow getrandom to fail if nonblocking pool has not
1286                    yet been initialized and read /dev/urandom then, instead.
1287                    This is in line with what recent Python does.
1288             #81  Pre-10.7/Lion macOS: Support entropy from arc4random
1289             #86  Check that a UTF-16 encoding in an XML declaration has the
1290                    right endianness
1291        #4 #5 #7  Recover correctly when some reallocations fail
1292                  Repair "./configure && make" for systems without any
1293                    provider of high quality entropy
1294                    and try reading /dev/urandom on those
1295                  Ensure that user-defined character encodings have converter
1296                    functions when they are needed
1297                  Fix mis-leading description of argument -c in xmlwf.1
1298                  Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
1299                    for CloudABI
1300            #100  Fix use of SIPHASH_MAIN in siphash.h
1301             #23  Test suite: Fix memory leaks
1302                  Version info bumped from 7:4:6 to 7:5:6
1303
1304        Special thanks to:
1305            Chanho Park
1306            Joe Orton
1307            Pascal Cuoq
1308            Rhodri James
1309            Simon McVittie
1310            Vadim Zeitlin
1311            Viktor Szakats
1312                 and
1313            Core Infrastructure Initiative
1314
1315Release 2.2.2 Wed July 12 2017
1316        Security fixes:
1317             #43  Protect against compilation without any source of high
1318                    quality entropy enabled, e.g. with CMake build system;
1319                    commit ff0207e6076e9828e536b8d9cd45c9c92069b895
1320             #60  Windows with _UNICODE:
1321                    Unintended use of LoadLibraryW with a non-wide string
1322                    resulted in failure to load advapi32.dll and degradation
1323                    in quality of used entropy when compiled with _UNICODE for
1324                    Windows; you can launch existing binaries with
1325                    EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
1326                    quality of entropy used during runtime; commits
1327                    * 95b95032f907ef1cd17ee7a9a1768010a825d61d
1328                    * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
1329   [MOX-006]      Fix non-NULL parser parameter validation in XML_Parse;
1330                    resulted in NULL dereference, previously;
1331                    commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
1332
1333        Bug fixes:
1334             #69  Fix improper use of unsigned long long integer literals
1335
1336        Other changes:
1337             #73  Start requiring a C99 compiler
1338             #49  Fix "==" Bashism in configure script
1339             #50  Fix too eager getrandom detection for Debian GNU/kFreeBSD
1340             #52    and macOS
1341             #51  Address lack of stdint.h in Visual Studio 2003 to 2008
1342             #58  Address compile warnings
1343             #68  Fix "./buildconf.sh && ./configure" for some versions
1344                    of Dash for /bin/sh
1345             #72  CMake: Ease use of Expat in context of a parent project
1346                    with multiple CMakeLists.txt files
1347             #72  CMake: Resolve mistaken executable permissions
1348             #76  Address compile warning with -DNDEBUG (not recommended!)
1349             #77  Address compile warning about macro redefinition
1350
1351        Special thanks to:
1352            Alexander Bluhm
1353            Ben Boeckel
1354            Cătălin Răceanu
1355            Kerin Millar
1356            László Böszörményi
1357            S. P. Zeidler
1358            Segev Finer
1359            Václav Slavík
1360            Victor Stinner
1361            Viktor Szakats
1362                 and
1363            Radically Open Security
1364
1365Release 2.2.1 Sat June 17 2017
1366        Security fixes:
1367                  CVE-2017-9233 -- External entity infinite loop DoS
1368                    Details: https://libexpat.github.io/doc/cve-2017-9233/
1369                    Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
1370   [MOX-002]      CVE-2016-9063 -- Detect integer overflow; commit
1371                    d4f735b88d9932bd5039df2335eefdd0723dbe20
1372                    (Fixed version of existing downstream patches!)
1373   (SF.net) #539  Fix regression from fix to CVE-2016-0718 cutting off
1374                    longer tag names; commits
1375                    * 896b6c1fd3b842f377d1b62135dccf0a579cf65d
1376                    * af507cef2c93cb8d40062a0abe43a4f4e9158fb2
1377             #16    * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
1378             #25  More integer overflow detection (function poolGrow); commits
1379                    * 810b74e4703dcfdd8f404e3cb177d44684775143
1380                    * 44178553f3539ce69d34abee77a05e879a7982ac
1381   [MOX-002]      Detect overflow from len=INT_MAX call to XML_Parse; commits
1382                    * 4be2cb5afcc018d996f34bbbce6374b7befad47f
1383                    * 7e5b71b748491b6e459e5c9a1d090820f94544d8
1384   [MOX-005] #30  Use high quality entropy for hash initialization:
1385                    * arc4random_buf on BSD, systems with libbsd
1386                      (when configured with --with-libbsd), CloudABI
1387                    * RtlGenRandom on Windows XP / Server 2003 and later
1388                    * getrandom on Linux 3.17+
1389                    In a way, that's still part of CVE-2016-5300.
1390                    https://github.com/libexpat/libexpat/pull/30/commits
1391   [MOX-005]      For the low quality entropy extraction fallback code,
1392                    the parser instance address can no longer leak, commit
1393                    04ad658bd3079dd15cb60fc67087900f0ff4b083
1394   [MOX-003]      Prevent use of uninitialised variable; commit
1395   [MOX-004]        a4dc944f37b664a3ca7199c624a98ee37babdb4b
1396                  Add missing parameter validation to public API functions
1397                    and dedicated error code XML_ERROR_INVALID_ARGUMENT:
1398   [MOX-006]        * NULL checks; commits
1399                      * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
1400                      * 9ed727064b675b7180c98cb3d4f75efba6966681
1401                      * 6a747c837c50114dfa413994e07c0ba477be4534
1402                    * Negative length (XML_Parse); commit
1403   [MOX-002]          70db8d2538a10f4c022655d6895e4c3e78692e7f
1404   [MOX-001] #35  Change hash algorithm to William Ahern's version of SipHash
1405                    to go further with fixing CVE-2012-0876.
1406                    https://github.com/libexpat/libexpat/pull/39/commits
1407
1408        Bug fixes:
1409             #32  Fix sharing of hash salt across parsers;
1410                    relevant where XML_ExternalEntityParserCreate is called
1411                    prior to XML_Parse, in particular (e.g. FBReader)
1412             #28  xmlwf: Auto-disable use of memory-mapping (and parsing
1413                    as a single chunk) for files larger than ~1 GB (2^30 bytes)
1414                    rather than failing with error "out of memory"
1415              #3  Fix double free after malloc failure in DTD code; commit
1416                    7ae9c3d3af433cd4defe95234eae7dc8ed15637f
1417             #17  Fix memory leak on parser error for unbound XML attribute
1418                    prefix with new namespaces defined in the same tag;
1419                    found by Google's OSS-Fuzz; commits
1420                    * 16f87daae5a16132e479e4f71862128c7a915c73
1421                    * b47dbc9745932c160893d433220e462bd605f8cd
1422                  xmlwf on Windows: Add missing calls to CloseHandle
1423
1424        New features:
1425             #30  Introduced environment switch EXPAT_ENTROPY_DEBUG=1
1426                    for runtime debugging of entropy extraction
1427
1428        Other changes:
1429                  Increase code coverage
1430             #33  Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
1431                    XML_UNICODE_WCHAR_T was never meant to be used outside
1432                    of Windows; 4-byte wchar_t is common on Linux
1433   (SF.net) #538  Start using -fno-strict-aliasing
1434   (SF.net) #540  Support compilation against cloudlibc of CloudABI
1435                  Allow MinGW cross-compilation
1436   (SF.net) #534  CMake: Introduce option "BUILD_doc" (enabled by default)
1437                    to bypass compilation of the xmlwf.1 man page
1438   (SF.net)  pr2  CMake: Introduce option "INSTALL" (enabled by default)
1439                    to bypass installation of expat files
1440                  CMake: Fix ninja support
1441                  Autotools: Add parameters --enable-xml-context [COUNT]
1442                    and --disable-xml-context; default of context of 1024
1443                    bytes enabled unchanged
1444             #14  Drop AmigaOS 4.x code and includes
1445             #14  Drop ancient build systems:
1446                    * Borland C++ Builder
1447                    * OpenVMS
1448                    * Open Watcom
1449                    * Visual Studio 6.0
1450                    * Pre-X Mac OS (MPW Makefile)
1451                    If you happen to rely on some of these, please get in
1452                    touch for joining with maintenance.
1453             #10  Move from WIN32 to _WIN32
1454             #13  Fix "make run-xmltest" order instability
1455                  Address compile warnings
1456                  Bump version info from 7:2:6 to 7:3:6
1457                  Add AUTHORS file
1458
1459        Infrastructure:
1460              #1  Migrate from SourceForge to GitHub (except downloads):
1461                    https://github.com/libexpat/
1462              #1  Re-create http://libexpat.org/ project website
1463                  Start utilizing Travis CI
1464
1465        Special thanks to:
1466            Andy Wang
1467            Don Lewis
1468            Ed Schouten
1469            Karl Waclawek
1470            Pascal Cuoq
1471            Rhodri James
1472            Sergei Nikulov
1473            Tobias Taschner
1474            Viktor Szakats
1475                 and
1476            Core Infrastructure Initiative
1477            Mozilla Foundation (MOSS Track 3: Secure Open Source)
1478            Radically Open Security
1479
1480Release 2.2.0 Tue June 21 2016
1481        Security fixes:
1482            #537  CVE-2016-0718 -- Fix crash on malformed input
1483                  CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
1484                                   CVE-2015-2716 introduced with Expat 2.1.1
1485            #499  CVE-2016-5300 -- Use more entropy for hash initialization
1486                                   than the original fix to CVE-2012-0876
1487            #519  CVE-2012-6702 -- Resolve troublesome internal call to srand
1488                                   that was introduced with Expat 2.1.0
1489                                   when addressing CVE-2012-0876 (issue #496)
1490
1491        Bug fixes:
1492                  Fix uninitialized reads of size 1
1493                    (e.g. in little2_updatePosition)
1494                  Fix detection of UTF-8 character boundaries
1495
1496        Other changes:
1497            #532  Fix compilation for Visual Studio 2010 (keyword "C99")
1498                  Autotools: Resolve use of "$<" to better support bmake
1499                  Autotools: Add QA script "qa.sh" (and make target "qa")
1500                  Autotools: Respect CXXFLAGS if given
1501                  Autotools: Fix "make run-xmltest"
1502                  Autotools: Have "make run-xmltest" check for expected output
1503             p90  CMake: Fix static build (BUILD_shared=OFF) on Windows
1504            #536  CMake: Add soversion, support -DNO_SONAME=yes to bypass
1505            #323  CMake: Add suffix "d" to differentiate debug from release
1506                  CMake: Define WIN32 with CMake on Windows
1507                  Annotate memory allocators for GCC
1508                  Address all currently known compile warnings
1509                  Make sure that API symbols remain visible despite
1510                    -fvisibility=hidden
1511                  Remove executable flag from source files
1512                  Resolve COMPILED_FROM_DSP in favor of WIN32
1513
1514        Special thanks to:
1515            Björn Lindahl
1516            Christian Heimes
1517            Cristian Rodríguez
1518            Daniel Krügler
1519            Gustavo Grieco
1520            Karl Waclawek
1521            László Böszörményi
1522            Marco Grassi
1523            Pascal Cuoq
1524            Sergei Nikulov
1525            Thomas Beutlich
1526            Warren Young
1527            Yann Droneaud
1528
1529Release 2.1.1 Sat March 12 2016
1530        Security fixes:
1531            #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
1532
1533        Bug fixes:
1534            #502: Fix potential null pointer dereference
1535            #520: Symbol XML_SetHashSalt was not exported
1536            Output of "xmlwf -h" was incomplete
1537
1538        Other changes:
1539            #503: Document behavior of calling XML_SetHashSalt with salt 0
1540            Minor improvements to man page xmlwf(1)
1541            Improvements to the experimental CMake build system
1542            libtool now invoked with --verbose
1543
1544Release 2.1.0 Sat March 24 2012
1545        - Security fixes:
1546          #2958794: CVE-2012-1148 - Memory leak in poolGrow.
1547          #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
1548          #3496608: CVE-2012-0876 - Hash DOS attack.
1549          #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
1550          #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
1551        - Bug Fixes:
1552          #1742315: Harmful XML_ParserCreateNS suggestion.
1553          #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
1554          #1983953, 2517952, 2517962, 2649838:
1555                Build modifications using autoreconf instead of buildconf.sh.
1556          #2815947, #2884086: OBJEXT and EXEEXT support while building.
1557          #2517938: xmlwf should return non-zero exit status if not well-formed.
1558          #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
1559          #2855609: Dangling positionPtr after error.
1560          #2990652: CMake support.
1561          #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
1562          #3206497: Uninitialized memory returned from XML_Parse.
1563          #3287849: make check fails on mingw-w64.
1564        - Patches:
1565          #1749198: pkg-config support.
1566          #3010222: Fix for bug #3010819.
1567          #3312568: CMake support.
1568          #3446384: Report byte offsets for attr names and values.
1569        - New Features / API changes:
1570          Added new API member XML_SetHashSalt() that allows setting an initial
1571                value (salt) for hash calculations. This is part of the fix for
1572                bug #3496608 to randomize hash parameters.
1573          When compiled with XML_ATTR_INFO defined, adds new API member
1574                XML_GetAttributeInfo() that allows retrieving the byte
1575                offsets for attribute names and values (patch #3446384).
1576          Added CMake build system.
1577                See bug #2990652 and patch #3312568.
1578          Added run-benchmark target to Makefile.in - relies on testdata module
1579                present in the same relative location as in the repository.
1580
1581Release 2.0.1 Tue June 5 2007
1582        - Fixed bugs #1515266, #1515600: The character data handler's calling
1583          of XML_StopParser() was not handled properly; if the parser was
1584          stopped and the handler set to NULL, the parser would segfault.
1585        - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
1586          some character constants to be ASCII encoded.
1587        - Minor cleanups of the test harness.
1588        - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
1589        - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
1590        - Fixes and improvements for Windows platform:
1591          bugs #1409451, #1476160, #1548182, #1602769, #1717322.
1592        - Build fixes for various platforms:
1593          HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
1594          All Unix: #1554618 (refreshed config.sub/config.guess).
1595                    #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
1596                    without relying on GNU-Make specific features.
1597          #1647805: Patched configure.in to work better with Intel compiler.
1598        - Fixes to Makefile.in to have make check work correctly:
1599          bugs #1408143, #1535603, #1536684.
1600        - Added Open Watcom support: patch #1523242.
1601
1602Release 2.0.0 Wed Jan 11 2006
1603        - We no longer use the "check" library for C unit testing; we
1604          always use the (partial) internal implementation of the API.
1605        - Report XML_NS setting via XML_GetFeatureList().
1606        - Fixed headers for use from C++.
1607        - XML_GetCurrentLineNumber() and  XML_GetCurrentColumnNumber()
1608          now return unsigned integers.
1609        - Added XML_LARGE_SIZE switch to enable 64-bit integers for
1610          byte indexes and line/column numbers.
1611        - Updated to use libtool 1.5.22 (the most recent).
1612        - Added support for AmigaOS.
1613        - Some mostly minor bug fixes. SF issues include: #1006708,
1614          #1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
1615
1616Release 1.95.8 Fri Jul 23 2004
1617        - Major new feature: suspend/resume.  Handlers can now request
1618          that a parse be suspended for later resumption or aborted
1619          altogether.  See "Temporarily Stopping Parsing" in the
1620          documentation for more details.
1621        - Some mostly minor bug fixes, but compilation should no
1622          longer generate warnings on most platforms.  SF issues
1623          include: #827319, #840173, #846309, #888329, #896188, #923913,
1624          #928113, #961698, #985192.
1625
1626Release 1.95.7 Mon Oct 20 2003
1627        - Fixed enum XML_Status issue (reported on SourceForge many
1628          times), so compilers that are properly picky will be happy.
1629        - Introduced an XMLCALL macro to control the calling
1630          convention used by the Expat API; this macro should be used
1631          to annotate prototypes and definitions of callback
1632          implementations in code compiled with a calling convention
1633          other than the default convention for the host platform.
1634        - Improved ability to build without the configure-generated
1635          expat_config.h header.  This is useful for applications
1636          which embed Expat rather than linking in the library.
1637        - Fixed a variety of bugs: see SF issues #458907, #609603,
1638          #676844, #679754, #692878, #692964, #695401, #699323, #699487,
1639          #820946.
1640        - Improved hash table lookups.
1641        - Added more regression tests and improved documentation.
1642
1643Release 1.95.6 Tue Jan 28 2003
1644        - Added XML_FreeContentModel().
1645        - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
1646        - Fixed a variety of bugs: see SF issues #615606, #616863,
1647          #618199, #653180, #673791.
1648        - Enhanced the regression test suite.
1649        - Man page improvements: includes SF issue #632146.
1650
1651Release 1.95.5 Fri Sep 6 2002
1652        - Added XML_UseForeignDTD() for improved SAX2 support.
1653        - Added XML_GetFeatureList().
1654        - Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
1655        - Use an incomplete struct instead of a void* for the parser
1656          (may not retain).
1657        - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
1658        - Finally fixed bug where default handler would report DTD
1659          events that were already handled by another handler.
1660          Initial patch contributed by Darryl Miles.
1661        - Removed unnecessary DllMain() function that caused static
1662          linking into a DLL to be difficult.
1663        - Added VC++ projects for building static libraries.
1664        - Reduced line-length for all source code and headers to be
1665          no longer than 80 characters, to help with AS/400 support.
1666        - Reduced memory copying during parsing (SF patch #600964).
1667        - Fixed a variety of bugs: see SF issues #580793, #434664,
1668          #483514, #580503, #581069, #584041, #584183, #584832, #585537,
1669          #596555, #596678, #598352, #598944, #599715, #600479, #600971.
1670
1671Release 1.95.4 Fri Jul 12 2002
1672        - Added support for VMS, contributed by Craig Berry.  See
1673          vms/README.vms for more information.
1674        - Added Mac OS (classic) support, with a makefile for MPW,
1675          contributed by Thomas Wegner and Daryle Walker.
1676        - Added Borland C++ Builder 5 / BCC 5.5 support, contributed
1677          by Patrick McConnell (SF patch #538032).
1678        - Fixed a variety of bugs: see SF issues #441449, #563184,
1679          #564342, #566334, #566901, #569461, #570263, #575168, #579196.
1680        - Made skippedEntityHandler conform to SAX2 (see source comment)
1681        - Re-implemented WFC: Entity Declared from XML 1.0 spec and
1682          added a new error "entity declared in parameter entity":
1683          see SF bug report #569461 and SF patch #578161
1684        - Re-implemented section 5.1 from XML 1.0 spec:
1685          see SF bug report #570263 and SF patch #578161
1686
1687Release 1.95.3 Mon Jun 3 2002
1688        - Added a project to the MSVC workspace to create a wchar_t
1689          version of the library; the DLLs are named libexpatw.dll.
1690        - Changed the name of the Windows DLLs from expat.dll to
1691          libexpat.dll; this fixes SF bug #432456.
1692        - Added the XML_ParserReset() API function.
1693        - Fixed XML_SetReturnNSTriplet() to work for element names.
1694        - Made the XML_UNICODE builds usable (thanks, Karl!).
1695        - Allow xmlwf to read from standard input.
1696        - Install a man page for xmlwf on Unix systems.
1697        - Fixed many bugs; see SF bug reports #231864, #461380, #464837,
1698          #466885, #469226, #477667, #484419, #487840, #494749, #496505,
1699          #547350.  Other bugs which we can't test as easily may also
1700          have been fixed, especially in the area of build support.
1701
1702Release 1.95.2 Fri Jul 27 2001
1703        - More changes to make MSVC happy with the build; add a single
1704          workspace to support both the library and xmlwf application.
1705        - Added a Windows installer for Windows users; includes
1706          xmlwf.exe.
1707        - Added compile-time constants that can be used to determine the
1708          Expat version
1709        - Removed a lot of GNU-specific dependencies to aide portability
1710          among the various Unix flavors.
1711        - Fix the UTF-8 BOM bug.
1712        - Cleaned up warning messages for several compilers.
1713        - Added the -Wall, -Wstrict-prototypes options for GCC.
1714
1715Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
1716        - Changes to get expat to build under Microsoft compiler
1717        - Removed all aborts and instead return an UNEXPECTED_STATE error.
1718        - Fixed a bug where a stray '%' in an entity value would cause an
1719          abort.
1720        - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
1721          finding this oversight.
1722        - Changed default patterns in lib/Makefile.in to fit non-GNU makes
1723          Thanks to robin@unrated.net for reporting and providing an
1724          account to test on.
1725        - The reference had the wrong label for XML_SetStartNamespaceDecl.
1726          Reported by an anonymous user.
1727
1728Release 1.95.0 Fri Sep 29 2000
1729        - XML_ParserCreate_MM
1730                Allows you to set a memory management suite to replace the
1731                standard malloc,realloc, and free.
1732        - XML_SetReturnNSTriplet
1733                If you turn this feature on when namespace processing is in
1734                effect, then qualified, prefixed element and attribute names
1735                are returned as "uri|name|prefix" where '|' is whatever
1736                separator character is used in namespace processing.
1737        - Merged in features from perl-expat
1738                o XML_SetElementDeclHandler
1739                o XML_SetAttlistDeclHandler
1740                o XML_SetXmlDeclHandler
1741                o XML_SetEntityDeclHandler
1742                o StartDoctypeDeclHandler takes 3 additional parameters:
1743                        sysid, pubid, has_internal_subset
1744                o Many paired handler setters (like XML_SetElementHandler)
1745                  now have corresponding individual handler setters
1746                o XML_GetInputContext for getting the input context of
1747                  the current parse position.
1748        - Added reference material
1749        - Packaged into a distribution that builds a sharable library
1750