1NOTE: We are looking for help with a few things: 2 https://github.com/libexpat/libexpat/labels/help%20wanted 3 If you can help, please get in touch. Thanks! 4 5Release 2.4.9 Thur Oct 27 2022 6 Security fixes: 7 #616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager 8 destruction of a shared DTD in function 9 XML_ExternalEntityParserCreate in out-of-memory situations 10 11Release 2.4.9 Wed Sep 14 2022 12 Security fixes: 13 #629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in 14 function doContent. Expected impact is denial of service 15 or potentially arbitrary code execution. 16 17Release 2.4.1 Sun May 23 2021 18 Bug fixes: 19 #488 #490 Autotools: Fix installed header expat_config.h for multilib 20 systems; regression introduced in 2.4.0 by pull request #486 21 22 Other changes: 23 #491 #492 Version info bumped from 9:0:8 to 9:1:8; 24 see https://verbump.de/ for what these numbers do 25 26 Special thanks to: 27 Gentoo's QA check "multilib_check_headers" 28 29Release 2.4.0 Sun May 23 2021 30 Security fixes: 31 #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks 32 (denial-of-service; flavors targeting CPU time or RAM or both, 33 leveraging general entities or parameter entities or both) 34 by tracking and limiting the input amplification factor 35 (<amplification> := (<direct> + <indirect>) / <direct>). 36 By conservative default, amplification up to a factor of 100.0 37 is tolerated and rejection only starts after 8 MiB of output bytes 38 (=<direct> + <indirect>) have been processed. 39 The fix adds the following to the API: 40 - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to 41 signals this specific condition. 42 - Two new API functions .. 43 - XML_SetBillionLaughsAttackProtectionMaximumAmplification and 44 - XML_SetBillionLaughsAttackProtectionActivationThreshold 45 .. to further tighten billion laughs protection parameters 46 when desired. Please see file "doc/reference.html" for details. 47 If you ever need to increase the defaults for non-attack XML 48 payload, please file a bug report with libexpat. 49 - Two new XML_FEATURE_* constants .. 50 - that can be queried using the XML_GetFeatureList function, and 51 - that are shown in "xmlwf -v" output. 52 - Two new environment variable switches .. 53 - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and 54 - EXPAT_ENTITY_DEBUG=(0|1) 55 .. for runtime debugging of accounting and entity processing. 56 Specific behavior of these values may change in the future. 57 - Two new command line arguments "-a FACTOR" and "-b BYTES" 58 for xmlwf to further tighten billion laughs protection 59 parameters when desired. 60 If you ever need to increase the defaults for non-attack XML 61 payload, please file a bug report with libexpat. 62 63 Bug fixes: 64 #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) 65 or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault 66 for UTF-16 payloads containing CDATA sections. 67 #485 #486 Autotools: Fix generated CMake files for non-64bit and 68 non-Linux platforms (e.g. macOS and MinGW in particular) 69 that were introduced with release 2.3.0 70 71 Other changes: 72 #468 #469 xmlwf: Improve help output and the xmlwf man page 73 #463 xmlwf: Improve maintainability through some refactoring 74 #477 xmlwf: Fix man page DocBook validity 75 #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR 76 and CMAKE_INSTALL_INCLUDEDIR 77 #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS 78 #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters 79 #467 Resolve macro HAVE_EXPAT_CONFIG_H 80 #472 Delete unused legacy helper file "conftools/PrintPath" 81 #473 #483 Improve attribution 82 #464 #465 #477 doc/reference.html: Fix XHTML validity 83 #475 #478 doc/reference.html: Replace the 90s look by OK.css 84 #479 Version info bumped from 8:0:7 to 9:0:8 85 due to addition of new symbols and error codes; 86 see https://verbump.de/ for what these numbers do 87 88 Infrastructure: 89 #456 CI: Enable periodic runs 90 #457 CI: Start covering the list of exported symbols 91 #474 CI: Isolate coverage task 92 #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04" 93 #477 CI: Cover well-formedness and DocBook/XHTML validity 94 of doc/reference.html and doc/xmlwf.xml 95 96 Special thanks to: 97 Dimitry Andric 98 Felix Wilhelm 99 Eero Helenius 100 Rhodri James 101 Nick Wellnhofer 102 Rhodri James 103 Tomas Korbar 104 Yury Gribov 105 Google Project Zero 106 and 107 Clang LeakSan 108 JetBrains 109 OSS-Fuzz 110 111Release 2.3.0 Thu March 25 2021 112 Bug fixes: 113 #438 When calling XML_ParseBuffer without a prior successful call to 114 XML_GetBuffer as a user, no longer trigger undefined behavior 115 (by adding an integer to a NULL pointer) but rather return 116 XML_STATUS_ERROR and set the error code to (new) code 117 XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer) 118 of Clang 11 (but not Clang 9). 119 #444 xmlwf: Exit status 2 was used for both: 120 - malformed input files (documented) and 121 - invalid command-line arguments (undocumented). 122 The case of invalid command-line arguments now 123 has its own exit status 4, resolving the ambiguity. 124 125 Other changes: 126 #439 xmlwf: Add argument -k to allow continuing after 127 non-fatal errors 128 #439 xmlwf: Add section about exit status to the -h help output 129 #422 #426 #447 Windows: Drop support for Visual Studio <=14.0/2015 130 #434 Windows: CMake: Detect unsupported Visual Studio at 131 configure time (rather than at compile time) 132 #382 #428 testrunner: Make verbose mode (argument "-v") report 133 about passed tests, and make default mode report about 134 failures, as well. 135 #442 CMake: Call "enable_language(CXX)" prior to tinkering 136 with CMAKE_CXX_* variables 137 #448 Document use of libexpat from a CMake-based project 138 #451 Autotools: Install CMake files as generated by CMake 3.19.6 139 so that users with "find_package(expat [..] CONFIG [..])" 140 are served on distributions that are *not* using the CMake 141 build system inside for libexpat packaging 142 #436 #437 Autotools: Drop obsolescent macro AC_HEADER_STDC 143 #450 #452 Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER 144 #441 Address compiler warnings 145 #443 Version info bumped from 7:12:6 to 8:0:7 146 due to addition of error code XML_ERROR_NO_BUFFER 147 (see https://verbump.de/ for what these numbers do) 148 149 Infrastructure: 150 #435 #446 Replace Travis CI by GitHub Actions 151 152 Special thanks to: 153 Alexander Richardson 154 Oleksandr Popovych 155 Thomas Beutlich 156 Tim Bray 157 and 158 Clang LeakSan, Clang 11 UBSan and the Clang team 159 160Release 2.2.10 Sat October 3 2020 161 Bug fixes: 162 #390 #395 #398 Fix undefined behavior during parsing caused by 163 pointer arithmetic with NULL pointers 164 #404 #405 Fix reading uninitialized variable during parsing 165 #406 xmlwf: Add missing check for malloc NULL return 166 167 Other changes: 168 #396 Windows: Drop support for Visual Studio <=8.0/2005 169 #409 Windows: Add missing file "Changes" to the installer 170 to fix compilation with CMake from installed sources 171 #403 xmlwf: Document exit codes in xmlwf manpage and 172 exit with code 3 (rather than code 1) for output errors 173 when used with "-d DIRECTORY" 174 #356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0 175 #383 #392 Autotools: Use -Werror while configure tests the compiler 176 for supported compile flags to avoid false positives 177 #383 #393 #394 Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS, 178 e.g. ensure that they have the last word over flags added 179 while running ./configure 180 #360 CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis 181 on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t) 182 #360 CMake: Detect and deny unsupported build combinations 183 involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t) 184 #360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case 185 of -DEXPAT_BUILD_DOCS=OFF 186 #375 #380 #419 CMake: Fix use of Expat by means of add_subdirectory 187 #407 #408 CMake: Keep expat target name constant at "expat" 188 (i.e. refrain from using the target name to control 189 build artifact filenames) 190 #385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for 191 Windows 192 CMake: Expose man page compilation as target "xmlwf-manpage" 193 #413 #414 CMake: Introduce option EXPAT_BUILD_PKGCONFIG 194 to control generation of pkg-config file "expat.pc" 195 #424 CMake: Add minimalistic support for building binary packages 196 with CMake target "package"; based on CPack 197 #366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with 198 default OFF to build fuzzer code against OSS-Fuzz and 199 related environment variable LIB_FUZZING_ENGINE 200 #354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each 201 #354 #355 .. 202 #356 #412 Address compiler warnings 203 #368 #369 Address pngcheck warnings with doc/*.png images 204 #425 Version info bumped from 7:11:6 to 7:12:6 205 206 Special thanks to: 207 asavah 208 Ben Wagner 209 Bhargava Shastry 210 Frank Landgraf 211 Jeffrey Walton 212 Joe Orton 213 Kleber Tarcísio 214 Ma Lin 215 Maciej Sroczyński 216 Mohammed Khajapasha 217 Vadim Zeitlin 218 and 219 Cppcheck 2.0 and the Cppcheck team 220 221Release 2.2.9 Wed September 25 2019 222 Other changes: 223 examples: Drop executable bits from elements.c 224 #349 Windows: Change the name of the Windows DLLs from expat*.dll 225 to libexpat*.dll once more (regression from 2.2.8, first 226 fixed in 1.95.3, issue #61 on SourceForge today, 227 was issue #432456 back then); needs a fix due 228 case-insensitive file systems on Windows and the fact that 229 Perl's XML::Parser::Expat compiles into Expat.dll. 230 #347 Windows: Only define _CRT_RAND_S if not defined 231 Version info bumped from 7:10:6 to 7:11:6 232 233 Special thanks to: 234 Ben Wagner 235 236Release 2.2.8 Fri September 13 2019 237 Security fixes: 238 #317 #318 CVE-2019-15903 -- Fix heap overflow triggered by 239 XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), 240 and deny internal entities closing the doctype; 241 fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43 242 243 Bug fixes: 244 #240 Fix cases where XML_StopParser did not have any effect 245 when called from inside of an end element handler 246 #341 xmlwf: Fix exit code for operation without "-d DIRECTORY"; 247 previously, only "-d DIRECTORY" would give you a proper 248 exit code: 249 # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $? 250 2 251 # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $? 252 0 253 Now both cases return exit code 2. 254 255 Other changes: 256 #299 #302 Windows: Replace LoadLibrary hack to access 257 unofficial API function SystemFunction036 (RtlGenRandom) 258 by using official API function rand_s (needs WinXP+) 259 #325 Windows: Drop support for Visual Studio <=7.1/2003 260 and document supported compilers in README.md 261 #286 Windows: Remove COM code from xmlwf; in case it turns 262 out needed later, there will be a dedicated repository 263 below https://github.com/libexpat/ for that code 264 #322 Windows: Remove explicit MSVC solution and project files. 265 You can generate Visual Studio solution files through 266 CMake, e.g.: cmake -G"Visual Studio 15 2017" . 267 #338 xmlwf: Make "xmlwf -h" help output more friendly 268 #339 examples: Improve elements.c 269 #244 #264 Autotools: Add argument --enable-xml-attr-info 270 #239 #301 Autotools: Add arguments 271 --with-getrandom 272 --without-getrandom 273 --with-sys-getrandom 274 --without-sys-getrandom 275 #312 #343 Autotools: Fix linking issues with "./configure LD=clang" 276 Autotools: Fix "make run-xmltest" for out-of-source builds 277 #329 #336 CMake: Pull all options from Expat <=2.2.7 into namespace 278 prefix EXPAT_ with the exception of DOCBOOK_TO_MAN: 279 - BUILD_doc -> EXPAT_BUILD_DOCS (plural) 280 - BUILD_examples -> EXPAT_BUILD_EXAMPLES 281 - BUILD_shared -> EXPAT_SHARED_LIBS 282 - BUILD_tests -> EXPAT_BUILD_TESTS 283 - BUILD_tools -> EXPAT_BUILD_TOOLS 284 - DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged) 285 - INSTALL -> EXPAT_ENABLE_INSTALL 286 - MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT 287 - USE_libbsd -> EXPAT_WITH_LIBBSD 288 - WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS 289 - XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES 290 - XML_DEV_URANDOM -> EXPAT_DEV_URANDOM 291 - XML_DTD -> EXPAT_DTD 292 - XML_NS -> EXPAT_NS 293 - XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!) 294 - XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!) 295 #244 #264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), 296 default OFF 297 #326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), 298 default OFF 299 #328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), 300 default OFF 301 #239 #277 CMake: Add arguments 302 -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO 303 -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO 304 #326 CMake: Install expat_config.h to include directory 305 #326 CMake: Generate and install configuration files for 306 future find_package(expat [..] CONFIG [..]) 307 CMake: Now produces a summary of applied configuration 308 CMake: Require C++ compiler only when tests are enabled 309 #330 CMake: Fix compilation for 16bit character types, 310 i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON) 311 #265 CMake: Fix linking with MinGW 312 #330 CMake: Add full support for MinGW; to enable, use 313 -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake 314 #330 CMake: Port "make run-xmltest" from GNU Autotools to CMake 315 #316 CMake: Windows: Make binary postfix match MSVC 316 Old: expat[d].lib 317 New: expat[w][d][MD|MT].lib 318 CMake: Migrate files from Windows to Unix line endings 319 #308 CMake: Integrate OSS-Fuzz fuzzers, option 320 -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF 321 #14 Drop an OpenVMS support leftover 322 #235 #268 .. 323 #270 #310 .. 324 #313 #331 #333 Address compiler warnings 325 #282 #283 .. 326 #284 #285 Address cppcheck warnings 327 #294 #295 Address Clang Static Analyzer warnings 328 #24 #293 Mass-apply clang-format 9 (and ensure conformance during CI) 329 Version info bumped from 7:9:6 to 7:10:6 330 331 Special thanks to: 332 David Loffredo 333 Joonun Jang 334 Kishore Kunche 335 Marco Maggi 336 Mitch Phillips 337 Mohammed Khajapasha 338 Rolf Ade 339 xantares 340 Zhongyuan Zhou 341 342Release 2.2.7 Wed June 19 2019 343 Security fixes: 344 #186 #262 CVE-2018-20843 -- Fix extraction of namespace prefixes from 345 XML names; XML names with multiple colons could end up in 346 the wrong namespace, and take a high amount of RAM and CPU 347 resources while processing, opening the door to 348 use for denial-of-service attacks 349 350 Other changes: 351 #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop 352 exporting non-API symbols 353 #227 Autotools: Add --without-examples and --without-tests 354 #228 Autotools: Modernize configure.ac 355 #245 #246 Autotools: Fix check for -fvisibility=hidden for Clang 356 #247 #248 Autotools: Fix compilation for lack of docbook2x-man 357 #236 #258 Autotools: Produce .tar.{gz,lz,xz} release archives 358 #212 CMake: Make libdir of pkgconfig expat.pc support multilib 359 #158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR 360 #219 Remove fallback to bcopy, assume that memmove(3) exists 361 #257 Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD) 362 #243 Windows: Fix syntax of .def module definition files 363 Version info bumped from 7:8:6 to 7:9:6 364 365 Special thanks to: 366 Benjamin Peterson 367 Caolán McNamara 368 Hanno Böck 369 KangLin 370 Kishore Kunche 371 Marco Maggi 372 Rhodri James 373 Sebastian Dröge 374 userwithuid 375 Yury Gribov 376 377Release 2.2.6 Sun August 12 2018 378 Bug fixes: 379 #170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer 380 #204 #205 Fix 2.2.5 regression with suspend-resume while parsing 381 a document like '<root/>' 382 383 Other changes: 384 #165 #168 Autotools: Fix docbook-related configure syntax error 385 #166 Autotools: Avoid grep option `-q` for Solaris 386 #167 Autotools: Support 387 ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation" 388 #159 #167 Autotools: Support DOCBOOK_TO_MAN command which produces 389 xmlwf.1 rather than XMLWF.1; also covers case insensitive 390 file systems 391 #181 Autotools: Drop -rpath option passed to libtool 392 #188 Autotools: Detect and deny SGML docbook2man as ours is XML 393 #188 Autotools/CMake: Support command db2x_docbook2man as well 394 #174 CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF 395 #184 #185 CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF 396 #207 #208 CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T, 397 both defaulting to OFF 398 #175 CMake: Prefer check_symbol_exists over check_function_exists 399 #176 CMake: Create the same pkg-config file as with GNU Autotools 400 #178 #179 CMake: Use GNUInstallDirs module to set proper defaults for 401 install directories 402 #208 CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM 403 #180 Windows: Fix compilation of test suite for Visual Studio 2008 404 #131 #173 #202 Address compiler warnings 405 #187 #190 #200 Fix miscellaneous typos 406 Version info bumped from 7:7:6 to 7:8:6 407 408 Special thanks to: 409 Anton Maklakov 410 Benjamin Peterson 411 Brad King 412 Franek Korta 413 Frank Rast 414 Joe Orton 415 luzpaz 416 Pedro Vicente 417 Rainer Jung 418 Rhodri James 419 Rolf Ade 420 Rolf Eike Beer 421 Thomas Beutlich 422 Tomasz Kłoczko 423 424Release 2.2.5 Tue October 31 2017 425 Bug fixes: 426 #8 If the parser runs out of memory, make sure its internal 427 state reflects the memory it actually has, not the memory 428 it wanted to have. 429 #11 The default handler wasn't being called when it should for 430 a SYSTEM or PUBLIC doctype if an entity declaration handler 431 was registered. 432 #137 #138 Fix a case of mistakenly reported parsing success where 433 XML_StopParser was called from an element handler 434 #162 Function XML_ErrorString was returning NULL rather than 435 a message for code XML_ERROR_INVALID_ARGUMENT 436 introduced with release 2.2.1 437 438 Other changes: 439 #106 xmlwf: Add argument -N adding notation declarations 440 #75 #106 Test suite: Resolve expected failure cases where xmlwf 441 output was incomplete 442 #127 Windows: Fix test suite compilation 443 #126 #127 Windows: Fix compilation for Visual Studio 2012 444 Windows: Upgrade shipped project files to Visual Studio 2017 445 #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T 446 #129 examples: Fix compilation for XML_UNICODE_WCHAR_T 447 #130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T 448 #144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs 449 Windows or MinGW for 2-byte wchar_t 450 #9 Address two Clang Static Analyzer false positives 451 #59 Resolve troublesome macros hiding parser struct membership 452 and dereferencing that pointer 453 #6 Resolve superfluous internal malloc/realloc switch 454 #153 #155 Improve docbook2x-man detection 455 #160 Undefine NDEBUG in the test suite (rather than rejecting it) 456 #161 Address compiler warnings 457 Version info bumped from 7:6:6 to 7:7:6 458 459 Special thanks to: 460 Benbuck Nason 461 Hans Wennborg 462 José Gutiérrez de la Concha 463 Pedro Monreal Gonzalez 464 Rhodri James 465 Rolf Ade 466 Stephen Groat 467 and 468 Core Infrastructure Initiative 469 470Release 2.2.4 Sat August 19 2017 471 Bug fixes: 472 #115 Fix copying of partial characters for UTF-8 input 473 474 Other changes: 475 #109 Fix "make check" for non-x86 architectures that default 476 to unsigned type char (-128..127 rather than 0..255) 477 #109 coverage.sh: Cover -funsigned-char 478 Autotools: Introduce --without-xmlwf argument 479 #65 Autotools: Replace handwritten Makefile with GNU Automake 480 #43 CMake: Auto-detect high quality entropy extractors, add new 481 option USE_libbsd=ON to use arc4random_buf of libbsd 482 #74 CMake: Add -fno-strict-aliasing only where supported 483 #114 CMake: Always honor manually set BUILD_* options 484 #114 CMake: Compile man page if docbook2x-man is available, only 485 #117 Include file tests/xmltest.log.expected in source tarball 486 (required for "make run-xmltest") 487 #117 Include (existing) Visual Studio 2013 files in source tarball 488 Improve test suite error output 489 #111 Fix some typos in documentation 490 Version info bumped from 7:5:6 to 7:6:6 491 492 Special thanks to: 493 Jakub Wilk 494 Joe Orton 495 Lin Tian 496 Rolf Eike Beer 497 498Release 2.2.3 Wed August 2 2017 499 Security fixes: 500 #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability 501 using Steve Holme's LoadLibrary wrapper for/of cURL 502 503 Bug fixes: 504 #85 Fix a dangling pointer issue related to realloc 505 506 Other changes: 507 Increase code coverage 508 #91 Linux: Allow getrandom to fail if nonblocking pool has not 509 yet been initialized and read /dev/urandom then, instead. 510 This is in line with what recent Python does. 511 #81 Pre-10.7/Lion macOS: Support entropy from arc4random 512 #86 Check that a UTF-16 encoding in an XML declaration has the 513 right endianness 514 #4 #5 #7 Recover correctly when some reallocations fail 515 Repair "./configure && make" for systems without any 516 provider of high quality entropy 517 and try reading /dev/urandom on those 518 Ensure that user-defined character encodings have converter 519 functions when they are needed 520 Fix mis-leading description of argument -c in xmlwf.1 521 Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__) 522 for CloudABI 523 #100 Fix use of SIPHASH_MAIN in siphash.h 524 #23 Test suite: Fix memory leaks 525 Version info bumped from 7:4:6 to 7:5:6 526 527 Special thanks to: 528 Chanho Park 529 Joe Orton 530 Pascal Cuoq 531 Rhodri James 532 Simon McVittie 533 Vadim Zeitlin 534 Viktor Szakats 535 and 536 Core Infrastructure Initiative 537 538Release 2.2.2 Wed July 12 2017 539 Security fixes: 540 #43 Protect against compilation without any source of high 541 quality entropy enabled, e.g. with CMake build system; 542 commit ff0207e6076e9828e536b8d9cd45c9c92069b895 543 #60 Windows with _UNICODE: 544 Unintended use of LoadLibraryW with a non-wide string 545 resulted in failure to load advapi32.dll and degradation 546 in quality of used entropy when compiled with _UNICODE for 547 Windows; you can launch existing binaries with 548 EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the 549 quality of entropy used during runtime; commits 550 * 95b95032f907ef1cd17ee7a9a1768010a825d61d 551 * 73a5a2e9c081f49f2d775cf7ced864158b68dc80 552 [MOX-006] Fix non-NULL parser parameter validation in XML_Parse; 553 resulted in NULL dereference, previously; 554 commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe 555 556 Bug fixes: 557 #69 Fix improper use of unsigned long long integer literals 558 559 Other changes: 560 #73 Start requiring a C99 compiler 561 #49 Fix "==" Bashism in configure script 562 #50 Fix too eager getrandom detection for Debian GNU/kFreeBSD 563 #52 and macOS 564 #51 Address lack of stdint.h in Visual Studio 2003 to 2008 565 #58 Address compile warnings 566 #68 Fix "./buildconf.sh && ./configure" for some versions 567 of Dash for /bin/sh 568 #72 CMake: Ease use of Expat in context of a parent project 569 with multiple CMakeLists.txt files 570 #72 CMake: Resolve mistaken executable permissions 571 #76 Address compile warning with -DNDEBUG (not recommended!) 572 #77 Address compile warning about macro redefinition 573 574 Special thanks to: 575 Alexander Bluhm 576 Ben Boeckel 577 Cătălin Răceanu 578 Kerin Millar 579 László Böszörményi 580 S. P. Zeidler 581 Segev Finer 582 Václav Slavík 583 Victor Stinner 584 Viktor Szakats 585 and 586 Radically Open Security 587 588Release 2.2.1 Sat June 17 2017 589 Security fixes: 590 CVE-2017-9233 -- External entity infinite loop DoS 591 Details: https://libexpat.github.io/doc/cve-2017-9233/ 592 Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f 593 [MOX-002] CVE-2016-9063 -- Detect integer overflow; commit 594 d4f735b88d9932bd5039df2335eefdd0723dbe20 595 (Fixed version of existing downstream patches!) 596 (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off 597 longer tag names; commits 598 * 896b6c1fd3b842f377d1b62135dccf0a579cf65d 599 * af507cef2c93cb8d40062a0abe43a4f4e9158fb2 600 #16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd 601 #25 More integer overflow detection (function poolGrow); commits 602 * 810b74e4703dcfdd8f404e3cb177d44684775143 603 * 44178553f3539ce69d34abee77a05e879a7982ac 604 [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits 605 * 4be2cb5afcc018d996f34bbbce6374b7befad47f 606 * 7e5b71b748491b6e459e5c9a1d090820f94544d8 607 [MOX-005] #30 Use high quality entropy for hash initialization: 608 * arc4random_buf on BSD, systems with libbsd 609 (when configured with --with-libbsd), CloudABI 610 * RtlGenRandom on Windows XP / Server 2003 and later 611 * getrandom on Linux 3.17+ 612 In a way, that's still part of CVE-2016-5300. 613 https://github.com/libexpat/libexpat/pull/30/commits 614 [MOX-005] For the low quality entropy extraction fallback code, 615 the parser instance address can no longer leak, commit 616 04ad658bd3079dd15cb60fc67087900f0ff4b083 617 [MOX-003] Prevent use of uninitialised variable; commit 618 [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b 619 Add missing parameter validation to public API functions 620 and dedicated error code XML_ERROR_INVALID_ARGUMENT: 621 [MOX-006] * NULL checks; commits 622 * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many) 623 * 9ed727064b675b7180c98cb3d4f75efba6966681 624 * 6a747c837c50114dfa413994e07c0ba477be4534 625 * Negative length (XML_Parse); commit 626 [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f 627 [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash 628 to go further with fixing CVE-2012-0876. 629 https://github.com/libexpat/libexpat/pull/39/commits 630 631 Bug fixes: 632 #32 Fix sharing of hash salt across parsers; 633 relevant where XML_ExternalEntityParserCreate is called 634 prior to XML_Parse, in particular (e.g. FBReader) 635 #28 xmlwf: Auto-disable use of memory-mapping (and parsing 636 as a single chunk) for files larger than ~1 GB (2^30 bytes) 637 rather than failing with error "out of memory" 638 #3 Fix double free after malloc failure in DTD code; commit 639 7ae9c3d3af433cd4defe95234eae7dc8ed15637f 640 #17 Fix memory leak on parser error for unbound XML attribute 641 prefix with new namespaces defined in the same tag; 642 found by Google's OSS-Fuzz; commits 643 * 16f87daae5a16132e479e4f71862128c7a915c73 644 * b47dbc9745932c160893d433220e462bd605f8cd 645 xmlwf on Windows: Add missing calls to CloseHandle 646 647 New features: 648 #30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1 649 for runtime debugging of entropy extraction 650 651 Other changes: 652 Increase code coverage 653 #33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2; 654 XML_UNICODE_WCHAR_T was never meant to be used outside 655 of Windows; 4-byte wchar_t is common on Linux 656 (SF.net) #538 Start using -fno-strict-aliasing 657 (SF.net) #540 Support compilation against cloudlibc of CloudABI 658 Allow MinGW cross-compilation 659 (SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default) 660 to bypass compilation of the xmlwf.1 man page 661 (SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default) 662 to bypass installation of expat files 663 CMake: Fix ninja support 664 Autotools: Add parameters --enable-xml-context [COUNT] 665 and --disable-xml-context; default of context of 1024 666 bytes enabled unchanged 667 #14 Drop AmigaOS 4.x code and includes 668 #14 Drop ancient build systems: 669 * Borland C++ Builder 670 * OpenVMS 671 * Open Watcom 672 * Visual Studio 6.0 673 * Pre-X Mac OS (MPW Makefile) 674 If you happen to rely on some of these, please get in 675 touch for joining with maintenance. 676 #10 Move from WIN32 to _WIN32 677 #13 Fix "make run-xmltest" order instability 678 Address compile warnings 679 Bump version info from 7:2:6 to 7:3:6 680 Add AUTHORS file 681 682 Infrastructure: 683 #1 Migrate from SourceForge to GitHub (except downloads): 684 https://github.com/libexpat/ 685 #1 Re-create http://libexpat.org/ project website 686 Start utilizing Travis CI 687 688 Special thanks to: 689 Andy Wang 690 Don Lewis 691 Ed Schouten 692 Karl Waclawek 693 Pascal Cuoq 694 Rhodri James 695 Sergei Nikulov 696 Tobias Taschner 697 Viktor Szakats 698 and 699 Core Infrastructure Initiative 700 Mozilla Foundation (MOSS Track 3: Secure Open Source) 701 Radically Open Security 702 703Release 2.2.0 Tue June 21 2016 704 Security fixes: 705 #537 CVE-2016-0718 -- Fix crash on malformed input 706 CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / 707 CVE-2015-2716 introduced with Expat 2.1.1 708 #499 CVE-2016-5300 -- Use more entropy for hash initialization 709 than the original fix to CVE-2012-0876 710 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand 711 that was introduced with Expat 2.1.0 712 when addressing CVE-2012-0876 (issue #496) 713 714 Bug fixes: 715 Fix uninitialized reads of size 1 716 (e.g. in little2_updatePosition) 717 Fix detection of UTF-8 character boundaries 718 719 Other changes: 720 #532 Fix compilation for Visual Studio 2010 (keyword "C99") 721 Autotools: Resolve use of "$<" to better support bmake 722 Autotools: Add QA script "qa.sh" (and make target "qa") 723 Autotools: Respect CXXFLAGS if given 724 Autotools: Fix "make run-xmltest" 725 Autotools: Have "make run-xmltest" check for expected output 726 p90 CMake: Fix static build (BUILD_shared=OFF) on Windows 727 #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass 728 #323 CMake: Add suffix "d" to differentiate debug from release 729 CMake: Define WIN32 with CMake on Windows 730 Annotate memory allocators for GCC 731 Address all currently known compile warnings 732 Make sure that API symbols remain visible despite 733 -fvisibility=hidden 734 Remove executable flag from source files 735 Resolve COMPILED_FROM_DSP in favor of WIN32 736 737 Special thanks to: 738 Björn Lindahl 739 Christian Heimes 740 Cristian Rodríguez 741 Daniel Krügler 742 Gustavo Grieco 743 Karl Waclawek 744 László Böszörményi 745 Marco Grassi 746 Pascal Cuoq 747 Sergei Nikulov 748 Thomas Beutlich 749 Warren Young 750 Yann Droneaud 751 752Release 2.1.1 Sat March 12 2016 753 Security fixes: 754 #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer 755 756 Bug fixes: 757 #502: Fix potential null pointer dereference 758 #520: Symbol XML_SetHashSalt was not exported 759 Output of "xmlwf -h" was incomplete 760 761 Other changes: 762 #503: Document behavior of calling XML_SetHashSalt with salt 0 763 Minor improvements to man page xmlwf(1) 764 Improvements to the experimental CMake build system 765 libtool now invoked with --verbose 766 767Release 2.1.0 Sat March 24 2012 768 - Security fixes: 769 #2958794: CVE-2012-1148 - Memory leak in poolGrow. 770 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. 771 #3496608: CVE-2012-0876 - Hash DOS attack. 772 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). 773 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. 774 - Bug Fixes: 775 #1742315: Harmful XML_ParserCreateNS suggestion. 776 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. 777 #1983953, 2517952, 2517962, 2649838: 778 Build modifications using autoreconf instead of buildconf.sh. 779 #2815947, #2884086: OBJEXT and EXEEXT support while building. 780 #2517938: xmlwf should return non-zero exit status if not well-formed. 781 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. 782 #2855609: Dangling positionPtr after error. 783 #2990652: CMake support. 784 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. 785 #3206497: Uninitialized memory returned from XML_Parse. 786 #3287849: make check fails on mingw-w64. 787 - Patches: 788 #1749198: pkg-config support. 789 #3010222: Fix for bug #3010819. 790 #3312568: CMake support. 791 #3446384: Report byte offsets for attr names and values. 792 - New Features / API changes: 793 Added new API member XML_SetHashSalt() that allows setting an initial 794 value (salt) for hash calculations. This is part of the fix for 795 bug #3496608 to randomize hash parameters. 796 When compiled with XML_ATTR_INFO defined, adds new API member 797 XML_GetAttributeInfo() that allows retrieving the byte 798 offsets for attribute names and values (patch #3446384). 799 Added CMake build system. 800 See bug #2990652 and patch #3312568. 801 Added run-benchmark target to Makefile.in - relies on testdata module 802 present in the same relative location as in the repository. 803 804Release 2.0.1 Tue June 5 2007 805 - Fixed bugs #1515266, #1515600: The character data handler's calling 806 of XML_StopParser() was not handled properly; if the parser was 807 stopped and the handler set to NULL, the parser would segfault. 808 - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed 809 some character constants to be ASCII encoded. 810 - Minor cleanups of the test harness. 811 - Fixed xmlwf bug #1513566: "out of memory" error on file size zero. 812 - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call. 813 - Fixes and improvements for Windows platform: 814 bugs #1409451, #1476160, #1548182, #1602769, #1717322. 815 - Build fixes for various platforms: 816 HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180. 817 All Unix: #1554618 (refreshed config.sub/config.guess). 818 #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT, 819 without relying on GNU-Make specific features. 820 #1647805: Patched configure.in to work better with Intel compiler. 821 - Fixes to Makefile.in to have make check work correctly: 822 bugs #1408143, #1535603, #1536684. 823 - Added Open Watcom support: patch #1523242. 824 825Release 2.0.0 Wed Jan 11 2006 826 - We no longer use the "check" library for C unit testing; we 827 always use the (partial) internal implementation of the API. 828 - Report XML_NS setting via XML_GetFeatureList(). 829 - Fixed headers for use from C++. 830 - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber() 831 now return unsigned integers. 832 - Added XML_LARGE_SIZE switch to enable 64-bit integers for 833 byte indexes and line/column numbers. 834 - Updated to use libtool 1.5.22 (the most recent). 835 - Added support for AmigaOS. 836 - Some mostly minor bug fixes. SF issues include: #1006708, 837 #1021776, #1023646, #1114960, #1156398, #1221160, #1271642. 838 839Release 1.95.8 Fri Jul 23 2004 840 - Major new feature: suspend/resume. Handlers can now request 841 that a parse be suspended for later resumption or aborted 842 altogether. See "Temporarily Stopping Parsing" in the 843 documentation for more details. 844 - Some mostly minor bug fixes, but compilation should no 845 longer generate warnings on most platforms. SF issues 846 include: #827319, #840173, #846309, #888329, #896188, #923913, 847 #928113, #961698, #985192. 848 849Release 1.95.7 Mon Oct 20 2003 850 - Fixed enum XML_Status issue (reported on SourceForge many 851 times), so compilers that are properly picky will be happy. 852 - Introduced an XMLCALL macro to control the calling 853 convention used by the Expat API; this macro should be used 854 to annotate prototypes and definitions of callback 855 implementations in code compiled with a calling convention 856 other than the default convention for the host platform. 857 - Improved ability to build without the configure-generated 858 expat_config.h header. This is useful for applications 859 which embed Expat rather than linking in the library. 860 - Fixed a variety of bugs: see SF issues #458907, #609603, 861 #676844, #679754, #692878, #692964, #695401, #699323, #699487, 862 #820946. 863 - Improved hash table lookups. 864 - Added more regression tests and improved documentation. 865 866Release 1.95.6 Tue Jan 28 2003 867 - Added XML_FreeContentModel(). 868 - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree(). 869 - Fixed a variety of bugs: see SF issues #615606, #616863, 870 #618199, #653180, #673791. 871 - Enhanced the regression test suite. 872 - Man page improvements: includes SF issue #632146. 873 874Release 1.95.5 Fri Sep 6 2002 875 - Added XML_UseForeignDTD() for improved SAX2 support. 876 - Added XML_GetFeatureList(). 877 - Defined XML_Bool type and the values XML_TRUE and XML_FALSE. 878 - Use an incomplete struct instead of a void* for the parser 879 (may not retain). 880 - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected. 881 - Finally fixed bug where default handler would report DTD 882 events that were already handled by another handler. 883 Initial patch contributed by Darryl Miles. 884 - Removed unnecessary DllMain() function that caused static 885 linking into a DLL to be difficult. 886 - Added VC++ projects for building static libraries. 887 - Reduced line-length for all source code and headers to be 888 no longer than 80 characters, to help with AS/400 support. 889 - Reduced memory copying during parsing (SF patch #600964). 890 - Fixed a variety of bugs: see SF issues #580793, #434664, 891 #483514, #580503, #581069, #584041, #584183, #584832, #585537, 892 #596555, #596678, #598352, #598944, #599715, #600479, #600971. 893 894Release 1.95.4 Fri Jul 12 2002 895 - Added support for VMS, contributed by Craig Berry. See 896 vms/README.vms for more information. 897 - Added Mac OS (classic) support, with a makefile for MPW, 898 contributed by Thomas Wegner and Daryle Walker. 899 - Added Borland C++ Builder 5 / BCC 5.5 support, contributed 900 by Patrick McConnell (SF patch #538032). 901 - Fixed a variety of bugs: see SF issues #441449, #563184, 902 #564342, #566334, #566901, #569461, #570263, #575168, #579196. 903 - Made skippedEntityHandler conform to SAX2 (see source comment) 904 - Re-implemented WFC: Entity Declared from XML 1.0 spec and 905 added a new error "entity declared in parameter entity": 906 see SF bug report #569461 and SF patch #578161 907 - Re-implemented section 5.1 from XML 1.0 spec: 908 see SF bug report #570263 and SF patch #578161 909 910Release 1.95.3 Mon Jun 3 2002 911 - Added a project to the MSVC workspace to create a wchar_t 912 version of the library; the DLLs are named libexpatw.dll. 913 - Changed the name of the Windows DLLs from expat.dll to 914 libexpat.dll; this fixes SF bug #432456. 915 - Added the XML_ParserReset() API function. 916 - Fixed XML_SetReturnNSTriplet() to work for element names. 917 - Made the XML_UNICODE builds usable (thanks, Karl!). 918 - Allow xmlwf to read from standard input. 919 - Install a man page for xmlwf on Unix systems. 920 - Fixed many bugs; see SF bug reports #231864, #461380, #464837, 921 #466885, #469226, #477667, #484419, #487840, #494749, #496505, 922 #547350. Other bugs which we can't test as easily may also 923 have been fixed, especially in the area of build support. 924 925Release 1.95.2 Fri Jul 27 2001 926 - More changes to make MSVC happy with the build; add a single 927 workspace to support both the library and xmlwf application. 928 - Added a Windows installer for Windows users; includes 929 xmlwf.exe. 930 - Added compile-time constants that can be used to determine the 931 Expat version 932 - Removed a lot of GNU-specific dependencies to aide portability 933 among the various Unix flavors. 934 - Fix the UTF-8 BOM bug. 935 - Cleaned up warning messages for several compilers. 936 - Added the -Wall, -Wstrict-prototypes options for GCC. 937 938Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000 939 - Changes to get expat to build under Microsoft compiler 940 - Removed all aborts and instead return an UNEXPECTED_STATE error. 941 - Fixed a bug where a stray '%' in an entity value would cause an 942 abort. 943 - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for 944 finding this oversight. 945 - Changed default patterns in lib/Makefile.in to fit non-GNU makes 946 Thanks to robin@unrated.net for reporting and providing an 947 account to test on. 948 - The reference had the wrong label for XML_SetStartNamespaceDecl. 949 Reported by an anonymous user. 950 951Release 1.95.0 Fri Sep 29 2000 952 - XML_ParserCreate_MM 953 Allows you to set a memory management suite to replace the 954 standard malloc,realloc, and free. 955 - XML_SetReturnNSTriplet 956 If you turn this feature on when namespace processing is in 957 effect, then qualified, prefixed element and attribute names 958 are returned as "uri|name|prefix" where '|' is whatever 959 separator character is used in namespace processing. 960 - Merged in features from perl-expat 961 o XML_SetElementDeclHandler 962 o XML_SetAttlistDeclHandler 963 o XML_SetXmlDeclHandler 964 o XML_SetEntityDeclHandler 965 o StartDoctypeDeclHandler takes 3 additional parameters: 966 sysid, pubid, has_internal_subset 967 o Many paired handler setters (like XML_SetElementHandler) 968 now have corresponding individual handler setters 969 o XML_GetInputContext for getting the input context of 970 the current parse position. 971 - Added reference material 972 - Packaged into a distribution that builds a sharable library 973