1 NOTE: We are looking for help with a few things:
2 https://github.com/libexpat/libexpat/labels/help%20wanted
3 If you can help, please get in touch. Thanks!
5 Release 2.4.7 Fri March 4 2022
7 #572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
8 with regard to all valid URI characters (RFC 3986),
9 i.e. the following set (excluding whitespace):
10 ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
11 0123456789 % -._~ :/?#[]@ !$&'()*+,;=
14 #555 #570 #581 CMake|Windows: Store Expat version in the DLL
15 #577 Document consequences of namespace separator choices not just
16 in doc/reference.html but also in header <expat.h>
17 #577 Document Expat's lack of validation of namespace URIs against
18 RFC 3986, and that the XML 1.0r4 specification doesn't
19 require Expat to validate namespace URIs, and that Expat
20 may do more in that regard in future releases.
21 If you find need for strict RFC 3986 URI validation on
22 application level today, https://uriparser.github.io/ may
24 #579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
25 #575 Document that a call to XML_FreeContentModel can be done at
26 a later time from outside the element declaration handler
27 #574 Make hardcoded namespace URIs easier to find in code
28 #573 Update documentation on use of XML_POOR_ENTOPY on Solaris
29 #569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++
31 #578 #580 Version info bumped from 9:6:8 to 9:7:8;
32 see https://verbump.de/ for what these numbers do
39 Release 2.4.6 Sun February 20 2022
41 #566 Fix a regression introduced by the fix for CVE-2022-25313
42 in release 2.4.5 that affects applications that (1)
43 call function XML_SetElementDeclHandler and (2) are
44 parsing XML that contains nested element declarations
45 (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
48 #567 #568 Version info bumped from 9:5:8 to 9:6:8;
49 see https://verbump.de/ for what these numbers do
59 Release 2.4.5 Fri February 18 2022
61 #562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
62 sequences (e.g. from start tag names) to the XML
63 processing application on top of Expat can cause
64 arbitrary damage (e.g. code execution) depending
65 on how invalid UTF-8 is handled inside the XML
66 processor; validation was not their job but Expat's.
67 Exploits with code execution are known to exist.
68 #561 CVE-2022-25236 -- Passing (one or more) namespace separator
69 characters in "xmlns[:prefix]" attribute values
70 made Expat send malformed tag names to the XML
71 processor on top of Expat which can cause
72 arbitrary damage (e.g. code execution) depending
73 on such unexpectable cases are handled inside the XML
74 processor; validation was not their job but Expat's.
75 Exploits with code execution are known to exist.
76 #558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
77 that could be triggered by e.g. a 2 megabytes
78 file with a large number of opening braces.
79 Expected impact is denial of service or potentially
80 arbitrary code execution.
81 #560 CVE-2022-25314 -- Fix integer overflow in function copyString;
82 only affects the encoding name parameter at parser creation
83 time which is often hardcoded (rather than user input),
84 takes a value in the gigabytes to trigger, and a 64-bit
85 machine. Expected impact is denial of service.
86 #559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
87 needs input in the gigabytes and a 64-bit machine.
88 Expected impact is denial of service or potentially
89 arbitrary code execution.
92 #557 #564 Version info bumped from 9:4:8 to 9:5:8;
93 see https://verbump.de/ for what these numbers do
102 Release 2.4.4 Sun January 30 2022
104 #550 CVE-2022-23852 -- Fix signed integer overflow
105 (undefined behavior) in function XML_GetBuffer
106 (that is also called by function XML_Parse internally)
107 for when XML_CONTEXT_BYTES is defined to >0 (which is both
109 Impact is denial of service or more.
110 #551 CVE-2022-23990 -- Fix unsigned integer overflow in function
111 doProlog triggered by large content in element type
112 declarations when there is an element declaration handler
113 present (from a prior call to XML_SetElementDeclHandler).
114 Impact is denial of service or more.
117 #544 #545 xmlwf: Fix a memory leak on output file opening error
120 #546 Autotools: Fix broken CMake support under Cygwin
121 #554 Windows: Add missing files to the installer to fix
122 compilation with CMake from installed sources
123 #552 #554 Version info bumped from 9:3:8 to 9:4:8;
124 see https://verbump.de/ for what these numbers do
132 Clang LeakSan and the Clang team
134 Release 2.4.3 Sun January 16 2022
136 #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
138 a) realloc acting as free
139 b) realloc allocating too few bytes
140 c) undefined behavior
141 depending on architecture and precise value
142 for XML documents with >=2^27+1 prefixed attributes
143 on a single XML tag a la
144 "<r xmlns:a='[..]' a:a123='[..]' [..] />"
145 where XML_ParserCreateNS is used to create the parser
146 (which needs argument "-n" when running xmlwf).
147 Impact is denial of service, or more.
148 #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
149 on variable m_groupSize in function doProlog leading
150 to realloc acting as free.
151 Impact is denial of service or more.
152 #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
153 near memory allocation at multiple places. Mitre assigned
154 a dedicated CVE for each involved internal C function:
155 - CVE-2022-22822 for function addBinding
156 - CVE-2022-22823 for function build_model
157 - CVE-2022-22824 for function defineAttribute
158 - CVE-2022-22825 for function lookup
159 - CVE-2022-22826 for function nextScaffoldPart
160 - CVE-2022-22827 for function storeAtts
161 Impact is denial of service or more.
164 #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19
165 #541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
166 and MSYS2 by not going through Wine on these platforms
167 #527 #528 Address compiler warnings
168 #533 #543 Version info bumped from 9:2:8 to 9:3:8;
169 see https://verbump.de/ for what these numbers do
172 #536 CI: Check for realistic minimum CMake version
173 #529 #539 CI: Cover compilation with -m32
174 #529 CI: Store coverage reports as artifacts for download
175 #528 CI: Upgrade Clang from 11 to 13
178 An anonymous whitehat
184 Trend Micro Zero Day Initiative
186 Release 2.4.2 Sun December 19 2021
188 #509 #510 Link againgst libm for function "isnan"
189 #513 #514 Include expat_config.h as early as possible
190 #498 Autotools: Include files with release archives:
193 #507 #519 Autotools: Sync CMake templates
194 #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for
195 - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
196 - multi-config CMake generators (e.g. Ninja Multi-Config)
197 #502 #503 docs: Document that function XML_GetBuffer may return NULL
198 when asking for a buffer of 0 (zero) bytes size
199 #522 #523 docs: Fix return value docs for both
200 XML_SetBillionLaughsAttackProtection* functions
201 #525 #526 Version info bumped from 9:1:8 to 9:2:8;
202 see https://verbump.de/ for what these numbers do
209 Release 2.4.1 Sun May 23 2021
211 #488 #490 Autotools: Fix installed header expat_config.h for multilib
212 systems; regression introduced in 2.4.0 by pull request #486
215 #491 #492 Version info bumped from 9:0:8 to 9:1:8;
216 see https://verbump.de/ for what these numbers do
219 Gentoo's QA check "multilib_check_headers"
221 Release 2.4.0 Sun May 23 2021
223 #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
224 (denial-of-service; flavors targeting CPU time or RAM or both,
225 leveraging general entities or parameter entities or both)
226 by tracking and limiting the input amplification factor
227 (<amplification> := (<direct> + <indirect>) / <direct>).
228 By conservative default, amplification up to a factor of 100.0
229 is tolerated and rejection only starts after 8 MiB of output bytes
230 (=<direct> + <indirect>) have been processed.
231 The fix adds the following to the API:
232 - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
233 signals this specific condition.
234 - Two new API functions ..
235 - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
236 - XML_SetBillionLaughsAttackProtectionActivationThreshold
237 .. to further tighten billion laughs protection parameters
238 when desired. Please see file "doc/reference.html" for details.
239 If you ever need to increase the defaults for non-attack XML
240 payload, please file a bug report with libexpat.
241 - Two new XML_FEATURE_* constants ..
242 - that can be queried using the XML_GetFeatureList function, and
243 - that are shown in "xmlwf -v" output.
244 - Two new environment variable switches ..
245 - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
246 - EXPAT_ENTITY_DEBUG=(0|1)
247 .. for runtime debugging of accounting and entity processing.
248 Specific behavior of these values may change in the future.
249 - Two new command line arguments "-a FACTOR" and "-b BYTES"
250 for xmlwf to further tighten billion laughs protection
251 parameters when desired.
252 If you ever need to increase the defaults for non-attack XML
253 payload, please file a bug report with libexpat.
256 #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
257 or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
258 for UTF-16 payloads containing CDATA sections.
259 #485 #486 Autotools: Fix generated CMake files for non-64bit and
260 non-Linux platforms (e.g. macOS and MinGW in particular)
261 that were introduced with release 2.3.0
264 #468 #469 xmlwf: Improve help output and the xmlwf man page
265 #463 xmlwf: Improve maintainability through some refactoring
266 #477 xmlwf: Fix man page DocBook validity
267 #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
268 and CMAKE_INSTALL_INCLUDEDIR
269 #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS
270 #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
271 #467 Resolve macro HAVE_EXPAT_CONFIG_H
272 #472 Delete unused legacy helper file "conftools/PrintPath"
273 #473 #483 Improve attribution
274 #464 #465 #477 doc/reference.html: Fix XHTML validity
275 #475 #478 doc/reference.html: Replace the 90s look by OK.css
276 #479 Version info bumped from 8:0:7 to 9:0:8
277 due to addition of new symbols and error codes;
278 see https://verbump.de/ for what these numbers do
281 #456 CI: Enable periodic runs
282 #457 CI: Start covering the list of exported symbols
283 #474 CI: Isolate coverage task
284 #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04"
285 #477 CI: Cover well-formedness and DocBook/XHTML validity
286 of doc/reference.html and doc/xmlwf.xml
300 Release 2.3.0 Thu March 25 2021
302 #438 When calling XML_ParseBuffer without a prior successful call to
303 XML_GetBuffer as a user, no longer trigger undefined behavior
304 (by adding an integer to a NULL pointer) but rather return
305 XML_STATUS_ERROR and set the error code to (new) code
306 XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
307 of Clang 11 (but not Clang 9).
308 #444 xmlwf: Exit status 2 was used for both:
309 - malformed input files (documented) and
310 - invalid command-line arguments (undocumented).
311 The case of invalid command-line arguments now
312 has its own exit status 4, resolving the ambiguity.
315 #439 xmlwf: Add argument -k to allow continuing after
317 #439 xmlwf: Add section about exit status to the -h help output
318 #422 #426 #447 Windows: Drop support for Visual Studio <=14.0/2015
319 #434 Windows: CMake: Detect unsupported Visual Studio at
320 configure time (rather than at compile time)
321 #382 #428 testrunner: Make verbose mode (argument "-v") report
322 about passed tests, and make default mode report about
324 #442 CMake: Call "enable_language(CXX)" prior to tinkering
325 with CMAKE_CXX_* variables
326 #448 Document use of libexpat from a CMake-based project
327 #451 Autotools: Install CMake files as generated by CMake 3.19.6
328 so that users with "find_package(expat [..] CONFIG [..])"
329 are served on distributions that are *not* using the CMake
330 build system inside for libexpat packaging
331 #436 #437 Autotools: Drop obsolescent macro AC_HEADER_STDC
332 #450 #452 Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
333 #441 Address compiler warnings
334 #443 Version info bumped from 7:12:6 to 8:0:7
335 due to addition of error code XML_ERROR_NO_BUFFER
336 (see https://verbump.de/ for what these numbers do)
339 #435 #446 Replace Travis CI by GitHub Actions
347 Clang LeakSan, Clang 11 UBSan and the Clang team
349 Release 2.2.10 Sat October 3 2020
351 #390 #395 #398 Fix undefined behavior during parsing caused by
352 pointer arithmetic with NULL pointers
353 #404 #405 Fix reading uninitialized variable during parsing
354 #406 xmlwf: Add missing check for malloc NULL return
357 #396 Windows: Drop support for Visual Studio <=8.0/2005
358 #409 Windows: Add missing file "Changes" to the installer
359 to fix compilation with CMake from installed sources
360 #403 xmlwf: Document exit codes in xmlwf manpage and
361 exit with code 3 (rather than code 1) for output errors
362 when used with "-d DIRECTORY"
363 #356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0
364 #383 #392 Autotools: Use -Werror while configure tests the compiler
365 for supported compile flags to avoid false positives
366 #383 #393 #394 Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
367 e.g. ensure that they have the last word over flags added
368 while running ./configure
369 #360 CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
370 on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
371 #360 CMake: Detect and deny unsupported build combinations
372 involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
373 #360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case
374 of -DEXPAT_BUILD_DOCS=OFF
375 #375 #380 #419 CMake: Fix use of Expat by means of add_subdirectory
376 #407 #408 CMake: Keep expat target name constant at "expat"
377 (i.e. refrain from using the target name to control
378 build artifact filenames)
379 #385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
381 CMake: Expose man page compilation as target "xmlwf-manpage"
382 #413 #414 CMake: Introduce option EXPAT_BUILD_PKGCONFIG
383 to control generation of pkg-config file "expat.pc"
384 #424 CMake: Add minimalistic support for building binary packages
385 with CMake target "package"; based on CPack
386 #366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
387 default OFF to build fuzzer code against OSS-Fuzz and
388 related environment variable LIB_FUZZING_ENGINE
389 #354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
391 #356 #412 Address compiler warnings
392 #368 #369 Address pngcheck warnings with doc/*.png images
393 #425 Version info bumped from 7:11:6 to 7:12:6
408 Cppcheck 2.0 and the Cppcheck team
410 Release 2.2.9 Wed September 25 2019
412 examples: Drop executable bits from elements.c
413 #349 Windows: Change the name of the Windows DLLs from expat*.dll
414 to libexpat*.dll once more (regression from 2.2.8, first
415 fixed in 1.95.3, issue #61 on SourceForge today,
416 was issue #432456 back then); needs a fix due
417 case-insensitive file systems on Windows and the fact that
418 Perl's XML::Parser::Expat compiles into Expat.dll.
419 #347 Windows: Only define _CRT_RAND_S if not defined
420 Version info bumped from 7:10:6 to 7:11:6
425 Release 2.2.8 Fri September 13 2019
427 #317 #318 CVE-2019-15903 -- Fix heap overflow triggered by
428 XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
429 and deny internal entities closing the doctype;
430 fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
433 #240 Fix cases where XML_StopParser did not have any effect
434 when called from inside of an end element handler
435 #341 xmlwf: Fix exit code for operation without "-d DIRECTORY";
436 previously, only "-d DIRECTORY" would give you a proper
438 # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
440 # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
442 Now both cases return exit code 2.
445 #299 #302 Windows: Replace LoadLibrary hack to access
446 unofficial API function SystemFunction036 (RtlGenRandom)
447 by using official API function rand_s (needs WinXP+)
448 #325 Windows: Drop support for Visual Studio <=7.1/2003
449 and document supported compilers in README.md
450 #286 Windows: Remove COM code from xmlwf; in case it turns
451 out needed later, there will be a dedicated repository
452 below https://github.com/libexpat/ for that code
453 #322 Windows: Remove explicit MSVC solution and project files.
454 You can generate Visual Studio solution files through
455 CMake, e.g.: cmake -G"Visual Studio 15 2017" .
456 #338 xmlwf: Make "xmlwf -h" help output more friendly
457 #339 examples: Improve elements.c
458 #244 #264 Autotools: Add argument --enable-xml-attr-info
459 #239 #301 Autotools: Add arguments
463 --without-sys-getrandom
464 #312 #343 Autotools: Fix linking issues with "./configure LD=clang"
465 Autotools: Fix "make run-xmltest" for out-of-source builds
466 #329 #336 CMake: Pull all options from Expat <=2.2.7 into namespace
467 prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
468 - BUILD_doc -> EXPAT_BUILD_DOCS (plural)
469 - BUILD_examples -> EXPAT_BUILD_EXAMPLES
470 - BUILD_shared -> EXPAT_SHARED_LIBS
471 - BUILD_tests -> EXPAT_BUILD_TESTS
472 - BUILD_tools -> EXPAT_BUILD_TOOLS
473 - DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged)
474 - INSTALL -> EXPAT_ENABLE_INSTALL
475 - MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT
476 - USE_libbsd -> EXPAT_WITH_LIBBSD
477 - WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS
478 - XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES
479 - XML_DEV_URANDOM -> EXPAT_DEV_URANDOM
480 - XML_DTD -> EXPAT_DTD
482 - XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!)
483 - XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!)
484 #244 #264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
486 #326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
488 #328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
490 #239 #277 CMake: Add arguments
491 -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
492 -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
493 #326 CMake: Install expat_config.h to include directory
494 #326 CMake: Generate and install configuration files for
495 future find_package(expat [..] CONFIG [..])
496 CMake: Now produces a summary of applied configuration
497 CMake: Require C++ compiler only when tests are enabled
498 #330 CMake: Fix compilation for 16bit character types,
499 i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
500 #265 CMake: Fix linking with MinGW
501 #330 CMake: Add full support for MinGW; to enable, use
502 -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
503 #330 CMake: Port "make run-xmltest" from GNU Autotools to CMake
504 #316 CMake: Windows: Make binary postfix match MSVC
506 New: expat[w][d][MD|MT].lib
507 CMake: Migrate files from Windows to Unix line endings
508 #308 CMake: Integrate OSS-Fuzz fuzzers, option
509 -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
510 #14 Drop an OpenVMS support leftover
513 #313 #331 #333 Address compiler warnings
515 #284 #285 Address cppcheck warnings
516 #294 #295 Address Clang Static Analyzer warnings
517 #24 #293 Mass-apply clang-format 9 (and ensure conformance during CI)
518 Version info bumped from 7:9:6 to 7:10:6
531 Release 2.2.7 Wed June 19 2019
533 #186 #262 CVE-2018-20843 -- Fix extraction of namespace prefixes from
534 XML names; XML names with multiple colons could end up in
535 the wrong namespace, and take a high amount of RAM and CPU
536 resources while processing, opening the door to
537 use for denial-of-service attacks
540 #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop
541 exporting non-API symbols
542 #227 Autotools: Add --without-examples and --without-tests
543 #228 Autotools: Modernize configure.ac
544 #245 #246 Autotools: Fix check for -fvisibility=hidden for Clang
545 #247 #248 Autotools: Fix compilation for lack of docbook2x-man
546 #236 #258 Autotools: Produce .tar.{gz,lz,xz} release archives
547 #212 CMake: Make libdir of pkgconfig expat.pc support multilib
548 #158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
549 #219 Remove fallback to bcopy, assume that memmove(3) exists
550 #257 Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD)
551 #243 Windows: Fix syntax of .def module definition files
552 Version info bumped from 7:8:6 to 7:9:6
566 Release 2.2.6 Sun August 12 2018
568 #170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer
569 #204 #205 Fix 2.2.5 regression with suspend-resume while parsing
570 a document like '<root/>'
573 #165 #168 Autotools: Fix docbook-related configure syntax error
574 #166 Autotools: Avoid grep option `-q` for Solaris
575 #167 Autotools: Support
576 ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
577 #159 #167 Autotools: Support DOCBOOK_TO_MAN command which produces
578 xmlwf.1 rather than XMLWF.1; also covers case insensitive
580 #181 Autotools: Drop -rpath option passed to libtool
581 #188 Autotools: Detect and deny SGML docbook2man as ours is XML
582 #188 Autotools/CMake: Support command db2x_docbook2man as well
583 #174 CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
584 #184 #185 CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
585 #207 #208 CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
586 both defaulting to OFF
587 #175 CMake: Prefer check_symbol_exists over check_function_exists
588 #176 CMake: Create the same pkg-config file as with GNU Autotools
589 #178 #179 CMake: Use GNUInstallDirs module to set proper defaults for
591 #208 CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
592 #180 Windows: Fix compilation of test suite for Visual Studio 2008
593 #131 #173 #202 Address compiler warnings
594 #187 #190 #200 Fix miscellaneous typos
595 Version info bumped from 7:7:6 to 7:8:6
613 Release 2.2.5 Tue October 31 2017
615 #8 If the parser runs out of memory, make sure its internal
616 state reflects the memory it actually has, not the memory
618 #11 The default handler wasn't being called when it should for
619 a SYSTEM or PUBLIC doctype if an entity declaration handler
621 #137 #138 Fix a case of mistakenly reported parsing success where
622 XML_StopParser was called from an element handler
623 #162 Function XML_ErrorString was returning NULL rather than
624 a message for code XML_ERROR_INVALID_ARGUMENT
625 introduced with release 2.2.1
628 #106 xmlwf: Add argument -N adding notation declarations
629 #75 #106 Test suite: Resolve expected failure cases where xmlwf
630 output was incomplete
631 #127 Windows: Fix test suite compilation
632 #126 #127 Windows: Fix compilation for Visual Studio 2012
633 Windows: Upgrade shipped project files to Visual Studio 2017
634 #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
635 #129 examples: Fix compilation for XML_UNICODE_WCHAR_T
636 #130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T
637 #144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
638 Windows or MinGW for 2-byte wchar_t
639 #9 Address two Clang Static Analyzer false positives
640 #59 Resolve troublesome macros hiding parser struct membership
641 and dereferencing that pointer
642 #6 Resolve superfluous internal malloc/realloc switch
643 #153 #155 Improve docbook2x-man detection
644 #160 Undefine NDEBUG in the test suite (rather than rejecting it)
645 #161 Address compiler warnings
646 Version info bumped from 7:6:6 to 7:7:6
651 José Gutiérrez de la Concha
652 Pedro Monreal Gonzalez
657 Core Infrastructure Initiative
659 Release 2.2.4 Sat August 19 2017
661 #115 Fix copying of partial characters for UTF-8 input
664 #109 Fix "make check" for non-x86 architectures that default
665 to unsigned type char (-128..127 rather than 0..255)
666 #109 coverage.sh: Cover -funsigned-char
667 Autotools: Introduce --without-xmlwf argument
668 #65 Autotools: Replace handwritten Makefile with GNU Automake
669 #43 CMake: Auto-detect high quality entropy extractors, add new
670 option USE_libbsd=ON to use arc4random_buf of libbsd
671 #74 CMake: Add -fno-strict-aliasing only where supported
672 #114 CMake: Always honor manually set BUILD_* options
673 #114 CMake: Compile man page if docbook2x-man is available, only
674 #117 Include file tests/xmltest.log.expected in source tarball
675 (required for "make run-xmltest")
676 #117 Include (existing) Visual Studio 2013 files in source tarball
677 Improve test suite error output
678 #111 Fix some typos in documentation
679 Version info bumped from 7:5:6 to 7:6:6
687 Release 2.2.3 Wed August 2 2017
689 #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
690 using Steve Holme's LoadLibrary wrapper for/of cURL
693 #85 Fix a dangling pointer issue related to realloc
696 Increase code coverage
697 #91 Linux: Allow getrandom to fail if nonblocking pool has not
698 yet been initialized and read /dev/urandom then, instead.
699 This is in line with what recent Python does.
700 #81 Pre-10.7/Lion macOS: Support entropy from arc4random
701 #86 Check that a UTF-16 encoding in an XML declaration has the
703 #4 #5 #7 Recover correctly when some reallocations fail
704 Repair "./configure && make" for systems without any
705 provider of high quality entropy
706 and try reading /dev/urandom on those
707 Ensure that user-defined character encodings have converter
708 functions when they are needed
709 Fix mis-leading description of argument -c in xmlwf.1
710 Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
712 #100 Fix use of SIPHASH_MAIN in siphash.h
713 #23 Test suite: Fix memory leaks
714 Version info bumped from 7:4:6 to 7:5:6
725 Core Infrastructure Initiative
727 Release 2.2.2 Wed July 12 2017
729 #43 Protect against compilation without any source of high
730 quality entropy enabled, e.g. with CMake build system;
731 commit ff0207e6076e9828e536b8d9cd45c9c92069b895
732 #60 Windows with _UNICODE:
733 Unintended use of LoadLibraryW with a non-wide string
734 resulted in failure to load advapi32.dll and degradation
735 in quality of used entropy when compiled with _UNICODE for
736 Windows; you can launch existing binaries with
737 EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
738 quality of entropy used during runtime; commits
739 * 95b95032f907ef1cd17ee7a9a1768010a825d61d
740 * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
741 [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
742 resulted in NULL dereference, previously;
743 commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
746 #69 Fix improper use of unsigned long long integer literals
749 #73 Start requiring a C99 compiler
750 #49 Fix "==" Bashism in configure script
751 #50 Fix too eager getrandom detection for Debian GNU/kFreeBSD
753 #51 Address lack of stdint.h in Visual Studio 2003 to 2008
754 #58 Address compile warnings
755 #68 Fix "./buildconf.sh && ./configure" for some versions
757 #72 CMake: Ease use of Expat in context of a parent project
758 with multiple CMakeLists.txt files
759 #72 CMake: Resolve mistaken executable permissions
760 #76 Address compile warning with -DNDEBUG (not recommended!)
761 #77 Address compile warning about macro redefinition
768 László Böszörményi
775 Radically Open Security
777 Release 2.2.1 Sat June 17 2017
779 CVE-2017-9233 -- External entity infinite loop DoS
780 Details: https://libexpat.github.io/doc/cve-2017-9233/
781 Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
782 [MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
783 d4f735b88d9932bd5039df2335eefdd0723dbe20
784 (Fixed version of existing downstream patches!)
785 (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
786 longer tag names; commits
787 * 896b6c1fd3b842f377d1b62135dccf0a579cf65d
788 * af507cef2c93cb8d40062a0abe43a4f4e9158fb2
789 #16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
790 #25 More integer overflow detection (function poolGrow); commits
791 * 810b74e4703dcfdd8f404e3cb177d44684775143
792 * 44178553f3539ce69d34abee77a05e879a7982ac
793 [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
794 * 4be2cb5afcc018d996f34bbbce6374b7befad47f
795 * 7e5b71b748491b6e459e5c9a1d090820f94544d8
796 [MOX-005] #30 Use high quality entropy for hash initialization:
797 * arc4random_buf on BSD, systems with libbsd
798 (when configured with --with-libbsd), CloudABI
799 * RtlGenRandom on Windows XP / Server 2003 and later
800 * getrandom on Linux 3.17+
801 In a way, that's still part of CVE-2016-5300.
802 https://github.com/libexpat/libexpat/pull/30/commits
803 [MOX-005] For the low quality entropy extraction fallback code,
804 the parser instance address can no longer leak, commit
805 04ad658bd3079dd15cb60fc67087900f0ff4b083
806 [MOX-003] Prevent use of uninitialised variable; commit
807 [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
808 Add missing parameter validation to public API functions
809 and dedicated error code XML_ERROR_INVALID_ARGUMENT:
810 [MOX-006] * NULL checks; commits
811 * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
812 * 9ed727064b675b7180c98cb3d4f75efba6966681
813 * 6a747c837c50114dfa413994e07c0ba477be4534
814 * Negative length (XML_Parse); commit
815 [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
816 [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
817 to go further with fixing CVE-2012-0876.
818 https://github.com/libexpat/libexpat/pull/39/commits
821 #32 Fix sharing of hash salt across parsers;
822 relevant where XML_ExternalEntityParserCreate is called
823 prior to XML_Parse, in particular (e.g. FBReader)
824 #28 xmlwf: Auto-disable use of memory-mapping (and parsing
825 as a single chunk) for files larger than ~1 GB (2^30 bytes)
826 rather than failing with error "out of memory"
827 #3 Fix double free after malloc failure in DTD code; commit
828 7ae9c3d3af433cd4defe95234eae7dc8ed15637f
829 #17 Fix memory leak on parser error for unbound XML attribute
830 prefix with new namespaces defined in the same tag;
831 found by Google's OSS-Fuzz; commits
832 * 16f87daae5a16132e479e4f71862128c7a915c73
833 * b47dbc9745932c160893d433220e462bd605f8cd
834 xmlwf on Windows: Add missing calls to CloseHandle
837 #30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
838 for runtime debugging of entropy extraction
841 Increase code coverage
842 #33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
843 XML_UNICODE_WCHAR_T was never meant to be used outside
844 of Windows; 4-byte wchar_t is common on Linux
845 (SF.net) #538 Start using -fno-strict-aliasing
846 (SF.net) #540 Support compilation against cloudlibc of CloudABI
847 Allow MinGW cross-compilation
848 (SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default)
849 to bypass compilation of the xmlwf.1 man page
850 (SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default)
851 to bypass installation of expat files
852 CMake: Fix ninja support
853 Autotools: Add parameters --enable-xml-context [COUNT]
854 and --disable-xml-context; default of context of 1024
855 bytes enabled unchanged
856 #14 Drop AmigaOS 4.x code and includes
857 #14 Drop ancient build systems:
858 * Borland C++ Builder
862 * Pre-X Mac OS (MPW Makefile)
863 If you happen to rely on some of these, please get in
864 touch for joining with maintenance.
865 #10 Move from WIN32 to _WIN32
866 #13 Fix "make run-xmltest" order instability
867 Address compile warnings
868 Bump version info from 7:2:6 to 7:3:6
872 #1 Migrate from SourceForge to GitHub (except downloads):
873 https://github.com/libexpat/
874 #1 Re-create http://libexpat.org/ project website
875 Start utilizing Travis CI
888 Core Infrastructure Initiative
889 Mozilla Foundation (MOSS Track 3: Secure Open Source)
890 Radically Open Security
892 Release 2.2.0 Tue June 21 2016
894 #537 CVE-2016-0718 -- Fix crash on malformed input
895 CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
896 CVE-2015-2716 introduced with Expat 2.1.1
897 #499 CVE-2016-5300 -- Use more entropy for hash initialization
898 than the original fix to CVE-2012-0876
899 #519 CVE-2012-6702 -- Resolve troublesome internal call to srand
900 that was introduced with Expat 2.1.0
901 when addressing CVE-2012-0876 (issue #496)
904 Fix uninitialized reads of size 1
905 (e.g. in little2_updatePosition)
906 Fix detection of UTF-8 character boundaries
909 #532 Fix compilation for Visual Studio 2010 (keyword "C99")
910 Autotools: Resolve use of "$<" to better support bmake
911 Autotools: Add QA script "qa.sh" (and make target "qa")
912 Autotools: Respect CXXFLAGS if given
913 Autotools: Fix "make run-xmltest"
914 Autotools: Have "make run-xmltest" check for expected output
915 p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
916 #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
917 #323 CMake: Add suffix "d" to differentiate debug from release
918 CMake: Define WIN32 with CMake on Windows
919 Annotate memory allocators for GCC
920 Address all currently known compile warnings
921 Make sure that API symbols remain visible despite
923 Remove executable flag from source files
924 Resolve COMPILED_FROM_DSP in favor of WIN32
933 László Böszörményi
941 Release 2.1.1 Sat March 12 2016
943 #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
946 #502: Fix potential null pointer dereference
947 #520: Symbol XML_SetHashSalt was not exported
948 Output of "xmlwf -h" was incomplete
951 #503: Document behavior of calling XML_SetHashSalt with salt 0
952 Minor improvements to man page xmlwf(1)
953 Improvements to the experimental CMake build system
954 libtool now invoked with --verbose
956 Release 2.1.0 Sat March 24 2012
958 #2958794: CVE-2012-1148 - Memory leak in poolGrow.
959 #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
960 #3496608: CVE-2012-0876 - Hash DOS attack.
961 #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
962 #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
964 #1742315: Harmful XML_ParserCreateNS suggestion.
965 #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
966 #1983953, 2517952, 2517962, 2649838:
967 Build modifications using autoreconf instead of buildconf.sh.
968 #2815947, #2884086: OBJEXT and EXEEXT support while building.
969 #2517938: xmlwf should return non-zero exit status if not well-formed.
970 #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
971 #2855609: Dangling positionPtr after error.
972 #2990652: CMake support.
973 #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
974 #3206497: Uninitialized memory returned from XML_Parse.
975 #3287849: make check fails on mingw-w64.
977 #1749198: pkg-config support.
978 #3010222: Fix for bug #3010819.
979 #3312568: CMake support.
980 #3446384: Report byte offsets for attr names and values.
981 - New Features / API changes:
982 Added new API member XML_SetHashSalt() that allows setting an initial
983 value (salt) for hash calculations. This is part of the fix for
984 bug #3496608 to randomize hash parameters.
985 When compiled with XML_ATTR_INFO defined, adds new API member
986 XML_GetAttributeInfo() that allows retrieving the byte
987 offsets for attribute names and values (patch #3446384).
988 Added CMake build system.
989 See bug #2990652 and patch #3312568.
990 Added run-benchmark target to Makefile.in - relies on testdata module
991 present in the same relative location as in the repository.
993 Release 2.0.1 Tue June 5 2007
994 - Fixed bugs #1515266, #1515600: The character data handler's calling
995 of XML_StopParser() was not handled properly; if the parser was
996 stopped and the handler set to NULL, the parser would segfault.
997 - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
998 some character constants to be ASCII encoded.
999 - Minor cleanups of the test harness.
1000 - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
1001 - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
1002 - Fixes and improvements for Windows platform:
1003 bugs #1409451, #1476160, #1548182, #1602769, #1717322.
1004 - Build fixes for various platforms:
1005 HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
1006 All Unix: #1554618 (refreshed config.sub/config.guess).
1007 #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
1008 without relying on GNU-Make specific features.
1009 #1647805: Patched configure.in to work better with Intel compiler.
1010 - Fixes to Makefile.in to have make check work correctly:
1011 bugs #1408143, #1535603, #1536684.
1012 - Added Open Watcom support: patch #1523242.
1014 Release 2.0.0 Wed Jan 11 2006
1015 - We no longer use the "check" library for C unit testing; we
1016 always use the (partial) internal implementation of the API.
1017 - Report XML_NS setting via XML_GetFeatureList().
1018 - Fixed headers for use from C++.
1019 - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber()
1020 now return unsigned integers.
1021 - Added XML_LARGE_SIZE switch to enable 64-bit integers for
1022 byte indexes and line/column numbers.
1023 - Updated to use libtool 1.5.22 (the most recent).
1024 - Added support for AmigaOS.
1025 - Some mostly minor bug fixes. SF issues include: #1006708,
1026 #1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
1028 Release 1.95.8 Fri Jul 23 2004
1029 - Major new feature: suspend/resume. Handlers can now request
1030 that a parse be suspended for later resumption or aborted
1031 altogether. See "Temporarily Stopping Parsing" in the
1032 documentation for more details.
1033 - Some mostly minor bug fixes, but compilation should no
1034 longer generate warnings on most platforms. SF issues
1035 include: #827319, #840173, #846309, #888329, #896188, #923913,
1036 #928113, #961698, #985192.
1038 Release 1.95.7 Mon Oct 20 2003
1039 - Fixed enum XML_Status issue (reported on SourceForge many
1040 times), so compilers that are properly picky will be happy.
1041 - Introduced an XMLCALL macro to control the calling
1042 convention used by the Expat API; this macro should be used
1043 to annotate prototypes and definitions of callback
1044 implementations in code compiled with a calling convention
1045 other than the default convention for the host platform.
1046 - Improved ability to build without the configure-generated
1047 expat_config.h header. This is useful for applications
1048 which embed Expat rather than linking in the library.
1049 - Fixed a variety of bugs: see SF issues #458907, #609603,
1050 #676844, #679754, #692878, #692964, #695401, #699323, #699487,
1052 - Improved hash table lookups.
1053 - Added more regression tests and improved documentation.
1055 Release 1.95.6 Tue Jan 28 2003
1056 - Added XML_FreeContentModel().
1057 - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
1058 - Fixed a variety of bugs: see SF issues #615606, #616863,
1059 #618199, #653180, #673791.
1060 - Enhanced the regression test suite.
1061 - Man page improvements: includes SF issue #632146.
1063 Release 1.95.5 Fri Sep 6 2002
1064 - Added XML_UseForeignDTD() for improved SAX2 support.
1065 - Added XML_GetFeatureList().
1066 - Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
1067 - Use an incomplete struct instead of a void* for the parser
1069 - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
1070 - Finally fixed bug where default handler would report DTD
1071 events that were already handled by another handler.
1072 Initial patch contributed by Darryl Miles.
1073 - Removed unnecessary DllMain() function that caused static
1074 linking into a DLL to be difficult.
1075 - Added VC++ projects for building static libraries.
1076 - Reduced line-length for all source code and headers to be
1077 no longer than 80 characters, to help with AS/400 support.
1078 - Reduced memory copying during parsing (SF patch #600964).
1079 - Fixed a variety of bugs: see SF issues #580793, #434664,
1080 #483514, #580503, #581069, #584041, #584183, #584832, #585537,
1081 #596555, #596678, #598352, #598944, #599715, #600479, #600971.
1083 Release 1.95.4 Fri Jul 12 2002
1084 - Added support for VMS, contributed by Craig Berry. See
1085 vms/README.vms for more information.
1086 - Added Mac OS (classic) support, with a makefile for MPW,
1087 contributed by Thomas Wegner and Daryle Walker.
1088 - Added Borland C++ Builder 5 / BCC 5.5 support, contributed
1089 by Patrick McConnell (SF patch #538032).
1090 - Fixed a variety of bugs: see SF issues #441449, #563184,
1091 #564342, #566334, #566901, #569461, #570263, #575168, #579196.
1092 - Made skippedEntityHandler conform to SAX2 (see source comment)
1093 - Re-implemented WFC: Entity Declared from XML 1.0 spec and
1094 added a new error "entity declared in parameter entity":
1095 see SF bug report #569461 and SF patch #578161
1096 - Re-implemented section 5.1 from XML 1.0 spec:
1097 see SF bug report #570263 and SF patch #578161
1099 Release 1.95.3 Mon Jun 3 2002
1100 - Added a project to the MSVC workspace to create a wchar_t
1101 version of the library; the DLLs are named libexpatw.dll.
1102 - Changed the name of the Windows DLLs from expat.dll to
1103 libexpat.dll; this fixes SF bug #432456.
1104 - Added the XML_ParserReset() API function.
1105 - Fixed XML_SetReturnNSTriplet() to work for element names.
1106 - Made the XML_UNICODE builds usable (thanks, Karl!).
1107 - Allow xmlwf to read from standard input.
1108 - Install a man page for xmlwf on Unix systems.
1109 - Fixed many bugs; see SF bug reports #231864, #461380, #464837,
1110 #466885, #469226, #477667, #484419, #487840, #494749, #496505,
1111 #547350. Other bugs which we can't test as easily may also
1112 have been fixed, especially in the area of build support.
1114 Release 1.95.2 Fri Jul 27 2001
1115 - More changes to make MSVC happy with the build; add a single
1116 workspace to support both the library and xmlwf application.
1117 - Added a Windows installer for Windows users; includes
1119 - Added compile-time constants that can be used to determine the
1121 - Removed a lot of GNU-specific dependencies to aide portability
1122 among the various Unix flavors.
1123 - Fix the UTF-8 BOM bug.
1124 - Cleaned up warning messages for several compilers.
1125 - Added the -Wall, -Wstrict-prototypes options for GCC.
1127 Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
1128 - Changes to get expat to build under Microsoft compiler
1129 - Removed all aborts and instead return an UNEXPECTED_STATE error.
1130 - Fixed a bug where a stray '%' in an entity value would cause an
1132 - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
1133 finding this oversight.
1134 - Changed default patterns in lib/Makefile.in to fit non-GNU makes
1135 Thanks to robin@unrated.net for reporting and providing an
1137 - The reference had the wrong label for XML_SetStartNamespaceDecl.
1138 Reported by an anonymous user.
1140 Release 1.95.0 Fri Sep 29 2000
1141 - XML_ParserCreate_MM
1142 Allows you to set a memory management suite to replace the
1143 standard malloc,realloc, and free.
1144 - XML_SetReturnNSTriplet
1145 If you turn this feature on when namespace processing is in
1146 effect, then qualified, prefixed element and attribute names
1147 are returned as "uri|name|prefix" where '|' is whatever
1148 separator character is used in namespace processing.
1149 - Merged in features from perl-expat
1150 o XML_SetElementDeclHandler
1151 o XML_SetAttlistDeclHandler
1152 o XML_SetXmlDeclHandler
1153 o XML_SetEntityDeclHandler
1154 o StartDoctypeDeclHandler takes 3 additional parameters:
1155 sysid, pubid, has_internal_subset
1156 o Many paired handler setters (like XML_SetElementHandler)
1157 now have corresponding individual handler setters
1158 o XML_GetInputContext for getting the input context of
1159 the current parse position.
1160 - Added reference material
1161 - Packaged into a distribution that builds a sharable library