Home | History | Annotate | Download | only in expat
      1 Release 2.1.1 Sat March 12 2016
      2         Security fixes:
      3             #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
      4 
      5         Bug fixes:
      6             #502: Fix potential null pointer dereference
      7             #520: Symbol XML_SetHashSalt was not exported
      8             Output of "xmlwf -h" was incomplete
      9 
     10         Other changes
     11             #503: Document behavior of calling XML_SetHashSalt with salt 0
     12             Minor improvements to man page xmlwf(1)
     13             Improvements to the experimental CMake build system
     14             libtool now invoked with --verbose
     15 
     16 Release 2.1.0 Sat March 24 2012
     17         - Bug Fixes:
     18           #1742315: Harmful XML_ParserCreateNS suggestion.
     19           #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
     20           #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
     21           #1983953, 2517952, 2517962, 2649838: 
     22                 Build modifications using autoreconf instead of buildconf.sh.
     23           #2815947, #2884086: OBJEXT and EXEEXT support while building.
     24           #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
     25           #2517938: xmlwf should return non-zero exit status if not well-formed.
     26           #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
     27           #2855609: Dangling positionPtr after error.
     28           #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
     29           #2958794: CVE-2012-1148 - Memory leak in poolGrow.
     30           #2990652: CMake support.
     31           #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
     32           #3206497: Unitialized memory returned from XML_Parse.
     33           #3287849: make check fails on mingw-w64.
     34           #3496608: CVE-2012-0876 - Hash DOS attack.
     35         - Patches:
     36           #1749198: pkg-config support.
     37           #3010222: Fix for bug #3010819.
     38           #3312568: CMake support.
     39           #3446384: Report byte offsets for attr names and values.
     40         - New Features / API changes:
     41           Added new API member XML_SetHashSalt() that allows setting an initial
     42                 value (salt) for hash calculations. This is part of the fix for
     43                 bug #3496608 to randomize hash parameters.
     44           When compiled with XML_ATTR_INFO defined, adds new API member
     45                 XML_GetAttributeInfo() that allows retrieving the byte
     46                 offsets for attribute names and values (patch #3446384).
     47           Added CMake build system.
     48                 See bug #2990652 and patch #3312568.
     49           Added run-benchmark target to Makefile.in - relies on testdata module
     50                 present in the same relative location as in the repository.
     51           
     52 Release 2.0.1 Tue June 5 2007
     53         - Fixed bugs #1515266, #1515600: The character data handler's calling
     54           of XML_StopParser() was not handled properly; if the parser was
     55           stopped and the handler set to NULL, the parser would segfault.
     56         - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed
     57           some character constants to be ASCII encoded.
     58         - Minor cleanups of the test harness.
     59         - Fixed xmlwf bug #1513566: "out of memory" error on file size zero.
     60         - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call.
     61         - Fixes and improvements for Windows platform:
     62           bugs #1409451, #1476160, #1548182, #1602769, #1717322.
     63         - Build fixes for various platforms:
     64           HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180.
     65           All Unix: #1554618 (refreshed config.sub/config.guess).
     66                     #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT,
     67                     without relying on GNU-Make specific features.
     68           #1647805: Patched configure.in to work better with Intel compiler.
     69         - Fixes to Makefile.in to have make check work correctly:
     70           bugs #1408143, #1535603, #1536684.
     71         - Added Open Watcom support: patch #1523242.
     72 
     73 Release 2.0.0 Wed Jan 11 2006
     74         - We no longer use the "check" library for C unit testing; we
     75           always use the (partial) internal implementation of the API.
     76         - Report XML_NS setting via XML_GetFeatureList().
     77         - Fixed headers for use from C++.
     78         - XML_GetCurrentLineNumber() and  XML_GetCurrentColumnNumber()
     79           now return unsigned integers.
     80         - Added XML_LARGE_SIZE switch to enable 64-bit integers for
     81           byte indexes and line/column numbers.
     82         - Updated to use libtool 1.5.22 (the most recent).
     83         - Added support for AmigaOS.
     84         - Some mostly minor bug fixes. SF issues include: #1006708,
     85           #1021776, #1023646, #1114960, #1156398, #1221160, #1271642.
     86 
     87 Release 1.95.8 Fri Jul 23 2004
     88         - Major new feature: suspend/resume.  Handlers can now request
     89           that a parse be suspended for later resumption or aborted
     90           altogether.  See "Temporarily Stopping Parsing" in the
     91           documentation for more details.
     92         - Some mostly minor bug fixes, but compilation should no
     93           longer generate warnings on most platforms.  SF issues
     94           include: #827319, #840173, #846309, #888329, #896188, #923913,
     95           #928113, #961698, #985192.
     96 
     97 Release 1.95.7 Mon Oct 20 2003
     98         - Fixed enum XML_Status issue (reported on SourceForge many
     99           times), so compilers that are properly picky will be happy.
    100         - Introduced an XMLCALL macro to control the calling
    101           convention used by the Expat API; this macro should be used
    102           to annotate prototypes and definitions of callback
    103           implementations in code compiled with a calling convention
    104           other than the default convention for the host platform.
    105         - Improved ability to build without the configure-generated
    106           expat_config.h header.  This is useful for applications
    107           which embed Expat rather than linking in the library.
    108         - Fixed a variety of bugs: see SF issues #458907, #609603,
    109           #676844, #679754, #692878, #692964, #695401, #699323, #699487,
    110           #820946.
    111         - Improved hash table lookups.
    112         - Added more regression tests and improved documentation.
    113 
    114 Release 1.95.6 Tue Jan 28 2003
    115         - Added XML_FreeContentModel().
    116         - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree().
    117         - Fixed a variety of bugs: see SF issues #615606, #616863,
    118           #618199, #653180, #673791.
    119         - Enhanced the regression test suite.
    120         - Man page improvements: includes SF issue #632146.
    121 
    122 Release 1.95.5 Fri Sep 6 2002
    123         - Added XML_UseForeignDTD() for improved SAX2 support.
    124         - Added XML_GetFeatureList().
    125         - Defined XML_Bool type and the values XML_TRUE and XML_FALSE.
    126         - Use an incomplete struct instead of a void* for the parser
    127           (may not retain).
    128         - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected.
    129         - Finally fixed bug where default handler would report DTD
    130           events that were already handled by another handler.
    131           Initial patch contributed by Darryl Miles.
    132         - Removed unnecessary DllMain() function that caused static
    133           linking into a DLL to be difficult.
    134         - Added VC++ projects for building static libraries.
    135         - Reduced line-length for all source code and headers to be
    136           no longer than 80 characters, to help with AS/400 support.
    137         - Reduced memory copying during parsing (SF patch #600964).
    138         - Fixed a variety of bugs: see SF issues #580793, #434664,
    139           #483514, #580503, #581069, #584041, #584183, #584832, #585537,
    140           #596555, #596678, #598352, #598944, #599715, #600479, #600971.
    141 
    142 Release 1.95.4 Fri Jul 12 2002
    143         - Added support for VMS, contributed by Craig Berry.  See
    144           vms/README.vms for more information.
    145         - Added Mac OS (classic) support, with a makefile for MPW,
    146           contributed by Thomas Wegner and Daryle Walker.
    147         - Added Borland C++ Builder 5 / BCC 5.5 support, contributed
    148           by Patrick McConnell (SF patch #538032).
    149         - Fixed a variety of bugs: see SF issues #441449, #563184,
    150           #564342, #566334, #566901, #569461, #570263, #575168, #579196.
    151         - Made skippedEntityHandler conform to SAX2 (see source comment)
    152         - Re-implemented WFC: Entity Declared from XML 1.0 spec and
    153           added a new error "entity declared in parameter entity":
    154           see SF bug report #569461 and SF patch #578161
    155         - Re-implemented section 5.1 from XML 1.0 spec:
    156           see SF bug report #570263 and SF patch #578161
    157 
    158 Release 1.95.3 Mon Jun 3 2002
    159         - Added a project to the MSVC workspace to create a wchar_t
    160           version of the library; the DLLs are named libexpatw.dll.
    161         - Changed the name of the Windows DLLs from expat.dll to
    162           libexpat.dll; this fixes SF bug #432456.
    163         - Added the XML_ParserReset() API function.
    164         - Fixed XML_SetReturnNSTriplet() to work for element names.
    165         - Made the XML_UNICODE builds usable (thanks, Karl!).
    166         - Allow xmlwf to read from standard input.
    167         - Install a man page for xmlwf on Unix systems.
    168         - Fixed many bugs; see SF bug reports #231864, #461380, #464837,
    169           #466885, #469226, #477667, #484419, #487840, #494749, #496505,
    170           #547350.  Other bugs which we can't test as easily may also
    171           have been fixed, especially in the area of build support.
    172 
    173 Release 1.95.2 Fri Jul 27 2001
    174         - More changes to make MSVC happy with the build; add a single
    175           workspace to support both the library and xmlwf application.
    176         - Added a Windows installer for Windows users; includes
    177           xmlwf.exe.
    178         - Added compile-time constants that can be used to determine the
    179           Expat version
    180         - Removed a lot of GNU-specific dependencies to aide portability
    181           among the various Unix flavors.
    182         - Fix the UTF-8 BOM bug.
    183         - Cleaned up warning messages for several compilers.
    184         - Added the -Wall, -Wstrict-prototypes options for GCC.
    185 
    186 Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000
    187         - Changes to get expat to build under Microsoft compiler
    188         - Removed all aborts and instead return an UNEXPECTED_STATE error.
    189         - Fixed a bug where a stray '%' in an entity value would cause an
    190           abort.
    191         - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for
    192           finding this oversight.
    193         - Changed default patterns in lib/Makefile.in to fit non-GNU makes
    194           Thanks to robin (a] unrated.net for reporting and providing an
    195           account to test on.
    196         - The reference had the wrong label for XML_SetStartNamespaceDecl.
    197           Reported by an anonymous user.
    198 
    199 Release 1.95.0 Fri Sep 29 2000
    200         - XML_ParserCreate_MM
    201                 Allows you to set a memory management suite to replace the
    202                 standard malloc,realloc, and free.
    203         - XML_SetReturnNSTriplet
    204                 If you turn this feature on when namespace processing is in
    205                 effect, then qualified, prefixed element and attribute names
    206                 are returned as "uri|name|prefix" where '|' is whatever
    207                 separator character is used in namespace processing.
    208         - Merged in features from perl-expat
    209                 o XML_SetElementDeclHandler
    210                 o XML_SetAttlistDeclHandler
    211                 o XML_SetXmlDeclHandler
    212                 o XML_SetEntityDeclHandler
    213                 o StartDoctypeDeclHandler takes 3 additional parameters:
    214                         sysid, pubid, has_internal_subset
    215                 o Many paired handler setters (like XML_SetElementHandler)
    216                   now have corresponding individual handler setters
    217                 o XML_GetInputContext for getting the input context of
    218                   the current parse position.
    219         - Added reference material
    220         - Packaged into a distribution that builds a sharable library
    221