</vendor>
<product id="libxml2">
<name>libxml2</name>
- <version>2.9.4</version>
- <last-release> May 23 2016</last-release>
+ <version>v2.9.5</version>
+ <last-release> Sep 04 2017</last-release>
<info-url>http://xmlsoft.org/</info-url>
<changes> - Security:
- More format string warnings with possible format string vulnerability (David Kilzer),
- Avoid building recursive entities (Daniel Veillard),
- Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde),
- Heap-based buffer-underreads due to xmlParseName (David Kilzer),
- Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde),
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (Pranjal Jumde),
- Fix some format string warnings with possible format string vulnerability (David Kilzer),
- Detect change of encoding when parsing HTML names (Hugh Davenport),
- Fix inappropriate fetch of entities content (Daniel Veillard),
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> (Pranjal Jumde),
- Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> (Pranjal Jumde),
- Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> (David Kilzer),
- Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> (Pranjal Jumde),
- Add missing increments of recursion depth counter to XML parser. (Peter Simons)
+ Detect infinite recursion in parameter entities (Nick Wellnhofer),
+ Fix handling of parameter-entity references (Nick Wellnhofer),
+ Disallow namespace nodes in XPointer ranges (Nick Wellnhofer),
+ Fix XPointer paths beginning with range-to (Nick Wellnhofer)
- Documentation:
- Fix typo: s{ ec -> cr }cipt (Jan Pokorný),
- Fix typos: dictio{ nn -> n }ar{y,ies} (Jan Pokorný),
- Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } (Jan Pokorný),
- Correct a typo. (Shlomi Fish)
+ Documentation fixes (Nick Wellnhofer),
+ Spelling and grammar fixes (Nick Wellnhofer)
- Portability:
- Correct the usage of LDFLAGS (Mattias Hansson),
- Revert the use of SAVE_LDFLAGS in configure.ac (Mattias Hansson),
- libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles (Mike Frysinger),
- Fix apibuild for a recently added construct (Daniel Veillard),
- Use pkg-config to locate zlib when possible (Stewart Brodie),
- Use pkg-config to locate ICU when possible (Stewart Brodie),
- Portability to non C99 compliant compilers (Patrick Monnerat),
- dict.h: Move xmlDictPtr definition before includes to allow direct inclusion. (Patrick Monnerat),
- os400: tell about xmllint and xmlcatalog in README400. (Patrick Monnerat),
- os400: properly process SGML add in XMLCATALOG command. (Patrick Monnerat),
- os400: implement CL command XMLCATALOG. (Patrick Monnerat),
- os400: compile and install program xmlcatalog (qshell-only). (Patrick Monnerat),
- os400: expand tabs in sources, strip trailing blanks. (Patrick Monnerat),
- os400: implement CL command XMLLINT. (Patrick Monnerat),
- os400: compile and install program xmllint (qshell-only). (Patrick Monnerat),
- os400: initscript make_module(): Use options instead of positional parameters. (Patrick Monnerat),
- os400: c14n.rpgle: allow *omit for nullable reference parameters. (Patrick Monnerat),
- os400: use like() for double type. (Patrick Monnerat),
- os400: use like() for int type. (Patrick Monnerat),
- os400: use like() for unsigned int type. (Patrick Monnerat),
- os400: use like() for enum types. (Patrick Monnerat),
- Add xz to xml2-config --libs output (Baruch Siach),
- Bug 760190: configure.ac should be able to build --with-icu without icu-config tool <https://bugzilla.gnome.org/show_bug.cgi?id=760190> (David Kilzer),
- win32\VC10\config.h and VS 2015 (Bruce Dawson),
- Add configure maintainer mode (orzen)
+ Adding README.zOS to list of extra files for the release (Daniel Veillard),
+ Description of work needed to compile on zOS (Stéphane Michaut),
+ Porting libxml2 on zOS encoding of code (Stéphane Michaut),
+ small changes for OS/400 (Patrick Monnerat),
+ relaxng.c, xmlschemas.c: Fix build on pre-C99 compilers (Chun-wei Fan)
- Bug Fixes:
- Avoid an out of bound access when serializing malformed strings (Daniel Veillard),
- Unsigned addition may overflow in xmlMallocAtomicLoc() (David Kilzer),
- Integer signed/unsigned type mismatch in xmlParserInputGrow() (David Kilzer),
- Bug 763071: heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> (Pranjal Jumde),
- Integer overflow parsing port number in URI (Michael Paddon),
- Fix an error with regexp on nullable counted char transition (Daniel Veillard),
- Fix memory leak with XPath namespace nodes (Nick Wellnhofer),
- Fix namespace axis traversal (Nick Wellnhofer),
- Fix null pointer deref in docs with no root element (Hugh Davenport),
- Fix XSD validation of URIs with ampersands (Alex Henrie),
- xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of day" and should not cause an error. (Patrick Monnerat),
- xmlcatalog: flush stdout before interactive shell input. (Patrick Monnerat),
- xmllint: flush stdout before interactive shell input. (Patrick Monnerat),
- Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression (Nick Wellnhofer),
- Fix namespace::node() XPath expression (Nick Wellnhofer),
- Fix OOB write in xmlXPathEmptyNodeSet (Nick Wellnhofer),
- Fix parsing of NCNames in XPath (Nick Wellnhofer),
- Fix OOB read with invalid UTF-8 in xmlUTF8Strsize (Nick Wellnhofer),
- Do normalize string-based datatype value in RelaxNG facet checking (Audric Schiltknecht),
- Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix for "xmlSaveUri() incorrectly recomposes URIs with rootless paths" <https://bugzilla.gnome.org/show_bug.cgi?id=760921> (David Kilzer),
- Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd <https://bugzilla.gnome.org/show_bug.cgi?id=760861> (David Kilzer),
- error.c: *input->cur == 0 does not mean no error (Pavel Raiskup),
- Add missing RNG test files (David Kilzer),
- Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer <https://bugzilla.gnome.org/show_bug.cgi?id=760183> (David Kilzer),
- Bug 758572: ASAN crash in make check <https://bugzilla.gnome.org/show_bug.cgi?id=758572> (David Kilzer),
- Bug 721158: Missing ICU string when doing --version on xmllint <https://bugzilla.gnome.org/show_bug.cgi?id=721158> (David Kilzer),
- python 3: libxml2.c wrappers create Unicode str already (Michael Stahl),
- Add autogen.sh to distrib (orzen),
- Heap-based buffer overread in xmlNextChar (Daniel Veillard)
+ Problem resolving relative URIs (Daniel Veillard),
+ Fix unwanted warnings when switching encodings (Nick Wellnhofer),
+ Fix signature of xmlSchemaAugmentImportedIDC (Daniel Veillard),
+ Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup (David Kilzer),
+ Fix NULL pointer deref in xmlFAParseCharClassEsc (Nick Wellnhofer),
+ Fix infinite loops with push parser in recovery mode (Nick Wellnhofer),
+ Send xmllint usage error to stderr (Nick Wellnhofer),
+ Fix NULL deref in xmlParseExternalEntityPrivate (Nick Wellnhofer),
+ Make sure not to call IS_BLANK_CH when parsing the DTD (Nick Wellnhofer),
+ Fix xmlHaltParser (Nick Wellnhofer),
+ Fix pathological performance when outputting charrefs (Nick Wellnhofer),
+ Fix invalid-source-encoding warnings in testWriter.c (Nick Wellnhofer),
+ Fix duplicate SAX callbacks for entity content (David Kilzer),
+ Treat URIs with scheme as absolute in C14N (Nick Wellnhofer),
+ Fix copy-paste errors in error messages (Nick Wellnhofer),
+ Fix sanity check in htmlParseNameComplex (Nick Wellnhofer),
+ Fix potential infinite loop in xmlStringLenDecodeEntities (Nick Wellnhofer),
+ Reset parser input pointers on encoding failure (Nick Wellnhofer),
+ Fix memory leak in xmlParseEntityDecl error path (Nick Wellnhofer),
+ Fix xmlBuildRelativeURI for URIs starting with './' (Nick Wellnhofer),
+ Fix type confusion in xmlValidateOneNamespace (Nick Wellnhofer),
+ Fix memory leak in xmlStringLenGetNodeList (Nick Wellnhofer),
+ Fix NULL pointer deref in xmlDumpElementContent (Daniel Veillard),
+ Fix memory leak in xmlBufAttrSerializeTxtContent (Nick Wellnhofer),
+ Stop parser on unsupported encodings (Nick Wellnhofer),
+ Check for integer overflow in memory debug code (Nick Wellnhofer),
+ Fix buffer size checks in xmlSnprintfElementContent (Nick Wellnhofer),
+ Avoid reparsing in xmlParseStartTag2 (Nick Wellnhofer),
+ Fix undefined behavior in xmlRegExecPushStringInternal (Nick Wellnhofer),
+ Check XPath exponents for overflow (Nick Wellnhofer),
+ Check for overflow in xmlXPathIsPositionalPredicate (Nick Wellnhofer),
+ Fix spurious error message (Nick Wellnhofer),
+ Fix memory leak in xmlCanonicPath (Nick Wellnhofer),
+ Fix memory leak in xmlXPathCompareNodeSetValue (Nick Wellnhofer),
+ Fix memory leak in pattern error path (Nick Wellnhofer),
+ Fix memory leak in parser error path (Nick Wellnhofer),
+ Fix memory leaks in XPointer error paths (Nick Wellnhofer),
+ Fix memory leak in xmlXPathNodeSetMergeAndClear (Nick Wellnhofer),
+ Fix memory leak in XPath filter optimizations (Nick Wellnhofer),
+ Fix memory leaks in XPath error paths (Nick Wellnhofer),
+ Do not leak the new CData node if adding fails (David Tardon),
+ Prevent unwanted external entity reference (Neel Mehta),
+ Increase buffer space for port in HTTP redirect support (Daniel Veillard),
+ Fix more NULL pointer derefs in xpointer.c (Nick Wellnhofer),
+ Avoid function/data pointer conversion in xpath.c (Nick Wellnhofer),
+ Fix format string warnings (Nick Wellnhofer),
+ Disallow namespace nodes in XPointer points (Nick Wellnhofer),
+ Fix comparison with root node in xmlXPathCmpNodes (Nick Wellnhofer),
+ Fix attribute decoding during XML schema validation (Alex Henrie),
+ Fix NULL pointer deref in XPointer range-to (Nick Wellnhofer)
- Improvements:
- Add more debugging info to runtest (Daniel Veillard),
- Implement "runtest -u" mode (David Kilzer),
- Add a make rule to rebuild for ASAN (Daniel Veillard)
+ Updating the spec file to reflect Fedora 24 (Daniel Veillard),
+ Add const in five places to move 1 KiB to .rdata (Bruce Dawson),
+ Fix missing part of comment for function xmlXPathEvalExpression() (Daniel Veillard),
+ Get rid of "blanks wrapper" for parameter entities (Nick Wellnhofer),
+ Simplify handling of parameter entity references (Nick Wellnhofer),
+ Deduplicate code in encoding.c (Nick Wellnhofer),
+ Make HTML parser functions take const pointers (Nick Wellnhofer),
+ Build test programs only when needed (Nick Wellnhofer),
+ Fix doc/examples/index.py (Nick Wellnhofer),
+ Fix compiler warnings in threads.c (Nick Wellnhofer),
+ Fix empty-body warning in nanohttp.c (Nick Wellnhofer),
+ Fix cast-align warnings (Nick Wellnhofer),
+ Fix unused-parameter warnings (Nick Wellnhofer),
+ Rework entity boundary checks (Nick Wellnhofer),
+ Don't switch encoding for internal parameter entities (Nick Wellnhofer),
+ Merge duplicate code paths handling PE references (Nick Wellnhofer),
+ Test SAX2 callbacks with entity substitution (Nick Wellnhofer),
+ Support catalog and threads tests under --without-sax1 (Nick Wellnhofer),
+ Misc fixes for 'make tests' (Nick Wellnhofer),
+ Initialize keepBlanks in HTML parser (Nick Wellnhofer),
+ Add test cases for bug 758518 (David Kilzer),
+ Fix compiler warning in htmlParseElementInternal (Nick Wellnhofer),
+ Remove useless check in xmlParseAttributeListDecl (Nick Wellnhofer),
+ Allow zero sized memory input buffers (Nick Wellnhofer),
+ Add TODO comment in xmlSwitchEncoding (Nick Wellnhofer),
+ Check for integer overflow in xmlXPathFormatNumber (Nick Wellnhofer),
+ Make Travis print UBSan stacktraces (Nick Wellnhofer),
+ Add .travis.yml (Nick Wellnhofer),
+ Fix expected error output in Python tests (Nick Wellnhofer),
+ Simplify control flow in xmlParseStartTag2 (Nick Wellnhofer),
+ Disable LeakSanitizer when running API tests (Nick Wellnhofer),
+ Avoid out-of-bound array access in API tests (Nick Wellnhofer),
+ Avoid spurious UBSan errors in parser.c (Nick Wellnhofer),
+ Parse small XPath numbers more accurately (Nick Wellnhofer),
+ Rework XPath rounding functions (Nick Wellnhofer),
+ Fix white space in test output (Nick Wellnhofer),
+ Fix axis traversal from attribute and namespace nodes (Nick Wellnhofer),
+ Check for trailing characters in XPath expressions earlier (Nick Wellnhofer),
+ Rework final handling of XPath results (Nick Wellnhofer),
+ Make xmlXPathEvalExpression call xmlXPathEval (Nick Wellnhofer),
+ Remove unused variables (Nick Wellnhofer),
+ Don't print generic error messages in XPath tests (Nick Wellnhofer)
+
+ - Cleanups:
+ Fix a couple of misleading indentation errors (Daniel Veillard),
+ Remove unnecessary calls to xmlPopInput (Nick Wellnhofer)
</changes>
projects / platform / upstream / libxml2.git / blobdiff