nwellnhof/libxml2-ee: XML parser and toolkit, Enterprise Edition

libxml2-ee is an XML toolkit implemented in C, based on libxml2.

License

This software is released under the GNU Affero General Public License (AGPL)
version 3, see the Copyright file.

Improvements over libxml2

• Up to 10x faster, SIMD-accelerated parser

• All denial-of-service issues in the core parser fixed,
  guaranteed linear behavior

• 64-bit hardening

  • Unsafe string functions aren’t called internally
  • Optional API-compatible 64-bit-safe mode (but breaks ABI)

• Improved fuzz coverage and error handling

• Complete meson support which is now the canonical build system

Build system differences

• Schematron validation and Python bindings removed
• Malloc hooks are a config option

Build instructions

libxml2-ee can be built with meson, CMake or GNU Autotools.

Build options

Features:

c14n            Canonical XML 1.0 support (on)
catalog         XML Catalogs support (on)
debug           debugging module (on)
html            HTML parser (on)
memory          custom memory allocators (on)
output          serialization support (on)
pattern         xmlPattern selection interface (on)
push            push parser interfaces (on)
reader          xmlReader parsing interface (on)
regexps         regular expressions support (on)
relaxng         RELAX NG support (on)
schemas         XML Schemas 1.0 support (on)
valid           DTD validation support (on)
writer          xmlWriter serialization interface (on)
xinclude        XInclude 1.0 support (on)
xpath           XPath 1.0 support (on)
xptr            XPointer support (on)

Platform:

avx             AVX support (off)
simd            SIMD support (auto)
threads         multithreading support (on)

Encoding conversion:

iconv           iconv support (on)
icu             ICU support (off)
iso8859x        ISO-8859-X support if no iconv (on)

Command line tools:

history         history support for xmllint shell (off)
readline        use readline library for shell (off)

Deprecated features:

http            compat stubs for removed HTTP support (off)
modules         dynamic modules support (on)
sax1            older SAX1 interface (on)
schematron      compat stubs for removed Schematron support (off)
thread-alloc    per-thread malloc hooks (off)
zlib            use libz (off)

Other options:

docs            build documentation (off)
fuzz            build fuzzers (boolean, off)
legacy          maximum ABI compatibility (off)
minimum         build a minimally sized library (boolean, off)
suffix          add "-ee" project suffix (boolean, off)

Meson (recommended)

Example commands:

meson setup [options] builddir
ninja -C builddir
meson test -C builddir
ninja -C builddir install

See the meson_options.txt file for options. For example:

-Dprefix=$prefix
-Dhistory=enabled
-Dschemas=disabled
-Dzlib=enabled

Autotools (for POSIX systems like Linux, BSD, macOS)

If you build from a Git tree, you have to install Autotools and start
by generating the configuration files with:

./autogen.sh [configuration options]

If you build from a source tarball, extract the archive with:

tar xf libxml2-ee-xxx.tar.gz
cd libxml2-ee-xxx

Then you can configure and build the library:

./configure [configuration options]
make
make check
make install

Example options:

--prefix=[DIR]
--with-zlib
--with-avx
--without-schemas

Note that by default, no optimization options are used. You have to
enable them manually, for example with:

CFLAGS='-O2 -fno-semantic-interposition' ./configure

CMake (mainly for Windows)

Example commands:

cmake -E tar xf libxml2-ee-xxx.tar.xz
cmake -S libxml2-ee-xxx -B builddir [options]
cmake --build builddir
ctest --test-dir builddir
cmake --install builddir

Common CMake options include:

-D BUILD_SHARED_LIBS=OFF            # build static libraries
-D CMAKE_BUILD_TYPE=Release         # specify build type (single-config)
--config Release                    # specify build type (multi-config)
-D CMAKE_INSTALL_PREFIX=/usr/local  # specify the install path
-D LIBXML2_WITH_ICONV=OFF           # disable iconv
-D LIBXML2_WITH_ZLIB=ON             # enable zlib

You can also open the source directory with its CMakeLists.txt directly in
various IDEs such as CLion, QtCreator, or Visual Studio.

Dependencies

libxml2-ee supports POSIX and Windows operating systems.

The iconv function is required for conversion of character encodings.
This function is part of POSIX.1-2001. If your platform doesn’t provide
iconv, you need an external libiconv library, for example
GNU libiconv. Using
ICU is also supported but discouraged.

The xmllint executable uses libreadline and libhistory if enabled.

Build requirements

Besides build system tools, only a C compiler should be required.
Reconfiguration of the Autotools build requires the pkg.m4 macro from
pkg-config. Building the documentation requires Doxygen, xsltproc and the
DocBook 4 XSLT stylesheets.

Security

If you want to report security issues, please send an email to:
wellnhofer [at] aevum.de

To the best of our knowledge, all publically known security issues
as restricted below are fixed. This includes issues in the original
libxml2 project.

aevum GmbH acts as open-source software steward under the EU Cyber
Resilience Act.

Security policy

The following operations are considered unsafe when used with certain
untrusted input:

• validating against
  • untrusted DTDs
  • untrusted XML Schemas
  • untrusted RelaxNG schemas
• parsing untrusted documents using one of the following parser options
  • XML_PARSE_CATALOG_PI
  • XML_PARSE_DTDVALID
  • XML_PARSE_SAX1
  • XML_PARSE_UNZIP
  • XML_PARSE_XINCLUDE
• compiling or evaluating untrusted XPath or XPointer expressions
• processing XIncludes in untrusted documents
• using untrusted XML catalogs
• compiling or evaluating untrusted regular expressions
  or xmlPatterns

Contributing

Sorry, we don’t accept code contributions and direct you to the
original libxml2 project.