1 NOTE: We are looking for help with a few things:
2 https://github.com/libexpat/libexpat/labels/help%20wanted
3 If you can help, please get in touch. Thanks!
5 Release 2.2.5 Tue October 31 2017
7 #8 If the parser runs out of memory, make sure its internal
8 state reflects the memory it actually has, not the memory
10 #11 The default handler wasn't being called when it should for
11 a SYSTEM or PUBLIC doctype if an entity declaration handler
13 #137 #138 Fix a case of mistakenly reported parsing success where
14 XML_StopParser was called from an element handler
15 #162 Function XML_ErrorString was returning NULL rather than
16 a message for code XML_ERROR_INVALID_ARGUMENT
17 introduced with release 2.2.1
20 #106 xmlwf: Add argument -N adding notation declarations
21 #75 #106 Test suite: Resolve expected failure cases where xmlwf
23 #127 Windows: Fix test suite compilation
24 #126 #127 Windows: Fix compilation for Visual Studio 2012
25 #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
26 #129 examples: Fix compilation for XML_UNICODE_WCHAR_T
27 #130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T
28 #144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
29 Windows or MinGW for 2-byte wchar_t
30 #9 Address two Clang Static Analyzer false positives
31 #59 Resolve troublesome macros hiding parser struct membership
32 and dereferencing that pointer
33 #6 Resolve superfluous internal malloc/realloc switch
34 #153 #155 Improve docbook2x-man detection
35 #160 Undefine NDEBUG in the test suite (rather than rejecting it)
36 #161 Address compiler warnings
37 Version info bumped from 7:6:6 to 7:7:6
42 José Gutiérrez de la Concha
43 Pedro Monreal Gonzalez
48 Core Infrastructure Initiative
50 Release 2.2.4 Sat August 19 2017
52 #115 Fix copying of partial characters for UTF-8 input
55 #109 Fix "make check" for non-x86 architectures that default
56 to unsigned type char (-128..127 rather than 0..255)
57 #109 coverage.sh: Cover -funsigned-char
58 Autotools: Introduce --without-xmlwf argument
59 #65 Autotools: Replace handwritten Makefile with GNU Automake
60 #43 CMake: Auto-detect high quality entropy extractors, add new
61 option USE_libbsd=ON to use arc4random_buf of libbsd
62 #74 CMake: Add -fno-strict-aliasing only where supported
63 #114 CMake: Always honor manually set BUILD_* options
64 #114 CMake: Compile man page if docbook2x-man is available, only
65 #117 Include file tests/xmltest.log.expected in source tarball
66 (required for "make run-xmltest")
67 #117 Include (existing) Visual Studio 2013 files in source tarball
68 Improve test suite error output
69 #111 Fix some typos in documentation
70 Version info bumped from 7:5:6 to 7:6:6
78 Release 2.2.3 Wed August 2 2017
80 #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
81 using Steve Holme's LoadLibrary wrapper for/of cURL
84 #85 Fix a dangling pointer issue related to realloc
87 Increase code coverage
88 #91 Linux: Allow getrandom to fail if nonblocking pool has not
89 yet been initialized and read /dev/urandom then, instead.
90 This is in line with what recent Python does.
91 #81 Pre-10.7/Lion macOS: Support entropy from arc4random
92 #86 Check that a UTF-16 encoding in an XML declaration has the
94 #4 #5 #7 Recover correctly when some reallocations fail
95 Repair "./configure && make" for systems without any
96 provider of high quality entropy
97 and try reading /dev/urandom on those
98 Ensure that user-defined character encodings have converter
99 functions when they are needed
100 Fix mis-leading description of argument -c in xmlwf.1
101 Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
103 #100 Fix use of SIPHASH_MAIN in siphash.h
104 #23 Test suite: Fix memory leaks
105 Version info bumped from 7:4:6 to 7:5:6
116 Core Infrastructure Initiative
118 Release 2.2.2 Wed July 12 2017
120 #43 Protect against compilation without any source of high
121 quality entropy enabled, e.g. with CMake build system;
122 commit ff0207e6076e9828e536b8d9cd45c9c92069b895
123 #60 Windows with _UNICODE:
124 Unintended use of LoadLibraryW with a non-wide string
125 resulted in failure to load advapi32.dll and degradation
126 in quality of used entropy when compiled with _UNICODE for
127 Windows; you can launch existing binaries with
128 EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
129 quality of entropy used during runtime; commits
130 * 95b95032f907ef1cd17ee7a9a1768010a825d61d
131 * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
132 [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
133 resulted in NULL dereference, previously;
134 commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
137 #69 Fix improper use of unsigned long long integer literals
140 #73 Start requiring a C99 compiler
141 #49 Fix "==" Bashism in configure script
142 #50 Fix too eager getrandom detection for Debian GNU/kFreeBSD
144 #51 Address lack of stdint.h in Visual Studio 2003 to 2008
145 #58 Address compile warnings
146 #68 Fix "./buildconf.sh && ./configure" for some versions
148 #72 CMake: Ease use of Expat in context of a parent project
149 with multiple CMakeLists.txt files
150 #72 CMake: Resolve mistaken executable permissions
151 #76 Address compile warning with -DNDEBUG (not recommended!)
152 #77 Address compile warning about macro redefinition
166 Radically Open Security
168 Release 2.2.1 Sat June 17 2017
170 CVE-2017-9233 -- External entity infinite loop DoS
171 Details: https://libexpat.github.io/doc/cve-2017-9233/
172 Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
173 [MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
174 d4f735b88d9932bd5039df2335eefdd0723dbe20
175 (Fixed version of existing downstream patches!)
176 (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
177 longer tag names; commits
178 * 896b6c1fd3b842f377d1b62135dccf0a579cf65d
179 * af507cef2c93cb8d40062a0abe43a4f4e9158fb2
180 #16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
181 #25 More integer overflow detection (function poolGrow); commits
182 * 810b74e4703dcfdd8f404e3cb177d44684775143
183 * 44178553f3539ce69d34abee77a05e879a7982ac
184 [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
185 * 4be2cb5afcc018d996f34bbbce6374b7befad47f
186 * 7e5b71b748491b6e459e5c9a1d090820f94544d8
187 [MOX-005] #30 Use high quality entropy for hash initialization:
188 * arc4random_buf on BSD, systems with libbsd
189 (when configured with --with-libbsd), CloudABI
190 * RtlGenRandom on Windows XP / Server 2003 and later
191 * getrandom on Linux 3.17+
192 In a way, that's still part of CVE-2016-5300.
193 https://github.com/libexpat/libexpat/pull/30/commits
194 [MOX-005] For the low quality entropy extraction fallback code,
195 the parser instance address can no longer leak, commit
196 04ad658bd3079dd15cb60fc67087900f0ff4b083
197 [MOX-003] Prevent use of uninitialised variable; commit
198 [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
199 Add missing parameter validation to public API functions
200 and dedicated error code XML_ERROR_INVALID_ARGUMENT:
201 [MOX-006] * NULL checks; commits
202 * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
203 * 9ed727064b675b7180c98cb3d4f75efba6966681
204 * 6a747c837c50114dfa413994e07c0ba477be4534
205 * Negative length (XML_Parse); commit
206 [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
207 [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
208 to go further with fixing CVE-2012-0876.
209 https://github.com/libexpat/libexpat/pull/39/commits
212 #32 Fix sharing of hash salt across parsers;
213 relevant where XML_ExternalEntityParserCreate is called
214 prior to XML_Parse, in particular (e.g. FBReader)
215 #28 xmlwf: Auto-disable use of memory-mapping (and parsing
216 as a single chunk) for files larger than ~1 GB (2^30 bytes)
217 rather than failing with error "out of memory"
218 #3 Fix double free after malloc failure in DTD code; commit
219 7ae9c3d3af433cd4defe95234eae7dc8ed15637f
220 #17 Fix memory leak on parser error for unbound XML attribute
221 prefix with new namespaces defined in the same tag;
222 found by Google's OSS-Fuzz; commits
223 * 16f87daae5a16132e479e4f71862128c7a915c73
224 * b47dbc9745932c160893d433220e462bd605f8cd
225 xmlwf on Windows: Add missing calls to CloseHandle
228 #30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
229 for runtime debugging of entropy extraction
232 Increase code coverage
233 #33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
234 XML_UNICODE_WCHAR_T was never meant to be used outside
235 of Windows; 4-byte wchar_t is common on Linux
236 (SF.net) #538 Start using -fno-strict-aliasing
237 (SF.net) #540 Support compilation against cloudlibc of CloudABI
238 Allow MinGW cross-compilation
239 (SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default)
240 to bypass compilation of the xmlwf.1 man page
241 (SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default)
242 to bypass installation of expat files
243 CMake: Fix ninja support
244 Autotools: Add parameters --enable-xml-context [COUNT]
245 and --disable-xml-context; default of context of 1024
246 bytes enabled unchanged
247 #14 Drop AmigaOS 4.x code and includes
248 #14 Drop ancient build systems:
249 * Borland C++ Builder
253 * Pre-X Mac OS (MPW Makefile)
254 If you happen to rely on some of these, please get in
255 touch for joining with maintenance.
256 #10 Move from WIN32 to _WIN32
257 #13 Fix "make run-xmltest" order instability
258 Address compile warnings
259 Bump version info from 7:2:6 to 7:3:6
263 #1 Migrate from SourceForge to GitHub (except downloads):
264 https://github.com/libexpat/
265 #1 Re-create http://libexpat.org/ project website
266 Start utilizing Travis CI
279 Core Infrastructure Initiative
280 Mozilla Foundation (MOSS Track 3: Secure Open Source)
281 Radically Open Security
283 Release 2.2.0 Tue June 21 2016
285 #537 CVE-2016-0718 -- Fix crash on malformed input
286 CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
287 CVE-2015-2716 introduced with Expat 2.1.1
288 #499 CVE-2016-5300 -- Use more entropy for hash initialization
289 than the original fix to CVE-2012-0876
290 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand
291 that was introduced with Expat 2.1.0
292 when addressing CVE-2012-0876 (issue #496)
295 Fix uninitialized reads of size 1
296 (e.g. in little2_updatePosition)
297 Fix detection of UTF-8 character boundaries
300 #532 Fix compilation for Visual Studio 2010 (keyword "C99")
301 Autotools: Resolve use of "$<" to better support bmake
302 Autotools: Add QA script "qa.sh" (and make target "qa")
303 Autotools: Respect CXXFLAGS if given
304 Autotools: Fix "make run-xmltest"
305 Autotools: Have "make run-xmltest" check for expected output
306 p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
307 #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
308 #323 CMake: Add suffix "d" to differentiate debug from release
309 CMake: Define WIN32 with CMake on Windows
310 Annotate memory allocators for GCC
311 Address all currently known compile warnings
312 Make sure that API symbols remain visible despite
314 Remove executable flag from source files
315 Resolve COMPILED_FROM_DSP in favor of WIN32
332 Release 2.1.1 Sat March 12 2016
334 #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
337 #502: Fix potential null pointer dereference
338 #520: Symbol XML_SetHashSalt was not exported
339 Output of "xmlwf -h" was incomplete
342 #503: Document behavior of calling XML_SetHashSalt with salt 0
343 Minor improvements to man page xmlwf(1)
344 Improvements to the experimental CMake build system
345 libtool now invoked with --verbose
347 Release 2.1.0 Sat March 24 2012
349 #2958794: CVE-2012-1148 - Memory leak in poolGrow.
350 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
351 #3496608: CVE-2012-0876 - Hash DOS attack.
352 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
353 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
355 #1742315: Harmful XML_ParserCreateNS suggestion.
356 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
357 #1983953, 2517952, 2517962, 2649838:
358 Build modifications using autoreconf instead of buildconf.sh.
359 #2815947, #2884086: OBJEXT and EXEEXT support while building.
360 #2517938: xmlwf should return non-zero exit status if not well-formed.
361 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
362 #2855609: Dangling positionPtr after error.
363 #2990652: CMake support.
364 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
365 #3206497: Uninitialized memory returned from XML_Parse.
366 #3287849: make check fails on mingw-w64.
368 #1749198: pkg-config support.
369 #3010222: Fix for bug #3010819.
370 #3312568: CMake support.
371 #3446384: Report byte offsets for attr names and values.
372 - New Features / API changes:
373 Added new API member XML_SetHashSalt() that allows setting an initial
374 value (salt) for hash calculations. This is part of the fix for
375 bug #3496608 to randomize hash parameters.
376 When compiled with XML_ATTR_INFO defined, adds new API member
377 XML_GetAttributeInfo() that allows retrieving the byte
378 offsets for attribute names and values (patch #3446384).
379 Added CMake build system.
380 See bug #2990652 and patch #3312568.
381 Added run-benchmark target to Makefile.in - relies on testdata module
382 present in the same relative location as in the repository.
384 Release 2.0.1 Tue June 5 2007
385 - Fixed bugs #1515266, #1515600: The character data handler's calling
386 of XML_StopParser() was not handled properly; if the parser was
387 stopped and the handler set to NULL, the parser would segfault.
388 - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
389 some character constants to be ASCII encoded.
390 - Minor cleanups of the test harness.
391 - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
392 - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
393 - Fixes and improvements for Windows platform:
394 bugs #1409451, #1476160, #1548182, #1602769, #1717322.
395 - Build fixes for various platforms:
396 HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
397 All Unix: #1554618 (refreshed config.sub/config.guess).
398 #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
399 without relying on GNU-Make specific features.
400 #1647805: Patched configure.in to work better with Intel compiler.
401 - Fixes to Makefile.in to have make check work correctly:
402 bugs #1408143, #1535603, #1536684.
403 - Added Open Watcom support: patch #1523242.
405 Release 2.0.0 Wed Jan 11 2006
406 - We no longer use the "check" library for C unit testing; we
407 always use the (partial) internal implementation of the API.
408 - Report XML_NS setting via XML_GetFeatureList().
409 - Fixed headers for use from C++.
410 - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber()
411 now return unsigned integers.
412 - Added XML_LARGE_SIZE switch to enable 64-bit integers for
413 byte indexes and line/column numbers.
414 - Updated to use libtool 1.5.22 (the most recent).
415 - Added support for AmigaOS.
416 - Some mostly minor bug fixes. SF issues include: #1006708,
417 #1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
419 Release 1.95.8 Fri Jul 23 2004
420 - Major new feature: suspend/resume. Handlers can now request
421 that a parse be suspended for later resumption or aborted
422 altogether. See "Temporarily Stopping Parsing" in the
423 documentation for more details.
424 - Some mostly minor bug fixes, but compilation should no
425 longer generate warnings on most platforms. SF issues
426 include: #827319, #840173, #846309, #888329, #896188, #923913,
427 #928113, #961698, #985192.
429 Release 1.95.7 Mon Oct 20 2003
430 - Fixed enum XML_Status issue (reported on SourceForge many
431 times), so compilers that are properly picky will be happy.
432 - Introduced an XMLCALL macro to control the calling
433 convention used by the Expat API; this macro should be used
434 to annotate prototypes and definitions of callback
435 implementations in code compiled with a calling convention
436 other than the default convention for the host platform.
437 - Improved ability to build without the configure-generated
438 expat_config.h header. This is useful for applications
439 which embed Expat rather than linking in the library.
440 - Fixed a variety of bugs: see SF issues #458907, #609603,
441 #676844, #679754, #692878, #692964, #695401, #699323, #699487,
443 - Improved hash table lookups.
444 - Added more regression tests and improved documentation.
446 Release 1.95.6 Tue Jan 28 2003
447 - Added XML_FreeContentModel().
448 - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
449 - Fixed a variety of bugs: see SF issues #615606, #616863,
450 #618199, #653180, #673791.
451 - Enhanced the regression test suite.
452 - Man page improvements: includes SF issue #632146.
454 Release 1.95.5 Fri Sep 6 2002
455 - Added XML_UseForeignDTD() for improved SAX2 support.
456 - Added XML_GetFeatureList().
457 - Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
458 - Use an incomplete struct instead of a void* for the parser
460 - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
461 - Finally fixed bug where default handler would report DTD
462 events that were already handled by another handler.
463 Initial patch contributed by Darryl Miles.
464 - Removed unnecessary DllMain() function that caused static
465 linking into a DLL to be difficult.
466 - Added VC++ projects for building static libraries.
467 - Reduced line-length for all source code and headers to be
468 no longer than 80 characters, to help with AS/400 support.
469 - Reduced memory copying during parsing (SF patch #600964).
470 - Fixed a variety of bugs: see SF issues #580793, #434664,
471 #483514, #580503, #581069, #584041, #584183, #584832, #585537,
472 #596555, #596678, #598352, #598944, #599715, #600479, #600971.
474 Release 1.95.4 Fri Jul 12 2002
475 - Added support for VMS, contributed by Craig Berry. See
476 vms/README.vms for more information.
477 - Added Mac OS (classic) support, with a makefile for MPW,
478 contributed by Thomas Wegner and Daryle Walker.
479 - Added Borland C++ Builder 5 / BCC 5.5 support, contributed
480 by Patrick McConnell (SF patch #538032).
481 - Fixed a variety of bugs: see SF issues #441449, #563184,
482 #564342, #566334, #566901, #569461, #570263, #575168, #579196.
483 - Made skippedEntityHandler conform to SAX2 (see source comment)
484 - Re-implemented WFC: Entity Declared from XML 1.0 spec and
485 added a new error "entity declared in parameter entity":
486 see SF bug report #569461 and SF patch #578161
487 - Re-implemented section 5.1 from XML 1.0 spec:
488 see SF bug report #570263 and SF patch #578161
490 Release 1.95.3 Mon Jun 3 2002
491 - Added a project to the MSVC workspace to create a wchar_t
492 version of the library; the DLLs are named libexpatw.dll.
493 - Changed the name of the Windows DLLs from expat.dll to
494 libexpat.dll; this fixes SF bug #432456.
495 - Added the XML_ParserReset() API function.
496 - Fixed XML_SetReturnNSTriplet() to work for element names.
497 - Made the XML_UNICODE builds usable (thanks, Karl!).
498 - Allow xmlwf to read from standard input.
499 - Install a man page for xmlwf on Unix systems.
500 - Fixed many bugs; see SF bug reports #231864, #461380, #464837,
501 #466885, #469226, #477667, #484419, #487840, #494749, #496505,
502 #547350. Other bugs which we can't test as easily may also
503 have been fixed, especially in the area of build support.
505 Release 1.95.2 Fri Jul 27 2001
506 - More changes to make MSVC happy with the build; add a single
507 workspace to support both the library and xmlwf application.
508 - Added a Windows installer for Windows users; includes
510 - Added compile-time constants that can be used to determine the
512 - Removed a lot of GNU-specific dependencies to aide portability
513 among the various Unix flavors.
514 - Fix the UTF-8 BOM bug.
515 - Cleaned up warning messages for several compilers.
516 - Added the -Wall, -Wstrict-prototypes options for GCC.
518 Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
519 - Changes to get expat to build under Microsoft compiler
520 - Removed all aborts and instead return an UNEXPECTED_STATE error.
521 - Fixed a bug where a stray '%' in an entity value would cause an
523 - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
524 finding this oversight.
525 - Changed default patterns in lib/Makefile.in to fit non-GNU makes
526 Thanks to robin@unrated.net for reporting and providing an
528 - The reference had the wrong label for XML_SetStartNamespaceDecl.
529 Reported by an anonymous user.
531 Release 1.95.0 Fri Sep 29 2000
532 - XML_ParserCreate_MM
533 Allows you to set a memory management suite to replace the
534 standard malloc,realloc, and free.
535 - XML_SetReturnNSTriplet
536 If you turn this feature on when namespace processing is in
537 effect, then qualified, prefixed element and attribute names
538 are returned as "uri|name|prefix" where '|' is whatever
539 separator character is used in namespace processing.
540 - Merged in features from perl-expat
541 o XML_SetElementDeclHandler
542 o XML_SetAttlistDeclHandler
543 o XML_SetXmlDeclHandler
544 o XML_SetEntityDeclHandler
545 o StartDoctypeDeclHandler takes 3 additional parameters:
546 sysid, pubid, has_internal_subset
547 o Many paired handler setters (like XML_SetElementHandler)
548 now have corresponding individual handler setters
549 o XML_GetInputContext for getting the input context of
550 the current parse position.
551 - Added reference material
552 - Packaged into a distribution that builds a sharable library