| Age | Commit message (Collapse) | Author |
|---|
|
From `Changes`:
Release 2.2.5 Tue October 31 2017
Bug fixes:
#8 If the parser runs out of memory, make sure its internal
state reflects the memory it actually has, not the memory
it wanted to have.
#11 The default handler wasn't being called when it should for
a SYSTEM or PUBLIC doctype if an entity declaration handler
was registered.
#137 #138 Fix a case of mistakenly reported parsing success where
XML_StopParser was called from an element handler
#162 Function XML_ErrorString was returning NULL rather than
a message for code XML_ERROR_INVALID_ARGUMENT
introduced with release 2.2.1
Other changes:
#106 xmlwf: Add argument -N adding notation declarations
#75 #106 Test suite: Resolve expected failure cases where xmlwf
output was incomplete
#127 Windows: Fix test suite compilation
#126 #127 Windows: Fix compilation for Visual Studio 2012
#33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
#129 examples: Fix compilation for XML_UNICODE_WCHAR_T
#130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T
#144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
Windows or MinGW for 2-byte wchar_t
#9 Address two Clang Static Analyzer false positives
#59 Resolve troublesome macros hiding parser struct membership
and dereferencing that pointer
#6 Resolve superfluous internal malloc/realloc switch
#153 #155 Improve docbook2x-man detection
#160 Undefine NDEBUG in the test suite (rather than rejecting it)
#161 Address compiler warnings
Version info bumped from 7:6:6 to 7:7:6
Special thanks to:
Benbuck Nason
Hans Wennborg
José Gutiérrez de la Concha
Pedro Monreal Gonzalez
Rhodri James
Rolf Ade
Stephen Groat
and
Core Infrastructure Initiative
Release 2.2.4 Sat August 19 2017
Bug fixes:
#115 Fix copying of partial characters for UTF-8 input
Other changes:
#109 Fix "make check" for non-x86 architectures that default
to unsigned type char (-128..127 rather than 0..255)
#109 coverage.sh: Cover -funsigned-char
Autotools: Introduce --without-xmlwf argument
#65 Autotools: Replace handwritten Makefile with GNU Automake
#43 CMake: Auto-detect high quality entropy extractors, add new
option USE_libbsd=ON to use arc4random_buf of libbsd
#74 CMake: Add -fno-strict-aliasing only where supported
#114 CMake: Always honor manually set BUILD_* options
#114 CMake: Compile man page if docbook2x-man is available, only
#117 Include file tests/xmltest.log.expected in source tarball
(required for "make run-xmltest")
#117 Include (existing) Visual Studio 2013 files in source tarball
Improve test suite error output
#111 Fix some typos in documentation
Version info bumped from 7:5:6 to 7:6:6
Special thanks to:
Jakub Wilk
Joe Orton
Lin Tian
Rolf Eike Beer
Release 2.2.3 Wed August 2 2017
Security fixes:
#82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
using Steve Holme's LoadLibrary wrapper for/of cURL
Bug fixes:
#85 Fix a dangling pointer issue related to realloc
Other changes:
Increase code coverage
#91 Linux: Allow getrandom to fail if nonblocking pool has not
yet been initialized and read /dev/urandom then, instead.
This is in line with what recent Python does.
#81 Pre-10.7/Lion macOS: Support entropy from arc4random
#86 Check that a UTF-16 encoding in an XML declaration has the
right endianness
#4 #5 #7 Recover correctly when some reallocations fail
Repair "./configure && make" for systems without any
provider of high quality entropy
and try reading /dev/urandom on those
Ensure that user-defined character encodings have converter
functions when they are needed
Fix mis-leading description of argument -c in xmlwf.1
Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
for CloudABI
#100 Fix use of SIPHASH_MAIN in siphash.h
#23 Test suite: Fix memory leaks
Version info bumped from 7:4:6 to 7:5:6
Special thanks to:
Chanho Park
Joe Orton
Pascal Cuoq
Rhodri James
Simon McVittie
Vadim Zeitlin
Viktor Szakats
and
Core Infrastructure Initiative
Release 2.2.2 Wed July 12 2017
Security fixes:
#43 Protect against compilation without any source of high
quality entropy enabled, e.g. with CMake build system;
commit ff0207e6076e9828e536b8d9cd45c9c92069b895
#60 Windows with _UNICODE:
Unintended use of LoadLibraryW with a non-wide string
resulted in failure to load advapi32.dll and degradation
in quality of used entropy when compiled with _UNICODE for
Windows; you can launch existing binaries with
EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
quality of entropy used during runtime; commits
* 95b95032f907ef1cd17ee7a9a1768010a825d61d
* 73a5a2e9c081f49f2d775cf7ced864158b68dc80
[MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
resulted in NULL dereference, previously;
commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
Bug fixes:
#69 Fix improper use of unsigned long long integer literals
Other changes:
#73 Start requiring a C99 compiler
#49 Fix "==" Bashism in configure script
#50 Fix too eager getrandom detection for Debian GNU/kFreeBSD
#52 and macOS
#51 Address lack of stdint.h in Visual Studio 2003 to 2008
#58 Address compile warnings
#68 Fix "./buildconf.sh && ./configure" for some versions
of Dash for /bin/sh
#72 CMake: Ease use of Expat in context of a parent project
with multiple CMakeLists.txt files
#72 CMake: Resolve mistaken executable permissions
#76 Address compile warning with -DNDEBUG (not recommended!)
#77 Address compile warning about macro redefinition
Special thanks to:
Alexander Bluhm
Ben Boeckel
Cătălin Răceanu
Kerin Millar
László Böszörményi
S. P. Zeidler
Segev Finer
Václav Slavík
Victor Stinner
Viktor Szakats
and
Radically Open Security
Release 2.2.1 Sat June 17 2017
Security fixes:
CVE-2017-9233 -- External entity infinite loop DoS
Details: https://libexpat.github.io/doc/cve-2017-9233/
Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
[MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
d4f735b88d9932bd5039df2335eefdd0723dbe20
(Fixed version of existing downstream patches!)
(SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
longer tag names; commits
* 896b6c1fd3b842f377d1b62135dccf0a579cf65d
* af507cef2c93cb8d40062a0abe43a4f4e9158fb2
#16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
#25 More integer overflow detection (function poolGrow); commits
* 810b74e4703dcfdd8f404e3cb177d44684775143
* 44178553f3539ce69d34abee77a05e879a7982ac
[MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
* 4be2cb5afcc018d996f34bbbce6374b7befad47f
* 7e5b71b748491b6e459e5c9a1d090820f94544d8
[MOX-005] #30 Use high quality entropy for hash initialization:
* arc4random_buf on BSD, systems with libbsd
(when configured with --with-libbsd), CloudABI
* RtlGenRandom on Windows XP / Server 2003 and later
* getrandom on Linux 3.17+
In a way, that's still part of CVE-2016-5300.
https://github.com/libexpat/libexpat/pull/30/commits
[MOX-005] For the low quality entropy extraction fallback code,
the parser instance address can no longer leak, commit
04ad658bd3079dd15cb60fc67087900f0ff4b083
[MOX-003] Prevent use of uninitialised variable; commit
[MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
Add missing parameter validation to public API functions
and dedicated error code XML_ERROR_INVALID_ARGUMENT:
[MOX-006] * NULL checks; commits
* d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
* 9ed727064b675b7180c98cb3d4f75efba6966681
* 6a747c837c50114dfa413994e07c0ba477be4534
* Negative length (XML_Parse); commit
[MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
[MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
to go further with fixing CVE-2012-0876.
https://github.com/libexpat/libexpat/pull/39/commits
Bug fixes:
#32 Fix sharing of hash salt across parsers;
relevant where XML_ExternalEntityParserCreate is called
prior to XML_Parse, in particular (e.g. FBReader)
#28 xmlwf: Auto-disable use of memory-mapping (and parsing
as a single chunk) for files larger than ~1 GB (2^30 bytes)
rather than failing with error "out of memory"
#3 Fix double free after malloc failure in DTD code; commit
7ae9c3d3af433cd4defe95234eae7dc8ed15637f
#17 Fix memory leak on parser error for unbound XML attribute
prefix with new namespaces defined in the same tag;
found by Google's OSS-Fuzz; commits
* 16f87daae5a16132e479e4f71862128c7a915c73
* b47dbc9745932c160893d433220e462bd605f8cd
xmlwf on Windows: Add missing calls to CloseHandle
New features:
#30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
for runtime debugging of entropy extraction
Other changes:
Increase code coverage
#33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
XML_UNICODE_WCHAR_T was never meant to be used outside
of Windows; 4-byte wchar_t is common on Linux
(SF.net) #538 Start using -fno-strict-aliasing
(SF.net) #540 Support compilation against cloudlibc of CloudABI
Allow MinGW cross-compilation
(SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default)
to bypass compilation of the xmlwf.1 man page
(SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default)
to bypass installation of expat files
CMake: Fix ninja support
Autotools: Add parameters --enable-xml-context [COUNT]
and --disable-xml-context; default of context of 1024
bytes enabled unchanged
#14 Drop AmigaOS 4.x code and includes
#14 Drop ancient build systems:
* Borland C++ Builder
* OpenVMS
* Open Watcom
* Visual Studio 6.0
* Pre-X Mac OS (MPW Makefile)
If you happen to rely on some of these, please get in
touch for joining with maintenance.
#10 Move from WIN32 to _WIN32
#13 Fix "make run-xmltest" order instability
Address compile warnings
Bump version info from 7:2:6 to 7:3:6
Add AUTHORS file
Infrastructure:
#1 Migrate from SourceForge to GitHub (except downloads):
https://github.com/libexpat/
#1 Re-create http://libexpat.org/ project website
Start utilizing Travis CI
Special thanks to:
Andy Wang
Don Lewis
Ed Schouten
Karl Waclawek
Pascal Cuoq
Rhodri James
Sergei Nikulov
Tobias Taschner
Viktor Szakats
and
Core Infrastructure Initiative
Mozilla Foundation (MOSS Track 3: Secure Open Source)
Radically Open Security
Bug: N/A
Test: cts-tradefed run cts -m CtsLibcoreTestCases -t libcore.xml.ExpatSaxParserTest
Change-Id: Ide6a7b30ed05cbd712cc88350381e9dbbc5d79ad
|
|
am: 364e57e220
Change-Id: Ia0902d161695d69c77d04894713ea03ee1745813
|
|
am: 44802c7a43
Change-Id: I87181cd8db9b2b027da3495a0e50a3bad41b1560
|
|
am: 1071d2dbae
Change-Id: Ie581a1dceb7a01ac6d32a4e1595c0d2c00d18621
|
|
|
|
Bug: 66996870
Test: build with WITH_TIDY=1
Change-Id: I69733baf68b136bf30581c1b844e28baa140a97b
|
|
314e645a2a
am: d16cf94146 -s ours
Change-Id: Ifaf960be8d749811f3a366d3b9145f305be9a12c
|
|
am: 314e645a2a
Change-Id: If97be2cfde6605010401c55dde805dcee3357dc6
|
|
am: cc10db2c9e
Change-Id: I880a56fa63a8e6e42a2950d3e662dee939892666
|
|
|
|
As a VNDK/VNDK-SP module, Android.bp must have 'vndk' tag as well
as 'vendor_available: true'.
For a VNDK module, the 'vndk' tag has 'enabled: true'.
It will be installed system/lib(64)/vndk as a vendor variant.
For a VNDK-SP module, the 'vndk' tag has
'support_system_process: true' as well as 'enabled: true'.
It will be installed system/lib(64)/vndk-sp as a vendor variant.
Bug: 63866913
Test: build and boot with BOARD_VNDK_VERSION=current
Merged-In: I7e14312306d2dc862ac0bee5e8c5956fee850223
Change-Id: I7e14312306d2dc862ac0bee5e8c5956fee850223
(cherry picked from commit f2e8548ee25ba7684a71501428bb2834a6936b1c)
|
|
am: f2e8548ee2
Change-Id: Iba01b5b126d9035df84e3ab3901b34dc862a1bcb
|
|
As a VNDK/VNDK-SP module, Android.bp must have 'vndk' tag as well
as 'vendor_available: true'.
For a VNDK module, the 'vndk' tag has 'enabled: true'.
It will be installed system/lib(64)/vndk as a vendor variant.
For a VNDK-SP module, the 'vndk' tag has
'support_system_process: true' as well as 'enabled: true'.
It will be installed system/lib(64)/vndk-sp as a vendor variant.
Bug: 63866913
Test: build and boot with BOARD_VNDK_VERSION=current
Change-Id: I7e14312306d2dc862ac0bee5e8c5956fee850223
|
|
am: f1e893626d -s ours
Change-Id: I56bab2401a2c147fd25987da7407dd200877804b
|
|
am: fa031d5dc1 -s ours
Change-Id: I08382e5d7e4712e71d52c8afeb3a369361dcd1d5
|
|
Bug: 38244611
Test: Build sailfish with BOARD_VNDK_VERSION:=current
(cherry picked from commit c4fc4e20ef7189d33feeda4e872444e760889761)
Merged-In: I35cc65d8721b2aa31525dc2cc9a2922fa1d8b01a
Change-Id: I3a0a0d16899e056899f53d4738a746fea001f7d6
|
|
3146be0769
am: 7ea39ce869
Change-Id: I1ce1625c5cfddb1dd0bb4363d5d1605f92f83fa2
|
|
am: 3146be0769
Change-Id: I19474910f1a42dce6ba27b2d9da8078c9ab95c3b
|
|
am: fe08ee2cfe
Change-Id: I93dae0280ae5720559674a4291bdbc195fb9422f
|
|
am: 8954a5667c
Change-Id: I674c8b398c35c0ea3f50d29bb7d0cb54e1aa3f27
|
|
|
|
Bug: 38244611
Test: Build sailfish with BOARD_VNDK_VERSION:=current
Change-Id: I35cc65d8721b2aa31525dc2cc9a2922fa1d8b01a
|
|
am: 451c00f7c3
Change-Id: I9dede9d10c6600918538fda45ed74fabe021ac4d
|
|
am: 470553711f
Change-Id: Ide06dd57cdd1c30b2cfc797b69f46188180e6f26
|
|
am: d61777ec98
Change-Id: Ie17e4d110719ccd42446339fd21aaee3ee233a6a
|
|
* changes:
Fix cast from pointer to integer of different size
Reverted change to switch from COMPILED_FROM_DSP to WIN32
Upgrade to expat 2.2.0
|
|
Fixes last compilation bug. It now compiles on Android.
(cherry picked from 8caa27c2601e69bc404ff28fc4c5c39860d8d5bf)
Test: cts-tradefed run cts -m CtsLibcoreTestCases -t libcore.xml.ExpatSaxParserTest
Bug: 30157673
Bug: 29149404
Change-Id: I9be82ac4dfb430c8d7398aa69b100820957f6279
|
|
Bug: 30157673
Test: cannot test as does not yet compile
Change-Id: Iba4c9d9c8257f1033159ee0ad8a0aceec6069847
|
|
The version of 2.2.0 from upstream. This will not yet compile on
Android. Following changes will fix issues that prevent
compilation.
Bug: 30157673
Test: cannot test as does not yet compile
Change-Id: I50a7fc074cff17367177cc733ab1e7286f4b63d6
|
|
911f176567 am: 452cd40d64 am: 7f23da12fc
am: b05dbe320c
Change-Id: I80700dff771ba584f83b6625a43318c9fefd57be
|
|
5e5c1df313 am: afa9b69598
am: 0de44d678e
Change-Id: Ib25b8864a81a69b71cd3010b6ff8fa3c4a0eae8e
|
|
am: 5b1a7d752f
Change-Id: I2f0c072ff60de4f04c21c14083699f3f41114b9e
|
|
911f176567 am: 452cd40d64
am: 7f23da12fc
Change-Id: Ida3ef7ccec9e6393a88de8f0dbd58c141c23ce5d
|
|
am: afa9b69598
Change-Id: I7f2b209d92ec0562a1cd57498519d1dbe940873a
|
|
am: 452cd40d64
Change-Id: I8fcaf53cdd9fcc2fa34b606884ccb78acadda43b
|
|
am: 5e5c1df313
Change-Id: I52b9086c09d762e0995b4f3b981e54f2175d673c
|
|
am: 911f176567
Change-Id: I80b30347c5aaa56cae29ed0ebc4d7af027856abf
|
|
am: aeb049f026
Change-Id: I134bb7545bb8c42549285d5bc3a679e0ca1da0b2
|
|
am: 355dab45c4
Change-Id: I679c9628e9563c965af4173992161b6eb754f78b
|
|
am: b743e03c9b
Change-Id: I9d890328fea434a503204ec2eb699e6fd81dadb7
|
|
am: b743e03c9b
Change-Id: Ib42a068c6abcf4c984708dec61d23ecad29d39ed
|
|
am: b8a17aa3bc
Change-Id: Ie79736a9be40df31ebfae715d86cb0acf91a57cd
|
|
Test: make
Bug: 29149404
Change-Id: I9be82ac4dfb430c8d7398aa69b100820957f6279
(cherry picked from commit 8caa27c2601e69bc404ff28fc4c5c39860d8d5bf)
|
|
Test: make
Bug: 29149404
Change-Id: I9be82ac4dfb430c8d7398aa69b100820957f6279
(cherry picked from commit 8caa27c2601e69bc404ff28fc4c5c39860d8d5bf)
|
|
am: 264935ecd6
Change-Id: Ia1fc2f749cc873560bcf56c41e01334986bd1c7b
|
|
am: 8caa27c260
Change-Id: I4291fd5285f790a6f3891629b257064c238fd770
|
|
Test: make
Bug: 29149404
Change-Id: I9be82ac4dfb430c8d7398aa69b100820957f6279
|
|
3188d5f5bd am: ae32ff2022 am: f6f28331b0 am: 15477bfab1 am: 3072d16e4a am: e743a91b62 am: 214efe5205 am: 012577cb41 am: 27cda699dc am: a3d54029c5 am: 38057dc17d am: 50d3907045 am: 83f8d44467 am: f406da105b
am: 41fc89d385
Change-Id: I4e7dc41489cc7f8844627bbb9cb1a25b39f22ad6
|
|
3188d5f5bd am: ae32ff2022 am: f6f28331b0 am: 15477bfab1 am: 3072d16e4a am: e743a91b62 am: 214efe5205 am: 012577cb41 am: 27cda699dc am: a3d54029c5 am: 38057dc17d am: 90cd710f3a
am: cba6f96fec
Change-Id: I97bf323294bd1c6b1d6d961b1068ee8e4c1038c7
|
|
3188d5f5bd am: ae32ff2022 am: f6f28331b0 am: 15477bfab1 am: 3072d16e4a am: e743a91b62 am: 214efe5205 am: 012577cb41 am: 27cda699dc am: a3d54029c5 am: 38057dc17d am: 50d3907045 am: 83f8d44467
am: f406da105b
Change-Id: I4f8299567aaff3c1cf432d8528ebd4fff8dc0a5b
|
