1279 lines
63 KiB
Plaintext
1279 lines
63 KiB
Plaintext
|
NOTE: We are looking for help with a few things:
|
||
|
https://github.com/libexpat/libexpat/labels/help%20wanted
|
||
|
If you can help, please get in touch. Thanks!
|
||
|
|
||
|
Release 2.5.0 Tue October 25 2022
|
||
|
Security fixes:
|
||
|
#616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager
|
||
|
destruction of a shared DTD in function
|
||
|
XML_ExternalEntityParserCreate in out-of-memory situations.
|
||
|
Expected impact is denial of service or potentially
|
||
|
arbitrary code execution.
|
||
|
|
||
|
Bug fixes:
|
||
|
#612 #645 Fix curruption from undefined entities
|
||
|
#613 #654 Fix case when parsing was suspended while processing nested
|
||
|
entities
|
||
|
#616 #652 #653 Stop leaking opening tag bindings after a closing tag
|
||
|
mismatch error where a parser is reset through
|
||
|
XML_ParserReset and then reused to parse
|
||
|
#656 CMake: Fix generation of pkg-config file
|
||
|
#658 MinGW|CMake: Fix static library name
|
||
|
|
||
|
Other changes:
|
||
|
#663 Protect header expat_config.h from multiple inclusion
|
||
|
#666 examples: Make use of XML_GetBuffer and be more
|
||
|
consistent across examples
|
||
|
#648 Address compiler warnings
|
||
|
#667 #668 Version info bumped from 9:9:8 to 9:10:8;
|
||
|
see https://verbump.de/ for what these numbers do
|
||
|
|
||
|
Special thanks to:
|
||
|
Jann Horn
|
||
|
Mark Brand
|
||
|
Osyotr
|
||
|
Rhodri James
|
||
|
and
|
||
|
Google Project Zero
|
||
|
|
||
|
Release 2.4.9 Tue September 20 2022
|
||
|
Security fixes:
|
||
|
#629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in
|
||
|
function doContent. Expected impact is denial of service
|
||
|
or potentially arbitrary code execution.
|
||
|
|
||
|
Bug fixes:
|
||
|
#634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
|
||
|
#614 docs: Fix documentation on effect of switch XML_DTD on
|
||
|
symbol visibility in doc/reference.html
|
||
|
|
||
|
Other changes:
|
||
|
#638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output
|
||
|
#596 #625 Autotools: Sync CMake templates with CMake 3.22
|
||
|
#608 CMake: Migrate from use of CMAKE_*_POSTFIX to
|
||
|
dedicated variables EXPAT_*_POSTFIX to stop affecting
|
||
|
other projects
|
||
|
#597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners
|
||
|
and fuzzers
|
||
|
#512 #621 Windows|CMake: Render .def file from a template to fix
|
||
|
linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
|
||
|
#611 #621 MinGW|CMake: Apply MSVC .def file when linking
|
||
|
#622 #624 MinGW|CMake: Sync library name with GNU Autotools,
|
||
|
i.e. produce libexpat-1.dll rather than libexpat.dll
|
||
|
by default. Filename libexpat.dll.a is unaffected.
|
||
|
#632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
|
||
|
toolchain file "cmake/mingw-toolchain.cmake" to avoid
|
||
|
error "windres: Command not found" on e.g. Ubuntu 20.04
|
||
|
#597 #627 CMake: Unify inconsistent use of set() and option() in
|
||
|
context of public build time options to take need for
|
||
|
set(.. FORCE) in projects using Expat by means of
|
||
|
add_subdirectory(..) off Expat's users' shoulders
|
||
|
#626 #641 Stop exporting API symbols when building a static library
|
||
|
#644 Resolve use of deprecated "fgrep" by "grep -F"
|
||
|
#620 CMake: Make documentation on variables a bit more consistent
|
||
|
#636 CMake: Drop leading whitespace from a #cmakedefine line in
|
||
|
file expat_config.h.cmake
|
||
|
#594 xmlwf: Fix harmless variable mix-up in function nsattcmp
|
||
|
#592 #593 #610 Address Cppcheck warnings
|
||
|
#643 Address Clang 15 compiler warnings
|
||
|
#642 #644 Version info bumped from 9:8:8 to 9:9:8;
|
||
|
see https://verbump.de/ for what these numbers do
|
||
|
|
||
|
Infrastructure:
|
||
|
#597 #598 CI: Windows: Start covering MSVC 2022
|
||
|
#619 CI: macOS: Migrate off deprecated macOS 10.15
|
||
|
#632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work
|
||
|
#643 CI: Upgrade Clang from 14 to 15
|
||
|
#637 apply-clang-format.sh: Add support for BSD find
|
||
|
#633 coverage.sh: Exclude MinGW headers
|
||
|
#635 coverage.sh: Fix name collision for -funsigned-char
|
||
|
|
||
|
Special thanks to:
|
||
|
David Faure
|
||
|
Felix Wilhelm
|
||
|
Frank Bergmann
|
||
|
Rhodri James
|
||
|
Rosen Penev
|
||
|
Thijs Schreijer
|
||
|
Vincent Torri
|
||
|
and
|
||
|
Google Project Zero
|
||
|
|
||
|
Release 2.4.8 Mon March 28 2022
|
||
|
Other changes:
|
||
|
#587 pkg-config: Move "-lm" to section "Libs.private"
|
||
|
#587 CMake|MSVC: Fix pkg-config section "Libs"
|
||
|
#55 #582 CMake|macOS: Start using linker arguments
|
||
|
"-compatibility_version <version>" and
|
||
|
"-current_version <version>" in a way compatible with
|
||
|
GNU Libtool
|
||
|
#590 #591 Version info bumped from 9:7:8 to 9:8:8;
|
||
|
see https://verbump.de/ for what these numbers do
|
||
|
|
||
|
Infrastructure:
|
||
|
#589 CI: Upgrade Clang from 13 to 14
|
||
|
|
||
|
Special thanks to:
|
||
|
evpobr
|
||
|
Kai Pastor
|
||
|
Sam James
|
||
|
|
||
|
Release 2.4.7 Fri March 4 2022
|
||
|
Bug fixes:
|
||
|
#572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
|
||
|
with regard to all valid URI characters (RFC 3986),
|
||
|
i.e. the following set (excluding whitespace):
|
||
|
ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
|
||
|
0123456789 % -._~ :/?#[]@ !$&'()*+,;=
|
||
|
|
||
|
Other changes:
|
||
|
#555 #570 #581 CMake|Windows: Store Expat version in the DLL
|
||
|
#577 Document consequences of namespace separator choices not just
|
||
|
in doc/reference.html but also in header <expat.h>
|
||
|
#577 Document Expat's lack of validation of namespace URIs against
|
||
|
RFC 3986, and that the XML 1.0r4 specification doesn't
|
||
|
require Expat to validate namespace URIs, and that Expat
|
||
|
may do more in that regard in future releases.
|
||
|
If you find need for strict RFC 3986 URI validation on
|
||
|
application level today, https://uriparser.github.io/ may
|
||
|
be of interest.
|
||
|
#579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
|
||
|
#575 Document that a call to XML_FreeContentModel can be done at
|
||
|
a later time from outside the element declaration handler
|
||
|
#574 Make hardcoded namespace URIs easier to find in code
|
||
|
#573 Update documentation on use of XML_POOR_ENTOPY on Solaris
|
||
|
#569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++
|
||
|
4.8.2 on Solaris.
|
||
|
#578 #580 Version info bumped from 9:6:8 to 9:7:8;
|
||
|
see https://verbump.de/ for what these numbers do
|
||
|
|
||
|
Special thanks to:
|
||
|
Jeffrey Walton
|
||
|
Johnny Jazeix
|
||
|
Thijs Schreijer
|
||
|
|
||
|
Release 2.4.6 Sun February 20 2022
|
||
|
Bug fixes:
|
||
|
#566 Fix a regression introduced by the fix for CVE-2022-25313
|
||
|
in release 2.4.5 that affects applications that (1)
|
||
|
call function XML_SetElementDeclHandler and (2) are
|
||
|
parsing XML that contains nested element declarations
|
||
|
(e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
|
||
|
|
||
|
Other changes:
|
||
|
#567 #568 Version info bumped from 9:5:8 to 9:6:8;
|
||
|
see https://verbump.de/ for what these numbers do
|
||
|
|
||
|
Special thanks to:
|
||
|
Matt Sergeant
|
||
|
Samanta Navarro
|
||
|
Sergei Trofimovich
|
||
|
and
|
||
|
NixOS
|
||
|
Perl XML::Parser
|
||
|
|
||
|
Release 2.4.5 Fri February 18 2022
|
||
|
Security fixes:
|
||
|
#562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
|
||
|
sequences (e.g. from start tag names) to the XML
|
||
|
processing application on top of Expat can cause
|
||
|
arbitrary damage (e.g. code execution) depending
|
||
|
on how invalid UTF-8 is handled inside the XML
|
||
|
processor; validation was not their job but Expat's.
|
||
|
Exploits with code execution are known to exist.
|
||
|
#561 CVE-2022-25236 -- Passing (one or more) namespace separator
|
||
|
characters in "xmlns[:prefix]" attribute values
|
||
|
made Expat send malformed tag names to the XML
|
||
|
processor on top of Expat which can cause
|
||
|
arbitrary damage (e.g. code execution) depending
|
||
|
on such unexpectable cases are handled inside the XML
|
||
|
processor; validation was not their job but Expat's.
|
||
|
Exploits with code execution are known to exist.
|
||
|
#558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
|
||
|
that could be triggered by e.g. a 2 megabytes
|
||
|
file with a large number of opening braces.
|
||
|
Expected impact is denial of service or potentially
|
||
|
arbitrary code execution.
|
||
|
#560 CVE-2022-25314 -- Fix integer overflow in function copyString;
|
||
|
only affects the encoding name parameter at parser creation
|
||
|
time which is often hardcoded (rather than user input),
|
||
|
takes a value in the gigabytes to trigger, and a 64-bit
|
||
|
machine. Expected impact is denial of service.
|
||
|
#559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
|
||
|
needs input in the gigabytes and a 64-bit machine.
|
||
|
Expected impact is denial of service or potentially
|
||
|
arbitrary code execution.
|
||
|
|
||
|
Other changes:
|
||
|
#557 #564 Version info bumped from 9:4:8 to 9:5:8;
|
||
|
see https://verbump.de/ for what these numbers do
|
||
|
|
||
|
Special thanks to:
|
||
|
Ivan Fratric
|
||
|
Samanta Navarro
|
||
|
and
|
||
|
Google Project Zero
|
||
|
JetBrains
|
||
|
|
||
|
Release 2.4.4 Sun January 30 2022
|
||
|
Security fixes:
|
||
|
#550 CVE-2022-23852 -- Fix signed integer overflow
|
||
|
(undefined behavior) in function XML_GetBuffer
|
||
|
(that is also called by function XML_Parse internally)
|
||
|
for when XML_CONTEXT_BYTES is defined to >0 (which is both
|
||
|
common and default).
|
||
|
Impact is denial of service or more.
|
||
|
#551 CVE-2022-23990 -- Fix unsigned integer overflow in function
|
||
|
doProlog triggered by large content in element type
|
||
|
declarations when there is an element declaration handler
|
||
|
present (from a prior call to XML_SetElementDeclHandler).
|
||
|
Impact is denial of service or more.
|
||
|
|
||
|
Bug fixes:
|
||
|
#544 #545 xmlwf: Fix a memory leak on output file opening error
|
||
|
|
||
|
Other changes:
|
||
|
#546 Autotools: Fix broken CMake support under Cygwin
|
||
|
#554 Windows: Add missing files to the installer to fix
|
||
|
compilation with CMake from installed sources
|
||
|
#552 #554 Version info bumped from 9:3:8 to 9:4:8;
|
||
|
see https://verbump.de/ for what these numbers do
|
||
|
|
||
|
Special thanks to:
|
||
|
Carlo Bramini
|
||
|
hwt0415
|
||
|
Roland Illig
|
||
|
Samanta Navarro
|
||
|
and
|
||
|
Clang LeakSan and the Clang team
|
||
|
|
||
|
Release 2.4.3 Sun January 16 2022
|
||
|
Security fixes:
|
||
|
#531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
|
||
|
resulting in
|
||
|
a) realloc acting as free
|
||
|
b) realloc allocating too few bytes
|
||
|
c) undefined behavior
|
||
|
depending on architecture and precise value
|
||
|
for XML documents with >=2^27+1 prefixed attributes
|
||
|
on a single XML tag a la
|
||
|
"<r xmlns:a='[..]' a:a123='[..]' [..] />"
|
||
|
where XML_ParserCreateNS is used to create the parser
|
||
|
(which needs argument "-n" when running xmlwf).
|
||
|
Impact is denial of service, or more.
|
||
|
#532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
|
||
|
on variable m_groupSize in function doProlog leading
|
||
|
to realloc acting as free.
|
||
|
Impact is denial of service or more.
|
||
|
#539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
|
||
|
near memory allocation at multiple places. Mitre assigned
|
||
|
a dedicated CVE for each involved internal C function:
|
||
|
- CVE-2022-22822 for function addBinding
|
||
|
- CVE-2022-22823 for function build_model
|
||
|
- CVE-2022-22824 for function defineAttribute
|
||
|
- CVE-2022-22825 for function lookup
|
||
|
- CVE-2022-22826 for function nextScaffoldPart
|
||
|
- CVE-2022-22827 for function storeAtts
|
||
|
Impact is denial of service or more.
|
||
|
|
||
|
Other changes:
|
||
|
#535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19
|
||
|
#541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
|
||
|
and MSYS2 by not going through Wine on these platforms
|
||
|
#527 #528 Address compiler warnings
|
||
|
#533 #543 Version info bumped from 9:2:8 to 9:3:8;
|
||
|
see https://verbump.de/ for what these numbers do
|
||
|
|
||
|
Infrastructure:
|
||
|
#536 CI: Check for realistic minimum CMake version
|
||
|
#529 #539 CI: Cover compilation with -m32
|
||
|
#529 CI: Store coverage reports as artifacts for download
|
||
|
#528 CI: Upgrade Clang from 11 to 13
|
||
|
|
||
|
Special thanks to:
|
||
|
An anonymous whitehat
|
||
|
Christopher Degawa
|
||
|
J. Peter Mugaas
|
||
|
Tyson Smith
|
||
|
and
|
||
|
GCC Farm Project
|
||
|
Trend Micro Zero Day Initiative
|
||
|
|
||
|
Release 2.4.2 Sun December 19 2021
|
||
|
Other changes:
|
||
|
#509 #510 Link againgst libm for function "isnan"
|
||
|
#513 #514 Include expat_config.h as early as possible
|
||
|
#498 Autotools: Include files with release archives:
|
||
|
- buildconf.sh
|
||
|
- fuzz/*.c
|
||
|
#507 #519 Autotools: Sync CMake templates with CMake 3.20
|
||
|
#495 #524 CMake: MinGW: Fix pkg-config section "Libs" for
|
||
|
- non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
|
||
|
- multi-config CMake generators (e.g. Ninja Multi-Config)
|
||
|
#502 #503 docs: Document that function XML_GetBuffer may return NULL
|
||
|
when asking for a buffer of 0 (zero) bytes size
|
||
|
#522 #523 docs: Fix return value docs for both
|
||
|
XML_SetBillionLaughsAttackProtection* functions
|
||
|
#525 #526 Version info bumped from 9:1:8 to 9:2:8;
|
||
|
see https://verbump.de/ for what these numbers do
|
||
|
|
||
|
Special thanks to:
|
||
|
Dong-hee Na
|
||
|
Joergen Ibsen
|
||
|
Kai Pastor
|
||
|
|
||
|
Release 2.4.1 Sun May 23 2021
|
||
|
Bug fixes:
|
||
|
#488 #490 Autotools: Fix installed header expat_config.h for multilib
|
||
|
systems; regression introduced in 2.4.0 by pull request #486
|
||
|
|
||
|
Other changes:
|
||
|
#491 #492 Version info bumped from 9:0:8 to 9:1:8;
|
||
|
see https://verbump.de/ for what these numbers do
|
||
|
|
||
|
Special thanks to:
|
||
|
Gentoo's QA check "multilib_check_headers"
|
||
|
|
||
|
Release 2.4.0 Sun May 23 2021
|
||
|
Security fixes:
|
||
|
#34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
|
||
|
(denial-of-service; flavors targeting CPU time or RAM or both,
|
||
|
leveraging general entities or parameter entities or both)
|
||
|
by tracking and limiting the input amplification factor
|
||
|
(<amplification> := (<direct> + <indirect>) / <direct>).
|
||
|
By conservative default, amplification up to a factor of 100.0
|
||
|
is tolerated and rejection only starts after 8 MiB of output bytes
|
||
|
(=<direct> + <indirect>) have been processed.
|
||
|
The fix adds the following to the API:
|
||
|
- A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
|
||
|
signals this specific condition.
|
||
|
- Two new API functions ..
|
||
|
- XML_SetBillionLaughsAttackProtectionMaximumAmplification and
|
||
|
- XML_SetBillionLaughsAttackProtectionActivationThreshold
|
||
|
.. to further tighten billion laughs protection parameters
|
||
|
when desired. Please see file "doc/reference.html" for details.
|
||
|
If you ever need to increase the defaults for non-attack XML
|
||
|
payload, please file a bug report with libexpat.
|
||
|
- Two new XML_FEATURE_* constants ..
|
||
|
- that can be queried using the XML_GetFeatureList function, and
|
||
|
- that are shown in "xmlwf -v" output.
|
||
|
- Two new environment variable switches ..
|
||
|
- EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
|
||
|
- EXPAT_ENTITY_DEBUG=(0|1)
|
||
|
.. for runtime debugging of accounting and entity processing.
|
||
|
Specific behavior of these values may change in the future.
|
||
|
- Two new command line arguments "-a FACTOR" and "-b BYTES"
|
||
|
for xmlwf to further tighten billion laughs protection
|
||
|
parameters when desired.
|
||
|
If you ever need to increase the defaults for non-attack XML
|
||
|
payload, please file a bug report with libexpat.
|
||
|
|
||
|
Bug fixes:
|
||
|
#332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
|
||
|
or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
|
||
|
for UTF-16 payloads containing CDATA sections.
|
||
|
#485 #486 Autotools: Fix generated CMake files for non-64bit and
|
||
|
non-Linux platforms (e.g. macOS and MinGW in particular)
|
||
|
that were introduced with release 2.3.0
|
||
|
|
||
|
Other changes:
|
||
|
#468 #469 xmlwf: Improve help output and the xmlwf man page
|
||
|
#463 xmlwf: Improve maintainability through some refactoring
|
||
|
#477 xmlwf: Fix man page DocBook validity
|
||
|
#456 Autotools: Sync CMake templates with CMake 3.18
|
||
|
#458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
|
||
|
and CMAKE_INSTALL_INCLUDEDIR
|
||
|
#471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS
|
||
|
#457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
|
||
|
#467 Resolve macro HAVE_EXPAT_CONFIG_H
|
||
|
#472 Delete unused legacy helper file "conftools/PrintPath"
|
||
|
#473 #483 Improve attribution
|
||
|
#464 #465 #477 doc/reference.html: Fix XHTML validity
|
||
|
#475 #478 doc/reference.html: Replace the 90s look by OK.css
|
||
|
#479 Version info bumped from 8:0:7 to 9:0:8
|
||
|
due to addition of new symbols and error codes;
|
||
|
see https://verbump.de/ for what these numbers do
|
||
|
|
||
|
Infrastructure:
|
||
|
#456 CI: Enable periodic runs
|
||
|
#457 CI: Start covering the list of exported symbols
|
||
|
#474 CI: Isolate coverage task
|
||
|
#476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04"
|
||
|
#477 CI: Cover well-formedness and DocBook/XHTML validity
|
||
|
of doc/reference.html and doc/xmlwf.xml
|
||
|
|
||
|
Special thanks to:
|
||
|
Dimitry Andric
|
||
|
Eero Helenius
|
||
|
Nick Wellnhofer
|
||
|
Rhodri James
|
||
|
Tomas Korbar
|
||
|
Yury Gribov
|
||
|
and
|
||
|
Clang LeakSan
|
||
|
JetBrains
|
||
|
OSS-Fuzz
|
||
|
|
||
|
Release 2.3.0 Thu March 25 2021
|
||
|
Bug fixes:
|
||
|
#438 When calling XML_ParseBuffer without a prior successful call to
|
||
|
XML_GetBuffer as a user, no longer trigger undefined behavior
|
||
|
(by adding an integer to a NULL pointer) but rather return
|
||
|
XML_STATUS_ERROR and set the error code to (new) code
|
||
|
XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
|
||
|
of Clang 11 (but not Clang 9).
|
||
|
#444 xmlwf: Exit status 2 was used for both:
|
||
|
- malformed input files (documented) and
|
||
|
- invalid command-line arguments (undocumented).
|
||
|
The case of invalid command-line arguments now
|
||
|
has its own exit status 4, resolving the ambiguity.
|
||
|
|
||
|
Other changes:
|
||
|
#439 xmlwf: Add argument -k to allow continuing after
|
||
|
non-fatal errors
|
||
|
#439 xmlwf: Add section about exit status to the -h help output
|
||
|
#422 #426 #447 Windows: Drop support for Visual Studio <=14.0/2015
|
||
|
#434 Windows: CMake: Detect unsupported Visual Studio at
|
||
|
configure time (rather than at compile time)
|
||
|
#382 #428 testrunner: Make verbose mode (argument "-v") report
|
||
|
about passed tests, and make default mode report about
|
||
|
failures, as well.
|
||
|
#442 CMake: Call "enable_language(CXX)" prior to tinkering
|
||
|
with CMAKE_CXX_* variables
|
||
|
#448 Document use of libexpat from a CMake-based project
|
||
|
#451 Autotools: Install CMake files as generated by CMake 3.19.6
|
||
|
so that users with "find_package(expat [..] CONFIG [..])"
|
||
|
are served on distributions that are *not* using the CMake
|
||
|
build system inside for libexpat packaging
|
||
|
#436 #437 Autotools: Drop obsolescent macro AC_HEADER_STDC
|
||
|
#450 #452 Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
|
||
|
#441 Address compiler warnings
|
||
|
#443 Version info bumped from 7:12:6 to 8:0:7
|
||
|
due to addition of error code XML_ERROR_NO_BUFFER
|
||
|
(see https://verbump.de/ for what these numbers do)
|
||
|
|
||
|
Infrastructure:
|
||
|
#435 #446 Replace Travis CI by GitHub Actions
|
||
|
|
||
|
Special thanks to:
|
||
|
Alexander Richardson
|
||
|
Oleksandr Popovych
|
||
|
Thomas Beutlich
|
||
|
Tim Bray
|
||
|
and
|
||
|
Clang LeakSan, Clang 11 UBSan and the Clang team
|
||
|
|
||
|
Release 2.2.10 Sat October 3 2020
|
||
|
Bug fixes:
|
||
|
#390 #395 #398 Fix undefined behavior during parsing caused by
|
||
|
pointer arithmetic with NULL pointers
|
||
|
#404 #405 Fix reading uninitialized variable during parsing
|
||
|
#406 xmlwf: Add missing check for malloc NULL return
|
||
|
|
||
|
Other changes:
|
||
|
#396 Windows: Drop support for Visual Studio <=8.0/2005
|
||
|
#409 Windows: Add missing file "Changes" to the installer
|
||
|
to fix compilation with CMake from installed sources
|
||
|
#403 xmlwf: Document exit codes in xmlwf manpage and
|
||
|
exit with code 3 (rather than code 1) for output errors
|
||
|
when used with "-d DIRECTORY"
|
||
|
#356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0
|
||
|
#383 #392 Autotools: Use -Werror while configure tests the compiler
|
||
|
for supported compile flags to avoid false positives
|
||
|
#383 #393 #394 Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
|
||
|
e.g. ensure that they have the last word over flags added
|
||
|
while running ./configure
|
||
|
#360 CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
|
||
|
on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
|
||
|
#360 CMake: Detect and deny unsupported build combinations
|
||
|
involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
|
||
|
#360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case
|
||
|
of -DEXPAT_BUILD_DOCS=OFF
|
||
|
#375 #380 #419 CMake: Fix use of Expat by means of add_subdirectory
|
||
|
#407 #408 CMake: Keep expat target name constant at "expat"
|
||
|
(i.e. refrain from using the target name to control
|
||
|
build artifact filenames)
|
||
|
#385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
|
||
|
Windows
|
||
|
CMake: Expose man page compilation as target "xmlwf-manpage"
|
||
|
#413 #414 CMake: Introduce option EXPAT_BUILD_PKGCONFIG
|
||
|
to control generation of pkg-config file "expat.pc"
|
||
|
#424 CMake: Add minimalistic support for building binary packages
|
||
|
with CMake target "package"; based on CPack
|
||
|
#366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
|
||
|
default OFF to build fuzzer code against OSS-Fuzz and
|
||
|
related environment variable LIB_FUZZING_ENGINE
|
||
|
#354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
|
||
|
#354 #355 ..
|
||
|
#356 #412 Address compiler warnings
|
||
|
#368 #369 Address pngcheck warnings with doc/*.png images
|
||
|
#425 Version info bumped from 7:11:6 to 7:12:6
|
||
|
|
||
|
Special thanks to:
|
||
|
asavah
|
||
|
Ben Wagner
|
||
|
Bhargava Shastry
|
||
|
Frank Landgraf
|
||
|
Jeffrey Walton
|
||
|
Joe Orton
|
||
|
Kleber Tarcísio
|
||
|
Ma Lin
|
||
|
Maciej Sroczyński
|
||
|
Mohammed Khajapasha
|
||
|
Vadim Zeitlin
|
||
|
and
|
||
|
Cppcheck 2.0 and the Cppcheck team
|
||
|
|
||
|
Release 2.2.9 Wed September 25 2019
|
||
|
Other changes:
|
||
|
examples: Drop executable bits from elements.c
|
||
|
#349 Windows: Change the name of the Windows DLLs from expat*.dll
|
||
|
to libexpat*.dll once more (regression from 2.2.8, first
|
||
|
fixed in 1.95.3, issue #61 on SourceForge today,
|
||
|
was issue #432456 back then); needs a fix due
|
||
|
case-insensitive file systems on Windows and the fact that
|
||
|
Perl's XML::Parser::Expat compiles into Expat.dll.
|
||
|
#347 Windows: Only define _CRT_RAND_S if not defined
|
||
|
Version info bumped from 7:10:6 to 7:11:6
|
||
|
|
||
|
Special thanks to:
|
||
|
Ben Wagner
|
||
|
|
||
|
Release 2.2.8 Fri September 13 2019
|
||
|
Security fixes:
|
||
|
#317 #318 CVE-2019-15903 -- Fix heap overflow triggered by
|
||
|
XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
|
||
|
and deny internal entities closing the doctype;
|
||
|
fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
|
||
|
|
||
|
Bug fixes:
|
||
|
#240 Fix cases where XML_StopParser did not have any effect
|
||
|
when called from inside of an end element handler
|
||
|
#341 xmlwf: Fix exit code for operation without "-d DIRECTORY";
|
||
|
previously, only "-d DIRECTORY" would give you a proper
|
||
|
exit code:
|
||
|
# xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
|
||
|
2
|
||
|
# xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
|
||
|
0
|
||
|
Now both cases return exit code 2.
|
||
|
|
||
|
Other changes:
|
||
|
#299 #302 Windows: Replace LoadLibrary hack to access
|
||
|
unofficial API function SystemFunction036 (RtlGenRandom)
|
||
|
by using official API function rand_s (needs WinXP+)
|
||
|
#325 Windows: Drop support for Visual Studio <=7.1/2003
|
||
|
and document supported compilers in README.md
|
||
|
#286 Windows: Remove COM code from xmlwf; in case it turns
|
||
|
out needed later, there will be a dedicated repository
|
||
|
below https://github.com/libexpat/ for that code
|
||
|
#322 Windows: Remove explicit MSVC solution and project files.
|
||
|
You can generate Visual Studio solution files through
|
||
|
CMake, e.g.: cmake -G"Visual Studio 15 2017" .
|
||
|
#338 xmlwf: Make "xmlwf -h" help output more friendly
|
||
|
#339 examples: Improve elements.c
|
||
|
#244 #264 Autotools: Add argument --enable-xml-attr-info
|
||
|
#239 #301 Autotools: Add arguments
|
||
|
--with-getrandom
|
||
|
--without-getrandom
|
||
|
--with-sys-getrandom
|
||
|
--without-sys-getrandom
|
||
|
#312 #343 Autotools: Fix linking issues with "./configure LD=clang"
|
||
|
Autotools: Fix "make run-xmltest" for out-of-source builds
|
||
|
#329 #336 CMake: Pull all options from Expat <=2.2.7 into namespace
|
||
|
prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
|
||
|
- BUILD_doc -> EXPAT_BUILD_DOCS (plural)
|
||
|
- BUILD_examples -> EXPAT_BUILD_EXAMPLES
|
||
|
- BUILD_shared -> EXPAT_SHARED_LIBS
|
||
|
- BUILD_tests -> EXPAT_BUILD_TESTS
|
||
|
- BUILD_tools -> EXPAT_BUILD_TOOLS
|
||
|
- DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged)
|
||
|
- INSTALL -> EXPAT_ENABLE_INSTALL
|
||
|
- MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT
|
||
|
- USE_libbsd -> EXPAT_WITH_LIBBSD
|
||
|
- WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS
|
||
|
- XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES
|
||
|
- XML_DEV_URANDOM -> EXPAT_DEV_URANDOM
|
||
|
- XML_DTD -> EXPAT_DTD
|
||
|
- XML_NS -> EXPAT_NS
|
||
|
- XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!)
|
||
|
- XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!)
|
||
|
#244 #264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
|
||
|
default OFF
|
||
|
#326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
|
||
|
default OFF
|
||
|
#328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
|
||
|
default OFF
|
||
|
#239 #277 CMake: Add arguments
|
||
|
-DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
|
||
|
-DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
|
||
|
#326 CMake: Install expat_config.h to include directory
|
||
|
#326 CMake: Generate and install configuration files for
|
||
|
future find_package(expat [..] CONFIG [..])
|
||
|
CMake: Now produces a summary of applied configuration
|
||
|
CMake: Require C++ compiler only when tests are enabled
|
||
|
#330 CMake: Fix compilation for 16bit character types,
|
||
|
i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
|
||
|
#265 CMake: Fix linking with MinGW
|
||
|
#330 CMake: Add full support for MinGW; to enable, use
|
||
|
-DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
|
||
|
#330 CMake: Port "make run-xmltest" from GNU Autotools to CMake
|
||
|
#316 CMake: Windows: Make binary postfix match MSVC
|
||
|
Old: expat[d].lib
|
||
|
New: expat[w][d][MD|MT].lib
|
||
|
CMake: Migrate files from Windows to Unix line endings
|
||
|
#308 CMake: Integrate OSS-Fuzz fuzzers, option
|
||
|
-DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
|
||
|
#14 Drop an OpenVMS support leftover
|
||
|
#235 #268 ..
|
||
|
#270 #310 ..
|
||
|
#313 #331 #333 Address compiler warnings
|
||
|
#282 #283 ..
|
||
|
#284 #285 Address cppcheck warnings
|
||
|
#294 #295 Address Clang Static Analyzer warnings
|
||
|
#24 #293 Mass-apply clang-format 9 (and ensure conformance during CI)
|
||
|
Version info bumped from 7:9:6 to 7:10:6
|
||
|
|
||
|
Special thanks to:
|
||
|
David Loffredo
|
||
|
Joonun Jang
|
||
|
Kishore Kunche
|
||
|
Marco Maggi
|
||
|
Mitch Phillips
|
||
|
Mohammed Khajapasha
|
||
|
Rolf Ade
|
||
|
xantares
|
||
|
Zhongyuan Zhou
|
||
|
|
||
|
Release 2.2.7 Wed June 19 2019
|
||
|
Security fixes:
|
||
|
#186 #262 CVE-2018-20843 -- Fix extraction of namespace prefixes from
|
||
|
XML names; XML names with multiple colons could end up in
|
||
|
the wrong namespace, and take a high amount of RAM and CPU
|
||
|
resources while processing, opening the door to
|
||
|
use for denial-of-service attacks
|
||
|
|
||
|
Other changes:
|
||
|
#195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop
|
||
|
exporting non-API symbols
|
||
|
#227 Autotools: Add --without-examples and --without-tests
|
||
|
#228 Autotools: Modernize configure.ac
|
||
|
#245 #246 Autotools: Fix check for -fvisibility=hidden for Clang
|
||
|
#247 #248 Autotools: Fix compilation for lack of docbook2x-man
|
||
|
#236 #258 Autotools: Produce .tar.{gz,lz,xz} release archives
|
||
|
#212 CMake: Make libdir of pkgconfig expat.pc support multilib
|
||
|
#158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
|
||
|
#219 Remove fallback to bcopy, assume that memmove(3) exists
|
||
|
#257 Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD)
|
||
|
#243 Windows: Fix syntax of .def module definition files
|
||
|
Version info bumped from 7:8:6 to 7:9:6
|
||
|
|
||
|
Special thanks to:
|
||
|
Benjamin Peterson
|
||
|
Caolán McNamara
|
||
|
Hanno Böck
|
||
|
KangLin
|
||
|
Kishore Kunche
|
||
|
Marco Maggi
|
||
|
Rhodri James
|
||
|
Sebastian Dröge
|
||
|
userwithuid
|
||
|
Yury Gribov
|
||
|
|
||
|
Release 2.2.6 Sun August 12 2018
|
||
|
Bug fixes:
|
||
|
#170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer
|
||
|
#204 #205 Fix 2.2.5 regression with suspend-resume while parsing
|
||
|
a document like '<root/>'
|
||
|
|
||
|
Other changes:
|
||
|
#165 #168 Autotools: Fix docbook-related configure syntax error
|
||
|
#166 Autotools: Avoid grep option `-q` for Solaris
|
||
|
#167 Autotools: Support
|
||
|
./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
|
||
|
#159 #167 Autotools: Support DOCBOOK_TO_MAN command which produces
|
||
|
xmlwf.1 rather than XMLWF.1; also covers case insensitive
|
||
|
file systems
|
||
|
#181 Autotools: Drop -rpath option passed to libtool
|
||
|
#188 Autotools: Detect and deny SGML docbook2man as ours is XML
|
||
|
#188 Autotools/CMake: Support command db2x_docbook2man as well
|
||
|
#174 CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
|
||
|
#184 #185 CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
|
||
|
#207 #208 CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
|
||
|
both defaulting to OFF
|
||
|
#175 CMake: Prefer check_symbol_exists over check_function_exists
|
||
|
#176 CMake: Create the same pkg-config file as with GNU Autotools
|
||
|
#178 #179 CMake: Use GNUInstallDirs module to set proper defaults for
|
||
|
install directories
|
||
|
#208 CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
|
||
|
#180 Windows: Fix compilation of test suite for Visual Studio 2008
|
||
|
#131 #173 #202 Address compiler warnings
|
||
|
#187 #190 #200 Fix miscellaneous typos
|
||
|
Version info bumped from 7:7:6 to 7:8:6
|
||
|
|
||
|
Special thanks to:
|
||
|
Anton Maklakov
|
||
|
Benjamin Peterson
|
||
|
Brad King
|
||
|
Franek Korta
|
||
|
Frank Rast
|
||
|
Joe Orton
|
||
|
luzpaz
|
||
|
Pedro Vicente
|
||
|
Rainer Jung
|
||
|
Rhodri James
|
||
|
Rolf Ade
|
||
|
Rolf Eike Beer
|
||
|
Thomas Beutlich
|
||
|
Tomasz Kłoczko
|
||
|
|
||
|
Release 2.2.5 Tue October 31 2017
|
||
|
Bug fixes:
|
||
|
#8 If the parser runs out of memory, make sure its internal
|
||
|
state reflects the memory it actually has, not the memory
|
||
|
it wanted to have.
|
||
|
#11 The default handler wasn't being called when it should for
|
||
|
a SYSTEM or PUBLIC doctype if an entity declaration handler
|
||
|
was registered.
|
||
|
#137 #138 Fix a case of mistakenly reported parsing success where
|
||
|
XML_StopParser was called from an element handler
|
||
|
#162 Function XML_ErrorString was returning NULL rather than
|
||
|
a message for code XML_ERROR_INVALID_ARGUMENT
|
||
|
introduced with release 2.2.1
|
||
|
|
||
|
Other changes:
|
||
|
#106 xmlwf: Add argument -N adding notation declarations
|
||
|
#75 #106 Test suite: Resolve expected failure cases where xmlwf
|
||
|
output was incomplete
|
||
|
#127 Windows: Fix test suite compilation
|
||
|
#126 #127 Windows: Fix compilation for Visual Studio 2012
|
||
|
Windows: Upgrade shipped project files to Visual Studio 2017
|
||
|
#33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
|
||
|
#129 examples: Fix compilation for XML_UNICODE_WCHAR_T
|
||
|
#130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T
|
||
|
#144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
|
||
|
Windows or MinGW for 2-byte wchar_t
|
||
|
#9 Address two Clang Static Analyzer false positives
|
||
|
#59 Resolve troublesome macros hiding parser struct membership
|
||
|
and dereferencing that pointer
|
||
|
#6 Resolve superfluous internal malloc/realloc switch
|
||
|
#153 #155 Improve docbook2x-man detection
|
||
|
#160 Undefine NDEBUG in the test suite (rather than rejecting it)
|
||
|
#161 Address compiler warnings
|
||
|
Version info bumped from 7:6:6 to 7:7:6
|
||
|
|
||
|
Special thanks to:
|
||
|
Benbuck Nason
|
||
|
Hans Wennborg
|
||
|
José Gutiérrez de la Concha
|
||
|
Pedro Monreal Gonzalez
|
||
|
Rhodri James
|
||
|
Rolf Ade
|
||
|
Stephen Groat
|
||
|
and
|
||
|
Core Infrastructure Initiative
|
||
|
|
||
|
Release 2.2.4 Sat August 19 2017
|
||
|
Bug fixes:
|
||
|
#115 Fix copying of partial characters for UTF-8 input
|
||
|
|
||
|
Other changes:
|
||
|
#109 Fix "make check" for non-x86 architectures that default
|
||
|
to unsigned type char (-128..127 rather than 0..255)
|
||
|
#109 coverage.sh: Cover -funsigned-char
|
||
|
Autotools: Introduce --without-xmlwf argument
|
||
|
#65 Autotools: Replace handwritten Makefile with GNU Automake
|
||
|
#43 CMake: Auto-detect high quality entropy extractors, add new
|
||
|
option USE_libbsd=ON to use arc4random_buf of libbsd
|
||
|
#74 CMake: Add -fno-strict-aliasing only where supported
|
||
|
#114 CMake: Always honor manually set BUILD_* options
|
||
|
#114 CMake: Compile man page if docbook2x-man is available, only
|
||
|
#117 Include file tests/xmltest.log.expected in source tarball
|
||
|
(required for "make run-xmltest")
|
||
|
#117 Include (existing) Visual Studio 2013 files in source tarball
|
||
|
Improve test suite error output
|
||
|
#111 Fix some typos in documentation
|
||
|
Version info bumped from 7:5:6 to 7:6:6
|
||
|
|
||
|
Special thanks to:
|
||
|
Jakub Wilk
|
||
|
Joe Orton
|
||
|
Lin Tian
|
||
|
Rolf Eike Beer
|
||
|
|
||
|
Release 2.2.3 Wed August 2 2017
|
||
|
Security fixes:
|
||
|
#82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
|
||
|
using Steve Holme's LoadLibrary wrapper for/of cURL
|
||
|
|
||
|
Bug fixes:
|
||
|
#85 Fix a dangling pointer issue related to realloc
|
||
|
|
||
|
Other changes:
|
||
|
Increase code coverage
|
||
|
#91 Linux: Allow getrandom to fail if nonblocking pool has not
|
||
|
yet been initialized and read /dev/urandom then, instead.
|
||
|
This is in line with what recent Python does.
|
||
|
#81 Pre-10.7/Lion macOS: Support entropy from arc4random
|
||
|
#86 Check that a UTF-16 encoding in an XML declaration has the
|
||
|
right endianness
|
||
|
#4 #5 #7 Recover correctly when some reallocations fail
|
||
|
Repair "./configure && make" for systems without any
|
||
|
provider of high quality entropy
|
||
|
and try reading /dev/urandom on those
|
||
|
Ensure that user-defined character encodings have converter
|
||
|
functions when they are needed
|
||
|
Fix mis-leading description of argument -c in xmlwf.1
|
||
|
Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
|
||
|
for CloudABI
|
||
|
#100 Fix use of SIPHASH_MAIN in siphash.h
|
||
|
#23 Test suite: Fix memory leaks
|
||
|
Version info bumped from 7:4:6 to 7:5:6
|
||
|
|
||
|
Special thanks to:
|
||
|
Chanho Park
|
||
|
Joe Orton
|
||
|
Pascal Cuoq
|
||
|
Rhodri James
|
||
|
Simon McVittie
|
||
|
Vadim Zeitlin
|
||
|
Viktor Szakats
|
||
|
and
|
||
|
Core Infrastructure Initiative
|
||
|
|
||
|
Release 2.2.2 Wed July 12 2017
|
||
|
Security fixes:
|
||
|
#43 Protect against compilation without any source of high
|
||
|
quality entropy enabled, e.g. with CMake build system;
|
||
|
commit ff0207e6076e9828e536b8d9cd45c9c92069b895
|
||
|
#60 Windows with _UNICODE:
|
||
|
Unintended use of LoadLibraryW with a non-wide string
|
||
|
resulted in failure to load advapi32.dll and degradation
|
||
|
in quality of used entropy when compiled with _UNICODE for
|
||
|
Windows; you can launch existing binaries with
|
||
|
EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
|
||
|
quality of entropy used during runtime; commits
|
||
|
* 95b95032f907ef1cd17ee7a9a1768010a825d61d
|
||
|
* 73a5a2e9c081f49f2d775cf7ced864158b68dc80
|
||
|
[MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
|
||
|
resulted in NULL dereference, previously;
|
||
|
commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
|
||
|
|
||
|
Bug fixes:
|
||
|
#69 Fix improper use of unsigned long long integer literals
|
||
|
|
||
|
Other changes:
|
||
|
#73 Start requiring a C99 compiler
|
||
|
#49 Fix "==" Bashism in configure script
|
||
|
#50 Fix too eager getrandom detection for Debian GNU/kFreeBSD
|
||
|
#52 and macOS
|
||
|
#51 Address lack of stdint.h in Visual Studio 2003 to 2008
|
||
|
#58 Address compile warnings
|
||
|
#68 Fix "./buildconf.sh && ./configure" for some versions
|
||
|
of Dash for /bin/sh
|
||
|
#72 CMake: Ease use of Expat in context of a parent project
|
||
|
with multiple CMakeLists.txt files
|
||
|
#72 CMake: Resolve mistaken executable permissions
|
||
|
#76 Address compile warning with -DNDEBUG (not recommended!)
|
||
|
#77 Address compile warning about macro redefinition
|
||
|
|
||
|
Special thanks to:
|
||
|
Alexander Bluhm
|
||
|
Ben Boeckel
|
||
|
Cătălin Răceanu
|
||
|
Kerin Millar
|
||
|
László Böszörményi
|
||
|
S. P. Zeidler
|
||
|
Segev Finer
|
||
|
Václav Slavík
|
||
|
Victor Stinner
|
||
|
Viktor Szakats
|
||
|
and
|
||
|
Radically Open Security
|
||
|
|
||
|
Release 2.2.1 Sat June 17 2017
|
||
|
Security fixes:
|
||
|
CVE-2017-9233 -- External entity infinite loop DoS
|
||
|
Details: https://libexpat.github.io/doc/cve-2017-9233/
|
||
|
Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
|
||
|
[MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
|
||
|
d4f735b88d9932bd5039df2335eefdd0723dbe20
|
||
|
(Fixed version of existing downstream patches!)
|
||
|
(SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
|
||
|
longer tag names; commits
|
||
|
* 896b6c1fd3b842f377d1b62135dccf0a579cf65d
|
||
|
* af507cef2c93cb8d40062a0abe43a4f4e9158fb2
|
||
|
#16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
|
||
|
#25 More integer overflow detection (function poolGrow); commits
|
||
|
* 810b74e4703dcfdd8f404e3cb177d44684775143
|
||
|
* 44178553f3539ce69d34abee77a05e879a7982ac
|
||
|
[MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
|
||
|
* 4be2cb5afcc018d996f34bbbce6374b7befad47f
|
||
|
* 7e5b71b748491b6e459e5c9a1d090820f94544d8
|
||
|
[MOX-005] #30 Use high quality entropy for hash initialization:
|
||
|
* arc4random_buf on BSD, systems with libbsd
|
||
|
(when configured with --with-libbsd), CloudABI
|
||
|
* RtlGenRandom on Windows XP / Server 2003 and later
|
||
|
* getrandom on Linux 3.17+
|
||
|
In a way, that's still part of CVE-2016-5300.
|
||
|
https://github.com/libexpat/libexpat/pull/30/commits
|
||
|
[MOX-005] For the low quality entropy extraction fallback code,
|
||
|
the parser instance address can no longer leak, commit
|
||
|
04ad658bd3079dd15cb60fc67087900f0ff4b083
|
||
|
[MOX-003] Prevent use of uninitialised variable; commit
|
||
|
[MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
|
||
|
Add missing parameter validation to public API functions
|
||
|
and dedicated error code XML_ERROR_INVALID_ARGUMENT:
|
||
|
[MOX-006] * NULL checks; commits
|
||
|
* d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
|
||
|
* 9ed727064b675b7180c98cb3d4f75efba6966681
|
||
|
* 6a747c837c50114dfa413994e07c0ba477be4534
|
||
|
* Negative length (XML_Parse); commit
|
||
|
[MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
|
||
|
[MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
|
||
|
to go further with fixing CVE-2012-0876.
|
||
|
https://github.com/libexpat/libexpat/pull/39/commits
|
||
|
|
||
|
Bug fixes:
|
||
|
#32 Fix sharing of hash salt across parsers;
|
||
|
relevant where XML_ExternalEntityParserCreate is called
|
||
|
prior to XML_Parse, in particular (e.g. FBReader)
|
||
|
#28 xmlwf: Auto-disable use of memory-mapping (and parsing
|
||
|
as a single chunk) for files larger than ~1 GB (2^30 bytes)
|
||
|
rather than failing with error "out of memory"
|
||
|
#3 Fix double free after malloc failure in DTD code; commit
|
||
|
7ae9c3d3af433cd4defe95234eae7dc8ed15637f
|
||
|
#17 Fix memory leak on parser error for unbound XML attribute
|
||
|
prefix with new namespaces defined in the same tag;
|
||
|
found by Google's OSS-Fuzz; commits
|
||
|
* 16f87daae5a16132e479e4f71862128c7a915c73
|
||
|
* b47dbc9745932c160893d433220e462bd605f8cd
|
||
|
xmlwf on Windows: Add missing calls to CloseHandle
|
||
|
|
||
|
New features:
|
||
|
#30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
|
||
|
for runtime debugging of entropy extraction
|
||
|
|
||
|
Other changes:
|
||
|
Increase code coverage
|
||
|
#33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
|
||
|
XML_UNICODE_WCHAR_T was never meant to be used outside
|
||
|
of Windows; 4-byte wchar_t is common on Linux
|
||
|
(SF.net) #538 Start using -fno-strict-aliasing
|
||
|
(SF.net) #540 Support compilation against cloudlibc of CloudABI
|
||
|
Allow MinGW cross-compilation
|
||
|
(SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default)
|
||
|
to bypass compilation of the xmlwf.1 man page
|
||
|
(SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default)
|
||
|
to bypass installation of expat files
|
||
|
CMake: Fix ninja support
|
||
|
Autotools: Add parameters --enable-xml-context [COUNT]
|
||
|
and --disable-xml-context; default of context of 1024
|
||
|
bytes enabled unchanged
|
||
|
#14 Drop AmigaOS 4.x code and includes
|
||
|
#14 Drop ancient build systems:
|
||
|
* Borland C++ Builder
|
||
|
* OpenVMS
|
||
|
* Open Watcom
|
||
|
* Visual Studio 6.0
|
||
|
* Pre-X Mac OS (MPW Makefile)
|
||
|
If you happen to rely on some of these, please get in
|
||
|
touch for joining with maintenance.
|
||
|
#10 Move from WIN32 to _WIN32
|
||
|
#13 Fix "make run-xmltest" order instability
|
||
|
Address compile warnings
|
||
|
Bump version info from 7:2:6 to 7:3:6
|
||
|
Add AUTHORS file
|
||
|
|
||
|
Infrastructure:
|
||
|
#1 Migrate from SourceForge to GitHub (except downloads):
|
||
|
https://github.com/libexpat/
|
||
|
#1 Re-create http://libexpat.org/ project website
|
||
|
Start utilizing Travis CI
|
||
|
|
||
|
Special thanks to:
|
||
|
Andy Wang
|
||
|
Don Lewis
|
||
|
Ed Schouten
|
||
|
Karl Waclawek
|
||
|
Pascal Cuoq
|
||
|
Rhodri James
|
||
|
Sergei Nikulov
|
||
|
Tobias Taschner
|
||
|
Viktor Szakats
|
||
|
and
|
||
|
Core Infrastructure Initiative
|
||
|
Mozilla Foundation (MOSS Track 3: Secure Open Source)
|
||
|
Radically Open Security
|
||
|
|
||
|
Release 2.2.0 Tue June 21 2016
|
||
|
Security fixes:
|
||
|
#537 CVE-2016-0718 -- Fix crash on malformed input
|
||
|
CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
|
||
|
CVE-2015-2716 introduced with Expat 2.1.1
|
||
|
#499 CVE-2016-5300 -- Use more entropy for hash initialization
|
||
|
than the original fix to CVE-2012-0876
|
||
|
#519 CVE-2012-6702 -- Resolve troublesome internal call to srand
|
||
|
that was introduced with Expat 2.1.0
|
||
|
when addressing CVE-2012-0876 (issue #496)
|
||
|
|
||
|
Bug fixes:
|
||
|
Fix uninitialized reads of size 1
|
||
|
(e.g. in little2_updatePosition)
|
||
|
Fix detection of UTF-8 character boundaries
|
||
|
|
||
|
Other changes:
|
||
|
#532 Fix compilation for Visual Studio 2010 (keyword "C99")
|
||
|
Autotools: Resolve use of "$<" to better support bmake
|
||
|
Autotools: Add QA script "qa.sh" (and make target "qa")
|
||
|
Autotools: Respect CXXFLAGS if given
|
||
|
Autotools: Fix "make run-xmltest"
|
||
|
Autotools: Have "make run-xmltest" check for expected output
|
||
|
p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
|
||
|
#536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
|
||
|
#323 CMake: Add suffix "d" to differentiate debug from release
|
||
|
CMake: Define WIN32 with CMake on Windows
|
||
|
Annotate memory allocators for GCC
|
||
|
Address all currently known compile warnings
|
||
|
Make sure that API symbols remain visible despite
|
||
|
-fvisibility=hidden
|
||
|
Remove executable flag from source files
|
||
|
Resolve COMPILED_FROM_DSP in favor of WIN32
|
||
|
|
||
|
Special thanks to:
|
||
|
Björn Lindahl
|
||
|
Christian Heimes
|
||
|
Cristian Rodríguez
|
||
|
Daniel Krügler
|
||
|
Gustavo Grieco
|
||
|
Karl Waclawek
|
||
|
László Böszörményi
|
||
|
Marco Grassi
|
||
|
Pascal Cuoq
|
||
|
Sergei Nikulov
|
||
|
Thomas Beutlich
|
||
|
Warren Young
|
||
|
Yann Droneaud
|
||
|
|
||
|
Release 2.1.1 Sat March 12 2016
|
||
|
Security fixes:
|
||
|
#582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
|
||
|
|
||
|
Bug fixes:
|
||
|
#502: Fix potential null pointer dereference
|
||
|
#520: Symbol XML_SetHashSalt was not exported
|
||
|
Output of "xmlwf -h" was incomplete
|
||
|
|
||
|
Other changes:
|
||
|
#503: Document behavior of calling XML_SetHashSalt with salt 0
|
||
|
Minor improvements to man page xmlwf(1)
|
||
|
Improvements to the experimental CMake build system
|
||
|
libtool now invoked with --verbose
|
||
|
|
||
|
Release 2.1.0 Sat March 24 2012
|
||
|
- Security fixes:
|
||
|
#2958794: CVE-2012-1148 - Memory leak in poolGrow.
|
||
|
#2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
|
||
|
#3496608: CVE-2012-0876 - Hash DOS attack.
|
||
|
#2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
|
||
|
#1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
|
||
|
- Bug Fixes:
|
||
|
#1742315: Harmful XML_ParserCreateNS suggestion.
|
||
|
#1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
|
||
|
#1983953, 2517952, 2517962, 2649838:
|
||
|
Build modifications using autoreconf instead of buildconf.sh.
|
||
|
#2815947, #2884086: OBJEXT and EXEEXT support while building.
|
||
|
#2517938: xmlwf should return non-zero exit status if not well-formed.
|
||
|
#2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
|
||
|
#2855609: Dangling positionPtr after error.
|
||
|
#2990652: CMake support.
|
||
|
#3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
|
||
|
#3206497: Uninitialized memory returned from XML_Parse.
|
||
|
#3287849: make check fails on mingw-w64.
|
||
|
- Patches:
|
||
|
#1749198: pkg-config support.
|
||
|
#3010222: Fix for bug #3010819.
|
||
|
#3312568: CMake support.
|
||
|
#3446384: Report byte offsets for attr names and values.
|
||
|
- New Features / API changes:
|
||
|
Added new API member XML_SetHashSalt() that allows setting an initial
|
||
|
value (salt) for hash calculations. This is part of the fix for
|
||
|
bug #3496608 to randomize hash parameters.
|
||
|
When compiled with XML_ATTR_INFO defined, adds new API member
|
||
|
XML_GetAttributeInfo() that allows retrieving the byte
|
||
|
offsets for attribute names and values (patch #3446384).
|
||
|
Added CMake build system.
|
||
|
See bug #2990652 and patch #3312568.
|
||
|
Added run-benchmark target to Makefile.in - relies on testdata module
|
||
|
present in the same relative location as in the repository.
|
||
|
|
||
|
Release 2.0.1 Tue June 5 2007
|
||
|
- Fixed bugs #1515266, #1515600: The character data handler's calling
|
||
|
of XML_StopParser() was not handled properly; if the parser was
|
||
|
stopped and the handler set to NULL, the parser would segfault.
|
||
|
- Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
|
||
|
some character constants to be ASCII encoded.
|
||
|
- Minor cleanups of the test harness.
|
||
|
- Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
|
||
|
- Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
|
||
|
- Fixes and improvements for Windows platform:
|
||
|
bugs #1409451, #1476160, #1548182, #1602769, #1717322.
|
||
|
- Build fixes for various platforms:
|
||
|
HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
|
||
|
All Unix: #1554618 (refreshed config.sub/config.guess).
|
||
|
#1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
|
||
|
without relying on GNU-Make specific features.
|
||
|
#1647805: Patched configure.in to work better with Intel compiler.
|
||
|
- Fixes to Makefile.in to have make check work correctly:
|
||
|
bugs #1408143, #1535603, #1536684.
|
||
|
- Added Open Watcom support: patch #1523242.
|
||
|
|
||
|
Release 2.0.0 Wed Jan 11 2006
|
||
|
- We no longer use the "check" library for C unit testing; we
|
||
|
always use the (partial) internal implementation of the API.
|
||
|
- Report XML_NS setting via XML_GetFeatureList().
|
||
|
- Fixed headers for use from C++.
|
||
|
- XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber()
|
||
|
now return unsigned integers.
|
||
|
- Added XML_LARGE_SIZE switch to enable 64-bit integers for
|
||
|
byte indexes and line/column numbers.
|
||
|
- Updated to use libtool 1.5.22 (the most recent).
|
||
|
- Added support for AmigaOS.
|
||
|
- Some mostly minor bug fixes. SF issues include: #1006708,
|
||
|
#1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
|
||
|
|
||
|
Release 1.95.8 Fri Jul 23 2004
|
||
|
- Major new feature: suspend/resume. Handlers can now request
|
||
|
that a parse be suspended for later resumption or aborted
|
||
|
altogether. See "Temporarily Stopping Parsing" in the
|
||
|
documentation for more details.
|
||
|
- Some mostly minor bug fixes, but compilation should no
|
||
|
longer generate warnings on most platforms. SF issues
|
||
|
include: #827319, #840173, #846309, #888329, #896188, #923913,
|
||
|
#928113, #961698, #985192.
|
||
|
|
||
|
Release 1.95.7 Mon Oct 20 2003
|
||
|
- Fixed enum XML_Status issue (reported on SourceForge many
|
||
|
times), so compilers that are properly picky will be happy.
|
||
|
- Introduced an XMLCALL macro to control the calling
|
||
|
convention used by the Expat API; this macro should be used
|
||
|
to annotate prototypes and definitions of callback
|
||
|
implementations in code compiled with a calling convention
|
||
|
other than the default convention for the host platform.
|
||
|
- Improved ability to build without the configure-generated
|
||
|
expat_config.h header. This is useful for applications
|
||
|
which embed Expat rather than linking in the library.
|
||
|
- Fixed a variety of bugs: see SF issues #458907, #609603,
|
||
|
#676844, #679754, #692878, #692964, #695401, #699323, #699487,
|
||
|
#820946.
|
||
|
- Improved hash table lookups.
|
||
|
- Added more regression tests and improved documentation.
|
||
|
|
||
|
Release 1.95.6 Tue Jan 28 2003
|
||
|
- Added XML_FreeContentModel().
|
||
|
- Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
|
||
|
- Fixed a variety of bugs: see SF issues #615606, #616863,
|
||
|
#618199, #653180, #673791.
|
||
|
- Enhanced the regression test suite.
|
||
|
- Man page improvements: includes SF issue #632146.
|
||
|
|
||
|
Release 1.95.5 Fri Sep 6 2002
|
||
|
- Added XML_UseForeignDTD() for improved SAX2 support.
|
||
|
- Added XML_GetFeatureList().
|
||
|
- Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
|
||
|
- Use an incomplete struct instead of a void* for the parser
|
||
|
(may not retain).
|
||
|
- Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
|
||
|
- Finally fixed bug where default handler would report DTD
|
||
|
events that were already handled by another handler.
|
||
|
Initial patch contributed by Darryl Miles.
|
||
|
- Removed unnecessary DllMain() function that caused static
|
||
|
linking into a DLL to be difficult.
|
||
|
- Added VC++ projects for building static libraries.
|
||
|
- Reduced line-length for all source code and headers to be
|
||
|
no longer than 80 characters, to help with AS/400 support.
|
||
|
- Reduced memory copying during parsing (SF patch #600964).
|
||
|
- Fixed a variety of bugs: see SF issues #580793, #434664,
|
||
|
#483514, #580503, #581069, #584041, #584183, #584832, #585537,
|
||
|
#596555, #596678, #598352, #598944, #599715, #600479, #600971.
|
||
|
|
||
|
Release 1.95.4 Fri Jul 12 2002
|
||
|
- Added support for VMS, contributed by Craig Berry. See
|
||
|
vms/README.vms for more information.
|
||
|
- Added Mac OS (classic) support, with a makefile for MPW,
|
||
|
contributed by Thomas Wegner and Daryle Walker.
|
||
|
- Added Borland C++ Builder 5 / BCC 5.5 support, contributed
|
||
|
by Patrick McConnell (SF patch #538032).
|
||
|
- Fixed a variety of bugs: see SF issues #441449, #563184,
|
||
|
#564342, #566334, #566901, #569461, #570263, #575168, #579196.
|
||
|
- Made skippedEntityHandler conform to SAX2 (see source comment)
|
||
|
- Re-implemented WFC: Entity Declared from XML 1.0 spec and
|
||
|
added a new error "entity declared in parameter entity":
|
||
|
see SF bug report #569461 and SF patch #578161
|
||
|
- Re-implemented section 5.1 from XML 1.0 spec:
|
||
|
see SF bug report #570263 and SF patch #578161
|
||
|
|
||
|
Release 1.95.3 Mon Jun 3 2002
|
||
|
- Added a project to the MSVC workspace to create a wchar_t
|
||
|
version of the library; the DLLs are named libexpatw.dll.
|
||
|
- Changed the name of the Windows DLLs from expat.dll to
|
||
|
libexpat.dll; this fixes SF bug #432456.
|
||
|
- Added the XML_ParserReset() API function.
|
||
|
- Fixed XML_SetReturnNSTriplet() to work for element names.
|
||
|
- Made the XML_UNICODE builds usable (thanks, Karl!).
|
||
|
- Allow xmlwf to read from standard input.
|
||
|
- Install a man page for xmlwf on Unix systems.
|
||
|
- Fixed many bugs; see SF bug reports #231864, #461380, #464837,
|
||
|
#466885, #469226, #477667, #484419, #487840, #494749, #496505,
|
||
|
#547350. Other bugs which we can't test as easily may also
|
||
|
have been fixed, especially in the area of build support.
|
||
|
|
||
|
Release 1.95.2 Fri Jul 27 2001
|
||
|
- More changes to make MSVC happy with the build; add a single
|
||
|
workspace to support both the library and xmlwf application.
|
||
|
- Added a Windows installer for Windows users; includes
|
||
|
xmlwf.exe.
|
||
|
- Added compile-time constants that can be used to determine the
|
||
|
Expat version
|
||
|
- Removed a lot of GNU-specific dependencies to aide portability
|
||
|
among the various Unix flavors.
|
||
|
- Fix the UTF-8 BOM bug.
|
||
|
- Cleaned up warning messages for several compilers.
|
||
|
- Added the -Wall, -Wstrict-prototypes options for GCC.
|
||
|
|
||
|
Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
|
||
|
- Changes to get expat to build under Microsoft compiler
|
||
|
- Removed all aborts and instead return an UNEXPECTED_STATE error.
|
||
|
- Fixed a bug where a stray '%' in an entity value would cause an
|
||
|
abort.
|
||
|
- Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
|
||
|
finding this oversight.
|
||
|
- Changed default patterns in lib/Makefile.in to fit non-GNU makes
|
||
|
Thanks to robin@unrated.net for reporting and providing an
|
||
|
account to test on.
|
||
|
- The reference had the wrong label for XML_SetStartNamespaceDecl.
|
||
|
Reported by an anonymous user.
|
||
|
|
||
|
Release 1.95.0 Fri Sep 29 2000
|
||
|
- XML_ParserCreate_MM
|
||
|
Allows you to set a memory management suite to replace the
|
||
|
standard malloc,realloc, and free.
|
||
|
- XML_SetReturnNSTriplet
|
||
|
If you turn this feature on when namespace processing is in
|
||
|
effect, then qualified, prefixed element and attribute names
|
||
|
are returned as "uri|name|prefix" where '|' is whatever
|
||
|
separator character is used in namespace processing.
|
||
|
- Merged in features from perl-expat
|
||
|
o XML_SetElementDeclHandler
|
||
|
o XML_SetAttlistDeclHandler
|
||
|
o XML_SetXmlDeclHandler
|
||
|
o XML_SetEntityDeclHandler
|
||
|
o StartDoctypeDeclHandler takes 3 additional parameters:
|
||
|
sysid, pubid, has_internal_subset
|
||
|
o Many paired handler setters (like XML_SetElementHandler)
|
||
|
now have corresponding individual handler setters
|
||
|
o XML_GetInputContext for getting the input context of
|
||
|
the current parse position.
|
||
|
- Added reference material
|
||
|
- Packaged into a distribution that builds a sharable library
|