Mercurial > repos > rliterman > csp2

annotate CSP2/CSP2_env/env-d9b9114564458d9d-741b3de822f2aaca6c6caa4325c4afce/share/doc/expat/changelog @ 68:5028fdace37b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
planemo upload commit 2e9511a184a1ca667c7be0c6321a36dc4e3d116d
author jpayne
date Tue, 18 Mar 2025 16:23:26 -0400
parents
children
rev   line source
jpayne@68 1 __ __ _
jpayne@68 2 ___\ \/ /_ __ __ _| |_
jpayne@68 3 / _ \\ /| '_ \ / _` | __|
jpayne@68 4 | __// \| |_) | (_| | |_
jpayne@68 5 \___/_/\_\ .__/ \__,_|\__|
jpayne@68 6 |_| XML parser
jpayne@68 7
jpayne@68 8 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
jpayne@68 9 !! <blink>Expat is UNDERSTAFFED and WITHOUT FUNDING.</blink> !!
jpayne@68 10 !! ~~~~~~~~~~~~ !!
jpayne@68 11 !! The following topics need *additional skilled C developers* to progress !!
jpayne@68 12 !! in a timely manner or at all (loosely ordered by descending priority): !!
jpayne@68 13 !! !!
jpayne@68 14 !! - <blink>fixing a complex non-public security issue</blink>, !!
jpayne@68 15 !! - teaming up on researching and fixing future security reports and !!
jpayne@68 16 !! ClusterFuzz findings with few-days-max response times in communication !!
jpayne@68 17 !! in order to (1) have a sound fix ready before the end of a 90 days !!
jpayne@68 18 !! grace period and (2) in a sustainable manner, !!
jpayne@68 19 !! - implementing and auto-testing XML 1.0r5 support !!
jpayne@68 20 !! (needs discussion before pull requests), !!
jpayne@68 21 !! - smart ideas on fixing the Autotools CMake files generation issue !!
jpayne@68 22 !! without breaking CI (needs discussion before pull requests), !!
jpayne@68 23 !! - the Windows binaries topic (needs requirements engineering first), !!
jpayne@68 24 !! - pushing migration from `int` to `size_t` further !!
jpayne@68 25 !! including edge-cases test coverage (needs discussion before anything). !!
jpayne@68 26 !! !!
jpayne@68 27 !! For details, please reach out via e-mail to sebastian@pipping.org so we !!
jpayne@68 28 !! can schedule a voice call on the topic, in English or German. !!
jpayne@68 29 !! !!
jpayne@68 30 !! THANK YOU! Sebastian Pipping -- Berlin, 2024-03-09 !!
jpayne@68 31 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
jpayne@68 32
jpayne@68 33 Release 2.6.4 Wed November 6 2024
jpayne@68 34 Security fixes:
jpayne@68 35 #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser
jpayne@68 36 from a NULL pointer dereference by disallowing function
jpayne@68 37 XML_StopParser to (stop or) suspend an unstarted parser.
jpayne@68 38 A new error code XML_ERROR_NOT_STARTED was introduced to
jpayne@68 39 properly communicate this situation. // CWE-476 CWE-754
jpayne@68 40
jpayne@68 41 Other changes:
jpayne@68 42 #903 CMake: Add alias target "expat::expat"
jpayne@68 43 #905 docs: Document use via CMake >=3.18 with FetchContent
jpayne@68 44 and SOURCE_SUBDIR and its consequences
jpayne@68 45 #902 tests: Reduce use of global parser instance
jpayne@68 46 #904 tests: Resolve duplicate handler
jpayne@68 47 #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903)
jpayne@68 48 #914 Fix signedness of format strings
jpayne@68 49 #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
jpayne@68 50 to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
jpayne@68 51 for what these numbers do
jpayne@68 52
jpayne@68 53 Infrastructure:
jpayne@68 54 #907 CI: Upgrade Clang from 18 to 19
jpayne@68 55 #913 CI: Drop macos-12 and add macos-15
jpayne@68 56 #910 CI: Adapt to breaking changes in GitHub Actions
jpayne@68 57 #898 Add missing entries to .gitignore
jpayne@68 58
jpayne@68 59 Special thanks to:
jpayne@68 60 Hanno Böck
jpayne@68 61 José Eduardo Gutiérrez Conejo
jpayne@68 62 José Ricardo Cardona Quesada
jpayne@68 63
jpayne@68 64 Release 2.6.3 Wed September 4 2024
jpayne@68 65 Security fixes:
jpayne@68 66 #887 #890 CVE-2024-45490 -- Calling function XML_ParseBuffer with
jpayne@68 67 len < 0 without noticing and then calling XML_GetBuffer
jpayne@68 68 will have XML_ParseBuffer fail to recognize the problem
jpayne@68 69 and XML_GetBuffer corrupt memory.
jpayne@68 70 With the fix, XML_ParseBuffer now complains with error
jpayne@68 71 XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
jpayne@68 72 has been doing since Expat 2.2.1, and now documented.
jpayne@68 73 Impact is denial of service to potentially artitrary code
jpayne@68 74 execution.
jpayne@68 75 #888 #891 CVE-2024-45491 -- Internal function dtdCopy can have an
jpayne@68 76 integer overflow for nDefaultAtts on 32-bit platforms
jpayne@68 77 (where UINT_MAX equals SIZE_MAX).
jpayne@68 78 Impact is denial of service to potentially artitrary code
jpayne@68 79 execution.
jpayne@68 80 #889 #892 CVE-2024-45492 -- Internal function nextScaffoldPart can
jpayne@68 81 have an integer overflow for m_groupSize on 32-bit
jpayne@68 82 platforms (where UINT_MAX equals SIZE_MAX).
jpayne@68 83 Impact is denial of service to potentially artitrary code
jpayne@68 84 execution.
jpayne@68 85
jpayne@68 86 Other changes:
jpayne@68 87 #851 #879 Autotools: Sync CMake templates with CMake 3.28
jpayne@68 88 #853 Autotools: Always provide path to find(1) for portability
jpayne@68 89 #861 Autotools: Ensure that the m4 directory always exists.
jpayne@68 90 #870 Autotools: Simplify handling of SIZEOF_VOID_P
jpayne@68 91 #869 Autotools: Support non-GNU sed
jpayne@68 92 #856 Autotools|CMake: Fix main() to main(void)
jpayne@68 93 #865 Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
jpayne@68 94 #863 Autotools|CMake: Stop requiring dos2unix
jpayne@68 95 #854 #855 CMake: Fix check for symbols size_t and off_t
jpayne@68 96 #864 docs|tests: Convert README to Markdown and update
jpayne@68 97 #741 Windows: Drop support for Visual Studio <=15.0/2017
jpayne@68 98 #886 Drop needless XML_DTD guards around is_param access
jpayne@68 99 #885 Fix typo in a code comment
jpayne@68 100 #894 #896 Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
jpayne@68 101 to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
jpayne@68 102 for what these numbers do
jpayne@68 103
jpayne@68 104 Infrastructure:
jpayne@68 105 #880 Readme: Promote the call for help
jpayne@68 106 #868 CI: Fix various issues
jpayne@68 107 #849 CI: Allow triggering GitHub Actions workflows manually
jpayne@68 108 #851 #872 ..
jpayne@68 109 #873 #879 CI: Adapt to breaking changes in GitHub Actions
jpayne@68 110
jpayne@68 111 Special thanks to:
jpayne@68 112 Alexander Bluhm
jpayne@68 113 Berkay Eren Ürün
jpayne@68 114 Dag-Erling Smørgrav
jpayne@68 115 Ferenc Géczi
jpayne@68 116 TaiYou
jpayne@68 117
jpayne@68 118 Release 2.6.2 Wed March 13 2024
jpayne@68 119 Security fixes:
jpayne@68 120 #839 #842 CVE-2024-28757 -- Prevent billion laughs attacks with
jpayne@68 121 isolated use of external parsers. Please see the commit
jpayne@68 122 message of commit 1d50b80cf31de87750103656f6eb693746854aa8
jpayne@68 123 for details.
jpayne@68 124
jpayne@68 125 Bug fixes:
jpayne@68 126 #839 #841 Reject direct parameter entity recursion
jpayne@68 127 and avoid the related undefined behavior
jpayne@68 128
jpayne@68 129 Other changes:
jpayne@68 130 #847 Autotools: Fix build for DOCBOOK_TO_MAN containing spaces
jpayne@68 131 #837 Add missing #821 and #824 to 2.6.1 change log
jpayne@68 132 #838 #843 Version info bumped from 10:1:9 (libexpat*.so.1.9.1)
jpayne@68 133 to 10:2:9 (libexpat*.so.1.9.2); see https://verbump.de/
jpayne@68 134 for what these numbers do
jpayne@68 135
jpayne@68 136 Special thanks to:
jpayne@68 137 Philippe Antoine
jpayne@68 138 Tomas Korbar
jpayne@68 139 and
jpayne@68 140 Clang UndefinedBehaviorSanitizer
jpayne@68 141 OSS-Fuzz / ClusterFuzz
jpayne@68 142
jpayne@68 143 Release 2.6.1 Thu February 29 2024
jpayne@68 144 Bug fixes:
jpayne@68 145 #817 Make tests independent of CPU speed, and thus more robust
jpayne@68 146 #828 #836 Expose billion laughs API with XML_DTD defined and
jpayne@68 147 XML_GE undefined, regression from 2.6.0
jpayne@68 148
jpayne@68 149 Other changes:
jpayne@68 150 #829 Hide test-only code behind new internal macro
jpayne@68 151 #833 Autotools: Reject expat_config.h.in defining SIZEOF_VOID_P
jpayne@68 152 #821 #824 Autotools: Fix "make clean" for case:
jpayne@68 153 ./configure --without-docbook && make clean all
jpayne@68 154 #819 Address compiler warnings
jpayne@68 155 #832 #834 Version info bumped from 10:0:9 (libexpat*.so.1.9.0)
jpayne@68 156 to 10:1:9 (libexpat*.so.1.9.1); see https://verbump.de/
jpayne@68 157 for what these numbers do
jpayne@68 158
jpayne@68 159 Infrastructure:
jpayne@68 160 #818 CI: Adapt to breaking changes in clang-format
jpayne@68 161
jpayne@68 162 Special thanks to:
jpayne@68 163 David Hall
jpayne@68 164 Snild Dolkow
jpayne@68 165
jpayne@68 166 Release 2.6.0 Tue February 6 2024
jpayne@68 167 Security fixes:
jpayne@68 168 #789 #814 CVE-2023-52425 -- Fix quadratic runtime issues with big tokens
jpayne@68 169 that can cause denial of service, in partial where
jpayne@68 170 dealing with compressed XML input. Applications
jpayne@68 171 that parsed a document in one go -- a single call to
jpayne@68 172 functions XML_Parse or XML_ParseBuffer -- were not affected.
jpayne@68 173 The smaller the chunks/buffers you use for parsing
jpayne@68 174 previously, the bigger the problem prior to the fix.
jpayne@68 175 Backporters should be careful to no omit parts of
jpayne@68 176 pull request #789 and to include earlier pull request #771,
jpayne@68 177 in order to not break the fix.
jpayne@68 178 #777 CVE-2023-52426 -- Fix billion laughs attacks for users
jpayne@68 179 compiling *without* XML_DTD defined (which is not common).
jpayne@68 180 Users with XML_DTD defined have been protected since
jpayne@68 181 Expat >=2.4.0 (and that was CVE-2013-0340 back then).
jpayne@68 182
jpayne@68 183 Bug fixes:
jpayne@68 184 #753 Fix parse-size-dependent "invalid token" error for
jpayne@68 185 external entities that start with a byte order mark
jpayne@68 186 #780 Fix NULL pointer dereference in setContext via
jpayne@68 187 XML_ExternalEntityParserCreate for compilation with
jpayne@68 188 XML_DTD undefined
jpayne@68 189 #812 #813 Protect against closing entities out of order
jpayne@68 190
jpayne@68 191 Other changes:
jpayne@68 192 #723 Improve support for arc4random/arc4random_buf
jpayne@68 193 #771 #788 Improve buffer growth in XML_GetBuffer and XML_Parse
jpayne@68 194 #761 #770 xmlwf: Support --help and --version
jpayne@68 195 #759 #770 xmlwf: Support custom buffer size for XML_GetBuffer and read
jpayne@68 196 #744 xmlwf: Improve language and URL clickability in help output
jpayne@68 197 #673 examples: Add new example "element_declarations.c"
jpayne@68 198 #764 Be stricter about macro XML_CONTEXT_BYTES at build time
jpayne@68 199 #765 Make inclusion to expat_config.h consistent
jpayne@68 200 #726 #727 Autotools: configure.ac: Support --disable-maintainer-mode
jpayne@68 201 #678 #705 ..
jpayne@68 202 #706 #733 #792 Autotools: Sync CMake templates with CMake 3.26
jpayne@68 203 #795 Autotools: Make installation of shipped man page doc/xmlwf.1
jpayne@68 204 independent of docbook2man availability
jpayne@68 205 #815 Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
jpayne@68 206 section "Cflags.private" in order to fix compilation
jpayne@68 207 against static libexpat using pkg-config on Windows
jpayne@68 208 #724 #751 Autotools|CMake: Require a C99 compiler
jpayne@68 209 (a de-facto requirement already since Expat 2.2.2 of 2017)
jpayne@68 210 #793 Autotools|CMake: Fix PACKAGE_BUGREPORT variable
jpayne@68 211 #750 #786 Autotools|CMake: Make test suite require a C++11 compiler
jpayne@68 212 #749 CMake: Require CMake >=3.5.0
jpayne@68 213 #672 CMake: Lowercase off_t and size_t to help a bug in Meson
jpayne@68 214 #746 CMake: Sort xmlwf sources alphabetically
jpayne@68 215 #785 CMake|Windows: Fix generation of DLL file version info
jpayne@68 216 #790 CMake: Build tests/benchmark/benchmark.c as well for
jpayne@68 217 a build with -DEXPAT_BUILD_TESTS=ON
jpayne@68 218 #745 #757 docs: Document the importance of isFinal + adjust tests
jpayne@68 219 accordingly
jpayne@68 220 #736 docs: Improve use of "NULL" and "null"
jpayne@68 221 #713 docs: Be specific about version of XML (XML 1.0r4)
jpayne@68 222 and version of C (C99); (XML 1.0r5 will need a sponsor.)
jpayne@68 223 #762 docs: reference.html: Promote function XML_ParseBuffer more
jpayne@68 224 #779 docs: reference.html: Add HTML anchors to XML_* macros
jpayne@68 225 #760 docs: reference.html: Upgrade to OK.css 1.2.0
jpayne@68 226 #763 #739 docs: Fix typos
jpayne@68 227 #696 docs|CI: Use HTTPS URLs instead of HTTP at various places
jpayne@68 228 #669 #670 ..
jpayne@68 229 #692 #703 ..
jpayne@68 230 #733 #772 Address compiler warnings
jpayne@68 231 #798 #800 Address clang-tidy warnings
jpayne@68 232 #775 #776 Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
jpayne@68 233 to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
jpayne@68 234 for what these numbers do
jpayne@68 235
jpayne@68 236 Infrastructure:
jpayne@68 237 #700 #701 docs: Document security policy in file SECURITY.md
jpayne@68 238 #766 docs: Improve parse buffer variables in-code documentation
jpayne@68 239 #674 #738 ..
jpayne@68 240 #740 #747 ..
jpayne@68 241 #748 #781 #782 Refactor coverage and conformance tests
jpayne@68 242 #714 #716 Refactor debug level variables to unsigned long
jpayne@68 243 #671 Improve handling of empty environment variable value
jpayne@68 244 in function getDebugLevel (without visible user effect)
jpayne@68 245 #755 #774 ..
jpayne@68 246 #758 #783 ..
jpayne@68 247 #784 #787 tests: Improve test coverage with regard to parse chunk size
jpayne@68 248 #660 #797 #801 Fuzzing: Improve fuzzing coverage
jpayne@68 249 #367 #799 Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests
jpayne@68 250 #698 #721 CI: Resolve some Travis CI leftovers
jpayne@68 251 #669 CI: Be robust towards absence of Git tags
jpayne@68 252 #693 #694 CI: Set permissions to "contents: read" for security
jpayne@68 253 #709 CI: Pin all GitHub Actions to specific commits for security
jpayne@68 254 #739 CI: Reject spelling errors using codespell
jpayne@68 255 #798 CI: Enforce clang-tidy clean code
jpayne@68 256 #773 #808 ..
jpayne@68 257 #809 #810 CI: Upgrade Clang from 15 to 18
jpayne@68 258 #796 CI: Start using Clang's Control Flow Integrity sanitizer
jpayne@68 259 #675 #720 #722 CI: Adapt to breaking changes in GitHub Actions Ubuntu images
jpayne@68 260 #689 CI: Adapt to breaking changes in Clang/LLVM Debian packaging
jpayne@68 261 #763 CI: Adapt to breaking changes in codespell
jpayne@68 262 #803 CI: Adapt to breaking changes in Cppcheck
jpayne@68 263
jpayne@68 264 Special thanks to:
jpayne@68 265 Ivan Galkin
jpayne@68 266 Joyce Brum
jpayne@68 267 Philippe Antoine
jpayne@68 268 Rhodri James
jpayne@68 269 Snild Dolkow
jpayne@68 270 spookyahell
jpayne@68 271 Steven Garske
jpayne@68 272 and
jpayne@68 273 Clang AddressSanitizer
jpayne@68 274 Clang UndefinedBehaviorSanitizer
jpayne@68 275 codespell
jpayne@68 276 GCC Farm Project
jpayne@68 277 OSS-Fuzz
jpayne@68 278 Sony Mobile
jpayne@68 279
jpayne@68 280 Release 2.5.0 Tue October 25 2022
jpayne@68 281 Security fixes:
jpayne@68 282 #616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager
jpayne@68 283 destruction of a shared DTD in function
jpayne@68 284 XML_ExternalEntityParserCreate in out-of-memory situations.
jpayne@68 285 Expected impact is denial of service or potentially
jpayne@68 286 arbitrary code execution.
jpayne@68 287
jpayne@68 288 Bug fixes:
jpayne@68 289 #612 #645 Fix corruption from undefined entities
jpayne@68 290 #613 #654 Fix case when parsing was suspended while processing nested
jpayne@68 291 entities
jpayne@68 292 #616 #652 #653 Stop leaking opening tag bindings after a closing tag
jpayne@68 293 mismatch error where a parser is reset through
jpayne@68 294 XML_ParserReset and then reused to parse
jpayne@68 295 #656 CMake: Fix generation of pkg-config file
jpayne@68 296 #658 MinGW|CMake: Fix static library name
jpayne@68 297
jpayne@68 298 Other changes:
jpayne@68 299 #663 Protect header expat_config.h from multiple inclusion
jpayne@68 300 #666 examples: Make use of XML_GetBuffer and be more
jpayne@68 301 consistent across examples
jpayne@68 302 #648 Address compiler warnings
jpayne@68 303 #667 #668 Version info bumped from 9:9:8 to 9:10:8;
jpayne@68 304 see https://verbump.de/ for what these numbers do
jpayne@68 305
jpayne@68 306 Special thanks to:
jpayne@68 307 Jann Horn
jpayne@68 308 Mark Brand
jpayne@68 309 Osyotr
jpayne@68 310 Rhodri James
jpayne@68 311 and
jpayne@68 312 Google Project Zero
jpayne@68 313
jpayne@68 314 Release 2.4.9 Tue September 20 2022
jpayne@68 315 Security fixes:
jpayne@68 316 #629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in
jpayne@68 317 function doContent. Expected impact is denial of service
jpayne@68 318 or potentially arbitrary code execution.
jpayne@68 319
jpayne@68 320 Bug fixes:
jpayne@68 321 #634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
jpayne@68 322 #614 docs: Fix documentation on effect of switch XML_DTD on
jpayne@68 323 symbol visibility in doc/reference.html
jpayne@68 324
jpayne@68 325 Other changes:
jpayne@68 326 #638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output
jpayne@68 327 #596 #625 Autotools: Sync CMake templates with CMake 3.22
jpayne@68 328 #608 CMake: Migrate from use of CMAKE_*_POSTFIX to
jpayne@68 329 dedicated variables EXPAT_*_POSTFIX to stop affecting
jpayne@68 330 other projects
jpayne@68 331 #597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners
jpayne@68 332 and fuzzers
jpayne@68 333 #512 #621 Windows|CMake: Render .def file from a template to fix
jpayne@68 334 linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
jpayne@68 335 #611 #621 MinGW|CMake: Apply MSVC .def file when linking
jpayne@68 336 #622 #624 MinGW|CMake: Sync library name with GNU Autotools,
jpayne@68 337 i.e. produce libexpat-1.dll rather than libexpat.dll
jpayne@68 338 by default. Filename libexpat.dll.a is unaffected.
jpayne@68 339 #632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
jpayne@68 340 toolchain file "cmake/mingw-toolchain.cmake" to avoid
jpayne@68 341 error "windres: Command not found" on e.g. Ubuntu 20.04
jpayne@68 342 #597 #627 CMake: Unify inconsistent use of set() and option() in
jpayne@68 343 context of public build time options to take need for
jpayne@68 344 set(.. FORCE) in projects using Expat by means of
jpayne@68 345 add_subdirectory(..) off Expat's users' shoulders
jpayne@68 346 #626 #641 Stop exporting API symbols when building a static library
jpayne@68 347 #644 Resolve use of deprecated "fgrep" by "grep -F"
jpayne@68 348 #620 CMake: Make documentation on variables a bit more consistent
jpayne@68 349 #636 CMake: Drop leading whitespace from a #cmakedefine line in
jpayne@68 350 file expat_config.h.cmake
jpayne@68 351 #594 xmlwf: Fix harmless variable mix-up in function nsattcmp
jpayne@68 352 #592 #593 #610 Address Cppcheck warnings
jpayne@68 353 #643 Address Clang 15 compiler warnings
jpayne@68 354 #642 #644 Version info bumped from 9:8:8 to 9:9:8;
jpayne@68 355 see https://verbump.de/ for what these numbers do
jpayne@68 356
jpayne@68 357 Infrastructure:
jpayne@68 358 #597 #598 CI: Windows: Start covering MSVC 2022
jpayne@68 359 #619 CI: macOS: Migrate off deprecated macOS 10.15
jpayne@68 360 #632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work
jpayne@68 361 #643 CI: Upgrade Clang from 14 to 15
jpayne@68 362 #637 apply-clang-format.sh: Add support for BSD find
jpayne@68 363 #633 coverage.sh: Exclude MinGW headers
jpayne@68 364 #635 coverage.sh: Fix name collision for -funsigned-char
jpayne@68 365
jpayne@68 366 Special thanks to:
jpayne@68 367 David Faure
jpayne@68 368 Felix Wilhelm
jpayne@68 369 Frank Bergmann
jpayne@68 370 Rhodri James
jpayne@68 371 Rosen Penev
jpayne@68 372 Thijs Schreijer
jpayne@68 373 Vincent Torri
jpayne@68 374 and
jpayne@68 375 Google Project Zero
jpayne@68 376
jpayne@68 377 Release 2.4.8 Mon March 28 2022
jpayne@68 378 Other changes:
jpayne@68 379 #587 pkg-config: Move "-lm" to section "Libs.private"
jpayne@68 380 #587 CMake|MSVC: Fix pkg-config section "Libs"
jpayne@68 381 #55 #582 CMake|macOS: Start using linker arguments
jpayne@68 382 "-compatibility_version <version>" and
jpayne@68 383 "-current_version <version>" in a way compatible with
jpayne@68 384 GNU Libtool
jpayne@68 385 #590 #591 Version info bumped from 9:7:8 to 9:8:8;
jpayne@68 386 see https://verbump.de/ for what these numbers do
jpayne@68 387
jpayne@68 388 Infrastructure:
jpayne@68 389 #589 CI: Upgrade Clang from 13 to 14
jpayne@68 390
jpayne@68 391 Special thanks to:
jpayne@68 392 evpobr
jpayne@68 393 Kai Pastor
jpayne@68 394 Sam James
jpayne@68 395
jpayne@68 396 Release 2.4.7 Fri March 4 2022
jpayne@68 397 Bug fixes:
jpayne@68 398 #572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
jpayne@68 399 with regard to all valid URI characters (RFC 3986),
jpayne@68 400 i.e. the following set (excluding whitespace):
jpayne@68 401 ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
jpayne@68 402 0123456789 % -._~ :/?#[]@ !$&'()*+,;=
jpayne@68 403
jpayne@68 404 Other changes:
jpayne@68 405 #555 #570 #581 CMake|Windows: Store Expat version in the DLL
jpayne@68 406 #577 Document consequences of namespace separator choices not just
jpayne@68 407 in doc/reference.html but also in header <expat.h>
jpayne@68 408 #577 Document Expat's lack of validation of namespace URIs against
jpayne@68 409 RFC 3986, and that the XML 1.0r4 specification doesn't
jpayne@68 410 require Expat to validate namespace URIs, and that Expat
jpayne@68 411 may do more in that regard in future releases.
jpayne@68 412 If you find need for strict RFC 3986 URI validation on
jpayne@68 413 application level today, https://uriparser.github.io/ may
jpayne@68 414 be of interest.
jpayne@68 415 #579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
jpayne@68 416 #575 Document that a call to XML_FreeContentModel can be done at
jpayne@68 417 a later time from outside the element declaration handler
jpayne@68 418 #574 Make hardcoded namespace URIs easier to find in code
jpayne@68 419 #573 Update documentation on use of XML_POOR_ENTOPY on Solaris
jpayne@68 420 #569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++
jpayne@68 421 4.8.2 on Solaris.
jpayne@68 422 #578 #580 Version info bumped from 9:6:8 to 9:7:8;
jpayne@68 423 see https://verbump.de/ for what these numbers do
jpayne@68 424
jpayne@68 425 Special thanks to:
jpayne@68 426 Jeffrey Walton
jpayne@68 427 Johnny Jazeix
jpayne@68 428 Thijs Schreijer
jpayne@68 429
jpayne@68 430 Release 2.4.6 Sun February 20 2022
jpayne@68 431 Bug fixes:
jpayne@68 432 #566 Fix a regression introduced by the fix for CVE-2022-25313
jpayne@68 433 in release 2.4.5 that affects applications that (1)
jpayne@68 434 call function XML_SetElementDeclHandler and (2) are
jpayne@68 435 parsing XML that contains nested element declarations
jpayne@68 436 (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
jpayne@68 437
jpayne@68 438 Other changes:
jpayne@68 439 #567 #568 Version info bumped from 9:5:8 to 9:6:8;
jpayne@68 440 see https://verbump.de/ for what these numbers do
jpayne@68 441
jpayne@68 442 Special thanks to:
jpayne@68 443 Matt Sergeant
jpayne@68 444 Samanta Navarro
jpayne@68 445 Sergei Trofimovich
jpayne@68 446 and
jpayne@68 447 NixOS
jpayne@68 448 Perl XML::Parser
jpayne@68 449
jpayne@68 450 Release 2.4.5 Fri February 18 2022
jpayne@68 451 Security fixes:
jpayne@68 452 #562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
jpayne@68 453 sequences (e.g. from start tag names) to the XML
jpayne@68 454 processing application on top of Expat can cause
jpayne@68 455 arbitrary damage (e.g. code execution) depending
jpayne@68 456 on how invalid UTF-8 is handled inside the XML
jpayne@68 457 processor; validation was not their job but Expat's.
jpayne@68 458 Exploits with code execution are known to exist.
jpayne@68 459 #561 CVE-2022-25236 -- Passing (one or more) namespace separator
jpayne@68 460 characters in "xmlns[:prefix]" attribute values
jpayne@68 461 made Expat send malformed tag names to the XML
jpayne@68 462 processor on top of Expat which can cause
jpayne@68 463 arbitrary damage (e.g. code execution) depending
jpayne@68 464 on such unexpectable cases are handled inside the XML
jpayne@68 465 processor; validation was not their job but Expat's.
jpayne@68 466 Exploits with code execution are known to exist.
jpayne@68 467 #558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
jpayne@68 468 that could be triggered by e.g. a 2 megabytes
jpayne@68 469 file with a large number of opening braces.
jpayne@68 470 Expected impact is denial of service or potentially
jpayne@68 471 arbitrary code execution.
jpayne@68 472 #560 CVE-2022-25314 -- Fix integer overflow in function copyString;
jpayne@68 473 only affects the encoding name parameter at parser creation
jpayne@68 474 time which is often hardcoded (rather than user input),
jpayne@68 475 takes a value in the gigabytes to trigger, and a 64-bit
jpayne@68 476 machine. Expected impact is denial of service.
jpayne@68 477 #559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
jpayne@68 478 needs input in the gigabytes and a 64-bit machine.
jpayne@68 479 Expected impact is denial of service or potentially
jpayne@68 480 arbitrary code execution.
jpayne@68 481
jpayne@68 482 Other changes:
jpayne@68 483 #557 #564 Version info bumped from 9:4:8 to 9:5:8;
jpayne@68 484 see https://verbump.de/ for what these numbers do
jpayne@68 485
jpayne@68 486 Special thanks to:
jpayne@68 487 Ivan Fratric
jpayne@68 488 Samanta Navarro
jpayne@68 489 and
jpayne@68 490 Google Project Zero
jpayne@68 491 JetBrains
jpayne@68 492
jpayne@68 493 Release 2.4.4 Sun January 30 2022
jpayne@68 494 Security fixes:
jpayne@68 495 #550 CVE-2022-23852 -- Fix signed integer overflow
jpayne@68 496 (undefined behavior) in function XML_GetBuffer
jpayne@68 497 (that is also called by function XML_Parse internally)
jpayne@68 498 for when XML_CONTEXT_BYTES is defined to >0 (which is both
jpayne@68 499 common and default).
jpayne@68 500 Impact is denial of service or more.
jpayne@68 501 #551 CVE-2022-23990 -- Fix unsigned integer overflow in function
jpayne@68 502 doProlog triggered by large content in element type
jpayne@68 503 declarations when there is an element declaration handler
jpayne@68 504 present (from a prior call to XML_SetElementDeclHandler).
jpayne@68 505 Impact is denial of service or more.
jpayne@68 506
jpayne@68 507 Bug fixes:
jpayne@68 508 #544 #545 xmlwf: Fix a memory leak on output file opening error
jpayne@68 509
jpayne@68 510 Other changes:
jpayne@68 511 #546 Autotools: Fix broken CMake support under Cygwin
jpayne@68 512 #554 Windows: Add missing files to the installer to fix
jpayne@68 513 compilation with CMake from installed sources
jpayne@68 514 #552 #554 Version info bumped from 9:3:8 to 9:4:8;
jpayne@68 515 see https://verbump.de/ for what these numbers do
jpayne@68 516
jpayne@68 517 Special thanks to:
jpayne@68 518 Carlo Bramini
jpayne@68 519 hwt0415
jpayne@68 520 Roland Illig
jpayne@68 521 Samanta Navarro
jpayne@68 522 and
jpayne@68 523 Clang LeakSan and the Clang team
jpayne@68 524
jpayne@68 525 Release 2.4.3 Sun January 16 2022
jpayne@68 526 Security fixes:
jpayne@68 527 #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
jpayne@68 528 resulting in
jpayne@68 529 a) realloc acting as free
jpayne@68 530 b) realloc allocating too few bytes
jpayne@68 531 c) undefined behavior
jpayne@68 532 depending on architecture and precise value
jpayne@68 533 for XML documents with >=2^27+1 prefixed attributes
jpayne@68 534 on a single XML tag a la
jpayne@68 535 "<r xmlns:a='[..]' a:a123='[..]' [..] />"
jpayne@68 536 where XML_ParserCreateNS is used to create the parser
jpayne@68 537 (which needs argument "-n" when running xmlwf).
jpayne@68 538 Impact is denial of service, or more.
jpayne@68 539 #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
jpayne@68 540 on variable m_groupSize in function doProlog leading
jpayne@68 541 to realloc acting as free.
jpayne@68 542 Impact is denial of service or more.
jpayne@68 543 #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
jpayne@68 544 near memory allocation at multiple places. Mitre assigned
jpayne@68 545 a dedicated CVE for each involved internal C function:
jpayne@68 546 - CVE-2022-22822 for function addBinding
jpayne@68 547 - CVE-2022-22823 for function build_model
jpayne@68 548 - CVE-2022-22824 for function defineAttribute
jpayne@68 549 - CVE-2022-22825 for function lookup
jpayne@68 550 - CVE-2022-22826 for function nextScaffoldPart
jpayne@68 551 - CVE-2022-22827 for function storeAtts
jpayne@68 552 Impact is denial of service or more.
jpayne@68 553
jpayne@68 554 Other changes:
jpayne@68 555 #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19
jpayne@68 556 #541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
jpayne@68 557 and MSYS2 by not going through Wine on these platforms
jpayne@68 558 #527 #528 Address compiler warnings
jpayne@68 559 #533 #543 Version info bumped from 9:2:8 to 9:3:8;
jpayne@68 560 see https://verbump.de/ for what these numbers do
jpayne@68 561
jpayne@68 562 Infrastructure:
jpayne@68 563 #536 CI: Check for realistic minimum CMake version
jpayne@68 564 #529 #539 CI: Cover compilation with -m32
jpayne@68 565 #529 CI: Store coverage reports as artifacts for download
jpayne@68 566 #528 CI: Upgrade Clang from 11 to 13
jpayne@68 567
jpayne@68 568 Special thanks to:
jpayne@68 569 An anonymous whitehat
jpayne@68 570 Christopher Degawa
jpayne@68 571 J. Peter Mugaas
jpayne@68 572 Tyson Smith
jpayne@68 573 and
jpayne@68 574 GCC Farm Project
jpayne@68 575 Trend Micro Zero Day Initiative
jpayne@68 576
jpayne@68 577 Release 2.4.2 Sun December 19 2021
jpayne@68 578 Other changes:
jpayne@68 579 #509 #510 Link againgst libm for function "isnan"
jpayne@68 580 #513 #514 Include expat_config.h as early as possible
jpayne@68 581 #498 Autotools: Include files with release archives:
jpayne@68 582 - buildconf.sh
jpayne@68 583 - fuzz/*.c
jpayne@68 584 #507 #519 Autotools: Sync CMake templates with CMake 3.20
jpayne@68 585 #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for
jpayne@68 586 - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
jpayne@68 587 - multi-config CMake generators (e.g. Ninja Multi-Config)
jpayne@68 588 #502 #503 docs: Document that function XML_GetBuffer may return NULL
jpayne@68 589 when asking for a buffer of 0 (zero) bytes size
jpayne@68 590 #522 #523 docs: Fix return value docs for both
jpayne@68 591 XML_SetBillionLaughsAttackProtection* functions
jpayne@68 592 #525 #526 Version info bumped from 9:1:8 to 9:2:8;
jpayne@68 593 see https://verbump.de/ for what these numbers do
jpayne@68 594
jpayne@68 595 Special thanks to:
jpayne@68 596 Donghee Na
jpayne@68 597 Joergen Ibsen
jpayne@68 598 Kai Pastor
jpayne@68 599
jpayne@68 600 Release 2.4.1 Sun May 23 2021
jpayne@68 601 Bug fixes:
jpayne@68 602 #488 #490 Autotools: Fix installed header expat_config.h for multilib
jpayne@68 603 systems; regression introduced in 2.4.0 by pull request #486
jpayne@68 604
jpayne@68 605 Other changes:
jpayne@68 606 #491 #492 Version info bumped from 9:0:8 to 9:1:8;
jpayne@68 607 see https://verbump.de/ for what these numbers do
jpayne@68 608
jpayne@68 609 Special thanks to:
jpayne@68 610 Gentoo's QA check "multilib_check_headers"
jpayne@68 611
jpayne@68 612 Release 2.4.0 Sun May 23 2021
jpayne@68 613 Security fixes:
jpayne@68 614 #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
jpayne@68 615 (denial-of-service; flavors targeting CPU time or RAM or both,
jpayne@68 616 leveraging general entities or parameter entities or both)
jpayne@68 617 by tracking and limiting the input amplification factor
jpayne@68 618 (<amplification> := (<direct> + <indirect>) / <direct>).
jpayne@68 619 By conservative default, amplification up to a factor of 100.0
jpayne@68 620 is tolerated and rejection only starts after 8 MiB of output bytes
jpayne@68 621 (=<direct> + <indirect>) have been processed.
jpayne@68 622 The fix adds the following to the API:
jpayne@68 623 - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
jpayne@68 624 signals this specific condition.
jpayne@68 625 - Two new API functions ..
jpayne@68 626 - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
jpayne@68 627 - XML_SetBillionLaughsAttackProtectionActivationThreshold
jpayne@68 628 .. to further tighten billion laughs protection parameters
jpayne@68 629 when desired. Please see file "doc/reference.html" for details.
jpayne@68 630 If you ever need to increase the defaults for non-attack XML
jpayne@68 631 payload, please file a bug report with libexpat.
jpayne@68 632 - Two new XML_FEATURE_* constants ..
jpayne@68 633 - that can be queried using the XML_GetFeatureList function, and
jpayne@68 634 - that are shown in "xmlwf -v" output.
jpayne@68 635 - Two new environment variable switches ..
jpayne@68 636 - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
jpayne@68 637 - EXPAT_ENTITY_DEBUG=(0|1)
jpayne@68 638 .. for runtime debugging of accounting and entity processing.
jpayne@68 639 Specific behavior of these values may change in the future.
jpayne@68 640 - Two new command line arguments "-a FACTOR" and "-b BYTES"
jpayne@68 641 for xmlwf to further tighten billion laughs protection
jpayne@68 642 parameters when desired.
jpayne@68 643 If you ever need to increase the defaults for non-attack XML
jpayne@68 644 payload, please file a bug report with libexpat.
jpayne@68 645
jpayne@68 646 Bug fixes:
jpayne@68 647 #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
jpayne@68 648 or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
jpayne@68 649 for UTF-16 payloads containing CDATA sections.
jpayne@68 650 #485 #486 Autotools: Fix generated CMake files for non-64bit and
jpayne@68 651 non-Linux platforms (e.g. macOS and MinGW in particular)
jpayne@68 652 that were introduced with release 2.3.0
jpayne@68 653
jpayne@68 654 Other changes:
jpayne@68 655 #468 #469 xmlwf: Improve help output and the xmlwf man page
jpayne@68 656 #463 xmlwf: Improve maintainability through some refactoring
jpayne@68 657 #477 xmlwf: Fix man page DocBook validity
jpayne@68 658 #456 Autotools: Sync CMake templates with CMake 3.18
jpayne@68 659 #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
jpayne@68 660 and CMAKE_INSTALL_INCLUDEDIR
jpayne@68 661 #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS
jpayne@68 662 #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
jpayne@68 663 #467 Resolve macro HAVE_EXPAT_CONFIG_H
jpayne@68 664 #472 Delete unused legacy helper file "conftools/PrintPath"
jpayne@68 665 #473 #483 Improve attribution
jpayne@68 666 #464 #465 #477 doc/reference.html: Fix XHTML validity
jpayne@68 667 #475 #478 doc/reference.html: Replace the 90s look by OK.css
jpayne@68 668 #479 Version info bumped from 8:0:7 to 9:0:8
jpayne@68 669 due to addition of new symbols and error codes;
jpayne@68 670 see https://verbump.de/ for what these numbers do
jpayne@68 671
jpayne@68 672 Infrastructure:
jpayne@68 673 #456 CI: Enable periodic runs
jpayne@68 674 #457 CI: Start covering the list of exported symbols
jpayne@68 675 #474 CI: Isolate coverage task
jpayne@68 676 #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04"
jpayne@68 677 #477 CI: Cover well-formedness and DocBook/XHTML validity
jpayne@68 678 of doc/reference.html and doc/xmlwf.xml
jpayne@68 679
jpayne@68 680 Special thanks to:
jpayne@68 681 Dimitry Andric
jpayne@68 682 Eero Helenius
jpayne@68 683 Nick Wellnhofer
jpayne@68 684 Rhodri James
jpayne@68 685 Tomas Korbar
jpayne@68 686 Yury Gribov
jpayne@68 687 and
jpayne@68 688 Clang LeakSan
jpayne@68 689 JetBrains
jpayne@68 690 OSS-Fuzz
jpayne@68 691
jpayne@68 692 Release 2.3.0 Thu March 25 2021
jpayne@68 693 Bug fixes:
jpayne@68 694 #438 When calling XML_ParseBuffer without a prior successful call to
jpayne@68 695 XML_GetBuffer as a user, no longer trigger undefined behavior
jpayne@68 696 (by adding an integer to a NULL pointer) but rather return
jpayne@68 697 XML_STATUS_ERROR and set the error code to (new) code
jpayne@68 698 XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
jpayne@68 699 of Clang 11 (but not Clang 9).
jpayne@68 700 #444 xmlwf: Exit status 2 was used for both:
jpayne@68 701 - malformed input files (documented) and
jpayne@68 702 - invalid command-line arguments (undocumented).
jpayne@68 703 The case of invalid command-line arguments now
jpayne@68 704 has its own exit status 4, resolving the ambiguity.
jpayne@68 705
jpayne@68 706 Other changes:
jpayne@68 707 #439 xmlwf: Add argument -k to allow continuing after
jpayne@68 708 non-fatal errors
jpayne@68 709 #439 xmlwf: Add section about exit status to the -h help output
jpayne@68 710 #422 #426 #447 Windows: Drop support for Visual Studio <=14.0/2015
jpayne@68 711 #434 Windows: CMake: Detect unsupported Visual Studio at
jpayne@68 712 configure time (rather than at compile time)
jpayne@68 713 #382 #428 testrunner: Make verbose mode (argument "-v") report
jpayne@68 714 about passed tests, and make default mode report about
jpayne@68 715 failures, as well.
jpayne@68 716 #442 CMake: Call "enable_language(CXX)" prior to tinkering
jpayne@68 717 with CMAKE_CXX_* variables
jpayne@68 718 #448 Document use of libexpat from a CMake-based project
jpayne@68 719 #451 Autotools: Install CMake files as generated by CMake 3.19.6
jpayne@68 720 so that users with "find_package(expat [..] CONFIG [..])"
jpayne@68 721 are served on distributions that are *not* using the CMake
jpayne@68 722 build system inside for libexpat packaging
jpayne@68 723 #436 #437 Autotools: Drop obsolescent macro AC_HEADER_STDC
jpayne@68 724 #450 #452 Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
jpayne@68 725 #441 Address compiler warnings
jpayne@68 726 #443 Version info bumped from 7:12:6 to 8:0:7
jpayne@68 727 due to addition of error code XML_ERROR_NO_BUFFER
jpayne@68 728 (see https://verbump.de/ for what these numbers do)
jpayne@68 729
jpayne@68 730 Infrastructure:
jpayne@68 731 #435 #446 Replace Travis CI by GitHub Actions
jpayne@68 732
jpayne@68 733 Special thanks to:
jpayne@68 734 Alexander Richardson
jpayne@68 735 Oleksandr Popovych
jpayne@68 736 Thomas Beutlich
jpayne@68 737 Tim Bray
jpayne@68 738 and
jpayne@68 739 Clang LeakSan, Clang 11 UBSan and the Clang team
jpayne@68 740
jpayne@68 741 Release 2.2.10 Sat October 3 2020
jpayne@68 742 Bug fixes:
jpayne@68 743 #390 #395 #398 Fix undefined behavior during parsing caused by
jpayne@68 744 pointer arithmetic with NULL pointers
jpayne@68 745 #404 #405 Fix reading uninitialized variable during parsing
jpayne@68 746 #406 xmlwf: Add missing check for malloc NULL return
jpayne@68 747
jpayne@68 748 Other changes:
jpayne@68 749 #396 Windows: Drop support for Visual Studio <=8.0/2005
jpayne@68 750 #409 Windows: Add missing file "Changes" to the installer
jpayne@68 751 to fix compilation with CMake from installed sources
jpayne@68 752 #403 xmlwf: Document exit codes in xmlwf manpage and
jpayne@68 753 exit with code 3 (rather than code 1) for output errors
jpayne@68 754 when used with "-d DIRECTORY"
jpayne@68 755 #356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0
jpayne@68 756 #383 #392 Autotools: Use -Werror while configure tests the compiler
jpayne@68 757 for supported compile flags to avoid false positives
jpayne@68 758 #383 #393 #394 Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
jpayne@68 759 e.g. ensure that they have the last word over flags added
jpayne@68 760 while running ./configure
jpayne@68 761 #360 CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
jpayne@68 762 on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
jpayne@68 763 #360 CMake: Detect and deny unsupported build combinations
jpayne@68 764 involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
jpayne@68 765 #360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case
jpayne@68 766 of -DEXPAT_BUILD_DOCS=OFF
jpayne@68 767 #375 #380 #419 CMake: Fix use of Expat by means of add_subdirectory
jpayne@68 768 #407 #408 CMake: Keep expat target name constant at "expat"
jpayne@68 769 (i.e. refrain from using the target name to control
jpayne@68 770 build artifact filenames)
jpayne@68 771 #385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
jpayne@68 772 Windows
jpayne@68 773 CMake: Expose man page compilation as target "xmlwf-manpage"
jpayne@68 774 #413 #414 CMake: Introduce option EXPAT_BUILD_PKGCONFIG
jpayne@68 775 to control generation of pkg-config file "expat.pc"
jpayne@68 776 #424 CMake: Add minimalistic support for building binary packages
jpayne@68 777 with CMake target "package"; based on CPack
jpayne@68 778 #366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
jpayne@68 779 default OFF to build fuzzer code against OSS-Fuzz and
jpayne@68 780 related environment variable LIB_FUZZING_ENGINE
jpayne@68 781 #354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
jpayne@68 782 #354 #355 ..
jpayne@68 783 #356 #412 Address compiler warnings
jpayne@68 784 #368 #369 Address pngcheck warnings with doc/*.png images
jpayne@68 785 #425 Version info bumped from 7:11:6 to 7:12:6
jpayne@68 786
jpayne@68 787 Special thanks to:
jpayne@68 788 asavah
jpayne@68 789 Ben Wagner
jpayne@68 790 Bhargava Shastry
jpayne@68 791 Frank Landgraf
jpayne@68 792 Jeffrey Walton
jpayne@68 793 Joe Orton
jpayne@68 794 Kleber Tarcísio
jpayne@68 795 Ma Lin
jpayne@68 796 Maciej Sroczyński
jpayne@68 797 Mohammed Khajapasha
jpayne@68 798 Vadim Zeitlin
jpayne@68 799 and
jpayne@68 800 Cppcheck 2.0 and the Cppcheck team
jpayne@68 801
jpayne@68 802 Release 2.2.9 Wed September 25 2019
jpayne@68 803 Other changes:
jpayne@68 804 examples: Drop executable bits from elements.c
jpayne@68 805 #349 Windows: Change the name of the Windows DLLs from expat*.dll
jpayne@68 806 to libexpat*.dll once more (regression from 2.2.8, first
jpayne@68 807 fixed in 1.95.3, issue #61 on SourceForge today,
jpayne@68 808 was issue #432456 back then); needs a fix due
jpayne@68 809 case-insensitive file systems on Windows and the fact that
jpayne@68 810 Perl's XML::Parser::Expat compiles into Expat.dll.
jpayne@68 811 #347 Windows: Only define _CRT_RAND_S if not defined
jpayne@68 812 Version info bumped from 7:10:6 to 7:11:6
jpayne@68 813
jpayne@68 814 Special thanks to:
jpayne@68 815 Ben Wagner
jpayne@68 816
jpayne@68 817 Release 2.2.8 Fri September 13 2019
jpayne@68 818 Security fixes:
jpayne@68 819 #317 #318 CVE-2019-15903 -- Fix heap overflow triggered by
jpayne@68 820 XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
jpayne@68 821 and deny internal entities closing the doctype;
jpayne@68 822 fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
jpayne@68 823
jpayne@68 824 Bug fixes:
jpayne@68 825 #240 Fix cases where XML_StopParser did not have any effect
jpayne@68 826 when called from inside of an end element handler
jpayne@68 827 #341 xmlwf: Fix exit code for operation without "-d DIRECTORY";
jpayne@68 828 previously, only "-d DIRECTORY" would give you a proper
jpayne@68 829 exit code:
jpayne@68 830 # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
jpayne@68 831 2
jpayne@68 832 # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
jpayne@68 833 0
jpayne@68 834 Now both cases return exit code 2.
jpayne@68 835
jpayne@68 836 Other changes:
jpayne@68 837 #299 #302 Windows: Replace LoadLibrary hack to access
jpayne@68 838 unofficial API function SystemFunction036 (RtlGenRandom)
jpayne@68 839 by using official API function rand_s (needs WinXP+)
jpayne@68 840 #325 Windows: Drop support for Visual Studio <=7.1/2003
jpayne@68 841 and document supported compilers in README.md
jpayne@68 842 #286 Windows: Remove COM code from xmlwf; in case it turns
jpayne@68 843 out needed later, there will be a dedicated repository
jpayne@68 844 below https://github.com/libexpat/ for that code
jpayne@68 845 #322 Windows: Remove explicit MSVC solution and project files.
jpayne@68 846 You can generate Visual Studio solution files through
jpayne@68 847 CMake, e.g.: cmake -G"Visual Studio 15 2017" .
jpayne@68 848 #338 xmlwf: Make "xmlwf -h" help output more friendly
jpayne@68 849 #339 examples: Improve elements.c
jpayne@68 850 #244 #264 Autotools: Add argument --enable-xml-attr-info
jpayne@68 851 #239 #301 Autotools: Add arguments
jpayne@68 852 --with-getrandom
jpayne@68 853 --without-getrandom
jpayne@68 854 --with-sys-getrandom
jpayne@68 855 --without-sys-getrandom
jpayne@68 856 #312 #343 Autotools: Fix linking issues with "./configure LD=clang"
jpayne@68 857 Autotools: Fix "make run-xmltest" for out-of-source builds
jpayne@68 858 #329 #336 CMake: Pull all options from Expat <=2.2.7 into namespace
jpayne@68 859 prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
jpayne@68 860 - BUILD_doc -> EXPAT_BUILD_DOCS (plural)
jpayne@68 861 - BUILD_examples -> EXPAT_BUILD_EXAMPLES
jpayne@68 862 - BUILD_shared -> EXPAT_SHARED_LIBS
jpayne@68 863 - BUILD_tests -> EXPAT_BUILD_TESTS
jpayne@68 864 - BUILD_tools -> EXPAT_BUILD_TOOLS
jpayne@68 865 - DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged)
jpayne@68 866 - INSTALL -> EXPAT_ENABLE_INSTALL
jpayne@68 867 - MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT
jpayne@68 868 - USE_libbsd -> EXPAT_WITH_LIBBSD
jpayne@68 869 - WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS
jpayne@68 870 - XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES
jpayne@68 871 - XML_DEV_URANDOM -> EXPAT_DEV_URANDOM
jpayne@68 872 - XML_DTD -> EXPAT_DTD
jpayne@68 873 - XML_NS -> EXPAT_NS
jpayne@68 874 - XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!)
jpayne@68 875 - XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!)
jpayne@68 876 #244 #264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
jpayne@68 877 default OFF
jpayne@68 878 #326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
jpayne@68 879 default OFF
jpayne@68 880 #328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
jpayne@68 881 default OFF
jpayne@68 882 #239 #277 CMake: Add arguments
jpayne@68 883 -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
jpayne@68 884 -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
jpayne@68 885 #326 CMake: Install expat_config.h to include directory
jpayne@68 886 #326 CMake: Generate and install configuration files for
jpayne@68 887 future find_package(expat [..] CONFIG [..])
jpayne@68 888 CMake: Now produces a summary of applied configuration
jpayne@68 889 CMake: Require C++ compiler only when tests are enabled
jpayne@68 890 #330 CMake: Fix compilation for 16bit character types,
jpayne@68 891 i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
jpayne@68 892 #265 CMake: Fix linking with MinGW
jpayne@68 893 #330 CMake: Add full support for MinGW; to enable, use
jpayne@68 894 -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
jpayne@68 895 #330 CMake: Port "make run-xmltest" from GNU Autotools to CMake
jpayne@68 896 #316 CMake: Windows: Make binary postfix match MSVC
jpayne@68 897 Old: expat[d].lib
jpayne@68 898 New: expat[w][d][MD|MT].lib
jpayne@68 899 CMake: Migrate files from Windows to Unix line endings
jpayne@68 900 #308 CMake: Integrate OSS-Fuzz fuzzers, option
jpayne@68 901 -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
jpayne@68 902 #14 Drop an OpenVMS support leftover
jpayne@68 903 #235 #268 ..
jpayne@68 904 #270 #310 ..
jpayne@68 905 #313 #331 #333 Address compiler warnings
jpayne@68 906 #282 #283 ..
jpayne@68 907 #284 #285 Address cppcheck warnings
jpayne@68 908 #294 #295 Address Clang Static Analyzer warnings
jpayne@68 909 #24 #293 Mass-apply clang-format 9 (and ensure conformance during CI)
jpayne@68 910 Version info bumped from 7:9:6 to 7:10:6
jpayne@68 911
jpayne@68 912 Special thanks to:
jpayne@68 913 David Loffredo
jpayne@68 914 Joonun Jang
jpayne@68 915 Kishore Kunche
jpayne@68 916 Marco Maggi
jpayne@68 917 Mitch Phillips
jpayne@68 918 Mohammed Khajapasha
jpayne@68 919 Rolf Ade
jpayne@68 920 xantares
jpayne@68 921 Zhongyuan Zhou
jpayne@68 922
jpayne@68 923 Release 2.2.7 Wed June 19 2019
jpayne@68 924 Security fixes:
jpayne@68 925 #186 #262 CVE-2018-20843 -- Fix extraction of namespace prefixes from
jpayne@68 926 XML names; XML names with multiple colons could end up in
jpayne@68 927 the wrong namespace, and take a high amount of RAM and CPU
jpayne@68 928 resources while processing, opening the door to
jpayne@68 929 use for denial-of-service attacks
jpayne@68 930
jpayne@68 931 Other changes:
jpayne@68 932 #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop
jpayne@68 933 exporting non-API symbols
jpayne@68 934 #227 Autotools: Add --without-examples and --without-tests
jpayne@68 935 #228 Autotools: Modernize configure.ac
jpayne@68 936 #245 #246 Autotools: Fix check for -fvisibility=hidden for Clang
jpayne@68 937 #247 #248 Autotools: Fix compilation for lack of docbook2x-man
jpayne@68 938 #236 #258 Autotools: Produce .tar.{gz,lz,xz} release archives
jpayne@68 939 #212 CMake: Make libdir of pkgconfig expat.pc support multilib
jpayne@68 940 #158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
jpayne@68 941 #219 Remove fallback to bcopy, assume that memmove(3) exists
jpayne@68 942 #257 Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD)
jpayne@68 943 #243 Windows: Fix syntax of .def module definition files
jpayne@68 944 Version info bumped from 7:8:6 to 7:9:6
jpayne@68 945
jpayne@68 946 Special thanks to:
jpayne@68 947 Benjamin Peterson
jpayne@68 948 Caolán McNamara
jpayne@68 949 Hanno Böck
jpayne@68 950 KangLin
jpayne@68 951 Kishore Kunche
jpayne@68 952 Marco Maggi
jpayne@68 953 Rhodri James
jpayne@68 954 Sebastian Dröge
jpayne@68 955 userwithuid
jpayne@68 956 Yury Gribov
jpayne@68 957
jpayne@68 958 Release 2.2.6 Sun August 12 2018
jpayne@68 959 Bug fixes:
jpayne@68 960 #170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer
jpayne@68 961 #204 #205 Fix 2.2.5 regression with suspend-resume while parsing
jpayne@68 962 a document like '<root/>'
jpayne@68 963
jpayne@68 964 Other changes:
jpayne@68 965 #165 #168 Autotools: Fix docbook-related configure syntax error
jpayne@68 966 #166 Autotools: Avoid grep option `-q` for Solaris
jpayne@68 967 #167 Autotools: Support
jpayne@68 968 ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
jpayne@68 969 #159 #167 Autotools: Support DOCBOOK_TO_MAN command which produces
jpayne@68 970 xmlwf.1 rather than XMLWF.1; also covers case insensitive
jpayne@68 971 file systems
jpayne@68 972 #181 Autotools: Drop -rpath option passed to libtool
jpayne@68 973 #188 Autotools: Detect and deny SGML docbook2man as ours is XML
jpayne@68 974 #188 Autotools/CMake: Support command db2x_docbook2man as well
jpayne@68 975 #174 CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
jpayne@68 976 #184 #185 CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
jpayne@68 977 #207 #208 CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
jpayne@68 978 both defaulting to OFF
jpayne@68 979 #175 CMake: Prefer check_symbol_exists over check_function_exists
jpayne@68 980 #176 CMake: Create the same pkg-config file as with GNU Autotools
jpayne@68 981 #178 #179 CMake: Use GNUInstallDirs module to set proper defaults for
jpayne@68 982 install directories
jpayne@68 983 #208 CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
jpayne@68 984 #180 Windows: Fix compilation of test suite for Visual Studio 2008
jpayne@68 985 #131 #173 #202 Address compiler warnings
jpayne@68 986 #187 #190 #200 Fix miscellaneous typos
jpayne@68 987 Version info bumped from 7:7:6 to 7:8:6
jpayne@68 988
jpayne@68 989 Special thanks to:
jpayne@68 990 Anton Maklakov
jpayne@68 991 Benjamin Peterson
jpayne@68 992 Brad King
jpayne@68 993 Franek Korta
jpayne@68 994 Frank Rast
jpayne@68 995 Joe Orton
jpayne@68 996 luzpaz
jpayne@68 997 Pedro Vicente
jpayne@68 998 Rainer Jung
jpayne@68 999 Rhodri James
jpayne@68 1000 Rolf Ade
jpayne@68 1001 Rolf Eike Beer
jpayne@68 1002 Thomas Beutlich
jpayne@68 1003 Tomasz Kłoczko
jpayne@68 1004
jpayne@68 1005 Release 2.2.5 Tue October 31 2017
jpayne@68 1006 Bug fixes:
jpayne@68 1007 #8 If the parser runs out of memory, make sure its internal
jpayne@68 1008 state reflects the memory it actually has, not the memory
jpayne@68 1009 it wanted to have.
jpayne@68 1010 #11 The default handler wasn't being called when it should for
jpayne@68 1011 a SYSTEM or PUBLIC doctype if an entity declaration handler
jpayne@68 1012 was registered.
jpayne@68 1013 #137 #138 Fix a case of mistakenly reported parsing success where
jpayne@68 1014 XML_StopParser was called from an element handler
jpayne@68 1015 #162 Function XML_ErrorString was returning NULL rather than
jpayne@68 1016 a message for code XML_ERROR_INVALID_ARGUMENT
jpayne@68 1017 introduced with release 2.2.1
jpayne@68 1018
jpayne@68 1019 Other changes:
jpayne@68 1020 #106 xmlwf: Add argument -N adding notation declarations
jpayne@68 1021 #75 #106 Test suite: Resolve expected failure cases where xmlwf
jpayne@68 1022 output was incomplete
jpayne@68 1023 #127 Windows: Fix test suite compilation
jpayne@68 1024 #126 #127 Windows: Fix compilation for Visual Studio 2012
jpayne@68 1025 Windows: Upgrade shipped project files to Visual Studio 2017
jpayne@68 1026 #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
jpayne@68 1027 #129 examples: Fix compilation for XML_UNICODE_WCHAR_T
jpayne@68 1028 #130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T
jpayne@68 1029 #144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
jpayne@68 1030 Windows or MinGW for 2-byte wchar_t
jpayne@68 1031 #9 Address two Clang Static Analyzer false positives
jpayne@68 1032 #59 Resolve troublesome macros hiding parser struct membership
jpayne@68 1033 and dereferencing that pointer
jpayne@68 1034 #6 Resolve superfluous internal malloc/realloc switch
jpayne@68 1035 #153 #155 Improve docbook2x-man detection
jpayne@68 1036 #160 Undefine NDEBUG in the test suite (rather than rejecting it)
jpayne@68 1037 #161 Address compiler warnings
jpayne@68 1038 Version info bumped from 7:6:6 to 7:7:6
jpayne@68 1039
jpayne@68 1040 Special thanks to:
jpayne@68 1041 Benbuck Nason
jpayne@68 1042 Hans Wennborg
jpayne@68 1043 José Gutiérrez de la Concha
jpayne@68 1044 Pedro Monreal Gonzalez
jpayne@68 1045 Rhodri James
jpayne@68 1046 Rolf Ade
jpayne@68 1047 Stephen Groat
jpayne@68 1048 and
jpayne@68 1049 Core Infrastructure Initiative
jpayne@68 1050
jpayne@68 1051 Release 2.2.4 Sat August 19 2017
jpayne@68 1052 Bug fixes:
jpayne@68 1053 #115 Fix copying of partial characters for UTF-8 input
jpayne@68 1054
jpayne@68 1055 Other changes:
jpayne@68 1056 #109 Fix "make check" for non-x86 architectures that default
jpayne@68 1057 to unsigned type char (-128..127 rather than 0..255)
jpayne@68 1058 #109 coverage.sh: Cover -funsigned-char
jpayne@68 1059 Autotools: Introduce --without-xmlwf argument
jpayne@68 1060 #65 Autotools: Replace handwritten Makefile with GNU Automake
jpayne@68 1061 #43 CMake: Auto-detect high quality entropy extractors, add new
jpayne@68 1062 option USE_libbsd=ON to use arc4random_buf of libbsd
jpayne@68 1063 #74 CMake: Add -fno-strict-aliasing only where supported
jpayne@68 1064 #114 CMake: Always honor manually set BUILD_* options
jpayne@68 1065 #114 CMake: Compile man page if docbook2x-man is available, only
jpayne@68 1066 #117 Include file tests/xmltest.log.expected in source tarball
jpayne@68 1067 (required for "make run-xmltest")
jpayne@68 1068 #117 Include (existing) Visual Studio 2013 files in source tarball
jpayne@68 1069 Improve test suite error output
jpayne@68 1070 #111 Fix some typos in documentation
jpayne@68 1071 Version info bumped from 7:5:6 to 7:6:6
jpayne@68 1072
jpayne@68 1073 Special thanks to:
jpayne@68 1074 Jakub Wilk
jpayne@68 1075 Joe Orton
jpayne@68 1076 Lin Tian
jpayne@68 1077 Rolf Eike Beer
jpayne@68 1078
jpayne@68 1079 Release 2.2.3 Wed August 2 2017
jpayne@68 1080 Security fixes:
jpayne@68 1081 #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
jpayne@68 1082 using Steve Holme's LoadLibrary wrapper for/of cURL
jpayne@68 1083
jpayne@68 1084 Bug fixes:
jpayne@68 1085 #85 Fix a dangling pointer issue related to realloc
jpayne@68 1086
jpayne@68 1087 Other changes:
jpayne@68 1088 Increase code coverage
jpayne@68 1089 #91 Linux: Allow getrandom to fail if nonblocking pool has not
jpayne@68 1090 yet been initialized and read /dev/urandom then, instead.
jpayne@68 1091 This is in line with what recent Python does.
jpayne@68 1092 #81 Pre-10.7/Lion macOS: Support entropy from arc4random
jpayne@68 1093 #86 Check that a UTF-16 encoding in an XML declaration has the
jpayne@68 1094 right endianness
jpayne@68 1095 #4 #5 #7 Recover correctly when some reallocations fail
jpayne@68 1096 Repair "./configure && make" for systems without any
jpayne@68 1097 provider of high quality entropy
jpayne@68 1098 and try reading /dev/urandom on those
jpayne@68 1099 Ensure that user-defined character encodings have converter
jpayne@68 1100 functions when they are needed
jpayne@68 1101 Fix mis-leading description of argument -c in xmlwf.1
jpayne@68 1102 Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
jpayne@68 1103 for CloudABI
jpayne@68 1104 #100 Fix use of SIPHASH_MAIN in siphash.h
jpayne@68 1105 #23 Test suite: Fix memory leaks
jpayne@68 1106 Version info bumped from 7:4:6 to 7:5:6
jpayne@68 1107
jpayne@68 1108 Special thanks to:
jpayne@68 1109 Chanho Park
jpayne@68 1110 Joe Orton
jpayne@68 1111 Pascal Cuoq
jpayne@68 1112 Rhodri James
jpayne@68 1113 Simon McVittie
jpayne@68 1114 Vadim Zeitlin
jpayne@68 1115 Viktor Szakats
jpayne@68 1116 and
jpayne@68 1117 Core Infrastructure Initiative
jpayne@68 1118
jpayne@68 1119 Release 2.2.2 Wed July 12 2017
jpayne@68 1120 Security fixes:
jpayne@68 1121 #43 Protect against compilation without any source of high
jpayne@68 1122 quality entropy enabled, e.g. with CMake build system;
jpayne@68 1123 commit ff0207e6076e9828e536b8d9cd45c9c92069b895
jpayne@68 1124 #60 Windows with _UNICODE:
jpayne@68 1125 Unintended use of LoadLibraryW with a non-wide string
jpayne@68 1126 resulted in failure to load advapi32.dll and degradation
jpayne@68 1127 in quality of used entropy when compiled with _UNICODE for
jpayne@68 1128 Windows; you can launch existing binaries with
jpayne@68 1129 EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
jpayne@68 1130 quality of entropy used during runtime; commits
jpayne@68 1131 * 95b95032f907ef1cd17ee7a9a1768010a825d61d
jpayne@68 1132 * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
jpayne@68 1133 [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
jpayne@68 1134 resulted in NULL dereference, previously;
jpayne@68 1135 commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
jpayne@68 1136
jpayne@68 1137 Bug fixes:
jpayne@68 1138 #69 Fix improper use of unsigned long long integer literals
jpayne@68 1139
jpayne@68 1140 Other changes:
jpayne@68 1141 #73 Start requiring a C99 compiler
jpayne@68 1142 #49 Fix "==" Bashism in configure script
jpayne@68 1143 #50 Fix too eager getrandom detection for Debian GNU/kFreeBSD
jpayne@68 1144 #52 and macOS
jpayne@68 1145 #51 Address lack of stdint.h in Visual Studio 2003 to 2008
jpayne@68 1146 #58 Address compile warnings
jpayne@68 1147 #68 Fix "./buildconf.sh && ./configure" for some versions
jpayne@68 1148 of Dash for /bin/sh
jpayne@68 1149 #72 CMake: Ease use of Expat in context of a parent project
jpayne@68 1150 with multiple CMakeLists.txt files
jpayne@68 1151 #72 CMake: Resolve mistaken executable permissions
jpayne@68 1152 #76 Address compile warning with -DNDEBUG (not recommended!)
jpayne@68 1153 #77 Address compile warning about macro redefinition
jpayne@68 1154
jpayne@68 1155 Special thanks to:
jpayne@68 1156 Alexander Bluhm
jpayne@68 1157 Ben Boeckel
jpayne@68 1158 Cătălin Răceanu
jpayne@68 1159 Kerin Millar
jpayne@68 1160 László Böszörményi
jpayne@68 1161 S. P. Zeidler
jpayne@68 1162 Segev Finer
jpayne@68 1163 Václav Slavík
jpayne@68 1164 Victor Stinner
jpayne@68 1165 Viktor Szakats
jpayne@68 1166 and
jpayne@68 1167 Radically Open Security
jpayne@68 1168
jpayne@68 1169 Release 2.2.1 Sat June 17 2017
jpayne@68 1170 Security fixes:
jpayne@68 1171 CVE-2017-9233 -- External entity infinite loop DoS
jpayne@68 1172 Details: https://libexpat.github.io/doc/cve-2017-9233/
jpayne@68 1173 Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
jpayne@68 1174 [MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
jpayne@68 1175 d4f735b88d9932bd5039df2335eefdd0723dbe20
jpayne@68 1176 (Fixed version of existing downstream patches!)
jpayne@68 1177 (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
jpayne@68 1178 longer tag names; commits
jpayne@68 1179 * 896b6c1fd3b842f377d1b62135dccf0a579cf65d
jpayne@68 1180 * af507cef2c93cb8d40062a0abe43a4f4e9158fb2
jpayne@68 1181 #16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
jpayne@68 1182 #25 More integer overflow detection (function poolGrow); commits
jpayne@68 1183 * 810b74e4703dcfdd8f404e3cb177d44684775143
jpayne@68 1184 * 44178553f3539ce69d34abee77a05e879a7982ac
jpayne@68 1185 [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
jpayne@68 1186 * 4be2cb5afcc018d996f34bbbce6374b7befad47f
jpayne@68 1187 * 7e5b71b748491b6e459e5c9a1d090820f94544d8
jpayne@68 1188 [MOX-005] #30 Use high quality entropy for hash initialization:
jpayne@68 1189 * arc4random_buf on BSD, systems with libbsd
jpayne@68 1190 (when configured with --with-libbsd), CloudABI
jpayne@68 1191 * RtlGenRandom on Windows XP / Server 2003 and later
jpayne@68 1192 * getrandom on Linux 3.17+
jpayne@68 1193 In a way, that's still part of CVE-2016-5300.
jpayne@68 1194 https://github.com/libexpat/libexpat/pull/30/commits
jpayne@68 1195 [MOX-005] For the low quality entropy extraction fallback code,
jpayne@68 1196 the parser instance address can no longer leak, commit
jpayne@68 1197 04ad658bd3079dd15cb60fc67087900f0ff4b083
jpayne@68 1198 [MOX-003] Prevent use of uninitialised variable; commit
jpayne@68 1199 [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
jpayne@68 1200 Add missing parameter validation to public API functions
jpayne@68 1201 and dedicated error code XML_ERROR_INVALID_ARGUMENT:
jpayne@68 1202 [MOX-006] * NULL checks; commits
jpayne@68 1203 * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
jpayne@68 1204 * 9ed727064b675b7180c98cb3d4f75efba6966681
jpayne@68 1205 * 6a747c837c50114dfa413994e07c0ba477be4534
jpayne@68 1206 * Negative length (XML_Parse); commit
jpayne@68 1207 [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
jpayne@68 1208 [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
jpayne@68 1209 to go further with fixing CVE-2012-0876.
jpayne@68 1210 https://github.com/libexpat/libexpat/pull/39/commits
jpayne@68 1211
jpayne@68 1212 Bug fixes:
jpayne@68 1213 #32 Fix sharing of hash salt across parsers;
jpayne@68 1214 relevant where XML_ExternalEntityParserCreate is called
jpayne@68 1215 prior to XML_Parse, in particular (e.g. FBReader)
jpayne@68 1216 #28 xmlwf: Auto-disable use of memory-mapping (and parsing
jpayne@68 1217 as a single chunk) for files larger than ~1 GB (2^30 bytes)
jpayne@68 1218 rather than failing with error "out of memory"
jpayne@68 1219 #3 Fix double free after malloc failure in DTD code; commit
jpayne@68 1220 7ae9c3d3af433cd4defe95234eae7dc8ed15637f
jpayne@68 1221 #17 Fix memory leak on parser error for unbound XML attribute
jpayne@68 1222 prefix with new namespaces defined in the same tag;
jpayne@68 1223 found by Google's OSS-Fuzz; commits
jpayne@68 1224 * 16f87daae5a16132e479e4f71862128c7a915c73
jpayne@68 1225 * b47dbc9745932c160893d433220e462bd605f8cd
jpayne@68 1226 xmlwf on Windows: Add missing calls to CloseHandle
jpayne@68 1227
jpayne@68 1228 New features:
jpayne@68 1229 #30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
jpayne@68 1230 for runtime debugging of entropy extraction
jpayne@68 1231
jpayne@68 1232 Other changes:
jpayne@68 1233 Increase code coverage
jpayne@68 1234 #33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
jpayne@68 1235 XML_UNICODE_WCHAR_T was never meant to be used outside
jpayne@68 1236 of Windows; 4-byte wchar_t is common on Linux
jpayne@68 1237 (SF.net) #538 Start using -fno-strict-aliasing
jpayne@68 1238 (SF.net) #540 Support compilation against cloudlibc of CloudABI
jpayne@68 1239 Allow MinGW cross-compilation
jpayne@68 1240 (SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default)
jpayne@68 1241 to bypass compilation of the xmlwf.1 man page
jpayne@68 1242 (SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default)
jpayne@68 1243 to bypass installation of expat files
jpayne@68 1244 CMake: Fix ninja support
jpayne@68 1245 Autotools: Add parameters --enable-xml-context [COUNT]
jpayne@68 1246 and --disable-xml-context; default of context of 1024
jpayne@68 1247 bytes enabled unchanged
jpayne@68 1248 #14 Drop AmigaOS 4.x code and includes
jpayne@68 1249 #14 Drop ancient build systems:
jpayne@68 1250 * Borland C++ Builder
jpayne@68 1251 * OpenVMS
jpayne@68 1252 * Open Watcom
jpayne@68 1253 * Visual Studio 6.0
jpayne@68 1254 * Pre-X Mac OS (MPW Makefile)
jpayne@68 1255 If you happen to rely on some of these, please get in
jpayne@68 1256 touch for joining with maintenance.
jpayne@68 1257 #10 Move from WIN32 to _WIN32
jpayne@68 1258 #13 Fix "make run-xmltest" order instability
jpayne@68 1259 Address compile warnings
jpayne@68 1260 Bump version info from 7:2:6 to 7:3:6
jpayne@68 1261 Add AUTHORS file
jpayne@68 1262
jpayne@68 1263 Infrastructure:
jpayne@68 1264 #1 Migrate from SourceForge to GitHub (except downloads):
jpayne@68 1265 https://github.com/libexpat/
jpayne@68 1266 #1 Re-create http://libexpat.org/ project website
jpayne@68 1267 Start utilizing Travis CI
jpayne@68 1268
jpayne@68 1269 Special thanks to:
jpayne@68 1270 Andy Wang
jpayne@68 1271 Don Lewis
jpayne@68 1272 Ed Schouten
jpayne@68 1273 Karl Waclawek
jpayne@68 1274 Pascal Cuoq
jpayne@68 1275 Rhodri James
jpayne@68 1276 Sergei Nikulov
jpayne@68 1277 Tobias Taschner
jpayne@68 1278 Viktor Szakats
jpayne@68 1279 and
jpayne@68 1280 Core Infrastructure Initiative
jpayne@68 1281 Mozilla Foundation (MOSS Track 3: Secure Open Source)
jpayne@68 1282 Radically Open Security
jpayne@68 1283
jpayne@68 1284 Release 2.2.0 Tue June 21 2016
jpayne@68 1285 Security fixes:
jpayne@68 1286 #537 CVE-2016-0718 -- Fix crash on malformed input
jpayne@68 1287 CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
jpayne@68 1288 CVE-2015-2716 introduced with Expat 2.1.1
jpayne@68 1289 #499 CVE-2016-5300 -- Use more entropy for hash initialization
jpayne@68 1290 than the original fix to CVE-2012-0876
jpayne@68 1291 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand
jpayne@68 1292 that was introduced with Expat 2.1.0
jpayne@68 1293 when addressing CVE-2012-0876 (issue #496)
jpayne@68 1294
jpayne@68 1295 Bug fixes:
jpayne@68 1296 Fix uninitialized reads of size 1
jpayne@68 1297 (e.g. in little2_updatePosition)
jpayne@68 1298 Fix detection of UTF-8 character boundaries
jpayne@68 1299
jpayne@68 1300 Other changes:
jpayne@68 1301 #532 Fix compilation for Visual Studio 2010 (keyword "C99")
jpayne@68 1302 Autotools: Resolve use of "$<" to better support bmake
jpayne@68 1303 Autotools: Add QA script "qa.sh" (and make target "qa")
jpayne@68 1304 Autotools: Respect CXXFLAGS if given
jpayne@68 1305 Autotools: Fix "make run-xmltest"
jpayne@68 1306 Autotools: Have "make run-xmltest" check for expected output
jpayne@68 1307 p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
jpayne@68 1308 #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
jpayne@68 1309 #323 CMake: Add suffix "d" to differentiate debug from release
jpayne@68 1310 CMake: Define WIN32 with CMake on Windows
jpayne@68 1311 Annotate memory allocators for GCC
jpayne@68 1312 Address all currently known compile warnings
jpayne@68 1313 Make sure that API symbols remain visible despite
jpayne@68 1314 -fvisibility=hidden
jpayne@68 1315 Remove executable flag from source files
jpayne@68 1316 Resolve COMPILED_FROM_DSP in favor of WIN32
jpayne@68 1317
jpayne@68 1318 Special thanks to:
jpayne@68 1319 Björn Lindahl
jpayne@68 1320 Christian Heimes
jpayne@68 1321 Cristian Rodríguez
jpayne@68 1322 Daniel Krügler
jpayne@68 1323 Gustavo Grieco
jpayne@68 1324 Karl Waclawek
jpayne@68 1325 László Böszörményi
jpayne@68 1326 Marco Grassi
jpayne@68 1327 Pascal Cuoq
jpayne@68 1328 Sergei Nikulov
jpayne@68 1329 Thomas Beutlich
jpayne@68 1330 Warren Young
jpayne@68 1331 Yann Droneaud
jpayne@68 1332
jpayne@68 1333 Release 2.1.1 Sat March 12 2016
jpayne@68 1334 Security fixes:
jpayne@68 1335 #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
jpayne@68 1336
jpayne@68 1337 Bug fixes:
jpayne@68 1338 #502: Fix potential null pointer dereference
jpayne@68 1339 #520: Symbol XML_SetHashSalt was not exported
jpayne@68 1340 Output of "xmlwf -h" was incomplete
jpayne@68 1341
jpayne@68 1342 Other changes:
jpayne@68 1343 #503: Document behavior of calling XML_SetHashSalt with salt 0
jpayne@68 1344 Minor improvements to man page xmlwf(1)
jpayne@68 1345 Improvements to the experimental CMake build system
jpayne@68 1346 libtool now invoked with --verbose
jpayne@68 1347
jpayne@68 1348 Release 2.1.0 Sat March 24 2012
jpayne@68 1349 - Security fixes:
jpayne@68 1350 #2958794: CVE-2012-1148 - Memory leak in poolGrow.
jpayne@68 1351 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
jpayne@68 1352 #3496608: CVE-2012-0876 - Hash DOS attack.
jpayne@68 1353 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
jpayne@68 1354 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
jpayne@68 1355 - Bug Fixes:
jpayne@68 1356 #1742315: Harmful XML_ParserCreateNS suggestion.
jpayne@68 1357 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
jpayne@68 1358 #1983953, 2517952, 2517962, 2649838:
jpayne@68 1359 Build modifications using autoreconf instead of buildconf.sh.
jpayne@68 1360 #2815947, #2884086: OBJEXT and EXEEXT support while building.
jpayne@68 1361 #2517938: xmlwf should return non-zero exit status if not well-formed.
jpayne@68 1362 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
jpayne@68 1363 #2855609: Dangling positionPtr after error.
jpayne@68 1364 #2990652: CMake support.
jpayne@68 1365 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
jpayne@68 1366 #3206497: Uninitialized memory returned from XML_Parse.
jpayne@68 1367 #3287849: make check fails on mingw-w64.
jpayne@68 1368 - Patches:
jpayne@68 1369 #1749198: pkg-config support.
jpayne@68 1370 #3010222: Fix for bug #3010819.
jpayne@68 1371 #3312568: CMake support.
jpayne@68 1372 #3446384: Report byte offsets for attr names and values.
jpayne@68 1373 - New Features / API changes:
jpayne@68 1374 Added new API member XML_SetHashSalt() that allows setting an initial
jpayne@68 1375 value (salt) for hash calculations. This is part of the fix for
jpayne@68 1376 bug #3496608 to randomize hash parameters.
jpayne@68 1377 When compiled with XML_ATTR_INFO defined, adds new API member
jpayne@68 1378 XML_GetAttributeInfo() that allows retrieving the byte
jpayne@68 1379 offsets for attribute names and values (patch #3446384).
jpayne@68 1380 Added CMake build system.
jpayne@68 1381 See bug #2990652 and patch #3312568.
jpayne@68 1382 Added run-benchmark target to Makefile.in - relies on testdata module
jpayne@68 1383 present in the same relative location as in the repository.
jpayne@68 1384
jpayne@68 1385 Release 2.0.1 Tue June 5 2007
jpayne@68 1386 - Fixed bugs #1515266, #1515600: The character data handler's calling
jpayne@68 1387 of XML_StopParser() was not handled properly; if the parser was
jpayne@68 1388 stopped and the handler set to NULL, the parser would segfault.
jpayne@68 1389 - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
jpayne@68 1390 some character constants to be ASCII encoded.
jpayne@68 1391 - Minor cleanups of the test harness.
jpayne@68 1392 - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
jpayne@68 1393 - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
jpayne@68 1394 - Fixes and improvements for Windows platform:
jpayne@68 1395 bugs #1409451, #1476160, #1548182, #1602769, #1717322.
jpayne@68 1396 - Build fixes for various platforms:
jpayne@68 1397 HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
jpayne@68 1398 All Unix: #1554618 (refreshed config.sub/config.guess).
jpayne@68 1399 #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
jpayne@68 1400 without relying on GNU-Make specific features.
jpayne@68 1401 #1647805: Patched configure.in to work better with Intel compiler.
jpayne@68 1402 - Fixes to Makefile.in to have make check work correctly:
jpayne@68 1403 bugs #1408143, #1535603, #1536684.
jpayne@68 1404 - Added Open Watcom support: patch #1523242.
jpayne@68 1405
jpayne@68 1406 Release 2.0.0 Wed Jan 11 2006
jpayne@68 1407 - We no longer use the "check" library for C unit testing; we
jpayne@68 1408 always use the (partial) internal implementation of the API.
jpayne@68 1409 - Report XML_NS setting via XML_GetFeatureList().
jpayne@68 1410 - Fixed headers for use from C++.
jpayne@68 1411 - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber()
jpayne@68 1412 now return unsigned integers.
jpayne@68 1413 - Added XML_LARGE_SIZE switch to enable 64-bit integers for
jpayne@68 1414 byte indexes and line/column numbers.
jpayne@68 1415 - Updated to use libtool 1.5.22 (the most recent).
jpayne@68 1416 - Added support for AmigaOS.
jpayne@68 1417 - Some mostly minor bug fixes. SF issues include: #1006708,
jpayne@68 1418 #1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
jpayne@68 1419
jpayne@68 1420 Release 1.95.8 Fri Jul 23 2004
jpayne@68 1421 - Major new feature: suspend/resume. Handlers can now request
jpayne@68 1422 that a parse be suspended for later resumption or aborted
jpayne@68 1423 altogether. See "Temporarily Stopping Parsing" in the
jpayne@68 1424 documentation for more details.
jpayne@68 1425 - Some mostly minor bug fixes, but compilation should no
jpayne@68 1426 longer generate warnings on most platforms. SF issues
jpayne@68 1427 include: #827319, #840173, #846309, #888329, #896188, #923913,
jpayne@68 1428 #928113, #961698, #985192.
jpayne@68 1429
jpayne@68 1430 Release 1.95.7 Mon Oct 20 2003
jpayne@68 1431 - Fixed enum XML_Status issue (reported on SourceForge many
jpayne@68 1432 times), so compilers that are properly picky will be happy.
jpayne@68 1433 - Introduced an XMLCALL macro to control the calling
jpayne@68 1434 convention used by the Expat API; this macro should be used
jpayne@68 1435 to annotate prototypes and definitions of callback
jpayne@68 1436 implementations in code compiled with a calling convention
jpayne@68 1437 other than the default convention for the host platform.
jpayne@68 1438 - Improved ability to build without the configure-generated
jpayne@68 1439 expat_config.h header. This is useful for applications
jpayne@68 1440 which embed Expat rather than linking in the library.
jpayne@68 1441 - Fixed a variety of bugs: see SF issues #458907, #609603,
jpayne@68 1442 #676844, #679754, #692878, #692964, #695401, #699323, #699487,
jpayne@68 1443 #820946.
jpayne@68 1444 - Improved hash table lookups.
jpayne@68 1445 - Added more regression tests and improved documentation.
jpayne@68 1446
jpayne@68 1447 Release 1.95.6 Tue Jan 28 2003
jpayne@68 1448 - Added XML_FreeContentModel().
jpayne@68 1449 - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
jpayne@68 1450 - Fixed a variety of bugs: see SF issues #615606, #616863,
jpayne@68 1451 #618199, #653180, #673791.
jpayne@68 1452 - Enhanced the regression test suite.
jpayne@68 1453 - Man page improvements: includes SF issue #632146.
jpayne@68 1454
jpayne@68 1455 Release 1.95.5 Fri Sep 6 2002
jpayne@68 1456 - Added XML_UseForeignDTD() for improved SAX2 support.
jpayne@68 1457 - Added XML_GetFeatureList().
jpayne@68 1458 - Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
jpayne@68 1459 - Use an incomplete struct instead of a void* for the parser
jpayne@68 1460 (may not retain).
jpayne@68 1461 - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
jpayne@68 1462 - Finally fixed bug where default handler would report DTD
jpayne@68 1463 events that were already handled by another handler.
jpayne@68 1464 Initial patch contributed by Darryl Miles.
jpayne@68 1465 - Removed unnecessary DllMain() function that caused static
jpayne@68 1466 linking into a DLL to be difficult.
jpayne@68 1467 - Added VC++ projects for building static libraries.
jpayne@68 1468 - Reduced line-length for all source code and headers to be
jpayne@68 1469 no longer than 80 characters, to help with AS/400 support.
jpayne@68 1470 - Reduced memory copying during parsing (SF patch #600964).
jpayne@68 1471 - Fixed a variety of bugs: see SF issues #580793, #434664,
jpayne@68 1472 #483514, #580503, #581069, #584041, #584183, #584832, #585537,
jpayne@68 1473 #596555, #596678, #598352, #598944, #599715, #600479, #600971.
jpayne@68 1474
jpayne@68 1475 Release 1.95.4 Fri Jul 12 2002
jpayne@68 1476 - Added support for VMS, contributed by Craig Berry. See
jpayne@68 1477 vms/README.vms for more information.
jpayne@68 1478 - Added Mac OS (classic) support, with a makefile for MPW,
jpayne@68 1479 contributed by Thomas Wegner and Daryle Walker.
jpayne@68 1480 - Added Borland C++ Builder 5 / BCC 5.5 support, contributed
jpayne@68 1481 by Patrick McConnell (SF patch #538032).
jpayne@68 1482 - Fixed a variety of bugs: see SF issues #441449, #563184,
jpayne@68 1483 #564342, #566334, #566901, #569461, #570263, #575168, #579196.
jpayne@68 1484 - Made skippedEntityHandler conform to SAX2 (see source comment)
jpayne@68 1485 - Re-implemented WFC: Entity Declared from XML 1.0 spec and
jpayne@68 1486 added a new error "entity declared in parameter entity":
jpayne@68 1487 see SF bug report #569461 and SF patch #578161
jpayne@68 1488 - Re-implemented section 5.1 from XML 1.0 spec:
jpayne@68 1489 see SF bug report #570263 and SF patch #578161
jpayne@68 1490
jpayne@68 1491 Release 1.95.3 Mon Jun 3 2002
jpayne@68 1492 - Added a project to the MSVC workspace to create a wchar_t
jpayne@68 1493 version of the library; the DLLs are named libexpatw.dll.
jpayne@68 1494 - Changed the name of the Windows DLLs from expat.dll to
jpayne@68 1495 libexpat.dll; this fixes SF bug #432456.
jpayne@68 1496 - Added the XML_ParserReset() API function.
jpayne@68 1497 - Fixed XML_SetReturnNSTriplet() to work for element names.
jpayne@68 1498 - Made the XML_UNICODE builds usable (thanks, Karl!).
jpayne@68 1499 - Allow xmlwf to read from standard input.
jpayne@68 1500 - Install a man page for xmlwf on Unix systems.
jpayne@68 1501 - Fixed many bugs; see SF bug reports #231864, #461380, #464837,
jpayne@68 1502 #466885, #469226, #477667, #484419, #487840, #494749, #496505,
jpayne@68 1503 #547350. Other bugs which we can't test as easily may also
jpayne@68 1504 have been fixed, especially in the area of build support.
jpayne@68 1505
jpayne@68 1506 Release 1.95.2 Fri Jul 27 2001
jpayne@68 1507 - More changes to make MSVC happy with the build; add a single
jpayne@68 1508 workspace to support both the library and xmlwf application.
jpayne@68 1509 - Added a Windows installer for Windows users; includes
jpayne@68 1510 xmlwf.exe.
jpayne@68 1511 - Added compile-time constants that can be used to determine the
jpayne@68 1512 Expat version
jpayne@68 1513 - Removed a lot of GNU-specific dependencies to aide portability
jpayne@68 1514 among the various Unix flavors.
jpayne@68 1515 - Fix the UTF-8 BOM bug.
jpayne@68 1516 - Cleaned up warning messages for several compilers.
jpayne@68 1517 - Added the -Wall, -Wstrict-prototypes options for GCC.
jpayne@68 1518
jpayne@68 1519 Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
jpayne@68 1520 - Changes to get expat to build under Microsoft compiler
jpayne@68 1521 - Removed all aborts and instead return an UNEXPECTED_STATE error.
jpayne@68 1522 - Fixed a bug where a stray '%' in an entity value would cause an
jpayne@68 1523 abort.
jpayne@68 1524 - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
jpayne@68 1525 finding this oversight.
jpayne@68 1526 - Changed default patterns in lib/Makefile.in to fit non-GNU makes
jpayne@68 1527 Thanks to robin@unrated.net for reporting and providing an
jpayne@68 1528 account to test on.
jpayne@68 1529 - The reference had the wrong label for XML_SetStartNamespaceDecl.
jpayne@68 1530 Reported by an anonymous user.
jpayne@68 1531
jpayne@68 1532 Release 1.95.0 Fri Sep 29 2000
jpayne@68 1533 - XML_ParserCreate_MM
jpayne@68 1534 Allows you to set a memory management suite to replace the
jpayne@68 1535 standard malloc,realloc, and free.
jpayne@68 1536 - XML_SetReturnNSTriplet
jpayne@68 1537 If you turn this feature on when namespace processing is in
jpayne@68 1538 effect, then qualified, prefixed element and attribute names
jpayne@68 1539 are returned as "uri|name|prefix" where '|' is whatever
jpayne@68 1540 separator character is used in namespace processing.
jpayne@68 1541 - Merged in features from perl-expat
jpayne@68 1542 o XML_SetElementDeclHandler
jpayne@68 1543 o XML_SetAttlistDeclHandler
jpayne@68 1544 o XML_SetXmlDeclHandler
jpayne@68 1545 o XML_SetEntityDeclHandler
jpayne@68 1546 o StartDoctypeDeclHandler takes 3 additional parameters:
jpayne@68 1547 sysid, pubid, has_internal_subset
jpayne@68 1548 o Many paired handler setters (like XML_SetElementHandler)
jpayne@68 1549 now have corresponding individual handler setters
jpayne@68 1550 o XML_GetInputContext for getting the input context of
jpayne@68 1551 the current parse position.
jpayne@68 1552 - Added reference material
jpayne@68 1553 - Packaged into a distribution that builds a sharable library