1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522 |
- __ __ _
- ___\ \/ /_ __ __ _| |_
- / _ \\ /| '_ \ / _` | __|
- | __// \| |_) | (_| | |_
- \___/_/\_\ .__/ \__,_|\__|
- |_| XML parser
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- !! <blink>Expat is UNDERSTAFFED and WITHOUT FUNDING.</blink> !!
- !! ~~~~~~~~~~~~ !!
- !! The following topics need *additional skilled C developers* to progress !!
- !! in a timely manner or at all (loosely ordered by descending priority): !!
- !! !!
- !! - <blink>fixing a complex non-public security issue</blink>, !!
- !! - teaming up on researching and fixing future security reports and !!
- !! ClusterFuzz findings with few-days-max response times in communication !!
- !! in order to (1) have a sound fix ready before the end of a 90 days !!
- !! grace period and (2) in a sustainable manner, !!
- !! - implementing and auto-testing XML 1.0r5 support !!
- !! (needs discussion before pull requests), !!
- !! - smart ideas on fixing the Autotools CMake files generation issue !!
- !! without breaking CI (needs discussion before pull requests), !!
- !! - the Windows binaries topic (needs requirements engineering first), !!
- !! - pushing migration from `int` to `size_t` further !!
- !! including edge-cases test coverage (needs discussion before anything). !!
- !! !!
- !! For details, please reach out via e-mail to sebastian@pipping.org so we !!
- !! can schedule a voice call on the topic, in English or German. !!
- !! !!
- !! THANK YOU! Sebastian Pipping -- Berlin, 2024-03-09 !!
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- Release 2.6.3 Wed September 4 2024
- Security fixes:
- #887 #890 CVE-2024-45490 -- Calling function XML_ParseBuffer with
- len < 0 without noticing and then calling XML_GetBuffer
- will have XML_ParseBuffer fail to recognize the problem
- and XML_GetBuffer corrupt memory.
- With the fix, XML_ParseBuffer now complains with error
- XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
- has been doing since Expat 2.2.1, and now documented.
- Impact is denial of service to potentially artitrary code
- execution.
- #888 #891 CVE-2024-45491 -- Internal function dtdCopy can have an
- integer overflow for nDefaultAtts on 32-bit platforms
- (where UINT_MAX equals SIZE_MAX).
- Impact is denial of service to potentially artitrary code
- execution.
- #889 #892 CVE-2024-45492 -- Internal function nextScaffoldPart can
- have an integer overflow for m_groupSize on 32-bit
- platforms (where UINT_MAX equals SIZE_MAX).
- Impact is denial of service to potentially artitrary code
- execution.
- Other changes:
- #851 #879 Autotools: Sync CMake templates with CMake 3.28
- #853 Autotools: Always provide path to find(1) for portability
- #861 Autotools: Ensure that the m4 directory always exists.
- #870 Autotools: Simplify handling of SIZEOF_VOID_P
- #869 Autotools: Support non-GNU sed
- #856 Autotools|CMake: Fix main() to main(void)
- #865 Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
- #863 Autotools|CMake: Stop requiring dos2unix
- #854 #855 CMake: Fix check for symbols size_t and off_t
- #864 docs|tests: Convert README to Markdown and update
- #741 Windows: Drop support for Visual Studio <=15.0/2017
- #886 Drop needless XML_DTD guards around is_param access
- #885 Fix typo in a code comment
- #894 #896 Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
- to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
- for what these numbers do
- Infrastructure:
- #880 Readme: Promote the call for help
- #868 CI: Fix various issues
- #849 CI: Allow triggering GitHub Actions workflows manually
- #851 #872 ..
- #873 #879 CI: Adapt to breaking changes in GitHub Actions
- Special thanks to:
- Alexander Bluhm
- Berkay Eren Ürün
- Dag-Erling Smørgrav
- Ferenc Géczi
- TaiYou
- Release 2.6.2 Wed March 13 2024
- Security fixes:
- #839 #842 CVE-2024-28757 -- Prevent billion laughs attacks with
- isolated use of external parsers. Please see the commit
- message of commit 1d50b80cf31de87750103656f6eb693746854aa8
- for details.
- Bug fixes:
- #839 #841 Reject direct parameter entity recursion
- and avoid the related undefined behavior
- Other changes:
- #847 Autotools: Fix build for DOCBOOK_TO_MAN containing spaces
- #837 Add missing #821 and #824 to 2.6.1 change log
- #838 #843 Version info bumped from 10:1:9 (libexpat*.so.1.9.1)
- to 10:2:9 (libexpat*.so.1.9.2); see https://verbump.de/
- for what these numbers do
- Special thanks to:
- Philippe Antoine
- Tomas Korbar
- and
- Clang UndefinedBehaviorSanitizer
- OSS-Fuzz / ClusterFuzz
- Release 2.6.1 Thu February 29 2024
- Bug fixes:
- #817 Make tests independent of CPU speed, and thus more robust
- #828 #836 Expose billion laughs API with XML_DTD defined and
- XML_GE undefined, regression from 2.6.0
- Other changes:
- #829 Hide test-only code behind new internal macro
- #833 Autotools: Reject expat_config.h.in defining SIZEOF_VOID_P
- #821 #824 Autotools: Fix "make clean" for case:
- ./configure --without-docbook && make clean all
- #819 Address compiler warnings
- #832 #834 Version info bumped from 10:0:9 (libexpat*.so.1.9.0)
- to 10:1:9 (libexpat*.so.1.9.1); see https://verbump.de/
- for what these numbers do
- Infrastructure:
- #818 CI: Adapt to breaking changes in clang-format
- Special thanks to:
- David Hall
- Snild Dolkow
- Release 2.6.0 Tue February 6 2024
- Security fixes:
- #789 #814 CVE-2023-52425 -- Fix quadratic runtime issues with big tokens
- that can cause denial of service, in partial where
- dealing with compressed XML input. Applications
- that parsed a document in one go -- a single call to
- functions XML_Parse or XML_ParseBuffer -- were not affected.
- The smaller the chunks/buffers you use for parsing
- previously, the bigger the problem prior to the fix.
- Backporters should be careful to no omit parts of
- pull request #789 and to include earlier pull request #771,
- in order to not break the fix.
- #777 CVE-2023-52426 -- Fix billion laughs attacks for users
- compiling *without* XML_DTD defined (which is not common).
- Users with XML_DTD defined have been protected since
- Expat >=2.4.0 (and that was CVE-2013-0340 back then).
- Bug fixes:
- #753 Fix parse-size-dependent "invalid token" error for
- external entities that start with a byte order mark
- #780 Fix NULL pointer dereference in setContext via
- XML_ExternalEntityParserCreate for compilation with
- XML_DTD undefined
- #812 #813 Protect against closing entities out of order
- Other changes:
- #723 Improve support for arc4random/arc4random_buf
- #771 #788 Improve buffer growth in XML_GetBuffer and XML_Parse
- #761 #770 xmlwf: Support --help and --version
- #759 #770 xmlwf: Support custom buffer size for XML_GetBuffer and read
- #744 xmlwf: Improve language and URL clickability in help output
- #673 examples: Add new example "element_declarations.c"
- #764 Be stricter about macro XML_CONTEXT_BYTES at build time
- #765 Make inclusion to expat_config.h consistent
- #726 #727 Autotools: configure.ac: Support --disable-maintainer-mode
- #678 #705 ..
- #706 #733 #792 Autotools: Sync CMake templates with CMake 3.26
- #795 Autotools: Make installation of shipped man page doc/xmlwf.1
- independent of docbook2man availability
- #815 Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
- section "Cflags.private" in order to fix compilation
- against static libexpat using pkg-config on Windows
- #724 #751 Autotools|CMake: Require a C99 compiler
- (a de-facto requirement already since Expat 2.2.2 of 2017)
- #793 Autotools|CMake: Fix PACKAGE_BUGREPORT variable
- #750 #786 Autotools|CMake: Make test suite require a C++11 compiler
- #749 CMake: Require CMake >=3.5.0
- #672 CMake: Lowercase off_t and size_t to help a bug in Meson
- #746 CMake: Sort xmlwf sources alphabetically
- #785 CMake|Windows: Fix generation of DLL file version info
- #790 CMake: Build tests/benchmark/benchmark.c as well for
- a build with -DEXPAT_BUILD_TESTS=ON
- #745 #757 docs: Document the importance of isFinal + adjust tests
- accordingly
- #736 docs: Improve use of "NULL" and "null"
- #713 docs: Be specific about version of XML (XML 1.0r4)
- and version of C (C99); (XML 1.0r5 will need a sponsor.)
- #762 docs: reference.html: Promote function XML_ParseBuffer more
- #779 docs: reference.html: Add HTML anchors to XML_* macros
- #760 docs: reference.html: Upgrade to OK.css 1.2.0
- #763 #739 docs: Fix typos
- #696 docs|CI: Use HTTPS URLs instead of HTTP at various places
- #669 #670 ..
- #692 #703 ..
- #733 #772 Address compiler warnings
- #798 #800 Address clang-tidy warnings
- #775 #776 Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
- to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
- for what these numbers do
- Infrastructure:
- #700 #701 docs: Document security policy in file SECURITY.md
- #766 docs: Improve parse buffer variables in-code documentation
- #674 #738 ..
- #740 #747 ..
- #748 #781 #782 Refactor coverage and conformance tests
- #714 #716 Refactor debug level variables to unsigned long
- #671 Improve handling of empty environment variable value
- in function getDebugLevel (without visible user effect)
- #755 #774 ..
- #758 #783 ..
- #784 #787 tests: Improve test coverage with regard to parse chunk size
- #660 #797 #801 Fuzzing: Improve fuzzing coverage
- #367 #799 Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests
- #698 #721 CI: Resolve some Travis CI leftovers
- #669 CI: Be robust towards absence of Git tags
- #693 #694 CI: Set permissions to "contents: read" for security
- #709 CI: Pin all GitHub Actions to specific commits for security
- #739 CI: Reject spelling errors using codespell
- #798 CI: Enforce clang-tidy clean code
- #773 #808 ..
- #809 #810 CI: Upgrade Clang from 15 to 18
- #796 CI: Start using Clang's Control Flow Integrity sanitizer
- #675 #720 #722 CI: Adapt to breaking changes in GitHub Actions Ubuntu images
- #689 CI: Adapt to breaking changes in Clang/LLVM Debian packaging
- #763 CI: Adapt to breaking changes in codespell
- #803 CI: Adapt to breaking changes in Cppcheck
- Special thanks to:
- Ivan Galkin
- Joyce Brum
- Philippe Antoine
- Rhodri James
- Snild Dolkow
- spookyahell
- Steven Garske
- and
- Clang AddressSanitizer
- Clang UndefinedBehaviorSanitizer
- codespell
- GCC Farm Project
- OSS-Fuzz
- Sony Mobile
- Release 2.5.0 Tue October 25 2022
- Security fixes:
- #616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager
- destruction of a shared DTD in function
- XML_ExternalEntityParserCreate in out-of-memory situations.
- Expected impact is denial of service or potentially
- arbitrary code execution.
- Bug fixes:
- #612 #645 Fix corruption from undefined entities
- #613 #654 Fix case when parsing was suspended while processing nested
- entities
- #616 #652 #653 Stop leaking opening tag bindings after a closing tag
- mismatch error where a parser is reset through
- XML_ParserReset and then reused to parse
- #656 CMake: Fix generation of pkg-config file
- #658 MinGW|CMake: Fix static library name
- Other changes:
- #663 Protect header expat_config.h from multiple inclusion
- #666 examples: Make use of XML_GetBuffer and be more
- consistent across examples
- #648 Address compiler warnings
- #667 #668 Version info bumped from 9:9:8 to 9:10:8;
- see https://verbump.de/ for what these numbers do
- Special thanks to:
- Jann Horn
- Mark Brand
- Osyotr
- Rhodri James
- and
- Google Project Zero
- Release 2.4.9 Tue September 20 2022
- Security fixes:
- #629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in
- function doContent. Expected impact is denial of service
- or potentially arbitrary code execution.
- Bug fixes:
- #634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
- #614 docs: Fix documentation on effect of switch XML_DTD on
- symbol visibility in doc/reference.html
- Other changes:
- #638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output
- #596 #625 Autotools: Sync CMake templates with CMake 3.22
- #608 CMake: Migrate from use of CMAKE_*_POSTFIX to
- dedicated variables EXPAT_*_POSTFIX to stop affecting
- other projects
- #597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners
- and fuzzers
- #512 #621 Windows|CMake: Render .def file from a template to fix
- linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
- #611 #621 MinGW|CMake: Apply MSVC .def file when linking
- #622 #624 MinGW|CMake: Sync library name with GNU Autotools,
- i.e. produce libexpat-1.dll rather than libexpat.dll
- by default. Filename libexpat.dll.a is unaffected.
- #632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
- toolchain file "cmake/mingw-toolchain.cmake" to avoid
- error "windres: Command not found" on e.g. Ubuntu 20.04
- #597 #627 CMake: Unify inconsistent use of set() and option() in
- context of public build time options to take need for
- set(.. FORCE) in projects using Expat by means of
- add_subdirectory(..) off Expat's users' shoulders
- #626 #641 Stop exporting API symbols when building a static library
- #644 Resolve use of deprecated "fgrep" by "grep -F"
- #620 CMake: Make documentation on variables a bit more consistent
- #636 CMake: Drop leading whitespace from a #cmakedefine line in
- file expat_config.h.cmake
- #594 xmlwf: Fix harmless variable mix-up in function nsattcmp
- #592 #593 #610 Address Cppcheck warnings
- #643 Address Clang 15 compiler warnings
- #642 #644 Version info bumped from 9:8:8 to 9:9:8;
- see https://verbump.de/ for what these numbers do
- Infrastructure:
- #597 #598 CI: Windows: Start covering MSVC 2022
- #619 CI: macOS: Migrate off deprecated macOS 10.15
- #632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work
- #643 CI: Upgrade Clang from 14 to 15
- #637 apply-clang-format.sh: Add support for BSD find
- #633 coverage.sh: Exclude MinGW headers
- #635 coverage.sh: Fix name collision for -funsigned-char
- Special thanks to:
- David Faure
- Felix Wilhelm
- Frank Bergmann
- Rhodri James
- Rosen Penev
- Thijs Schreijer
- Vincent Torri
- and
- Google Project Zero
- Release 2.4.8 Mon March 28 2022
- Other changes:
- #587 pkg-config: Move "-lm" to section "Libs.private"
- #587 CMake|MSVC: Fix pkg-config section "Libs"
- #55 #582 CMake|macOS: Start using linker arguments
- "-compatibility_version <version>" and
- "-current_version <version>" in a way compatible with
- GNU Libtool
- #590 #591 Version info bumped from 9:7:8 to 9:8:8;
- see https://verbump.de/ for what these numbers do
- Infrastructure:
- #589 CI: Upgrade Clang from 13 to 14
- Special thanks to:
- evpobr
- Kai Pastor
- Sam James
- Release 2.4.7 Fri March 4 2022
- Bug fixes:
- #572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
- with regard to all valid URI characters (RFC 3986),
- i.e. the following set (excluding whitespace):
- ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
- 0123456789 % -._~ :/?#[]@ !$&'()*+,;=
- Other changes:
- #555 #570 #581 CMake|Windows: Store Expat version in the DLL
- #577 Document consequences of namespace separator choices not just
- in doc/reference.html but also in header <expat.h>
- #577 Document Expat's lack of validation of namespace URIs against
- RFC 3986, and that the XML 1.0r4 specification doesn't
- require Expat to validate namespace URIs, and that Expat
- may do more in that regard in future releases.
- If you find need for strict RFC 3986 URI validation on
- application level today, https://uriparser.github.io/ may
- be of interest.
- #579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
- #575 Document that a call to XML_FreeContentModel can be done at
- a later time from outside the element declaration handler
- #574 Make hardcoded namespace URIs easier to find in code
- #573 Update documentation on use of XML_POOR_ENTOPY on Solaris
- #569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++
- 4.8.2 on Solaris.
- #578 #580 Version info bumped from 9:6:8 to 9:7:8;
- see https://verbump.de/ for what these numbers do
- Special thanks to:
- Jeffrey Walton
- Johnny Jazeix
- Thijs Schreijer
- Release 2.4.6 Sun February 20 2022
- Bug fixes:
- #566 Fix a regression introduced by the fix for CVE-2022-25313
- in release 2.4.5 that affects applications that (1)
- call function XML_SetElementDeclHandler and (2) are
- parsing XML that contains nested element declarations
- (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
- Other changes:
- #567 #568 Version info bumped from 9:5:8 to 9:6:8;
- see https://verbump.de/ for what these numbers do
- Special thanks to:
- Matt Sergeant
- Samanta Navarro
- Sergei Trofimovich
- and
- NixOS
- Perl XML::Parser
- Release 2.4.5 Fri February 18 2022
- Security fixes:
- #562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
- sequences (e.g. from start tag names) to the XML
- processing application on top of Expat can cause
- arbitrary damage (e.g. code execution) depending
- on how invalid UTF-8 is handled inside the XML
- processor; validation was not their job but Expat's.
- Exploits with code execution are known to exist.
- #561 CVE-2022-25236 -- Passing (one or more) namespace separator
- characters in "xmlns[:prefix]" attribute values
- made Expat send malformed tag names to the XML
- processor on top of Expat which can cause
- arbitrary damage (e.g. code execution) depending
- on such unexpectable cases are handled inside the XML
- processor; validation was not their job but Expat's.
- Exploits with code execution are known to exist.
- #558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
- that could be triggered by e.g. a 2 megabytes
- file with a large number of opening braces.
- Expected impact is denial of service or potentially
- arbitrary code execution.
- #560 CVE-2022-25314 -- Fix integer overflow in function copyString;
- only affects the encoding name parameter at parser creation
- time which is often hardcoded (rather than user input),
- takes a value in the gigabytes to trigger, and a 64-bit
- machine. Expected impact is denial of service.
- #559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
- needs input in the gigabytes and a 64-bit machine.
- Expected impact is denial of service or potentially
- arbitrary code execution.
- Other changes:
- #557 #564 Version info bumped from 9:4:8 to 9:5:8;
- see https://verbump.de/ for what these numbers do
- Special thanks to:
- Ivan Fratric
- Samanta Navarro
- and
- Google Project Zero
- JetBrains
- Release 2.4.4 Sun January 30 2022
- Security fixes:
- #550 CVE-2022-23852 -- Fix signed integer overflow
- (undefined behavior) in function XML_GetBuffer
- (that is also called by function XML_Parse internally)
- for when XML_CONTEXT_BYTES is defined to >0 (which is both
- common and default).
- Impact is denial of service or more.
- #551 CVE-2022-23990 -- Fix unsigned integer overflow in function
- doProlog triggered by large content in element type
- declarations when there is an element declaration handler
- present (from a prior call to XML_SetElementDeclHandler).
- Impact is denial of service or more.
- Bug fixes:
- #544 #545 xmlwf: Fix a memory leak on output file opening error
- Other changes:
- #546 Autotools: Fix broken CMake support under Cygwin
- #554 Windows: Add missing files to the installer to fix
- compilation with CMake from installed sources
- #552 #554 Version info bumped from 9:3:8 to 9:4:8;
- see https://verbump.de/ for what these numbers do
- Special thanks to:
- Carlo Bramini
- hwt0415
- Roland Illig
- Samanta Navarro
- and
- Clang LeakSan and the Clang team
- Release 2.4.3 Sun January 16 2022
- Security fixes:
- #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
- resulting in
- a) realloc acting as free
- b) realloc allocating too few bytes
- c) undefined behavior
- depending on architecture and precise value
- for XML documents with >=2^27+1 prefixed attributes
- on a single XML tag a la
- "<r xmlns:a='[..]' a:a123='[..]' [..] />"
- where XML_ParserCreateNS is used to create the parser
- (which needs argument "-n" when running xmlwf).
- Impact is denial of service, or more.
- #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
- on variable m_groupSize in function doProlog leading
- to realloc acting as free.
- Impact is denial of service or more.
- #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
- near memory allocation at multiple places. Mitre assigned
- a dedicated CVE for each involved internal C function:
- - CVE-2022-22822 for function addBinding
- - CVE-2022-22823 for function build_model
- - CVE-2022-22824 for function defineAttribute
- - CVE-2022-22825 for function lookup
- - CVE-2022-22826 for function nextScaffoldPart
- - CVE-2022-22827 for function storeAtts
- Impact is denial of service or more.
- Other changes:
- #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19
- #541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
- and MSYS2 by not going through Wine on these platforms
- #527 #528 Address compiler warnings
- #533 #543 Version info bumped from 9:2:8 to 9:3:8;
- see https://verbump.de/ for what these numbers do
- Infrastructure:
- #536 CI: Check for realistic minimum CMake version
- #529 #539 CI: Cover compilation with -m32
- #529 CI: Store coverage reports as artifacts for download
- #528 CI: Upgrade Clang from 11 to 13
- Special thanks to:
- An anonymous whitehat
- Christopher Degawa
- J. Peter Mugaas
- Tyson Smith
- and
- GCC Farm Project
- Trend Micro Zero Day Initiative
- Release 2.4.2 Sun December 19 2021
- Other changes:
- #509 #510 Link againgst libm for function "isnan"
- #513 #514 Include expat_config.h as early as possible
- #498 Autotools: Include files with release archives:
- - buildconf.sh
- - fuzz/*.c
- #507 #519 Autotools: Sync CMake templates with CMake 3.20
- #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for
- - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
- - multi-config CMake generators (e.g. Ninja Multi-Config)
- #502 #503 docs: Document that function XML_GetBuffer may return NULL
- when asking for a buffer of 0 (zero) bytes size
- #522 #523 docs: Fix return value docs for both
- XML_SetBillionLaughsAttackProtection* functions
- #525 #526 Version info bumped from 9:1:8 to 9:2:8;
- see https://verbump.de/ for what these numbers do
- Special thanks to:
- Donghee Na
- Joergen Ibsen
- Kai Pastor
- Release 2.4.1 Sun May 23 2021
- Bug fixes:
- #488 #490 Autotools: Fix installed header expat_config.h for multilib
- systems; regression introduced in 2.4.0 by pull request #486
- Other changes:
- #491 #492 Version info bumped from 9:0:8 to 9:1:8;
- see https://verbump.de/ for what these numbers do
- Special thanks to:
- Gentoo's QA check "multilib_check_headers"
- Release 2.4.0 Sun May 23 2021
- Security fixes:
- #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
- (denial-of-service; flavors targeting CPU time or RAM or both,
- leveraging general entities or parameter entities or both)
- by tracking and limiting the input amplification factor
- (<amplification> := (<direct> + <indirect>) / <direct>).
- By conservative default, amplification up to a factor of 100.0
- is tolerated and rejection only starts after 8 MiB of output bytes
- (=<direct> + <indirect>) have been processed.
- The fix adds the following to the API:
- - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
- signals this specific condition.
- - Two new API functions ..
- - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
- - XML_SetBillionLaughsAttackProtectionActivationThreshold
- .. to further tighten billion laughs protection parameters
- when desired. Please see file "doc/reference.html" for details.
- If you ever need to increase the defaults for non-attack XML
- payload, please file a bug report with libexpat.
- - Two new XML_FEATURE_* constants ..
- - that can be queried using the XML_GetFeatureList function, and
- - that are shown in "xmlwf -v" output.
- - Two new environment variable switches ..
- - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
- - EXPAT_ENTITY_DEBUG=(0|1)
- .. for runtime debugging of accounting and entity processing.
- Specific behavior of these values may change in the future.
- - Two new command line arguments "-a FACTOR" and "-b BYTES"
- for xmlwf to further tighten billion laughs protection
- parameters when desired.
- If you ever need to increase the defaults for non-attack XML
- payload, please file a bug report with libexpat.
- Bug fixes:
- #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
- or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
- for UTF-16 payloads containing CDATA sections.
- #485 #486 Autotools: Fix generated CMake files for non-64bit and
- non-Linux platforms (e.g. macOS and MinGW in particular)
- that were introduced with release 2.3.0
- Other changes:
- #468 #469 xmlwf: Improve help output and the xmlwf man page
- #463 xmlwf: Improve maintainability through some refactoring
- #477 xmlwf: Fix man page DocBook validity
- #456 Autotools: Sync CMake templates with CMake 3.18
- #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
- and CMAKE_INSTALL_INCLUDEDIR
- #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS
- #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
- #467 Resolve macro HAVE_EXPAT_CONFIG_H
- #472 Delete unused legacy helper file "conftools/PrintPath"
- #473 #483 Improve attribution
- #464 #465 #477 doc/reference.html: Fix XHTML validity
- #475 #478 doc/reference.html: Replace the 90s look by OK.css
- #479 Version info bumped from 8:0:7 to 9:0:8
- due to addition of new symbols and error codes;
- see https://verbump.de/ for what these numbers do
- Infrastructure:
- #456 CI: Enable periodic runs
- #457 CI: Start covering the list of exported symbols
- #474 CI: Isolate coverage task
- #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04"
- #477 CI: Cover well-formedness and DocBook/XHTML validity
- of doc/reference.html and doc/xmlwf.xml
- Special thanks to:
- Dimitry Andric
- Eero Helenius
- Nick Wellnhofer
- Rhodri James
- Tomas Korbar
- Yury Gribov
- and
- Clang LeakSan
- JetBrains
- OSS-Fuzz
- Release 2.3.0 Thu March 25 2021
- Bug fixes:
- #438 When calling XML_ParseBuffer without a prior successful call to
- XML_GetBuffer as a user, no longer trigger undefined behavior
- (by adding an integer to a NULL pointer) but rather return
- XML_STATUS_ERROR and set the error code to (new) code
- XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
- of Clang 11 (but not Clang 9).
- #444 xmlwf: Exit status 2 was used for both:
- - malformed input files (documented) and
- - invalid command-line arguments (undocumented).
- The case of invalid command-line arguments now
- has its own exit status 4, resolving the ambiguity.
- Other changes:
- #439 xmlwf: Add argument -k to allow continuing after
- non-fatal errors
- #439 xmlwf: Add section about exit status to the -h help output
- #422 #426 #447 Windows: Drop support for Visual Studio <=14.0/2015
- #434 Windows: CMake: Detect unsupported Visual Studio at
- configure time (rather than at compile time)
- #382 #428 testrunner: Make verbose mode (argument "-v") report
- about passed tests, and make default mode report about
- failures, as well.
- #442 CMake: Call "enable_language(CXX)" prior to tinkering
- with CMAKE_CXX_* variables
- #448 Document use of libexpat from a CMake-based project
- #451 Autotools: Install CMake files as generated by CMake 3.19.6
- so that users with "find_package(expat [..] CONFIG [..])"
- are served on distributions that are *not* using the CMake
- build system inside for libexpat packaging
- #436 #437 Autotools: Drop obsolescent macro AC_HEADER_STDC
- #450 #452 Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
- #441 Address compiler warnings
- #443 Version info bumped from 7:12:6 to 8:0:7
- due to addition of error code XML_ERROR_NO_BUFFER
- (see https://verbump.de/ for what these numbers do)
- Infrastructure:
- #435 #446 Replace Travis CI by GitHub Actions
- Special thanks to:
- Alexander Richardson
- Oleksandr Popovych
- Thomas Beutlich
- Tim Bray
- and
- Clang LeakSan, Clang 11 UBSan and the Clang team
- Release 2.2.10 Sat October 3 2020
- Bug fixes:
- #390 #395 #398 Fix undefined behavior during parsing caused by
- pointer arithmetic with NULL pointers
- #404 #405 Fix reading uninitialized variable during parsing
- #406 xmlwf: Add missing check for malloc NULL return
- Other changes:
- #396 Windows: Drop support for Visual Studio <=8.0/2005
- #409 Windows: Add missing file "Changes" to the installer
- to fix compilation with CMake from installed sources
- #403 xmlwf: Document exit codes in xmlwf manpage and
- exit with code 3 (rather than code 1) for output errors
- when used with "-d DIRECTORY"
- #356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0
- #383 #392 Autotools: Use -Werror while configure tests the compiler
- for supported compile flags to avoid false positives
- #383 #393 #394 Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
- e.g. ensure that they have the last word over flags added
- while running ./configure
- #360 CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
- on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
- #360 CMake: Detect and deny unsupported build combinations
- involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
- #360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case
- of -DEXPAT_BUILD_DOCS=OFF
- #375 #380 #419 CMake: Fix use of Expat by means of add_subdirectory
- #407 #408 CMake: Keep expat target name constant at "expat"
- (i.e. refrain from using the target name to control
- build artifact filenames)
- #385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
- Windows
- CMake: Expose man page compilation as target "xmlwf-manpage"
- #413 #414 CMake: Introduce option EXPAT_BUILD_PKGCONFIG
- to control generation of pkg-config file "expat.pc"
- #424 CMake: Add minimalistic support for building binary packages
- with CMake target "package"; based on CPack
- #366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
- default OFF to build fuzzer code against OSS-Fuzz and
- related environment variable LIB_FUZZING_ENGINE
- #354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
- #354 #355 ..
- #356 #412 Address compiler warnings
- #368 #369 Address pngcheck warnings with doc/*.png images
- #425 Version info bumped from 7:11:6 to 7:12:6
- Special thanks to:
- asavah
- Ben Wagner
- Bhargava Shastry
- Frank Landgraf
- Jeffrey Walton
- Joe Orton
- Kleber Tarcísio
- Ma Lin
- Maciej Sroczyński
- Mohammed Khajapasha
- Vadim Zeitlin
- and
- Cppcheck 2.0 and the Cppcheck team
- Release 2.2.9 Wed September 25 2019
- Other changes:
- examples: Drop executable bits from elements.c
- #349 Windows: Change the name of the Windows DLLs from expat*.dll
- to libexpat*.dll once more (regression from 2.2.8, first
- fixed in 1.95.3, issue #61 on SourceForge today,
- was issue #432456 back then); needs a fix due
- case-insensitive file systems on Windows and the fact that
- Perl's XML::Parser::Expat compiles into Expat.dll.
- #347 Windows: Only define _CRT_RAND_S if not defined
- Version info bumped from 7:10:6 to 7:11:6
- Special thanks to:
- Ben Wagner
- Release 2.2.8 Fri September 13 2019
- Security fixes:
- #317 #318 CVE-2019-15903 -- Fix heap overflow triggered by
- XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
- and deny internal entities closing the doctype;
- fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
- Bug fixes:
- #240 Fix cases where XML_StopParser did not have any effect
- when called from inside of an end element handler
- #341 xmlwf: Fix exit code for operation without "-d DIRECTORY";
- previously, only "-d DIRECTORY" would give you a proper
- exit code:
- # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
- 2
- # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
- 0
- Now both cases return exit code 2.
- Other changes:
- #299 #302 Windows: Replace LoadLibrary hack to access
- unofficial API function SystemFunction036 (RtlGenRandom)
- by using official API function rand_s (needs WinXP+)
- #325 Windows: Drop support for Visual Studio <=7.1/2003
- and document supported compilers in README.md
- #286 Windows: Remove COM code from xmlwf; in case it turns
- out needed later, there will be a dedicated repository
- below https://github.com/libexpat/ for that code
- #322 Windows: Remove explicit MSVC solution and project files.
- You can generate Visual Studio solution files through
- CMake, e.g.: cmake -G"Visual Studio 15 2017" .
- #338 xmlwf: Make "xmlwf -h" help output more friendly
- #339 examples: Improve elements.c
- #244 #264 Autotools: Add argument --enable-xml-attr-info
- #239 #301 Autotools: Add arguments
- --with-getrandom
- --without-getrandom
- --with-sys-getrandom
- --without-sys-getrandom
- #312 #343 Autotools: Fix linking issues with "./configure LD=clang"
- Autotools: Fix "make run-xmltest" for out-of-source builds
- #329 #336 CMake: Pull all options from Expat <=2.2.7 into namespace
- prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
- - BUILD_doc -> EXPAT_BUILD_DOCS (plural)
- - BUILD_examples -> EXPAT_BUILD_EXAMPLES
- - BUILD_shared -> EXPAT_SHARED_LIBS
- - BUILD_tests -> EXPAT_BUILD_TESTS
- - BUILD_tools -> EXPAT_BUILD_TOOLS
- - DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged)
- - INSTALL -> EXPAT_ENABLE_INSTALL
- - MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT
- - USE_libbsd -> EXPAT_WITH_LIBBSD
- - WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS
- - XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES
- - XML_DEV_URANDOM -> EXPAT_DEV_URANDOM
- - XML_DTD -> EXPAT_DTD
- - XML_NS -> EXPAT_NS
- - XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!)
- - XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!)
- #244 #264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
- default OFF
- #326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
- default OFF
- #328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
- default OFF
- #239 #277 CMake: Add arguments
- -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
- -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
- #326 CMake: Install expat_config.h to include directory
- #326 CMake: Generate and install configuration files for
- future find_package(expat [..] CONFIG [..])
- CMake: Now produces a summary of applied configuration
- CMake: Require C++ compiler only when tests are enabled
- #330 CMake: Fix compilation for 16bit character types,
- i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
- #265 CMake: Fix linking with MinGW
- #330 CMake: Add full support for MinGW; to enable, use
- -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
- #330 CMake: Port "make run-xmltest" from GNU Autotools to CMake
- #316 CMake: Windows: Make binary postfix match MSVC
- Old: expat[d].lib
- New: expat[w][d][MD|MT].lib
- CMake: Migrate files from Windows to Unix line endings
- #308 CMake: Integrate OSS-Fuzz fuzzers, option
- -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
- #14 Drop an OpenVMS support leftover
- #235 #268 ..
- #270 #310 ..
- #313 #331 #333 Address compiler warnings
- #282 #283 ..
- #284 #285 Address cppcheck warnings
- #294 #295 Address Clang Static Analyzer warnings
- #24 #293 Mass-apply clang-format 9 (and ensure conformance during CI)
- Version info bumped from 7:9:6 to 7:10:6
- Special thanks to:
- David Loffredo
- Joonun Jang
- Kishore Kunche
- Marco Maggi
- Mitch Phillips
- Mohammed Khajapasha
- Rolf Ade
- xantares
- Zhongyuan Zhou
- Release 2.2.7 Wed June 19 2019
- Security fixes:
- #186 #262 CVE-2018-20843 -- Fix extraction of namespace prefixes from
- XML names; XML names with multiple colons could end up in
- the wrong namespace, and take a high amount of RAM and CPU
- resources while processing, opening the door to
- use for denial-of-service attacks
- Other changes:
- #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop
- exporting non-API symbols
- #227 Autotools: Add --without-examples and --without-tests
- #228 Autotools: Modernize configure.ac
- #245 #246 Autotools: Fix check for -fvisibility=hidden for Clang
- #247 #248 Autotools: Fix compilation for lack of docbook2x-man
- #236 #258 Autotools: Produce .tar.{gz,lz,xz} release archives
- #212 CMake: Make libdir of pkgconfig expat.pc support multilib
- #158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
- #219 Remove fallback to bcopy, assume that memmove(3) exists
- #257 Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD)
- #243 Windows: Fix syntax of .def module definition files
- Version info bumped from 7:8:6 to 7:9:6
- Special thanks to:
- Benjamin Peterson
- Caolán McNamara
- Hanno Böck
- KangLin
- Kishore Kunche
- Marco Maggi
- Rhodri James
- Sebastian Dröge
- userwithuid
- Yury Gribov
- Release 2.2.6 Sun August 12 2018
- Bug fixes:
- #170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer
- #204 #205 Fix 2.2.5 regression with suspend-resume while parsing
- a document like '<root/>'
- Other changes:
- #165 #168 Autotools: Fix docbook-related configure syntax error
- #166 Autotools: Avoid grep option `-q` for Solaris
- #167 Autotools: Support
- ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
- #159 #167 Autotools: Support DOCBOOK_TO_MAN command which produces
- xmlwf.1 rather than XMLWF.1; also covers case insensitive
- file systems
- #181 Autotools: Drop -rpath option passed to libtool
- #188 Autotools: Detect and deny SGML docbook2man as ours is XML
- #188 Autotools/CMake: Support command db2x_docbook2man as well
- #174 CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
- #184 #185 CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
- #207 #208 CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
- both defaulting to OFF
- #175 CMake: Prefer check_symbol_exists over check_function_exists
- #176 CMake: Create the same pkg-config file as with GNU Autotools
- #178 #179 CMake: Use GNUInstallDirs module to set proper defaults for
- install directories
- #208 CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
- #180 Windows: Fix compilation of test suite for Visual Studio 2008
- #131 #173 #202 Address compiler warnings
- #187 #190 #200 Fix miscellaneous typos
- Version info bumped from 7:7:6 to 7:8:6
- Special thanks to:
- Anton Maklakov
- Benjamin Peterson
- Brad King
- Franek Korta
- Frank Rast
- Joe Orton
- luzpaz
- Pedro Vicente
- Rainer Jung
- Rhodri James
- Rolf Ade
- Rolf Eike Beer
- Thomas Beutlich
- Tomasz Kłoczko
- Release 2.2.5 Tue October 31 2017
- Bug fixes:
- #8 If the parser runs out of memory, make sure its internal
- state reflects the memory it actually has, not the memory
- it wanted to have.
- #11 The default handler wasn't being called when it should for
- a SYSTEM or PUBLIC doctype if an entity declaration handler
- was registered.
- #137 #138 Fix a case of mistakenly reported parsing success where
- XML_StopParser was called from an element handler
- #162 Function XML_ErrorString was returning NULL rather than
- a message for code XML_ERROR_INVALID_ARGUMENT
- introduced with release 2.2.1
- Other changes:
- #106 xmlwf: Add argument -N adding notation declarations
- #75 #106 Test suite: Resolve expected failure cases where xmlwf
- output was incomplete
- #127 Windows: Fix test suite compilation
- #126 #127 Windows: Fix compilation for Visual Studio 2012
- Windows: Upgrade shipped project files to Visual Studio 2017
- #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
- #129 examples: Fix compilation for XML_UNICODE_WCHAR_T
- #130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T
- #144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
- Windows or MinGW for 2-byte wchar_t
- #9 Address two Clang Static Analyzer false positives
- #59 Resolve troublesome macros hiding parser struct membership
- and dereferencing that pointer
- #6 Resolve superfluous internal malloc/realloc switch
- #153 #155 Improve docbook2x-man detection
- #160 Undefine NDEBUG in the test suite (rather than rejecting it)
- #161 Address compiler warnings
- Version info bumped from 7:6:6 to 7:7:6
- Special thanks to:
- Benbuck Nason
- Hans Wennborg
- José Gutiérrez de la Concha
- Pedro Monreal Gonzalez
- Rhodri James
- Rolf Ade
- Stephen Groat
- and
- Core Infrastructure Initiative
- Release 2.2.4 Sat August 19 2017
- Bug fixes:
- #115 Fix copying of partial characters for UTF-8 input
- Other changes:
- #109 Fix "make check" for non-x86 architectures that default
- to unsigned type char (-128..127 rather than 0..255)
- #109 coverage.sh: Cover -funsigned-char
- Autotools: Introduce --without-xmlwf argument
- #65 Autotools: Replace handwritten Makefile with GNU Automake
- #43 CMake: Auto-detect high quality entropy extractors, add new
- option USE_libbsd=ON to use arc4random_buf of libbsd
- #74 CMake: Add -fno-strict-aliasing only where supported
- #114 CMake: Always honor manually set BUILD_* options
- #114 CMake: Compile man page if docbook2x-man is available, only
- #117 Include file tests/xmltest.log.expected in source tarball
- (required for "make run-xmltest")
- #117 Include (existing) Visual Studio 2013 files in source tarball
- Improve test suite error output
- #111 Fix some typos in documentation
- Version info bumped from 7:5:6 to 7:6:6
- Special thanks to:
- Jakub Wilk
- Joe Orton
- Lin Tian
- Rolf Eike Beer
- Release 2.2.3 Wed August 2 2017
- Security fixes:
- #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
- using Steve Holme's LoadLibrary wrapper for/of cURL
- Bug fixes:
- #85 Fix a dangling pointer issue related to realloc
- Other changes:
- Increase code coverage
- #91 Linux: Allow getrandom to fail if nonblocking pool has not
- yet been initialized and read /dev/urandom then, instead.
- This is in line with what recent Python does.
- #81 Pre-10.7/Lion macOS: Support entropy from arc4random
- #86 Check that a UTF-16 encoding in an XML declaration has the
- right endianness
- #4 #5 #7 Recover correctly when some reallocations fail
- Repair "./configure && make" for systems without any
- provider of high quality entropy
- and try reading /dev/urandom on those
- Ensure that user-defined character encodings have converter
- functions when they are needed
- Fix mis-leading description of argument -c in xmlwf.1
- Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
- for CloudABI
- #100 Fix use of SIPHASH_MAIN in siphash.h
- #23 Test suite: Fix memory leaks
- Version info bumped from 7:4:6 to 7:5:6
- Special thanks to:
- Chanho Park
- Joe Orton
- Pascal Cuoq
- Rhodri James
- Simon McVittie
- Vadim Zeitlin
- Viktor Szakats
- and
- Core Infrastructure Initiative
- Release 2.2.2 Wed July 12 2017
- Security fixes:
- #43 Protect against compilation without any source of high
- quality entropy enabled, e.g. with CMake build system;
- commit ff0207e6076e9828e536b8d9cd45c9c92069b895
- #60 Windows with _UNICODE:
- Unintended use of LoadLibraryW with a non-wide string
- resulted in failure to load advapi32.dll and degradation
- in quality of used entropy when compiled with _UNICODE for
- Windows; you can launch existing binaries with
- EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
- quality of entropy used during runtime; commits
- * 95b95032f907ef1cd17ee7a9a1768010a825d61d
- * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
- [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
- resulted in NULL dereference, previously;
- commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
- Bug fixes:
- #69 Fix improper use of unsigned long long integer literals
- Other changes:
- #73 Start requiring a C99 compiler
- #49 Fix "==" Bashism in configure script
- #50 Fix too eager getrandom detection for Debian GNU/kFreeBSD
- #52 and macOS
- #51 Address lack of stdint.h in Visual Studio 2003 to 2008
- #58 Address compile warnings
- #68 Fix "./buildconf.sh && ./configure" for some versions
- of Dash for /bin/sh
- #72 CMake: Ease use of Expat in context of a parent project
- with multiple CMakeLists.txt files
- #72 CMake: Resolve mistaken executable permissions
- #76 Address compile warning with -DNDEBUG (not recommended!)
- #77 Address compile warning about macro redefinition
- Special thanks to:
- Alexander Bluhm
- Ben Boeckel
- Cătălin Răceanu
- Kerin Millar
- László Böszörményi
- S. P. Zeidler
- Segev Finer
- Václav Slavík
- Victor Stinner
- Viktor Szakats
- and
- Radically Open Security
- Release 2.2.1 Sat June 17 2017
- Security fixes:
- CVE-2017-9233 -- External entity infinite loop DoS
- Details: https://libexpat.github.io/doc/cve-2017-9233/
- Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
- [MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
- d4f735b88d9932bd5039df2335eefdd0723dbe20
- (Fixed version of existing downstream patches!)
- (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
- longer tag names; commits
- * 896b6c1fd3b842f377d1b62135dccf0a579cf65d
- * af507cef2c93cb8d40062a0abe43a4f4e9158fb2
- #16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
- #25 More integer overflow detection (function poolGrow); commits
- * 810b74e4703dcfdd8f404e3cb177d44684775143
- * 44178553f3539ce69d34abee77a05e879a7982ac
- [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
- * 4be2cb5afcc018d996f34bbbce6374b7befad47f
- * 7e5b71b748491b6e459e5c9a1d090820f94544d8
- [MOX-005] #30 Use high quality entropy for hash initialization:
- * arc4random_buf on BSD, systems with libbsd
- (when configured with --with-libbsd), CloudABI
- * RtlGenRandom on Windows XP / Server 2003 and later
- * getrandom on Linux 3.17+
- In a way, that's still part of CVE-2016-5300.
- https://github.com/libexpat/libexpat/pull/30/commits
- [MOX-005] For the low quality entropy extraction fallback code,
- the parser instance address can no longer leak, commit
- 04ad658bd3079dd15cb60fc67087900f0ff4b083
- [MOX-003] Prevent use of uninitialised variable; commit
- [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
- Add missing parameter validation to public API functions
- and dedicated error code XML_ERROR_INVALID_ARGUMENT:
- [MOX-006] * NULL checks; commits
- * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
- * 9ed727064b675b7180c98cb3d4f75efba6966681
- * 6a747c837c50114dfa413994e07c0ba477be4534
- * Negative length (XML_Parse); commit
- [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
- [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
- to go further with fixing CVE-2012-0876.
- https://github.com/libexpat/libexpat/pull/39/commits
- Bug fixes:
- #32 Fix sharing of hash salt across parsers;
- relevant where XML_ExternalEntityParserCreate is called
- prior to XML_Parse, in particular (e.g. FBReader)
- #28 xmlwf: Auto-disable use of memory-mapping (and parsing
- as a single chunk) for files larger than ~1 GB (2^30 bytes)
- rather than failing with error "out of memory"
- #3 Fix double free after malloc failure in DTD code; commit
- 7ae9c3d3af433cd4defe95234eae7dc8ed15637f
- #17 Fix memory leak on parser error for unbound XML attribute
- prefix with new namespaces defined in the same tag;
- found by Google's OSS-Fuzz; commits
- * 16f87daae5a16132e479e4f71862128c7a915c73
- * b47dbc9745932c160893d433220e462bd605f8cd
- xmlwf on Windows: Add missing calls to CloseHandle
- New features:
- #30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
- for runtime debugging of entropy extraction
- Other changes:
- Increase code coverage
- #33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
- XML_UNICODE_WCHAR_T was never meant to be used outside
- of Windows; 4-byte wchar_t is common on Linux
- (SF.net) #538 Start using -fno-strict-aliasing
- (SF.net) #540 Support compilation against cloudlibc of CloudABI
- Allow MinGW cross-compilation
- (SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default)
- to bypass compilation of the xmlwf.1 man page
- (SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default)
- to bypass installation of expat files
- CMake: Fix ninja support
- Autotools: Add parameters --enable-xml-context [COUNT]
- and --disable-xml-context; default of context of 1024
- bytes enabled unchanged
- #14 Drop AmigaOS 4.x code and includes
- #14 Drop ancient build systems:
- * Borland C++ Builder
- * OpenVMS
- * Open Watcom
- * Visual Studio 6.0
- * Pre-X Mac OS (MPW Makefile)
- If you happen to rely on some of these, please get in
- touch for joining with maintenance.
- #10 Move from WIN32 to _WIN32
- #13 Fix "make run-xmltest" order instability
- Address compile warnings
- Bump version info from 7:2:6 to 7:3:6
- Add AUTHORS file
- Infrastructure:
- #1 Migrate from SourceForge to GitHub (except downloads):
- https://github.com/libexpat/
- #1 Re-create http://libexpat.org/ project website
- Start utilizing Travis CI
- Special thanks to:
- Andy Wang
- Don Lewis
- Ed Schouten
- Karl Waclawek
- Pascal Cuoq
- Rhodri James
- Sergei Nikulov
- Tobias Taschner
- Viktor Szakats
- and
- Core Infrastructure Initiative
- Mozilla Foundation (MOSS Track 3: Secure Open Source)
- Radically Open Security
- Release 2.2.0 Tue June 21 2016
- Security fixes:
- #537 CVE-2016-0718 -- Fix crash on malformed input
- CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
- CVE-2015-2716 introduced with Expat 2.1.1
- #499 CVE-2016-5300 -- Use more entropy for hash initialization
- than the original fix to CVE-2012-0876
- #519 CVE-2012-6702 -- Resolve troublesome internal call to srand
- that was introduced with Expat 2.1.0
- when addressing CVE-2012-0876 (issue #496)
- Bug fixes:
- Fix uninitialized reads of size 1
- (e.g. in little2_updatePosition)
- Fix detection of UTF-8 character boundaries
- Other changes:
- #532 Fix compilation for Visual Studio 2010 (keyword "C99")
- Autotools: Resolve use of "$<" to better support bmake
- Autotools: Add QA script "qa.sh" (and make target "qa")
- Autotools: Respect CXXFLAGS if given
- Autotools: Fix "make run-xmltest"
- Autotools: Have "make run-xmltest" check for expected output
- p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
- #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
- #323 CMake: Add suffix "d" to differentiate debug from release
- CMake: Define WIN32 with CMake on Windows
- Annotate memory allocators for GCC
- Address all currently known compile warnings
- Make sure that API symbols remain visible despite
- -fvisibility=hidden
- Remove executable flag from source files
- Resolve COMPILED_FROM_DSP in favor of WIN32
- Special thanks to:
- Björn Lindahl
- Christian Heimes
- Cristian Rodríguez
- Daniel Krügler
- Gustavo Grieco
- Karl Waclawek
- László Böszörményi
- Marco Grassi
- Pascal Cuoq
- Sergei Nikulov
- Thomas Beutlich
- Warren Young
- Yann Droneaud
- Release 2.1.1 Sat March 12 2016
- Security fixes:
- #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
- Bug fixes:
- #502: Fix potential null pointer dereference
- #520: Symbol XML_SetHashSalt was not exported
- Output of "xmlwf -h" was incomplete
- Other changes:
- #503: Document behavior of calling XML_SetHashSalt with salt 0
- Minor improvements to man page xmlwf(1)
- Improvements to the experimental CMake build system
- libtool now invoked with --verbose
- Release 2.1.0 Sat March 24 2012
- - Security fixes:
- #2958794: CVE-2012-1148 - Memory leak in poolGrow.
- #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
- #3496608: CVE-2012-0876 - Hash DOS attack.
- #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
- #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
- - Bug Fixes:
- #1742315: Harmful XML_ParserCreateNS suggestion.
- #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
- #1983953, 2517952, 2517962, 2649838:
- Build modifications using autoreconf instead of buildconf.sh.
- #2815947, #2884086: OBJEXT and EXEEXT support while building.
- #2517938: xmlwf should return non-zero exit status if not well-formed.
- #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
- #2855609: Dangling positionPtr after error.
- #2990652: CMake support.
- #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
- #3206497: Uninitialized memory returned from XML_Parse.
- #3287849: make check fails on mingw-w64.
- - Patches:
- #1749198: pkg-config support.
- #3010222: Fix for bug #3010819.
- #3312568: CMake support.
- #3446384: Report byte offsets for attr names and values.
- - New Features / API changes:
- Added new API member XML_SetHashSalt() that allows setting an initial
- value (salt) for hash calculations. This is part of the fix for
- bug #3496608 to randomize hash parameters.
- When compiled with XML_ATTR_INFO defined, adds new API member
- XML_GetAttributeInfo() that allows retrieving the byte
- offsets for attribute names and values (patch #3446384).
- Added CMake build system.
- See bug #2990652 and patch #3312568.
- Added run-benchmark target to Makefile.in - relies on testdata module
- present in the same relative location as in the repository.
-
- Release 2.0.1 Tue June 5 2007
- - Fixed bugs #1515266, #1515600: The character data handler's calling
- of XML_StopParser() was not handled properly; if the parser was
- stopped and the handler set to NULL, the parser would segfault.
- - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
- some character constants to be ASCII encoded.
- - Minor cleanups of the test harness.
- - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
- - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
- - Fixes and improvements for Windows platform:
- bugs #1409451, #1476160, #1548182, #1602769, #1717322.
- - Build fixes for various platforms:
- HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
- All Unix: #1554618 (refreshed config.sub/config.guess).
- #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
- without relying on GNU-Make specific features.
- #1647805: Patched configure.in to work better with Intel compiler.
- - Fixes to Makefile.in to have make check work correctly:
- bugs #1408143, #1535603, #1536684.
- - Added Open Watcom support: patch #1523242.
- Release 2.0.0 Wed Jan 11 2006
- - We no longer use the "check" library for C unit testing; we
- always use the (partial) internal implementation of the API.
- - Report XML_NS setting via XML_GetFeatureList().
- - Fixed headers for use from C++.
- - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber()
- now return unsigned integers.
- - Added XML_LARGE_SIZE switch to enable 64-bit integers for
- byte indexes and line/column numbers.
- - Updated to use libtool 1.5.22 (the most recent).
- - Added support for AmigaOS.
- - Some mostly minor bug fixes. SF issues include: #1006708,
- #1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
- Release 1.95.8 Fri Jul 23 2004
- - Major new feature: suspend/resume. Handlers can now request
- that a parse be suspended for later resumption or aborted
- altogether. See "Temporarily Stopping Parsing" in the
- documentation for more details.
- - Some mostly minor bug fixes, but compilation should no
- longer generate warnings on most platforms. SF issues
- include: #827319, #840173, #846309, #888329, #896188, #923913,
- #928113, #961698, #985192.
- Release 1.95.7 Mon Oct 20 2003
- - Fixed enum XML_Status issue (reported on SourceForge many
- times), so compilers that are properly picky will be happy.
- - Introduced an XMLCALL macro to control the calling
- convention used by the Expat API; this macro should be used
- to annotate prototypes and definitions of callback
- implementations in code compiled with a calling convention
- other than the default convention for the host platform.
- - Improved ability to build without the configure-generated
- expat_config.h header. This is useful for applications
- which embed Expat rather than linking in the library.
- - Fixed a variety of bugs: see SF issues #458907, #609603,
- #676844, #679754, #692878, #692964, #695401, #699323, #699487,
- #820946.
- - Improved hash table lookups.
- - Added more regression tests and improved documentation.
- Release 1.95.6 Tue Jan 28 2003
- - Added XML_FreeContentModel().
- - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
- - Fixed a variety of bugs: see SF issues #615606, #616863,
- #618199, #653180, #673791.
- - Enhanced the regression test suite.
- - Man page improvements: includes SF issue #632146.
- Release 1.95.5 Fri Sep 6 2002
- - Added XML_UseForeignDTD() for improved SAX2 support.
- - Added XML_GetFeatureList().
- - Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
- - Use an incomplete struct instead of a void* for the parser
- (may not retain).
- - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
- - Finally fixed bug where default handler would report DTD
- events that were already handled by another handler.
- Initial patch contributed by Darryl Miles.
- - Removed unnecessary DllMain() function that caused static
- linking into a DLL to be difficult.
- - Added VC++ projects for building static libraries.
- - Reduced line-length for all source code and headers to be
- no longer than 80 characters, to help with AS/400 support.
- - Reduced memory copying during parsing (SF patch #600964).
- - Fixed a variety of bugs: see SF issues #580793, #434664,
- #483514, #580503, #581069, #584041, #584183, #584832, #585537,
- #596555, #596678, #598352, #598944, #599715, #600479, #600971.
- Release 1.95.4 Fri Jul 12 2002
- - Added support for VMS, contributed by Craig Berry. See
- vms/README.vms for more information.
- - Added Mac OS (classic) support, with a makefile for MPW,
- contributed by Thomas Wegner and Daryle Walker.
- - Added Borland C++ Builder 5 / BCC 5.5 support, contributed
- by Patrick McConnell (SF patch #538032).
- - Fixed a variety of bugs: see SF issues #441449, #563184,
- #564342, #566334, #566901, #569461, #570263, #575168, #579196.
- - Made skippedEntityHandler conform to SAX2 (see source comment)
- - Re-implemented WFC: Entity Declared from XML 1.0 spec and
- added a new error "entity declared in parameter entity":
- see SF bug report #569461 and SF patch #578161
- - Re-implemented section 5.1 from XML 1.0 spec:
- see SF bug report #570263 and SF patch #578161
- Release 1.95.3 Mon Jun 3 2002
- - Added a project to the MSVC workspace to create a wchar_t
- version of the library; the DLLs are named libexpatw.dll.
- - Changed the name of the Windows DLLs from expat.dll to
- libexpat.dll; this fixes SF bug #432456.
- - Added the XML_ParserReset() API function.
- - Fixed XML_SetReturnNSTriplet() to work for element names.
- - Made the XML_UNICODE builds usable (thanks, Karl!).
- - Allow xmlwf to read from standard input.
- - Install a man page for xmlwf on Unix systems.
- - Fixed many bugs; see SF bug reports #231864, #461380, #464837,
- #466885, #469226, #477667, #484419, #487840, #494749, #496505,
- #547350. Other bugs which we can't test as easily may also
- have been fixed, especially in the area of build support.
- Release 1.95.2 Fri Jul 27 2001
- - More changes to make MSVC happy with the build; add a single
- workspace to support both the library and xmlwf application.
- - Added a Windows installer for Windows users; includes
- xmlwf.exe.
- - Added compile-time constants that can be used to determine the
- Expat version
- - Removed a lot of GNU-specific dependencies to aide portability
- among the various Unix flavors.
- - Fix the UTF-8 BOM bug.
- - Cleaned up warning messages for several compilers.
- - Added the -Wall, -Wstrict-prototypes options for GCC.
- Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
- - Changes to get expat to build under Microsoft compiler
- - Removed all aborts and instead return an UNEXPECTED_STATE error.
- - Fixed a bug where a stray '%' in an entity value would cause an
- abort.
- - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
- finding this oversight.
- - Changed default patterns in lib/Makefile.in to fit non-GNU makes
- Thanks to robin@unrated.net for reporting and providing an
- account to test on.
- - The reference had the wrong label for XML_SetStartNamespaceDecl.
- Reported by an anonymous user.
- Release 1.95.0 Fri Sep 29 2000
- - XML_ParserCreate_MM
- Allows you to set a memory management suite to replace the
- standard malloc,realloc, and free.
- - XML_SetReturnNSTriplet
- If you turn this feature on when namespace processing is in
- effect, then qualified, prefixed element and attribute names
- are returned as "uri|name|prefix" where '|' is whatever
- separator character is used in namespace processing.
- - Merged in features from perl-expat
- o XML_SetElementDeclHandler
- o XML_SetAttlistDeclHandler
- o XML_SetXmlDeclHandler
- o XML_SetEntityDeclHandler
- o StartDoctypeDeclHandler takes 3 additional parameters:
- sysid, pubid, has_internal_subset
- o Many paired handler setters (like XML_SetElementHandler)
- now have corresponding individual handler setters
- o XML_GetInputContext for getting the input context of
- the current parse position.
- - Added reference material
- - Packaged into a distribution that builds a sharable library
|