xref: /freebsd/contrib/expat/Changes (revision 2f9966ff63d65bd474478888c9088eeae3f9c669)
1NOTE: We are looking for help with a few things:
2      https://github.com/libexpat/libexpat/labels/help%20wanted
3      If you can help, please get in touch.  Thanks!
4
5Release 2.6.0 Tue February 6 2024
6        Security fixes:
7      #789 #814  CVE-2023-52425 -- Fix quadratic runtime issues with big tokens
8                   that can cause denial of service, in partial where
9                   dealing with compressed XML input.  Applications
10                   that parsed a document in one go -- a single call to
11                   functions XML_Parse or XML_ParseBuffer -- were not affected.
12                   The smaller the chunks/buffers you use for parsing
13                   previously, the bigger the problem prior to the fix.
14                   Backporters should be careful to no omit parts of
15                   pull request #789 and to include earlier pull request #771,
16                   in order to not break the fix.
17           #777  CVE-2023-52426 -- Fix billion laughs attacks for users
18                   compiling *without* XML_DTD defined (which is not common).
19                   Users with XML_DTD defined have been protected since
20                   Expat >=2.4.0 (and that was CVE-2013-0340 back then).
21
22        Bug fixes:
23            #753  Fix parse-size-dependent "invalid token" error for
24                    external entities that start with a byte order mark
25            #780  Fix NULL pointer dereference in setContext via
26                    XML_ExternalEntityParserCreate for compilation with
27                    XML_DTD undefined
28       #812 #813  Protect against closing entities out of order
29
30        Other changes:
31            #723  Improve support for arc4random/arc4random_buf
32       #771 #788  Improve buffer growth in XML_GetBuffer and XML_Parse
33       #761 #770  xmlwf: Support --help and --version
34       #759 #770  xmlwf: Support custom buffer size for XML_GetBuffer and read
35            #744  xmlwf: Improve language and URL clickability in help output
36            #673  examples: Add new example "element_declarations.c"
37            #764  Be stricter about macro XML_CONTEXT_BYTES at build time
38            #765  Make inclusion to expat_config.h consistent
39       #726 #727  Autotools: configure.ac: Support --disable-maintainer-mode
40    #678 #705 ..
41  #706 #733 #792  Autotools: Sync CMake templates with CMake 3.26
42            #795  Autotools: Make installation of shipped man page doc/xmlwf.1
43                    independent of docbook2man availability
44            #815  Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
45                    section "Cflags.private" in order to fix compilation
46                    against static libexpat using pkg-config on Windows
47       #724 #751  Autotools|CMake: Require a C99 compiler
48                    (a de-facto requirement already since Expat 2.2.2 of 2017)
49            #793  Autotools|CMake: Fix PACKAGE_BUGREPORT variable
50       #750 #786  Autotools|CMake: Make test suite require a C++11 compiler
51            #749  CMake: Require CMake >=3.5.0
52            #672  CMake: Lowercase off_t and size_t to help a bug in Meson
53            #746  CMake: Sort xmlwf sources alphabetically
54            #785  CMake|Windows: Fix generation of DLL file version info
55            #790  CMake: Build tests/benchmark/benchmark.c as well for
56                    a build with -DEXPAT_BUILD_TESTS=ON
57       #745 #757  docs: Document the importance of isFinal + adjust tests
58                    accordingly
59            #736  docs: Improve use of "NULL" and "null"
60            #713  docs: Be specific about version of XML (XML 1.0r4)
61                    and version of C (C99); (XML 1.0r5 will need a sponsor.)
62            #762  docs: reference.html: Promote function XML_ParseBuffer more
63            #779  docs: reference.html: Add HTML anchors to XML_* macros
64            #760  docs: reference.html: Upgrade to OK.css 1.2.0
65       #763 #739  docs: Fix typos
66            #696  docs|CI: Use HTTPS URLs instead of HTTP at various places
67    #669 #670 ..
68    #692 #703 ..
69       #733 #772  Address compiler warnings
70       #798 #800  Address clang-tidy warnings
71       #775 #776  Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
72                    to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
73                    for what these numbers do
74
75        Infrastructure:
76       #700 #701  docs: Document security policy in file SECURITY.md
77            #766  docs: Improve parse buffer variables in-code documentation
78    #674 #738 ..
79    #740 #747 ..
80  #748 #781 #782  Refactor coverage and conformance tests
81       #714 #716  Refactor debug level variables to unsigned long
82            #671  Improve handling of empty environment variable value
83                    in function getDebugLevel (without visible user effect)
84    #755 #774 ..
85    #758 #783 ..
86       #784 #787  tests: Improve test coverage with regard to parse chunk size
87  #660 #797 #801  Fuzzing: Improve fuzzing coverage
88       #367 #799  Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests
89       #698 #721  CI: Resolve some Travis CI leftovers
90            #669  CI: Be robust towards absence of Git tags
91       #693 #694  CI: Set permissions to "contents: read" for security
92            #709  CI: Pin all GitHub Actions to specific commits for security
93            #739  CI: Reject spelling errors using codespell
94            #798  CI: Enforce clang-tidy clean code
95    #773 #808 ..
96       #809 #810  CI: Upgrade Clang from 15 to 18
97            #796  CI: Start using Clang's Control Flow Integrity sanitizer
98  #675 #720 #722  CI: Adapt to breaking changes in GitHub Actions Ubuntu images
99            #689  CI: Adapt to breaking changes in Clang/LLVM Debian packaging
100            #763  CI: Adapt to breaking changes in codespell
101            #803  CI: Adapt to breaking changes in Cppcheck
102
103        Special thanks to:
104            Ivan Galkin
105            Joyce Brum
106            Philippe Antoine
107            Rhodri James
108            Snild Dolkow
109            spookyahell
110            Steven Garske
111                 and
112            Clang AddressSanitizer
113            Clang UndefinedBehaviorSanitizer
114            codespell
115            GCC Farm Project
116            OSS-Fuzz
117            Sony Mobile
118
119Release 2.5.0 Tue October 25 2022
120        Security fixes:
121  #616 #649 #650  CVE-2022-43680 -- Fix heap use-after-free after overeager
122                    destruction of a shared DTD in function
123                    XML_ExternalEntityParserCreate in out-of-memory situations.
124                    Expected impact is denial of service or potentially
125                    arbitrary code execution.
126
127        Bug fixes:
128       #612 #645  Fix corruption from undefined entities
129       #613 #654  Fix case when parsing was suspended while processing nested
130                    entities
131  #616 #652 #653  Stop leaking opening tag bindings after a closing tag
132                    mismatch error where a parser is reset through
133                    XML_ParserReset and then reused to parse
134            #656  CMake: Fix generation of pkg-config file
135            #658  MinGW|CMake: Fix static library name
136
137        Other changes:
138            #663  Protect header expat_config.h from multiple inclusion
139            #666  examples: Make use of XML_GetBuffer and be more
140                    consistent across examples
141            #648  Address compiler warnings
142       #667 #668  Version info bumped from 9:9:8 to 9:10:8;
143                    see https://verbump.de/ for what these numbers do
144
145        Special thanks to:
146            Jann Horn
147            Mark Brand
148            Osyotr
149            Rhodri James
150                 and
151            Google Project Zero
152
153Release 2.4.9 Tue September 20 2022
154        Security fixes:
155       #629 #640  CVE-2022-40674 -- Heap use-after-free vulnerability in
156                    function doContent. Expected impact is denial of service
157                    or potentially arbitrary code execution.
158
159        Bug fixes:
160            #634  MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
161            #614  docs: Fix documentation on effect of switch XML_DTD on
162                    symbol visibility in doc/reference.html
163
164        Other changes:
165            #638  MinGW: Make fix-xmltest-log.sh drop more Wine bug output
166       #596 #625  Autotools: Sync CMake templates with CMake 3.22
167            #608  CMake: Migrate from use of CMAKE_*_POSTFIX to
168                    dedicated variables EXPAT_*_POSTFIX to stop affecting
169                    other projects
170       #597 #599  Windows|CMake: Add missing -DXML_STATIC to test runners
171                    and fuzzers
172       #512 #621  Windows|CMake: Render .def file from a template to fix
173                    linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
174       #611 #621  MinGW|CMake: Apply MSVC .def file when linking
175       #622 #624  MinGW|CMake: Sync library name with GNU Autotools,
176                    i.e. produce libexpat-1.dll rather than libexpat.dll
177                    by default.  Filename libexpat.dll.a is unaffected.
178            #632  MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
179                    toolchain file "cmake/mingw-toolchain.cmake" to avoid
180                    error "windres: Command not found" on e.g. Ubuntu 20.04
181       #597 #627  CMake: Unify inconsistent use of set() and option() in
182                    context of public build time options to take need for
183                    set(.. FORCE) in projects using Expat by means of
184                    add_subdirectory(..) off Expat's users' shoulders
185       #626 #641  Stop exporting API symbols when building a static library
186            #644  Resolve use of deprecated "fgrep" by "grep -F"
187            #620  CMake: Make documentation on variables a bit more consistent
188            #636  CMake: Drop leading whitespace from a #cmakedefine line in
189                    file expat_config.h.cmake
190            #594  xmlwf: Fix harmless variable mix-up in function nsattcmp
191  #592 #593 #610  Address Cppcheck warnings
192            #643  Address Clang 15 compiler warnings
193       #642 #644  Version info bumped from 9:8:8 to 9:9:8;
194                    see https://verbump.de/ for what these numbers do
195
196        Infrastructure:
197       #597 #598  CI: Windows: Start covering MSVC 2022
198            #619  CI: macOS: Migrate off deprecated macOS 10.15
199            #632  CI: Linux: Make migration off deprecated Ubuntu 18.04 work
200            #643  CI: Upgrade Clang from 14 to 15
201            #637  apply-clang-format.sh: Add support for BSD find
202            #633  coverage.sh: Exclude MinGW headers
203            #635  coverage.sh: Fix name collision for -funsigned-char
204
205        Special thanks to:
206            David Faure
207            Felix Wilhelm
208            Frank Bergmann
209            Rhodri James
210            Rosen Penev
211            Thijs Schreijer
212            Vincent Torri
213                 and
214            Google Project Zero
215
216Release 2.4.8 Mon March 28 2022
217        Other changes:
218            #587  pkg-config: Move "-lm" to section "Libs.private"
219            #587  CMake|MSVC: Fix pkg-config section "Libs"
220        #55 #582  CMake|macOS: Start using linker arguments
221                    "-compatibility_version <version>" and
222                    "-current_version <version>" in a way compatible with
223                    GNU Libtool
224       #590 #591  Version info bumped from 9:7:8 to 9:8:8;
225                    see https://verbump.de/ for what these numbers do
226
227        Infrastructure:
228            #589  CI: Upgrade Clang from 13 to 14
229
230        Special thanks to:
231            evpobr
232            Kai Pastor
233            Sam James
234
235Release 2.4.7 Fri March 4 2022
236        Bug fixes:
237       #572 #577  Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
238                    with regard to all valid URI characters (RFC 3986),
239                    i.e. the following set (excluding whitespace):
240                    ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
241                    0123456789 % -._~ :/?#[]@ !$&'()*+,;=
242
243        Other changes:
244  #555 #570 #581  CMake|Windows: Store Expat version in the DLL
245            #577  Document consequences of namespace separator choices not just
246                    in doc/reference.html but also in header <expat.h>
247            #577  Document Expat's lack of validation of namespace URIs against
248                    RFC 3986, and that the XML 1.0r4 specification doesn't
249                    require Expat to validate namespace URIs, and that Expat
250                    may do more in that regard in future releases.
251                    If you find need for strict RFC 3986 URI validation on
252                    application level today, https://uriparser.github.io/ may
253                    be of interest.
254            #579  Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
255            #575  Document that a call to XML_FreeContentModel can be done at
256                    a later time from outside the element declaration handler
257            #574  Make hardcoded namespace URIs easier to find in code
258            #573  Update documentation on use of XML_POOR_ENTOPY on Solaris
259       #569 #571  tests: Resolve use of macros NAN and INFINITY for GNU G++
260                    4.8.2 on Solaris.
261       #578 #580  Version info bumped from 9:6:8 to 9:7:8;
262                    see https://verbump.de/ for what these numbers do
263
264        Special thanks to:
265            Jeffrey Walton
266            Johnny Jazeix
267            Thijs Schreijer
268
269Release 2.4.6 Sun February 20 2022
270        Bug fixes:
271            #566  Fix a regression introduced by the fix for CVE-2022-25313
272                    in release 2.4.5 that affects applications that (1)
273                    call function XML_SetElementDeclHandler and (2) are
274                    parsing XML that contains nested element declarations
275                    (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
276
277        Other changes:
278       #567 #568  Version info bumped from 9:5:8 to 9:6:8;
279                    see https://verbump.de/ for what these numbers do
280
281        Special thanks to:
282            Matt Sergeant
283            Samanta Navarro
284            Sergei Trofimovich
285                 and
286            NixOS
287            Perl XML::Parser
288
289Release 2.4.5 Fri February 18 2022
290        Security fixes:
291            #562  CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
292                    sequences (e.g. from start tag names) to the XML
293                    processing application on top of Expat can cause
294                    arbitrary damage (e.g. code execution) depending
295                    on how invalid UTF-8 is handled inside the XML
296                    processor; validation was not their job but Expat's.
297                    Exploits with code execution are known to exist.
298            #561  CVE-2022-25236 -- Passing (one or more) namespace separator
299                    characters in "xmlns[:prefix]" attribute values
300                    made Expat send malformed tag names to the XML
301                    processor on top of Expat which can cause
302                    arbitrary damage (e.g. code execution) depending
303                    on such unexpectable cases are handled inside the XML
304                    processor; validation was not their job but Expat's.
305                    Exploits with code execution are known to exist.
306            #558  CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
307                    that could be triggered by e.g. a 2 megabytes
308                    file with a large number of opening braces.
309                    Expected impact is denial of service or potentially
310                    arbitrary code execution.
311            #560  CVE-2022-25314 -- Fix integer overflow in function copyString;
312                    only affects the encoding name parameter at parser creation
313                    time which is often hardcoded (rather than user input),
314                    takes a value in the gigabytes to trigger, and a 64-bit
315                    machine.  Expected impact is denial of service.
316            #559  CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
317                    needs input in the gigabytes and a 64-bit machine.
318                    Expected impact is denial of service or potentially
319                    arbitrary code execution.
320
321        Other changes:
322       #557 #564  Version info bumped from 9:4:8 to 9:5:8;
323                    see https://verbump.de/ for what these numbers do
324
325        Special thanks to:
326            Ivan Fratric
327            Samanta Navarro
328                 and
329            Google Project Zero
330            JetBrains
331
332Release 2.4.4 Sun January 30 2022
333        Security fixes:
334            #550  CVE-2022-23852 -- Fix signed integer overflow
335                    (undefined behavior) in function XML_GetBuffer
336                    (that is also called by function XML_Parse internally)
337                    for when XML_CONTEXT_BYTES is defined to >0 (which is both
338                    common and default).
339                    Impact is denial of service or more.
340            #551  CVE-2022-23990 -- Fix unsigned integer overflow in function
341                    doProlog triggered by large content in element type
342                    declarations when there is an element declaration handler
343                    present (from a prior call to XML_SetElementDeclHandler).
344                    Impact is denial of service or more.
345
346        Bug fixes:
347       #544 #545  xmlwf: Fix a memory leak on output file opening error
348
349        Other changes:
350            #546  Autotools: Fix broken CMake support under Cygwin
351            #554  Windows: Add missing files to the installer to fix
352                    compilation with CMake from installed sources
353       #552 #554  Version info bumped from 9:3:8 to 9:4:8;
354                    see https://verbump.de/ for what these numbers do
355
356        Special thanks to:
357            Carlo Bramini
358            hwt0415
359            Roland Illig
360            Samanta Navarro
361                 and
362            Clang LeakSan and the Clang team
363
364Release 2.4.3 Sun January 16 2022
365        Security fixes:
366       #531 #534  CVE-2021-45960 -- Fix issues with left shifts by >=29 places
367                    resulting in
368                      a) realloc acting as free
369                      b) realloc allocating too few bytes
370                      c) undefined behavior
371                    depending on architecture and precise value
372                    for XML documents with >=2^27+1 prefixed attributes
373                    on a single XML tag a la
374                    "<r xmlns:a='[..]' a:a123='[..]' [..] />"
375                    where XML_ParserCreateNS is used to create the parser
376                    (which needs argument "-n" when running xmlwf).
377                    Impact is denial of service, or more.
378       #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
379                    on variable m_groupSize in function doProlog leading
380                    to realloc acting as free.
381                    Impact is denial of service or more.
382            #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
383                    near memory allocation at multiple places.  Mitre assigned
384                    a dedicated CVE for each involved internal C function:
385                    - CVE-2022-22822 for function addBinding
386                    - CVE-2022-22823 for function build_model
387                    - CVE-2022-22824 for function defineAttribute
388                    - CVE-2022-22825 for function lookup
389                    - CVE-2022-22826 for function nextScaffoldPart
390                    - CVE-2022-22827 for function storeAtts
391                    Impact is denial of service or more.
392
393        Other changes:
394            #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
395            #541  Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
396                    and MSYS2 by not going through Wine on these platforms
397       #527 #528  Address compiler warnings
398       #533 #543  Version info bumped from 9:2:8 to 9:3:8;
399                    see https://verbump.de/ for what these numbers do
400
401        Infrastructure:
402            #536  CI: Check for realistic minimum CMake version
403       #529 #539  CI: Cover compilation with -m32
404            #529  CI: Store coverage reports as artifacts for download
405            #528  CI: Upgrade Clang from 11 to 13
406
407        Special thanks to:
408            An anonymous whitehat
409            Christopher Degawa
410            J. Peter Mugaas
411            Tyson Smith
412                 and
413            GCC Farm Project
414            Trend Micro Zero Day Initiative
415
416Release 2.4.2 Sun December 19 2021
417        Other changes:
418       #509 #510  Link againgst libm for function "isnan"
419       #513 #514  Include expat_config.h as early as possible
420            #498  Autotools: Include files with release archives:
421                    - buildconf.sh
422                    - fuzz/*.c
423       #507 #519  Autotools: Sync CMake templates with CMake 3.20
424       #495 #524  CMake: MinGW: Fix pkg-config section "Libs" for
425                    - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
426                    - multi-config CMake generators (e.g. Ninja Multi-Config)
427       #502 #503  docs: Document that function XML_GetBuffer may return NULL
428                    when asking for a buffer of 0 (zero) bytes size
429       #522 #523  docs: Fix return value docs for both
430                    XML_SetBillionLaughsAttackProtection* functions
431       #525 #526  Version info bumped from 9:1:8 to 9:2:8;
432                    see https://verbump.de/ for what these numbers do
433
434        Special thanks to:
435            Donghee Na
436            Joergen Ibsen
437            Kai Pastor
438
439Release 2.4.1 Sun May 23 2021
440        Bug fixes:
441       #488 #490  Autotools: Fix installed header expat_config.h for multilib
442                    systems; regression introduced in 2.4.0 by pull request #486
443
444        Other changes:
445       #491 #492  Version info bumped from 9:0:8 to 9:1:8;
446                    see https://verbump.de/ for what these numbers do
447
448        Special thanks to:
449            Gentoo's QA check "multilib_check_headers"
450
451Release 2.4.0 Sun May 23 2021
452        Security fixes:
453   #34 #466 #484  CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
454                    (denial-of-service; flavors targeting CPU time or RAM or both,
455                    leveraging general entities or parameter entities or both)
456                    by tracking and limiting the input amplification factor
457                    (<amplification> := (<direct> + <indirect>) / <direct>).
458                    By conservative default, amplification up to a factor of 100.0
459                    is tolerated and rejection only starts after 8 MiB of output bytes
460                    (=<direct> + <indirect>) have been processed.
461                    The fix adds the following to the API:
462                    - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
463                      signals this specific condition.
464                    - Two new API functions ..
465                      - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
466                      - XML_SetBillionLaughsAttackProtectionActivationThreshold
467                      .. to further tighten billion laughs protection parameters
468                      when desired.  Please see file "doc/reference.html" for details.
469                      If you ever need to increase the defaults for non-attack XML
470                      payload, please file a bug report with libexpat.
471                    - Two new XML_FEATURE_* constants ..
472                      - that can be queried using the XML_GetFeatureList function, and
473                      - that are shown in "xmlwf -v" output.
474                    - Two new environment variable switches ..
475                      - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
476                      - EXPAT_ENTITY_DEBUG=(0|1)
477                      .. for runtime debugging of accounting and entity processing.
478                      Specific behavior of these values may change in the future.
479                    - Two new command line arguments "-a FACTOR" and "-b BYTES"
480                      for xmlwf to further tighten billion laughs protection
481                      parameters when desired.
482                      If you ever need to increase the defaults for non-attack XML
483                      payload, please file a bug report with libexpat.
484
485        Bug fixes:
486       #332 #470  For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
487                    or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
488                    for UTF-16 payloads containing CDATA sections.
489       #485 #486  Autotools: Fix generated CMake files for non-64bit and
490                    non-Linux platforms (e.g. macOS and MinGW in particular)
491                    that were introduced with release 2.3.0
492
493        Other changes:
494       #468 #469  xmlwf: Improve help output and the xmlwf man page
495            #463  xmlwf: Improve maintainability through some refactoring
496            #477  xmlwf: Fix man page DocBook validity
497            #456  Autotools: Sync CMake templates with CMake 3.18
498       #458 #459  CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
499                    and CMAKE_INSTALL_INCLUDEDIR
500       #471 #481  CMake: Add support for standard variable BUILD_SHARED_LIBS
501            #457  Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
502            #467  Resolve macro HAVE_EXPAT_CONFIG_H
503            #472  Delete unused legacy helper file "conftools/PrintPath"
504       #473 #483  Improve attribution
505  #464 #465 #477  doc/reference.html: Fix XHTML validity
506       #475 #478  doc/reference.html: Replace the 90s look by OK.css
507            #479  Version info bumped from 8:0:7 to 9:0:8
508                    due to addition of new symbols and error codes;
509                    see https://verbump.de/ for what these numbers do
510
511        Infrastructure:
512            #456  CI: Enable periodic runs
513            #457  CI: Start covering the list of exported symbols
514            #474  CI: Isolate coverage task
515       #476 #482  CI: Adapt to breaking changes in image "ubuntu-18.04"
516            #477  CI: Cover well-formedness and DocBook/XHTML validity
517                    of doc/reference.html and doc/xmlwf.xml
518
519        Special thanks to:
520            Dimitry Andric
521            Eero Helenius
522            Nick Wellnhofer
523            Rhodri James
524            Tomas Korbar
525            Yury Gribov
526                 and
527            Clang LeakSan
528            JetBrains
529            OSS-Fuzz
530
531Release 2.3.0 Thu March 25 2021
532        Bug fixes:
533            #438  When calling XML_ParseBuffer without a prior successful call to
534                    XML_GetBuffer as a user, no longer trigger undefined behavior
535                    (by adding an integer to a NULL pointer) but rather return
536                    XML_STATUS_ERROR and set the error code to (new) code
537                    XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
538                    of Clang 11 (but not Clang 9).
539            #444  xmlwf: Exit status 2 was used for both:
540                    - malformed input files (documented) and
541                    - invalid command-line arguments (undocumented).
542                    The case of invalid command-line arguments now
543                    has its own exit status 4, resolving the ambiguity.
544
545        Other changes:
546            #439  xmlwf: Add argument -k to allow continuing after
547                    non-fatal errors
548            #439  xmlwf: Add section about exit status to the -h help output
549  #422 #426 #447  Windows: Drop support for Visual Studio <=14.0/2015
550            #434  Windows: CMake: Detect unsupported Visual Studio at
551                    configure time (rather than at compile time)
552       #382 #428  testrunner: Make verbose mode (argument "-v") report
553                    about passed tests, and make default mode report about
554                    failures, as well.
555            #442  CMake: Call "enable_language(CXX)" prior to tinkering
556                    with CMAKE_CXX_* variables
557            #448  Document use of libexpat from a CMake-based project
558            #451  Autotools: Install CMake files as generated by CMake 3.19.6
559                    so that users with "find_package(expat [..] CONFIG [..])"
560                    are served on distributions that are *not* using the CMake
561                    build system inside for libexpat packaging
562       #436 #437  Autotools: Drop obsolescent macro AC_HEADER_STDC
563       #450 #452  Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
564            #441  Address compiler warnings
565            #443  Version info bumped from 7:12:6 to 8:0:7
566                    due to addition of error code XML_ERROR_NO_BUFFER
567                    (see https://verbump.de/ for what these numbers do)
568
569        Infrastructure:
570       #435 #446  Replace Travis CI by GitHub Actions
571
572        Special thanks to:
573            Alexander Richardson
574            Oleksandr Popovych
575            Thomas Beutlich
576            Tim Bray
577                 and
578            Clang LeakSan, Clang 11 UBSan and the Clang team
579
580Release 2.2.10 Sat October 3 2020
581        Bug fixes:
582  #390 #395 #398  Fix undefined behavior during parsing caused by
583                    pointer arithmetic with NULL pointers
584       #404 #405  Fix reading uninitialized variable during parsing
585            #406  xmlwf: Add missing check for malloc NULL return
586
587        Other changes:
588            #396  Windows: Drop support for Visual Studio <=8.0/2005
589            #409  Windows: Add missing file "Changes" to the installer
590                    to fix compilation with CMake from installed sources
591            #403  xmlwf: Document exit codes in xmlwf manpage and
592                    exit with code 3 (rather than code 1) for output errors
593                    when used with "-d DIRECTORY"
594       #356 #359  MinGW: Provide declaration of rand_s for mingwrt <5.3.0
595       #383 #392  Autotools: Use -Werror while configure tests the compiler
596                    for supported compile flags to avoid false positives
597  #383 #393 #394  Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
598                    e.g. ensure that they have the last word over flags added
599                    while running ./configure
600            #360  CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
601                    on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
602            #360  CMake: Detect and deny unsupported build combinations
603                    involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
604            #360  CMake: Install pre-compiled shipped xmlwf.1 manpage in case
605                    of -DEXPAT_BUILD_DOCS=OFF
606  #375 #380 #419  CMake: Fix use of Expat by means of add_subdirectory
607       #407 #408  CMake: Keep expat target name constant at "expat"
608                    (i.e. refrain from using the target name to control
609                    build artifact filenames)
610            #385  CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
611                    Windows
612                  CMake: Expose man page compilation as target "xmlwf-manpage"
613       #413 #414  CMake: Introduce option EXPAT_BUILD_PKGCONFIG
614                    to control generation of pkg-config file "expat.pc"
615            #424  CMake: Add minimalistic support for building binary packages
616                    with CMake target "package"; based on CPack
617            #366  CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
618                    default OFF to build fuzzer code against OSS-Fuzz and
619                    related environment variable LIB_FUZZING_ENGINE
620            #354  Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
621    #354 #355 ..
622       #356 #412  Address compiler warnings
623       #368 #369  Address pngcheck warnings with doc/*.png images
624            #425  Version info bumped from 7:11:6 to 7:12:6
625
626        Special thanks to:
627            asavah
628            Ben Wagner
629            Bhargava Shastry
630            Frank Landgraf
631            Jeffrey Walton
632            Joe Orton
633            Kleber Tarcísio
634            Ma Lin
635            Maciej Sroczyński
636            Mohammed Khajapasha
637            Vadim Zeitlin
638                 and
639            Cppcheck 2.0 and the Cppcheck team
640
641Release 2.2.9 Wed September 25 2019
642        Other changes:
643                  examples: Drop executable bits from elements.c
644            #349  Windows: Change the name of the Windows DLLs from expat*.dll
645                    to libexpat*.dll once more (regression from 2.2.8, first
646                    fixed in 1.95.3, issue #61 on SourceForge today,
647                    was issue #432456 back then); needs a fix due
648                    case-insensitive file systems on Windows and the fact that
649                    Perl's XML::Parser::Expat compiles into Expat.dll.
650            #347  Windows: Only define _CRT_RAND_S if not defined
651                  Version info bumped from 7:10:6 to 7:11:6
652
653        Special thanks to:
654            Ben Wagner
655
656Release 2.2.8 Fri September 13 2019
657        Security fixes:
658       #317 #318  CVE-2019-15903 -- Fix heap overflow triggered by
659                    XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
660                    and deny internal entities closing the doctype;
661                    fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
662
663        Bug fixes:
664            #240  Fix cases where XML_StopParser did not have any effect
665                    when called from inside of an end element handler
666            #341  xmlwf: Fix exit code for operation without "-d DIRECTORY";
667                    previously, only "-d DIRECTORY" would give you a proper
668                    exit code:
669                      # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
670                      2
671                      # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
672                      0
673                    Now both cases return exit code 2.
674
675        Other changes:
676       #299 #302  Windows: Replace LoadLibrary hack to access
677                    unofficial API function SystemFunction036 (RtlGenRandom)
678                    by using official API function rand_s (needs WinXP+)
679            #325  Windows: Drop support for Visual Studio <=7.1/2003
680                    and document supported compilers in README.md
681            #286  Windows: Remove COM code from xmlwf; in case it turns
682                    out needed later, there will be a dedicated repository
683                    below https://github.com/libexpat/ for that code
684            #322  Windows: Remove explicit MSVC solution and project files.
685                    You can generate Visual Studio solution files through
686                    CMake, e.g.: cmake -G"Visual Studio 15 2017" .
687            #338  xmlwf: Make "xmlwf -h" help output more friendly
688            #339  examples: Improve elements.c
689       #244 #264  Autotools: Add argument --enable-xml-attr-info
690       #239 #301  Autotools: Add arguments
691                    --with-getrandom
692                    --without-getrandom
693                    --with-sys-getrandom
694                    --without-sys-getrandom
695       #312 #343  Autotools: Fix linking issues with "./configure LD=clang"
696                  Autotools: Fix "make run-xmltest" for out-of-source builds
697       #329 #336  CMake: Pull all options from Expat <=2.2.7 into namespace
698                    prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
699                    - BUILD_doc            -> EXPAT_BUILD_DOCS (plural)
700                    - BUILD_examples       -> EXPAT_BUILD_EXAMPLES
701                    - BUILD_shared         -> EXPAT_SHARED_LIBS
702                    - BUILD_tests          -> EXPAT_BUILD_TESTS
703                    - BUILD_tools          -> EXPAT_BUILD_TOOLS
704                    - DOCBOOK_TO_MAN       -> DOCBOOK_TO_MAN (unchanged)
705                    - INSTALL              -> EXPAT_ENABLE_INSTALL
706                    - MSVC_USE_STATIC_CRT  -> EXPAT_MSVC_STATIC_CRT
707                    - USE_libbsd           -> EXPAT_WITH_LIBBSD
708                    - WARNINGS_AS_ERRORS   -> EXPAT_WARNINGS_AS_ERRORS
709                    - XML_CONTEXT_BYTES    -> EXPAT_CONTEXT_BYTES
710                    - XML_DEV_URANDOM      -> EXPAT_DEV_URANDOM
711                    - XML_DTD              -> EXPAT_DTD
712                    - XML_NS               -> EXPAT_NS
713                    - XML_UNICODE          -> EXPAT_CHAR_TYPE=ushort (!)
714                    - XML_UNICODE_WCHAR_T  -> EXPAT_CHAR_TYPE=wchar_t (!)
715       #244 #264  CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
716                    default OFF
717            #326  CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
718                    default OFF
719            #328  CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
720                    default OFF
721       #239 #277  CMake: Add arguments
722                    -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
723                    -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
724            #326  CMake: Install expat_config.h to include directory
725            #326  CMake: Generate and install configuration files for
726                    future find_package(expat [..] CONFIG [..])
727                  CMake: Now produces a summary of applied configuration
728                  CMake: Require C++ compiler only when tests are enabled
729            #330  CMake: Fix compilation for 16bit character types,
730                    i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
731            #265  CMake: Fix linking with MinGW
732            #330  CMake: Add full support for MinGW; to enable, use
733                    -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
734            #330  CMake: Port "make run-xmltest" from GNU Autotools to CMake
735            #316  CMake: Windows: Make binary postfix match MSVC
736                    Old: expat[d].lib
737                    New: expat[w][d][MD|MT].lib
738                  CMake: Migrate files from Windows to Unix line endings
739            #308  CMake: Integrate OSS-Fuzz fuzzers, option
740                    -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
741             #14  Drop an OpenVMS support leftover
742    #235 #268 ..
743    #270 #310 ..
744  #313 #331 #333  Address compiler warnings
745    #282 #283 ..
746       #284 #285  Address cppcheck warnings
747       #294 #295  Address Clang Static Analyzer warnings
748        #24 #293  Mass-apply clang-format 9 (and ensure conformance during CI)
749                  Version info bumped from 7:9:6 to 7:10:6
750
751        Special thanks to:
752            David Loffredo
753            Joonun Jang
754            Kishore Kunche
755            Marco Maggi
756            Mitch Phillips
757            Mohammed Khajapasha
758            Rolf Ade
759            xantares
760            Zhongyuan Zhou
761
762Release 2.2.7 Wed June 19 2019
763        Security fixes:
764       #186 #262  CVE-2018-20843 -- Fix extraction of namespace prefixes from
765                    XML names; XML names with multiple colons could end up in
766                    the wrong namespace, and take a high amount of RAM and CPU
767                    resources while processing, opening the door to
768                    use for denial-of-service attacks
769
770        Other changes:
771       #195 #197  Autotools/CMake: Utilize -fvisibility=hidden to stop
772                    exporting non-API symbols
773            #227  Autotools: Add --without-examples and --without-tests
774            #228  Autotools: Modernize configure.ac
775       #245 #246  Autotools: Fix check for -fvisibility=hidden for Clang
776       #247 #248  Autotools: Fix compilation for lack of docbook2x-man
777       #236 #258  Autotools: Produce .tar.{gz,lz,xz} release archives
778            #212  CMake: Make libdir of pkgconfig expat.pc support multilib
779       #158 #263  CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
780            #219  Remove fallback to bcopy, assume that memmove(3) exists
781            #257  Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD)
782            #243  Windows: Fix syntax of .def module definition files
783                  Version info bumped from 7:8:6 to 7:9:6
784
785        Special thanks to:
786            Benjamin Peterson
787            Caolán McNamara
788            Hanno Böck
789            KangLin
790            Kishore Kunche
791            Marco Maggi
792            Rhodri James
793            Sebastian Dröge
794            userwithuid
795            Yury Gribov
796
797Release 2.2.6 Sun August 12 2018
798        Bug fixes:
799       #170 #206  Avoid doing arithmetic with NULL pointers in XML_GetBuffer
800       #204 #205  Fix 2.2.5 regression with suspend-resume while parsing
801                    a document like '<root/>'
802
803        Other changes:
804       #165 #168  Autotools: Fix docbook-related configure syntax error
805            #166  Autotools: Avoid grep option `-q` for Solaris
806            #167  Autotools: Support
807                    ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
808       #159 #167  Autotools: Support DOCBOOK_TO_MAN command which produces
809                    xmlwf.1 rather than XMLWF.1; also covers case insensitive
810                    file systems
811            #181  Autotools: Drop -rpath option passed to libtool
812            #188  Autotools: Detect and deny SGML docbook2man as ours is XML
813            #188  Autotools/CMake: Support command db2x_docbook2man as well
814            #174  CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
815       #184 #185  CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
816       #207 #208  CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
817                    both defaulting to OFF
818            #175  CMake: Prefer check_symbol_exists over check_function_exists
819            #176  CMake: Create the same pkg-config file as with GNU Autotools
820       #178 #179  CMake: Use GNUInstallDirs module to set proper defaults for
821                    install directories
822            #208  CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
823            #180  Windows: Fix compilation of test suite for Visual Studio 2008
824  #131 #173 #202  Address compiler warnings
825  #187 #190 #200  Fix miscellaneous typos
826                  Version info bumped from 7:7:6 to 7:8:6
827
828        Special thanks to:
829            Anton Maklakov
830            Benjamin Peterson
831            Brad King
832            Franek Korta
833            Frank Rast
834            Joe Orton
835            luzpaz
836            Pedro Vicente
837            Rainer Jung
838            Rhodri James
839            Rolf Ade
840            Rolf Eike Beer
841            Thomas Beutlich
842            Tomasz Kłoczko
843
844Release 2.2.5 Tue October 31 2017
845        Bug fixes:
846              #8  If the parser runs out of memory, make sure its internal
847                    state reflects the memory it actually has, not the memory
848                    it wanted to have.
849             #11  The default handler wasn't being called when it should for
850                    a SYSTEM or PUBLIC doctype if an entity declaration handler
851                    was registered.
852       #137 #138  Fix a case of mistakenly reported parsing success where
853                    XML_StopParser was called from an element handler
854            #162  Function XML_ErrorString was returning NULL rather than
855                    a message for code XML_ERROR_INVALID_ARGUMENT
856                    introduced with release 2.2.1
857
858        Other changes:
859            #106  xmlwf: Add argument -N adding notation declarations
860        #75 #106  Test suite: Resolve expected failure cases where xmlwf
861                    output was incomplete
862            #127  Windows: Fix test suite compilation
863       #126 #127  Windows: Fix compilation for Visual Studio 2012
864                  Windows: Upgrade shipped project files to Visual Studio 2017
865        #33 #132  tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
866            #129  examples: Fix compilation for XML_UNICODE_WCHAR_T
867            #130  benchmark: Fix compilation for XML_UNICODE_WCHAR_T
868            #144  xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
869                    Windows or MinGW for 2-byte wchar_t
870              #9  Address two Clang Static Analyzer false positives
871             #59  Resolve troublesome macros hiding parser struct membership
872                    and dereferencing that pointer
873              #6  Resolve superfluous internal malloc/realloc switch
874       #153 #155  Improve docbook2x-man detection
875            #160  Undefine NDEBUG in the test suite (rather than rejecting it)
876            #161  Address compiler warnings
877                  Version info bumped from 7:6:6 to 7:7:6
878
879        Special thanks to:
880            Benbuck Nason
881            Hans Wennborg
882            José Gutiérrez de la Concha
883            Pedro Monreal Gonzalez
884            Rhodri James
885            Rolf Ade
886            Stephen Groat
887                 and
888            Core Infrastructure Initiative
889
890Release 2.2.4 Sat August 19 2017
891        Bug fixes:
892            #115  Fix copying of partial characters for UTF-8 input
893
894        Other changes:
895            #109  Fix "make check" for non-x86 architectures that default
896                    to unsigned type char (-128..127 rather than 0..255)
897            #109  coverage.sh: Cover -funsigned-char
898                  Autotools: Introduce --without-xmlwf argument
899             #65  Autotools: Replace handwritten Makefile with GNU Automake
900             #43  CMake: Auto-detect high quality entropy extractors, add new
901                    option USE_libbsd=ON to use arc4random_buf of libbsd
902             #74  CMake: Add -fno-strict-aliasing only where supported
903            #114  CMake: Always honor manually set BUILD_* options
904            #114  CMake: Compile man page if docbook2x-man is available, only
905            #117  Include file tests/xmltest.log.expected in source tarball
906                    (required for "make run-xmltest")
907            #117  Include (existing) Visual Studio 2013 files in source tarball
908                  Improve test suite error output
909            #111  Fix some typos in documentation
910                  Version info bumped from 7:5:6 to 7:6:6
911
912        Special thanks to:
913            Jakub Wilk
914            Joe Orton
915            Lin Tian
916            Rolf Eike Beer
917
918Release 2.2.3 Wed August 2 2017
919        Security fixes:
920             #82  CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
921                    using Steve Holme's LoadLibrary wrapper for/of cURL
922
923        Bug fixes:
924             #85  Fix a dangling pointer issue related to realloc
925
926        Other changes:
927                  Increase code coverage
928             #91  Linux: Allow getrandom to fail if nonblocking pool has not
929                    yet been initialized and read /dev/urandom then, instead.
930                    This is in line with what recent Python does.
931             #81  Pre-10.7/Lion macOS: Support entropy from arc4random
932             #86  Check that a UTF-16 encoding in an XML declaration has the
933                    right endianness
934        #4 #5 #7  Recover correctly when some reallocations fail
935                  Repair "./configure && make" for systems without any
936                    provider of high quality entropy
937                    and try reading /dev/urandom on those
938                  Ensure that user-defined character encodings have converter
939                    functions when they are needed
940                  Fix mis-leading description of argument -c in xmlwf.1
941                  Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
942                    for CloudABI
943            #100  Fix use of SIPHASH_MAIN in siphash.h
944             #23  Test suite: Fix memory leaks
945                  Version info bumped from 7:4:6 to 7:5:6
946
947        Special thanks to:
948            Chanho Park
949            Joe Orton
950            Pascal Cuoq
951            Rhodri James
952            Simon McVittie
953            Vadim Zeitlin
954            Viktor Szakats
955                 and
956            Core Infrastructure Initiative
957
958Release 2.2.2 Wed July 12 2017
959        Security fixes:
960             #43  Protect against compilation without any source of high
961                    quality entropy enabled, e.g. with CMake build system;
962                    commit ff0207e6076e9828e536b8d9cd45c9c92069b895
963             #60  Windows with _UNICODE:
964                    Unintended use of LoadLibraryW with a non-wide string
965                    resulted in failure to load advapi32.dll and degradation
966                    in quality of used entropy when compiled with _UNICODE for
967                    Windows; you can launch existing binaries with
968                    EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
969                    quality of entropy used during runtime; commits
970                    * 95b95032f907ef1cd17ee7a9a1768010a825d61d
971                    * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
972   [MOX-006]      Fix non-NULL parser parameter validation in XML_Parse;
973                    resulted in NULL dereference, previously;
974                    commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
975
976        Bug fixes:
977             #69  Fix improper use of unsigned long long integer literals
978
979        Other changes:
980             #73  Start requiring a C99 compiler
981             #49  Fix "==" Bashism in configure script
982             #50  Fix too eager getrandom detection for Debian GNU/kFreeBSD
983             #52    and macOS
984             #51  Address lack of stdint.h in Visual Studio 2003 to 2008
985             #58  Address compile warnings
986             #68  Fix "./buildconf.sh && ./configure" for some versions
987                    of Dash for /bin/sh
988             #72  CMake: Ease use of Expat in context of a parent project
989                    with multiple CMakeLists.txt files
990             #72  CMake: Resolve mistaken executable permissions
991             #76  Address compile warning with -DNDEBUG (not recommended!)
992             #77  Address compile warning about macro redefinition
993
994        Special thanks to:
995            Alexander Bluhm
996            Ben Boeckel
997            Cătălin Răceanu
998            Kerin Millar
999            László Böszörményi
1000            S. P. Zeidler
1001            Segev Finer
1002            Václav Slavík
1003            Victor Stinner
1004            Viktor Szakats
1005                 and
1006            Radically Open Security
1007
1008Release 2.2.1 Sat June 17 2017
1009        Security fixes:
1010                  CVE-2017-9233 -- External entity infinite loop DoS
1011                    Details: https://libexpat.github.io/doc/cve-2017-9233/
1012                    Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
1013   [MOX-002]      CVE-2016-9063 -- Detect integer overflow; commit
1014                    d4f735b88d9932bd5039df2335eefdd0723dbe20
1015                    (Fixed version of existing downstream patches!)
1016   (SF.net) #539  Fix regression from fix to CVE-2016-0718 cutting off
1017                    longer tag names; commits
1018                    * 896b6c1fd3b842f377d1b62135dccf0a579cf65d
1019                    * af507cef2c93cb8d40062a0abe43a4f4e9158fb2
1020             #16    * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
1021             #25  More integer overflow detection (function poolGrow); commits
1022                    * 810b74e4703dcfdd8f404e3cb177d44684775143
1023                    * 44178553f3539ce69d34abee77a05e879a7982ac
1024   [MOX-002]      Detect overflow from len=INT_MAX call to XML_Parse; commits
1025                    * 4be2cb5afcc018d996f34bbbce6374b7befad47f
1026                    * 7e5b71b748491b6e459e5c9a1d090820f94544d8
1027   [MOX-005] #30  Use high quality entropy for hash initialization:
1028                    * arc4random_buf on BSD, systems with libbsd
1029                      (when configured with --with-libbsd), CloudABI
1030                    * RtlGenRandom on Windows XP / Server 2003 and later
1031                    * getrandom on Linux 3.17+
1032                    In a way, that's still part of CVE-2016-5300.
1033                    https://github.com/libexpat/libexpat/pull/30/commits
1034   [MOX-005]      For the low quality entropy extraction fallback code,
1035                    the parser instance address can no longer leak, commit
1036                    04ad658bd3079dd15cb60fc67087900f0ff4b083
1037   [MOX-003]      Prevent use of uninitialised variable; commit
1038   [MOX-004]        a4dc944f37b664a3ca7199c624a98ee37babdb4b
1039                  Add missing parameter validation to public API functions
1040                    and dedicated error code XML_ERROR_INVALID_ARGUMENT:
1041   [MOX-006]        * NULL checks; commits
1042                      * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
1043                      * 9ed727064b675b7180c98cb3d4f75efba6966681
1044                      * 6a747c837c50114dfa413994e07c0ba477be4534
1045                    * Negative length (XML_Parse); commit
1046   [MOX-002]          70db8d2538a10f4c022655d6895e4c3e78692e7f
1047   [MOX-001] #35  Change hash algorithm to William Ahern's version of SipHash
1048                    to go further with fixing CVE-2012-0876.
1049                    https://github.com/libexpat/libexpat/pull/39/commits
1050
1051        Bug fixes:
1052             #32  Fix sharing of hash salt across parsers;
1053                    relevant where XML_ExternalEntityParserCreate is called
1054                    prior to XML_Parse, in particular (e.g. FBReader)
1055             #28  xmlwf: Auto-disable use of memory-mapping (and parsing
1056                    as a single chunk) for files larger than ~1 GB (2^30 bytes)
1057                    rather than failing with error "out of memory"
1058              #3  Fix double free after malloc failure in DTD code; commit
1059                    7ae9c3d3af433cd4defe95234eae7dc8ed15637f
1060             #17  Fix memory leak on parser error for unbound XML attribute
1061                    prefix with new namespaces defined in the same tag;
1062                    found by Google's OSS-Fuzz; commits
1063                    * 16f87daae5a16132e479e4f71862128c7a915c73
1064                    * b47dbc9745932c160893d433220e462bd605f8cd
1065                  xmlwf on Windows: Add missing calls to CloseHandle
1066
1067        New features:
1068             #30  Introduced environment switch EXPAT_ENTROPY_DEBUG=1
1069                    for runtime debugging of entropy extraction
1070
1071        Other changes:
1072                  Increase code coverage
1073             #33  Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
1074                    XML_UNICODE_WCHAR_T was never meant to be used outside
1075                    of Windows; 4-byte wchar_t is common on Linux
1076   (SF.net) #538  Start using -fno-strict-aliasing
1077   (SF.net) #540  Support compilation against cloudlibc of CloudABI
1078                  Allow MinGW cross-compilation
1079   (SF.net) #534  CMake: Introduce option "BUILD_doc" (enabled by default)
1080                    to bypass compilation of the xmlwf.1 man page
1081   (SF.net)  pr2  CMake: Introduce option "INSTALL" (enabled by default)
1082                    to bypass installation of expat files
1083                  CMake: Fix ninja support
1084                  Autotools: Add parameters --enable-xml-context [COUNT]
1085                    and --disable-xml-context; default of context of 1024
1086                    bytes enabled unchanged
1087             #14  Drop AmigaOS 4.x code and includes
1088             #14  Drop ancient build systems:
1089                    * Borland C++ Builder
1090                    * OpenVMS
1091                    * Open Watcom
1092                    * Visual Studio 6.0
1093                    * Pre-X Mac OS (MPW Makefile)
1094                    If you happen to rely on some of these, please get in
1095                    touch for joining with maintenance.
1096             #10  Move from WIN32 to _WIN32
1097             #13  Fix "make run-xmltest" order instability
1098                  Address compile warnings
1099                  Bump version info from 7:2:6 to 7:3:6
1100                  Add AUTHORS file
1101
1102        Infrastructure:
1103              #1  Migrate from SourceForge to GitHub (except downloads):
1104                    https://github.com/libexpat/
1105              #1  Re-create http://libexpat.org/ project website
1106                  Start utilizing Travis CI
1107
1108        Special thanks to:
1109            Andy Wang
1110            Don Lewis
1111            Ed Schouten
1112            Karl Waclawek
1113            Pascal Cuoq
1114            Rhodri James
1115            Sergei Nikulov
1116            Tobias Taschner
1117            Viktor Szakats
1118                 and
1119            Core Infrastructure Initiative
1120            Mozilla Foundation (MOSS Track 3: Secure Open Source)
1121            Radically Open Security
1122
1123Release 2.2.0 Tue June 21 2016
1124        Security fixes:
1125            #537  CVE-2016-0718 -- Fix crash on malformed input
1126                  CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
1127                                   CVE-2015-2716 introduced with Expat 2.1.1
1128            #499  CVE-2016-5300 -- Use more entropy for hash initialization
1129                                   than the original fix to CVE-2012-0876
1130            #519  CVE-2012-6702 -- Resolve troublesome internal call to srand
1131                                   that was introduced with Expat 2.1.0
1132                                   when addressing CVE-2012-0876 (issue #496)
1133
1134        Bug fixes:
1135                  Fix uninitialized reads of size 1
1136                    (e.g. in little2_updatePosition)
1137                  Fix detection of UTF-8 character boundaries
1138
1139        Other changes:
1140            #532  Fix compilation for Visual Studio 2010 (keyword "C99")
1141                  Autotools: Resolve use of "$<" to better support bmake
1142                  Autotools: Add QA script "qa.sh" (and make target "qa")
1143                  Autotools: Respect CXXFLAGS if given
1144                  Autotools: Fix "make run-xmltest"
1145                  Autotools: Have "make run-xmltest" check for expected output
1146             p90  CMake: Fix static build (BUILD_shared=OFF) on Windows
1147            #536  CMake: Add soversion, support -DNO_SONAME=yes to bypass
1148            #323  CMake: Add suffix "d" to differentiate debug from release
1149                  CMake: Define WIN32 with CMake on Windows
1150                  Annotate memory allocators for GCC
1151                  Address all currently known compile warnings
1152                  Make sure that API symbols remain visible despite
1153                    -fvisibility=hidden
1154                  Remove executable flag from source files
1155                  Resolve COMPILED_FROM_DSP in favor of WIN32
1156
1157        Special thanks to:
1158            Björn Lindahl
1159            Christian Heimes
1160            Cristian Rodríguez
1161            Daniel Krügler
1162            Gustavo Grieco
1163            Karl Waclawek
1164            László Böszörményi
1165            Marco Grassi
1166            Pascal Cuoq
1167            Sergei Nikulov
1168            Thomas Beutlich
1169            Warren Young
1170            Yann Droneaud
1171
1172Release 2.1.1 Sat March 12 2016
1173        Security fixes:
1174            #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
1175
1176        Bug fixes:
1177            #502: Fix potential null pointer dereference
1178            #520: Symbol XML_SetHashSalt was not exported
1179            Output of "xmlwf -h" was incomplete
1180
1181        Other changes:
1182            #503: Document behavior of calling XML_SetHashSalt with salt 0
1183            Minor improvements to man page xmlwf(1)
1184            Improvements to the experimental CMake build system
1185            libtool now invoked with --verbose
1186
1187Release 2.1.0 Sat March 24 2012
1188        - Security fixes:
1189          #2958794: CVE-2012-1148 - Memory leak in poolGrow.
1190          #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
1191          #3496608: CVE-2012-0876 - Hash DOS attack.
1192          #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
1193          #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
1194        - Bug Fixes:
1195          #1742315: Harmful XML_ParserCreateNS suggestion.
1196          #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
1197          #1983953, 2517952, 2517962, 2649838:
1198                Build modifications using autoreconf instead of buildconf.sh.
1199          #2815947, #2884086: OBJEXT and EXEEXT support while building.
1200          #2517938: xmlwf should return non-zero exit status if not well-formed.
1201          #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
1202          #2855609: Dangling positionPtr after error.
1203          #2990652: CMake support.
1204          #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
1205          #3206497: Uninitialized memory returned from XML_Parse.
1206          #3287849: make check fails on mingw-w64.
1207        - Patches:
1208          #1749198: pkg-config support.
1209          #3010222: Fix for bug #3010819.
1210          #3312568: CMake support.
1211          #3446384: Report byte offsets for attr names and values.
1212        - New Features / API changes:
1213          Added new API member XML_SetHashSalt() that allows setting an initial
1214                value (salt) for hash calculations. This is part of the fix for
1215                bug #3496608 to randomize hash parameters.
1216          When compiled with XML_ATTR_INFO defined, adds new API member
1217                XML_GetAttributeInfo() that allows retrieving the byte
1218                offsets for attribute names and values (patch #3446384).
1219          Added CMake build system.
1220                See bug #2990652 and patch #3312568.
1221          Added run-benchmark target to Makefile.in - relies on testdata module
1222                present in the same relative location as in the repository.
1223
1224Release 2.0.1 Tue June 5 2007
1225        - Fixed bugs #1515266, #1515600: The character data handler's calling
1226          of XML_StopParser() was not handled properly; if the parser was
1227          stopped and the handler set to NULL, the parser would segfault.
1228        - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
1229          some character constants to be ASCII encoded.
1230        - Minor cleanups of the test harness.
1231        - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
1232        - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
1233        - Fixes and improvements for Windows platform:
1234          bugs #1409451, #1476160, #1548182, #1602769, #1717322.
1235        - Build fixes for various platforms:
1236          HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
1237          All Unix: #1554618 (refreshed config.sub/config.guess).
1238                    #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
1239                    without relying on GNU-Make specific features.
1240          #1647805: Patched configure.in to work better with Intel compiler.
1241        - Fixes to Makefile.in to have make check work correctly:
1242          bugs #1408143, #1535603, #1536684.
1243        - Added Open Watcom support: patch #1523242.
1244
1245Release 2.0.0 Wed Jan 11 2006
1246        - We no longer use the "check" library for C unit testing; we
1247          always use the (partial) internal implementation of the API.
1248        - Report XML_NS setting via XML_GetFeatureList().
1249        - Fixed headers for use from C++.
1250        - XML_GetCurrentLineNumber() and  XML_GetCurrentColumnNumber()
1251          now return unsigned integers.
1252        - Added XML_LARGE_SIZE switch to enable 64-bit integers for
1253          byte indexes and line/column numbers.
1254        - Updated to use libtool 1.5.22 (the most recent).
1255        - Added support for AmigaOS.
1256        - Some mostly minor bug fixes. SF issues include: #1006708,
1257          #1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
1258
1259Release 1.95.8 Fri Jul 23 2004
1260        - Major new feature: suspend/resume.  Handlers can now request
1261          that a parse be suspended for later resumption or aborted
1262          altogether.  See "Temporarily Stopping Parsing" in the
1263          documentation for more details.
1264        - Some mostly minor bug fixes, but compilation should no
1265          longer generate warnings on most platforms.  SF issues
1266          include: #827319, #840173, #846309, #888329, #896188, #923913,
1267          #928113, #961698, #985192.
1268
1269Release 1.95.7 Mon Oct 20 2003
1270        - Fixed enum XML_Status issue (reported on SourceForge many
1271          times), so compilers that are properly picky will be happy.
1272        - Introduced an XMLCALL macro to control the calling
1273          convention used by the Expat API; this macro should be used
1274          to annotate prototypes and definitions of callback
1275          implementations in code compiled with a calling convention
1276          other than the default convention for the host platform.
1277        - Improved ability to build without the configure-generated
1278          expat_config.h header.  This is useful for applications
1279          which embed Expat rather than linking in the library.
1280        - Fixed a variety of bugs: see SF issues #458907, #609603,
1281          #676844, #679754, #692878, #692964, #695401, #699323, #699487,
1282          #820946.
1283        - Improved hash table lookups.
1284        - Added more regression tests and improved documentation.
1285
1286Release 1.95.6 Tue Jan 28 2003
1287        - Added XML_FreeContentModel().
1288        - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
1289        - Fixed a variety of bugs: see SF issues #615606, #616863,
1290          #618199, #653180, #673791.
1291        - Enhanced the regression test suite.
1292        - Man page improvements: includes SF issue #632146.
1293
1294Release 1.95.5 Fri Sep 6 2002
1295        - Added XML_UseForeignDTD() for improved SAX2 support.
1296        - Added XML_GetFeatureList().
1297        - Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
1298        - Use an incomplete struct instead of a void* for the parser
1299          (may not retain).
1300        - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
1301        - Finally fixed bug where default handler would report DTD
1302          events that were already handled by another handler.
1303          Initial patch contributed by Darryl Miles.
1304        - Removed unnecessary DllMain() function that caused static
1305          linking into a DLL to be difficult.
1306        - Added VC++ projects for building static libraries.
1307        - Reduced line-length for all source code and headers to be
1308          no longer than 80 characters, to help with AS/400 support.
1309        - Reduced memory copying during parsing (SF patch #600964).
1310        - Fixed a variety of bugs: see SF issues #580793, #434664,
1311          #483514, #580503, #581069, #584041, #584183, #584832, #585537,
1312          #596555, #596678, #598352, #598944, #599715, #600479, #600971.
1313
1314Release 1.95.4 Fri Jul 12 2002
1315        - Added support for VMS, contributed by Craig Berry.  See
1316          vms/README.vms for more information.
1317        - Added Mac OS (classic) support, with a makefile for MPW,
1318          contributed by Thomas Wegner and Daryle Walker.
1319        - Added Borland C++ Builder 5 / BCC 5.5 support, contributed
1320          by Patrick McConnell (SF patch #538032).
1321        - Fixed a variety of bugs: see SF issues #441449, #563184,
1322          #564342, #566334, #566901, #569461, #570263, #575168, #579196.
1323        - Made skippedEntityHandler conform to SAX2 (see source comment)
1324        - Re-implemented WFC: Entity Declared from XML 1.0 spec and
1325          added a new error "entity declared in parameter entity":
1326          see SF bug report #569461 and SF patch #578161
1327        - Re-implemented section 5.1 from XML 1.0 spec:
1328          see SF bug report #570263 and SF patch #578161
1329
1330Release 1.95.3 Mon Jun 3 2002
1331        - Added a project to the MSVC workspace to create a wchar_t
1332          version of the library; the DLLs are named libexpatw.dll.
1333        - Changed the name of the Windows DLLs from expat.dll to
1334          libexpat.dll; this fixes SF bug #432456.
1335        - Added the XML_ParserReset() API function.
1336        - Fixed XML_SetReturnNSTriplet() to work for element names.
1337        - Made the XML_UNICODE builds usable (thanks, Karl!).
1338        - Allow xmlwf to read from standard input.
1339        - Install a man page for xmlwf on Unix systems.
1340        - Fixed many bugs; see SF bug reports #231864, #461380, #464837,
1341          #466885, #469226, #477667, #484419, #487840, #494749, #496505,
1342          #547350.  Other bugs which we can't test as easily may also
1343          have been fixed, especially in the area of build support.
1344
1345Release 1.95.2 Fri Jul 27 2001
1346        - More changes to make MSVC happy with the build; add a single
1347          workspace to support both the library and xmlwf application.
1348        - Added a Windows installer for Windows users; includes
1349          xmlwf.exe.
1350        - Added compile-time constants that can be used to determine the
1351          Expat version
1352        - Removed a lot of GNU-specific dependencies to aide portability
1353          among the various Unix flavors.
1354        - Fix the UTF-8 BOM bug.
1355        - Cleaned up warning messages for several compilers.
1356        - Added the -Wall, -Wstrict-prototypes options for GCC.
1357
1358Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
1359        - Changes to get expat to build under Microsoft compiler
1360        - Removed all aborts and instead return an UNEXPECTED_STATE error.
1361        - Fixed a bug where a stray '%' in an entity value would cause an
1362          abort.
1363        - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
1364          finding this oversight.
1365        - Changed default patterns in lib/Makefile.in to fit non-GNU makes
1366          Thanks to robin@unrated.net for reporting and providing an
1367          account to test on.
1368        - The reference had the wrong label for XML_SetStartNamespaceDecl.
1369          Reported by an anonymous user.
1370
1371Release 1.95.0 Fri Sep 29 2000
1372        - XML_ParserCreate_MM
1373                Allows you to set a memory management suite to replace the
1374                standard malloc,realloc, and free.
1375        - XML_SetReturnNSTriplet
1376                If you turn this feature on when namespace processing is in
1377                effect, then qualified, prefixed element and attribute names
1378                are returned as "uri|name|prefix" where '|' is whatever
1379                separator character is used in namespace processing.
1380        - Merged in features from perl-expat
1381                o XML_SetElementDeclHandler
1382                o XML_SetAttlistDeclHandler
1383                o XML_SetXmlDeclHandler
1384                o XML_SetEntityDeclHandler
1385                o StartDoctypeDeclHandler takes 3 additional parameters:
1386                        sysid, pubid, has_internal_subset
1387                o Many paired handler setters (like XML_SetElementHandler)
1388                  now have corresponding individual handler setters
1389                o XML_GetInputContext for getting the input context of
1390                  the current parse position.
1391        - Added reference material
1392        - Packaged into a distribution that builds a sharable library
1393