1NOTE: We are looking for help with a few things: 2 https://github.com/libexpat/libexpat/labels/help%20wanted 3 If you can help, please get in touch. Thanks! 4 5Release 2.6.0 Tue February 6 2024 6 Security fixes: 7 #789 #814 CVE-2023-52425 -- Fix quadratic runtime issues with big tokens 8 that can cause denial of service, in partial where 9 dealing with compressed XML input. Applications 10 that parsed a document in one go -- a single call to 11 functions XML_Parse or XML_ParseBuffer -- were not affected. 12 The smaller the chunks/buffers you use for parsing 13 previously, the bigger the problem prior to the fix. 14 Backporters should be careful to no omit parts of 15 pull request #789 and to include earlier pull request #771, 16 in order to not break the fix. 17 #777 CVE-2023-52426 -- Fix billion laughs attacks for users 18 compiling *without* XML_DTD defined (which is not common). 19 Users with XML_DTD defined have been protected since 20 Expat >=2.4.0 (and that was CVE-2013-0340 back then). 21 22 Bug fixes: 23 #753 Fix parse-size-dependent "invalid token" error for 24 external entities that start with a byte order mark 25 #780 Fix NULL pointer dereference in setContext via 26 XML_ExternalEntityParserCreate for compilation with 27 XML_DTD undefined 28 #812 #813 Protect against closing entities out of order 29 30 Other changes: 31 #723 Improve support for arc4random/arc4random_buf 32 #771 #788 Improve buffer growth in XML_GetBuffer and XML_Parse 33 #761 #770 xmlwf: Support --help and --version 34 #759 #770 xmlwf: Support custom buffer size for XML_GetBuffer and read 35 #744 xmlwf: Improve language and URL clickability in help output 36 #673 examples: Add new example "element_declarations.c" 37 #764 Be stricter about macro XML_CONTEXT_BYTES at build time 38 #765 Make inclusion to expat_config.h consistent 39 #726 #727 Autotools: configure.ac: Support --disable-maintainer-mode 40 #678 #705 .. 41 #706 #733 #792 Autotools: Sync CMake templates with CMake 3.26 42 #795 Autotools: Make installation of shipped man page doc/xmlwf.1 43 independent of docbook2man availability 44 #815 Autotools|CMake: Add missing -DXML_STATIC to pkg-config file 45 section "Cflags.private" in order to fix compilation 46 against static libexpat using pkg-config on Windows 47 #724 #751 Autotools|CMake: Require a C99 compiler 48 (a de-facto requirement already since Expat 2.2.2 of 2017) 49 #793 Autotools|CMake: Fix PACKAGE_BUGREPORT variable 50 #750 #786 Autotools|CMake: Make test suite require a C++11 compiler 51 #749 CMake: Require CMake >=3.5.0 52 #672 CMake: Lowercase off_t and size_t to help a bug in Meson 53 #746 CMake: Sort xmlwf sources alphabetically 54 #785 CMake|Windows: Fix generation of DLL file version info 55 #790 CMake: Build tests/benchmark/benchmark.c as well for 56 a build with -DEXPAT_BUILD_TESTS=ON 57 #745 #757 docs: Document the importance of isFinal + adjust tests 58 accordingly 59 #736 docs: Improve use of "NULL" and "null" 60 #713 docs: Be specific about version of XML (XML 1.0r4) 61 and version of C (C99); (XML 1.0r5 will need a sponsor.) 62 #762 docs: reference.html: Promote function XML_ParseBuffer more 63 #779 docs: reference.html: Add HTML anchors to XML_* macros 64 #760 docs: reference.html: Upgrade to OK.css 1.2.0 65 #763 #739 docs: Fix typos 66 #696 docs|CI: Use HTTPS URLs instead of HTTP at various places 67 #669 #670 .. 68 #692 #703 .. 69 #733 #772 Address compiler warnings 70 #798 #800 Address clang-tidy warnings 71 #775 #776 Version info bumped from 9:10:8 (libexpat*.so.1.8.10) 72 to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ 73 for what these numbers do 74 75 Infrastructure: 76 #700 #701 docs: Document security policy in file SECURITY.md 77 #766 docs: Improve parse buffer variables in-code documentation 78 #674 #738 .. 79 #740 #747 .. 80 #748 #781 #782 Refactor coverage and conformance tests 81 #714 #716 Refactor debug level variables to unsigned long 82 #671 Improve handling of empty environment variable value 83 in function getDebugLevel (without visible user effect) 84 #755 #774 .. 85 #758 #783 .. 86 #784 #787 tests: Improve test coverage with regard to parse chunk size 87 #660 #797 #801 Fuzzing: Improve fuzzing coverage 88 #367 #799 Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests 89 #698 #721 CI: Resolve some Travis CI leftovers 90 #669 CI: Be robust towards absence of Git tags 91 #693 #694 CI: Set permissions to "contents: read" for security 92 #709 CI: Pin all GitHub Actions to specific commits for security 93 #739 CI: Reject spelling errors using codespell 94 #798 CI: Enforce clang-tidy clean code 95 #773 #808 .. 96 #809 #810 CI: Upgrade Clang from 15 to 18 97 #796 CI: Start using Clang's Control Flow Integrity sanitizer 98 #675 #720 #722 CI: Adapt to breaking changes in GitHub Actions Ubuntu images 99 #689 CI: Adapt to breaking changes in Clang/LLVM Debian packaging 100 #763 CI: Adapt to breaking changes in codespell 101 #803 CI: Adapt to breaking changes in Cppcheck 102 103 Special thanks to: 104 Ivan Galkin 105 Joyce Brum 106 Philippe Antoine 107 Rhodri James 108 Snild Dolkow 109 spookyahell 110 Steven Garske 111 and 112 Clang AddressSanitizer 113 Clang UndefinedBehaviorSanitizer 114 codespell 115 GCC Farm Project 116 OSS-Fuzz 117 Sony Mobile 118 119Release 2.5.0 Tue October 25 2022 120 Security fixes: 121 #616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager 122 destruction of a shared DTD in function 123 XML_ExternalEntityParserCreate in out-of-memory situations. 124 Expected impact is denial of service or potentially 125 arbitrary code execution. 126 127 Bug fixes: 128 #612 #645 Fix corruption from undefined entities 129 #613 #654 Fix case when parsing was suspended while processing nested 130 entities 131 #616 #652 #653 Stop leaking opening tag bindings after a closing tag 132 mismatch error where a parser is reset through 133 XML_ParserReset and then reused to parse 134 #656 CMake: Fix generation of pkg-config file 135 #658 MinGW|CMake: Fix static library name 136 137 Other changes: 138 #663 Protect header expat_config.h from multiple inclusion 139 #666 examples: Make use of XML_GetBuffer and be more 140 consistent across examples 141 #648 Address compiler warnings 142 #667 #668 Version info bumped from 9:9:8 to 9:10:8; 143 see https://verbump.de/ for what these numbers do 144 145 Special thanks to: 146 Jann Horn 147 Mark Brand 148 Osyotr 149 Rhodri James 150 and 151 Google Project Zero 152 153Release 2.4.9 Tue September 20 2022 154 Security fixes: 155 #629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in 156 function doContent. Expected impact is denial of service 157 or potentially arbitrary code execution. 158 159 Bug fixes: 160 #634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0 161 #614 docs: Fix documentation on effect of switch XML_DTD on 162 symbol visibility in doc/reference.html 163 164 Other changes: 165 #638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output 166 #596 #625 Autotools: Sync CMake templates with CMake 3.22 167 #608 CMake: Migrate from use of CMAKE_*_POSTFIX to 168 dedicated variables EXPAT_*_POSTFIX to stop affecting 169 other projects 170 #597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners 171 and fuzzers 172 #512 #621 Windows|CMake: Render .def file from a template to fix 173 linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON 174 #611 #621 MinGW|CMake: Apply MSVC .def file when linking 175 #622 #624 MinGW|CMake: Sync library name with GNU Autotools, 176 i.e. produce libexpat-1.dll rather than libexpat.dll 177 by default. Filename libexpat.dll.a is unaffected. 178 #632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in 179 toolchain file "cmake/mingw-toolchain.cmake" to avoid 180 error "windres: Command not found" on e.g. Ubuntu 20.04 181 #597 #627 CMake: Unify inconsistent use of set() and option() in 182 context of public build time options to take need for 183 set(.. FORCE) in projects using Expat by means of 184 add_subdirectory(..) off Expat's users' shoulders 185 #626 #641 Stop exporting API symbols when building a static library 186 #644 Resolve use of deprecated "fgrep" by "grep -F" 187 #620 CMake: Make documentation on variables a bit more consistent 188 #636 CMake: Drop leading whitespace from a #cmakedefine line in 189 file expat_config.h.cmake 190 #594 xmlwf: Fix harmless variable mix-up in function nsattcmp 191 #592 #593 #610 Address Cppcheck warnings 192 #643 Address Clang 15 compiler warnings 193 #642 #644 Version info bumped from 9:8:8 to 9:9:8; 194 see https://verbump.de/ for what these numbers do 195 196 Infrastructure: 197 #597 #598 CI: Windows: Start covering MSVC 2022 198 #619 CI: macOS: Migrate off deprecated macOS 10.15 199 #632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work 200 #643 CI: Upgrade Clang from 14 to 15 201 #637 apply-clang-format.sh: Add support for BSD find 202 #633 coverage.sh: Exclude MinGW headers 203 #635 coverage.sh: Fix name collision for -funsigned-char 204 205 Special thanks to: 206 David Faure 207 Felix Wilhelm 208 Frank Bergmann 209 Rhodri James 210 Rosen Penev 211 Thijs Schreijer 212 Vincent Torri 213 and 214 Google Project Zero 215 216Release 2.4.8 Mon March 28 2022 217 Other changes: 218 #587 pkg-config: Move "-lm" to section "Libs.private" 219 #587 CMake|MSVC: Fix pkg-config section "Libs" 220 #55 #582 CMake|macOS: Start using linker arguments 221 "-compatibility_version <version>" and 222 "-current_version <version>" in a way compatible with 223 GNU Libtool 224 #590 #591 Version info bumped from 9:7:8 to 9:8:8; 225 see https://verbump.de/ for what these numbers do 226 227 Infrastructure: 228 #589 CI: Upgrade Clang from 13 to 14 229 230 Special thanks to: 231 evpobr 232 Kai Pastor 233 Sam James 234 235Release 2.4.7 Fri March 4 2022 236 Bug fixes: 237 #572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5) 238 with regard to all valid URI characters (RFC 3986), 239 i.e. the following set (excluding whitespace): 240 ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 241 0123456789 % -._~ :/?#[]@ !$&'()*+,;= 242 243 Other changes: 244 #555 #570 #581 CMake|Windows: Store Expat version in the DLL 245 #577 Document consequences of namespace separator choices not just 246 in doc/reference.html but also in header <expat.h> 247 #577 Document Expat's lack of validation of namespace URIs against 248 RFC 3986, and that the XML 1.0r4 specification doesn't 249 require Expat to validate namespace URIs, and that Expat 250 may do more in that regard in future releases. 251 If you find need for strict RFC 3986 URI validation on 252 application level today, https://uriparser.github.io/ may 253 be of interest. 254 #579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h> 255 #575 Document that a call to XML_FreeContentModel can be done at 256 a later time from outside the element declaration handler 257 #574 Make hardcoded namespace URIs easier to find in code 258 #573 Update documentation on use of XML_POOR_ENTOPY on Solaris 259 #569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++ 260 4.8.2 on Solaris. 261 #578 #580 Version info bumped from 9:6:8 to 9:7:8; 262 see https://verbump.de/ for what these numbers do 263 264 Special thanks to: 265 Jeffrey Walton 266 Johnny Jazeix 267 Thijs Schreijer 268 269Release 2.4.6 Sun February 20 2022 270 Bug fixes: 271 #566 Fix a regression introduced by the fix for CVE-2022-25313 272 in release 2.4.5 that affects applications that (1) 273 call function XML_SetElementDeclHandler and (2) are 274 parsing XML that contains nested element declarations 275 (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>"). 276 277 Other changes: 278 #567 #568 Version info bumped from 9:5:8 to 9:6:8; 279 see https://verbump.de/ for what these numbers do 280 281 Special thanks to: 282 Matt Sergeant 283 Samanta Navarro 284 Sergei Trofimovich 285 and 286 NixOS 287 Perl XML::Parser 288 289Release 2.4.5 Fri February 18 2022 290 Security fixes: 291 #562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8 292 sequences (e.g. from start tag names) to the XML 293 processing application on top of Expat can cause 294 arbitrary damage (e.g. code execution) depending 295 on how invalid UTF-8 is handled inside the XML 296 processor; validation was not their job but Expat's. 297 Exploits with code execution are known to exist. 298 #561 CVE-2022-25236 -- Passing (one or more) namespace separator 299 characters in "xmlns[:prefix]" attribute values 300 made Expat send malformed tag names to the XML 301 processor on top of Expat which can cause 302 arbitrary damage (e.g. code execution) depending 303 on such unexpectable cases are handled inside the XML 304 processor; validation was not their job but Expat's. 305 Exploits with code execution are known to exist. 306 #558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing 307 that could be triggered by e.g. a 2 megabytes 308 file with a large number of opening braces. 309 Expected impact is denial of service or potentially 310 arbitrary code execution. 311 #560 CVE-2022-25314 -- Fix integer overflow in function copyString; 312 only affects the encoding name parameter at parser creation 313 time which is often hardcoded (rather than user input), 314 takes a value in the gigabytes to trigger, and a 64-bit 315 machine. Expected impact is denial of service. 316 #559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames; 317 needs input in the gigabytes and a 64-bit machine. 318 Expected impact is denial of service or potentially 319 arbitrary code execution. 320 321 Other changes: 322 #557 #564 Version info bumped from 9:4:8 to 9:5:8; 323 see https://verbump.de/ for what these numbers do 324 325 Special thanks to: 326 Ivan Fratric 327 Samanta Navarro 328 and 329 Google Project Zero 330 JetBrains 331 332Release 2.4.4 Sun January 30 2022 333 Security fixes: 334 #550 CVE-2022-23852 -- Fix signed integer overflow 335 (undefined behavior) in function XML_GetBuffer 336 (that is also called by function XML_Parse internally) 337 for when XML_CONTEXT_BYTES is defined to >0 (which is both 338 common and default). 339 Impact is denial of service or more. 340 #551 CVE-2022-23990 -- Fix unsigned integer overflow in function 341 doProlog triggered by large content in element type 342 declarations when there is an element declaration handler 343 present (from a prior call to XML_SetElementDeclHandler). 344 Impact is denial of service or more. 345 346 Bug fixes: 347 #544 #545 xmlwf: Fix a memory leak on output file opening error 348 349 Other changes: 350 #546 Autotools: Fix broken CMake support under Cygwin 351 #554 Windows: Add missing files to the installer to fix 352 compilation with CMake from installed sources 353 #552 #554 Version info bumped from 9:3:8 to 9:4:8; 354 see https://verbump.de/ for what these numbers do 355 356 Special thanks to: 357 Carlo Bramini 358 hwt0415 359 Roland Illig 360 Samanta Navarro 361 and 362 Clang LeakSan and the Clang team 363 364Release 2.4.3 Sun January 16 2022 365 Security fixes: 366 #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places 367 resulting in 368 a) realloc acting as free 369 b) realloc allocating too few bytes 370 c) undefined behavior 371 depending on architecture and precise value 372 for XML documents with >=2^27+1 prefixed attributes 373 on a single XML tag a la 374 "<r xmlns:a='[..]' a:a123='[..]' [..] />" 375 where XML_ParserCreateNS is used to create the parser 376 (which needs argument "-n" when running xmlwf). 377 Impact is denial of service, or more. 378 #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow 379 on variable m_groupSize in function doProlog leading 380 to realloc acting as free. 381 Impact is denial of service or more. 382 #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows 383 near memory allocation at multiple places. Mitre assigned 384 a dedicated CVE for each involved internal C function: 385 - CVE-2022-22822 for function addBinding 386 - CVE-2022-22823 for function build_model 387 - CVE-2022-22824 for function defineAttribute 388 - CVE-2022-22825 for function lookup 389 - CVE-2022-22826 for function nextScaffoldPart 390 - CVE-2022-22827 for function storeAtts 391 Impact is denial of service or more. 392 393 Other changes: 394 #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19 395 #541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin 396 and MSYS2 by not going through Wine on these platforms 397 #527 #528 Address compiler warnings 398 #533 #543 Version info bumped from 9:2:8 to 9:3:8; 399 see https://verbump.de/ for what these numbers do 400 401 Infrastructure: 402 #536 CI: Check for realistic minimum CMake version 403 #529 #539 CI: Cover compilation with -m32 404 #529 CI: Store coverage reports as artifacts for download 405 #528 CI: Upgrade Clang from 11 to 13 406 407 Special thanks to: 408 An anonymous whitehat 409 Christopher Degawa 410 J. Peter Mugaas 411 Tyson Smith 412 and 413 GCC Farm Project 414 Trend Micro Zero Day Initiative 415 416Release 2.4.2 Sun December 19 2021 417 Other changes: 418 #509 #510 Link againgst libm for function "isnan" 419 #513 #514 Include expat_config.h as early as possible 420 #498 Autotools: Include files with release archives: 421 - buildconf.sh 422 - fuzz/*.c 423 #507 #519 Autotools: Sync CMake templates with CMake 3.20 424 #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for 425 - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug) 426 - multi-config CMake generators (e.g. Ninja Multi-Config) 427 #502 #503 docs: Document that function XML_GetBuffer may return NULL 428 when asking for a buffer of 0 (zero) bytes size 429 #522 #523 docs: Fix return value docs for both 430 XML_SetBillionLaughsAttackProtection* functions 431 #525 #526 Version info bumped from 9:1:8 to 9:2:8; 432 see https://verbump.de/ for what these numbers do 433 434 Special thanks to: 435 Donghee Na 436 Joergen Ibsen 437 Kai Pastor 438 439Release 2.4.1 Sun May 23 2021 440 Bug fixes: 441 #488 #490 Autotools: Fix installed header expat_config.h for multilib 442 systems; regression introduced in 2.4.0 by pull request #486 443 444 Other changes: 445 #491 #492 Version info bumped from 9:0:8 to 9:1:8; 446 see https://verbump.de/ for what these numbers do 447 448 Special thanks to: 449 Gentoo's QA check "multilib_check_headers" 450 451Release 2.4.0 Sun May 23 2021 452 Security fixes: 453 #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks 454 (denial-of-service; flavors targeting CPU time or RAM or both, 455 leveraging general entities or parameter entities or both) 456 by tracking and limiting the input amplification factor 457 (<amplification> := (<direct> + <indirect>) / <direct>). 458 By conservative default, amplification up to a factor of 100.0 459 is tolerated and rejection only starts after 8 MiB of output bytes 460 (=<direct> + <indirect>) have been processed. 461 The fix adds the following to the API: 462 - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to 463 signals this specific condition. 464 - Two new API functions .. 465 - XML_SetBillionLaughsAttackProtectionMaximumAmplification and 466 - XML_SetBillionLaughsAttackProtectionActivationThreshold 467 .. to further tighten billion laughs protection parameters 468 when desired. Please see file "doc/reference.html" for details. 469 If you ever need to increase the defaults for non-attack XML 470 payload, please file a bug report with libexpat. 471 - Two new XML_FEATURE_* constants .. 472 - that can be queried using the XML_GetFeatureList function, and 473 - that are shown in "xmlwf -v" output. 474 - Two new environment variable switches .. 475 - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and 476 - EXPAT_ENTITY_DEBUG=(0|1) 477 .. for runtime debugging of accounting and entity processing. 478 Specific behavior of these values may change in the future. 479 - Two new command line arguments "-a FACTOR" and "-b BYTES" 480 for xmlwf to further tighten billion laughs protection 481 parameters when desired. 482 If you ever need to increase the defaults for non-attack XML 483 payload, please file a bug report with libexpat. 484 485 Bug fixes: 486 #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) 487 or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault 488 for UTF-16 payloads containing CDATA sections. 489 #485 #486 Autotools: Fix generated CMake files for non-64bit and 490 non-Linux platforms (e.g. macOS and MinGW in particular) 491 that were introduced with release 2.3.0 492 493 Other changes: 494 #468 #469 xmlwf: Improve help output and the xmlwf man page 495 #463 xmlwf: Improve maintainability through some refactoring 496 #477 xmlwf: Fix man page DocBook validity 497 #456 Autotools: Sync CMake templates with CMake 3.18 498 #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR 499 and CMAKE_INSTALL_INCLUDEDIR 500 #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS 501 #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters 502 #467 Resolve macro HAVE_EXPAT_CONFIG_H 503 #472 Delete unused legacy helper file "conftools/PrintPath" 504 #473 #483 Improve attribution 505 #464 #465 #477 doc/reference.html: Fix XHTML validity 506 #475 #478 doc/reference.html: Replace the 90s look by OK.css 507 #479 Version info bumped from 8:0:7 to 9:0:8 508 due to addition of new symbols and error codes; 509 see https://verbump.de/ for what these numbers do 510 511 Infrastructure: 512 #456 CI: Enable periodic runs 513 #457 CI: Start covering the list of exported symbols 514 #474 CI: Isolate coverage task 515 #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04" 516 #477 CI: Cover well-formedness and DocBook/XHTML validity 517 of doc/reference.html and doc/xmlwf.xml 518 519 Special thanks to: 520 Dimitry Andric 521 Eero Helenius 522 Nick Wellnhofer 523 Rhodri James 524 Tomas Korbar 525 Yury Gribov 526 and 527 Clang LeakSan 528 JetBrains 529 OSS-Fuzz 530 531Release 2.3.0 Thu March 25 2021 532 Bug fixes: 533 #438 When calling XML_ParseBuffer without a prior successful call to 534 XML_GetBuffer as a user, no longer trigger undefined behavior 535 (by adding an integer to a NULL pointer) but rather return 536 XML_STATUS_ERROR and set the error code to (new) code 537 XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer) 538 of Clang 11 (but not Clang 9). 539 #444 xmlwf: Exit status 2 was used for both: 540 - malformed input files (documented) and 541 - invalid command-line arguments (undocumented). 542 The case of invalid command-line arguments now 543 has its own exit status 4, resolving the ambiguity. 544 545 Other changes: 546 #439 xmlwf: Add argument -k to allow continuing after 547 non-fatal errors 548 #439 xmlwf: Add section about exit status to the -h help output 549 #422 #426 #447 Windows: Drop support for Visual Studio <=14.0/2015 550 #434 Windows: CMake: Detect unsupported Visual Studio at 551 configure time (rather than at compile time) 552 #382 #428 testrunner: Make verbose mode (argument "-v") report 553 about passed tests, and make default mode report about 554 failures, as well. 555 #442 CMake: Call "enable_language(CXX)" prior to tinkering 556 with CMAKE_CXX_* variables 557 #448 Document use of libexpat from a CMake-based project 558 #451 Autotools: Install CMake files as generated by CMake 3.19.6 559 so that users with "find_package(expat [..] CONFIG [..])" 560 are served on distributions that are *not* using the CMake 561 build system inside for libexpat packaging 562 #436 #437 Autotools: Drop obsolescent macro AC_HEADER_STDC 563 #450 #452 Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER 564 #441 Address compiler warnings 565 #443 Version info bumped from 7:12:6 to 8:0:7 566 due to addition of error code XML_ERROR_NO_BUFFER 567 (see https://verbump.de/ for what these numbers do) 568 569 Infrastructure: 570 #435 #446 Replace Travis CI by GitHub Actions 571 572 Special thanks to: 573 Alexander Richardson 574 Oleksandr Popovych 575 Thomas Beutlich 576 Tim Bray 577 and 578 Clang LeakSan, Clang 11 UBSan and the Clang team 579 580Release 2.2.10 Sat October 3 2020 581 Bug fixes: 582 #390 #395 #398 Fix undefined behavior during parsing caused by 583 pointer arithmetic with NULL pointers 584 #404 #405 Fix reading uninitialized variable during parsing 585 #406 xmlwf: Add missing check for malloc NULL return 586 587 Other changes: 588 #396 Windows: Drop support for Visual Studio <=8.0/2005 589 #409 Windows: Add missing file "Changes" to the installer 590 to fix compilation with CMake from installed sources 591 #403 xmlwf: Document exit codes in xmlwf manpage and 592 exit with code 3 (rather than code 1) for output errors 593 when used with "-d DIRECTORY" 594 #356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0 595 #383 #392 Autotools: Use -Werror while configure tests the compiler 596 for supported compile flags to avoid false positives 597 #383 #393 #394 Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS, 598 e.g. ensure that they have the last word over flags added 599 while running ./configure 600 #360 CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis 601 on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t) 602 #360 CMake: Detect and deny unsupported build combinations 603 involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t) 604 #360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case 605 of -DEXPAT_BUILD_DOCS=OFF 606 #375 #380 #419 CMake: Fix use of Expat by means of add_subdirectory 607 #407 #408 CMake: Keep expat target name constant at "expat" 608 (i.e. refrain from using the target name to control 609 build artifact filenames) 610 #385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for 611 Windows 612 CMake: Expose man page compilation as target "xmlwf-manpage" 613 #413 #414 CMake: Introduce option EXPAT_BUILD_PKGCONFIG 614 to control generation of pkg-config file "expat.pc" 615 #424 CMake: Add minimalistic support for building binary packages 616 with CMake target "package"; based on CPack 617 #366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with 618 default OFF to build fuzzer code against OSS-Fuzz and 619 related environment variable LIB_FUZZING_ENGINE 620 #354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each 621 #354 #355 .. 622 #356 #412 Address compiler warnings 623 #368 #369 Address pngcheck warnings with doc/*.png images 624 #425 Version info bumped from 7:11:6 to 7:12:6 625 626 Special thanks to: 627 asavah 628 Ben Wagner 629 Bhargava Shastry 630 Frank Landgraf 631 Jeffrey Walton 632 Joe Orton 633 Kleber Tarcísio 634 Ma Lin 635 Maciej Sroczyński 636 Mohammed Khajapasha 637 Vadim Zeitlin 638 and 639 Cppcheck 2.0 and the Cppcheck team 640 641Release 2.2.9 Wed September 25 2019 642 Other changes: 643 examples: Drop executable bits from elements.c 644 #349 Windows: Change the name of the Windows DLLs from expat*.dll 645 to libexpat*.dll once more (regression from 2.2.8, first 646 fixed in 1.95.3, issue #61 on SourceForge today, 647 was issue #432456 back then); needs a fix due 648 case-insensitive file systems on Windows and the fact that 649 Perl's XML::Parser::Expat compiles into Expat.dll. 650 #347 Windows: Only define _CRT_RAND_S if not defined 651 Version info bumped from 7:10:6 to 7:11:6 652 653 Special thanks to: 654 Ben Wagner 655 656Release 2.2.8 Fri September 13 2019 657 Security fixes: 658 #317 #318 CVE-2019-15903 -- Fix heap overflow triggered by 659 XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), 660 and deny internal entities closing the doctype; 661 fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43 662 663 Bug fixes: 664 #240 Fix cases where XML_StopParser did not have any effect 665 when called from inside of an end element handler 666 #341 xmlwf: Fix exit code for operation without "-d DIRECTORY"; 667 previously, only "-d DIRECTORY" would give you a proper 668 exit code: 669 # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $? 670 2 671 # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $? 672 0 673 Now both cases return exit code 2. 674 675 Other changes: 676 #299 #302 Windows: Replace LoadLibrary hack to access 677 unofficial API function SystemFunction036 (RtlGenRandom) 678 by using official API function rand_s (needs WinXP+) 679 #325 Windows: Drop support for Visual Studio <=7.1/2003 680 and document supported compilers in README.md 681 #286 Windows: Remove COM code from xmlwf; in case it turns 682 out needed later, there will be a dedicated repository 683 below https://github.com/libexpat/ for that code 684 #322 Windows: Remove explicit MSVC solution and project files. 685 You can generate Visual Studio solution files through 686 CMake, e.g.: cmake -G"Visual Studio 15 2017" . 687 #338 xmlwf: Make "xmlwf -h" help output more friendly 688 #339 examples: Improve elements.c 689 #244 #264 Autotools: Add argument --enable-xml-attr-info 690 #239 #301 Autotools: Add arguments 691 --with-getrandom 692 --without-getrandom 693 --with-sys-getrandom 694 --without-sys-getrandom 695 #312 #343 Autotools: Fix linking issues with "./configure LD=clang" 696 Autotools: Fix "make run-xmltest" for out-of-source builds 697 #329 #336 CMake: Pull all options from Expat <=2.2.7 into namespace 698 prefix EXPAT_ with the exception of DOCBOOK_TO_MAN: 699 - BUILD_doc -> EXPAT_BUILD_DOCS (plural) 700 - BUILD_examples -> EXPAT_BUILD_EXAMPLES 701 - BUILD_shared -> EXPAT_SHARED_LIBS 702 - BUILD_tests -> EXPAT_BUILD_TESTS 703 - BUILD_tools -> EXPAT_BUILD_TOOLS 704 - DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged) 705 - INSTALL -> EXPAT_ENABLE_INSTALL 706 - MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT 707 - USE_libbsd -> EXPAT_WITH_LIBBSD 708 - WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS 709 - XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES 710 - XML_DEV_URANDOM -> EXPAT_DEV_URANDOM 711 - XML_DTD -> EXPAT_DTD 712 - XML_NS -> EXPAT_NS 713 - XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!) 714 - XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!) 715 #244 #264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), 716 default OFF 717 #326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), 718 default OFF 719 #328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), 720 default OFF 721 #239 #277 CMake: Add arguments 722 -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO 723 -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO 724 #326 CMake: Install expat_config.h to include directory 725 #326 CMake: Generate and install configuration files for 726 future find_package(expat [..] CONFIG [..]) 727 CMake: Now produces a summary of applied configuration 728 CMake: Require C++ compiler only when tests are enabled 729 #330 CMake: Fix compilation for 16bit character types, 730 i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON) 731 #265 CMake: Fix linking with MinGW 732 #330 CMake: Add full support for MinGW; to enable, use 733 -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake 734 #330 CMake: Port "make run-xmltest" from GNU Autotools to CMake 735 #316 CMake: Windows: Make binary postfix match MSVC 736 Old: expat[d].lib 737 New: expat[w][d][MD|MT].lib 738 CMake: Migrate files from Windows to Unix line endings 739 #308 CMake: Integrate OSS-Fuzz fuzzers, option 740 -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF 741 #14 Drop an OpenVMS support leftover 742 #235 #268 .. 743 #270 #310 .. 744 #313 #331 #333 Address compiler warnings 745 #282 #283 .. 746 #284 #285 Address cppcheck warnings 747 #294 #295 Address Clang Static Analyzer warnings 748 #24 #293 Mass-apply clang-format 9 (and ensure conformance during CI) 749 Version info bumped from 7:9:6 to 7:10:6 750 751 Special thanks to: 752 David Loffredo 753 Joonun Jang 754 Kishore Kunche 755 Marco Maggi 756 Mitch Phillips 757 Mohammed Khajapasha 758 Rolf Ade 759 xantares 760 Zhongyuan Zhou 761 762Release 2.2.7 Wed June 19 2019 763 Security fixes: 764 #186 #262 CVE-2018-20843 -- Fix extraction of namespace prefixes from 765 XML names; XML names with multiple colons could end up in 766 the wrong namespace, and take a high amount of RAM and CPU 767 resources while processing, opening the door to 768 use for denial-of-service attacks 769 770 Other changes: 771 #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop 772 exporting non-API symbols 773 #227 Autotools: Add --without-examples and --without-tests 774 #228 Autotools: Modernize configure.ac 775 #245 #246 Autotools: Fix check for -fvisibility=hidden for Clang 776 #247 #248 Autotools: Fix compilation for lack of docbook2x-man 777 #236 #258 Autotools: Produce .tar.{gz,lz,xz} release archives 778 #212 CMake: Make libdir of pkgconfig expat.pc support multilib 779 #158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR 780 #219 Remove fallback to bcopy, assume that memmove(3) exists 781 #257 Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD) 782 #243 Windows: Fix syntax of .def module definition files 783 Version info bumped from 7:8:6 to 7:9:6 784 785 Special thanks to: 786 Benjamin Peterson 787 Caolán McNamara 788 Hanno Böck 789 KangLin 790 Kishore Kunche 791 Marco Maggi 792 Rhodri James 793 Sebastian Dröge 794 userwithuid 795 Yury Gribov 796 797Release 2.2.6 Sun August 12 2018 798 Bug fixes: 799 #170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer 800 #204 #205 Fix 2.2.5 regression with suspend-resume while parsing 801 a document like '<root/>' 802 803 Other changes: 804 #165 #168 Autotools: Fix docbook-related configure syntax error 805 #166 Autotools: Avoid grep option `-q` for Solaris 806 #167 Autotools: Support 807 ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation" 808 #159 #167 Autotools: Support DOCBOOK_TO_MAN command which produces 809 xmlwf.1 rather than XMLWF.1; also covers case insensitive 810 file systems 811 #181 Autotools: Drop -rpath option passed to libtool 812 #188 Autotools: Detect and deny SGML docbook2man as ours is XML 813 #188 Autotools/CMake: Support command db2x_docbook2man as well 814 #174 CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF 815 #184 #185 CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF 816 #207 #208 CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T, 817 both defaulting to OFF 818 #175 CMake: Prefer check_symbol_exists over check_function_exists 819 #176 CMake: Create the same pkg-config file as with GNU Autotools 820 #178 #179 CMake: Use GNUInstallDirs module to set proper defaults for 821 install directories 822 #208 CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM 823 #180 Windows: Fix compilation of test suite for Visual Studio 2008 824 #131 #173 #202 Address compiler warnings 825 #187 #190 #200 Fix miscellaneous typos 826 Version info bumped from 7:7:6 to 7:8:6 827 828 Special thanks to: 829 Anton Maklakov 830 Benjamin Peterson 831 Brad King 832 Franek Korta 833 Frank Rast 834 Joe Orton 835 luzpaz 836 Pedro Vicente 837 Rainer Jung 838 Rhodri James 839 Rolf Ade 840 Rolf Eike Beer 841 Thomas Beutlich 842 Tomasz Kłoczko 843 844Release 2.2.5 Tue October 31 2017 845 Bug fixes: 846 #8 If the parser runs out of memory, make sure its internal 847 state reflects the memory it actually has, not the memory 848 it wanted to have. 849 #11 The default handler wasn't being called when it should for 850 a SYSTEM or PUBLIC doctype if an entity declaration handler 851 was registered. 852 #137 #138 Fix a case of mistakenly reported parsing success where 853 XML_StopParser was called from an element handler 854 #162 Function XML_ErrorString was returning NULL rather than 855 a message for code XML_ERROR_INVALID_ARGUMENT 856 introduced with release 2.2.1 857 858 Other changes: 859 #106 xmlwf: Add argument -N adding notation declarations 860 #75 #106 Test suite: Resolve expected failure cases where xmlwf 861 output was incomplete 862 #127 Windows: Fix test suite compilation 863 #126 #127 Windows: Fix compilation for Visual Studio 2012 864 Windows: Upgrade shipped project files to Visual Studio 2017 865 #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T 866 #129 examples: Fix compilation for XML_UNICODE_WCHAR_T 867 #130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T 868 #144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs 869 Windows or MinGW for 2-byte wchar_t 870 #9 Address two Clang Static Analyzer false positives 871 #59 Resolve troublesome macros hiding parser struct membership 872 and dereferencing that pointer 873 #6 Resolve superfluous internal malloc/realloc switch 874 #153 #155 Improve docbook2x-man detection 875 #160 Undefine NDEBUG in the test suite (rather than rejecting it) 876 #161 Address compiler warnings 877 Version info bumped from 7:6:6 to 7:7:6 878 879 Special thanks to: 880 Benbuck Nason 881 Hans Wennborg 882 José Gutiérrez de la Concha 883 Pedro Monreal Gonzalez 884 Rhodri James 885 Rolf Ade 886 Stephen Groat 887 and 888 Core Infrastructure Initiative 889 890Release 2.2.4 Sat August 19 2017 891 Bug fixes: 892 #115 Fix copying of partial characters for UTF-8 input 893 894 Other changes: 895 #109 Fix "make check" for non-x86 architectures that default 896 to unsigned type char (-128..127 rather than 0..255) 897 #109 coverage.sh: Cover -funsigned-char 898 Autotools: Introduce --without-xmlwf argument 899 #65 Autotools: Replace handwritten Makefile with GNU Automake 900 #43 CMake: Auto-detect high quality entropy extractors, add new 901 option USE_libbsd=ON to use arc4random_buf of libbsd 902 #74 CMake: Add -fno-strict-aliasing only where supported 903 #114 CMake: Always honor manually set BUILD_* options 904 #114 CMake: Compile man page if docbook2x-man is available, only 905 #117 Include file tests/xmltest.log.expected in source tarball 906 (required for "make run-xmltest") 907 #117 Include (existing) Visual Studio 2013 files in source tarball 908 Improve test suite error output 909 #111 Fix some typos in documentation 910 Version info bumped from 7:5:6 to 7:6:6 911 912 Special thanks to: 913 Jakub Wilk 914 Joe Orton 915 Lin Tian 916 Rolf Eike Beer 917 918Release 2.2.3 Wed August 2 2017 919 Security fixes: 920 #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability 921 using Steve Holme's LoadLibrary wrapper for/of cURL 922 923 Bug fixes: 924 #85 Fix a dangling pointer issue related to realloc 925 926 Other changes: 927 Increase code coverage 928 #91 Linux: Allow getrandom to fail if nonblocking pool has not 929 yet been initialized and read /dev/urandom then, instead. 930 This is in line with what recent Python does. 931 #81 Pre-10.7/Lion macOS: Support entropy from arc4random 932 #86 Check that a UTF-16 encoding in an XML declaration has the 933 right endianness 934 #4 #5 #7 Recover correctly when some reallocations fail 935 Repair "./configure && make" for systems without any 936 provider of high quality entropy 937 and try reading /dev/urandom on those 938 Ensure that user-defined character encodings have converter 939 functions when they are needed 940 Fix mis-leading description of argument -c in xmlwf.1 941 Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__) 942 for CloudABI 943 #100 Fix use of SIPHASH_MAIN in siphash.h 944 #23 Test suite: Fix memory leaks 945 Version info bumped from 7:4:6 to 7:5:6 946 947 Special thanks to: 948 Chanho Park 949 Joe Orton 950 Pascal Cuoq 951 Rhodri James 952 Simon McVittie 953 Vadim Zeitlin 954 Viktor Szakats 955 and 956 Core Infrastructure Initiative 957 958Release 2.2.2 Wed July 12 2017 959 Security fixes: 960 #43 Protect against compilation without any source of high 961 quality entropy enabled, e.g. with CMake build system; 962 commit ff0207e6076e9828e536b8d9cd45c9c92069b895 963 #60 Windows with _UNICODE: 964 Unintended use of LoadLibraryW with a non-wide string 965 resulted in failure to load advapi32.dll and degradation 966 in quality of used entropy when compiled with _UNICODE for 967 Windows; you can launch existing binaries with 968 EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the 969 quality of entropy used during runtime; commits 970 * 95b95032f907ef1cd17ee7a9a1768010a825d61d 971 * 73a5a2e9c081f49f2d775cf7ced864158b68dc80 972 [MOX-006] Fix non-NULL parser parameter validation in XML_Parse; 973 resulted in NULL dereference, previously; 974 commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe 975 976 Bug fixes: 977 #69 Fix improper use of unsigned long long integer literals 978 979 Other changes: 980 #73 Start requiring a C99 compiler 981 #49 Fix "==" Bashism in configure script 982 #50 Fix too eager getrandom detection for Debian GNU/kFreeBSD 983 #52 and macOS 984 #51 Address lack of stdint.h in Visual Studio 2003 to 2008 985 #58 Address compile warnings 986 #68 Fix "./buildconf.sh && ./configure" for some versions 987 of Dash for /bin/sh 988 #72 CMake: Ease use of Expat in context of a parent project 989 with multiple CMakeLists.txt files 990 #72 CMake: Resolve mistaken executable permissions 991 #76 Address compile warning with -DNDEBUG (not recommended!) 992 #77 Address compile warning about macro redefinition 993 994 Special thanks to: 995 Alexander Bluhm 996 Ben Boeckel 997 Cătălin Răceanu 998 Kerin Millar 999 László Böszörményi 1000 S. P. Zeidler 1001 Segev Finer 1002 Václav Slavík 1003 Victor Stinner 1004 Viktor Szakats 1005 and 1006 Radically Open Security 1007 1008Release 2.2.1 Sat June 17 2017 1009 Security fixes: 1010 CVE-2017-9233 -- External entity infinite loop DoS 1011 Details: https://libexpat.github.io/doc/cve-2017-9233/ 1012 Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f 1013 [MOX-002] CVE-2016-9063 -- Detect integer overflow; commit 1014 d4f735b88d9932bd5039df2335eefdd0723dbe20 1015 (Fixed version of existing downstream patches!) 1016 (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off 1017 longer tag names; commits 1018 * 896b6c1fd3b842f377d1b62135dccf0a579cf65d 1019 * af507cef2c93cb8d40062a0abe43a4f4e9158fb2 1020 #16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd 1021 #25 More integer overflow detection (function poolGrow); commits 1022 * 810b74e4703dcfdd8f404e3cb177d44684775143 1023 * 44178553f3539ce69d34abee77a05e879a7982ac 1024 [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits 1025 * 4be2cb5afcc018d996f34bbbce6374b7befad47f 1026 * 7e5b71b748491b6e459e5c9a1d090820f94544d8 1027 [MOX-005] #30 Use high quality entropy for hash initialization: 1028 * arc4random_buf on BSD, systems with libbsd 1029 (when configured with --with-libbsd), CloudABI 1030 * RtlGenRandom on Windows XP / Server 2003 and later 1031 * getrandom on Linux 3.17+ 1032 In a way, that's still part of CVE-2016-5300. 1033 https://github.com/libexpat/libexpat/pull/30/commits 1034 [MOX-005] For the low quality entropy extraction fallback code, 1035 the parser instance address can no longer leak, commit 1036 04ad658bd3079dd15cb60fc67087900f0ff4b083 1037 [MOX-003] Prevent use of uninitialised variable; commit 1038 [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b 1039 Add missing parameter validation to public API functions 1040 and dedicated error code XML_ERROR_INVALID_ARGUMENT: 1041 [MOX-006] * NULL checks; commits 1042 * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many) 1043 * 9ed727064b675b7180c98cb3d4f75efba6966681 1044 * 6a747c837c50114dfa413994e07c0ba477be4534 1045 * Negative length (XML_Parse); commit 1046 [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f 1047 [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash 1048 to go further with fixing CVE-2012-0876. 1049 https://github.com/libexpat/libexpat/pull/39/commits 1050 1051 Bug fixes: 1052 #32 Fix sharing of hash salt across parsers; 1053 relevant where XML_ExternalEntityParserCreate is called 1054 prior to XML_Parse, in particular (e.g. FBReader) 1055 #28 xmlwf: Auto-disable use of memory-mapping (and parsing 1056 as a single chunk) for files larger than ~1 GB (2^30 bytes) 1057 rather than failing with error "out of memory" 1058 #3 Fix double free after malloc failure in DTD code; commit 1059 7ae9c3d3af433cd4defe95234eae7dc8ed15637f 1060 #17 Fix memory leak on parser error for unbound XML attribute 1061 prefix with new namespaces defined in the same tag; 1062 found by Google's OSS-Fuzz; commits 1063 * 16f87daae5a16132e479e4f71862128c7a915c73 1064 * b47dbc9745932c160893d433220e462bd605f8cd 1065 xmlwf on Windows: Add missing calls to CloseHandle 1066 1067 New features: 1068 #30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1 1069 for runtime debugging of entropy extraction 1070 1071 Other changes: 1072 Increase code coverage 1073 #33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2; 1074 XML_UNICODE_WCHAR_T was never meant to be used outside 1075 of Windows; 4-byte wchar_t is common on Linux 1076 (SF.net) #538 Start using -fno-strict-aliasing 1077 (SF.net) #540 Support compilation against cloudlibc of CloudABI 1078 Allow MinGW cross-compilation 1079 (SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default) 1080 to bypass compilation of the xmlwf.1 man page 1081 (SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default) 1082 to bypass installation of expat files 1083 CMake: Fix ninja support 1084 Autotools: Add parameters --enable-xml-context [COUNT] 1085 and --disable-xml-context; default of context of 1024 1086 bytes enabled unchanged 1087 #14 Drop AmigaOS 4.x code and includes 1088 #14 Drop ancient build systems: 1089 * Borland C++ Builder 1090 * OpenVMS 1091 * Open Watcom 1092 * Visual Studio 6.0 1093 * Pre-X Mac OS (MPW Makefile) 1094 If you happen to rely on some of these, please get in 1095 touch for joining with maintenance. 1096 #10 Move from WIN32 to _WIN32 1097 #13 Fix "make run-xmltest" order instability 1098 Address compile warnings 1099 Bump version info from 7:2:6 to 7:3:6 1100 Add AUTHORS file 1101 1102 Infrastructure: 1103 #1 Migrate from SourceForge to GitHub (except downloads): 1104 https://github.com/libexpat/ 1105 #1 Re-create http://libexpat.org/ project website 1106 Start utilizing Travis CI 1107 1108 Special thanks to: 1109 Andy Wang 1110 Don Lewis 1111 Ed Schouten 1112 Karl Waclawek 1113 Pascal Cuoq 1114 Rhodri James 1115 Sergei Nikulov 1116 Tobias Taschner 1117 Viktor Szakats 1118 and 1119 Core Infrastructure Initiative 1120 Mozilla Foundation (MOSS Track 3: Secure Open Source) 1121 Radically Open Security 1122 1123Release 2.2.0 Tue June 21 2016 1124 Security fixes: 1125 #537 CVE-2016-0718 -- Fix crash on malformed input 1126 CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / 1127 CVE-2015-2716 introduced with Expat 2.1.1 1128 #499 CVE-2016-5300 -- Use more entropy for hash initialization 1129 than the original fix to CVE-2012-0876 1130 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand 1131 that was introduced with Expat 2.1.0 1132 when addressing CVE-2012-0876 (issue #496) 1133 1134 Bug fixes: 1135 Fix uninitialized reads of size 1 1136 (e.g. in little2_updatePosition) 1137 Fix detection of UTF-8 character boundaries 1138 1139 Other changes: 1140 #532 Fix compilation for Visual Studio 2010 (keyword "C99") 1141 Autotools: Resolve use of "$<" to better support bmake 1142 Autotools: Add QA script "qa.sh" (and make target "qa") 1143 Autotools: Respect CXXFLAGS if given 1144 Autotools: Fix "make run-xmltest" 1145 Autotools: Have "make run-xmltest" check for expected output 1146 p90 CMake: Fix static build (BUILD_shared=OFF) on Windows 1147 #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass 1148 #323 CMake: Add suffix "d" to differentiate debug from release 1149 CMake: Define WIN32 with CMake on Windows 1150 Annotate memory allocators for GCC 1151 Address all currently known compile warnings 1152 Make sure that API symbols remain visible despite 1153 -fvisibility=hidden 1154 Remove executable flag from source files 1155 Resolve COMPILED_FROM_DSP in favor of WIN32 1156 1157 Special thanks to: 1158 Björn Lindahl 1159 Christian Heimes 1160 Cristian Rodríguez 1161 Daniel Krügler 1162 Gustavo Grieco 1163 Karl Waclawek 1164 László Böszörményi 1165 Marco Grassi 1166 Pascal Cuoq 1167 Sergei Nikulov 1168 Thomas Beutlich 1169 Warren Young 1170 Yann Droneaud 1171 1172Release 2.1.1 Sat March 12 2016 1173 Security fixes: 1174 #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer 1175 1176 Bug fixes: 1177 #502: Fix potential null pointer dereference 1178 #520: Symbol XML_SetHashSalt was not exported 1179 Output of "xmlwf -h" was incomplete 1180 1181 Other changes: 1182 #503: Document behavior of calling XML_SetHashSalt with salt 0 1183 Minor improvements to man page xmlwf(1) 1184 Improvements to the experimental CMake build system 1185 libtool now invoked with --verbose 1186 1187Release 2.1.0 Sat March 24 2012 1188 - Security fixes: 1189 #2958794: CVE-2012-1148 - Memory leak in poolGrow. 1190 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. 1191 #3496608: CVE-2012-0876 - Hash DOS attack. 1192 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). 1193 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. 1194 - Bug Fixes: 1195 #1742315: Harmful XML_ParserCreateNS suggestion. 1196 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. 1197 #1983953, 2517952, 2517962, 2649838: 1198 Build modifications using autoreconf instead of buildconf.sh. 1199 #2815947, #2884086: OBJEXT and EXEEXT support while building. 1200 #2517938: xmlwf should return non-zero exit status if not well-formed. 1201 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. 1202 #2855609: Dangling positionPtr after error. 1203 #2990652: CMake support. 1204 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. 1205 #3206497: Uninitialized memory returned from XML_Parse. 1206 #3287849: make check fails on mingw-w64. 1207 - Patches: 1208 #1749198: pkg-config support. 1209 #3010222: Fix for bug #3010819. 1210 #3312568: CMake support. 1211 #3446384: Report byte offsets for attr names and values. 1212 - New Features / API changes: 1213 Added new API member XML_SetHashSalt() that allows setting an initial 1214 value (salt) for hash calculations. This is part of the fix for 1215 bug #3496608 to randomize hash parameters. 1216 When compiled with XML_ATTR_INFO defined, adds new API member 1217 XML_GetAttributeInfo() that allows retrieving the byte 1218 offsets for attribute names and values (patch #3446384). 1219 Added CMake build system. 1220 See bug #2990652 and patch #3312568. 1221 Added run-benchmark target to Makefile.in - relies on testdata module 1222 present in the same relative location as in the repository. 1223 1224Release 2.0.1 Tue June 5 2007 1225 - Fixed bugs #1515266, #1515600: The character data handler's calling 1226 of XML_StopParser() was not handled properly; if the parser was 1227 stopped and the handler set to NULL, the parser would segfault. 1228 - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed 1229 some character constants to be ASCII encoded. 1230 - Minor cleanups of the test harness. 1231 - Fixed xmlwf bug #1513566: "out of memory" error on file size zero. 1232 - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call. 1233 - Fixes and improvements for Windows platform: 1234 bugs #1409451, #1476160, #1548182, #1602769, #1717322. 1235 - Build fixes for various platforms: 1236 HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180. 1237 All Unix: #1554618 (refreshed config.sub/config.guess). 1238 #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT, 1239 without relying on GNU-Make specific features. 1240 #1647805: Patched configure.in to work better with Intel compiler. 1241 - Fixes to Makefile.in to have make check work correctly: 1242 bugs #1408143, #1535603, #1536684. 1243 - Added Open Watcom support: patch #1523242. 1244 1245Release 2.0.0 Wed Jan 11 2006 1246 - We no longer use the "check" library for C unit testing; we 1247 always use the (partial) internal implementation of the API. 1248 - Report XML_NS setting via XML_GetFeatureList(). 1249 - Fixed headers for use from C++. 1250 - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber() 1251 now return unsigned integers. 1252 - Added XML_LARGE_SIZE switch to enable 64-bit integers for 1253 byte indexes and line/column numbers. 1254 - Updated to use libtool 1.5.22 (the most recent). 1255 - Added support for AmigaOS. 1256 - Some mostly minor bug fixes. SF issues include: #1006708, 1257 #1021776, #1023646, #1114960, #1156398, #1221160, #1271642. 1258 1259Release 1.95.8 Fri Jul 23 2004 1260 - Major new feature: suspend/resume. Handlers can now request 1261 that a parse be suspended for later resumption or aborted 1262 altogether. See "Temporarily Stopping Parsing" in the 1263 documentation for more details. 1264 - Some mostly minor bug fixes, but compilation should no 1265 longer generate warnings on most platforms. SF issues 1266 include: #827319, #840173, #846309, #888329, #896188, #923913, 1267 #928113, #961698, #985192. 1268 1269Release 1.95.7 Mon Oct 20 2003 1270 - Fixed enum XML_Status issue (reported on SourceForge many 1271 times), so compilers that are properly picky will be happy. 1272 - Introduced an XMLCALL macro to control the calling 1273 convention used by the Expat API; this macro should be used 1274 to annotate prototypes and definitions of callback 1275 implementations in code compiled with a calling convention 1276 other than the default convention for the host platform. 1277 - Improved ability to build without the configure-generated 1278 expat_config.h header. This is useful for applications 1279 which embed Expat rather than linking in the library. 1280 - Fixed a variety of bugs: see SF issues #458907, #609603, 1281 #676844, #679754, #692878, #692964, #695401, #699323, #699487, 1282 #820946. 1283 - Improved hash table lookups. 1284 - Added more regression tests and improved documentation. 1285 1286Release 1.95.6 Tue Jan 28 2003 1287 - Added XML_FreeContentModel(). 1288 - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree(). 1289 - Fixed a variety of bugs: see SF issues #615606, #616863, 1290 #618199, #653180, #673791. 1291 - Enhanced the regression test suite. 1292 - Man page improvements: includes SF issue #632146. 1293 1294Release 1.95.5 Fri Sep 6 2002 1295 - Added XML_UseForeignDTD() for improved SAX2 support. 1296 - Added XML_GetFeatureList(). 1297 - Defined XML_Bool type and the values XML_TRUE and XML_FALSE. 1298 - Use an incomplete struct instead of a void* for the parser 1299 (may not retain). 1300 - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected. 1301 - Finally fixed bug where default handler would report DTD 1302 events that were already handled by another handler. 1303 Initial patch contributed by Darryl Miles. 1304 - Removed unnecessary DllMain() function that caused static 1305 linking into a DLL to be difficult. 1306 - Added VC++ projects for building static libraries. 1307 - Reduced line-length for all source code and headers to be 1308 no longer than 80 characters, to help with AS/400 support. 1309 - Reduced memory copying during parsing (SF patch #600964). 1310 - Fixed a variety of bugs: see SF issues #580793, #434664, 1311 #483514, #580503, #581069, #584041, #584183, #584832, #585537, 1312 #596555, #596678, #598352, #598944, #599715, #600479, #600971. 1313 1314Release 1.95.4 Fri Jul 12 2002 1315 - Added support for VMS, contributed by Craig Berry. See 1316 vms/README.vms for more information. 1317 - Added Mac OS (classic) support, with a makefile for MPW, 1318 contributed by Thomas Wegner and Daryle Walker. 1319 - Added Borland C++ Builder 5 / BCC 5.5 support, contributed 1320 by Patrick McConnell (SF patch #538032). 1321 - Fixed a variety of bugs: see SF issues #441449, #563184, 1322 #564342, #566334, #566901, #569461, #570263, #575168, #579196. 1323 - Made skippedEntityHandler conform to SAX2 (see source comment) 1324 - Re-implemented WFC: Entity Declared from XML 1.0 spec and 1325 added a new error "entity declared in parameter entity": 1326 see SF bug report #569461 and SF patch #578161 1327 - Re-implemented section 5.1 from XML 1.0 spec: 1328 see SF bug report #570263 and SF patch #578161 1329 1330Release 1.95.3 Mon Jun 3 2002 1331 - Added a project to the MSVC workspace to create a wchar_t 1332 version of the library; the DLLs are named libexpatw.dll. 1333 - Changed the name of the Windows DLLs from expat.dll to 1334 libexpat.dll; this fixes SF bug #432456. 1335 - Added the XML_ParserReset() API function. 1336 - Fixed XML_SetReturnNSTriplet() to work for element names. 1337 - Made the XML_UNICODE builds usable (thanks, Karl!). 1338 - Allow xmlwf to read from standard input. 1339 - Install a man page for xmlwf on Unix systems. 1340 - Fixed many bugs; see SF bug reports #231864, #461380, #464837, 1341 #466885, #469226, #477667, #484419, #487840, #494749, #496505, 1342 #547350. Other bugs which we can't test as easily may also 1343 have been fixed, especially in the area of build support. 1344 1345Release 1.95.2 Fri Jul 27 2001 1346 - More changes to make MSVC happy with the build; add a single 1347 workspace to support both the library and xmlwf application. 1348 - Added a Windows installer for Windows users; includes 1349 xmlwf.exe. 1350 - Added compile-time constants that can be used to determine the 1351 Expat version 1352 - Removed a lot of GNU-specific dependencies to aide portability 1353 among the various Unix flavors. 1354 - Fix the UTF-8 BOM bug. 1355 - Cleaned up warning messages for several compilers. 1356 - Added the -Wall, -Wstrict-prototypes options for GCC. 1357 1358Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000 1359 - Changes to get expat to build under Microsoft compiler 1360 - Removed all aborts and instead return an UNEXPECTED_STATE error. 1361 - Fixed a bug where a stray '%' in an entity value would cause an 1362 abort. 1363 - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for 1364 finding this oversight. 1365 - Changed default patterns in lib/Makefile.in to fit non-GNU makes 1366 Thanks to robin@unrated.net for reporting and providing an 1367 account to test on. 1368 - The reference had the wrong label for XML_SetStartNamespaceDecl. 1369 Reported by an anonymous user. 1370 1371Release 1.95.0 Fri Sep 29 2000 1372 - XML_ParserCreate_MM 1373 Allows you to set a memory management suite to replace the 1374 standard malloc,realloc, and free. 1375 - XML_SetReturnNSTriplet 1376 If you turn this feature on when namespace processing is in 1377 effect, then qualified, prefixed element and attribute names 1378 are returned as "uri|name|prefix" where '|' is whatever 1379 separator character is used in namespace processing. 1380 - Merged in features from perl-expat 1381 o XML_SetElementDeclHandler 1382 o XML_SetAttlistDeclHandler 1383 o XML_SetXmlDeclHandler 1384 o XML_SetEntityDeclHandler 1385 o StartDoctypeDeclHandler takes 3 additional parameters: 1386 sysid, pubid, has_internal_subset 1387 o Many paired handler setters (like XML_SetElementHandler) 1388 now have corresponding individual handler setters 1389 o XML_GetInputContext for getting the input context of 1390 the current parse position. 1391 - Added reference material 1392 - Packaged into a distribution that builds a sharable library 1393