1NOTE: We are looking for help with a few things: 2 https://github.com/libexpat/libexpat/labels/help%20wanted 3 If you can help, please get in touch. Thanks! 4 5Release 2.4.1 Sun May 23 2021 6 Bug fixes: 7 #488 #490 Autotools: Fix installed header expat_config.h for multilib 8 systems; regression introduced in 2.4.0 by pull request #486 9 10 Other changes: 11 #491 #492 Version info bumped from 9:0:8 to 9:1:8; 12 see https://verbump.de/ for what these numbers do 13 14 Special thanks to: 15 Gentoo's QA check "multilib_check_headers" 16 17Release 2.4.0 Sun May 23 2021 18 Security fixes: 19 #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks 20 (denial-of-service; flavors targeting CPU time or RAM or both, 21 leveraging general entities or parameter entities or both) 22 by tracking and limiting the input amplification factor 23 (<amplification> := (<direct> + <indirect>) / <direct>). 24 By conservative default, amplification up to a factor of 100.0 25 is tolerated and rejection only starts after 8 MiB of output bytes 26 (=<direct> + <indirect>) have been processed. 27 The fix adds the following to the API: 28 - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to 29 signals this specific condition. 30 - Two new API functions .. 31 - XML_SetBillionLaughsAttackProtectionMaximumAmplification and 32 - XML_SetBillionLaughsAttackProtectionActivationThreshold 33 .. to further tighten billion laughs protection parameters 34 when desired. Please see file "doc/reference.html" for details. 35 If you ever need to increase the defaults for non-attack XML 36 payload, please file a bug report with libexpat. 37 - Two new XML_FEATURE_* constants .. 38 - that can be queried using the XML_GetFeatureList function, and 39 - that are shown in "xmlwf -v" output. 40 - Two new environment variable switches .. 41 - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and 42 - EXPAT_ENTITY_DEBUG=(0|1) 43 .. for runtime debugging of accounting and entity processing. 44 Specific behavior of these values may change in the future. 45 - Two new command line arguments "-a FACTOR" and "-b BYTES" 46 for xmlwf to further tighten billion laughs protection 47 parameters when desired. 48 If you ever need to increase the defaults for non-attack XML 49 payload, please file a bug report with libexpat. 50 51 Bug fixes: 52 #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) 53 or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault 54 for UTF-16 payloads containing CDATA sections. 55 #485 #486 Autotools: Fix generated CMake files for non-64bit and 56 non-Linux platforms (e.g. macOS and MinGW in particular) 57 that were introduced with release 2.3.0 58 59 Other changes: 60 #468 #469 xmlwf: Improve help output and the xmlwf man page 61 #463 xmlwf: Improve maintainability through some refactoring 62 #477 xmlwf: Fix man page DocBook validity 63 #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR 64 and CMAKE_INSTALL_INCLUDEDIR 65 #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS 66 #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters 67 #467 Resolve macro HAVE_EXPAT_CONFIG_H 68 #472 Delete unused legacy helper file "conftools/PrintPath" 69 #473 #483 Improve attribution 70 #464 #465 #477 doc/reference.html: Fix XHTML validity 71 #475 #478 doc/reference.html: Replace the 90s look by OK.css 72 #479 Version info bumped from 8:0:7 to 9:0:8 73 due to addition of new symbols and error codes; 74 see https://verbump.de/ for what these numbers do 75 76 Infrastructure: 77 #456 CI: Enable periodic runs 78 #457 CI: Start covering the list of exported symbols 79 #474 CI: Isolate coverage task 80 #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04" 81 #477 CI: Cover well-formedness and DocBook/XHTML validity 82 of doc/reference.html and doc/xmlwf.xml 83 84 Special thanks to: 85 Dimitry Andric 86 Eero Helenius 87 Nick Wellnhofer 88 Rhodri James 89 Tomas Korbar 90 Yury Gribov 91 and 92 Clang LeakSan 93 JetBrains 94 OSS-Fuzz 95 96Release 2.3.0 Thu March 25 2021 97 Bug fixes: 98 #438 When calling XML_ParseBuffer without a prior successful call to 99 XML_GetBuffer as a user, no longer trigger undefined behavior 100 (by adding an integer to a NULL pointer) but rather return 101 XML_STATUS_ERROR and set the error code to (new) code 102 XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer) 103 of Clang 11 (but not Clang 9). 104 #444 xmlwf: Exit status 2 was used for both: 105 - malformed input files (documented) and 106 - invalid command-line arguments (undocumented). 107 The case of invalid command-line arguments now 108 has its own exit status 4, resolving the ambiguity. 109 110 Other changes: 111 #439 xmlwf: Add argument -k to allow continuing after 112 non-fatal errors 113 #439 xmlwf: Add section about exit status to the -h help output 114 #422 #426 #447 Windows: Drop support for Visual Studio <=14.0/2015 115 #434 Windows: CMake: Detect unsupported Visual Studio at 116 configure time (rather than at compile time) 117 #382 #428 testrunner: Make verbose mode (argument "-v") report 118 about passed tests, and make default mode report about 119 failures, as well. 120 #442 CMake: Call "enable_language(CXX)" prior to tinkering 121 with CMAKE_CXX_* variables 122 #448 Document use of libexpat from a CMake-based project 123 #451 Autotools: Install CMake files as generated by CMake 3.19.6 124 so that users with "find_package(expat [..] CONFIG [..])" 125 are served on distributions that are *not* using the CMake 126 build system inside for libexpat packaging 127 #436 #437 Autotools: Drop obsolescent macro AC_HEADER_STDC 128 #450 #452 Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER 129 #441 Address compiler warnings 130 #443 Version info bumped from 7:12:6 to 8:0:7 131 due to addition of error code XML_ERROR_NO_BUFFER 132 (see https://verbump.de/ for what these numbers do) 133 134 Infrastructure: 135 #435 #446 Replace Travis CI by GitHub Actions 136 137 Special thanks to: 138 Alexander Richardson 139 Oleksandr Popovych 140 Thomas Beutlich 141 Tim Bray 142 and 143 Clang LeakSan, Clang 11 UBSan and the Clang team 144 145Release 2.2.10 Sat October 3 2020 146 Bug fixes: 147 #390 #395 #398 Fix undefined behavior during parsing caused by 148 pointer arithmetic with NULL pointers 149 #404 #405 Fix reading uninitialized variable during parsing 150 #406 xmlwf: Add missing check for malloc NULL return 151 152 Other changes: 153 #396 Windows: Drop support for Visual Studio <=8.0/2005 154 #409 Windows: Add missing file "Changes" to the installer 155 to fix compilation with CMake from installed sources 156 #403 xmlwf: Document exit codes in xmlwf manpage and 157 exit with code 3 (rather than code 1) for output errors 158 when used with "-d DIRECTORY" 159 #356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0 160 #383 #392 Autotools: Use -Werror while configure tests the compiler 161 for supported compile flags to avoid false positives 162 #383 #393 #394 Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS, 163 e.g. ensure that they have the last word over flags added 164 while running ./configure 165 #360 CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis 166 on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t) 167 #360 CMake: Detect and deny unsupported build combinations 168 involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t) 169 #360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case 170 of -DEXPAT_BUILD_DOCS=OFF 171 #375 #380 #419 CMake: Fix use of Expat by means of add_subdirectory 172 #407 #408 CMake: Keep expat target name constant at "expat" 173 (i.e. refrain from using the target name to control 174 build artifact filenames) 175 #385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for 176 Windows 177 CMake: Expose man page compilation as target "xmlwf-manpage" 178 #413 #414 CMake: Introduce option EXPAT_BUILD_PKGCONFIG 179 to control generation of pkg-config file "expat.pc" 180 #424 CMake: Add minimalistic support for building binary packages 181 with CMake target "package"; based on CPack 182 #366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with 183 default OFF to build fuzzer code against OSS-Fuzz and 184 related environment variable LIB_FUZZING_ENGINE 185 #354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each 186 #354 #355 .. 187 #356 #412 Address compiler warnings 188 #368 #369 Address pngcheck warnings with doc/*.png images 189 #425 Version info bumped from 7:11:6 to 7:12:6 190 191 Special thanks to: 192 asavah 193 Ben Wagner 194 Bhargava Shastry 195 Frank Landgraf 196 Jeffrey Walton 197 Joe Orton 198 Kleber Tarcísio 199 Ma Lin 200 Maciej Sroczyński 201 Mohammed Khajapasha 202 Vadim Zeitlin 203 and 204 Cppcheck 2.0 and the Cppcheck team 205 206Release 2.2.9 Wed September 25 2019 207 Other changes: 208 examples: Drop executable bits from elements.c 209 #349 Windows: Change the name of the Windows DLLs from expat*.dll 210 to libexpat*.dll once more (regression from 2.2.8, first 211 fixed in 1.95.3, issue #61 on SourceForge today, 212 was issue #432456 back then); needs a fix due 213 case-insensitive file systems on Windows and the fact that 214 Perl's XML::Parser::Expat compiles into Expat.dll. 215 #347 Windows: Only define _CRT_RAND_S if not defined 216 Version info bumped from 7:10:6 to 7:11:6 217 218 Special thanks to: 219 Ben Wagner 220 221Release 2.2.8 Fri September 13 2019 222 Security fixes: 223 #317 #318 CVE-2019-15903 -- Fix heap overflow triggered by 224 XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), 225 and deny internal entities closing the doctype; 226 fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43 227 228 Bug fixes: 229 #240 Fix cases where XML_StopParser did not have any effect 230 when called from inside of an end element handler 231 #341 xmlwf: Fix exit code for operation without "-d DIRECTORY"; 232 previously, only "-d DIRECTORY" would give you a proper 233 exit code: 234 # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $? 235 2 236 # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $? 237 0 238 Now both cases return exit code 2. 239 240 Other changes: 241 #299 #302 Windows: Replace LoadLibrary hack to access 242 unofficial API function SystemFunction036 (RtlGenRandom) 243 by using official API function rand_s (needs WinXP+) 244 #325 Windows: Drop support for Visual Studio <=7.1/2003 245 and document supported compilers in README.md 246 #286 Windows: Remove COM code from xmlwf; in case it turns 247 out needed later, there will be a dedicated repository 248 below https://github.com/libexpat/ for that code 249 #322 Windows: Remove explicit MSVC solution and project files. 250 You can generate Visual Studio solution files through 251 CMake, e.g.: cmake -G"Visual Studio 15 2017" . 252 #338 xmlwf: Make "xmlwf -h" help output more friendly 253 #339 examples: Improve elements.c 254 #244 #264 Autotools: Add argument --enable-xml-attr-info 255 #239 #301 Autotools: Add arguments 256 --with-getrandom 257 --without-getrandom 258 --with-sys-getrandom 259 --without-sys-getrandom 260 #312 #343 Autotools: Fix linking issues with "./configure LD=clang" 261 Autotools: Fix "make run-xmltest" for out-of-source builds 262 #329 #336 CMake: Pull all options from Expat <=2.2.7 into namespace 263 prefix EXPAT_ with the exception of DOCBOOK_TO_MAN: 264 - BUILD_doc -> EXPAT_BUILD_DOCS (plural) 265 - BUILD_examples -> EXPAT_BUILD_EXAMPLES 266 - BUILD_shared -> EXPAT_SHARED_LIBS 267 - BUILD_tests -> EXPAT_BUILD_TESTS 268 - BUILD_tools -> EXPAT_BUILD_TOOLS 269 - DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged) 270 - INSTALL -> EXPAT_ENABLE_INSTALL 271 - MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT 272 - USE_libbsd -> EXPAT_WITH_LIBBSD 273 - WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS 274 - XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES 275 - XML_DEV_URANDOM -> EXPAT_DEV_URANDOM 276 - XML_DTD -> EXPAT_DTD 277 - XML_NS -> EXPAT_NS 278 - XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!) 279 - XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!) 280 #244 #264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), 281 default OFF 282 #326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), 283 default OFF 284 #328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), 285 default OFF 286 #239 #277 CMake: Add arguments 287 -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO 288 -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO 289 #326 CMake: Install expat_config.h to include directory 290 #326 CMake: Generate and install configuration files for 291 future find_package(expat [..] CONFIG [..]) 292 CMake: Now produces a summary of applied configuration 293 CMake: Require C++ compiler only when tests are enabled 294 #330 CMake: Fix compilation for 16bit character types, 295 i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON) 296 #265 CMake: Fix linking with MinGW 297 #330 CMake: Add full support for MinGW; to enable, use 298 -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake 299 #330 CMake: Port "make run-xmltest" from GNU Autotools to CMake 300 #316 CMake: Windows: Make binary postfix match MSVC 301 Old: expat[d].lib 302 New: expat[w][d][MD|MT].lib 303 CMake: Migrate files from Windows to Unix line endings 304 #308 CMake: Integrate OSS-Fuzz fuzzers, option 305 -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF 306 #14 Drop an OpenVMS support leftover 307 #235 #268 .. 308 #270 #310 .. 309 #313 #331 #333 Address compiler warnings 310 #282 #283 .. 311 #284 #285 Address cppcheck warnings 312 #294 #295 Address Clang Static Analyzer warnings 313 #24 #293 Mass-apply clang-format 9 (and ensure conformance during CI) 314 Version info bumped from 7:9:6 to 7:10:6 315 316 Special thanks to: 317 David Loffredo 318 Joonun Jang 319 Kishore Kunche 320 Marco Maggi 321 Mitch Phillips 322 Mohammed Khajapasha 323 Rolf Ade 324 xantares 325 Zhongyuan Zhou 326 327Release 2.2.7 Wed June 19 2019 328 Security fixes: 329 #186 #262 CVE-2018-20843 -- Fix extraction of namespace prefixes from 330 XML names; XML names with multiple colons could end up in 331 the wrong namespace, and take a high amount of RAM and CPU 332 resources while processing, opening the door to 333 use for denial-of-service attacks 334 335 Other changes: 336 #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop 337 exporting non-API symbols 338 #227 Autotools: Add --without-examples and --without-tests 339 #228 Autotools: Modernize configure.ac 340 #245 #246 Autotools: Fix check for -fvisibility=hidden for Clang 341 #247 #248 Autotools: Fix compilation for lack of docbook2x-man 342 #236 #258 Autotools: Produce .tar.{gz,lz,xz} release archives 343 #212 CMake: Make libdir of pkgconfig expat.pc support multilib 344 #158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR 345 #219 Remove fallback to bcopy, assume that memmove(3) exists 346 #257 Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD) 347 #243 Windows: Fix syntax of .def module definition files 348 Version info bumped from 7:8:6 to 7:9:6 349 350 Special thanks to: 351 Benjamin Peterson 352 Caolán McNamara 353 Hanno Böck 354 KangLin 355 Kishore Kunche 356 Marco Maggi 357 Rhodri James 358 Sebastian Dröge 359 userwithuid 360 Yury Gribov 361 362Release 2.2.6 Sun August 12 2018 363 Bug fixes: 364 #170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer 365 #204 #205 Fix 2.2.5 regression with suspend-resume while parsing 366 a document like '<root/>' 367 368 Other changes: 369 #165 #168 Autotools: Fix docbook-related configure syntax error 370 #166 Autotools: Avoid grep option `-q` for Solaris 371 #167 Autotools: Support 372 ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation" 373 #159 #167 Autotools: Support DOCBOOK_TO_MAN command which produces 374 xmlwf.1 rather than XMLWF.1; also covers case insensitive 375 file systems 376 #181 Autotools: Drop -rpath option passed to libtool 377 #188 Autotools: Detect and deny SGML docbook2man as ours is XML 378 #188 Autotools/CMake: Support command db2x_docbook2man as well 379 #174 CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF 380 #184 #185 CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF 381 #207 #208 CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T, 382 both defaulting to OFF 383 #175 CMake: Prefer check_symbol_exists over check_function_exists 384 #176 CMake: Create the same pkg-config file as with GNU Autotools 385 #178 #179 CMake: Use GNUInstallDirs module to set proper defaults for 386 install directories 387 #208 CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM 388 #180 Windows: Fix compilation of test suite for Visual Studio 2008 389 #131 #173 #202 Address compiler warnings 390 #187 #190 #200 Fix miscellaneous typos 391 Version info bumped from 7:7:6 to 7:8:6 392 393 Special thanks to: 394 Anton Maklakov 395 Benjamin Peterson 396 Brad King 397 Franek Korta 398 Frank Rast 399 Joe Orton 400 luzpaz 401 Pedro Vicente 402 Rainer Jung 403 Rhodri James 404 Rolf Ade 405 Rolf Eike Beer 406 Thomas Beutlich 407 Tomasz Kłoczko 408 409Release 2.2.5 Tue October 31 2017 410 Bug fixes: 411 #8 If the parser runs out of memory, make sure its internal 412 state reflects the memory it actually has, not the memory 413 it wanted to have. 414 #11 The default handler wasn't being called when it should for 415 a SYSTEM or PUBLIC doctype if an entity declaration handler 416 was registered. 417 #137 #138 Fix a case of mistakenly reported parsing success where 418 XML_StopParser was called from an element handler 419 #162 Function XML_ErrorString was returning NULL rather than 420 a message for code XML_ERROR_INVALID_ARGUMENT 421 introduced with release 2.2.1 422 423 Other changes: 424 #106 xmlwf: Add argument -N adding notation declarations 425 #75 #106 Test suite: Resolve expected failure cases where xmlwf 426 output was incomplete 427 #127 Windows: Fix test suite compilation 428 #126 #127 Windows: Fix compilation for Visual Studio 2012 429 Windows: Upgrade shipped project files to Visual Studio 2017 430 #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T 431 #129 examples: Fix compilation for XML_UNICODE_WCHAR_T 432 #130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T 433 #144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs 434 Windows or MinGW for 2-byte wchar_t 435 #9 Address two Clang Static Analyzer false positives 436 #59 Resolve troublesome macros hiding parser struct membership 437 and dereferencing that pointer 438 #6 Resolve superfluous internal malloc/realloc switch 439 #153 #155 Improve docbook2x-man detection 440 #160 Undefine NDEBUG in the test suite (rather than rejecting it) 441 #161 Address compiler warnings 442 Version info bumped from 7:6:6 to 7:7:6 443 444 Special thanks to: 445 Benbuck Nason 446 Hans Wennborg 447 José Gutiérrez de la Concha 448 Pedro Monreal Gonzalez 449 Rhodri James 450 Rolf Ade 451 Stephen Groat 452 and 453 Core Infrastructure Initiative 454 455Release 2.2.4 Sat August 19 2017 456 Bug fixes: 457 #115 Fix copying of partial characters for UTF-8 input 458 459 Other changes: 460 #109 Fix "make check" for non-x86 architectures that default 461 to unsigned type char (-128..127 rather than 0..255) 462 #109 coverage.sh: Cover -funsigned-char 463 Autotools: Introduce --without-xmlwf argument 464 #65 Autotools: Replace handwritten Makefile with GNU Automake 465 #43 CMake: Auto-detect high quality entropy extractors, add new 466 option USE_libbsd=ON to use arc4random_buf of libbsd 467 #74 CMake: Add -fno-strict-aliasing only where supported 468 #114 CMake: Always honor manually set BUILD_* options 469 #114 CMake: Compile man page if docbook2x-man is available, only 470 #117 Include file tests/xmltest.log.expected in source tarball 471 (required for "make run-xmltest") 472 #117 Include (existing) Visual Studio 2013 files in source tarball 473 Improve test suite error output 474 #111 Fix some typos in documentation 475 Version info bumped from 7:5:6 to 7:6:6 476 477 Special thanks to: 478 Jakub Wilk 479 Joe Orton 480 Lin Tian 481 Rolf Eike Beer 482 483Release 2.2.3 Wed August 2 2017 484 Security fixes: 485 #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability 486 using Steve Holme's LoadLibrary wrapper for/of cURL 487 488 Bug fixes: 489 #85 Fix a dangling pointer issue related to realloc 490 491 Other changes: 492 Increase code coverage 493 #91 Linux: Allow getrandom to fail if nonblocking pool has not 494 yet been initialized and read /dev/urandom then, instead. 495 This is in line with what recent Python does. 496 #81 Pre-10.7/Lion macOS: Support entropy from arc4random 497 #86 Check that a UTF-16 encoding in an XML declaration has the 498 right endianness 499 #4 #5 #7 Recover correctly when some reallocations fail 500 Repair "./configure && make" for systems without any 501 provider of high quality entropy 502 and try reading /dev/urandom on those 503 Ensure that user-defined character encodings have converter 504 functions when they are needed 505 Fix mis-leading description of argument -c in xmlwf.1 506 Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__) 507 for CloudABI 508 #100 Fix use of SIPHASH_MAIN in siphash.h 509 #23 Test suite: Fix memory leaks 510 Version info bumped from 7:4:6 to 7:5:6 511 512 Special thanks to: 513 Chanho Park 514 Joe Orton 515 Pascal Cuoq 516 Rhodri James 517 Simon McVittie 518 Vadim Zeitlin 519 Viktor Szakats 520 and 521 Core Infrastructure Initiative 522 523Release 2.2.2 Wed July 12 2017 524 Security fixes: 525 #43 Protect against compilation without any source of high 526 quality entropy enabled, e.g. with CMake build system; 527 commit ff0207e6076e9828e536b8d9cd45c9c92069b895 528 #60 Windows with _UNICODE: 529 Unintended use of LoadLibraryW with a non-wide string 530 resulted in failure to load advapi32.dll and degradation 531 in quality of used entropy when compiled with _UNICODE for 532 Windows; you can launch existing binaries with 533 EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the 534 quality of entropy used during runtime; commits 535 * 95b95032f907ef1cd17ee7a9a1768010a825d61d 536 * 73a5a2e9c081f49f2d775cf7ced864158b68dc80 537 [MOX-006] Fix non-NULL parser parameter validation in XML_Parse; 538 resulted in NULL dereference, previously; 539 commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe 540 541 Bug fixes: 542 #69 Fix improper use of unsigned long long integer literals 543 544 Other changes: 545 #73 Start requiring a C99 compiler 546 #49 Fix "==" Bashism in configure script 547 #50 Fix too eager getrandom detection for Debian GNU/kFreeBSD 548 #52 and macOS 549 #51 Address lack of stdint.h in Visual Studio 2003 to 2008 550 #58 Address compile warnings 551 #68 Fix "./buildconf.sh && ./configure" for some versions 552 of Dash for /bin/sh 553 #72 CMake: Ease use of Expat in context of a parent project 554 with multiple CMakeLists.txt files 555 #72 CMake: Resolve mistaken executable permissions 556 #76 Address compile warning with -DNDEBUG (not recommended!) 557 #77 Address compile warning about macro redefinition 558 559 Special thanks to: 560 Alexander Bluhm 561 Ben Boeckel 562 Cătălin Răceanu 563 Kerin Millar 564 László Böszörményi 565 S. P. Zeidler 566 Segev Finer 567 Václav Slavík 568 Victor Stinner 569 Viktor Szakats 570 and 571 Radically Open Security 572 573Release 2.2.1 Sat June 17 2017 574 Security fixes: 575 CVE-2017-9233 -- External entity infinite loop DoS 576 Details: https://libexpat.github.io/doc/cve-2017-9233/ 577 Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f 578 [MOX-002] CVE-2016-9063 -- Detect integer overflow; commit 579 d4f735b88d9932bd5039df2335eefdd0723dbe20 580 (Fixed version of existing downstream patches!) 581 (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off 582 longer tag names; commits 583 * 896b6c1fd3b842f377d1b62135dccf0a579cf65d 584 * af507cef2c93cb8d40062a0abe43a4f4e9158fb2 585 #16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd 586 #25 More integer overflow detection (function poolGrow); commits 587 * 810b74e4703dcfdd8f404e3cb177d44684775143 588 * 44178553f3539ce69d34abee77a05e879a7982ac 589 [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits 590 * 4be2cb5afcc018d996f34bbbce6374b7befad47f 591 * 7e5b71b748491b6e459e5c9a1d090820f94544d8 592 [MOX-005] #30 Use high quality entropy for hash initialization: 593 * arc4random_buf on BSD, systems with libbsd 594 (when configured with --with-libbsd), CloudABI 595 * RtlGenRandom on Windows XP / Server 2003 and later 596 * getrandom on Linux 3.17+ 597 In a way, that's still part of CVE-2016-5300. 598 https://github.com/libexpat/libexpat/pull/30/commits 599 [MOX-005] For the low quality entropy extraction fallback code, 600 the parser instance address can no longer leak, commit 601 04ad658bd3079dd15cb60fc67087900f0ff4b083 602 [MOX-003] Prevent use of uninitialised variable; commit 603 [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b 604 Add missing parameter validation to public API functions 605 and dedicated error code XML_ERROR_INVALID_ARGUMENT: 606 [MOX-006] * NULL checks; commits 607 * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many) 608 * 9ed727064b675b7180c98cb3d4f75efba6966681 609 * 6a747c837c50114dfa413994e07c0ba477be4534 610 * Negative length (XML_Parse); commit 611 [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f 612 [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash 613 to go further with fixing CVE-2012-0876. 614 https://github.com/libexpat/libexpat/pull/39/commits 615 616 Bug fixes: 617 #32 Fix sharing of hash salt across parsers; 618 relevant where XML_ExternalEntityParserCreate is called 619 prior to XML_Parse, in particular (e.g. FBReader) 620 #28 xmlwf: Auto-disable use of memory-mapping (and parsing 621 as a single chunk) for files larger than ~1 GB (2^30 bytes) 622 rather than failing with error "out of memory" 623 #3 Fix double free after malloc failure in DTD code; commit 624 7ae9c3d3af433cd4defe95234eae7dc8ed15637f 625 #17 Fix memory leak on parser error for unbound XML attribute 626 prefix with new namespaces defined in the same tag; 627 found by Google's OSS-Fuzz; commits 628 * 16f87daae5a16132e479e4f71862128c7a915c73 629 * b47dbc9745932c160893d433220e462bd605f8cd 630 xmlwf on Windows: Add missing calls to CloseHandle 631 632 New features: 633 #30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1 634 for runtime debugging of entropy extraction 635 636 Other changes: 637 Increase code coverage 638 #33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2; 639 XML_UNICODE_WCHAR_T was never meant to be used outside 640 of Windows; 4-byte wchar_t is common on Linux 641 (SF.net) #538 Start using -fno-strict-aliasing 642 (SF.net) #540 Support compilation against cloudlibc of CloudABI 643 Allow MinGW cross-compilation 644 (SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default) 645 to bypass compilation of the xmlwf.1 man page 646 (SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default) 647 to bypass installation of expat files 648 CMake: Fix ninja support 649 Autotools: Add parameters --enable-xml-context [COUNT] 650 and --disable-xml-context; default of context of 1024 651 bytes enabled unchanged 652 #14 Drop AmigaOS 4.x code and includes 653 #14 Drop ancient build systems: 654 * Borland C++ Builder 655 * OpenVMS 656 * Open Watcom 657 * Visual Studio 6.0 658 * Pre-X Mac OS (MPW Makefile) 659 If you happen to rely on some of these, please get in 660 touch for joining with maintenance. 661 #10 Move from WIN32 to _WIN32 662 #13 Fix "make run-xmltest" order instability 663 Address compile warnings 664 Bump version info from 7:2:6 to 7:3:6 665 Add AUTHORS file 666 667 Infrastructure: 668 #1 Migrate from SourceForge to GitHub (except downloads): 669 https://github.com/libexpat/ 670 #1 Re-create http://libexpat.org/ project website 671 Start utilizing Travis CI 672 673 Special thanks to: 674 Andy Wang 675 Don Lewis 676 Ed Schouten 677 Karl Waclawek 678 Pascal Cuoq 679 Rhodri James 680 Sergei Nikulov 681 Tobias Taschner 682 Viktor Szakats 683 and 684 Core Infrastructure Initiative 685 Mozilla Foundation (MOSS Track 3: Secure Open Source) 686 Radically Open Security 687 688Release 2.2.0 Tue June 21 2016 689 Security fixes: 690 #537 CVE-2016-0718 -- Fix crash on malformed input 691 CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / 692 CVE-2015-2716 introduced with Expat 2.1.1 693 #499 CVE-2016-5300 -- Use more entropy for hash initialization 694 than the original fix to CVE-2012-0876 695 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand 696 that was introduced with Expat 2.1.0 697 when addressing CVE-2012-0876 (issue #496) 698 699 Bug fixes: 700 Fix uninitialized reads of size 1 701 (e.g. in little2_updatePosition) 702 Fix detection of UTF-8 character boundaries 703 704 Other changes: 705 #532 Fix compilation for Visual Studio 2010 (keyword "C99") 706 Autotools: Resolve use of "$<" to better support bmake 707 Autotools: Add QA script "qa.sh" (and make target "qa") 708 Autotools: Respect CXXFLAGS if given 709 Autotools: Fix "make run-xmltest" 710 Autotools: Have "make run-xmltest" check for expected output 711 p90 CMake: Fix static build (BUILD_shared=OFF) on Windows 712 #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass 713 #323 CMake: Add suffix "d" to differentiate debug from release 714 CMake: Define WIN32 with CMake on Windows 715 Annotate memory allocators for GCC 716 Address all currently known compile warnings 717 Make sure that API symbols remain visible despite 718 -fvisibility=hidden 719 Remove executable flag from source files 720 Resolve COMPILED_FROM_DSP in favor of WIN32 721 722 Special thanks to: 723 Björn Lindahl 724 Christian Heimes 725 Cristian Rodríguez 726 Daniel Krügler 727 Gustavo Grieco 728 Karl Waclawek 729 László Böszörményi 730 Marco Grassi 731 Pascal Cuoq 732 Sergei Nikulov 733 Thomas Beutlich 734 Warren Young 735 Yann Droneaud 736 737Release 2.1.1 Sat March 12 2016 738 Security fixes: 739 #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer 740 741 Bug fixes: 742 #502: Fix potential null pointer dereference 743 #520: Symbol XML_SetHashSalt was not exported 744 Output of "xmlwf -h" was incomplete 745 746 Other changes: 747 #503: Document behavior of calling XML_SetHashSalt with salt 0 748 Minor improvements to man page xmlwf(1) 749 Improvements to the experimental CMake build system 750 libtool now invoked with --verbose 751 752Release 2.1.0 Sat March 24 2012 753 - Security fixes: 754 #2958794: CVE-2012-1148 - Memory leak in poolGrow. 755 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. 756 #3496608: CVE-2012-0876 - Hash DOS attack. 757 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). 758 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. 759 - Bug Fixes: 760 #1742315: Harmful XML_ParserCreateNS suggestion. 761 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. 762 #1983953, 2517952, 2517962, 2649838: 763 Build modifications using autoreconf instead of buildconf.sh. 764 #2815947, #2884086: OBJEXT and EXEEXT support while building. 765 #2517938: xmlwf should return non-zero exit status if not well-formed. 766 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. 767 #2855609: Dangling positionPtr after error. 768 #2990652: CMake support. 769 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. 770 #3206497: Uninitialized memory returned from XML_Parse. 771 #3287849: make check fails on mingw-w64. 772 - Patches: 773 #1749198: pkg-config support. 774 #3010222: Fix for bug #3010819. 775 #3312568: CMake support. 776 #3446384: Report byte offsets for attr names and values. 777 - New Features / API changes: 778 Added new API member XML_SetHashSalt() that allows setting an initial 779 value (salt) for hash calculations. This is part of the fix for 780 bug #3496608 to randomize hash parameters. 781 When compiled with XML_ATTR_INFO defined, adds new API member 782 XML_GetAttributeInfo() that allows retrieving the byte 783 offsets for attribute names and values (patch #3446384). 784 Added CMake build system. 785 See bug #2990652 and patch #3312568. 786 Added run-benchmark target to Makefile.in - relies on testdata module 787 present in the same relative location as in the repository. 788 789Release 2.0.1 Tue June 5 2007 790 - Fixed bugs #1515266, #1515600: The character data handler's calling 791 of XML_StopParser() was not handled properly; if the parser was 792 stopped and the handler set to NULL, the parser would segfault. 793 - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed 794 some character constants to be ASCII encoded. 795 - Minor cleanups of the test harness. 796 - Fixed xmlwf bug #1513566: "out of memory" error on file size zero. 797 - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call. 798 - Fixes and improvements for Windows platform: 799 bugs #1409451, #1476160, #1548182, #1602769, #1717322. 800 - Build fixes for various platforms: 801 HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180. 802 All Unix: #1554618 (refreshed config.sub/config.guess). 803 #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT, 804 without relying on GNU-Make specific features. 805 #1647805: Patched configure.in to work better with Intel compiler. 806 - Fixes to Makefile.in to have make check work correctly: 807 bugs #1408143, #1535603, #1536684. 808 - Added Open Watcom support: patch #1523242. 809 810Release 2.0.0 Wed Jan 11 2006 811 - We no longer use the "check" library for C unit testing; we 812 always use the (partial) internal implementation of the API. 813 - Report XML_NS setting via XML_GetFeatureList(). 814 - Fixed headers for use from C++. 815 - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber() 816 now return unsigned integers. 817 - Added XML_LARGE_SIZE switch to enable 64-bit integers for 818 byte indexes and line/column numbers. 819 - Updated to use libtool 1.5.22 (the most recent). 820 - Added support for AmigaOS. 821 - Some mostly minor bug fixes. SF issues include: #1006708, 822 #1021776, #1023646, #1114960, #1156398, #1221160, #1271642. 823 824Release 1.95.8 Fri Jul 23 2004 825 - Major new feature: suspend/resume. Handlers can now request 826 that a parse be suspended for later resumption or aborted 827 altogether. See "Temporarily Stopping Parsing" in the 828 documentation for more details. 829 - Some mostly minor bug fixes, but compilation should no 830 longer generate warnings on most platforms. SF issues 831 include: #827319, #840173, #846309, #888329, #896188, #923913, 832 #928113, #961698, #985192. 833 834Release 1.95.7 Mon Oct 20 2003 835 - Fixed enum XML_Status issue (reported on SourceForge many 836 times), so compilers that are properly picky will be happy. 837 - Introduced an XMLCALL macro to control the calling 838 convention used by the Expat API; this macro should be used 839 to annotate prototypes and definitions of callback 840 implementations in code compiled with a calling convention 841 other than the default convention for the host platform. 842 - Improved ability to build without the configure-generated 843 expat_config.h header. This is useful for applications 844 which embed Expat rather than linking in the library. 845 - Fixed a variety of bugs: see SF issues #458907, #609603, 846 #676844, #679754, #692878, #692964, #695401, #699323, #699487, 847 #820946. 848 - Improved hash table lookups. 849 - Added more regression tests and improved documentation. 850 851Release 1.95.6 Tue Jan 28 2003 852 - Added XML_FreeContentModel(). 853 - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree(). 854 - Fixed a variety of bugs: see SF issues #615606, #616863, 855 #618199, #653180, #673791. 856 - Enhanced the regression test suite. 857 - Man page improvements: includes SF issue #632146. 858 859Release 1.95.5 Fri Sep 6 2002 860 - Added XML_UseForeignDTD() for improved SAX2 support. 861 - Added XML_GetFeatureList(). 862 - Defined XML_Bool type and the values XML_TRUE and XML_FALSE. 863 - Use an incomplete struct instead of a void* for the parser 864 (may not retain). 865 - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected. 866 - Finally fixed bug where default handler would report DTD 867 events that were already handled by another handler. 868 Initial patch contributed by Darryl Miles. 869 - Removed unnecessary DllMain() function that caused static 870 linking into a DLL to be difficult. 871 - Added VC++ projects for building static libraries. 872 - Reduced line-length for all source code and headers to be 873 no longer than 80 characters, to help with AS/400 support. 874 - Reduced memory copying during parsing (SF patch #600964). 875 - Fixed a variety of bugs: see SF issues #580793, #434664, 876 #483514, #580503, #581069, #584041, #584183, #584832, #585537, 877 #596555, #596678, #598352, #598944, #599715, #600479, #600971. 878 879Release 1.95.4 Fri Jul 12 2002 880 - Added support for VMS, contributed by Craig Berry. See 881 vms/README.vms for more information. 882 - Added Mac OS (classic) support, with a makefile for MPW, 883 contributed by Thomas Wegner and Daryle Walker. 884 - Added Borland C++ Builder 5 / BCC 5.5 support, contributed 885 by Patrick McConnell (SF patch #538032). 886 - Fixed a variety of bugs: see SF issues #441449, #563184, 887 #564342, #566334, #566901, #569461, #570263, #575168, #579196. 888 - Made skippedEntityHandler conform to SAX2 (see source comment) 889 - Re-implemented WFC: Entity Declared from XML 1.0 spec and 890 added a new error "entity declared in parameter entity": 891 see SF bug report #569461 and SF patch #578161 892 - Re-implemented section 5.1 from XML 1.0 spec: 893 see SF bug report #570263 and SF patch #578161 894 895Release 1.95.3 Mon Jun 3 2002 896 - Added a project to the MSVC workspace to create a wchar_t 897 version of the library; the DLLs are named libexpatw.dll. 898 - Changed the name of the Windows DLLs from expat.dll to 899 libexpat.dll; this fixes SF bug #432456. 900 - Added the XML_ParserReset() API function. 901 - Fixed XML_SetReturnNSTriplet() to work for element names. 902 - Made the XML_UNICODE builds usable (thanks, Karl!). 903 - Allow xmlwf to read from standard input. 904 - Install a man page for xmlwf on Unix systems. 905 - Fixed many bugs; see SF bug reports #231864, #461380, #464837, 906 #466885, #469226, #477667, #484419, #487840, #494749, #496505, 907 #547350. Other bugs which we can't test as easily may also 908 have been fixed, especially in the area of build support. 909 910Release 1.95.2 Fri Jul 27 2001 911 - More changes to make MSVC happy with the build; add a single 912 workspace to support both the library and xmlwf application. 913 - Added a Windows installer for Windows users; includes 914 xmlwf.exe. 915 - Added compile-time constants that can be used to determine the 916 Expat version 917 - Removed a lot of GNU-specific dependencies to aide portability 918 among the various Unix flavors. 919 - Fix the UTF-8 BOM bug. 920 - Cleaned up warning messages for several compilers. 921 - Added the -Wall, -Wstrict-prototypes options for GCC. 922 923Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000 924 - Changes to get expat to build under Microsoft compiler 925 - Removed all aborts and instead return an UNEXPECTED_STATE error. 926 - Fixed a bug where a stray '%' in an entity value would cause an 927 abort. 928 - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for 929 finding this oversight. 930 - Changed default patterns in lib/Makefile.in to fit non-GNU makes 931 Thanks to robin@unrated.net for reporting and providing an 932 account to test on. 933 - The reference had the wrong label for XML_SetStartNamespaceDecl. 934 Reported by an anonymous user. 935 936Release 1.95.0 Fri Sep 29 2000 937 - XML_ParserCreate_MM 938 Allows you to set a memory management suite to replace the 939 standard malloc,realloc, and free. 940 - XML_SetReturnNSTriplet 941 If you turn this feature on when namespace processing is in 942 effect, then qualified, prefixed element and attribute names 943 are returned as "uri|name|prefix" where '|' is whatever 944 separator character is used in namespace processing. 945 - Merged in features from perl-expat 946 o XML_SetElementDeclHandler 947 o XML_SetAttlistDeclHandler 948 o XML_SetXmlDeclHandler 949 o XML_SetEntityDeclHandler 950 o StartDoctypeDeclHandler takes 3 additional parameters: 951 sysid, pubid, has_internal_subset 952 o Many paired handler setters (like XML_SetElementHandler) 953 now have corresponding individual handler setters 954 o XML_GetInputContext for getting the input context of 955 the current parse position. 956 - Added reference material 957 - Packaged into a distribution that builds a sharable library 958