123d8dfc18
Fixes CVE-2012-1147, CVE-2012-1148 and CVE-2012-0876 (other security issues have been previously fixed in our tree) relevant Changes: Release 2.1.0 Sat March 24 2012 - Bug Fixes: #1742315: Harmful XML_ParserCreateNS suggestion. #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. #1983953, 2517952, 2517962, 2649838: Build modifications using autoreconf instead of buildconf.sh. #2815947, #2884086: OBJEXT and EXEEXT support while building. #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. #2517938: xmlwf should return non-zero exit status if not well-formed. #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. #2855609: Dangling positionPtr after error. #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). #2958794: CVE-2012-1148 - Memory leak in poolGrow. #2990652: CMake support. #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. #3206497: Unitialized memory returned from XML_Parse. #3287849: make check fails on mingw-w64. #3496608: CVE-2012-0876 - Hash DOS attack. - Patches: #1749198: pkg-config support. #3010222: Fix for bug #3010819. #3312568: CMake support. #3446384: Report byte offsets for attr names and values. - New Features / API changes: Added new API member XML_SetHashSalt() that allows setting an intial value (salt) for hash calculations. This is part of the fix for bug #3496608 to randomize hash parameters. When compiled with XML_ATTR_INFO defined, adds new API member XML_GetAttributeInfo() that allows retrieving the byte offsets for attribute names and values (patch #3446384). Added CMake build system. See bug #2990652 and patch #3312568. Added run-benchmark target to Makefile.in - relies on testdata module present in the same relative location as in the repository.
140 lines
5.7 KiB
Plaintext
Executable File
140 lines
5.7 KiB
Plaintext
Executable File
|
|
Expat, Release 2.1.0
|
|
|
|
This is Expat, a C library for parsing XML, written by James Clark.
|
|
Expat is a stream-oriented XML parser. This means that you register
|
|
handlers with the parser before starting the parse. These handlers
|
|
are called when the parser discovers the associated structures in the
|
|
document being parsed. A start tag is an example of the kind of
|
|
structures for which you may register handlers.
|
|
|
|
Windows users should use the expat_win32bin package, which includes
|
|
both precompiled libraries and executables, and source code for
|
|
developers.
|
|
|
|
Expat is free software. You may copy, distribute, and modify it under
|
|
the terms of the License contained in the file COPYING distributed
|
|
with this package. This license is the same as the MIT/X Consortium
|
|
license.
|
|
|
|
Versions of Expat that have an odd minor version (the middle number in
|
|
the release above), are development releases and should be considered
|
|
as beta software. Releases with even minor version numbers are
|
|
intended to be production grade software.
|
|
|
|
If you are building Expat from a check-out from the CVS repository,
|
|
you need to run a script that generates the configure script using the
|
|
GNU autoconf and libtool tools. To do this, you need to have
|
|
autoconf 2.58 or newer. Run the script like this:
|
|
|
|
./buildconf.sh
|
|
|
|
Once this has been done, follow the same instructions as for building
|
|
from a source distribution.
|
|
|
|
To build Expat from a source distribution, you first run the
|
|
configuration shell script in the top level distribution directory:
|
|
|
|
./configure
|
|
|
|
There are many options which you may provide to configure (which you
|
|
can discover by running configure with the --help option). But the
|
|
one of most interest is the one that sets the installation directory.
|
|
By default, the configure script will set things up to install
|
|
libexpat into /usr/local/lib, expat.h into /usr/local/include, and
|
|
xmlwf into /usr/local/bin. If, for example, you'd prefer to install
|
|
into /home/me/mystuff/lib, /home/me/mystuff/include, and
|
|
/home/me/mystuff/bin, you can tell configure about that with:
|
|
|
|
./configure --prefix=/home/me/mystuff
|
|
|
|
Another interesting option is to enable 64-bit integer support for
|
|
line and column numbers and the over-all byte index:
|
|
|
|
./configure CPPFLAGS=-DXML_LARGE_SIZE
|
|
|
|
However, such a modification would be a breaking change to the ABI
|
|
and is therefore not recommended for general use - e.g. as part of
|
|
a Linux distribution - but rather for builds with special requirements.
|
|
|
|
After running the configure script, the "make" command will build
|
|
things and "make install" will install things into their proper
|
|
location. Have a look at the "Makefile" to learn about additional
|
|
"make" options. Note that you need to have write permission into
|
|
the directories into which things will be installed.
|
|
|
|
If you are interested in building Expat to provide document
|
|
information in UTF-16 encoding rather than the default UTF-8, follow
|
|
these instructions (after having run "make distclean"):
|
|
|
|
1. For UTF-16 output as unsigned short (and version/error
|
|
strings as char), run:
|
|
|
|
./configure CPPFLAGS=-DXML_UNICODE
|
|
|
|
For UTF-16 output as wchar_t (incl. version/error strings),
|
|
run:
|
|
|
|
./configure CFLAGS="-g -O2 -fshort-wchar" \
|
|
CPPFLAGS=-DXML_UNICODE_WCHAR_T
|
|
|
|
2. Edit the MakeFile, changing:
|
|
|
|
LIBRARY = libexpat.la
|
|
|
|
to:
|
|
|
|
LIBRARY = libexpatw.la
|
|
|
|
(Note the additional "w" in the library name.)
|
|
|
|
3. Run "make buildlib" (which builds the library only).
|
|
Or, to save step 2, run "make buildlib LIBRARY=libexpatw.la".
|
|
|
|
4. Run "make installlib" (which installs the library only).
|
|
Or, if step 2 was omitted, run "make installlib LIBRARY=libexpatw.la".
|
|
|
|
Using DESTDIR or INSTALL_ROOT is enabled, with INSTALL_ROOT being the default
|
|
value for DESTDIR, and the rest of the make file using only DESTDIR.
|
|
It works as follows:
|
|
$ make install DESTDIR=/path/to/image
|
|
overrides the in-makefile set DESTDIR, while both
|
|
$ INSTALL_ROOT=/path/to/image make install
|
|
$ make install INSTALL_ROOT=/path/to/image
|
|
use DESTDIR=$(INSTALL_ROOT), even if DESTDIR eventually is defined in the
|
|
environment, because variable-setting priority is
|
|
1) commandline
|
|
2) in-makefile
|
|
3) environment
|
|
|
|
Note: This only applies to the Expat library itself, building UTF-16 versions
|
|
of xmlwf and the tests is currently not supported.
|
|
|
|
Note for Solaris users: The "ar" command is usually located in
|
|
"/usr/ccs/bin", which is not in the default PATH. You will need to
|
|
add this to your path for the "make" command, and probably also switch
|
|
to GNU make (the "make" found in /usr/ccs/bin does not seem to work
|
|
properly -- appearantly it does not understand .PHONY directives). If
|
|
you're using ksh or bash, use this command to build:
|
|
|
|
PATH=/usr/ccs/bin:$PATH make
|
|
|
|
When using Expat with a project using autoconf for configuration, you
|
|
can use the probing macro in conftools/expat.m4 to determine how to
|
|
include Expat. See the comments at the top of that file for more
|
|
information.
|
|
|
|
A reference manual is available in the file doc/reference.html in this
|
|
distribution.
|
|
|
|
The homepage for this project is http://www.libexpat.org/. There
|
|
are links there to connect you to the bug reports page. If you need
|
|
to report a bug when you don't have access to a browser, you may also
|
|
send a bug report by email to expat-bugs@mail.libexpat.org.
|
|
|
|
Discussion related to the direction of future expat development takes
|
|
place on expat-discuss@mail.libexpat.org. Archives of this list and
|
|
other Expat-related lists may be found at:
|
|
|
|
http://mail.libexpat.org/mailman/listinfo/
|