https://github.com/libexpat/libexpat/labels/help%20wanted
If you can help, please get in touch. Thanks!
+Release 2.2.5 Tue October 31 2017
+ Bug fixes:
+ #8 If the parser runs out of memory, make sure its internal
+ state reflects the memory it actually has, not the memory
+ it wanted to have.
+ #11 The default handler wasn't being called when it should for
+ a SYSTEM or PUBLIC doctype if an entity declaration handler
+ was registered.
+ #137 #138 Fix a case of mistakenly reported parsing success where
+ XML_StopParser was called from an element handler
+ #162 Function XML_ErrorString was returning NULL rather than
+ a message for code XML_ERROR_INVALID_ARGUMENT
+ introduced with release 2.2.1
+
+ Other changes:
+ #106 xmlwf: Add argument -N adding notation declarations
+ #75 #106 Test suite: Resolve expected failure cases where xmlwf
+ output was incomplete
+ #127 Windows: Fix test suite compilation
+ #126 #127 Windows: Fix compilation for Visual Studio 2012
+ #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
+ #129 examples: Fix compilation for XML_UNICODE_WCHAR_T
+ #130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T
+ #144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
+ Windows or MinGW for 2-byte wchar_t
+ #9 Address two Clang Static Analyzer false positives
+ #59 Resolve troublesome macros hiding parser struct membership
+ and dereferencing that pointer
+ #6 Resolve superfluous internal malloc/realloc switch
+ #153 #155 Improve docbook2x-man detection
+ #160 Undefine NDEBUG in the test suite (rather than rejecting it)
+ #161 Address compiler warnings
+ Version info bumped from 7:6:6 to 7:7:6
+
+ Special thanks to:
+ Benbuck Nason
+ Hans Wennborg
+ José Gutiérrez de la Concha
+ Pedro Monreal Gonzalez
+ Rhodri James
+ Rolf Ade
+ Stephen Groat
+ and
+ Core Infrastructure Initiative
+
+Release 2.2.4 Sat August 19 2017
+ Bug fixes:
+ #115 Fix copying of partial characters for UTF-8 input
+
+ Other changes:
+ #109 Fix "make check" for non-x86 architectures that default
+ to unsigned type char (-128..127 rather than 0..255)
+ #109 coverage.sh: Cover -funsigned-char
+ Autotools: Introduce --without-xmlwf argument
+ #65 Autotools: Replace handwritten Makefile with GNU Automake
+ #43 CMake: Auto-detect high quality entropy extractors, add new
+ option USE_libbsd=ON to use arc4random_buf of libbsd
+ #74 CMake: Add -fno-strict-aliasing only where supported
+ #114 CMake: Always honor manually set BUILD_* options
+ #114 CMake: Compile man page if docbook2x-man is available, only
+ #117 Include file tests/xmltest.log.expected in source tarball
+ (required for "make run-xmltest")
+ #117 Include (existing) Visual Studio 2013 files in source tarball
+ Improve test suite error output
+ #111 Fix some typos in documentation
+ Version info bumped from 7:5:6 to 7:6:6
+
+ Special thanks to:
+ Jakub Wilk
+ Joe Orton
+ Lin Tian
+ Rolf Eike Beer
+
+Release 2.2.3 Wed August 2 2017
+ Security fixes:
+ #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
+ using Steve Holme's LoadLibrary wrapper for/of cURL
+
+ Bug fixes:
+ #85 Fix a dangling pointer issue related to realloc
+
+ Other changes:
+ Increase code coverage
+ #91 Linux: Allow getrandom to fail if nonblocking pool has not
+ yet been initialized and read /dev/urandom then, instead.
+ This is in line with what recent Python does.
+ #81 Pre-10.7/Lion macOS: Support entropy from arc4random
+ #86 Check that a UTF-16 encoding in an XML declaration has the
+ right endianness
+ #4 #5 #7 Recover correctly when some reallocations fail
+ Repair "./configure && make" for systems without any
+ provider of high quality entropy
+ and try reading /dev/urandom on those
+ Ensure that user-defined character encodings have converter
+ functions when they are needed
+ Fix mis-leading description of argument -c in xmlwf.1
+ Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
+ for CloudABI
+ #100 Fix use of SIPHASH_MAIN in siphash.h
+ #23 Test suite: Fix memory leaks
+ Version info bumped from 7:4:6 to 7:5:6
+
+ Special thanks to:
+ Chanho Park
+ Joe Orton
+ Pascal Cuoq
+ Rhodri James
+ Simon McVittie
+ Vadim Zeitlin
+ Viktor Szakats
+ and
+ Core Infrastructure Initiative
+
+Release 2.2.2 Wed July 12 2017
+ Security fixes:
+ #43 Protect against compilation without any source of high
+ quality entropy enabled, e.g. with CMake build system;
+ commit ff0207e6076e9828e536b8d9cd45c9c92069b895
+ #60 Windows with _UNICODE:
+ Unintended use of LoadLibraryW with a non-wide string
+ resulted in failure to load advapi32.dll and degradation
+ in quality of used entropy when compiled with _UNICODE for
+ Windows; you can launch existing binaries with
+ EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
+ quality of entropy used during runtime; commits
+ * 95b95032f907ef1cd17ee7a9a1768010a825d61d
+ * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
+ [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
+ resulted in NULL dereference, previously;
+ commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
+
+ Bug fixes:
+ #69 Fix improper use of unsigned long long integer literals
+
+ Other changes:
+ #73 Start requiring a C99 compiler
+ #49 Fix "==" Bashism in configure script
+ #50 Fix too eager getrandom detection for Debian GNU/kFreeBSD
+ #52 and macOS
+ #51 Address lack of stdint.h in Visual Studio 2003 to 2008
+ #58 Address compile warnings
+ #68 Fix "./buildconf.sh && ./configure" for some versions
+ of Dash for /bin/sh
+ #72 CMake: Ease use of Expat in context of a parent project
+ with multiple CMakeLists.txt files
+ #72 CMake: Resolve mistaken executable permissions
+ #76 Address compile warning with -DNDEBUG (not recommended!)
+ #77 Address compile warning about macro redefinition
+
+ Special thanks to:
+ Alexander Bluhm
+ Ben Boeckel
+ Cătălin Răceanu
+ Kerin Millar
+ László Böszörményi
+ S. P. Zeidler
+ Segev Finer
+ Václav Slavík
+ Victor Stinner
+ Viktor Szakats
+ and
+ Radically Open Security
+
Release 2.2.1 Sat June 17 2017
Security fixes:
CVE-2017-9233 -- External entity infinite loop DoS
#2855609: Dangling positionPtr after error.
#2990652: CMake support.
#3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
- #3206497: Unitialized memory returned from XML_Parse.
+ #3206497: Uninitialized memory returned from XML_Parse.
#3287849: make check fails on mingw-w64.
- Patches:
#1749198: pkg-config support.