libexpat/expat/Changes

319 lines
16 KiB
Plaintext
Raw Normal View History

Release ??????????
2017-05-01 09:53:47 -04:00
Security fixes:
CVE-2016-9063 -- Detect integer overflow
2017-05-05 16:10:44 -04:00
#25 More integer overflow detection (function poolGrow)
Bug fixes:
#539 Fix regression from fix to CVE-2016-0718 cutting off
longer tag names
2017-02-14 17:53:48 -05:00
#3 Fix double free after malloc failure in DTD code
https://github.com/libexpat/libexpat/issues/3
2017-04-26 13:05:08 -04:00
#17 Fix memory leak on parser error for unbound XML attribute
prefix with new namespaces defined in the same tag;
found by Google's OSS-Fuzz
https://github.com/libexpat/libexpat/issues/17
2017-05-24 12:48:16 -04:00
#28 xmlwf: Auto-disable use of memory-mapping (and parsing
as a single chunk) for files larger than ~1 GB (2^30 bytes)
rather than failing with error "out of memory"
2016-07-30 10:54:50 -04:00
Other changes:
#538 Start using -fno-strict-aliasing
2016-07-30 10:54:50 -04:00
#540 Support compilation against cloudlibc of CloudABI
2016-08-15 12:48:14 -04:00
#534 CMake: Introduce option "BUILD_doc" (enabled by default)
to bypass compilation of the xmlwf.1 man page
2016-11-20 12:12:35 -05:00
pr2 CMake: Introduce option "INSTALL" (enabled by default)
to bypass installation of expat files
Autotools: Add parameters --enable-xml-context [COUNT]
and --disable-xml-context; default of context of 1024
bytes enabled unchanged
#14 Drop AmigaOS 4.x code
#14 Drop ancient build systems:
* Borland C++ Builder
* OpenVMS
* Open Watcom
* Visual Studio 6.0
If you happen to rely on some of these, please get in touch
for joining with maintenance.
2016-07-30 10:54:50 -04:00
Special thanks to:
Andy Wang
2016-08-12 17:43:56 -04:00
Don Lewis
2016-07-30 10:54:50 -04:00
Ed Schouten
Karl Waclawek
Pascal Cuoq
Rhodri James
2016-08-15 12:48:14 -04:00
Sergei Nikulov
2016-11-20 12:16:27 -05:00
Tobias Taschner
Viktor Szakats
2016-06-21 08:58:38 -04:00
Release 2.2.0 Tue June 21 2016
2016-03-28 16:23:43 -04:00
Security fixes:
2016-06-17 17:39:29 -04:00
#537 CVE-2016-0718 -- Fix crash on malformed input
CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
CVE-2015-2716 introduced with Expat 2.1.1
#499 CVE-2016-5300 -- Use more entropy for hash initialization
than the original fix to CVE-2012-0876
#519 CVE-2012-6702 -- Resolve troublesome internal call to srand
that was introduced with Expat 2.1.0
when addressing CVE-2012-0876 (issue #496)
Bug fixes:
Fix uninitialized reads of size 1
(e.g. in little2_updatePosition)
Fix detection of UTF-8 character boundaries
2016-03-28 16:23:43 -04:00
Other changes:
#532 Fix compilation for Visual Studio 2010 (keyword "C99")
Autotools: Resolve use of "$<" to better support bmake
Autotools: Add QA script "qa.sh" (and make target "qa")
Autotools: Respect CXXFLAGS if given
Autotools: Fix "make run-xmltest"
Autotools: Have "make run-xmltest" check for expected output
p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
#536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
#323 CMake: Add suffix "d" to differentiate debug from release
CMake: Define WIN32 with CMake on Windows
Annotate memory allocators for GCC
Address all currently known compile warnings
Make sure that API symbols remain visible despite
-fvisibility=hidden
Remove executable flag from source files
Resolve COMPILED_FROM_DSP in favor of WIN32
Special thanks to:
Björn Lindahl
Christian Heimes
Cristian Rodríguez
Daniel Krügler
Gustavo Grieco
Karl Waclawek
2016-06-04 16:09:37 -04:00
László Böszörményi
Marco Grassi
Pascal Cuoq
Sergei Nikulov
Thomas Beutlich
Warren Young
Yann Droneaud
2016-03-28 16:23:43 -04:00
2016-03-11 22:21:09 -05:00
Release 2.1.1 Sat March 12 2016
2016-03-02 12:44:13 -05:00
Security fixes:
#582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
Bug fixes:
2016-03-11 20:57:41 -05:00
#502: Fix potential null pointer dereference
2016-03-02 12:44:13 -05:00
#520: Symbol XML_SetHashSalt was not exported
Output of "xmlwf -h" was incomplete
2016-03-28 16:23:43 -04:00
Other changes:
2016-03-02 12:44:13 -05:00
#503: Document behavior of calling XML_SetHashSalt with salt 0
Minor improvements to man page xmlwf(1)
Improvements to the experimental CMake build system
libtool now invoked with --verbose
2012-03-24 15:06:25 -04:00
Release 2.1.0 Sat March 24 2012
- Security fixes:
#2958794: CVE-2012-1148 - Memory leak in poolGrow.
#2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
#3496608: CVE-2012-0876 - Hash DOS attack.
#2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
#1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
2012-03-24 15:06:25 -04:00
- Bug Fixes:
#1742315: Harmful XML_ParserCreateNS suggestion.
#1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
#1983953, 2517952, 2517962, 2649838:
Build modifications using autoreconf instead of buildconf.sh.
#2815947, #2884086: OBJEXT and EXEEXT support while building.
#2517938: xmlwf should return non-zero exit status if not well-formed.
#2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
#2855609: Dangling positionPtr after error.
#2990652: CMake support.
#3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
#3206497: Unitialized memory returned from XML_Parse.
#3287849: make check fails on mingw-w64.
- Patches:
#1749198: pkg-config support.
#3010222: Fix for bug #3010819.
#3312568: CMake support.
#3446384: Report byte offsets for attr names and values.
- New Features / API changes:
2012-04-14 15:51:29 -04:00
Added new API member XML_SetHashSalt() that allows setting an initial
2012-03-24 15:06:25 -04:00
value (salt) for hash calculations. This is part of the fix for
bug #3496608 to randomize hash parameters.
When compiled with XML_ATTR_INFO defined, adds new API member
XML_GetAttributeInfo() that allows retrieving the byte
offsets for attribute names and values (patch #3446384).
Added CMake build system.
See bug #2990652 and patch #3312568.
Added run-benchmark target to Makefile.in - relies on testdata module
present in the same relative location as in the repository.
2007-06-05 11:06:01 -04:00
Release 2.0.1 Tue June 5 2007
- Fixed bugs #1515266, #1515600: The character data handler's calling
of XML_StopParser() was not handled properly; if the parser was
2006-11-26 22:05:20 -05:00
stopped and the handler set to NULL, the parser would segfault.
- Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
some character constants to be ASCII encoded.
- Minor cleanups of the test harness.
2006-11-26 22:05:20 -05:00
- Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
- Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
2006-11-26 21:51:58 -05:00
- Fixes and improvements for Windows platform:
bugs #1409451, #1476160, #1548182, #1602769, #1717322.
2006-11-26 21:51:58 -05:00
- Build fixes for various platforms:
HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
All Unix: #1554618 (refreshed config.sub/config.guess).
#1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
without relying on GNU-Make specific features.
#1647805: Patched configure.in to work better with Intel compiler.
2006-11-26 22:05:20 -05:00
- Fixes to Makefile.in to have make check work correctly:
2006-11-26 21:51:58 -05:00
bugs #1408143, #1535603, #1536684.
2007-06-05 11:06:01 -04:00
- Added Open Watcom support: patch #1523242.
2006-01-09 20:24:20 -05:00
Release 2.0.0 Wed Jan 11 2006
- We no longer use the "check" library for C unit testing; we
always use the (partial) internal implementation of the API.
- Report XML_NS setting via XML_GetFeatureList().
2005-01-29 00:11:13 -05:00
- Fixed headers for use from C++.
2006-01-10 20:01:23 -05:00
- XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber()
now return unsigned integers.
- Added XML_LARGE_SIZE switch to enable 64-bit integers for
byte indexes and line/column numbers.
2006-01-05 22:59:05 -05:00
- Updated to use libtool 1.5.22 (the most recent).
2005-11-27 16:50:47 -05:00
- Added support for AmigaOS.
- Some mostly minor bug fixes. SF issues include: #1006708,
#1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
2004-07-23 00:48:36 -04:00
Release 1.95.8 Fri Jul 23 2004
- Major new feature: suspend/resume. Handlers can now request
that a parse be suspended for later resumption or aborted
altogether. See "Temporarily Stopping Parsing" in the
documentation for more details.
- Some mostly minor bug fixes, but compilation should no
longer generate warnings on most platforms. SF issues
include: #827319, #840173, #846309, #888329, #896188, #923913,
#928113, #961698, #985192.
2004-07-23 00:48:36 -04:00
2003-10-20 17:11:27 -04:00
Release 1.95.7 Mon Oct 20 2003
- Fixed enum XML_Status issue (reported on SourceForge many
times), so compilers that are properly picky will be happy.
- Introduced an XMLCALL macro to control the calling
convention used by the Expat API; this macro should be used
to annotate prototypes and definitions of callback
implementations in code compiled with a calling convention
other than the default convention for the host platform.
2003-10-16 01:05:16 -04:00
- Improved ability to build without the configure-generated
expat_config.h header. This is useful for applications
which embed Expat rather than linking in the library.
- Fixed a variety of bugs: see SF issues #458907, #609603,
#676844, #679754, #692878, #692964, #695401, #699323, #699487,
#820946.
2003-10-09 08:18:41 -04:00
- Improved hash table lookups.
- Added more regression tests and improved documentation.
2003-01-28 00:54:33 -05:00
Release 1.95.6 Tue Jan 28 2003
2003-01-16 18:24:38 -05:00
- Added XML_FreeContentModel().
- Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
- Fixed a variety of bugs: see SF issues #615606, #616863,
#618199, #653180, #673791.
2003-01-16 18:24:38 -05:00
- Enhanced the regression test suite.
- Man page improvements: includes SF issue #632146.
2002-10-07 16:25:24 -04:00
Release 1.95.5 Fri Sep 6 2002
2002-08-29 12:48:01 -04:00
- Added XML_UseForeignDTD() for improved SAX2 support.
- Added XML_GetFeatureList().
- Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
- Use an incomplete struct instead of a void* for the parser
(may not retain).
- Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
2002-08-29 14:06:31 -04:00
- Finally fixed bug where default handler would report DTD
events that were already handled by another handler.
2002-09-19 16:19:51 -04:00
Initial patch contributed by Darryl Miles.
2002-08-29 12:48:01 -04:00
- Removed unnecessary DllMain() function that caused static
linking into a DLL to be difficult.
- Added VC++ projects for building static libraries.
- Reduced line-length for all source code and headers to be
no longer than 80 characters, to help with AS/400 support.
- Reduced memory copying during parsing (SF patch #600964).
- Fixed a variety of bugs: see SF issues #580793, #434664,
#483514, #580503, #581069, #584041, #584183, #584832, #585537,
#596555, #596678, #598352, #598944, #599715, #600479, #600971.
2002-08-27 12:14:35 -04:00
Release 1.95.4 Fri Jul 12 2002
2002-08-29 12:48:01 -04:00
- Added support for VMS, contributed by Craig Berry. See
vms/README.vms for more information.
- Added Mac OS (classic) support, with a makefile for MPW,
contributed by Thomas Wegner and Daryle Walker.
- Added Borland C++ Builder 5 / BCC 5.5 support, contributed
by Patrick McConnell (SF patch #538032).
- Fixed a variety of bugs: see SF issues #441449, #563184,
#564342, #566334, #566901, #569461, #570263, #575168, #579196.
2002-08-29 12:48:01 -04:00
- Made skippedEntityHandler conform to SAX2 (see source comment)
- Re-implemented WFC: Entity Declared from XML 1.0 spec and
added a new error "entity declared in parameter entity":
see SF bug report #569461 and SF patch #578161
2002-08-29 12:48:01 -04:00
- Re-implemented section 5.1 from XML 1.0 spec:
see SF bug report #570263 and SF patch #578161
Release 1.95.3 Mon Jun 3 2002
2002-08-29 12:48:01 -04:00
- Added a project to the MSVC workspace to create a wchar_t
version of the library; the DLLs are named libexpatw.dll.
- Changed the name of the Windows DLLs from expat.dll to
libexpat.dll; this fixes SF bug #432456.
- Added the XML_ParserReset() API function.
- Fixed XML_SetReturnNSTriplet() to work for element names.
- Made the XML_UNICODE builds usable (thanks, Karl!).
- Allow xmlwf to read from standard input.
- Install a man page for xmlwf on Unix systems.
- Fixed many bugs; see SF bug reports #231864, #461380, #464837,
#466885, #469226, #477667, #484419, #487840, #494749, #496505,
#547350. Other bugs which we can't test as easily may also
2002-08-29 12:48:01 -04:00
have been fixed, especially in the area of build support.
Release 1.95.2 Fri Jul 27 2001
2002-08-29 12:48:01 -04:00
- More changes to make MSVC happy with the build; add a single
workspace to support both the library and xmlwf application.
- Added a Windows installer for Windows users; includes
xmlwf.exe.
- Added compile-time constants that can be used to determine the
Expat version
- Removed a lot of GNU-specific dependencies to aide portability
among the various Unix flavors.
- Fix the UTF-8 BOM bug.
- Cleaned up warning messages for several compilers.
- Added the -Wall, -Wstrict-prototypes options for GCC.
Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
2002-08-29 12:48:01 -04:00
- Changes to get expat to build under Microsoft compiler
- Removed all aborts and instead return an UNEXPECTED_STATE error.
- Fixed a bug where a stray '%' in an entity value would cause an
abort.
- Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
finding this oversight.
- Changed default patterns in lib/Makefile.in to fit non-GNU makes
Thanks to robin@unrated.net for reporting and providing an
account to test on.
- The reference had the wrong label for XML_SetStartNamespaceDecl.
Reported by an anonymous user.
Release 1.95.0 Fri Sep 29 2000
2002-08-29 12:48:01 -04:00
- XML_ParserCreate_MM
Allows you to set a memory management suite to replace the
standard malloc,realloc, and free.
- XML_SetReturnNSTriplet
If you turn this feature on when namespace processing is in
effect, then qualified, prefixed element and attribute names
are returned as "uri|name|prefix" where '|' is whatever
separator character is used in namespace processing.
- Merged in features from perl-expat
o XML_SetElementDeclHandler
o XML_SetAttlistDeclHandler
o XML_SetXmlDeclHandler
o XML_SetEntityDeclHandler
o StartDoctypeDeclHandler takes 3 additional parameters:
sysid, pubid, has_internal_subset
o Many paired handler setters (like XML_SetElementHandler)
now have corresponding individual handler setters
o XML_GetInputContext for getting the input context of
the current parse position.
- Added reference material
- Packaged into a distribution that builds a sharable library