aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/libs/expat
diff options
context:
space:
mode:
authorarcadia-devtools <arcadia-devtools@yandex-team.ru>2022-02-21 13:09:08 +0300
committerarcadia-devtools <arcadia-devtools@yandex-team.ru>2022-02-21 13:09:08 +0300
commitb99d6e954b74694820a0964402003eb9f14da4de (patch)
tree8814902312bae587822187234b721ef2d9675cf9 /contrib/libs/expat
parent96a6a371c53651ccfd7dfdc87fe354cf23de9b5c (diff)
downloadydb-b99d6e954b74694820a0964402003eb9f14da4de.tar.gz
intermediate changes
ref:ff022ac951849edb1ef2cc274bf6c1c6863144a1
Diffstat (limited to 'contrib/libs/expat')
-rw-r--r--contrib/libs/expat/Changes1064
1 files changed, 1064 insertions, 0 deletions
diff --git a/contrib/libs/expat/Changes b/contrib/libs/expat/Changes
new file mode 100644
index 0000000000..9c1b5c7bc2
--- /dev/null
+++ b/contrib/libs/expat/Changes
@@ -0,0 +1,1064 @@
+NOTE: We are looking for help with a few things:
+ https://github.com/libexpat/libexpat/labels/help%20wanted
+ If you can help, please get in touch. Thanks!
+
+Release 2.4.4 Sun January 30 2022
+ Security fixes:
+ #550 CVE-2022-23852 -- Fix signed integer overflow
+ (undefined behavior) in function XML_GetBuffer
+ (that is also called by function XML_Parse internally)
+ for when XML_CONTEXT_BYTES is defined to >0 (which is both
+ common and default).
+ Impact is denial of service or more.
+ #551 CVE-2022-23990 -- Fix unsigned integer overflow in function
+ doProlog triggered by large content in element type
+ declarations when there is an element declaration handler
+ present (from a prior call to XML_SetElementDeclHandler).
+ Impact is denial of service or more.
+
+ Bug fixes:
+ #544 #545 xmlwf: Fix a memory leak on output file opening error
+
+ Other changes:
+ #546 Autotools: Fix broken CMake support under Cygwin
+ #554 Windows: Add missing files to the installer to fix
+ compilation with CMake from installed sources
+ #552 #554 Version info bumped from 9:3:8 to 9:4:8;
+ see https://verbump.de/ for what these numbers do
+
+ Special thanks to:
+ Carlo Bramini
+ hwt0415
+ Roland Illig
+ Samanta Navarro
+ and
+ Clang LeakSan and the Clang team
+
+Release 2.4.3 Sun January 16 2022
+ Security fixes:
+ #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
+ resulting in
+ a) realloc acting as free
+ b) realloc allocating too few bytes
+ c) undefined behavior
+ depending on architecture and precise value
+ for XML documents with >=2^27+1 prefixed attributes
+ on a single XML tag a la
+ "<r xmlns:a='[..]' a:a123='[..]' [..] />"
+ where XML_ParserCreateNS is used to create the parser
+ (which needs argument "-n" when running xmlwf).
+ Impact is denial of service, or more.
+ #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
+ on variable m_groupSize in function doProlog leading
+ to realloc acting as free.
+ Impact is denial of service or more.
+ #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
+ near memory allocation at multiple places. Mitre assigned
+ a dedicated CVE for each involved internal C function:
+ - CVE-2022-22822 for function addBinding
+ - CVE-2022-22823 for function build_model
+ - CVE-2022-22824 for function defineAttribute
+ - CVE-2022-22825 for function lookup
+ - CVE-2022-22826 for function nextScaffoldPart
+ - CVE-2022-22827 for function storeAtts
+ Impact is denial of service or more.
+
+ Other changes:
+ #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19
+ #541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
+ and MSYS2 by not going through Wine on these platforms
+ #527 #528 Address compiler warnings
+ #533 #543 Version info bumped from 9:2:8 to 9:3:8;
+ see https://verbump.de/ for what these numbers do
+
+ Infrastructure:
+ #536 CI: Check for realistic minimum CMake version
+ #529 #539 CI: Cover compilation with -m32
+ #529 CI: Store coverage reports as artifacts for download
+ #528 CI: Upgrade Clang from 11 to 13
+
+ Special thanks to:
+ An anonymous whitehat
+ Christopher Degawa
+ J. Peter Mugaas
+ Tyson Smith
+ and
+ GCC Farm Project
+ Trend Micro Zero Day Initiative
+
+Release 2.4.2 Sun December 19 2021
+ Other changes:
+ #509 #510 Link againgst libm for function "isnan"
+ #513 #514 Include expat_config.h as early as possible
+ #498 Autotools: Include files with release archives:
+ - buildconf.sh
+ - fuzz/*.c
+ #507 #519 Autotools: Sync CMake templates
+ #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for
+ - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
+ - multi-config CMake generators (e.g. Ninja Multi-Config)
+ #502 #503 docs: Document that function XML_GetBuffer may return NULL
+ when asking for a buffer of 0 (zero) bytes size
+ #522 #523 docs: Fix return value docs for both
+ XML_SetBillionLaughsAttackProtection* functions
+ #525 #526 Version info bumped from 9:1:8 to 9:2:8;
+ see https://verbump.de/ for what these numbers do
+
+ Special thanks to:
+ Dong-hee Na
+ Joergen Ibsen
+ Kai Pastor
+
+Release 2.4.1 Sun May 23 2021
+ Bug fixes:
+ #488 #490 Autotools: Fix installed header expat_config.h for multilib
+ systems; regression introduced in 2.4.0 by pull request #486
+
+ Other changes:
+ #491 #492 Version info bumped from 9:0:8 to 9:1:8;
+ see https://verbump.de/ for what these numbers do
+
+ Special thanks to:
+ Gentoo's QA check "multilib_check_headers"
+
+Release 2.4.0 Sun May 23 2021
+ Security fixes:
+ #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
+ (denial-of-service; flavors targeting CPU time or RAM or both,
+ leveraging general entities or parameter entities or both)
+ by tracking and limiting the input amplification factor
+ (<amplification> := (<direct> + <indirect>) / <direct>).
+ By conservative default, amplification up to a factor of 100.0
+ is tolerated and rejection only starts after 8 MiB of output bytes
+ (=<direct> + <indirect>) have been processed.
+ The fix adds the following to the API:
+ - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
+ signals this specific condition.
+ - Two new API functions ..
+ - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
+ - XML_SetBillionLaughsAttackProtectionActivationThreshold
+ .. to further tighten billion laughs protection parameters
+ when desired. Please see file "doc/reference.html" for details.
+ If you ever need to increase the defaults for non-attack XML
+ payload, please file a bug report with libexpat.
+ - Two new XML_FEATURE_* constants ..
+ - that can be queried using the XML_GetFeatureList function, and
+ - that are shown in "xmlwf -v" output.
+ - Two new environment variable switches ..
+ - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
+ - EXPAT_ENTITY_DEBUG=(0|1)
+ .. for runtime debugging of accounting and entity processing.
+ Specific behavior of these values may change in the future.
+ - Two new command line arguments "-a FACTOR" and "-b BYTES"
+ for xmlwf to further tighten billion laughs protection
+ parameters when desired.
+ If you ever need to increase the defaults for non-attack XML
+ payload, please file a bug report with libexpat.
+
+ Bug fixes:
+ #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
+ or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
+ for UTF-16 payloads containing CDATA sections.
+ #485 #486 Autotools: Fix generated CMake files for non-64bit and
+ non-Linux platforms (e.g. macOS and MinGW in particular)
+ that were introduced with release 2.3.0
+
+ Other changes:
+ #468 #469 xmlwf: Improve help output and the xmlwf man page
+ #463 xmlwf: Improve maintainability through some refactoring
+ #477 xmlwf: Fix man page DocBook validity
+ #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
+ and CMAKE_INSTALL_INCLUDEDIR
+ #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS
+ #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
+ #467 Resolve macro HAVE_EXPAT_CONFIG_H
+ #472 Delete unused legacy helper file "conftools/PrintPath"
+ #473 #483 Improve attribution
+ #464 #465 #477 doc/reference.html: Fix XHTML validity
+ #475 #478 doc/reference.html: Replace the 90s look by OK.css
+ #479 Version info bumped from 8:0:7 to 9:0:8
+ due to addition of new symbols and error codes;
+ see https://verbump.de/ for what these numbers do
+
+ Infrastructure:
+ #456 CI: Enable periodic runs
+ #457 CI: Start covering the list of exported symbols
+ #474 CI: Isolate coverage task
+ #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04"
+ #477 CI: Cover well-formedness and DocBook/XHTML validity
+ of doc/reference.html and doc/xmlwf.xml
+
+ Special thanks to:
+ Dimitry Andric
+ Eero Helenius
+ Nick Wellnhofer
+ Rhodri James
+ Tomas Korbar
+ Yury Gribov
+ and
+ Clang LeakSan
+ JetBrains
+ OSS-Fuzz
+
+Release 2.3.0 Thu March 25 2021
+ Bug fixes:
+ #438 When calling XML_ParseBuffer without a prior successful call to
+ XML_GetBuffer as a user, no longer trigger undefined behavior
+ (by adding an integer to a NULL pointer) but rather return
+ XML_STATUS_ERROR and set the error code to (new) code
+ XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
+ of Clang 11 (but not Clang 9).
+ #444 xmlwf: Exit status 2 was used for both:
+ - malformed input files (documented) and
+ - invalid command-line arguments (undocumented).
+ The case of invalid command-line arguments now
+ has its own exit status 4, resolving the ambiguity.
+
+ Other changes:
+ #439 xmlwf: Add argument -k to allow continuing after
+ non-fatal errors
+ #439 xmlwf: Add section about exit status to the -h help output
+ #422 #426 #447 Windows: Drop support for Visual Studio <=14.0/2015
+ #434 Windows: CMake: Detect unsupported Visual Studio at
+ configure time (rather than at compile time)
+ #382 #428 testrunner: Make verbose mode (argument "-v") report
+ about passed tests, and make default mode report about
+ failures, as well.
+ #442 CMake: Call "enable_language(CXX)" prior to tinkering
+ with CMAKE_CXX_* variables
+ #448 Document use of libexpat from a CMake-based project
+ #451 Autotools: Install CMake files as generated by CMake 3.19.6
+ so that users with "find_package(expat [..] CONFIG [..])"
+ are served on distributions that are *not* using the CMake
+ build system inside for libexpat packaging
+ #436 #437 Autotools: Drop obsolescent macro AC_HEADER_STDC
+ #450 #452 Autotools: Resolve use of obsolete macro AC_CONFIG_HEADER
+ #441 Address compiler warnings
+ #443 Version info bumped from 7:12:6 to 8:0:7
+ due to addition of error code XML_ERROR_NO_BUFFER
+ (see https://verbump.de/ for what these numbers do)
+
+ Infrastructure:
+ #435 #446 Replace Travis CI by GitHub Actions
+
+ Special thanks to:
+ Alexander Richardson
+ Oleksandr Popovych
+ Thomas Beutlich
+ Tim Bray
+ and
+ Clang LeakSan, Clang 11 UBSan and the Clang team
+
+Release 2.2.10 Sat October 3 2020
+ Bug fixes:
+ #390 #395 #398 Fix undefined behavior during parsing caused by
+ pointer arithmetic with NULL pointers
+ #404 #405 Fix reading uninitialized variable during parsing
+ #406 xmlwf: Add missing check for malloc NULL return
+
+ Other changes:
+ #396 Windows: Drop support for Visual Studio <=8.0/2005
+ #409 Windows: Add missing file "Changes" to the installer
+ to fix compilation with CMake from installed sources
+ #403 xmlwf: Document exit codes in xmlwf manpage and
+ exit with code 3 (rather than code 1) for output errors
+ when used with "-d DIRECTORY"
+ #356 #359 MinGW: Provide declaration of rand_s for mingwrt <5.3.0
+ #383 #392 Autotools: Use -Werror while configure tests the compiler
+ for supported compile flags to avoid false positives
+ #383 #393 #394 Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS,
+ e.g. ensure that they have the last word over flags added
+ while running ./configure
+ #360 CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
+ on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
+ #360 CMake: Detect and deny unsupported build combinations
+ involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
+ #360 CMake: Install pre-compiled shipped xmlwf.1 manpage in case
+ of -DEXPAT_BUILD_DOCS=OFF
+ #375 #380 #419 CMake: Fix use of Expat by means of add_subdirectory
+ #407 #408 CMake: Keep expat target name constant at "expat"
+ (i.e. refrain from using the target name to control
+ build artifact filenames)
+ #385 CMake: Fix compilation with -DEXPAT_SHARED_LIBS=OFF for
+ Windows
+ CMake: Expose man page compilation as target "xmlwf-manpage"
+ #413 #414 CMake: Introduce option EXPAT_BUILD_PKGCONFIG
+ to control generation of pkg-config file "expat.pc"
+ #424 CMake: Add minimalistic support for building binary packages
+ with CMake target "package"; based on CPack
+ #366 CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with
+ default OFF to build fuzzer code against OSS-Fuzz and
+ related environment variable LIB_FUZZING_ENGINE
+ #354 Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF, each
+ #354 #355 ..
+ #356 #412 Address compiler warnings
+ #368 #369 Address pngcheck warnings with doc/*.png images
+ #425 Version info bumped from 7:11:6 to 7:12:6
+
+ Special thanks to:
+ asavah
+ Ben Wagner
+ Bhargava Shastry
+ Frank Landgraf
+ Jeffrey Walton
+ Joe Orton
+ Kleber Tarcísio
+ Ma Lin
+ Maciej Sroczyński
+ Mohammed Khajapasha
+ Vadim Zeitlin
+ and
+ Cppcheck 2.0 and the Cppcheck team
+
+Release 2.2.9 Wed September 25 2019
+ Other changes:
+ examples: Drop executable bits from elements.c
+ #349 Windows: Change the name of the Windows DLLs from expat*.dll
+ to libexpat*.dll once more (regression from 2.2.8, first
+ fixed in 1.95.3, issue #61 on SourceForge today,
+ was issue #432456 back then); needs a fix due
+ case-insensitive file systems on Windows and the fact that
+ Perl's XML::Parser::Expat compiles into Expat.dll.
+ #347 Windows: Only define _CRT_RAND_S if not defined
+ Version info bumped from 7:10:6 to 7:11:6
+
+ Special thanks to:
+ Ben Wagner
+
+Release 2.2.8 Fri September 13 2019
+ Security fixes:
+ #317 #318 CVE-2019-15903 -- Fix heap overflow triggered by
+ XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
+ and deny internal entities closing the doctype;
+ fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
+
+ Bug fixes:
+ #240 Fix cases where XML_StopParser did not have any effect
+ when called from inside of an end element handler
+ #341 xmlwf: Fix exit code for operation without "-d DIRECTORY";
+ previously, only "-d DIRECTORY" would give you a proper
+ exit code:
+ # xmlwf -d . <<<'<not well-formed>' 2>/dev/null ; echo $?
+ 2
+ # xmlwf <<<'<not well-formed>' 2>/dev/null ; echo $?
+ 0
+ Now both cases return exit code 2.
+
+ Other changes:
+ #299 #302 Windows: Replace LoadLibrary hack to access
+ unofficial API function SystemFunction036 (RtlGenRandom)
+ by using official API function rand_s (needs WinXP+)
+ #325 Windows: Drop support for Visual Studio <=7.1/2003
+ and document supported compilers in README.md
+ #286 Windows: Remove COM code from xmlwf; in case it turns
+ out needed later, there will be a dedicated repository
+ below https://github.com/libexpat/ for that code
+ #322 Windows: Remove explicit MSVC solution and project files.
+ You can generate Visual Studio solution files through
+ CMake, e.g.: cmake -G"Visual Studio 15 2017" .
+ #338 xmlwf: Make "xmlwf -h" help output more friendly
+ #339 examples: Improve elements.c
+ #244 #264 Autotools: Add argument --enable-xml-attr-info
+ #239 #301 Autotools: Add arguments
+ --with-getrandom
+ --without-getrandom
+ --with-sys-getrandom
+ --without-sys-getrandom
+ #312 #343 Autotools: Fix linking issues with "./configure LD=clang"
+ Autotools: Fix "make run-xmltest" for out-of-source builds
+ #329 #336 CMake: Pull all options from Expat <=2.2.7 into namespace
+ prefix EXPAT_ with the exception of DOCBOOK_TO_MAN:
+ - BUILD_doc -> EXPAT_BUILD_DOCS (plural)
+ - BUILD_examples -> EXPAT_BUILD_EXAMPLES
+ - BUILD_shared -> EXPAT_SHARED_LIBS
+ - BUILD_tests -> EXPAT_BUILD_TESTS
+ - BUILD_tools -> EXPAT_BUILD_TOOLS
+ - DOCBOOK_TO_MAN -> DOCBOOK_TO_MAN (unchanged)
+ - INSTALL -> EXPAT_ENABLE_INSTALL
+ - MSVC_USE_STATIC_CRT -> EXPAT_MSVC_STATIC_CRT
+ - USE_libbsd -> EXPAT_WITH_LIBBSD
+ - WARNINGS_AS_ERRORS -> EXPAT_WARNINGS_AS_ERRORS
+ - XML_CONTEXT_BYTES -> EXPAT_CONTEXT_BYTES
+ - XML_DEV_URANDOM -> EXPAT_DEV_URANDOM
+ - XML_DTD -> EXPAT_DTD
+ - XML_NS -> EXPAT_NS
+ - XML_UNICODE -> EXPAT_CHAR_TYPE=ushort (!)
+ - XML_UNICODE_WCHAR_T -> EXPAT_CHAR_TYPE=wchar_t (!)
+ #244 #264 CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF),
+ default OFF
+ #326 CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF),
+ default OFF
+ #328 CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF),
+ default OFF
+ #239 #277 CMake: Add arguments
+ -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
+ -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
+ #326 CMake: Install expat_config.h to include directory
+ #326 CMake: Generate and install configuration files for
+ future find_package(expat [..] CONFIG [..])
+ CMake: Now produces a summary of applied configuration
+ CMake: Require C++ compiler only when tests are enabled
+ #330 CMake: Fix compilation for 16bit character types,
+ i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
+ #265 CMake: Fix linking with MinGW
+ #330 CMake: Add full support for MinGW; to enable, use
+ -DCMAKE_TOOLCHAIN_FILE=[expat]/cmake/mingw-toolchain.cmake
+ #330 CMake: Port "make run-xmltest" from GNU Autotools to CMake
+ #316 CMake: Windows: Make binary postfix match MSVC
+ Old: expat[d].lib
+ New: expat[w][d][MD|MT].lib
+ CMake: Migrate files from Windows to Unix line endings
+ #308 CMake: Integrate OSS-Fuzz fuzzers, option
+ -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
+ #14 Drop an OpenVMS support leftover
+ #235 #268 ..
+ #270 #310 ..
+ #313 #331 #333 Address compiler warnings
+ #282 #283 ..
+ #284 #285 Address cppcheck warnings
+ #294 #295 Address Clang Static Analyzer warnings
+ #24 #293 Mass-apply clang-format 9 (and ensure conformance during CI)
+ Version info bumped from 7:9:6 to 7:10:6
+
+ Special thanks to:
+ David Loffredo
+ Joonun Jang
+ Kishore Kunche
+ Marco Maggi
+ Mitch Phillips
+ Mohammed Khajapasha
+ Rolf Ade
+ xantares
+ Zhongyuan Zhou
+
+Release 2.2.7 Wed June 19 2019
+ Security fixes:
+ #186 #262 CVE-2018-20843 -- Fix extraction of namespace prefixes from
+ XML names; XML names with multiple colons could end up in
+ the wrong namespace, and take a high amount of RAM and CPU
+ resources while processing, opening the door to
+ use for denial-of-service attacks
+
+ Other changes:
+ #195 #197 Autotools/CMake: Utilize -fvisibility=hidden to stop
+ exporting non-API symbols
+ #227 Autotools: Add --without-examples and --without-tests
+ #228 Autotools: Modernize configure.ac
+ #245 #246 Autotools: Fix check for -fvisibility=hidden for Clang
+ #247 #248 Autotools: Fix compilation for lack of docbook2x-man
+ #236 #258 Autotools: Produce .tar.{gz,lz,xz} release archives
+ #212 CMake: Make libdir of pkgconfig expat.pc support multilib
+ #158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
+ #219 Remove fallback to bcopy, assume that memmove(3) exists
+ #257 Use portable "/usr/bin/env bash" shebang (e.g. for OpenBSD)
+ #243 Windows: Fix syntax of .def module definition files
+ Version info bumped from 7:8:6 to 7:9:6
+
+ Special thanks to:
+ Benjamin Peterson
+ Caolán McNamara
+ Hanno Böck
+ KangLin
+ Kishore Kunche
+ Marco Maggi
+ Rhodri James
+ Sebastian Dröge
+ userwithuid
+ Yury Gribov
+
+Release 2.2.6 Sun August 12 2018
+ Bug fixes:
+ #170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer
+ #204 #205 Fix 2.2.5 regression with suspend-resume while parsing
+ a document like '<root/>'
+
+ Other changes:
+ #165 #168 Autotools: Fix docbook-related configure syntax error
+ #166 Autotools: Avoid grep option `-q` for Solaris
+ #167 Autotools: Support
+ ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
+ #159 #167 Autotools: Support DOCBOOK_TO_MAN command which produces
+ xmlwf.1 rather than XMLWF.1; also covers case insensitive
+ file systems
+ #181 Autotools: Drop -rpath option passed to libtool
+ #188 Autotools: Detect and deny SGML docbook2man as ours is XML
+ #188 Autotools/CMake: Support command db2x_docbook2man as well
+ #174 CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
+ #184 #185 CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
+ #207 #208 CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
+ both defaulting to OFF
+ #175 CMake: Prefer check_symbol_exists over check_function_exists
+ #176 CMake: Create the same pkg-config file as with GNU Autotools
+ #178 #179 CMake: Use GNUInstallDirs module to set proper defaults for
+ install directories
+ #208 CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
+ #180 Windows: Fix compilation of test suite for Visual Studio 2008
+ #131 #173 #202 Address compiler warnings
+ #187 #190 #200 Fix miscellaneous typos
+ Version info bumped from 7:7:6 to 7:8:6
+
+ Special thanks to:
+ Anton Maklakov
+ Benjamin Peterson
+ Brad King
+ Franek Korta
+ Frank Rast
+ Joe Orton
+ luzpaz
+ Pedro Vicente
+ Rainer Jung
+ Rhodri James
+ Rolf Ade
+ Rolf Eike Beer
+ Thomas Beutlich
+ Tomasz Kłoczko
+
+Release 2.2.5 Tue October 31 2017
+ Bug fixes:
+ #8 If the parser runs out of memory, make sure its internal
+ state reflects the memory it actually has, not the memory
+ it wanted to have.
+ #11 The default handler wasn't being called when it should for
+ a SYSTEM or PUBLIC doctype if an entity declaration handler
+ was registered.
+ #137 #138 Fix a case of mistakenly reported parsing success where
+ XML_StopParser was called from an element handler
+ #162 Function XML_ErrorString was returning NULL rather than
+ a message for code XML_ERROR_INVALID_ARGUMENT
+ introduced with release 2.2.1
+
+ Other changes:
+ #106 xmlwf: Add argument -N adding notation declarations
+ #75 #106 Test suite: Resolve expected failure cases where xmlwf
+ output was incomplete
+ #127 Windows: Fix test suite compilation
+ #126 #127 Windows: Fix compilation for Visual Studio 2012
+ Windows: Upgrade shipped project files to Visual Studio 2017
+ #33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
+ #129 examples: Fix compilation for XML_UNICODE_WCHAR_T
+ #130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T
+ #144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
+ Windows or MinGW for 2-byte wchar_t
+ #9 Address two Clang Static Analyzer false positives
+ #59 Resolve troublesome macros hiding parser struct membership
+ and dereferencing that pointer
+ #6 Resolve superfluous internal malloc/realloc switch
+ #153 #155 Improve docbook2x-man detection
+ #160 Undefine NDEBUG in the test suite (rather than rejecting it)
+ #161 Address compiler warnings
+ Version info bumped from 7:6:6 to 7:7:6
+
+ Special thanks to:
+ Benbuck Nason
+ Hans Wennborg
+ José Gutiérrez de la Concha
+ Pedro Monreal Gonzalez
+ Rhodri James
+ Rolf Ade
+ Stephen Groat
+ and
+ Core Infrastructure Initiative
+
+Release 2.2.4 Sat August 19 2017
+ Bug fixes:
+ #115 Fix copying of partial characters for UTF-8 input
+
+ Other changes:
+ #109 Fix "make check" for non-x86 architectures that default
+ to unsigned type char (-128..127 rather than 0..255)
+ #109 coverage.sh: Cover -funsigned-char
+ Autotools: Introduce --without-xmlwf argument
+ #65 Autotools: Replace handwritten Makefile with GNU Automake
+ #43 CMake: Auto-detect high quality entropy extractors, add new
+ option USE_libbsd=ON to use arc4random_buf of libbsd
+ #74 CMake: Add -fno-strict-aliasing only where supported
+ #114 CMake: Always honor manually set BUILD_* options
+ #114 CMake: Compile man page if docbook2x-man is available, only
+ #117 Include file tests/xmltest.log.expected in source tarball
+ (required for "make run-xmltest")
+ #117 Include (existing) Visual Studio 2013 files in source tarball
+ Improve test suite error output
+ #111 Fix some typos in documentation
+ Version info bumped from 7:5:6 to 7:6:6
+
+ Special thanks to:
+ Jakub Wilk
+ Joe Orton
+ Lin Tian
+ Rolf Eike Beer
+
+Release 2.2.3 Wed August 2 2017
+ Security fixes:
+ #82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
+ using Steve Holme's LoadLibrary wrapper for/of cURL
+
+ Bug fixes:
+ #85 Fix a dangling pointer issue related to realloc
+
+ Other changes:
+ Increase code coverage
+ #91 Linux: Allow getrandom to fail if nonblocking pool has not
+ yet been initialized and read /dev/urandom then, instead.
+ This is in line with what recent Python does.
+ #81 Pre-10.7/Lion macOS: Support entropy from arc4random
+ #86 Check that a UTF-16 encoding in an XML declaration has the
+ right endianness
+ #4 #5 #7 Recover correctly when some reallocations fail
+ Repair "./configure && make" for systems without any
+ provider of high quality entropy
+ and try reading /dev/urandom on those
+ Ensure that user-defined character encodings have converter
+ functions when they are needed
+ Fix mis-leading description of argument -c in xmlwf.1
+ Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
+ for CloudABI
+ #100 Fix use of SIPHASH_MAIN in siphash.h
+ #23 Test suite: Fix memory leaks
+ Version info bumped from 7:4:6 to 7:5:6
+
+ Special thanks to:
+ Chanho Park
+ Joe Orton
+ Pascal Cuoq
+ Rhodri James
+ Simon McVittie
+ Vadim Zeitlin
+ Viktor Szakats
+ and
+ Core Infrastructure Initiative
+
+Release 2.2.2 Wed July 12 2017
+ Security fixes:
+ #43 Protect against compilation without any source of high
+ quality entropy enabled, e.g. with CMake build system;
+ commit ff0207e6076e9828e536b8d9cd45c9c92069b895
+ #60 Windows with _UNICODE:
+ Unintended use of LoadLibraryW with a non-wide string
+ resulted in failure to load advapi32.dll and degradation
+ in quality of used entropy when compiled with _UNICODE for
+ Windows; you can launch existing binaries with
+ EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
+ quality of entropy used during runtime; commits
+ * 95b95032f907ef1cd17ee7a9a1768010a825d61d
+ * 73a5a2e9c081f49f2d775cf7ced864158b68dc80
+ [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
+ resulted in NULL dereference, previously;
+ commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
+
+ Bug fixes:
+ #69 Fix improper use of unsigned long long integer literals
+
+ Other changes:
+ #73 Start requiring a C99 compiler
+ #49 Fix "==" Bashism in configure script
+ #50 Fix too eager getrandom detection for Debian GNU/kFreeBSD
+ #52 and macOS
+ #51 Address lack of stdint.h in Visual Studio 2003 to 2008
+ #58 Address compile warnings
+ #68 Fix "./buildconf.sh && ./configure" for some versions
+ of Dash for /bin/sh
+ #72 CMake: Ease use of Expat in context of a parent project
+ with multiple CMakeLists.txt files
+ #72 CMake: Resolve mistaken executable permissions
+ #76 Address compile warning with -DNDEBUG (not recommended!)
+ #77 Address compile warning about macro redefinition
+
+ Special thanks to:
+ Alexander Bluhm
+ Ben Boeckel
+ Cătălin Răceanu
+ Kerin Millar
+ László Böszörményi
+ S. P. Zeidler
+ Segev Finer
+ Václav Slavík
+ Victor Stinner
+ Viktor Szakats
+ and
+ Radically Open Security
+
+Release 2.2.1 Sat June 17 2017
+ Security fixes:
+ CVE-2017-9233 -- External entity infinite loop DoS
+ Details: https://libexpat.github.io/doc/cve-2017-9233/
+ Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
+ [MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
+ d4f735b88d9932bd5039df2335eefdd0723dbe20
+ (Fixed version of existing downstream patches!)
+ (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
+ longer tag names; commits
+ * 896b6c1fd3b842f377d1b62135dccf0a579cf65d
+ * af507cef2c93cb8d40062a0abe43a4f4e9158fb2
+ #16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
+ #25 More integer overflow detection (function poolGrow); commits
+ * 810b74e4703dcfdd8f404e3cb177d44684775143
+ * 44178553f3539ce69d34abee77a05e879a7982ac
+ [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
+ * 4be2cb5afcc018d996f34bbbce6374b7befad47f
+ * 7e5b71b748491b6e459e5c9a1d090820f94544d8
+ [MOX-005] #30 Use high quality entropy for hash initialization:
+ * arc4random_buf on BSD, systems with libbsd
+ (when configured with --with-libbsd), CloudABI
+ * RtlGenRandom on Windows XP / Server 2003 and later
+ * getrandom on Linux 3.17+
+ In a way, that's still part of CVE-2016-5300.
+ https://github.com/libexpat/libexpat/pull/30/commits
+ [MOX-005] For the low quality entropy extraction fallback code,
+ the parser instance address can no longer leak, commit
+ 04ad658bd3079dd15cb60fc67087900f0ff4b083
+ [MOX-003] Prevent use of uninitialised variable; commit
+ [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
+ Add missing parameter validation to public API functions
+ and dedicated error code XML_ERROR_INVALID_ARGUMENT:
+ [MOX-006] * NULL checks; commits
+ * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
+ * 9ed727064b675b7180c98cb3d4f75efba6966681
+ * 6a747c837c50114dfa413994e07c0ba477be4534
+ * Negative length (XML_Parse); commit
+ [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
+ [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
+ to go further with fixing CVE-2012-0876.
+ https://github.com/libexpat/libexpat/pull/39/commits
+
+ Bug fixes:
+ #32 Fix sharing of hash salt across parsers;
+ relevant where XML_ExternalEntityParserCreate is called
+ prior to XML_Parse, in particular (e.g. FBReader)
+ #28 xmlwf: Auto-disable use of memory-mapping (and parsing
+ as a single chunk) for files larger than ~1 GB (2^30 bytes)
+ rather than failing with error "out of memory"
+ #3 Fix double free after malloc failure in DTD code; commit
+ 7ae9c3d3af433cd4defe95234eae7dc8ed15637f
+ #17 Fix memory leak on parser error for unbound XML attribute
+ prefix with new namespaces defined in the same tag;
+ found by Google's OSS-Fuzz; commits
+ * 16f87daae5a16132e479e4f71862128c7a915c73
+ * b47dbc9745932c160893d433220e462bd605f8cd
+ xmlwf on Windows: Add missing calls to CloseHandle
+
+ New features:
+ #30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
+ for runtime debugging of entropy extraction
+
+ Other changes:
+ Increase code coverage
+ #33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
+ XML_UNICODE_WCHAR_T was never meant to be used outside
+ of Windows; 4-byte wchar_t is common on Linux
+ (SF.net) #538 Start using -fno-strict-aliasing
+ (SF.net) #540 Support compilation against cloudlibc of CloudABI
+ Allow MinGW cross-compilation
+ (SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default)
+ to bypass compilation of the xmlwf.1 man page
+ (SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default)
+ to bypass installation of expat files
+ CMake: Fix ninja support
+ Autotools: Add parameters --enable-xml-context [COUNT]
+ and --disable-xml-context; default of context of 1024
+ bytes enabled unchanged
+ #14 Drop AmigaOS 4.x code and includes
+ #14 Drop ancient build systems:
+ * Borland C++ Builder
+ * OpenVMS
+ * Open Watcom
+ * Visual Studio 6.0
+ * Pre-X Mac OS (MPW Makefile)
+ If you happen to rely on some of these, please get in
+ touch for joining with maintenance.
+ #10 Move from WIN32 to _WIN32
+ #13 Fix "make run-xmltest" order instability
+ Address compile warnings
+ Bump version info from 7:2:6 to 7:3:6
+ Add AUTHORS file
+
+ Infrastructure:
+ #1 Migrate from SourceForge to GitHub (except downloads):
+ https://github.com/libexpat/
+ #1 Re-create http://libexpat.org/ project website
+ Start utilizing Travis CI
+
+ Special thanks to:
+ Andy Wang
+ Don Lewis
+ Ed Schouten
+ Karl Waclawek
+ Pascal Cuoq
+ Rhodri James
+ Sergei Nikulov
+ Tobias Taschner
+ Viktor Szakats
+ and
+ Core Infrastructure Initiative
+ Mozilla Foundation (MOSS Track 3: Secure Open Source)
+ Radically Open Security
+
+Release 2.2.0 Tue June 21 2016
+ Security fixes:
+ #537 CVE-2016-0718 -- Fix crash on malformed input
+ CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
+ CVE-2015-2716 introduced with Expat 2.1.1
+ #499 CVE-2016-5300 -- Use more entropy for hash initialization
+ than the original fix to CVE-2012-0876
+ #519 CVE-2012-6702 -- Resolve troublesome internal call to srand
+ that was introduced with Expat 2.1.0
+ when addressing CVE-2012-0876 (issue #496)
+
+ Bug fixes:
+ Fix uninitialized reads of size 1
+ (e.g. in little2_updatePosition)
+ Fix detection of UTF-8 character boundaries
+
+ Other changes:
+ #532 Fix compilation for Visual Studio 2010 (keyword "C99")
+ Autotools: Resolve use of "$<" to better support bmake
+ Autotools: Add QA script "qa.sh" (and make target "qa")
+ Autotools: Respect CXXFLAGS if given
+ Autotools: Fix "make run-xmltest"
+ Autotools: Have "make run-xmltest" check for expected output
+ p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
+ #536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
+ #323 CMake: Add suffix "d" to differentiate debug from release
+ CMake: Define WIN32 with CMake on Windows
+ Annotate memory allocators for GCC
+ Address all currently known compile warnings
+ Make sure that API symbols remain visible despite
+ -fvisibility=hidden
+ Remove executable flag from source files
+ Resolve COMPILED_FROM_DSP in favor of WIN32
+
+ Special thanks to:
+ Björn Lindahl
+ Christian Heimes
+ Cristian Rodríguez
+ Daniel Krügler
+ Gustavo Grieco
+ Karl Waclawek
+ László Böszörményi
+ Marco Grassi
+ Pascal Cuoq
+ Sergei Nikulov
+ Thomas Beutlich
+ Warren Young
+ Yann Droneaud
+
+Release 2.1.1 Sat March 12 2016
+ Security fixes:
+ #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
+
+ Bug fixes:
+ #502: Fix potential null pointer dereference
+ #520: Symbol XML_SetHashSalt was not exported
+ Output of "xmlwf -h" was incomplete
+
+ Other changes:
+ #503: Document behavior of calling XML_SetHashSalt with salt 0
+ Minor improvements to man page xmlwf(1)
+ Improvements to the experimental CMake build system
+ libtool now invoked with --verbose
+
+Release 2.1.0 Sat March 24 2012
+ - Security fixes:
+ #2958794: CVE-2012-1148 - Memory leak in poolGrow.
+ #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
+ #3496608: CVE-2012-0876 - Hash DOS attack.
+ #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
+ #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
+ - Bug Fixes:
+ #1742315: Harmful XML_ParserCreateNS suggestion.
+ #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
+ #1983953, 2517952, 2517962, 2649838:
+ Build modifications using autoreconf instead of buildconf.sh.
+ #2815947, #2884086: OBJEXT and EXEEXT support while building.
+ #2517938: xmlwf should return non-zero exit status if not well-formed.
+ #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
+ #2855609: Dangling positionPtr after error.
+ #2990652: CMake support.
+ #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
+ #3206497: Uninitialized memory returned from XML_Parse.
+ #3287849: make check fails on mingw-w64.
+ - Patches:
+ #1749198: pkg-config support.
+ #3010222: Fix for bug #3010819.
+ #3312568: CMake support.
+ #3446384: Report byte offsets for attr names and values.
+ - New Features / API changes:
+ Added new API member XML_SetHashSalt() that allows setting an initial
+ value (salt) for hash calculations. This is part of the fix for
+ bug #3496608 to randomize hash parameters.
+ When compiled with XML_ATTR_INFO defined, adds new API member
+ XML_GetAttributeInfo() that allows retrieving the byte
+ offsets for attribute names and values (patch #3446384).
+ Added CMake build system.
+ See bug #2990652 and patch #3312568.
+ Added run-benchmark target to Makefile.in - relies on testdata module
+ present in the same relative location as in the repository.
+
+Release 2.0.1 Tue June 5 2007
+ - Fixed bugs #1515266, #1515600: The character data handler's calling
+ of XML_StopParser() was not handled properly; if the parser was
+ stopped and the handler set to NULL, the parser would segfault.
+ - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
+ some character constants to be ASCII encoded.
+ - Minor cleanups of the test harness.
+ - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
+ - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
+ - Fixes and improvements for Windows platform:
+ bugs #1409451, #1476160, #1548182, #1602769, #1717322.
+ - Build fixes for various platforms:
+ HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
+ All Unix: #1554618 (refreshed config.sub/config.guess).
+ #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
+ without relying on GNU-Make specific features.
+ #1647805: Patched configure.in to work better with Intel compiler.
+ - Fixes to Makefile.in to have make check work correctly:
+ bugs #1408143, #1535603, #1536684.
+ - Added Open Watcom support: patch #1523242.
+
+Release 2.0.0 Wed Jan 11 2006
+ - We no longer use the "check" library for C unit testing; we
+ always use the (partial) internal implementation of the API.
+ - Report XML_NS setting via XML_GetFeatureList().
+ - Fixed headers for use from C++.
+ - XML_GetCurrentLineNumber() and XML_GetCurrentColumnNumber()
+ now return unsigned integers.
+ - Added XML_LARGE_SIZE switch to enable 64-bit integers for
+ byte indexes and line/column numbers.
+ - Updated to use libtool 1.5.22 (the most recent).
+ - Added support for AmigaOS.
+ - Some mostly minor bug fixes. SF issues include: #1006708,
+ #1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
+
+Release 1.95.8 Fri Jul 23 2004
+ - Major new feature: suspend/resume. Handlers can now request
+ that a parse be suspended for later resumption or aborted
+ altogether. See "Temporarily Stopping Parsing" in the
+ documentation for more details.
+ - Some mostly minor bug fixes, but compilation should no
+ longer generate warnings on most platforms. SF issues
+ include: #827319, #840173, #846309, #888329, #896188, #923913,
+ #928113, #961698, #985192.
+
+Release 1.95.7 Mon Oct 20 2003
+ - Fixed enum XML_Status issue (reported on SourceForge many
+ times), so compilers that are properly picky will be happy.
+ - Introduced an XMLCALL macro to control the calling
+ convention used by the Expat API; this macro should be used
+ to annotate prototypes and definitions of callback
+ implementations in code compiled with a calling convention
+ other than the default convention for the host platform.
+ - Improved ability to build without the configure-generated
+ expat_config.h header. This is useful for applications
+ which embed Expat rather than linking in the library.
+ - Fixed a variety of bugs: see SF issues #458907, #609603,
+ #676844, #679754, #692878, #692964, #695401, #699323, #699487,
+ #820946.
+ - Improved hash table lookups.
+ - Added more regression tests and improved documentation.
+
+Release 1.95.6 Tue Jan 28 2003
+ - Added XML_FreeContentModel().
+ - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
+ - Fixed a variety of bugs: see SF issues #615606, #616863,
+ #618199, #653180, #673791.
+ - Enhanced the regression test suite.
+ - Man page improvements: includes SF issue #632146.
+
+Release 1.95.5 Fri Sep 6 2002
+ - Added XML_UseForeignDTD() for improved SAX2 support.
+ - Added XML_GetFeatureList().
+ - Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
+ - Use an incomplete struct instead of a void* for the parser
+ (may not retain).
+ - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
+ - Finally fixed bug where default handler would report DTD
+ events that were already handled by another handler.
+ Initial patch contributed by Darryl Miles.
+ - Removed unnecessary DllMain() function that caused static
+ linking into a DLL to be difficult.
+ - Added VC++ projects for building static libraries.
+ - Reduced line-length for all source code and headers to be
+ no longer than 80 characters, to help with AS/400 support.
+ - Reduced memory copying during parsing (SF patch #600964).
+ - Fixed a variety of bugs: see SF issues #580793, #434664,
+ #483514, #580503, #581069, #584041, #584183, #584832, #585537,
+ #596555, #596678, #598352, #598944, #599715, #600479, #600971.
+
+Release 1.95.4 Fri Jul 12 2002
+ - Added support for VMS, contributed by Craig Berry. See
+ vms/README.vms for more information.
+ - Added Mac OS (classic) support, with a makefile for MPW,
+ contributed by Thomas Wegner and Daryle Walker.
+ - Added Borland C++ Builder 5 / BCC 5.5 support, contributed
+ by Patrick McConnell (SF patch #538032).
+ - Fixed a variety of bugs: see SF issues #441449, #563184,
+ #564342, #566334, #566901, #569461, #570263, #575168, #579196.
+ - Made skippedEntityHandler conform to SAX2 (see source comment)
+ - Re-implemented WFC: Entity Declared from XML 1.0 spec and
+ added a new error "entity declared in parameter entity":
+ see SF bug report #569461 and SF patch #578161
+ - Re-implemented section 5.1 from XML 1.0 spec:
+ see SF bug report #570263 and SF patch #578161
+
+Release 1.95.3 Mon Jun 3 2002
+ - Added a project to the MSVC workspace to create a wchar_t
+ version of the library; the DLLs are named libexpatw.dll.
+ - Changed the name of the Windows DLLs from expat.dll to
+ libexpat.dll; this fixes SF bug #432456.
+ - Added the XML_ParserReset() API function.
+ - Fixed XML_SetReturnNSTriplet() to work for element names.
+ - Made the XML_UNICODE builds usable (thanks, Karl!).
+ - Allow xmlwf to read from standard input.
+ - Install a man page for xmlwf on Unix systems.
+ - Fixed many bugs; see SF bug reports #231864, #461380, #464837,
+ #466885, #469226, #477667, #484419, #487840, #494749, #496505,
+ #547350. Other bugs which we can't test as easily may also
+ have been fixed, especially in the area of build support.
+
+Release 1.95.2 Fri Jul 27 2001
+ - More changes to make MSVC happy with the build; add a single
+ workspace to support both the library and xmlwf application.
+ - Added a Windows installer for Windows users; includes
+ xmlwf.exe.
+ - Added compile-time constants that can be used to determine the
+ Expat version
+ - Removed a lot of GNU-specific dependencies to aide portability
+ among the various Unix flavors.
+ - Fix the UTF-8 BOM bug.
+ - Cleaned up warning messages for several compilers.
+ - Added the -Wall, -Wstrict-prototypes options for GCC.
+
+Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
+ - Changes to get expat to build under Microsoft compiler
+ - Removed all aborts and instead return an UNEXPECTED_STATE error.
+ - Fixed a bug where a stray '%' in an entity value would cause an
+ abort.
+ - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
+ finding this oversight.
+ - Changed default patterns in lib/Makefile.in to fit non-GNU makes
+ Thanks to robin@unrated.net for reporting and providing an
+ account to test on.
+ - The reference had the wrong label for XML_SetStartNamespaceDecl.
+ Reported by an anonymous user.
+
+Release 1.95.0 Fri Sep 29 2000
+ - XML_ParserCreate_MM
+ Allows you to set a memory management suite to replace the
+ standard malloc,realloc, and free.
+ - XML_SetReturnNSTriplet
+ If you turn this feature on when namespace processing is in
+ effect, then qualified, prefixed element and attribute names
+ are returned as "uri|name|prefix" where '|' is whatever
+ separator character is used in namespace processing.
+ - Merged in features from perl-expat
+ o XML_SetElementDeclHandler
+ o XML_SetAttlistDeclHandler
+ o XML_SetXmlDeclHandler
+ o XML_SetEntityDeclHandler
+ o StartDoctypeDeclHandler takes 3 additional parameters:
+ sysid, pubid, has_internal_subset
+ o Many paired handler setters (like XML_SetElementHandler)
+ now have corresponding individual handler setters
+ o XML_GetInputContext for getting the input context of
+ the current parse position.
+ - Added reference material
+ - Packaged into a distribution that builds a sharable library