1 NOTE: We are looking for help with a few things:
2 https://github.com/libexpat/libexpat/labels/help%20wanted
3 If you can help, please get in touch. Thanks!
5 Release 2.4.9 Tue September 20 2022
7 #629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in
8 function doContent. Expected impact is denial of service
9 or potentially arbitrary code execution.
12 #634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
13 #614 docs: Fix documentation on effect of switch XML_DTD on
14 symbol visibility in doc/reference.html
17 #638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output
18 #596 #625 Autotools: Sync CMake templates with CMake 3.22
19 #608 CMake: Migrate from use of CMAKE_*_POSTFIX to
20 dedicated variables EXPAT_*_POSTFIX to stop affecting
22 #597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners
24 #512 #621 Windows|CMake: Render .def file from a template to fix
25 linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
26 #611 #621 MinGW|CMake: Apply MSVC .def file when linking
27 #622 #624 MinGW|CMake: Sync library name with GNU Autotools,
28 i.e. produce libexpat-1.dll rather than libexpat.dll
29 by default. Filename libexpat.dll.a is unaffected.
30 #632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
31 toolchain file "cmake/mingw-toolchain.cmake" to avoid
32 error "windres: Command not found" on e.g. Ubuntu 20.04
33 #597 #627 CMake: Unify inconsistent use of set() and option() in
34 context of public build time options to take need for
35 set(.. FORCE) in projects using Expat by means of
36 add_subdirectory(..) off Expat's users' shoulders
37 #626 #641 Stop exporting API symbols when building a static library
38 #644 Resolve use of deprecated "fgrep" by "grep -F"
39 #620 CMake: Make documentation on variables a bit more consistent
40 #636 CMake: Drop leading whitespace from a #cmakedefine line in
41 file expat_config.h.cmake
42 #594 xmlwf: Fix harmless variable mix-up in function nsattcmp
43 #592 #593 #610 Address Cppcheck warnings
44 #643 Address Clang 15 compiler warnings
45 #642 #644 Version info bumped from 9:8:8 to 9:9:8;
46 see https://verbump.de/ for what these numbers do
49 #597 #598 CI: Windows: Start covering MSVC 2022
50 #619 CI: macOS: Migrate off deprecated macOS 10.15
51 #632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work
52 #643 CI: Upgrade Clang from 14 to 15
53 #637 apply-clang-format.sh: Add support for BSD find
54 #633 coverage.sh: Exclude MinGW headers
55 #635 coverage.sh: Fix name collision for -funsigned-char
68 Release 2.4.8 Mon March 28 2022
70 #587 pkg-config: Move "-lm" to section "Libs.private"
71 #587 CMake|MSVC: Fix pkg-config section "Libs"
72 #55 #582 CMake|macOS: Start using linker arguments
73 "-compatibility_version <version>" and
74 "-current_version <version>" in a way compatible with
76 #590 #591 Version info bumped from 9:7:8 to 9:8:8;
77 see https://verbump.de/ for what these numbers do
80 #589 CI: Upgrade Clang from 13 to 14
87 Release 2.4.7 Fri March 4 2022
89 #572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
90 with regard to all valid URI characters (RFC 3986),
91 i.e. the following set (excluding whitespace):
92 ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
93 0123456789 % -._~ :/?#[]@ !$&'()*+,;=
96 #555 #570 #581 CMake|Windows: Store Expat version in the DLL
97 #577 Document consequences of namespace separator choices not just
98 in doc/reference.html but also in header <expat.h>
99 #577 Document Expat's lack of validation of namespace URIs against
100 RFC 3986, and that the XML 1.0r4 specification doesn't
101 require Expat to validate namespace URIs, and that Expat
102 may do more in that regard in future releases.
103 If you find need for strict RFC 3986 URI validation on
104 application level today, https://uriparser.github.io/ may
106 #579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
107 #575 Document that a call to XML_FreeContentModel can be done at
108 a later time from outside the element declaration handler
109 #574 Make hardcoded namespace URIs easier to find in code
110 #573 Update documentation on use of XML_POOR_ENTOPY on Solaris
111 #569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++
113 #578 #580 Version info bumped from 9:6:8 to 9:7:8;
114 see https://verbump.de/ for what these numbers do
121 Release 2.4.6 Sun February 20 2022
123 #566 Fix a regression introduced by the fix for CVE-2022-25313
124 in release 2.4.5 that affects applications that (1)
125 call function XML_SetElementDeclHandler and (2) are
126 parsing XML that contains nested element declarations
127 (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
130 #567 #568 Version info bumped from 9:5:8 to 9:6:8;
131 see https://verbump.de/ for what these numbers do
141 Release 2.4.5 Fri February 18 2022
143 #562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
144 sequences (e.g. from start tag names) to the XML
145 processing application on top of Expat can cause
146 arbitrary damage (e.g. code execution) depending
147 on how invalid UTF-8 is handled inside the XML
148 processor; validation was not their job but Expat's.
149 Exploits with code execution are known to exist.
150 #561 CVE-2022-25236 -- Passing (one or more) namespace separator
151 characters in "xmlns[:prefix]" attribute values
152 made Expat send malformed tag names to the XML
153 processor on top of Expat which can cause
154 arbitrary damage (e.g. code execution) depending
155 on such unexpectable cases are handled inside the XML
156 processor; validation was not their job but Expat's.
157 Exploits with code execution are known to exist.
158 #558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
159 that could be triggered by e.g. a 2 megabytes
160 file with a large number of opening braces.
161 Expected impact is denial of service or potentially
162 arbitrary code execution.
163 #560 CVE-2022-25314 -- Fix integer overflow in function copyString;
164 only affects the encoding name parameter at parser creation
165 time which is often hardcoded (rather than user input),
166 takes a value in the gigabytes to trigger, and a 64-bit
167 machine. Expected impact is denial of service.
168 #559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
169 needs input in the gigabytes and a 64-bit machine.
170 Expected impact is denial of service or potentially
171 arbitrary code execution.
174 #557 #564 Version info bumped from 9:4:8 to 9:5:8;
175 see https://verbump.de/ for what these numbers do
184 Release 2.4.4 Sun January 30 2022
186 #550 CVE-2022-23852 -- Fix signed integer overflow
187 (undefined behavior) in function XML_GetBuffer
188 (that is also called by function XML_Parse internally)
189 for when XML_CONTEXT_BYTES is defined to >0 (which is both
191 Impact is denial of service or more.
192 #551 CVE-2022-23990 -- Fix unsigned integer overflow in function
193 doProlog triggered by large content in element type
194 declarations when there is an element declaration handler
195 present (from a prior call to XML_SetElementDeclHandler).
196 Impact is denial of service or more.
199 #544 #545 xmlwf: Fix a memory leak on output file opening error
202 #546 Autotools: Fix broken CMake support under Cygwin
203 #554 Windows: Add missing files to the installer to fix
204 compilation with CMake from installed sources
205 #552 #554 Version info bumped from 9:3:8 to 9:4:8;
206 see https://verbump.de/ for what these numbers do
214 Clang LeakSan and the Clang team
216 Release 2.4.3 Sun January 16 2022
218 #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
220 a) realloc acting as free
221 b) realloc allocating too few bytes
222 c) undefined behavior
223 depending on architecture and precise value
224 for XML documents with >=2^27+1 prefixed attributes
225 on a single XML tag a la
226 "<r xmlns:a='[..]' a:a123='[..]' [..] />"
227 where XML_ParserCreateNS is used to create the parser
228 (which needs argument "-n" when running xmlwf).
229 Impact is denial of service, or more.
230 #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
231 on variable m_groupSize in function doProlog leading
232 to realloc acting as free.
233 Impact is denial of service or more.
234 #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
235 near memory allocation at multiple places. Mitre assigned
236 a dedicated CVE for each involved internal C function:
237 - CVE-2022-22822 for function addBinding
238 - CVE-2022-22823 for function build_model
239 - CVE-2022-22824 for function defineAttribute
240 - CVE-2022-22825 for function lookup
241 - CVE-2022-22826 for function nextScaffoldPart
242 - CVE-2022-22827 for function storeAtts
243 Impact is denial of service or more.
246 #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19
247 #541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
248 and MSYS2 by not going through Wine on these platforms
249 #527 #528 Address compiler warnings
250 #533 #543 Version info bumped from 9:2:8 to 9:3:8;
251 see https://verbump.de/ for what these numbers do
254 #536 CI: Check for realistic minimum CMake version
255 #529 #539 CI: Cover compilation with -m32
256 #529 CI: Store coverage reports as artifacts for download
257 #528 CI: Upgrade Clang from 11 to 13
260 An anonymous whitehat
266 Trend Micro Zero Day Initiative
268 Release 2.4.2 Sun December 19 2021
270 #509 #510 Link againgst libm for function "isnan"
271 #513 #514 Include expat_config.h as early as possible
272 #498 Autotools: Include files with release archives:
275 #507 #519 Autotools: Sync CMake templates with CMake 3.20
276 #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for
277 - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
278 - multi-config CMake generators (e.g. Ninja Multi-Config)
279 #502 #503 docs: Document that function XML_GetBuffer may return NULL
280 when asking for a buffer of 0 (zero) bytes size
281 #522 #523 docs: Fix return value docs for both
282 XML_SetBillionLaughsAttackProtection* functions
283 #525 #526 Version info bumped from 9:1:8 to 9:2:8;
284 see https://verbump.de/ for what these numbers do
291 Release 2.4.1 Sun May 23 2021
293 #488 #490 Autotools: Fix installed header expat_config.h for multilib
294 systems; regression introduced in 2.4.0 by pull request #486
297 #491 #492 Version info bumped from 9:0:8 to 9:1:8;
298 see https://verbump.de/ for what these numbers do
301 Gentoo's QA check "multilib_check_headers"
303 Release 2.4.0 Sun May 23 2021
305 #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
306 (denial-of-service; flavors targeting CPU time or RAM or both,
307 leveraging general entities or parameter entities or both)
308 by tracking and limiting the input amplification factor
309 (<amplification> := (<direct> + <indirect>) / <direct>).
310 By conservative default, amplification up to a factor of 100.0
311 is tolerated and rejection only starts after 8 MiB of output bytes
312 (=<direct> + <indirect>) have been processed.
313 The fix adds the following to the API:
314 - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
315 signals this specific condition.
316 - Two new API functions ..
317 - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
318 - XML_SetBillionLaughsAttackProtectionActivationThreshold
319 .. to further tighten billion laughs protection parameters
320 when desired. Please see file "doc/reference.html" for details.
321 If you ever need to increase the defaults for non-attack XML
322 payload, please file a bug report with libexpat.
323 - Two new XML_FEATURE_* constants ..
324 - that can be queried using the XML_GetFeatureList function, and
325 - that are shown in "xmlwf -v" output.
326 - Two new environment variable switches ..
327 - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
328 - EXPAT_ENTITY_DEBUG=(0|1)
329 .. for runtime debugging of accounting and entity processing.
330 Specific behavior of these values may change in the future.
331 - Two new command line arguments "-a FACTOR" and "-b BYTES"
332 for xmlwf to further tighten billion laughs protection
333 parameters when desired.
334 If you ever need to increase the defaults for non-attack XML
335 payload, please file a bug report with libexpat.
338 #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
339 or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
340 for UTF-16 payloads containing CDATA sections.
341 #485 #486 Autotools: Fix generated CMake files for non-64bit and
342 non-Linux platforms (e.g. macOS and MinGW in particular)
343 that were introduced with release 2.3.0
346 #468 #469 xmlwf: Improve help output and the xmlwf man page
347 #463 xmlwf: Improve maintainability through some refactoring
348 #477 xmlwf: Fix man page DocBook validity
349 #456 Autotools: Sync CMake templates with CMake 3.18
350 #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
351 and CMAKE_INSTALL_INCLUDEDIR
352 #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS
353 #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
354 #467 Resolve macro HAVE_EXPAT_CONFIG_H
355 #472 Delete unused legacy helper file "conftools/PrintPath"
356 #473 #483 Improve attribution
357 #464 #465 #477 doc/reference.html: Fix XHTML validity
358 #475 #478 doc/reference.html: Replace the 90s look by OK.css
359 #479 Version info bumped from 8:0:7 to 9:0:8
360 due to addition of new symbols and error codes;
361 see https://verbump.de/ for what these numbers do
364 #456 CI: Enable periodic runs
365 #457 CI: Start covering the list of exported symbols
366 #474 CI: Isolate coverage task
367 #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04"
368 #477 CI: Cover well-formedness and DocBook/XHTML validity
369 of doc/reference.html and doc/xmlwf.xml
383 Release 2.3.0 Thu March 25 2021
385 #438 When calling XML_ParseBuffer without a prior successful call to
386 XML_GetBuffer as a user, no longer trigger undefined behavior
387 (by adding an integer to a NULL pointer) but rather return
388 XML_STATUS_ERROR and set the error code to (new) code
389 XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
390 of Clang 11 (but not Clang 9).
391 #444 xmlwf: Exit status 2 was used for both:
392 - malformed input files (documented) and
393 - invalid command-line arguments (undocumented).
394 The case of invalid command-line arguments now
395 has its own exit status 4, resolving the ambiguity.
398 #439 xmlwf: Add argument -k to allow continuing after
400 #439 xmlwf: Add section about exit status to the -h help output
401 #422 #426 #447 Windows: Drop support for Visual Studio <=14.0/2015
402 #434 Windows: CMake: Detect unsupported Visual Studio at
403 configure time (rather than at compile time)
404 #382 #428 testrunner: Make verbose mode (argument "-v") report
405 about passed tests, and make default mode report about
407 #442 CMake: Call "enable_language(CXX)" prior to tinkering
408 with CMAKE_CXX_* variables
409 #448 Document use of libexpat from a CMake-based project
410 #451 Autotools: Install CMake files as generated by CMake 3.19.6
411 so that users with "find_package(expat [..] CONFIG [..])"
412 are served on distributions that are *not* using the CMake
413 build system inside for libexpat packaging
414 #436 #437 Autotools: Drop obsolescent macro AC_HEADER_STDC
415 #450 #452 Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
416 #441 Address compiler warnings
417 #443 Version info bumped from 7:12:6 to 8:0:7
418 due to addition of error code XML_ERROR_NO_BUFFER
419 (see https://verbump.de/ for what these numbers do)
422 #435 #446 Replace Travis CI by GitHub Actions
430 Clang LeakSan, Clang 11 UBSan and the Clang team
432 Release 2.2.10 Sat October 3 2020
434 #390 #395 #398 Fix undefined behavior during parsing caused by
435 pointer arithmetic with NULL pointers
436 #404 #405 Fix reading uninitialized variable during parsing
437 #406 xmlwf: Add missing check for malloc NULL return
440 #396 Windows: Drop support for Visual Studio <=8.0/2005
441 #409 Windows: Add missing file "Changes" to the installer
442 to fix compilation with CMake from installed sources
443 #403 xmlwf: Document exit codes in xmlwf manpage and
444 exit with code 3 (rather than code 1) for output errors
445 when used with "-d DIRECTORY"
446 #356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0
447 #383 #392 Autotools: Use -Werror while configure tests the compiler
448 for supported compile flags to avoid false positives
449 #383 #393 #394 Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
450 e.g. ensure that they have the last word over flags added
451 while running ./configure
452 #360 CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
453 on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
454 #360 CMake: Detect and deny unsupported build combinations
455 involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
456 #360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case
457 of -DEXPAT_BUILD_DOCS=OFF
458 #375 #380 #419 CMake: Fix use of Expat by means of add_subdirectory
459 #407 #408 CMake: Keep expat target name constant at "expat"
460 (i.e. refrain from using the target name to control
461 build artifact filenames)
462 #385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
464 CMake: Expose man page compilation as target "xmlwf-manpage"
465 #413 #414 CMake: Introduce option EXPAT_BUILD_PKGCONFIG
466 to control generation of pkg-config file "expat.pc"
467 #424 CMake: Add minimalistic support for building binary packages
468 with CMake target "package"; based on CPack
469 #366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
470 default OFF to build fuzzer code against OSS-Fuzz and
471 related environment variable LIB_FUZZING_ENGINE
472 #354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
474 #356 #412 Address compiler warnings
475 #368 #369 Address pngcheck warnings with doc/*.png images
476 #425 Version info bumped from 7:11:6 to 7:12:6
491 Cppcheck 2.0 and the Cppcheck team
493 Release 2.2.9 Wed September 25 2019
495 examples: Drop executable bits from elements.c
496 #349 Windows: Change the name of the Windows DLLs from expat*.dll
497 to libexpat*.dll once more (regression from 2.2.8, first
498 fixed in 1.95.3, issue #61 on SourceForge today,
499 was issue #432456 back then); needs a fix due
500 case-insensitive file systems on Windows and the fact that
501 Perl's XML::Parser::Expat compiles into Expat.dll.
502 #347 Windows: Only define _CRT_RAND_S if not defined
503 Version info bumped from 7:10:6 to 7:11:6
508 Release 2.2.8 Fri September 13 2019
510 #317 #318 CVE-2019-15903 -- Fix heap overflow triggered by
511 XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
512 and deny internal entities closing the doctype;
513 fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
516 #240 Fix cases where XML_StopParser did not have any effect
517 when called from inside of an end element handler
518 #341 xmlwf: Fix exit code for operation without "-d DIRECTORY";
519 previously, only "-d DIRECTORY" would give you a proper
521 # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
523 # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
525 Now both cases return exit code 2.
528 #299 #302 Windows: Replace LoadLibrary hack to access
529 unofficial API function SystemFunction036 (RtlGenRandom)
530 by using official API function rand_s (needs WinXP+)
531 #325 Windows: Drop support for Visual Studio <=7.1/2003
532 and document supported compilers in README.md
533 #286 Windows: Remove COM code from xmlwf; in case it turns
534 out needed later, there will be a dedicated repository
535 below https://github.com/libexpat/ for that code
536 #322 Windows: Remove explicit MSVC solution and project files.
537 You can generate Visual Studio solution files through
538 CMake, e.g.: cmake -G"Visual Studio 15 2017" .
539 #338 xmlwf: Make "xmlwf -h" help output more friendly
540 #339 examples: Improve elements.c
541 #244 #264 Autotools: Add argument --enable-xml-attr-info
542 #239 #301 Autotools: Add arguments
546 --without-sys-getrandom
547 #312 #343 Autotools: Fix linking issues with "./configure LD=clang"
548 Autotools: Fix "make run-xmltest" for out-of-source builds
549 #329 #336 CMake: Pull all options from Expat <=2.2.7 into namespace
550 prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
551 - BUILD_doc -> EXPAT_BUILD_DOCS (plural)
552 - BUILD_examples -> EXPAT_BUILD_EXAMPLES
553 - BUILD_shared -> EXPAT_SHARED_LIBS
554 - BUILD_tests -> EXPAT_BUILD_TESTS
555 - BUILD_tools -> EXPAT_BUILD_TOOLS
556 - DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged)
557 - INSTALL -> EXPAT_ENABLE_INSTALL
558 - MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT
559 - USE_libbsd -> EXPAT_WITH_LIBBSD
560 - WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS
561 - XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES
562 - XML_DEV_URANDOM -> EXPAT_DEV_URANDOM
563 - XML_DTD -> EXPAT_DTD
565 - XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!)
566 - XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!)
567 #244 #264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
569 #326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
571 #328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
573 #239 #277 CMake: Add arguments
574 -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
575 -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
576 #326 CMake: Install expat_config.h to include directory
577 #326 CMake: Generate and install configuration files for
578 future find_package(expat [..] CONFIG [..])
579 CMake: Now produces a summary of applied configuration
580 CMake: Require C++ compiler only when tests are enabled
581 #330 CMake: Fix compilation for 16bit character types,
582 i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
583 #265 CMake: Fix linking with MinGW
584 #330 CMake: Add full support for MinGW; to enable, use
585 -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
586 #330 CMake: Port "make run-xmltest" from GNU Autotools to CMake
587 #316 CMake: Windows: Make binary postfix match MSVC
589 New: expat[w][d][MD|MT].lib
590 CMake: Migrate files from Windows to Unix line endings
591 #308 CMake: Integrate OSS-Fuzz fuzzers, option
592 -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
593 #14 Drop an OpenVMS support leftover
596 #313 #331 #333 Address compiler warnings
598 #284 #285 Address cppcheck warnings
599 #294 #295 Address Clang Static Analyzer warnings
600 #24 #293 Mass-apply clang-format 9 (and ensure conformance during CI)
601 Version info bumped from 7:9:6 to 7:10:6
614 Release 2.2.7 Wed June 19 2019
616 #186 #262 CVE-2018-20843 -- Fix extraction of namespace prefixes from
617 XML names; XML names with multiple colons could end up in
618 the wrong namespace, and take a high amount of RAM and CPU
619 resources while processing, opening the door to
620 use for denial-of-service attacks
623 #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop
624 exporting non-API symbols
625 #227 Autotools: Add --without-examples and --without-tests
626 #228 Autotools: Modernize configure.ac
627 #245 #246 Autotools: Fix check for -fvisibility=hidden for Clang
628 #247 #248 Autotools: Fix compilation for lack of docbook2x-man
629 #236 #258 Autotools: Produce .tar.{gz,lz,xz} release archives
630 #212 CMake: Make libdir of pkgconfig expat.pc support multilib
631 #158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
632 #219 Remove fallback to bcopy, assume that memmove(3) exists
633 #257 Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD)
634 #243 Windows: Fix syntax of .def module definition files
635 Version info bumped from 7:8:6 to 7:9:6
649 Release 2.2.6 Sun August 12 2018
651 #170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer
652 #204 #205 Fix 2.2.5 regression with suspend-resume while parsing
653 a document like '<root/>'
656 #165 #168 Autotools: Fix docbook-related configure syntax error
657 #166 Autotools: Avoid grep option `-q` for Solaris
658 #167 Autotools: Support
659 ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
660 #159 #167 Autotools: Support DOCBOOK_TO_MAN command which produces
661 xmlwf.1 rather than XMLWF.1; also covers case insensitive
663 #181 Autotools: Drop -rpath option passed to libtool
664 #188 Autotools: Detect and deny SGML docbook2man as ours is XML
665 #188 Autotools/CMake: Support command db2x_docbook2man as well
666 #174 CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
667 #184 #185 CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
668 #207 #208 CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
669 both defaulting to OFF
670 #175 CMake: Prefer check_symbol_exists over check_function_exists
671 #176 CMake: Create the same pkg-config file as with GNU Autotools
672 #178 #179 CMake: Use GNUInstallDirs module to set proper defaults for
674 #208 CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
675 #180 Windows: Fix compilation of test suite for Visual Studio 2008
676 #131 #173 #202 Address compiler warnings
677 #187 #190 #200 Fix miscellaneous typos
678 Version info bumped from 7:7:6 to 7:8:6
696 Release 2.2.5 Tue October 31 2017
698 #8 If the parser runs out of memory, make sure its internal
699 state reflects the memory it actually has, not the memory
701 #11 The default handler wasn't being called when it should for
702 a SYSTEM or PUBLIC doctype if an entity declaration handler
704 #137 #138 Fix a case of mistakenly reported parsing success where
705 XML_StopParser was called from an element handler
706 #162 Function XML_ErrorString was returning NULL rather than
707 a message for code XML_ERROR_INVALID_ARGUMENT
708 introduced with release 2.2.1
711 #106 xmlwf: Add argument -N adding notation declarations
712 #75 #106 Test suite: Resolve expected failure cases where xmlwf
713 output was incomplete
714 #127 Windows: Fix test suite compilation
715 #126 #127 Windows: Fix compilation for Visual Studio 2012
716 Windows: Upgrade shipped project files to Visual Studio 2017
717 #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
718 #129 examples: Fix compilation for XML_UNICODE_WCHAR_T
719 #130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T
720 #144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
721 Windows or MinGW for 2-byte wchar_t
722 #9 Address two Clang Static Analyzer false positives
723 #59 Resolve troublesome macros hiding parser struct membership
724 and dereferencing that pointer
725 #6 Resolve superfluous internal malloc/realloc switch
726 #153 #155 Improve docbook2x-man detection
727 #160 Undefine NDEBUG in the test suite (rather than rejecting it)
728 #161 Address compiler warnings
729 Version info bumped from 7:6:6 to 7:7:6
734 José Gutiérrez de la Concha
735 Pedro Monreal Gonzalez
740 Core Infrastructure Initiative
742 Release 2.2.4 Sat August 19 2017
744 #115 Fix copying of partial characters for UTF-8 input
747 #109 Fix "make check" for non-x86 architectures that default
748 to unsigned type char (-128..127 rather than 0..255)
749 #109 coverage.sh: Cover -funsigned-char
750 Autotools: Introduce --without-xmlwf argument
751 #65 Autotools: Replace handwritten Makefile with GNU Automake
752 #43 CMake: Auto-detect high quality entropy extractors, add new
753 option USE_libbsd=ON to use arc4random_buf of libbsd
754 #74 CMake: Add -fno-strict-aliasing only where supported
755 #114 CMake: Always honor manually set BUILD_* options
756 #114 CMake: Compile man page if docbook2x-man is available, only
757 #117 Include file tests/xmltest.log.expected in source tarball
758 (required for "make run-xmltest")
759 #117 Include (existing) Visual Studio 2013 files in source tarball
760 Improve test suite error output
761 #111 Fix some typos in documentation
762 Version info bumped from 7:5:6 to 7:6:6
770 Release 2.2.3 Wed August 2 2017
772 #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
773 using Steve Holme's LoadLibrary wrapper for/of cURL
776 #85 Fix a dangling pointer issue related to realloc
779 Increase code coverage
780 #91 Linux: Allow getrandom to fail if nonblocking pool has not
781 yet been initialized and read /dev/urandom then, instead.
782 This is in line with what recent Python does.
783 #81 Pre-10.7/Lion macOS: Support entropy from arc4random
784 #86 Check that a UTF-16 encoding in an XML declaration has the
786 #4 #5 #7 Recover correctly when some reallocations fail
787 Repair "./configure && make" for systems without any
788 provider of high quality entropy
789 and try reading /dev/urandom on those
790 Ensure that user-defined character encodings have converter
791 functions when they are needed
792 Fix mis-leading description of argument -c in xmlwf.1
793 Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
795 #100 Fix use of SIPHASH_MAIN in siphash.h
796 #23 Test suite: Fix memory leaks
797 Version info bumped from 7:4:6 to 7:5:6
808 Core Infrastructure Initiative
810 Release 2.2.2 Wed July 12 2017
812 #43 Protect against compilation without any source of high
813 quality entropy enabled, e.g. with CMake build system;
814 commit ff0207e6076e9828e536b8d9cd45c9c92069b895
815 #60 Windows with _UNICODE:
816 Unintended use of LoadLibraryW with a non-wide string
817 resulted in failure to load advapi32.dll and degradation
818 in quality of used entropy when compiled with _UNICODE for
819 Windows; you can launch existing binaries with
820 EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
821 quality of entropy used during runtime; commits
822 * 95b95032f907ef1cd17ee7a9a1768010a825d61d
823 * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
824 [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
825 resulted in NULL dereference, previously;
826 commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
829 #69 Fix improper use of unsigned long long integer literals
832 #73 Start requiring a C99 compiler
833 #49 Fix "==" Bashism in configure script
834 #50 Fix too eager getrandom detection for Debian GNU/kFreeBSD
836 #51 Address lack of stdint.h in Visual Studio 2003 to 2008
837 #58 Address compile warnings
838 #68 Fix "./buildconf.sh && ./configure" for some versions
840 #72 CMake: Ease use of Expat in context of a parent project
841 with multiple CMakeLists.txt files
842 #72 CMake: Resolve mistaken executable permissions
843 #76 Address compile warning with -DNDEBUG (not recommended!)
844 #77 Address compile warning about macro redefinition
851 László Böszörményi
858 Radically Open Security
860 Release 2.2.1 Sat June 17 2017
862 CVE-2017-9233 -- External entity infinite loop DoS
863 Details: https://libexpat.github.io/doc/cve-2017-9233/
864 Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
865 [MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
866 d4f735b88d9932bd5039df2335eefdd0723dbe20
867 (Fixed version of existing downstream patches!)
868 (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
869 longer tag names; commits
870 * 896b6c1fd3b842f377d1b62135dccf0a579cf65d
871 * af507cef2c93cb8d40062a0abe43a4f4e9158fb2
872 #16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
873 #25 More integer overflow detection (function poolGrow); commits
874 * 810b74e4703dcfdd8f404e3cb177d44684775143
875 * 44178553f3539ce69d34abee77a05e879a7982ac
876 [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
877 * 4be2cb5afcc018d996f34bbbce6374b7befad47f
878 * 7e5b71b748491b6e459e5c9a1d090820f94544d8
879 [MOX-005] #30 Use high quality entropy for hash initialization:
880 * arc4random_buf on BSD, systems with libbsd
881 (when configured with --with-libbsd), CloudABI
882 * RtlGenRandom on Windows XP / Server 2003 and later
883 * getrandom on Linux 3.17+
884 In a way, that's still part of CVE-2016-5300.
885 https://github.com/libexpat/libexpat/pull/30/commits
886 [MOX-005] For the low quality entropy extraction fallback code,
887 the parser instance address can no longer leak, commit
888 04ad658bd3079dd15cb60fc67087900f0ff4b083
889 [MOX-003] Prevent use of uninitialised variable; commit
890 [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
891 Add missing parameter validation to public API functions
892 and dedicated error code XML_ERROR_INVALID_ARGUMENT:
893 [MOX-006] * NULL checks; commits
894 * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
895 * 9ed727064b675b7180c98cb3d4f75efba6966681
896 * 6a747c837c50114dfa413994e07c0ba477be4534
897 * Negative length (XML_Parse); commit
898 [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
899 [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
900 to go further with fixing CVE-2012-0876.
901 https://github.com/libexpat/libexpat/pull/39/commits
904 #32 Fix sharing of hash salt across parsers;
905 relevant where XML_ExternalEntityParserCreate is called
906 prior to XML_Parse, in particular (e.g. FBReader)
907 #28 xmlwf: Auto-disable use of memory-mapping (and parsing
908 as a single chunk) for files larger than ~1 GB (2^30 bytes)
909 rather than failing with error "out of memory"
910 #3 Fix double free after malloc failure in DTD code; commit
911 7ae9c3d3af433cd4defe95234eae7dc8ed15637f
912 #17 Fix memory leak on parser error for unbound XML attribute
913 prefix with new namespaces defined in the same tag;
914 found by Google's OSS-Fuzz; commits
915 * 16f87daae5a16132e479e4f71862128c7a915c73
916 * b47dbc9745932c160893d433220e462bd605f8cd
917 xmlwf on Windows: Add missing calls to CloseHandle
920 #30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
921 for runtime debugging of entropy extraction
924 Increase code coverage
925 #33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
926 XML_UNICODE_WCHAR_T was never meant to be used outside
927 of Windows; 4-byte wchar_t is common on Linux
928 (SF.net) #538 Start using -fno-strict-aliasing
929 (SF.net) #540 Support compilation against cloudlibc of CloudABI
930 Allow MinGW cross-compilation
931 (SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default)
932 to bypass compilation of the xmlwf.1 man page
933 (SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default)
934 to bypass installation of expat files
935 CMake: Fix ninja support
936 Autotools: Add parameters --enable-xml-context [COUNT]
937 and --disable-xml-context; default of context of 1024
938 bytes enabled unchanged
939 #14 Drop AmigaOS 4.x code and includes
940 #14 Drop ancient build systems:
941 * Borland C++ Builder
945 * Pre-X Mac OS (MPW Makefile)
946 If you happen to rely on some of these, please get in
947 touch for joining with maintenance.
948 #10 Move from WIN32 to _WIN32
949 #13 Fix "make run-xmltest" order instability
950 Address compile warnings
951 Bump version info from 7:2:6 to 7:3:6
955 #1 Migrate from SourceForge to GitHub (except downloads):
956 https://github.com/libexpat/
957 #1 Re-create http://libexpat.org/ project website
958 Start utilizing Travis CI
971 Core Infrastructure Initiative
972 Mozilla Foundation (MOSS Track 3: Secure Open Source)
973 Radically Open Security
975 Release 2.2.0 Tue June 21 2016
977 #537 CVE-2016-0718 -- Fix crash on malformed input
978 CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
979 CVE-2015-2716 introduced with Expat 2.1.1
980 #499 CVE-2016-5300 -- Use more entropy for hash initialization
981 than the original fix to CVE-2012-0876
982 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand
983 that was introduced with Expat 2.1.0
984 when addressing CVE-2012-0876 (issue #496)
987 Fix uninitialized reads of size 1
988 (e.g. in little2_updatePosition)
989 Fix detection of UTF-8 character boundaries
992 #532 Fix compilation for Visual Studio 2010 (keyword "C99")
993 Autotools: Resolve use of "$<" to better support bmake
994 Autotools: Add QA script "qa.sh" (and make target "qa")
995 Autotools: Respect CXXFLAGS if given
996 Autotools: Fix "make run-xmltest"
997 Autotools: Have "make run-xmltest" check for expected output
998 p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
999 #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
1000 #323 CMake: Add suffix "d" to differentiate debug from release
1001 CMake: Define WIN32 with CMake on Windows
1002 Annotate memory allocators for GCC
1003 Address all currently known compile warnings
1004 Make sure that API symbols remain visible despite
1006 Remove executable flag from source files
1007 Resolve COMPILED_FROM_DSP in favor of WIN32
1016 László Böszörményi
1024 Release 2.1.1 Sat March 12 2016
1026 #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
1029 #502: Fix potential null pointer dereference
1030 #520: Symbol XML_SetHashSalt was not exported
1031 Output of "xmlwf -h" was incomplete
1034 #503: Document behavior of calling XML_SetHashSalt with salt 0
1035 Minor improvements to man page xmlwf(1)
1036 Improvements to the experimental CMake build system
1037 libtool now invoked with --verbose
1039 Release 2.1.0 Sat March 24 2012
1041 #2958794: CVE-2012-1148 - Memory leak in poolGrow.
1042 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
1043 #3496608: CVE-2012-0876 - Hash DOS attack.
1044 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
1045 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
1047 #1742315: Harmful XML_ParserCreateNS suggestion.
1048 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
1049 #1983953, 2517952, 2517962, 2649838:
1050 Build modifications using autoreconf instead of buildconf.sh.
1051 #2815947, #2884086: OBJEXT and EXEEXT support while building.
1052 #2517938: xmlwf should return non-zero exit status if not well-formed.
1053 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
1054 #2855609: Dangling positionPtr after error.
1055 #2990652: CMake support.
1056 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
1057 #3206497: Uninitialized memory returned from XML_Parse.
1058 #3287849: make check fails on mingw-w64.
1060 #1749198: pkg-config support.
1061 #3010222: Fix for bug #3010819.
1062 #3312568: CMake support.
1063 #3446384: Report byte offsets for attr names and values.
1064 - New Features / API changes:
1065 Added new API member XML_SetHashSalt() that allows setting an initial
1066 value (salt) for hash calculations. This is part of the fix for
1067 bug #3496608 to randomize hash parameters.
1068 When compiled with XML_ATTR_INFO defined, adds new API member
1069 XML_GetAttributeInfo() that allows retrieving the byte
1070 offsets for attribute names and values (patch #3446384).
1071 Added CMake build system.
1072 See bug #2990652 and patch #3312568.
1073 Added run-benchmark target to Makefile.in - relies on testdata module
1074 present in the same relative location as in the repository.
1076 Release 2.0.1 Tue June 5 2007
1077 - Fixed bugs #1515266, #1515600: The character data handler's calling
1078 of XML_StopParser() was not handled properly; if the parser was
1079 stopped and the handler set to NULL, the parser would segfault.
1080 - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
1081 some character constants to be ASCII encoded.
1082 - Minor cleanups of the test harness.
1083 - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
1084 - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
1085 - Fixes and improvements for Windows platform:
1086 bugs #1409451, #1476160, #1548182, #1602769, #1717322.
1087 - Build fixes for various platforms:
1088 HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
1089 All Unix: #1554618 (refreshed config.sub/config.guess).
1090 #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
1091 without relying on GNU-Make specific features.
1092 #1647805: Patched configure.in to work better with Intel compiler.
1093 - Fixes to Makefile.in to have make check work correctly:
1094 bugs #1408143, #1535603, #1536684.
1095 - Added Open Watcom support: patch #1523242.
1097 Release 2.0.0 Wed Jan 11 2006
1098 - We no longer use the "check" library for C unit testing; we
1099 always use the (partial) internal implementation of the API.
1100 - Report XML_NS setting via XML_GetFeatureList().
1101 - Fixed headers for use from C++.
1102 - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber()
1103 now return unsigned integers.
1104 - Added XML_LARGE_SIZE switch to enable 64-bit integers for
1105 byte indexes and line/column numbers.
1106 - Updated to use libtool 1.5.22 (the most recent).
1107 - Added support for AmigaOS.
1108 - Some mostly minor bug fixes. SF issues include: #1006708,
1109 #1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
1111 Release 1.95.8 Fri Jul 23 2004
1112 - Major new feature: suspend/resume. Handlers can now request
1113 that a parse be suspended for later resumption or aborted
1114 altogether. See "Temporarily Stopping Parsing" in the
1115 documentation for more details.
1116 - Some mostly minor bug fixes, but compilation should no
1117 longer generate warnings on most platforms. SF issues
1118 include: #827319, #840173, #846309, #888329, #896188, #923913,
1119 #928113, #961698, #985192.
1121 Release 1.95.7 Mon Oct 20 2003
1122 - Fixed enum XML_Status issue (reported on SourceForge many
1123 times), so compilers that are properly picky will be happy.
1124 - Introduced an XMLCALL macro to control the calling
1125 convention used by the Expat API; this macro should be used
1126 to annotate prototypes and definitions of callback
1127 implementations in code compiled with a calling convention
1128 other than the default convention for the host platform.
1129 - Improved ability to build without the configure-generated
1130 expat_config.h header. This is useful for applications
1131 which embed Expat rather than linking in the library.
1132 - Fixed a variety of bugs: see SF issues #458907, #609603,
1133 #676844, #679754, #692878, #692964, #695401, #699323, #699487,
1135 - Improved hash table lookups.
1136 - Added more regression tests and improved documentation.
1138 Release 1.95.6 Tue Jan 28 2003
1139 - Added XML_FreeContentModel().
1140 - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
1141 - Fixed a variety of bugs: see SF issues #615606, #616863,
1142 #618199, #653180, #673791.
1143 - Enhanced the regression test suite.
1144 - Man page improvements: includes SF issue #632146.
1146 Release 1.95.5 Fri Sep 6 2002
1147 - Added XML_UseForeignDTD() for improved SAX2 support.
1148 - Added XML_GetFeatureList().
1149 - Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
1150 - Use an incomplete struct instead of a void* for the parser
1152 - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
1153 - Finally fixed bug where default handler would report DTD
1154 events that were already handled by another handler.
1155 Initial patch contributed by Darryl Miles.
1156 - Removed unnecessary DllMain() function that caused static
1157 linking into a DLL to be difficult.
1158 - Added VC++ projects for building static libraries.
1159 - Reduced line-length for all source code and headers to be
1160 no longer than 80 characters, to help with AS/400 support.
1161 - Reduced memory copying during parsing (SF patch #600964).
1162 - Fixed a variety of bugs: see SF issues #580793, #434664,
1163 #483514, #580503, #581069, #584041, #584183, #584832, #585537,
1164 #596555, #596678, #598352, #598944, #599715, #600479, #600971.
1166 Release 1.95.4 Fri Jul 12 2002
1167 - Added support for VMS, contributed by Craig Berry. See
1168 vms/README.vms for more information.
1169 - Added Mac OS (classic) support, with a makefile for MPW,
1170 contributed by Thomas Wegner and Daryle Walker.
1171 - Added Borland C++ Builder 5 / BCC 5.5 support, contributed
1172 by Patrick McConnell (SF patch #538032).
1173 - Fixed a variety of bugs: see SF issues #441449, #563184,
1174 #564342, #566334, #566901, #569461, #570263, #575168, #579196.
1175 - Made skippedEntityHandler conform to SAX2 (see source comment)
1176 - Re-implemented WFC: Entity Declared from XML 1.0 spec and
1177 added a new error "entity declared in parameter entity":
1178 see SF bug report #569461 and SF patch #578161
1179 - Re-implemented section 5.1 from XML 1.0 spec:
1180 see SF bug report #570263 and SF patch #578161
1182 Release 1.95.3 Mon Jun 3 2002
1183 - Added a project to the MSVC workspace to create a wchar_t
1184 version of the library; the DLLs are named libexpatw.dll.
1185 - Changed the name of the Windows DLLs from expat.dll to
1186 libexpat.dll; this fixes SF bug #432456.
1187 - Added the XML_ParserReset() API function.
1188 - Fixed XML_SetReturnNSTriplet() to work for element names.
1189 - Made the XML_UNICODE builds usable (thanks, Karl!).
1190 - Allow xmlwf to read from standard input.
1191 - Install a man page for xmlwf on Unix systems.
1192 - Fixed many bugs; see SF bug reports #231864, #461380, #464837,
1193 #466885, #469226, #477667, #484419, #487840, #494749, #496505,
1194 #547350. Other bugs which we can't test as easily may also
1195 have been fixed, especially in the area of build support.
1197 Release 1.95.2 Fri Jul 27 2001
1198 - More changes to make MSVC happy with the build; add a single
1199 workspace to support both the library and xmlwf application.
1200 - Added a Windows installer for Windows users; includes
1202 - Added compile-time constants that can be used to determine the
1204 - Removed a lot of GNU-specific dependencies to aide portability
1205 among the various Unix flavors.
1206 - Fix the UTF-8 BOM bug.
1207 - Cleaned up warning messages for several compilers.
1208 - Added the -Wall, -Wstrict-prototypes options for GCC.
1210 Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
1211 - Changes to get expat to build under Microsoft compiler
1212 - Removed all aborts and instead return an UNEXPECTED_STATE error.
1213 - Fixed a bug where a stray '%' in an entity value would cause an
1215 - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
1216 finding this oversight.
1217 - Changed default patterns in lib/Makefile.in to fit non-GNU makes
1218 Thanks to robin@unrated.net for reporting and providing an
1220 - The reference had the wrong label for XML_SetStartNamespaceDecl.
1221 Reported by an anonymous user.
1223 Release 1.95.0 Fri Sep 29 2000
1224 - XML_ParserCreate_MM
1225 Allows you to set a memory management suite to replace the
1226 standard malloc,realloc, and free.
1227 - XML_SetReturnNSTriplet
1228 If you turn this feature on when namespace processing is in
1229 effect, then qualified, prefixed element and attribute names
1230 are returned as "uri|name|prefix" where '|' is whatever
1231 separator character is used in namespace processing.
1232 - Merged in features from perl-expat
1233 o XML_SetElementDeclHandler
1234 o XML_SetAttlistDeclHandler
1235 o XML_SetXmlDeclHandler
1236 o XML_SetEntityDeclHandler
1237 o StartDoctypeDeclHandler takes 3 additional parameters:
1238 sysid, pubid, has_internal_subset
1239 o Many paired handler setters (like XML_SetElementHandler)
1240 now have corresponding individual handler setters
1241 o XML_GetInputContext for getting the input context of
1242 the current parse position.
1243 - Added reference material
1244 - Packaged into a distribution that builds a sharable library