libexpat/htdocs/index.html
Sebastian Pipping 56ceae7046 Sync change log
2016-03-28 22:23:43 +02:00

382 lines
16 KiB
HTML

<html>
<head>
<title>The Expat XML Parser</title>
<link rel="STYLESHEET" href="style.css" type="text/css" />
</head>
<body marginwidth="0" marginheight="0">
<table cellspacing="0" cellpadding="0" width="100%">
<tr>
<td class="corner"><img src="expat.png" alt="(Expat logo)" /></td>
<td class="banner"><h2>The Expat XML Parser</h2></td>
</tr>
<tr>
<td class="navbar"></td>
<td class="content">
<p>Expat is an XML parser library written in C. It is a
stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).
An <a href="http://www.xml.com/pub/1999/09/expat/index.html"
>introductory article</a> on using Expat is available on
<a href="http://www.xml.com/">xml.com</a>.</p>
<ul>
<li>
<a href="http://sourceforge.net/projects/expat/"
>Expat project page (includes downloads)</a></li>
<li>
<a href="https://sourceforge.net/p/expat/mailman/"
>Mailing lists</a></li>
<li>
<a href="#wrappers"
>3rd-party wrappers (SAX, DOM, other language bindings)</a></li>
<li>
<a href="https://sourceforge.net/p/expat/code_git/ci/master/tree/"
>Git repository</a>
</li>
<li>
(<a href="dev/cvs.html"
>CVS repository</a>
(<a href="http://expat.cvs.sourceforge.net"
>browse online</a>))</li>
<li>
<a href="https://sourceforge.net/p/expat/bugs/"
>Bug reports</a></li>
<li>
<a href="dev/">Notes for Expat maintainers</a></li>
</ul>
<p>This project aims to maintain Expat for both current and future
users while improving the API to allow more reliable and robust access
from "scripting" languages such as Python and Perl. We invite the
community to participate on the mailing lists to help shape the future
of Expat.</p>
<h3 id="news">News</h3>
<dl>
<dt><em>???</em>,
Expat ??? released.
</dt>
<dd><p>Release ??? includes security &amp; other bug fixes.</p>
<h4>Security fixes</h4>
<ul>
<li>Use more entropy for hash initialization
(<a href="https://sourceforge.net/p/expat/bugs/499/">bug 499</a>)</li>
<li>Resolve troublesome internal call to srand
(<a href="https://sourceforge.net/p/expat/bugs/519/">bug 519</a>)</li>
</ul>
<h4>Other changes</h4>
<ul>
<li>Fix compilation for Visual Studio 2010
(<a href="https://sourceforge.net/p/expat/bugs/532/">bug 532</a>)</li>
<li>Fix static build (<code>BUILD_shared=OFF</code>) with CMake on Windows
(<a href="https://sourceforge.net/p/expat/patches/90/">patch 90</a>)</li>
<li>Remove executable flag from source files</li>
<li>Address some compile warnings</li>
<ul>
</dd>
<dt><em>12 March 2016</em>,
Expat 2.1.1 released.
</dt>
<dd><p>Release 2.1.1 includes security &amp; other bug fixes.</p>
<h4>Security fixes</h4>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283">CVE-2015-1283</a>
&mdash;
Multiple integer overflows in the <code>XML_GetBuffer</code> function
(<a href="https://sourceforge.net/p/expat/bugs/528/">bug 528</a>)</li>
</ul>
<h4>Bug fixes</h4>
<ul>
<li>Fix potential null pointer dereference
(<a href="https://sourceforge.net/p/expat/bugs/520/">bug 502</a>)</li>
<li>Symbol <code>XML_SetHashSalt</code> was not exported
(<a href="https://sourceforge.net/p/expat/bugs/520/">bug 520</a>)</li>
<li>Output of <code>xmlwf -h</code> was incomplete</li>
</ul>
<h4>Other changes</h4>
<ul>
<li>Document behavior of calling <code>XML_SetHashSalt</code> with salt <code>0</code>
(<a href="https://sourceforge.net/p/expat/bugs/503/">bug 503</a>)</li>
<li>Minor improvements to man page <code>xmlwf(1)</code></li>
<li>Improvements to the <em>experimental</em> CMake build system</li>
<li>libtool now invoked with <code>--verbose</code></li>
</ul>
</dd>
<dt><em>24 March 2012</em>,
Expat 2.1.0 released.
</dt>
<dd><p>Release 2.1.0 includes security &amp; other bug fixes, new
features, and updated build support.</p>
<h4>Security fixes</h4>
<ul>
<li>Memory leak in poolGrow (<a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148"
>CVE-2012-1148</a>)</li>
<li>Resource leak in readfilemap.c (<a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1147"
>CVE-2012-1147</a>)</li>
<li>Hash DOS attack (<a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876"
>CVE-2012-0876</a>)</li>
<li>Buffer over-read and crash in big2_toUtf8 (<a
href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3560"
>CVE-2009-3560</a>)</li>
<li>Parser crash with special UTF-8 sequences (<a
href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3720"
>CVE-2009-3270</a>)</li>
</ul>
<h4>New features</h4>
<ul>
<li>Added function XML_SetHashSalt that allows setting an initial
value (salt) for hash calculations (part of the fix for bug <a
href="https://sourceforge.net/tracker/?func=detail&aid=3496608&group_id=10127&atid=110127"
>3496608</a>).
<li>When compiled with XML_ATTR_INFO defined, adds new API member
XML_GetAttributeInfo() that allows retrieving the byte offsets
for attribute names and values (patch <a
href="https://sourceforge.net/tracker/?func=detail&aid=3446384&group_id=10127&atid=310127"
>3446384</a>).</li>
<li>Added CMake build system (bug <a
href="https://sourceforge.net/tracker/?func=detail&aid=2990652&group_id=10127&atid=110127"
>2990652</a>, patch <a
href="https://sourceforge.net/tracker/?func=detail&aid=3312568&group_id=10127&atid=310127"
>3312568</a>).</li>
<li>Added run-benchmark target to Makefile.in - relies on testdata
module present in the same relative location as in the repository.
</li>
</ul>
<h4>Bug fixes</h4>
<ul>
<li>Harmful XML_ParserCreateNS suggestion (<a
href="https://sourceforge.net/tracker/?func=detail&aid=1742315&group_id=10127&atid=110127"
>1742315</a>)</li>
<li>CVE-2012-1147 - Resource leak in readfilemap.c (<a
href="https://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127"
>2895533</a>)</li>
<li>Expat build fails on linux-amd64 with gcc version&gt;=4.1 -O3 (<a
href="https://sourceforge.net/tracker/?func=detail&aid=1785430&group_id=10127&atid=110127"
>1785430</a>)</li>
<li>Build modifications using autoreconf instead of buildconf.sh (<a
href="https://sourceforge.net/tracker/?func=detail&aid=1983953&group_id=10127&atid=110127"
>1983953</a>, <a
href="https://sourceforge.net/tracker/?func=detail&aid=2517952&group_id=10127&atid=110127"
>2517952</a>, <a
href="https://sourceforge.net/tracker/?func=detail&aid=2517962&group_id=10127&atid=110127"
>2517962</a>, <a
href="https://sourceforge.net/tracker/?func=detail&aid=2649838&group_id=10127&atid=110127"
>2649838</a>)</li>
<li>OBJEXT and EXEEXT support while building (<a
href="https://sourceforge.net/tracker/?func=detail&aid=2815947&group_id=10127&atid=110127"
>2815947</a>, <a
href="https://sourceforge.net/tracker/?func=detail&aid=2884086&group_id=10127&atid=110127"
>2884086</a>)</li>
<li>CVE-2009-3720 - Parser crash with special UTF-8 sequences (<a
href="https://sourceforge.net/tracker/?func=detail&aid=1990430&group_id=10127&atid=110127"
>1990430</a>)</li>
<li>xmlwf should return non-zero exit status if not well-formed (<a
href="https://sourceforge.net/tracker/?func=detail&aid=2517938&group_id=10127&atid=110127"
>2517938</a>)</li>
<li>Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml (<a
href="https://sourceforge.net/tracker/?func=detail&aid=2517946&group_id=10127&atid=110127"
>2517946</a>)</li>
<li>Dangling positionPtr after error (<a
href="https://sourceforge.net/tracker/?func=detail&aid=2855609&group_id=10127&atid=110127"
>2855609</a>)</li>
<li>CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8() (<a
href="https://sourceforge.net/tracker/?func=detail&aid=2894085&group_id=10127&atid=110127"
>2894085</a>)</li>
<li>CVE-2012-1148 - Memory leak in poolGrow (<a
href="https://sourceforge.net/tracker/?func=detail&aid=2958794&group_id=10127&atid=110127"
>2958794</a>)</li>
<li>UNEXPECTED_STATE with a trailing "%" in entity value (<a
href="https://sourceforge.net/tracker/?func=detail&aid=3010819&group_id=10127&atid=110127"
>3010819</a>)</li>
<li>Unitialized memory returned from XML_Parse (<a
href="https://sourceforge.net/tracker/?func=detail&aid=3206497&group_id=10127&atid=110127"
>3206497</a>)</li>
<li>make check fails on mingw-w64 (<a
href="https://sourceforge.net/tracker/?func=detail&aid=87849&group_id=10127&atid=110127"
>87849</a>)</li>
</ul>
</dd>
</dl>
<dl>
<dt><em>5 June 2007</em>,
Expat 2.0.1 released.
</dt>
<dd><p>Release 2.0.1 of the Expat XML parser is a bugfix release
resolving both code and build related issues. Changes include:
<ul>
<li>Fixed: The character data handler's calling of XML_StopParser()
was not handled properly; if the parser was stopped and the handler
set to NULL, the parser would segfault.</li>
<li>Fixed: Expat failed on EBCDIC systems as it assumed some character
constants to be ASCII encoded.</li>
<li>Minor cleanups of the test harness.</li>
<li>Minor fixes for xmlwf and example programs.</li>
<li>Fixes and improvements for the Windows platform.
New Windows directory structure.</li>
<li>Build fixes for various platforms: HP-UX, Tru64, Solaris 9.</li>
<li>Build fixes for Unix:<br/>
- Refreshed config.sub/config.guess.<br/>
- Support both, DESTDIR and INSTALL_ROOT, without relying on GNU-Make specific features.<br/>
- Patched configure.in to work better with Intel compiler.<br/>
- Fixes to Makefile.in to have make check work correctly.</li>
<li>Added Open Watcom support.</li>
</ul>
</p></dd>
</dl>
<dl>
<dt><em>11 January 2006</em>,
Expat 2.0.0 released.
</dt>
<dd><p>Release 2.0.0 of the Expat XML parser is the end point of the
1.95.X series of releases. The goal was to solidify and stabilize
the implementation of the given API, to add desirable features as
long as they fit with the API, and to keep the API backwards compatible
if extensions were required. Changes include:
<ul><li>Fixed headers for use from C++.</li>
<li>XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber()
now return unsigned integers.</li>
<li>Added XML_LARGE_SIZE switch to enable 64-bit integers for
byte indexes and line/column numbers.</li>
<li>Added support for AmigaOS.</li>
<li>Some mostly minor bug fixes. SF issues include: 1006708,
1021776, 1023646, 1114960, 1156398, 1221160, 1271642.</li>
</ul>
</p></dd>
</dl>
<p><a href="oldnews.html">Old news archive</a></p>
<h3 id="wrappers">References &amp; 3rd-party Wrappers</h3>
<p>If you know of any additional articles or resources which should be
linked to from this page, please send email to <a
href="mailto:fdrake@acm.org">Fred Drake (fdrake&#64;acm.org)</a>.
We're especially interested in links to tutorial information and open
source interfaces to Expat from languages other than C.</p>
<ul>
<li>
<a href="http://www.jclark.com/xml/expat.html"
>James Clark's original Expat page</a>, for Expat 1.2 and
earlier</li>
<li>
<a href="http://www.xml.com/pub/1999/09/expat/index.html"
>Introductory article</a> on using Expat on
<a href="http://www.xml.com/">xml.com</a></li>
<li>
<a href="http://www.keplerproject.org/luaexpat/">LuaExpat</a> is a
wrapper around Expat for the <a href="http://www.lua.org/">Lua</a>
programming language. The <a href=
"http://www.keplerproject.org/luasoap/">LuaSOAP</a> library is a <a
href="http://xml.coverpages.org/soap.html">SOAP</a> implementation
built on top of <a href= "http://www.keplerproject.org/luaexpat/"
>LuaExpat</a>.</li>
<li>
Perl's <code>XML::Parser</code> module is a wrapper built around a
binding to Expat in the <code>XML::Parser::Expat</code> module.</li>
<li>
<a href="http://www.python.org/doc/current/lib/module-xml.parsers.expat.html"
>Documentation for the Python interface to Expat</a>, part of the
standard documentation for Python.</li>
<li>
<a href="http://saxdotnet.sourceforge.net/saxexpat.html"
>SAXExpat.NET</a>, a <a href="http://www.microsoft.com/net/">.NET</a>
wrapper for Expat, conforming to the
<a href="http://saxdotnet.sourceforge.net">SAX for .NET</a> specifications.</li>
<li>
The <a href="http://www.nongnu.org/scew/">Simple C Expat Wrapper</a>
is a wrapper around Expat that provides a light-weight object model
somewhat like a DOM.</li>
<!-- Alex Conchillo Flaque: aconchillo at acm.org -->
<li>
<em><a href="http://www.codeproject.com/soap/expatimpl.asp"
title="C++ Wrappers for the Expat XML Parser">C++ Wrappers
for the Expat XML Parser</a></em>, an article by Tim Smith
providing object-oriented wrappers for Expat. The wrappers use
some MFC-biased naming, but look interesting.</li>
<li>
<a href="http://www.jezuk.co.uk/cgi-bin/view/arabica" title="Arabica"
>Arabica</a> -- an XML Parser toolkit for C++ programmers, with
SAX2 implementations based on several parsers, including Expat.</li>
<li>
<a href="http://devzone.intellitree.com/projects/expatmm/"
>ExpatMM -- C++ interface to Expat</a></li>
<li>
<a href="http://sourceforge.net/projects/kdsxml"
>SAX2 Wrapper for using Expat in Delphi,</a>
based on
<a href="http://saxforpascal.sourceforge.net"
>"SAX for Pascal"</a>
interface specs</li>
<li>
The <a href="http://tclxml.sourceforge.net/"
>TclXML project</a> includes a <a href="http://tcl.activestate.com/"
>Tcl</a> binding for Expat</li>
<li>
<a href="http://www.tdom.org/"
>tDOM</a> is an alternate package providing XML support for <a
href="http://tcl.activestate.com/" >Tcl</a>, based in part on
Expat.</li>
<li>
<a href="http://www.phpbuilder.com/columns/justin20000428.php3"
>Article on using Expat from PHP</a> on
<a href="http://www.phpbuilder.com/">&lt;?PHPBuilder?&gt;</a>
<br />(broken into lots of tiny pieces)</li>
<li>
<a href="http://expatobjc.sourceforge.net/"
>Objective-C interface to Expat</a></li>
<li>
<a href="http://www.xs4all.nl/~mmzeeman/ocaml/">OCaml Expat</a> is a
wrapper around Expat for the <a href="http://www.ocaml.org"
>Objective Caml</a> language.</li>
<li>
<a href="http://www.yoshidam.net/Ruby.html#xmlparser"
>Ruby interface to Expat</a></li>
<li>
<a href="http://www.latenightsw.com/freeware/XMLTools2/">XML Tools
2</a> is an AppleScript scripting addition that allows AppleScript
applications to work with XML data; it is based on Expat.</li>
<li>
<a href="http://www.simkin.co.uk/">Simkin</a> is an open source
scripting language available under the GNU LGPL. It can be embedded
in XML and supports a DOM-like API backed by Expat.</li>
<li>
<a href="http://easysoap.sourceforge.net/">EasySoap</a> is a C++
SOAP implementation which uses Expat.</li>
<li>
<a href=
"http://www.codepedia.com/wiki/display.aspx?WikiID=1&amp;pagename=thunks"
>A discussion</a> of another way to manage stateful callbacks, using
Expat as a sample library.</li>
<li>
The <a href="http://sourceforge.net/projects/gobo-eiffel/">GOBO
project</a> is working on an Eiffel binding for Expat. Development
is active and the package is fully supported in GOBO 3.0 and 3.1,
though there isn't much status information about the Expat bindings
on the website. (Most activity is reportedly on the relevant
mailing lists.)</li>
<li>
<a href="http://www.mitchenall.com/expat4d">Expat4D</a> is a plug-in
for the <a href="http://www.4duk.com/">4th Dimension</a> application
framework.</li>
</ul>
</td>
</tr>
<tr>
<td class="corner">
<a href="http://sourceforge.net">
<img src="http://sflogo.sourceforge.net/sflogo.php?group_id=10127&amp;type=2"
width="125" height="37" border="0" alt="SourceForge.net Logo" />
</a>
</td>
</tr>
</table>
</body>
</html>