Changes revision 302305
1302305SdelphijRelease 2.2.0 Tue June 21 2016 2302305Sdelphij Security fixes: 3302305Sdelphij #537 CVE-2016-0718 -- Fix crash on malformed input 4302305Sdelphij CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / 5302305Sdelphij CVE-2015-2716 introduced with Expat 2.1.1 6302305Sdelphij #499 CVE-2016-5300 -- Use more entropy for hash initialization 7302305Sdelphij than the original fix to CVE-2012-0876 8302305Sdelphij #519 CVE-2012-6702 -- Resolve troublesome internal call to srand 9302305Sdelphij that was introduced with Expat 2.1.0 10302305Sdelphij when addressing CVE-2012-0876 (issue #496) 11302305Sdelphij 12302305Sdelphij Bug fixes: 13302305Sdelphij Fix uninitialized reads of size 1 14302305Sdelphij (e.g. in little2_updatePosition) 15302305Sdelphij Fix detection of UTF-8 character boundaries 16302305Sdelphij 17302305Sdelphij Other changes: 18302305Sdelphij #532 Fix compilation for Visual Studio 2010 (keyword "C99") 19302305Sdelphij Autotools: Resolve use of "$<" to better support bmake 20302305Sdelphij Autotools: Add QA script "qa.sh" (and make target "qa") 21302305Sdelphij Autotools: Respect CXXFLAGS if given 22302305Sdelphij Autotools: Fix "make run-xmltest" 23302305Sdelphij Autotools: Have "make run-xmltest" check for expected output 24302305Sdelphij p90 CMake: Fix static build (BUILD_shared=OFF) on Windows 25302305Sdelphij #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass 26302305Sdelphij #323 CMake: Add suffix "d" to differentiate debug from release 27302305Sdelphij CMake: Define WIN32 with CMake on Windows 28302305Sdelphij Annotate memory allocators for GCC 29302305Sdelphij Address all currently known compile warnings 30302305Sdelphij Make sure that API symbols remain visible despite 31302305Sdelphij -fvisibility=hidden 32302305Sdelphij Remove executable flag from source files 33302305Sdelphij Resolve COMPILED_FROM_DSP in favor of WIN32 34302305Sdelphij 35302305Sdelphij Special thanks to: 36302305Sdelphij Bj��rn Lindahl 37302305Sdelphij Christian Heimes 38302305Sdelphij Cristian Rodr��guez 39302305Sdelphij Daniel Kr��gler 40302305Sdelphij Gustavo Grieco 41302305Sdelphij Karl Waclawek 42302305Sdelphij L��szl�� B��sz��rm��nyi 43302305Sdelphij Marco Grassi 44302305Sdelphij Pascal Cuoq 45302305Sdelphij Sergei Nikulov 46302305Sdelphij Thomas Beutlich 47302305Sdelphij Warren Young 48302305Sdelphij Yann Droneaud 49302305Sdelphij 50302305SdelphijRelease 2.1.1 Sat March 12 2016 51302305Sdelphij Security fixes: 52302305Sdelphij #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer 53302305Sdelphij 54302305Sdelphij Bug fixes: 55302305Sdelphij #502: Fix potential null pointer dereference 56302305Sdelphij #520: Symbol XML_SetHashSalt was not exported 57302305Sdelphij Output of "xmlwf -h" was incomplete 58302305Sdelphij 59302305Sdelphij Other changes: 60302305Sdelphij #503: Document behavior of calling XML_SetHashSalt with salt 0 61302305Sdelphij Minor improvements to man page xmlwf(1) 62302305Sdelphij Improvements to the experimental CMake build system 63302305Sdelphij libtool now invoked with --verbose 64302305Sdelphij 65247296SdelphijRelease 2.1.0 Sat March 24 2012 66247296Sdelphij - Bug Fixes: 67247296Sdelphij #1742315: Harmful XML_ParserCreateNS suggestion. 68247296Sdelphij #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. 69247296Sdelphij #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. 70247296Sdelphij #1983953, 2517952, 2517962, 2649838: 71247296Sdelphij Build modifications using autoreconf instead of buildconf.sh. 72247296Sdelphij #2815947, #2884086: OBJEXT and EXEEXT support while building. 73247296Sdelphij #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. 74247296Sdelphij #2517938: xmlwf should return non-zero exit status if not well-formed. 75247296Sdelphij #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. 76247296Sdelphij #2855609: Dangling positionPtr after error. 77247296Sdelphij #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). 78247296Sdelphij #2958794: CVE-2012-1148 - Memory leak in poolGrow. 79247296Sdelphij #2990652: CMake support. 80247296Sdelphij #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. 81247296Sdelphij #3206497: Unitialized memory returned from XML_Parse. 82247296Sdelphij #3287849: make check fails on mingw-w64. 83247296Sdelphij #3496608: CVE-2012-0876 - Hash DOS attack. 84247296Sdelphij - Patches: 85247296Sdelphij #1749198: pkg-config support. 86247296Sdelphij #3010222: Fix for bug #3010819. 87247296Sdelphij #3312568: CMake support. 88247296Sdelphij #3446384: Report byte offsets for attr names and values. 89247296Sdelphij - New Features / API changes: 90302305Sdelphij Added new API member XML_SetHashSalt() that allows setting an initial 91247296Sdelphij value (salt) for hash calculations. This is part of the fix for 92247296Sdelphij bug #3496608 to randomize hash parameters. 93247296Sdelphij When compiled with XML_ATTR_INFO defined, adds new API member 94247296Sdelphij XML_GetAttributeInfo() that allows retrieving the byte 95247296Sdelphij offsets for attribute names and values (patch #3446384). 96247296Sdelphij Added CMake build system. 97247296Sdelphij See bug #2990652 and patch #3312568. 98247296Sdelphij Added run-benchmark target to Makefile.in - relies on testdata module 99247296Sdelphij present in the same relative location as in the repository. 100247296Sdelphij 101178848ScokaneRelease 2.0.1 Tue June 5 2007 102247296Sdelphij - Fixed bugs #1515266, #1515600: The character data handler's calling 103178848Scokane of XML_StopParser() was not handled properly; if the parser was 104178848Scokane stopped and the handler set to NULL, the parser would segfault. 105178848Scokane - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed 106178848Scokane some character constants to be ASCII encoded. 107178848Scokane - Minor cleanups of the test harness. 108178848Scokane - Fixed xmlwf bug #1513566: "out of memory" error on file size zero. 109178848Scokane - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call. 110178848Scokane - Fixes and improvements for Windows platform: 111247296Sdelphij bugs #1409451, #1476160, #1548182, #1602769, #1717322. 112178848Scokane - Build fixes for various platforms: 113178848Scokane HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180. 114178848Scokane All Unix: #1554618 (refreshed config.sub/config.guess). 115178848Scokane #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT, 116178848Scokane without relying on GNU-Make specific features. 117178848Scokane #1647805: Patched configure.in to work better with Intel compiler. 118178848Scokane - Fixes to Makefile.in to have make check work correctly: 119178848Scokane bugs #1408143, #1535603, #1536684. 120178848Scokane - Added Open Watcom support: patch #1523242. 121178848Scokane 122178848ScokaneRelease 2.0.0 Wed Jan 11 2006 123178848Scokane - We no longer use the "check" library for C unit testing; we 124178848Scokane always use the (partial) internal implementation of the API. 125178848Scokane - Report XML_NS setting via XML_GetFeatureList(). 126178848Scokane - Fixed headers for use from C++. 127178848Scokane - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber() 128178848Scokane now return unsigned integers. 129178848Scokane - Added XML_LARGE_SIZE switch to enable 64-bit integers for 130178848Scokane byte indexes and line/column numbers. 131178848Scokane - Updated to use libtool 1.5.22 (the most recent). 132178848Scokane - Added support for AmigaOS. 133247296Sdelphij - Some mostly minor bug fixes. SF issues include: #1006708, 134247296Sdelphij #1021776, #1023646, #1114960, #1156398, #1221160, #1271642. 135178848Scokane 136178848ScokaneRelease 1.95.8 Fri Jul 23 2004 137178848Scokane - Major new feature: suspend/resume. Handlers can now request 138178848Scokane that a parse be suspended for later resumption or aborted 139178848Scokane altogether. See "Temporarily Stopping Parsing" in the 140178848Scokane documentation for more details. 141178848Scokane - Some mostly minor bug fixes, but compilation should no 142178848Scokane longer generate warnings on most platforms. SF issues 143247296Sdelphij include: #827319, #840173, #846309, #888329, #896188, #923913, 144247296Sdelphij #928113, #961698, #985192. 145178848Scokane 146178848ScokaneRelease 1.95.7 Mon Oct 20 2003 147178848Scokane - Fixed enum XML_Status issue (reported on SourceForge many 148178848Scokane times), so compilers that are properly picky will be happy. 149178848Scokane - Introduced an XMLCALL macro to control the calling 150178848Scokane convention used by the Expat API; this macro should be used 151178848Scokane to annotate prototypes and definitions of callback 152178848Scokane implementations in code compiled with a calling convention 153178848Scokane other than the default convention for the host platform. 154178848Scokane - Improved ability to build without the configure-generated 155178848Scokane expat_config.h header. This is useful for applications 156178848Scokane which embed Expat rather than linking in the library. 157247296Sdelphij - Fixed a variety of bugs: see SF issues #458907, #609603, 158247296Sdelphij #676844, #679754, #692878, #692964, #695401, #699323, #699487, 159247296Sdelphij #820946. 160178848Scokane - Improved hash table lookups. 161178848Scokane - Added more regression tests and improved documentation. 162178848Scokane 163178848ScokaneRelease 1.95.6 Tue Jan 28 2003 164178848Scokane - Added XML_FreeContentModel(). 165178848Scokane - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree(). 166247296Sdelphij - Fixed a variety of bugs: see SF issues #615606, #616863, 167247296Sdelphij #618199, #653180, #673791. 168178848Scokane - Enhanced the regression test suite. 169247296Sdelphij - Man page improvements: includes SF issue #632146. 170178848Scokane 171104349SphkRelease 1.95.5 Fri Sep 6 2002 172104349Sphk - Added XML_UseForeignDTD() for improved SAX2 support. 173104349Sphk - Added XML_GetFeatureList(). 174104349Sphk - Defined XML_Bool type and the values XML_TRUE and XML_FALSE. 175104349Sphk - Use an incomplete struct instead of a void* for the parser 176104349Sphk (may not retain). 177104349Sphk - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected. 178104349Sphk - Finally fixed bug where default handler would report DTD 179104349Sphk events that were already handled by another handler. 180178848Scokane Initial patch contributed by Darryl Miles. 181104349Sphk - Removed unnecessary DllMain() function that caused static 182104349Sphk linking into a DLL to be difficult. 183104349Sphk - Added VC++ projects for building static libraries. 184104349Sphk - Reduced line-length for all source code and headers to be 185104349Sphk no longer than 80 characters, to help with AS/400 support. 186104349Sphk - Reduced memory copying during parsing (SF patch #600964). 187247296Sdelphij - Fixed a variety of bugs: see SF issues #580793, #434664, 188247296Sdelphij #483514, #580503, #581069, #584041, #584183, #584832, #585537, 189247296Sdelphij #596555, #596678, #598352, #598944, #599715, #600479, #600971. 190104349Sphk 191104349SphkRelease 1.95.4 Fri Jul 12 2002 192104349Sphk - Added support for VMS, contributed by Craig Berry. See 193104349Sphk vms/README.vms for more information. 194104349Sphk - Added Mac OS (classic) support, with a makefile for MPW, 195104349Sphk contributed by Thomas Wegner and Daryle Walker. 196104349Sphk - Added Borland C++ Builder 5 / BCC 5.5 support, contributed 197104349Sphk by Patrick McConnell (SF patch #538032). 198247296Sdelphij - Fixed a variety of bugs: see SF issues #441449, #563184, 199247296Sdelphij #564342, #566334, #566901, #569461, #570263, #575168, #579196. 200104349Sphk - Made skippedEntityHandler conform to SAX2 (see source comment) 201104349Sphk - Re-implemented WFC: Entity Declared from XML 1.0 spec and 202104349Sphk added a new error "entity declared in parameter entity": 203247296Sdelphij see SF bug report #569461 and SF patch #578161 204104349Sphk - Re-implemented section 5.1 from XML 1.0 spec: 205247296Sdelphij see SF bug report #570263 and SF patch #578161 206104349Sphk 207104349SphkRelease 1.95.3 Mon Jun 3 2002 208104349Sphk - Added a project to the MSVC workspace to create a wchar_t 209104349Sphk version of the library; the DLLs are named libexpatw.dll. 210104349Sphk - Changed the name of the Windows DLLs from expat.dll to 211104349Sphk libexpat.dll; this fixes SF bug #432456. 212104349Sphk - Added the XML_ParserReset() API function. 213104349Sphk - Fixed XML_SetReturnNSTriplet() to work for element names. 214104349Sphk - Made the XML_UNICODE builds usable (thanks, Karl!). 215104349Sphk - Allow xmlwf to read from standard input. 216104349Sphk - Install a man page for xmlwf on Unix systems. 217247296Sdelphij - Fixed many bugs; see SF bug reports #231864, #461380, #464837, 218247296Sdelphij #466885, #469226, #477667, #484419, #487840, #494749, #496505, 219247296Sdelphij #547350. Other bugs which we can't test as easily may also 220104349Sphk have been fixed, especially in the area of build support. 221104349Sphk 222104349SphkRelease 1.95.2 Fri Jul 27 2001 223104349Sphk - More changes to make MSVC happy with the build; add a single 224104349Sphk workspace to support both the library and xmlwf application. 225104349Sphk - Added a Windows installer for Windows users; includes 226104349Sphk xmlwf.exe. 227104349Sphk - Added compile-time constants that can be used to determine the 228104349Sphk Expat version 229104349Sphk - Removed a lot of GNU-specific dependencies to aide portability 230104349Sphk among the various Unix flavors. 231104349Sphk - Fix the UTF-8 BOM bug. 232104349Sphk - Cleaned up warning messages for several compilers. 233104349Sphk - Added the -Wall, -Wstrict-prototypes options for GCC. 234104349Sphk 235104349SphkRelease 1.95.1 Sun Oct 22 15:11:36 EDT 2000 236104349Sphk - Changes to get expat to build under Microsoft compiler 237104349Sphk - Removed all aborts and instead return an UNEXPECTED_STATE error. 238104349Sphk - Fixed a bug where a stray '%' in an entity value would cause an 239104349Sphk abort. 240104349Sphk - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for 241104349Sphk finding this oversight. 242104349Sphk - Changed default patterns in lib/Makefile.in to fit non-GNU makes 243104349Sphk Thanks to robin@unrated.net for reporting and providing an 244104349Sphk account to test on. 245104349Sphk - The reference had the wrong label for XML_SetStartNamespaceDecl. 246104349Sphk Reported by an anonymous user. 247104349Sphk 248104349SphkRelease 1.95.0 Fri Sep 29 2000 249104349Sphk - XML_ParserCreate_MM 250104349Sphk Allows you to set a memory management suite to replace the 251104349Sphk standard malloc,realloc, and free. 252104349Sphk - XML_SetReturnNSTriplet 253104349Sphk If you turn this feature on when namespace processing is in 254104349Sphk effect, then qualified, prefixed element and attribute names 255104349Sphk are returned as "uri|name|prefix" where '|' is whatever 256104349Sphk separator character is used in namespace processing. 257104349Sphk - Merged in features from perl-expat 258104349Sphk o XML_SetElementDeclHandler 259104349Sphk o XML_SetAttlistDeclHandler 260104349Sphk o XML_SetXmlDeclHandler 261104349Sphk o XML_SetEntityDeclHandler 262104349Sphk o StartDoctypeDeclHandler takes 3 additional parameters: 263104349Sphk sysid, pubid, has_internal_subset 264104349Sphk o Many paired handler setters (like XML_SetElementHandler) 265104349Sphk now have corresponding individual handler setters 266104349Sphk o XML_GetInputContext for getting the input context of 267104349Sphk the current parse position. 268104349Sphk - Added reference material 269104349Sphk - Packaged into a distribution that builds a sharable library 270