jcs.org / openbsd-src
jcs's openbsd hax
openbsd
fork atom
openbsd-src / lib / libexpat / Changes
at jcs 1885 lines 96 kB view raw
bluhm Update libexpat to version 2.7.4.
b4b604cd
1 __ __ _ 2 ___\ \/ /_ __ __ _| |_ 3 / _ \\ /| '_ \ / _` | __| 4 | __// \| |_) | (_| | |_ 5 \___/_/\_\ .__/ \__,_|\__| 6 |_| XML parser 7 8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 9!! <blink>Expat is UNDERSTAFFED and WITHOUT FUNDING.</blink> !! 10!! ~~~~~~~~~~~~ !! 11!! The following topics need *additional skilled C developers* to progress !! 12!! in a timely manner or at all (loosely ordered by descending priority): !! 13!! !! 14!! - teaming up on researching and fixing future security reports and !! 15!! ClusterFuzz findings with few-days-max response times in communication !! 16!! in order to (1) have a sound fix ready before the end of a 90 days !! 17!! grace period and (2) in a sustainable manner, !! 18!! - helping Perl's XML::Parser Expat bindings with supporting Expat's !! 19!! security API (https://github.com/cpan-authors/XML-Parser/issues/102): !! 20!! - XML_SetAllocTrackerActivationThreshold !! 21!! - XML_SetAllocTrackerMaximumAmplification !! 22!! - XML_SetBillionLaughsAttackProtectionActivationThreshold !! 23!! - XML_SetBillionLaughsAttackProtectionMaximumAmplification !! 24!! - XML_SetReparseDeferralEnabled !! 25!! - implementing and auto-testing XML 1.0r5 support !! 26!! (needs discussion before pull requests), !! 27!! - smart ideas on fixing the Autotools CMake files generation issue !! 28!! without breaking CI (needs discussion before pull requests), !! 29!! - pushing migration from `int` to `size_t` further !! 30!! including edge-cases test coverage (needs discussion before anything). !! 31!! !! 32!! For details, please reach out via e-mail to sebastian@pipping.org so we !! 33!! can schedule a voice call on the topic, in English or German. !! 34!! !! 35!! THANK YOU! Sebastian Pipping -- Berlin, 2024-03-09 !! 36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 37 38Release 2.7.4 Sat January 31 2026 39 Security fixes: 40 #1131 CVE-2026-24515 -- Function XML_ExternalEntityParserCreate 41 failed to copy the encoding handler data passed to 42 XML_SetUnknownEncodingHandler from the parent to the new 43 subparser. This can cause a NULL dereference (CWE-476) from 44 external entities that declare use of an unknown encoding. 45 The expected impact is denial of service. It takes use of 46 both functions XML_ExternalEntityParserCreate and 47 XML_SetUnknownEncodingHandler for an application to be 48 vulnerable. 49 #1075 CVE-2026-25210 -- Add missing check for integer overflow 50 related to buffer size determination in function doContent 51 52 Bug fixes: 53 #1073 lib: Fix missing undoing of group size expansion in doProlog 54 failure cases 55 #1107 xmlwf: Fix a memory leak 56 #1104 WASI: Fix format specifiers for 32bit WASI SDK 57 58 Other changes: 59 #1105 lib: Fix strict aliasing 60 #1106 lib: Leverage feature "flexible array member" of C99 61 #1051 lib: Swap (size_t)(-1) for C99 equivalent SIZE_MAX 62 #1109 lib|xmlwf: Return NULL instead of 0 for pointers 63 #1068 lib|Windows: Clean up use of macro _MSC_EXTENSIONS with MSVC 64 #1112 lib: Remove unused import 65 #1110 xmlwf: Warn about XXE in --help output (and man page) 66 #1102 #1103 WASI: Stop using getpid 67 #1113 #1130 Autotools: Drop file expat.m4 that provided obsolete Autoconf 68 macro AM_WITH_EXPAT 69 #1123 Autotools: Limit -Wno-pedantic-ms-format to MinGW 70 #1129 #1134 .. 71 #1087 Autotools|macOS: Sync CMake templates with CMake 4.0 72 #1139 #1140 Autotools|CMake: Introduce off-by-default symbol versioning 73 The related build system flags are: 74 - For Autotools, configure with --enable-symbol-versioning 75 - For CMake, configure with -DEXPAT_SYMBOL_VERSIONING=ON 76 Please double-check for consequences before activating 77 this inside distro packaging. Bug reports welcome! 78 #1117 Autotools|CMake: Remove libbsd support 79 #1105 Autotools|CMake: Stop using -fno-strict-aliasing, and use 80 -Wstrict-aliasing=3 instead 81 #1124 Autotools|CMake: Prefer command gsed (GNU sed) over sed 82 (e.g. for Solaris) inside fix-xmltest-log.sh 83 #1067 CMake: Detect and warn about unusable check_c_compiler_flag 84 #1137 CMake: Drop support for CMake <3.17 85 #1138 CMake|Windows: Fix libexpat.def.cmake version comments 86 87 #1086 #1110 docs: Add warning about external reference handlers and XXE 88 #1066 docs: Be explicit that parent parsers need to outlive 89 subparsers 90 #1089 .. 91 #1090 #1091 .. 92 #1092 #1093 .. 93 #1094 #1098 .. 94 #1115 #1116 docs: Misc non-content improvements to doc/reference.html 95 #1132 #1133 Version info bumped from 12:1:11 (libexpat*.so.1.11.1) 96 to 12:2:11 (libexpat*.so.1.11.2); see https://verbump.de/ 97 for what these numbers do 98 99 Infrastructure: 100 #1119 #1121 Document guidelines for contributing to Expat 101 #1120 Introduce a pull request template 102 #1074 CI: Stop using about-to-be-removed image "macos-13" 103 #1083 #1088 CI: Mitigate random Wine crashes 104 #1104 CI: Cover compilation with WASI SDK 105 #1116 CI: Enforce clean doc XML formatting 106 #1124 .. 107 #1135 #1136 CI: Cover Solaris 11.4 108 #1125 CI: Extend CI coverage of FreeBSD 109 #1139 #1140 CI: Cover symbol versioning 110 #1114 xmlwf: Reformat helpgen code (using Black 25.12.0) 111 #1071 .gitignore: Add files CPackConfig.cmake and 112 CPackSourceConfig.cmake 113 114 Special thanks to: 115 Alfonso Gregory 116 Bénédikt Tran 117 Gordon Messmer 118 Hanno Böck 119 Jakub Kulík 120 Matthew Fernandez 121 Neil Pang 122 Rosen Penev 123 and 124 Artiphishell Inc. 125 126Release 2.7.3 Wed September 24 2025 127 Security fixes: 128 #1046 #1048 Fix alignment of internal allocations for some non-amd64 129 architectures (e.g. sparc32); fixes up on the fix to 130 CVE-2025-59375 from #1034 (of Expat 2.7.2 and related 131 backports) 132 #1059 Fix a class of false positives where input should have been 133 rejected with error XML_ERROR_ASYNC_ENTITY; regression from 134 CVE-2024-8176 fix pull request #973 (of Expat 2.7.0 and 135 related backports). Please check the added unit tests for 136 example documents. 137 138 Other changes: 139 #1043 Prove and regression-proof absence of integer overflow 140 from function expat_realloc 141 #1062 Remove "harmless" cast that truncated a size_t to unsigned 142 #1049 Autotools: Remove "ln -s" discovery 143 #1054 docs: Be consistent with use of floating point around 144 XML_SetAllocTrackerMaximumAmplification 145 #1056 docs: Make it explicit that XML_GetCurrentColumnNumber 146 starts at 0 147 #1057 docs: Better integrate the effect of the activation 148 thresholds 149 #1058 docs: Fix an in-comment typo in expat.h 150 #1045 docs: Fix a typo in README.md 151 #1041 docs: Improve change log of release 2.7.2 152 #1053 xmlwf: Resolve use of functions XML_GetErrorLineNumber 153 and XML_GetErrorColumnNumber 154 #1032 Windows: Normalize .bat files to CRLF line endings 155 #1060 #1061 Version info bumped from 12:0:11 (libexpat*.so.1.11.0) 156 to 12:1:11 (libexpat*.so.1.11.1); see https://verbump.de/ 157 for what these numbers do 158 159 Infrastructure: 160 #1047 #1050 CI: Cleanup UndefinedBehaviorSanitizer fatality 161 #1044 CI|Linux: Stop aborting at first job failure 162 #1052 CI|FreeBSD: Upgrade to FreeBSD 15.0 163 #1039 CI|FreeBSD: Do not install CMake meta-package 164 165 Special thanks to: 166 Bénédikt Tran 167 Berkay Eren Ürün 168 Daniel Engberg 169 Hanno Böck 170 Matthew Fernandez 171 Rolf Eike Beer 172 Sam James 173 Tim Bray 174 and 175 Clang/GCC UndefinedBehaviorSanitizer 176 OSS-Fuzz / ClusterFuzz 177 Z3 Theorem Prover 178 179Release 2.7.2 Tue September 16 2025 180 Security fixes: 181 #1018 #1034 CVE-2025-59375 -- Disallow use of disproportional amounts of 182 dynamic memory from within an Expat parser (e.g. previously 183 a ~250 KiB sized document was able to cause allocation of 184 ~800 MiB from the heap, i.e. an "amplification" of factor 185 ~3,300); once a threshold (that defaults to 64 MiB) is 186 reached, a maximum amplification factor (that defaults to 187 100.0) is enforced, and violating documents are rejected 188 with an out-of-memory error. 189 There are two new API functions to fine-tune this new 190 behavior: 191 - XML_SetAllocTrackerActivationThreshold 192 - XML_SetAllocTrackerMaximumAmplification . 193 If you ever need to increase these defaults for non-attack 194 XML payload, please file a bug report with libexpat. 195 There is also a new environment variable 196 EXPAT_MALLOC_DEBUG=(0|1|2) to control the verbosity 197 of allocations debugging at runtime, disabled by default. 198 Known impact is (reliable and easy) denial of service: 199 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C 200 (Base Score: 7.5, Temporal Score: 7.2) 201 Please note that a layer of compression around XML can 202 significantly reduce the minimum attack payload size. 203 Distributors intending to backport (or cherry-pick) the 204 fix need to copy 99% of the related pull request, not just 205 the "lib: Implement tracking of dynamic memory allocations" 206 commit, to not end up with a state that literally does both 207 too much and too little at the same time. Appending ".diff" 208 to the pull request URL could be of help. 209 210 Other changes: 211 #1008 #1017 Autotools|macOS: Sync CMake templates with CMake 3.31 212 #1007 CMake: Drop support for CMake <3.15 213 #1004 CMake: Fix off_t detection for -Werror 214 #1007 CMake|Windows: Fix -DEXPAT_MSVC_STATIC_CRT=ON 215 #1013 Windows: Drop support for Visual Studio <=16.0/2019 216 #1026 xmlwf: Mention supported environment variables in 217 --help output 218 #1024 xmlwf: Fix (internal) help generator 219 #1034 docs: Promote the contract to call function 220 XML_FreeContentModel when registering a custom 221 element declaration handler (via a call to function 222 XML_SetElementDeclHandler) 223 #1027 docs: Add missing <p>..</p> wrap 224 #994 docs: Drop AppVeyor badge 225 #1000 tests: Fix portable_strndup 226 #1036 Drop casts around malloc/free/realloc that C99 does not need 227 #1010 Replace empty for loops with while loops 228 #1011 Add const with internal XmlInitUnknownEncodingNS 229 #14 #1037 Drop an OpenVMS support leftover 230 #999 #1001 Address more clang-tidy warnings 231 #1030 #1038 Version info bumped from 11:2:10 (libexpat*.so.1.10.2) 232 to 12:0:11 (libexpat*.so.1.11.0); see https://verbump.de/ 233 for what these numbers do 234 235 Infrastructure: 236 #1003 CI: Cover compilation on FreeBSD 237 #1009 #1035 CI: Upgrade Clang from 19 to 21 238 #1031 CI: Make calling Cppcheck without --suppress=objectIndex 239 and --suppress=unknownMacro possible 240 #1013 CI|Windows: Get off of deprecated image "windows-2019" 241 #1008 #1017 .. 242 #1023 #1025 CI: Adapt to breaking changes in GitHub Actions 243 244 Special thanks to: 245 Alexander Bluhm 246 Neil Pang 247 Theo Buehler 248 and 249 GNU Time 250 OSS-Fuzz / ClusterFuzz 251 Perl XML::Parser 252 253Release 2.7.1 Thu March 27 2025 254 Bug fixes: 255 #980 #989 Restore event pointer behavior from Expat 2.6.4 256 (that the fix to CVE-2024-8176 changed in 2.7.0); 257 affected API functions are: 258 - XML_GetCurrentByteCount 259 - XML_GetCurrentByteIndex 260 - XML_GetCurrentColumnNumber 261 - XML_GetCurrentLineNumber 262 - XML_GetInputContext 263 264 Other changes: 265 #976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}" 266 with Automake that were missing from 2.7.0 release tarballs 267 #983 #984 Fix printf format specifiers for 32bit Emscripten 268 #992 docs: Promote OpenSSF Best Practices self-certification 269 #978 tests/benchmark: Resolve mistaken double close 270 #986 Address Frama-C warnings 271 #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) 272 to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ 273 for what these numbers do 274 275 Infrastructure: 276 #982 CI: Start running Perl XML::Parser integration tests 277 #987 CI: Enforce Clang Static Analyzer clean code 278 #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized 279 for clang-tidy 280 #981 CI: Cover compilation with musl 281 #983 #984 CI: Cover compilation with 32bit Emscripten 282 #976 #977 CI: Protect against fuzzer files missing from future 283 release archives 284 285 Special thanks to: 286 Berkay Eren Ürün 287 Matthew Fernandez 288 and 289 Perl XML::Parser 290 291Release 2.7.0 Thu March 13 2025 292 Security fixes: 293 #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number 294 of entities caused by stack overflow by resolving use of 295 recursion, for all three uses of entities: 296 - general entities in character data ("<e>&g1;</e>") 297 - general entities in attribute values ("<e k1='&g1;'/>") 298 - parameter entities ("%p1;") 299 Known impact is (reliable and easy) denial of service: 300 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C 301 (Base Score: 7.5, Temporal Score: 7.2) 302 Please note that a layer of compression around XML can 303 significantly reduce the minimum attack payload size. 304 305 Other changes: 306 #935 #937 Autotools: Make generated CMake files look for 307 libexpat.@SO_MAJOR@.dylib on macOS 308 #925 Autotools: Sync CMake templates with CMake 3.29 309 #945 #962 #966 CMake: Drop support for CMake <3.13 310 #942 CMake: Small fuzzing related improvements 311 #921 docs: Add missing documentation of error code 312 XML_ERROR_NOT_STARTED that was introduced with 2.6.4 313 #941 docs: Document need for C++11 compiler for use from C++ 314 #959 tests/benchmark: Fix a (harmless) TOCTTOU 315 #944 Windows: Fix installer target location of file xmlwf.xml 316 for CMake 317 #953 Windows: Address warning -Wunknown-warning-option 318 about -Wno-pedantic-ms-format from LLVM MinGW 319 #971 Address Cppcheck warnings 320 #969 #970 Mass-migrate links from http:// to https:// 321 #947 #958 .. 322 #974 #975 Document changes since the previous release 323 #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) 324 to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ 325 for what these numbers do 326 327 Infrastructure: 328 #926 tests: Increase robustness 329 #927 #932 .. 330 #930 #933 tests: Increase test coverage 331 #617 #950 .. 332 #951 #952 .. 333 #954 #955 .. Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on 334 #961 Google's libprotobuf-mutator ("LPM") 335 #957 Fuzzing|CI: Start producing fuzzing code coverage reports 336 #936 CI: Pass -q -q for LCOV >=2.1 in coverage.sh 337 #942 CI: Small fuzzing related improvements 338 #139 #203 .. 339 #791 #946 CI: Make GitHub Actions build using MSVC on Windows and 340 produce 32bit and 64bit Windows binaries 341 #956 CI: Get off of about-to-be-removed Ubuntu 20.04 342 #960 #964 CI: Start uploading to Coverity Scan for static analysis 343 #972 CI: Stop loading DTD from the internet to address flaky CI 344 #971 CI: Adapt to breaking changes in Cppcheck 345 346 Special thanks to: 347 Alexander Gieringer 348 Berkay Eren Ürün 349 Hanno Böck 350 Jann Horn 351 Mark Brand 352 Sebastian Andrzej Siewior 353 Snild Dolkow 354 Thomas Pröll 355 Tomas Korbar 356 valord577 357 and 358 Google Project Zero 359 Linutronix 360 Red Hat 361 Siemens 362 363Release 2.6.4 Wed November 6 2024 364 Security fixes: 365 #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser 366 from a NULL pointer dereference by disallowing function 367 XML_StopParser to (stop or) suspend an unstarted parser. 368 A new error code XML_ERROR_NOT_STARTED was introduced to 369 properly communicate this situation. // CWE-476 CWE-754 370 371 Other changes: 372 #903 CMake: Add alias target "expat::expat" 373 #905 docs: Document use via CMake >=3.18 with FetchContent 374 and SOURCE_SUBDIR and its consequences 375 #902 tests: Reduce use of global parser instance 376 #904 tests: Resolve duplicate handler 377 #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903) 378 #914 Fix signedness of format strings 379 #915 For use from C++, expat.h started requiring C++11 due to 380 use of C99 features 381 #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3) 382 to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ 383 for what these numbers do 384 385 Infrastructure: 386 #907 CI: Upgrade Clang from 18 to 19 387 #913 CI: Drop macos-12 and add macos-15 388 #910 CI: Adapt to breaking changes in GitHub Actions 389 #898 Add missing entries to .gitignore 390 391 Special thanks to: 392 Hanno Böck 393 José Eduardo Gutiérrez Conejo 394 José Ricardo Cardona Quesada 395 396Release 2.6.3 Wed September 4 2024 397 Security fixes: 398 #887 #890 CVE-2024-45490 -- Calling function XML_ParseBuffer with 399 len < 0 without noticing and then calling XML_GetBuffer 400 will have XML_ParseBuffer fail to recognize the problem 401 and XML_GetBuffer corrupt memory. 402 With the fix, XML_ParseBuffer now complains with error 403 XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse 404 has been doing since Expat 2.2.1, and now documented. 405 Impact is denial of service to potentially artitrary code 406 execution. 407 #888 #891 CVE-2024-45491 -- Internal function dtdCopy can have an 408 integer overflow for nDefaultAtts on 32-bit platforms 409 (where UINT_MAX equals SIZE_MAX). 410 Impact is denial of service to potentially artitrary code 411 execution. 412 #889 #892 CVE-2024-45492 -- Internal function nextScaffoldPart can 413 have an integer overflow for m_groupSize on 32-bit 414 platforms (where UINT_MAX equals SIZE_MAX). 415 Impact is denial of service to potentially artitrary code 416 execution. 417 418 Other changes: 419 #851 #879 Autotools: Sync CMake templates with CMake 3.28 420 #853 Autotools: Always provide path to find(1) for portability 421 #861 Autotools: Ensure that the m4 directory always exists. 422 #870 Autotools: Simplify handling of SIZEOF_VOID_P 423 #869 Autotools: Support non-GNU sed 424 #856 Autotools|CMake: Fix main() to main(void) 425 #865 Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM 426 #863 Autotools|CMake: Stop requiring dos2unix 427 #854 #855 CMake: Fix check for symbols size_t and off_t 428 #864 docs|tests: Convert README to Markdown and update 429 #741 Windows: Drop support for Visual Studio <=15.0/2017 430 #886 Drop needless XML_DTD guards around is_param access 431 #885 Fix typo in a code comment 432 #894 #896 Version info bumped from 10:2:9 (libexpat*.so.1.9.2) 433 to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/ 434 for what these numbers do 435 436 Infrastructure: 437 #880 Readme: Promote the call for help 438 #868 CI: Fix various issues 439 #849 CI: Allow triggering GitHub Actions workflows manually 440 #851 #872 .. 441 #873 #879 CI: Adapt to breaking changes in GitHub Actions 442 443 Special thanks to: 444 Alexander Bluhm 445 Berkay Eren Ürün 446 Dag-Erling Smørgrav 447 Ferenc Géczi 448 TaiYou 449 450Release 2.6.2 Wed March 13 2024 451 Security fixes: 452 #839 #842 CVE-2024-28757 -- Prevent billion laughs attacks with 453 isolated use of external parsers. Please see the commit 454 message of commit 1d50b80cf31de87750103656f6eb693746854aa8 455 for details. 456 457 Bug fixes: 458 #839 #841 Reject direct parameter entity recursion 459 and avoid the related undefined behavior 460 461 Other changes: 462 #847 Autotools: Fix build for DOCBOOK_TO_MAN containing spaces 463 #837 Add missing #821 and #824 to 2.6.1 change log 464 #838 #843 Version info bumped from 10:1:9 (libexpat*.so.1.9.1) 465 to 10:2:9 (libexpat*.so.1.9.2); see https://verbump.de/ 466 for what these numbers do 467 468 Special thanks to: 469 Philippe Antoine 470 Tomas Korbar 471 and 472 Clang UndefinedBehaviorSanitizer 473 OSS-Fuzz / ClusterFuzz 474 475Release 2.6.1 Thu February 29 2024 476 Bug fixes: 477 #817 Make tests independent of CPU speed, and thus more robust 478 #828 #836 Expose billion laughs API with XML_DTD defined and 479 XML_GE undefined, regression from 2.6.0 480 481 Other changes: 482 #829 Hide test-only code behind new internal macro 483 #833 Autotools: Reject expat_config.h.in defining SIZEOF_VOID_P 484 #821 #824 Autotools: Fix "make clean" for case: 485 ./configure --without-docbook && make clean all 486 #819 Address compiler warnings 487 #832 #834 Version info bumped from 10:0:9 (libexpat*.so.1.9.0) 488 to 10:1:9 (libexpat*.so.1.9.1); see https://verbump.de/ 489 for what these numbers do 490 491 Infrastructure: 492 #818 CI: Adapt to breaking changes in clang-format 493 494 Special thanks to: 495 David Hall 496 Snild Dolkow 497 498Release 2.6.0 Tue February 6 2024 499 Security fixes: 500 #789 #814 CVE-2023-52425 -- Fix quadratic runtime issues with big tokens 501 that can cause denial of service, in partial where 502 dealing with compressed XML input. Applications 503 that parsed a document in one go -- a single call to 504 functions XML_Parse or XML_ParseBuffer -- were not affected. 505 The smaller the chunks/buffers you use for parsing 506 previously, the bigger the problem prior to the fix. 507 Backporters should be careful to no omit parts of 508 pull request #789 and to include earlier pull request #771, 509 in order to not break the fix. 510 #777 CVE-2023-52426 -- Fix billion laughs attacks for users 511 compiling *without* XML_DTD defined (which is not common). 512 Users with XML_DTD defined have been protected since 513 Expat >=2.4.0 (and that was CVE-2013-0340 back then). 514 515 Bug fixes: 516 #753 Fix parse-size-dependent "invalid token" error for 517 external entities that start with a byte order mark 518 #780 Fix NULL pointer dereference in setContext via 519 XML_ExternalEntityParserCreate for compilation with 520 XML_DTD undefined 521 #812 #813 Protect against closing entities out of order 522 523 Other changes: 524 #723 Improve support for arc4random/arc4random_buf 525 #771 #788 Improve buffer growth in XML_GetBuffer and XML_Parse 526 #761 #770 xmlwf: Support --help and --version 527 #759 #770 xmlwf: Support custom buffer size for XML_GetBuffer and read 528 #744 xmlwf: Improve language and URL clickability in help output 529 #673 examples: Add new example "element_declarations.c" 530 #764 Be stricter about macro XML_CONTEXT_BYTES at build time 531 #765 Make inclusion to expat_config.h consistent 532 #726 #727 Autotools: configure.ac: Support --disable-maintainer-mode 533 #678 #705 .. 534 #706 #733 #792 Autotools: Sync CMake templates with CMake 3.26 535 #795 Autotools: Make installation of shipped man page doc/xmlwf.1 536 independent of docbook2man availability 537 #815 Autotools|CMake: Add missing -DXML_STATIC to pkg-config file 538 section "Cflags.private" in order to fix compilation 539 against static libexpat using pkg-config on Windows 540 #724 #751 Autotools|CMake: Require a C99 compiler 541 (a de-facto requirement already since Expat 2.2.2 of 2017) 542 #793 Autotools|CMake: Fix PACKAGE_BUGREPORT variable 543 #750 #786 Autotools|CMake: Make test suite require a C++11 compiler 544 #749 CMake: Require CMake >=3.5.0 545 #672 CMake: Lowercase off_t and size_t to help a bug in Meson 546 #746 CMake: Sort xmlwf sources alphabetically 547 #785 CMake|Windows: Fix generation of DLL file version info 548 #790 CMake: Build tests/benchmark/benchmark.c as well for 549 a build with -DEXPAT_BUILD_TESTS=ON 550 #745 #757 docs: Document the importance of isFinal + adjust tests 551 accordingly 552 #736 docs: Improve use of "NULL" and "null" 553 #713 docs: Be specific about version of XML (XML 1.0r4) 554 and version of C (C99); (XML 1.0r5 will need a sponsor.) 555 #762 docs: reference.html: Promote function XML_ParseBuffer more 556 #779 docs: reference.html: Add HTML anchors to XML_* macros 557 #760 docs: reference.html: Upgrade to OK.css 1.2.0 558 #763 #739 docs: Fix typos 559 #696 docs|CI: Use HTTPS URLs instead of HTTP at various places 560 #669 #670 .. 561 #692 #703 .. 562 #733 #772 Address compiler warnings 563 #798 #800 Address clang-tidy warnings 564 #775 #776 Version info bumped from 9:10:8 (libexpat*.so.1.8.10) 565 to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ 566 for what these numbers do 567 568 Infrastructure: 569 #700 #701 docs: Document security policy in file SECURITY.md 570 #766 docs: Improve parse buffer variables in-code documentation 571 #674 #738 .. 572 #740 #747 .. 573 #748 #781 #782 Refactor coverage and conformance tests 574 #714 #716 Refactor debug level variables to unsigned long 575 #671 Improve handling of empty environment variable value 576 in function getDebugLevel (without visible user effect) 577 #755 #774 .. 578 #758 #783 .. 579 #784 #787 tests: Improve test coverage with regard to parse chunk size 580 #660 #797 #801 Fuzzing: Improve fuzzing coverage 581 #367 #799 Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests 582 #698 #721 CI: Resolve some Travis CI leftovers 583 #669 CI: Be robust towards absence of Git tags 584 #693 #694 CI: Set permissions to "contents: read" for security 585 #709 CI: Pin all GitHub Actions to specific commits for security 586 #739 CI: Reject spelling errors using codespell 587 #798 CI: Enforce clang-tidy clean code 588 #773 #808 .. 589 #809 #810 CI: Upgrade Clang from 15 to 18 590 #796 CI: Start using Clang's Control Flow Integrity sanitizer 591 #675 #720 #722 CI: Adapt to breaking changes in GitHub Actions Ubuntu images 592 #689 CI: Adapt to breaking changes in Clang/LLVM Debian packaging 593 #763 CI: Adapt to breaking changes in codespell 594 #803 CI: Adapt to breaking changes in Cppcheck 595 596 Special thanks to: 597 Ivan Galkin 598 Joyce Brum 599 Philippe Antoine 600 Rhodri James 601 Snild Dolkow 602 spookyahell 603 Steven Garske 604 and 605 Clang AddressSanitizer 606 Clang UndefinedBehaviorSanitizer 607 codespell 608 GCC Farm Project 609 OSS-Fuzz 610 Sony Mobile 611 612Release 2.5.0 Tue October 25 2022 613 Security fixes: 614 #616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager 615 destruction of a shared DTD in function 616 XML_ExternalEntityParserCreate in out-of-memory situations. 617 Expected impact is denial of service or potentially 618 arbitrary code execution. 619 620 Bug fixes: 621 #612 #645 Fix corruption from undefined entities 622 #613 #654 Fix case when parsing was suspended while processing nested 623 entities 624 #616 #652 #653 Stop leaking opening tag bindings after a closing tag 625 mismatch error where a parser is reset through 626 XML_ParserReset and then reused to parse 627 #656 CMake: Fix generation of pkg-config file 628 #658 MinGW|CMake: Fix static library name 629 630 Other changes: 631 #663 Protect header expat_config.h from multiple inclusion 632 #666 examples: Make use of XML_GetBuffer and be more 633 consistent across examples 634 #648 Address compiler warnings 635 #667 #668 Version info bumped from 9:9:8 to 9:10:8; 636 see https://verbump.de/ for what these numbers do 637 638 Special thanks to: 639 Jann Horn 640 Mark Brand 641 Osyotr 642 Rhodri James 643 and 644 Google Project Zero 645 646Release 2.4.9 Tue September 20 2022 647 Security fixes: 648 #629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in 649 function doContent. Expected impact is denial of service 650 or potentially arbitrary code execution. 651 652 Bug fixes: 653 #634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0 654 #614 docs: Fix documentation on effect of switch XML_DTD on 655 symbol visibility in doc/reference.html 656 657 Other changes: 658 #638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output 659 #596 #625 Autotools: Sync CMake templates with CMake 3.22 660 #608 CMake: Migrate from use of CMAKE_*_POSTFIX to 661 dedicated variables EXPAT_*_POSTFIX to stop affecting 662 other projects 663 #597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners 664 and fuzzers 665 #512 #621 Windows|CMake: Render .def file from a template to fix 666 linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON 667 #611 #621 MinGW|CMake: Apply MSVC .def file when linking 668 #622 #624 MinGW|CMake: Sync library name with GNU Autotools, 669 i.e. produce libexpat-1.dll rather than libexpat.dll 670 by default. Filename libexpat.dll.a is unaffected. 671 #632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in 672 toolchain file "cmake/mingw-toolchain.cmake" to avoid 673 error "windres: Command not found" on e.g. Ubuntu 20.04 674 #597 #627 CMake: Unify inconsistent use of set() and option() in 675 context of public build time options to take need for 676 set(.. FORCE) in projects using Expat by means of 677 add_subdirectory(..) off Expat's users' shoulders 678 #626 #641 Stop exporting API symbols when building a static library 679 #644 Resolve use of deprecated "fgrep" by "grep -F" 680 #620 CMake: Make documentation on variables a bit more consistent 681 #636 CMake: Drop leading whitespace from a #cmakedefine line in 682 file expat_config.h.cmake 683 #594 xmlwf: Fix harmless variable mix-up in function nsattcmp 684 #592 #593 #610 Address Cppcheck warnings 685 #643 Address Clang 15 compiler warnings 686 #642 #644 Version info bumped from 9:8:8 to 9:9:8; 687 see https://verbump.de/ for what these numbers do 688 689 Infrastructure: 690 #597 #598 CI: Windows: Start covering MSVC 2022 691 #619 CI: macOS: Migrate off deprecated macOS 10.15 692 #632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work 693 #643 CI: Upgrade Clang from 14 to 15 694 #637 apply-clang-format.sh: Add support for BSD find 695 #633 coverage.sh: Exclude MinGW headers 696 #635 coverage.sh: Fix name collision for -funsigned-char 697 698 Special thanks to: 699 David Faure 700 Felix Wilhelm 701 Frank Bergmann 702 Rhodri James 703 Rosen Penev 704 Thijs Schreijer 705 Vincent Torri 706 and 707 Google Project Zero 708 709Release 2.4.8 Mon March 28 2022 710 Other changes: 711 #587 pkg-config: Move "-lm" to section "Libs.private" 712 #587 CMake|MSVC: Fix pkg-config section "Libs" 713 #55 #582 CMake|macOS: Start using linker arguments 714 "-compatibility_version <version>" and 715 "-current_version <version>" in a way compatible with 716 GNU Libtool 717 #590 #591 Version info bumped from 9:7:8 to 9:8:8; 718 see https://verbump.de/ for what these numbers do 719 720 Infrastructure: 721 #589 CI: Upgrade Clang from 13 to 14 722 723 Special thanks to: 724 evpobr 725 Kai Pastor 726 Sam James 727 728Release 2.4.7 Fri March 4 2022 729 Bug fixes: 730 #572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5) 731 with regard to all valid URI characters (RFC 3986), 732 i.e. the following set (excluding whitespace): 733 ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 734 0123456789 % -._~ :/?#[]@ !$&'()*+,;= 735 736 Other changes: 737 #555 #570 #581 CMake|Windows: Store Expat version in the DLL 738 #577 Document consequences of namespace separator choices not just 739 in doc/reference.html but also in header <expat.h> 740 #577 Document Expat's lack of validation of namespace URIs against 741 RFC 3986, and that the XML 1.0r4 specification doesn't 742 require Expat to validate namespace URIs, and that Expat 743 may do more in that regard in future releases. 744 If you find need for strict RFC 3986 URI validation on 745 application level today, https://uriparser.github.io/ may 746 be of interest. 747 #579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h> 748 #575 Document that a call to XML_FreeContentModel can be done at 749 a later time from outside the element declaration handler 750 #574 Make hardcoded namespace URIs easier to find in code 751 #573 Update documentation on use of XML_POOR_ENTOPY on Solaris 752 #569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++ 753 4.8.2 on Solaris. 754 #578 #580 Version info bumped from 9:6:8 to 9:7:8; 755 see https://verbump.de/ for what these numbers do 756 757 Special thanks to: 758 Jeffrey Walton 759 Johnny Jazeix 760 Thijs Schreijer 761 762Release 2.4.6 Sun February 20 2022 763 Bug fixes: 764 #566 Fix a regression introduced by the fix for CVE-2022-25313 765 in release 2.4.5 that affects applications that (1) 766 call function XML_SetElementDeclHandler and (2) are 767 parsing XML that contains nested element declarations 768 (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>"). 769 770 Other changes: 771 #567 #568 Version info bumped from 9:5:8 to 9:6:8; 772 see https://verbump.de/ for what these numbers do 773 774 Special thanks to: 775 Matt Sergeant 776 Samanta Navarro 777 Sergei Trofimovich 778 and 779 NixOS 780 Perl XML::Parser 781 782Release 2.4.5 Fri February 18 2022 783 Security fixes: 784 #562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8 785 sequences (e.g. from start tag names) to the XML 786 processing application on top of Expat can cause 787 arbitrary damage (e.g. code execution) depending 788 on how invalid UTF-8 is handled inside the XML 789 processor; validation was not their job but Expat's. 790 Exploits with code execution are known to exist. 791 #561 CVE-2022-25236 -- Passing (one or more) namespace separator 792 characters in "xmlns[:prefix]" attribute values 793 made Expat send malformed tag names to the XML 794 processor on top of Expat which can cause 795 arbitrary damage (e.g. code execution) depending 796 on such unexpectable cases are handled inside the XML 797 processor; validation was not their job but Expat's. 798 Exploits with code execution are known to exist. 799 #558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing 800 that could be triggered by e.g. a 2 megabytes 801 file with a large number of opening braces. 802 Expected impact is denial of service or potentially 803 arbitrary code execution. 804 #560 CVE-2022-25314 -- Fix integer overflow in function copyString; 805 only affects the encoding name parameter at parser creation 806 time which is often hardcoded (rather than user input), 807 takes a value in the gigabytes to trigger, and a 64-bit 808 machine. Expected impact is denial of service. 809 #559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames; 810 needs input in the gigabytes and a 64-bit machine. 811 Expected impact is denial of service or potentially 812 arbitrary code execution. 813 814 Other changes: 815 #557 #564 Version info bumped from 9:4:8 to 9:5:8; 816 see https://verbump.de/ for what these numbers do 817 818 Special thanks to: 819 Ivan Fratric 820 Samanta Navarro 821 and 822 Google Project Zero 823 JetBrains 824 825Release 2.4.4 Sun January 30 2022 826 Security fixes: 827 #550 CVE-2022-23852 -- Fix signed integer overflow 828 (undefined behavior) in function XML_GetBuffer 829 (that is also called by function XML_Parse internally) 830 for when XML_CONTEXT_BYTES is defined to >0 (which is both 831 common and default). 832 Impact is denial of service or more. 833 #551 CVE-2022-23990 -- Fix unsigned integer overflow in function 834 doProlog triggered by large content in element type 835 declarations when there is an element declaration handler 836 present (from a prior call to XML_SetElementDeclHandler). 837 Impact is denial of service or more. 838 839 Bug fixes: 840 #544 #545 xmlwf: Fix a memory leak on output file opening error 841 842 Other changes: 843 #546 Autotools: Fix broken CMake support under Cygwin 844 #554 Windows: Add missing files to the installer to fix 845 compilation with CMake from installed sources 846 #552 #554 Version info bumped from 9:3:8 to 9:4:8; 847 see https://verbump.de/ for what these numbers do 848 849 Special thanks to: 850 Carlo Bramini 851 hwt0415 852 Roland Illig 853 Samanta Navarro 854 and 855 Clang LeakSan and the Clang team 856 857Release 2.4.3 Sun January 16 2022 858 Security fixes: 859 #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places 860 resulting in 861 a) realloc acting as free 862 b) realloc allocating too few bytes 863 c) undefined behavior 864 depending on architecture and precise value 865 for XML documents with >=2^27+1 prefixed attributes 866 on a single XML tag a la 867 "<r xmlns:a='[..]' a:a123='[..]' [..] />" 868 where XML_ParserCreateNS is used to create the parser 869 (which needs argument "-n" when running xmlwf). 870 Impact is denial of service, or more. 871 #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow 872 on variable m_groupSize in function doProlog leading 873 to realloc acting as free. 874 Impact is denial of service or more. 875 #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows 876 near memory allocation at multiple places. Mitre assigned 877 a dedicated CVE for each involved internal C function: 878 - CVE-2022-22822 for function addBinding 879 - CVE-2022-22823 for function build_model 880 - CVE-2022-22824 for function defineAttribute 881 - CVE-2022-22825 for function lookup 882 - CVE-2022-22826 for function nextScaffoldPart 883 - CVE-2022-22827 for function storeAtts 884 Impact is denial of service or more. 885 886 Other changes: 887 #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19 888 #541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin 889 and MSYS2 by not going through Wine on these platforms 890 #527 #528 Address compiler warnings 891 #533 #543 Version info bumped from 9:2:8 to 9:3:8; 892 see https://verbump.de/ for what these numbers do 893 894 Infrastructure: 895 #536 CI: Check for realistic minimum CMake version 896 #529 #539 CI: Cover compilation with -m32 897 #529 CI: Store coverage reports as artifacts for download 898 #528 CI: Upgrade Clang from 11 to 13 899 900 Special thanks to: 901 An anonymous whitehat 902 Christopher Degawa 903 J. Peter Mugaas 904 Tyson Smith 905 and 906 GCC Farm Project 907 Trend Micro Zero Day Initiative 908 909Release 2.4.2 Sun December 19 2021 910 Other changes: 911 #509 #510 Link againgst libm for function "isnan" 912 #513 #514 Include expat_config.h as early as possible 913 #498 Autotools: Include files with release archives: 914 - buildconf.sh 915 - fuzz/*.c 916 #507 #519 Autotools: Sync CMake templates with CMake 3.20 917 #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for 918 - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug) 919 - multi-config CMake generators (e.g. Ninja Multi-Config) 920 #502 #503 docs: Document that function XML_GetBuffer may return NULL 921 when asking for a buffer of 0 (zero) bytes size 922 #522 #523 docs: Fix return value docs for both 923 XML_SetBillionLaughsAttackProtection* functions 924 #525 #526 Version info bumped from 9:1:8 to 9:2:8; 925 see https://verbump.de/ for what these numbers do 926 927 Special thanks to: 928 Donghee Na 929 Joergen Ibsen 930 Kai Pastor 931 932Release 2.4.1 Sun May 23 2021 933 Bug fixes: 934 #488 #490 Autotools: Fix installed header expat_config.h for multilib 935 systems; regression introduced in 2.4.0 by pull request #486 936 937 Other changes: 938 #491 #492 Version info bumped from 9:0:8 to 9:1:8; 939 see https://verbump.de/ for what these numbers do 940 941 Special thanks to: 942 Gentoo's QA check "multilib_check_headers" 943 944Release 2.4.0 Sun May 23 2021 945 Security fixes: 946 #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks 947 (denial-of-service; flavors targeting CPU time or RAM or both, 948 leveraging general entities or parameter entities or both) 949 by tracking and limiting the input amplification factor 950 (<amplification> := (<direct> + <indirect>) / <direct>). 951 By conservative default, amplification up to a factor of 100.0 952 is tolerated and rejection only starts after 8 MiB of output bytes 953 (=<direct> + <indirect>) have been processed. 954 The fix adds the following to the API: 955 - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to 956 signals this specific condition. 957 - Two new API functions .. 958 - XML_SetBillionLaughsAttackProtectionMaximumAmplification and 959 - XML_SetBillionLaughsAttackProtectionActivationThreshold 960 .. to further tighten billion laughs protection parameters 961 when desired. Please see file "doc/reference.html" for details. 962 If you ever need to increase the defaults for non-attack XML 963 payload, please file a bug report with libexpat. 964 - Two new XML_FEATURE_* constants .. 965 - that can be queried using the XML_GetFeatureList function, and 966 - that are shown in "xmlwf -v" output. 967 - Two new environment variable switches .. 968 - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and 969 - EXPAT_ENTITY_DEBUG=(0|1) 970 .. for runtime debugging of accounting and entity processing. 971 Specific behavior of these values may change in the future. 972 - Two new command line arguments "-a FACTOR" and "-b BYTES" 973 for xmlwf to further tighten billion laughs protection 974 parameters when desired. 975 If you ever need to increase the defaults for non-attack XML 976 payload, please file a bug report with libexpat. 977 978 Bug fixes: 979 #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) 980 or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault 981 for UTF-16 payloads containing CDATA sections. 982 #485 #486 Autotools: Fix generated CMake files for non-64bit and 983 non-Linux platforms (e.g. macOS and MinGW in particular) 984 that were introduced with release 2.3.0 985 986 Other changes: 987 #468 #469 xmlwf: Improve help output and the xmlwf man page 988 #463 xmlwf: Improve maintainability through some refactoring 989 #477 xmlwf: Fix man page DocBook validity 990 #456 Autotools: Sync CMake templates with CMake 3.18 991 #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR 992 and CMAKE_INSTALL_INCLUDEDIR 993 #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS 994 #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters 995 #467 Resolve macro HAVE_EXPAT_CONFIG_H 996 #472 Delete unused legacy helper file "conftools/PrintPath" 997 #473 #483 Improve attribution 998 #464 #465 #477 doc/reference.html: Fix XHTML validity 999 #475 #478 doc/reference.html: Replace the 90s look by OK.css 1000 #479 Version info bumped from 8:0:7 to 9:0:8 1001 due to addition of new symbols and error codes; 1002 see https://verbump.de/ for what these numbers do 1003 1004 Infrastructure: 1005 #456 CI: Enable periodic runs 1006 #457 CI: Start covering the list of exported symbols 1007 #474 CI: Isolate coverage task 1008 #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04" 1009 #477 CI: Cover well-formedness and DocBook/XHTML validity 1010 of doc/reference.html and doc/xmlwf.xml 1011 1012 Special thanks to: 1013 Dimitry Andric 1014 Eero Helenius 1015 Nick Wellnhofer 1016 Rhodri James 1017 Tomas Korbar 1018 Yury Gribov 1019 and 1020 Clang LeakSan 1021 JetBrains 1022 OSS-Fuzz 1023 1024Release 2.3.0 Thu March 25 2021 1025 Bug fixes: 1026 #438 When calling XML_ParseBuffer without a prior successful call to 1027 XML_GetBuffer as a user, no longer trigger undefined behavior 1028 (by adding an integer to a NULL pointer) but rather return 1029 XML_STATUS_ERROR and set the error code to (new) code 1030 XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer) 1031 of Clang 11 (but not Clang 9). 1032 #444 xmlwf: Exit status 2 was used for both: 1033 - malformed input files (documented) and 1034 - invalid command-line arguments (undocumented). 1035 The case of invalid command-line arguments now 1036 has its own exit status 4, resolving the ambiguity. 1037 1038 Other changes: 1039 #439 xmlwf: Add argument -k to allow continuing after 1040 non-fatal errors 1041 #439 xmlwf: Add section about exit status to the -h help output 1042 #422 #426 #447 Windows: Drop support for Visual Studio <=14.0/2015 1043 #434 Windows: CMake: Detect unsupported Visual Studio at 1044 configure time (rather than at compile time) 1045 #382 #428 testrunner: Make verbose mode (argument "-v") report 1046 about passed tests, and make default mode report about 1047 failures, as well. 1048 #442 CMake: Call "enable_language(CXX)" prior to tinkering 1049 with CMAKE_CXX_* variables 1050 #448 Document use of libexpat from a CMake-based project 1051 #451 Autotools: Install CMake files as generated by CMake 3.19.6 1052 so that users with "find_package(expat [..] CONFIG [..])" 1053 are served on distributions that are *not* using the CMake 1054 build system inside for libexpat packaging 1055 #436 #437 Autotools: Drop obsolescent macro AC_HEADER_STDC 1056 #450 #452 Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER 1057 #441 Address compiler warnings 1058 #443 Version info bumped from 7:12:6 to 8:0:7 1059 due to addition of error code XML_ERROR_NO_BUFFER 1060 (see https://verbump.de/ for what these numbers do) 1061 1062 Infrastructure: 1063 #435 #446 Replace Travis CI by GitHub Actions 1064 1065 Special thanks to: 1066 Alexander Richardson 1067 Oleksandr Popovych 1068 Thomas Beutlich 1069 Tim Bray 1070 and 1071 Clang LeakSan, Clang 11 UBSan and the Clang team 1072 1073Release 2.2.10 Sat October 3 2020 1074 Bug fixes: 1075 #390 #395 #398 Fix undefined behavior during parsing caused by 1076 pointer arithmetic with NULL pointers 1077 #404 #405 Fix reading uninitialized variable during parsing 1078 #406 xmlwf: Add missing check for malloc NULL return 1079 1080 Other changes: 1081 #396 Windows: Drop support for Visual Studio <=8.0/2005 1082 #409 Windows: Add missing file "Changes" to the installer 1083 to fix compilation with CMake from installed sources 1084 #403 xmlwf: Document exit codes in xmlwf manpage and 1085 exit with code 3 (rather than code 1) for output errors 1086 when used with "-d DIRECTORY" 1087 #356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0 1088 #383 #392 Autotools: Use -Werror while configure tests the compiler 1089 for supported compile flags to avoid false positives 1090 #383 #393 #394 Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS, 1091 e.g. ensure that they have the last word over flags added 1092 while running ./configure 1093 #360 CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis 1094 on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t) 1095 #360 CMake: Detect and deny unsupported build combinations 1096 involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t) 1097 #360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case 1098 of -DEXPAT_BUILD_DOCS=OFF 1099 #375 #380 #419 CMake: Fix use of Expat by means of add_subdirectory 1100 #407 #408 CMake: Keep expat target name constant at "expat" 1101 (i.e. refrain from using the target name to control 1102 build artifact filenames) 1103 #385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for 1104 Windows 1105 CMake: Expose man page compilation as target "xmlwf-manpage" 1106 #413 #414 CMake: Introduce option EXPAT_BUILD_PKGCONFIG 1107 to control generation of pkg-config file "expat.pc" 1108 #424 CMake: Add minimalistic support for building binary packages 1109 with CMake target "package"; based on CPack 1110 #366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with 1111 default OFF to build fuzzer code against OSS-Fuzz and 1112 related environment variable LIB_FUZZING_ENGINE 1113 #354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each 1114 #354 #355 .. 1115 #356 #412 Address compiler warnings 1116 #368 #369 Address pngcheck warnings with doc/*.png images 1117 #425 Version info bumped from 7:11:6 to 7:12:6 1118 1119 Special thanks to: 1120 asavah 1121 Ben Wagner 1122 Bhargava Shastry 1123 Frank Landgraf 1124 Jeffrey Walton 1125 Joe Orton 1126 Kleber Tarcísio 1127 Ma Lin 1128 Maciej Sroczyński 1129 Mohammed Khajapasha 1130 Vadim Zeitlin 1131 and 1132 Cppcheck 2.0 and the Cppcheck team 1133 1134Release 2.2.9 Wed September 25 2019 1135 Other changes: 1136 examples: Drop executable bits from elements.c 1137 #349 Windows: Change the name of the Windows DLLs from expat*.dll 1138 to libexpat*.dll once more (regression from 2.2.8, first 1139 fixed in 1.95.3, issue #61 on SourceForge today, 1140 was issue #432456 back then); needs a fix due 1141 case-insensitive file systems on Windows and the fact that 1142 Perl's XML::Parser::Expat compiles into Expat.dll. 1143 #347 Windows: Only define _CRT_RAND_S if not defined 1144 Version info bumped from 7:10:6 to 7:11:6 1145 1146 Special thanks to: 1147 Ben Wagner 1148 1149Release 2.2.8 Fri September 13 2019 1150 Security fixes: 1151 #317 #318 CVE-2019-15903 -- Fix heap overflow triggered by 1152 XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), 1153 and deny internal entities closing the doctype; 1154 fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43 1155 1156 Bug fixes: 1157 #240 Fix cases where XML_StopParser did not have any effect 1158 when called from inside of an end element handler 1159 #341 xmlwf: Fix exit code for operation without "-d DIRECTORY"; 1160 previously, only "-d DIRECTORY" would give you a proper 1161 exit code: 1162 # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $? 1163 2 1164 # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $? 1165 0 1166 Now both cases return exit code 2. 1167 1168 Other changes: 1169 #299 #302 Windows: Replace LoadLibrary hack to access 1170 unofficial API function SystemFunction036 (RtlGenRandom) 1171 by using official API function rand_s (needs WinXP+) 1172 #325 Windows: Drop support for Visual Studio <=7.1/2003 1173 and document supported compilers in README.md 1174 #286 Windows: Remove COM code from xmlwf; in case it turns 1175 out needed later, there will be a dedicated repository 1176 below https://github.com/libexpat/ for that code 1177 #322 Windows: Remove explicit MSVC solution and project files. 1178 You can generate Visual Studio solution files through 1179 CMake, e.g.: cmake -G"Visual Studio 15 2017" . 1180 #338 xmlwf: Make "xmlwf -h" help output more friendly 1181 #339 examples: Improve elements.c 1182 #244 #264 Autotools: Add argument --enable-xml-attr-info 1183 #239 #301 Autotools: Add arguments 1184 --with-getrandom 1185 --without-getrandom 1186 --with-sys-getrandom 1187 --without-sys-getrandom 1188 #312 #343 Autotools: Fix linking issues with "./configure LD=clang" 1189 Autotools: Fix "make run-xmltest" for out-of-source builds 1190 #329 #336 CMake: Pull all options from Expat <=2.2.7 into namespace 1191 prefix EXPAT_ with the exception of DOCBOOK_TO_MAN: 1192 - BUILD_doc -> EXPAT_BUILD_DOCS (plural) 1193 - BUILD_examples -> EXPAT_BUILD_EXAMPLES 1194 - BUILD_shared -> EXPAT_SHARED_LIBS 1195 - BUILD_tests -> EXPAT_BUILD_TESTS 1196 - BUILD_tools -> EXPAT_BUILD_TOOLS 1197 - DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged) 1198 - INSTALL -> EXPAT_ENABLE_INSTALL 1199 - MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT 1200 - USE_libbsd -> EXPAT_WITH_LIBBSD 1201 - WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS 1202 - XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES 1203 - XML_DEV_URANDOM -> EXPAT_DEV_URANDOM 1204 - XML_DTD -> EXPAT_DTD 1205 - XML_NS -> EXPAT_NS 1206 - XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!) 1207 - XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!) 1208 #244 #264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), 1209 default OFF 1210 #326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), 1211 default OFF 1212 #328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), 1213 default OFF 1214 #239 #277 CMake: Add arguments 1215 -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO 1216 -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO 1217 #326 CMake: Install expat_config.h to include directory 1218 #326 CMake: Generate and install configuration files for 1219 future find_package(expat [..] CONFIG [..]) 1220 CMake: Now produces a summary of applied configuration 1221 CMake: Require C++ compiler only when tests are enabled 1222 #330 CMake: Fix compilation for 16bit character types, 1223 i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON) 1224 #265 CMake: Fix linking with MinGW 1225 #330 CMake: Add full support for MinGW; to enable, use 1226 -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake 1227 #330 CMake: Port "make run-xmltest" from GNU Autotools to CMake 1228 #316 CMake: Windows: Make binary postfix match MSVC 1229 Old: expat[d].lib 1230 New: expat[w][d][MD|MT].lib 1231 CMake: Migrate files from Windows to Unix line endings 1232 #308 CMake: Integrate OSS-Fuzz fuzzers, option 1233 -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF 1234 #14 Drop an OpenVMS support leftover 1235 #235 #268 .. 1236 #270 #310 .. 1237 #313 #331 #333 Address compiler warnings 1238 #282 #283 .. 1239 #284 #285 Address cppcheck warnings 1240 #294 #295 Address Clang Static Analyzer warnings 1241 #24 #293 Mass-apply clang-format 9 (and ensure conformance during CI) 1242 Version info bumped from 7:9:6 to 7:10:6 1243 1244 Special thanks to: 1245 David Loffredo 1246 Joonun Jang 1247 Kishore Kunche 1248 Marco Maggi 1249 Mitch Phillips 1250 Mohammed Khajapasha 1251 Rolf Ade 1252 xantares 1253 Zhongyuan Zhou 1254 1255Release 2.2.7 Wed June 19 2019 1256 Security fixes: 1257 #186 #262 CVE-2018-20843 -- Fix extraction of namespace prefixes from 1258 XML names; XML names with multiple colons could end up in 1259 the wrong namespace, and take a high amount of RAM and CPU 1260 resources while processing, opening the door to 1261 use for denial-of-service attacks 1262 1263 Other changes: 1264 #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop 1265 exporting non-API symbols 1266 #227 Autotools: Add --without-examples and --without-tests 1267 #228 Autotools: Modernize configure.ac 1268 #245 #246 Autotools: Fix check for -fvisibility=hidden for Clang 1269 #247 #248 Autotools: Fix compilation for lack of docbook2x-man 1270 #236 #258 Autotools: Produce .tar.{gz,lz,xz} release archives 1271 #212 CMake: Make libdir of pkgconfig expat.pc support multilib 1272 #158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR 1273 #219 Remove fallback to bcopy, assume that memmove(3) exists 1274 #257 Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD) 1275 #243 Windows: Fix syntax of .def module definition files 1276 Version info bumped from 7:8:6 to 7:9:6 1277 1278 Special thanks to: 1279 Benjamin Peterson 1280 Caolán McNamara 1281 Hanno Böck 1282 KangLin 1283 Kishore Kunche 1284 Marco Maggi 1285 Rhodri James 1286 Sebastian Dröge 1287 userwithuid 1288 Yury Gribov 1289 1290Release 2.2.6 Sun August 12 2018 1291 Bug fixes: 1292 #170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer 1293 #204 #205 Fix 2.2.5 regression with suspend-resume while parsing 1294 a document like '<root/>' 1295 1296 Other changes: 1297 #165 #168 Autotools: Fix docbook-related configure syntax error 1298 #166 Autotools: Avoid grep option `-q` for Solaris 1299 #167 Autotools: Support 1300 ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation" 1301 #159 #167 Autotools: Support DOCBOOK_TO_MAN command which produces 1302 xmlwf.1 rather than XMLWF.1; also covers case insensitive 1303 file systems 1304 #181 Autotools: Drop -rpath option passed to libtool 1305 #188 Autotools: Detect and deny SGML docbook2man as ours is XML 1306 #188 Autotools/CMake: Support command db2x_docbook2man as well 1307 #174 CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF 1308 #184 #185 CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF 1309 #207 #208 CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T, 1310 both defaulting to OFF 1311 #175 CMake: Prefer check_symbol_exists over check_function_exists 1312 #176 CMake: Create the same pkg-config file as with GNU Autotools 1313 #178 #179 CMake: Use GNUInstallDirs module to set proper defaults for 1314 install directories 1315 #208 CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM 1316 #180 Windows: Fix compilation of test suite for Visual Studio 2008 1317 #131 #173 #202 Address compiler warnings 1318 #187 #190 #200 Fix miscellaneous typos 1319 Version info bumped from 7:7:6 to 7:8:6 1320 1321 Special thanks to: 1322 Anton Maklakov 1323 Benjamin Peterson 1324 Brad King 1325 Franek Korta 1326 Frank Rast 1327 Joe Orton 1328 luzpaz 1329 Pedro Vicente 1330 Rainer Jung 1331 Rhodri James 1332 Rolf Ade 1333 Rolf Eike Beer 1334 Thomas Beutlich 1335 Tomasz Kłoczko 1336 1337Release 2.2.5 Tue October 31 2017 1338 Bug fixes: 1339 #8 If the parser runs out of memory, make sure its internal 1340 state reflects the memory it actually has, not the memory 1341 it wanted to have. 1342 #11 The default handler wasn't being called when it should for 1343 a SYSTEM or PUBLIC doctype if an entity declaration handler 1344 was registered. 1345 #137 #138 Fix a case of mistakenly reported parsing success where 1346 XML_StopParser was called from an element handler 1347 #162 Function XML_ErrorString was returning NULL rather than 1348 a message for code XML_ERROR_INVALID_ARGUMENT 1349 introduced with release 2.2.1 1350 1351 Other changes: 1352 #106 xmlwf: Add argument -N adding notation declarations 1353 #75 #106 Test suite: Resolve expected failure cases where xmlwf 1354 output was incomplete 1355 #127 Windows: Fix test suite compilation 1356 #126 #127 Windows: Fix compilation for Visual Studio 2012 1357 Windows: Upgrade shipped project files to Visual Studio 2017 1358 #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T 1359 #129 examples: Fix compilation for XML_UNICODE_WCHAR_T 1360 #130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T 1361 #144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs 1362 Windows or MinGW for 2-byte wchar_t 1363 #9 Address two Clang Static Analyzer false positives 1364 #59 Resolve troublesome macros hiding parser struct membership 1365 and dereferencing that pointer 1366 #6 Resolve superfluous internal malloc/realloc switch 1367 #153 #155 Improve docbook2x-man detection 1368 #160 Undefine NDEBUG in the test suite (rather than rejecting it) 1369 #161 Address compiler warnings 1370 Version info bumped from 7:6:6 to 7:7:6 1371 1372 Special thanks to: 1373 Benbuck Nason 1374 Hans Wennborg 1375 José Gutiérrez de la Concha 1376 Pedro Monreal Gonzalez 1377 Rhodri James 1378 Rolf Ade 1379 Stephen Groat 1380 and 1381 Core Infrastructure Initiative 1382 1383Release 2.2.4 Sat August 19 2017 1384 Bug fixes: 1385 #115 Fix copying of partial characters for UTF-8 input 1386 1387 Other changes: 1388 #109 Fix "make check" for non-x86 architectures that default 1389 to unsigned type char (-128..127 rather than 0..255) 1390 #109 coverage.sh: Cover -funsigned-char 1391 Autotools: Introduce --without-xmlwf argument 1392 #65 Autotools: Replace handwritten Makefile with GNU Automake 1393 #43 CMake: Auto-detect high quality entropy extractors, add new 1394 option USE_libbsd=ON to use arc4random_buf of libbsd 1395 #74 CMake: Add -fno-strict-aliasing only where supported 1396 #114 CMake: Always honor manually set BUILD_* options 1397 #114 CMake: Compile man page if docbook2x-man is available, only 1398 #117 Include file tests/xmltest.log.expected in source tarball 1399 (required for "make run-xmltest") 1400 #117 Include (existing) Visual Studio 2013 files in source tarball 1401 Improve test suite error output 1402 #111 Fix some typos in documentation 1403 Version info bumped from 7:5:6 to 7:6:6 1404 1405 Special thanks to: 1406 Jakub Wilk 1407 Joe Orton 1408 Lin Tian 1409 Rolf Eike Beer 1410 1411Release 2.2.3 Wed August 2 2017 1412 Security fixes: 1413 #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability 1414 using Steve Holme's LoadLibrary wrapper for/of cURL 1415 1416 Bug fixes: 1417 #85 Fix a dangling pointer issue related to realloc 1418 1419 Other changes: 1420 Increase code coverage 1421 #91 Linux: Allow getrandom to fail if nonblocking pool has not 1422 yet been initialized and read /dev/urandom then, instead. 1423 This is in line with what recent Python does. 1424 #81 Pre-10.7/Lion macOS: Support entropy from arc4random 1425 #86 Check that a UTF-16 encoding in an XML declaration has the 1426 right endianness 1427 #4 #5 #7 Recover correctly when some reallocations fail 1428 Repair "./configure && make" for systems without any 1429 provider of high quality entropy 1430 and try reading /dev/urandom on those 1431 Ensure that user-defined character encodings have converter 1432 functions when they are needed 1433 Fix mis-leading description of argument -c in xmlwf.1 1434 Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__) 1435 for CloudABI 1436 #100 Fix use of SIPHASH_MAIN in siphash.h 1437 #23 Test suite: Fix memory leaks 1438 Version info bumped from 7:4:6 to 7:5:6 1439 1440 Special thanks to: 1441 Chanho Park 1442 Joe Orton 1443 Pascal Cuoq 1444 Rhodri James 1445 Simon McVittie 1446 Vadim Zeitlin 1447 Viktor Szakats 1448 and 1449 Core Infrastructure Initiative 1450 1451Release 2.2.2 Wed July 12 2017 1452 Security fixes: 1453 #43 Protect against compilation without any source of high 1454 quality entropy enabled, e.g. with CMake build system; 1455 commit ff0207e6076e9828e536b8d9cd45c9c92069b895 1456 #60 Windows with _UNICODE: 1457 Unintended use of LoadLibraryW with a non-wide string 1458 resulted in failure to load advapi32.dll and degradation 1459 in quality of used entropy when compiled with _UNICODE for 1460 Windows; you can launch existing binaries with 1461 EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the 1462 quality of entropy used during runtime; commits 1463 * 95b95032f907ef1cd17ee7a9a1768010a825d61d 1464 * 73a5a2e9c081f49f2d775cf7ced864158b68dc80 1465 [MOX-006] Fix non-NULL parser parameter validation in XML_Parse; 1466 resulted in NULL dereference, previously; 1467 commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe 1468 1469 Bug fixes: 1470 #69 Fix improper use of unsigned long long integer literals 1471 1472 Other changes: 1473 #73 Start requiring a C99 compiler 1474 #49 Fix "==" Bashism in configure script 1475 #50 Fix too eager getrandom detection for Debian GNU/kFreeBSD 1476 #52 and macOS 1477 #51 Address lack of stdint.h in Visual Studio 2003 to 2008 1478 #58 Address compile warnings 1479 #68 Fix "./buildconf.sh && ./configure" for some versions 1480 of Dash for /bin/sh 1481 #72 CMake: Ease use of Expat in context of a parent project 1482 with multiple CMakeLists.txt files 1483 #72 CMake: Resolve mistaken executable permissions 1484 #76 Address compile warning with -DNDEBUG (not recommended!) 1485 #77 Address compile warning about macro redefinition 1486 1487 Special thanks to: 1488 Alexander Bluhm 1489 Ben Boeckel 1490 Cătălin Răceanu 1491 Kerin Millar 1492 László Böszörményi 1493 S. P. Zeidler 1494 Segev Finer 1495 Václav Slavík 1496 Victor Stinner 1497 Viktor Szakats 1498 and 1499 Radically Open Security 1500 1501Release 2.2.1 Sat June 17 2017 1502 Security fixes: 1503 CVE-2017-9233 -- External entity infinite loop DoS 1504 Details: https://libexpat.github.io/doc/cve-2017-9233/ 1505 Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f 1506 [MOX-002] CVE-2016-9063 -- Detect integer overflow; commit 1507 d4f735b88d9932bd5039df2335eefdd0723dbe20 1508 (Fixed version of existing downstream patches!) 1509 (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off 1510 longer tag names; commits 1511 * 896b6c1fd3b842f377d1b62135dccf0a579cf65d 1512 * af507cef2c93cb8d40062a0abe43a4f4e9158fb2 1513 #16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd 1514 #25 More integer overflow detection (function poolGrow); commits 1515 * 810b74e4703dcfdd8f404e3cb177d44684775143 1516 * 44178553f3539ce69d34abee77a05e879a7982ac 1517 [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits 1518 * 4be2cb5afcc018d996f34bbbce6374b7befad47f 1519 * 7e5b71b748491b6e459e5c9a1d090820f94544d8 1520 [MOX-005] #30 Use high quality entropy for hash initialization: 1521 * arc4random_buf on BSD, systems with libbsd 1522 (when configured with --with-libbsd), CloudABI 1523 * RtlGenRandom on Windows XP / Server 2003 and later 1524 * getrandom on Linux 3.17+ 1525 In a way, that's still part of CVE-2016-5300. 1526 https://github.com/libexpat/libexpat/pull/30/commits 1527 [MOX-005] For the low quality entropy extraction fallback code, 1528 the parser instance address can no longer leak, commit 1529 04ad658bd3079dd15cb60fc67087900f0ff4b083 1530 [MOX-003] Prevent use of uninitialised variable; commit 1531 [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b 1532 Add missing parameter validation to public API functions 1533 and dedicated error code XML_ERROR_INVALID_ARGUMENT: 1534 [MOX-006] * NULL checks; commits 1535 * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many) 1536 * 9ed727064b675b7180c98cb3d4f75efba6966681 1537 * 6a747c837c50114dfa413994e07c0ba477be4534 1538 * Negative length (XML_Parse); commit 1539 [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f 1540 [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash 1541 to go further with fixing CVE-2012-0876. 1542 https://github.com/libexpat/libexpat/pull/39/commits 1543 1544 Bug fixes: 1545 #32 Fix sharing of hash salt across parsers; 1546 relevant where XML_ExternalEntityParserCreate is called 1547 prior to XML_Parse, in particular (e.g. FBReader) 1548 #28 xmlwf: Auto-disable use of memory-mapping (and parsing 1549 as a single chunk) for files larger than ~1 GB (2^30 bytes) 1550 rather than failing with error "out of memory" 1551 #3 Fix double free after malloc failure in DTD code; commit 1552 7ae9c3d3af433cd4defe95234eae7dc8ed15637f 1553 #17 Fix memory leak on parser error for unbound XML attribute 1554 prefix with new namespaces defined in the same tag; 1555 found by Google's OSS-Fuzz; commits 1556 * 16f87daae5a16132e479e4f71862128c7a915c73 1557 * b47dbc9745932c160893d433220e462bd605f8cd 1558 xmlwf on Windows: Add missing calls to CloseHandle 1559 1560 New features: 1561 #30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1 1562 for runtime debugging of entropy extraction 1563 1564 Other changes: 1565 Increase code coverage 1566 #33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2; 1567 XML_UNICODE_WCHAR_T was never meant to be used outside 1568 of Windows; 4-byte wchar_t is common on Linux 1569 (SF.net) #538 Start using -fno-strict-aliasing 1570 (SF.net) #540 Support compilation against cloudlibc of CloudABI 1571 Allow MinGW cross-compilation 1572 (SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default) 1573 to bypass compilation of the xmlwf.1 man page 1574 (SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default) 1575 to bypass installation of expat files 1576 CMake: Fix ninja support 1577 Autotools: Add parameters --enable-xml-context [COUNT] 1578 and --disable-xml-context; default of context of 1024 1579 bytes enabled unchanged 1580 #14 Drop AmigaOS 4.x code and includes 1581 #14 Drop ancient build systems: 1582 * Borland C++ Builder 1583 * OpenVMS 1584 * Open Watcom 1585 * Visual Studio 6.0 1586 * Pre-X Mac OS (MPW Makefile) 1587 If you happen to rely on some of these, please get in 1588 touch for joining with maintenance. 1589 #10 Move from WIN32 to _WIN32 1590 #13 Fix "make run-xmltest" order instability 1591 Address compile warnings 1592 Bump version info from 7:2:6 to 7:3:6 1593 Add AUTHORS file 1594 1595 Infrastructure: 1596 #1 Migrate from SourceForge to GitHub (except downloads): 1597 https://github.com/libexpat/ 1598 #1 Re-create http://libexpat.org/ project website 1599 Start utilizing Travis CI 1600 1601 Special thanks to: 1602 Andy Wang 1603 Don Lewis 1604 Ed Schouten 1605 Karl Waclawek 1606 Pascal Cuoq 1607 Rhodri James 1608 Sergei Nikulov 1609 Tobias Taschner 1610 Viktor Szakats 1611 and 1612 Core Infrastructure Initiative 1613 Mozilla Foundation (MOSS Track 3: Secure Open Source) 1614 Radically Open Security 1615 1616Release 2.2.0 Tue June 21 2016 1617 Security fixes: 1618 #537 CVE-2016-0718 -- Fix crash on malformed input 1619 CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / 1620 CVE-2015-2716 introduced with Expat 2.1.1 1621 #499 CVE-2016-5300 -- Use more entropy for hash initialization 1622 than the original fix to CVE-2012-0876 1623 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand 1624 that was introduced with Expat 2.1.0 1625 when addressing CVE-2012-0876 (issue #496) 1626 1627 Bug fixes: 1628 Fix uninitialized reads of size 1 1629 (e.g. in little2_updatePosition) 1630 Fix detection of UTF-8 character boundaries 1631 1632 Other changes: 1633 #532 Fix compilation for Visual Studio 2010 (keyword "C99") 1634 Autotools: Resolve use of "$<" to better support bmake 1635 Autotools: Add QA script "qa.sh" (and make target "qa") 1636 Autotools: Respect CXXFLAGS if given 1637 Autotools: Fix "make run-xmltest" 1638 Autotools: Have "make run-xmltest" check for expected output 1639 p90 CMake: Fix static build (BUILD_shared=OFF) on Windows 1640 #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass 1641 #323 CMake: Add suffix "d" to differentiate debug from release 1642 CMake: Define WIN32 with CMake on Windows 1643 Annotate memory allocators for GCC 1644 Address all currently known compile warnings 1645 Make sure that API symbols remain visible despite 1646 -fvisibility=hidden 1647 Remove executable flag from source files 1648 Resolve COMPILED_FROM_DSP in favor of WIN32 1649 1650 Special thanks to: 1651 Björn Lindahl 1652 Christian Heimes 1653 Cristian Rodríguez 1654 Daniel Krügler 1655 Gustavo Grieco 1656 Karl Waclawek 1657 László Böszörményi 1658 Marco Grassi 1659 Pascal Cuoq 1660 Sergei Nikulov 1661 Thomas Beutlich 1662 Warren Young 1663 Yann Droneaud 1664 1665Release 2.1.1 Sat March 12 2016 1666 Security fixes: 1667 #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer 1668 1669 Bug fixes: 1670 #502: Fix potential null pointer dereference 1671 #520: Symbol XML_SetHashSalt was not exported 1672 Output of "xmlwf -h" was incomplete 1673 1674 Other changes: 1675 #503: Document behavior of calling XML_SetHashSalt with salt 0 1676 Minor improvements to man page xmlwf(1) 1677 Improvements to the experimental CMake build system 1678 libtool now invoked with --verbose 1679 1680Release 2.1.0 Sat March 24 2012 1681 - Security fixes: 1682 #2958794: CVE-2012-1148 - Memory leak in poolGrow. 1683 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. 1684 #3496608: CVE-2012-0876 - Hash DOS attack. 1685 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). 1686 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. 1687 - Bug Fixes: 1688 #1742315: Harmful XML_ParserCreateNS suggestion. 1689 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. 1690 #1983953, 2517952, 2517962, 2649838: 1691 Build modifications using autoreconf instead of buildconf.sh. 1692 #2815947, #2884086: OBJEXT and EXEEXT support while building. 1693 #2517938: xmlwf should return non-zero exit status if not well-formed. 1694 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. 1695 #2855609: Dangling positionPtr after error. 1696 #2990652: CMake support. 1697 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. 1698 #3206497: Uninitialized memory returned from XML_Parse. 1699 #3287849: make check fails on mingw-w64. 1700 - Patches: 1701 #1749198: pkg-config support. 1702 #3010222: Fix for bug #3010819. 1703 #3312568: CMake support. 1704 #3446384: Report byte offsets for attr names and values. 1705 - New Features / API changes: 1706 Added new API member XML_SetHashSalt() that allows setting an initial 1707 value (salt) for hash calculations. This is part of the fix for 1708 bug #3496608 to randomize hash parameters. 1709 When compiled with XML_ATTR_INFO defined, adds new API member 1710 XML_GetAttributeInfo() that allows retrieving the byte 1711 offsets for attribute names and values (patch #3446384). 1712 Added CMake build system. 1713 See bug #2990652 and patch #3312568. 1714 Added run-benchmark target to Makefile.in - relies on testdata module 1715 present in the same relative location as in the repository. 1716 1717Release 2.0.1 Tue June 5 2007 1718 - Fixed bugs #1515266, #1515600: The character data handler's calling 1719 of XML_StopParser() was not handled properly; if the parser was 1720 stopped and the handler set to NULL, the parser would segfault. 1721 - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed 1722 some character constants to be ASCII encoded. 1723 - Minor cleanups of the test harness. 1724 - Fixed xmlwf bug #1513566: "out of memory" error on file size zero. 1725 - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call. 1726 - Fixes and improvements for Windows platform: 1727 bugs #1409451, #1476160, #1548182, #1602769, #1717322. 1728 - Build fixes for various platforms: 1729 HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180. 1730 All Unix: #1554618 (refreshed config.sub/config.guess). 1731 #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT, 1732 without relying on GNU-Make specific features. 1733 #1647805: Patched configure.in to work better with Intel compiler. 1734 - Fixes to Makefile.in to have make check work correctly: 1735 bugs #1408143, #1535603, #1536684. 1736 - Added Open Watcom support: patch #1523242. 1737 1738Release 2.0.0 Wed Jan 11 2006 1739 - We no longer use the "check" library for C unit testing; we 1740 always use the (partial) internal implementation of the API. 1741 - Report XML_NS setting via XML_GetFeatureList(). 1742 - Fixed headers for use from C++. 1743 - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber() 1744 now return unsigned integers. 1745 - Added XML_LARGE_SIZE switch to enable 64-bit integers for 1746 byte indexes and line/column numbers. 1747 - Updated to use libtool 1.5.22 (the most recent). 1748 - Added support for AmigaOS. 1749 - Some mostly minor bug fixes. SF issues include: #1006708, 1750 #1021776, #1023646, #1114960, #1156398, #1221160, #1271642. 1751 1752Release 1.95.8 Fri Jul 23 2004 1753 - Major new feature: suspend/resume. Handlers can now request 1754 that a parse be suspended for later resumption or aborted 1755 altogether. See "Temporarily Stopping Parsing" in the 1756 documentation for more details. 1757 - Some mostly minor bug fixes, but compilation should no 1758 longer generate warnings on most platforms. SF issues 1759 include: #827319, #840173, #846309, #888329, #896188, #923913, 1760 #928113, #961698, #985192. 1761 1762Release 1.95.7 Mon Oct 20 2003 1763 - Fixed enum XML_Status issue (reported on SourceForge many 1764 times), so compilers that are properly picky will be happy. 1765 - Introduced an XMLCALL macro to control the calling 1766 convention used by the Expat API; this macro should be used 1767 to annotate prototypes and definitions of callback 1768 implementations in code compiled with a calling convention 1769 other than the default convention for the host platform. 1770 - Improved ability to build without the configure-generated 1771 expat_config.h header. This is useful for applications 1772 which embed Expat rather than linking in the library. 1773 - Fixed a variety of bugs: see SF issues #458907, #609603, 1774 #676844, #679754, #692878, #692964, #695401, #699323, #699487, 1775 #820946. 1776 - Improved hash table lookups. 1777 - Added more regression tests and improved documentation. 1778 1779Release 1.95.6 Tue Jan 28 2003 1780 - Added XML_FreeContentModel(). 1781 - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree(). 1782 - Fixed a variety of bugs: see SF issues #615606, #616863, 1783 #618199, #653180, #673791. 1784 - Enhanced the regression test suite. 1785 - Man page improvements: includes SF issue #632146. 1786 1787Release 1.95.5 Fri Sep 6 2002 1788 - Added XML_UseForeignDTD() for improved SAX2 support. 1789 - Added XML_GetFeatureList(). 1790 - Defined XML_Bool type and the values XML_TRUE and XML_FALSE. 1791 - Use an incomplete struct instead of a void* for the parser 1792 (may not retain). 1793 - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected. 1794 - Finally fixed bug where default handler would report DTD 1795 events that were already handled by another handler. 1796 Initial patch contributed by Darryl Miles. 1797 - Removed unnecessary DllMain() function that caused static 1798 linking into a DLL to be difficult. 1799 - Added VC++ projects for building static libraries. 1800 - Reduced line-length for all source code and headers to be 1801 no longer than 80 characters, to help with AS/400 support. 1802 - Reduced memory copying during parsing (SF patch #600964). 1803 - Fixed a variety of bugs: see SF issues #580793, #434664, 1804 #483514, #580503, #581069, #584041, #584183, #584832, #585537, 1805 #596555, #596678, #598352, #598944, #599715, #600479, #600971. 1806 1807Release 1.95.4 Fri Jul 12 2002 1808 - Added support for VMS, contributed by Craig Berry. See 1809 vms/README.vms for more information. 1810 - Added Mac OS (classic) support, with a makefile for MPW, 1811 contributed by Thomas Wegner and Daryle Walker. 1812 - Added Borland C++ Builder 5 / BCC 5.5 support, contributed 1813 by Patrick McConnell (SF patch #538032). 1814 - Fixed a variety of bugs: see SF issues #441449, #563184, 1815 #564342, #566334, #566901, #569461, #570263, #575168, #579196. 1816 - Made skippedEntityHandler conform to SAX2 (see source comment) 1817 - Re-implemented WFC: Entity Declared from XML 1.0 spec and 1818 added a new error "entity declared in parameter entity": 1819 see SF bug report #569461 and SF patch #578161 1820 - Re-implemented section 5.1 from XML 1.0 spec: 1821 see SF bug report #570263 and SF patch #578161 1822 1823Release 1.95.3 Mon Jun 3 2002 1824 - Added a project to the MSVC workspace to create a wchar_t 1825 version of the library; the DLLs are named libexpatw.dll. 1826 - Changed the name of the Windows DLLs from expat.dll to 1827 libexpat.dll; this fixes SF bug #432456. 1828 - Added the XML_ParserReset() API function. 1829 - Fixed XML_SetReturnNSTriplet() to work for element names. 1830 - Made the XML_UNICODE builds usable (thanks, Karl!). 1831 - Allow xmlwf to read from standard input. 1832 - Install a man page for xmlwf on Unix systems. 1833 - Fixed many bugs; see SF bug reports #231864, #461380, #464837, 1834 #466885, #469226, #477667, #484419, #487840, #494749, #496505, 1835 #547350. Other bugs which we can't test as easily may also 1836 have been fixed, especially in the area of build support. 1837 1838Release 1.95.2 Fri Jul 27 2001 1839 - More changes to make MSVC happy with the build; add a single 1840 workspace to support both the library and xmlwf application. 1841 - Added a Windows installer for Windows users; includes 1842 xmlwf.exe. 1843 - Added compile-time constants that can be used to determine the 1844 Expat version 1845 - Removed a lot of GNU-specific dependencies to aide portability 1846 among the various Unix flavors. 1847 - Fix the UTF-8 BOM bug. 1848 - Cleaned up warning messages for several compilers. 1849 - Added the -Wall, -Wstrict-prototypes options for GCC. 1850 1851Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000 1852 - Changes to get expat to build under Microsoft compiler 1853 - Removed all aborts and instead return an UNEXPECTED_STATE error. 1854 - Fixed a bug where a stray '%' in an entity value would cause an 1855 abort. 1856 - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for 1857 finding this oversight. 1858 - Changed default patterns in lib/Makefile.in to fit non-GNU makes 1859 Thanks to robin@unrated.net for reporting and providing an 1860 account to test on. 1861 - The reference had the wrong label for XML_SetStartNamespaceDecl. 1862 Reported by an anonymous user. 1863 1864Release 1.95.0 Fri Sep 29 2000 1865 - XML_ParserCreate_MM 1866 Allows you to set a memory management suite to replace the 1867 standard malloc,realloc, and free. 1868 - XML_SetReturnNSTriplet 1869 If you turn this feature on when namespace processing is in 1870 effect, then qualified, prefixed element and attribute names 1871 are returned as "uri|name|prefix" where '|' is whatever 1872 separator character is used in namespace processing. 1873 - Merged in features from perl-expat 1874 o XML_SetElementDeclHandler 1875 o XML_SetAttlistDeclHandler 1876 o XML_SetXmlDeclHandler 1877 o XML_SetEntityDeclHandler 1878 o StartDoctypeDeclHandler takes 3 additional parameters: 1879 sysid, pubid, has_internal_subset 1880 o Many paired handler setters (like XML_SetElementHandler) 1881 now have corresponding individual handler setters 1882 o XML_GetInputContext for getting the input context of 1883 the current parse position. 1884 - Added reference material 1885 - Packaged into a distribution that builds a sharable library