This ensures a binary built with USE_INET6=yes libc can still link at
runtime with a USE_INET6=no libc. Of course IPv6 functionnality is not
available, but dynamic linking is not killed by missing symbols such
as in6addr_any.
We used -DSMALL to exclude code from libc in order to build
libhack. Introduce -DLIBHACK to do this without so that
-DSMALL does not remove code necessary for building a shared libc
timer is disabled when attaching so it doesn't go crazy between the time
interrupts are enabled and clocks are initialized. My RPI3 makes it
multi-user now.
which would trigger a panic when unplugging a USB ATAPI CDROM.
Align detach code for scsibus and atapibus to fix this.
Also avoid races when detaching devices by replacing callout_stop with
callout_halt.
Security fixes:
CVE-2017-9233 -- External entity infinite loop DoS
Details: https://libexpat.github.io/doc/cve-2017-9233/
Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
[MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
d4f735b88d9932bd5039df2335eefdd0723dbe20
(Fixed version of existing downstream patches!)
(SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
longer tag names; commits
* 896b6c1fd3b842f377d1b62135dccf0a579cf65d
* af507cef2c93cb8d40062a0abe43a4f4e9158fb2
#16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
#25 More integer overflow detection (function poolGrow); commits
* 810b74e4703dcfdd8f404e3cb177d44684775143
* 44178553f3539ce69d34abee77a05e879a7982ac
[MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
* 4be2cb5afcc018d996f34bbbce6374b7befad47f
* 7e5b71b748491b6e459e5c9a1d090820f94544d8
[MOX-005] #30 Use high quality entropy for hash initialization:
* arc4random_buf on BSD, systems with libbsd
(when configured with --with-libbsd), CloudABI
* RtlGenRandom on Windows XP / Server 2003 and later
* getrandom on Linux 3.17+
In a way, that's still part of CVE-2016-5300.
https://github.com/libexpat/libexpat/pull/30/commits
[MOX-005] For the low quality entropy extraction fallback code,
the parser instance address can no longer leak, commit
04ad658bd3079dd15cb60fc67087900f0ff4b083
[MOX-003] Prevent use of uninitialised variable; commit
[MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
Add missing parameter validation to public API functions
and dedicated error code XML_ERROR_INVALID_ARGUMENT:
[MOX-006] * NULL checks; commits
* d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
* 9ed727064b675b7180c98cb3d4f75efba6966681
* 6a747c837c50114dfa413994e07c0ba477be4534
* Negative length (XML_Parse); commit
[MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
[MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
to go further with fixing CVE-2012-0876.
https://github.com/libexpat/libexpat/pull/39/commits
Bug fixes:
#32 Fix sharing of hash salt across parsers;
relevant where XML_ExternalEntityParserCreate is called
prior to XML_Parse, in particular (e.g. FBReader)
#28 xmlwf: Auto-disable use of memory-mapping (and parsing
as a single chunk) for files larger than ~1 GB (2^30 bytes)
rather than failing with error "out of memory"
#3 Fix double free after malloc failure in DTD code; commit
7ae9c3d3af433cd4defe95234eae7dc8ed15637f
#17 Fix memory leak on parser error for unbound XML attribute
prefix with new namespaces defined in the same tag;
found by Google's OSS-Fuzz; commits
* 16f87daae5a16132e479e4f71862128c7a915c73
* b47dbc9745932c160893d433220e462bd605f8cd
xmlwf on Windows: Add missing calls to CloseHandle
New features:
#30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
for runtime debugging of entropy extraction
Other changes:
Increase code coverage
#33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
XML_UNICODE_WCHAR_T was never meant to be used outside
of Windows; 4-byte wchar_t is common on Linux
(SF.net) #538 Start using -fno-strict-aliasing
(SF.net) #540 Support compilation against cloudlibc of CloudABI
Allow MinGW cross-compilation
(SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default)
to bypass compilation of the xmlwf.1 man page
(SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default)
to bypass installation of expat files
CMake: Fix ninja support
Autotools: Add parameters --enable-xml-context [COUNT]
and --disable-xml-context; default of context of 1024
bytes enabled unchanged
#14 Drop AmigaOS 4.x code and includes
#14 Drop ancient build systems:
* Borland C++ Builder
* OpenVMS
* Open Watcom
* Visual Studio 6.0
* Pre-X Mac OS (MPW Makefile)
If you happen to rely on some of these, please get in
touch for joining with maintenance.
#10 Move from WIN32 to _WIN32
#13 Fix "make run-xmltest" order instability
Address compile warnings
Bump version info from 7:2:6 to 7:3:6
Add AUTHORS file
Infrastructure:
#1 Migrate from SourceForge to GitHub (except downloads):
https://github.com/libexpat/#1 Re-create http://libexpat.org/ project website
Start utilizing Travis CI
Special thanks to:
Andy Wang
Don Lewis
Ed Schouten
Karl Waclawek
Pascal Cuoq
Rhodri James
Sergei Nikulov
Tobias Taschner
Viktor Szakats
and
Core Infrastructure Initiative
Mozilla Foundation (MOSS Track 3: Secure Open Source)
Radically Open Security
Emacs likes save all memory of the main binary and the first run of
_libc_init via .init will get the wrong (old) value of __ps_strings.
By avoiding the initialization of _dlauxinfo for shared applications,
it will be touched only by the _libc_init call from crt0.o itself,
at which point __ps_strings is correct.
the line number when included in the trace line tag to show whether it
comes from the parser, or the elsewhere as they tend to be quite different).
Initially only one case was changed, while I pondered whether I liked it
or not. Now it is all done... Also when there is a line tag at all,
always include the root/sub-shell indicator character, not only when the
pid is included.
This is similar to the changes made in string(3) and memory(3) man pages previously.
The reasin being that, when you do `whatis ffs', an extra entry will be there in
the output for this page, which is confusing and unncessary.
Bump date for changes in the NAME section.
to my delicate sensibilities... (NFC).
Arrange not to barf (ever) if some turkey makes _ readonly. Do this
by adding a VNOERROR flag that causes errors in var setting to be
ignored (intended use is only for internal shell var setting, like of "_").
(nb: invalid var name errors ignore this flag, but those should never
occur on a var set by the shell itself.)
From FreeBSD: don't simply discard memory if a variable is not set for
any reason (including because it is readonly) if the var's value had
been malloc'd. Free it instead...
to local_lineno as the latter seemed to be marginally more popular,
and perhaps more importantly, is the same length as the peviously
existing quietprofile option, which means the man page indentation
for the list of options can return to (about) what it was before...
(That is, less indented, which means more data/line, which means less
lines of man page - a good thing!)
PR bin/52302 (core dump with interactive shell, here doc and error
on same line) is fixed. (An old bug.)
echo "$( echo x; for a in $( seq 1000 ); do printf '%s\n'; done; echo y )"
consistently prints 1002 lines (x, 1000 empty ones, then y) as it should
(And you don't want to know what it did before, or why.) (Another old one.)
(Recently added) Problems with ~ expansion fixed (mem management related).
Proper fix for the cwrappers configure problem (which includes the quick
fix that was done earlier, but extends upon that to be correct). (This was
another newly added problem.)
And the really devious (and rare) old bug - if STACKSTRNUL() needs to
allocate a new buffer in which to store the \0, calculate the size of
the string space remaining correctly, unlike when SPUTC() grows the
buffer, there is no actual data being stored in the STACKSTRNUL()
case - the string space remaining was calculated as one byte too few.
That would be harmless, unless the next buffer also filled, in which
case it was assumed that it was really full, not one byte less, meaning
one junk char (a nul, or anything) was being copied into the next (even
bigger buffer) corrupting the data.
Consistent use of stalloc() to allocate a new block of (stack) memory,
and grabstackstr() to claim a block of (stack) memory that had already
been occupied but not claimed as in use. Since grabstackstr is implemented
as just a call to stalloc() this is a no-op change in practice, but makes
it much easier to comprehend what is really happening. Previous code
sometimes used stalloc() when the use case was really for grabstackstr().
Change grabstackstr() to actually use the arg passed to it, instead of
(not much better than) guessing how much space to claim,
More care when using unstalloc()/ungrabstackstr() to return space, and in
particular when the stack must be returned to its previous state, rather than
just returning no-longer needed space, neither of those work. They also don't
work properly if there have been (really, even might have been) any stack mem
allocations since the last stalloc()/grabstackstr(). (If we know there
cannot have been then the alloc/release sequence is kind of pointless.)
To work correctly in general we must use setstackmark()/popstackmark() so
do that when needed. Have those also save/restore the top of stack string
space remaining.
[Aside: for those reading this, the "stack" mentioned is not
in any way related to the thing used for maintaining the C
function call state, ie: the "stack segment" of the program,
but the shell's internal memory management strategy.]
More comments to better explain what is happening in some cases.
Also cleaned up some hopelessly broken DEBUG mode data that were
recently added (no effect on anyone but the poor semi-human attempting
to make sense of it...).
User visible changes:
Proper counting of line numbers when a here document is delimited
by a multi-line end-delimiter, as in
cat << 'REALLY
END'
here doc line 1
here doc line 2
REALLY
END
(which is an obscure case, but nothing says should not work.) The \n
in the end-delimiter of the here doc (the last one) was not incrementing
the line number, which from that point on in the script would be 1 too
low (or more, for end-delimiters with more than one \n in them.)
With tilde expansion:
unset HOME; echo ~
changed to return getpwuid(getuid())->pw_home instead of failing (returning ~)
POSIX says this is unspecified, which makes it difficult for a script to
compensate for being run without HOME set (as in env -i sh script), so
while not able to be used portably, this seems like a useful extension
(and is implemented the same way by some other shells).
Further, with
HOME=; printf %s ~
we now write nothing (which is required by POSIX - which requires ~ to
expand to the value of $HOME if it is set) previously if $HOME (in this
case) or a user's directory in the passwd file (for ~user) were a null
STRING, We failed the ~ expansion and left behind '~' or '~user'.
being done (one in probably dead code that is never compiled, the other
in a very rare error case.) Since it is stack memory it wasn't lost
in any case, just held longer than needed.
jmcneill