bug tracking database</a> (make sure to use the "libxml2" module name). I
look at reports there regularly and it's good to have a reminder when a bug
is still open. Be sure to specify that the bug is for the package libxml2.</p><p>For small problems you can try to get help on IRC, the #xml channel on
-irc.gnome.org (port 6667) usually have a few person subscribed which may help
+irc.gnome.org (port 6667) usually has a few people subscribed which may help
(but there is no guarantee and if a real issue is raised it should go on the
mailing-list for archival).</p><p>There is also a mailing-list <a href="mailto:xml@gnome.org">xml@gnome.org</a> for libxml, with an <a href="http://mail.gnome.org/archives/xml/">on-line archive</a> (<a href="http://xmlsoft.org/messages">old</a>). To subscribe to this list,
please visit the <a href="http://mail.gnome.org/mailman/listinfo/xml">associated Web</a> page and
</vendor>
<product id="libxml2">
<name>libxml2</name>
- <version>v2.9.3</version>
- <last-release> Nov 20 2015</last-release>
+ <version>2.9.4</version>
+ <last-release> May 23 2016</last-release>
<info-url>http://xmlsoft.org/</info-url>
<changes> - Security:
- CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport),
- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard),
- CVE-2015-7499-2 Detect incoherency on GROW (Daniel Veillard),
- CVE-2015-7499-1 Add xmlHaltParser() to stop the parser (Daniel Veillard),
- CVE-2015-5312 Another entity expansion issue (David Drysdale),
- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale),
- CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard),
- CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard),
- CVE-2015-7942-2 Fix an error in previous Conditional section patch (Daniel Veillard),
- CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard),
- CVE-2015-1819 Enforce the reader to run in constant memory (Daniel Veillard)
- CVE-2015-7941_2 Cleanup conditional section error handling (Daniel Veillard),
- CVE-2015-7941_1 Stop parsing on entities boundaries errors (Daniel Veillard),
+ More format string warnings with possible format string vulnerability (David Kilzer),
+ Avoid building recursive entities (Daniel Veillard),
+ Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde),
+ Heap-based buffer-underreads due to xmlParseName (David Kilzer),
+ Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde),
+ Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (Pranjal Jumde),
+ Fix some format string warnings with possible format string vulnerability (David Kilzer),
+ Detect change of encoding when parsing HTML names (Hugh Davenport),
+ Fix inappropriate fetch of entities content (Daniel Veillard),
+ Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> (Pranjal Jumde),
+ Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> (Pranjal Jumde),
+ Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> (David Kilzer),
+ Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> (Pranjal Jumde),
+ Add missing increments of recursion depth counter to XML parser. (Peter Simons)
- Documentation:
- Correct spelling of "calling" (Alex Henrie),
- Fix a small error in xmllint --format description (Fabien Degomme),
- Avoid XSS on the search of xmlsoft.org (Daniel Veillard)
+ Fix typo: s{ ec -> cr }cipt (Jan Pokorný),
+ Fix typos: dictio{ nn -> n }ar{y,ies} (Jan Pokorný),
+ Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } (Jan Pokorný),
+ Correct a typo. (Shlomi Fish)
- Portability:
- threads: use forward declarations only for glibc (Michael Heimpold),
- Update Win32 configure.js to search for configure.ac (Daniel Veillard)
+ Correct the usage of LDFLAGS (Mattias Hansson),
+ Revert the use of SAVE_LDFLAGS in configure.ac (Mattias Hansson),
+ libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles (Mike Frysinger),
+ Fix apibuild for a recently added construct (Daniel Veillard),
+ Use pkg-config to locate zlib when possible (Stewart Brodie),
+ Use pkg-config to locate ICU when possible (Stewart Brodie),
+ Portability to non C99 compliant compilers (Patrick Monnerat),
+ dict.h: Move xmlDictPtr definition before includes to allow direct inclusion. (Patrick Monnerat),
+ os400: tell about xmllint and xmlcatalog in README400. (Patrick Monnerat),
+ os400: properly process SGML add in XMLCATALOG command. (Patrick Monnerat),
+ os400: implement CL command XMLCATALOG. (Patrick Monnerat),
+ os400: compile and install program xmlcatalog (qshell-only). (Patrick Monnerat),
+ os400: expand tabs in sources, strip trailing blanks. (Patrick Monnerat),
+ os400: implement CL command XMLLINT. (Patrick Monnerat),
+ os400: compile and install program xmllint (qshell-only). (Patrick Monnerat),
+ os400: initscript make_module(): Use options instead of positional parameters. (Patrick Monnerat),
+ os400: c14n.rpgle: allow *omit for nullable reference parameters. (Patrick Monnerat),
+ os400: use like() for double type. (Patrick Monnerat),
+ os400: use like() for int type. (Patrick Monnerat),
+ os400: use like() for unsigned int type. (Patrick Monnerat),
+ os400: use like() for enum types. (Patrick Monnerat),
+ Add xz to xml2-config --libs output (Baruch Siach),
+ Bug 760190: configure.ac should be able to build --with-icu without icu-config tool <https://bugzilla.gnome.org/show_bug.cgi?id=760190> (David Kilzer),
+ win32\VC10\config.h and VS 2015 (Bruce Dawson),
+ Add configure maintainer mode (orzen)
- Bug Fixes:
- Bug on creating new stream from entity (Daniel Veillard),
- Fix some loop issues embedding NEXT (Daniel Veillard),
- Do not print error context when there is none (Daniel Veillard),
- Avoid extra processing of MarkupDecl when EOF (Hugh Davenport),
- Fix parsing short unclosed comment uninitialized access (Daniel Veillard),
- Add missing Null check in xmlParseExternalEntityPrivate (Gaurav Gupta),
- Fix a bug in CData error handling in the push parser (Daniel Veillard),
- Fix a bug on name parsing at the end of current input buffer (Daniel Veillard),
- Fix the spurious ID already defined error (Daniel Veillard),
- Fix previous change to node sort order (Nick Wellnhofer),
- Fix a self assignment issue raised by clang (Scott Graham),
- Fail parsing early on if encoding conversion failed (Daniel Veillard),
- Do not process encoding values if the declaration if broken (Daniel Veillard),
- Silence clang's -Wunknown-attribute (Michael Catanzaro),
- xmlMemUsed is not thread-safe (Martin von Gagern),
- Fix support for except in nameclasses (Daniel Veillard),
- Fix order of root nodes (Nick Wellnhofer),
- Allow attributes on descendant-or-self axis (Nick Wellnhofer),
- Fix the fix to Windows locking (Steve Nairn),
- Fix timsort invariant loop re: Envisage article (Christopher Swenson),
- Don't add IDs in xmlSetTreeDoc (Nick Wellnhofer),
- Account for ID attributes in xmlSetTreeDoc (Nick Wellnhofer),
- Remove various unused value assignments (Philip Withnall),
- Fix missing entities after CVE-2014-3660 fix (Daniel Veillard),
- Revert "Missing initialization for the catalog module" (Daniel Veillard)
+ Avoid an out of bound access when serializing malformed strings (Daniel Veillard),
+ Unsigned addition may overflow in xmlMallocAtomicLoc() (David Kilzer),
+ Integer signed/unsigned type mismatch in xmlParserInputGrow() (David Kilzer),
+ Bug 763071: heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> (Pranjal Jumde),
+ Integer overflow parsing port number in URI (Michael Paddon),
+ Fix an error with regexp on nullable counted char transition (Daniel Veillard),
+ Fix memory leak with XPath namespace nodes (Nick Wellnhofer),
+ Fix namespace axis traversal (Nick Wellnhofer),
+ Fix null pointer deref in docs with no root element (Hugh Davenport),
+ Fix XSD validation of URIs with ampersands (Alex Henrie),
+ xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of day" and should not cause an error. (Patrick Monnerat),
+ xmlcatalog: flush stdout before interactive shell input. (Patrick Monnerat),
+ xmllint: flush stdout before interactive shell input. (Patrick Monnerat),
+ Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression (Nick Wellnhofer),
+ Fix namespace::node() XPath expression (Nick Wellnhofer),
+ Fix OOB write in xmlXPathEmptyNodeSet (Nick Wellnhofer),
+ Fix parsing of NCNames in XPath (Nick Wellnhofer),
+ Fix OOB read with invalid UTF-8 in xmlUTF8Strsize (Nick Wellnhofer),
+ Do normalize string-based datatype value in RelaxNG facet checking (Audric Schiltknecht),
+ Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix for "xmlSaveUri() incorrectly recomposes URIs with rootless paths" <https://bugzilla.gnome.org/show_bug.cgi?id=760921> (David Kilzer),
+ Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd <https://bugzilla.gnome.org/show_bug.cgi?id=760861> (David Kilzer),
+ error.c: *input->cur == 0 does not mean no error (Pavel Raiskup),
+ Add missing RNG test files (David Kilzer),
+ Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer <https://bugzilla.gnome.org/show_bug.cgi?id=760183> (David Kilzer),
+ Bug 758572: ASAN crash in make check <https://bugzilla.gnome.org/show_bug.cgi?id=758572> (David Kilzer),
+ Bug 721158: Missing ICU string when doing --version on xmllint <https://bugzilla.gnome.org/show_bug.cgi?id=721158> (David Kilzer),
+ python 3: libxml2.c wrappers create Unicode str already (Michael Stahl),
+ Add autogen.sh to distrib (orzen),
+ Heap-based buffer overread in xmlNextChar (Daniel Veillard)
- Improvements:
- Reuse xmlHaltParser() where it makes sense (Daniel Veillard),
- xmlStopParser reset errNo (Daniel Veillard),
- Reenable xz support by default (Daniel Veillard),
- Recover unescaped less-than character in HTML recovery parsing (Daniel Veillard),
- Allow HTML serializer to output HTML5 DOCTYPE (Shaun McCance),
- Regression test for bug #695699 (Nick Wellnhofer),
- Add a couple of XPath tests (Nick Wellnhofer),
- Add Python 3 rpm subpackage (Tomas Radej),
- libxml2-config.cmake.in: update include directories (Samuel Martin),
- Adding example from bugs 738805 to regression tests (Daniel Veillard)
-
- - Cleanups:
+ Add more debugging info to runtest (Daniel Veillard),
+ Implement "runtest -u" mode (David Kilzer),
+ Add a make rule to rebuild for ASAN (Daniel Veillard)
</changes>
H3 {font-family: Verdana,Arial,Helvetica}
A:link, A:visited, A:active { text-decoration: underline }
</style><title>Releases</title></head><body bgcolor="#8b7765" text="#000000" link="#a06060" vlink="#000000"><table border="0" width="100%" cellpadding="5" cellspacing="0" align="center"><tr><td width="120"><a href="http://swpat.ffii.org/"><img src="epatents.png" alt="Action against software patents" /></a></td><td width="180"><a href="http://www.gnome.org/"><img src="gnome2.png" alt="Gnome2 Logo" /></a><a href="http://www.w3.org/Status"><img src="w3c.png" alt="W3C Logo" /></a><a href="http://www.redhat.com/"><img src="redhat.gif" alt="Red Hat Logo" /></a><div align="left"><a href="http://xmlsoft.org/"><img src="Libxml2-Logo-180x168.gif" alt="Made with Libxml2 Logo" /></a></div></td><td><table border="0" width="90%" cellpadding="2" cellspacing="0" align="center" bgcolor="#000000"><tr><td><table width="100%" border="0" cellspacing="1" cellpadding="3" bgcolor="#fffacd"><tr><td align="center"><h1>The XML C parser and toolkit of Gnome</h1><h2>Releases</h2></td></tr></table></td></tr></table></td></tr></table><table border="0" cellpadding="4" cellspacing="0" width="100%" align="center"><tr><td bgcolor="#8b7765"><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td valign="top" width="200" bgcolor="#8b7765"><table border="0" cellspacing="0" cellpadding="1" width="100%" bgcolor="#000000"><tr><td><table width="100%" border="0" cellspacing="1" cellpadding="3"><tr><td colspan="1" bgcolor="#eecfa1" align="center"><center><b>Main Menu</b></center></td></tr><tr><td bgcolor="#fffacd"><form action="search.php" enctype="application/x-www-form-urlencoded" method="get"><input name="query" type="text" size="20" value="" /><input name="submit" type="submit" value="Search ..." /></form><ul><li><a href="index.html">Home</a></li><li><a href="html/index.html">Reference Manual</a></li><li><a href="intro.html">Introduction</a></li><li><a href="FAQ.html">FAQ</a></li><li><a href="docs.html" style="font-weight:bold">Developer Menu</a></li><li><a href="bugs.html">Reporting bugs and getting help</a></li><li><a href="help.html">How to help</a></li><li><a href="downloads.html">Downloads</a></li><li><a href="news.html">Releases</a></li><li><a href="XMLinfo.html">XML</a></li><li><a href="XSLT.html">XSLT</a></li><li><a href="xmldtd.html">Validation & DTDs</a></li><li><a href="encoding.html">Encodings support</a></li><li><a href="catalog.html">Catalog support</a></li><li><a href="namespaces.html">Namespaces</a></li><li><a href="contribs.html">Contributions</a></li><li><a href="examples/index.html" style="font-weight:bold">Code Examples</a></li><li><a href="html/index.html" style="font-weight:bold">API Menu</a></li><li><a href="guidelines.html">XML Guidelines</a></li><li><a href="ChangeLog.html">Recent Changes</a></li></ul></td></tr></table><table width="100%" border="0" cellspacing="1" cellpadding="3"><tr><td colspan="1" bgcolor="#eecfa1" align="center"><center><b>Related links</b></center></td></tr><tr><td bgcolor="#fffacd"><ul><li><a href="http://mail.gnome.org/archives/xml/">Mail archive</a></li><li><a href="http://xmlsoft.org/XSLT/">XSLT libxslt</a></li><li><a href="http://phd.cs.unibo.it/gdome2/">DOM gdome2</a></li><li><a href="http://www.aleksey.com/xmlsec/">XML-DSig xmlsec</a></li><li><a href="ftp://xmlsoft.org/">FTP</a></li><li><a href="http://www.zlatkovic.com/projects/libxml/">Windows binaries</a></li><li><a href="http://opencsw.org/packages/libxml2">Solaris binaries</a></li><li><a href="http://www.explain.com.au/oss/libxml2xslt.html">MacOsX binaries</a></li><li><a href="http://lxml.de/">lxml Python bindings</a></li><li><a href="http://cpan.uwinnipeg.ca/dist/XML-LibXML">Perl bindings</a></li><li><a href="http://libxmlplusplus.sourceforge.net/">C++ bindings</a></li><li><a href="http://www.zend.com/php5/articles/php5-xmlphp.php#Heading4">PHP bindings</a></li><li><a href="http://sourceforge.net/projects/libxml2-pas/">Pascal bindings</a></li><li><a href="http://libxml.rubyforge.org/">Ruby bindings</a></li><li><a href="http://tclxml.sourceforge.net/">Tcl bindings</a></li><li><a href="http://bugzilla.gnome.org/buglist.cgi?product=libxml2">Bug Tracker</a></li></ul></td></tr></table></td></tr></table></td><td valign="top" bgcolor="#8b7765"><table border="0" cellspacing="0" cellpadding="1" width="100%"><tr><td><table border="0" cellspacing="0" cellpadding="1" width="100%" bgcolor="#000000"><tr><td><table border="0" cellpadding="3" cellspacing="1" width="100%"><tr><td bgcolor="#fffacd"><p>The <a href="ChangeLog.html">change log</a> describes the recents commits
-to the <a href="http://git.gnome.org/browse/libxml2/">GIT</a> code base.</p><p>Here is the list of public releases:</p><h3>2.9.4: May 23 2016</h3><ul>
+to the <a href="http://git.gnome.org/browse/libxml2/">GIT</a> code base.</p><p>Here is the list of public releases:</p><h3>v2.9.5: Sep 04 2017</h3><ul>
+
+ <li>Security:<br />
+ Detect infinite recursion in parameter entities (Nick Wellnhofer),<br />
+ Fix handling of parameter-entity references (Nick Wellnhofer),<br />
+ Disallow namespace nodes in XPointer ranges (Nick Wellnhofer),<br />
+ Fix XPointer paths beginning with range-to (Nick Wellnhofer)<br />
+ </li>
+
+ <li>Documentation:<br />
+ Documentation fixes (Nick Wellnhofer),<br />
+ Spelling and grammar fixes (Nick Wellnhofer)<br />
+ </li>
+
+ <li>Portability:<br />
+ Adding README.zOS to list of extra files for the release (Daniel Veillard),<br />
+ Description of work needed to compile on zOS (Stéphane Michaut),<br />
+ Porting libxml2 on zOS encoding of code (Stéphane Michaut),<br />
+ small changes for OS/400 (Patrick Monnerat),<br />
+ relaxng.c, xmlschemas.c: Fix build on pre-C99 compilers (Chun-wei Fan)<br />
+ </li>
+
+ <li>Bug Fixes:<br />
+ Problem resolving relative URIs (Daniel Veillard),<br />
+ Fix unwanted warnings when switching encodings (Nick Wellnhofer),<br />
+ Fix signature of xmlSchemaAugmentImportedIDC (Daniel Veillard),<br />
+ Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup (David Kilzer),<br />
+ Fix NULL pointer deref in xmlFAParseCharClassEsc (Nick Wellnhofer),<br />
+ Fix infinite loops with push parser in recovery mode (Nick Wellnhofer),<br />
+ Send xmllint usage error to stderr (Nick Wellnhofer),<br />
+ Fix NULL deref in xmlParseExternalEntityPrivate (Nick Wellnhofer),<br />
+ Make sure not to call IS_BLANK_CH when parsing the DTD (Nick Wellnhofer),<br />
+ Fix xmlHaltParser (Nick Wellnhofer),<br />
+ Fix pathological performance when outputting charrefs (Nick Wellnhofer),<br />
+ Fix invalid-source-encoding warnings in testWriter.c (Nick Wellnhofer),<br />
+ Fix duplicate SAX callbacks for entity content (David Kilzer),<br />
+ Treat URIs with scheme as absolute in C14N (Nick Wellnhofer),<br />
+ Fix copy-paste errors in error messages (Nick Wellnhofer),<br />
+ Fix sanity check in htmlParseNameComplex (Nick Wellnhofer),<br />
+ Fix potential infinite loop in xmlStringLenDecodeEntities (Nick Wellnhofer),<br />
+ Reset parser input pointers on encoding failure (Nick Wellnhofer),<br />
+ Fix memory leak in xmlParseEntityDecl error path (Nick Wellnhofer),<br />
+ Fix xmlBuildRelativeURI for URIs starting with './' (Nick Wellnhofer),<br />
+ Fix type confusion in xmlValidateOneNamespace (Nick Wellnhofer),<br />
+ Fix memory leak in xmlStringLenGetNodeList (Nick Wellnhofer),<br />
+ Fix NULL pointer deref in xmlDumpElementContent (Daniel Veillard),<br />
+ Fix memory leak in xmlBufAttrSerializeTxtContent (Nick Wellnhofer),<br />
+ Stop parser on unsupported encodings (Nick Wellnhofer),<br />
+ Check for integer overflow in memory debug code (Nick Wellnhofer),<br />
+ Fix buffer size checks in xmlSnprintfElementContent (Nick Wellnhofer),<br />
+ Avoid reparsing in xmlParseStartTag2 (Nick Wellnhofer),<br />
+ Fix undefined behavior in xmlRegExecPushStringInternal (Nick Wellnhofer),<br />
+ Check XPath exponents for overflow (Nick Wellnhofer),<br />
+ Check for overflow in xmlXPathIsPositionalPredicate (Nick Wellnhofer),<br />
+ Fix spurious error message (Nick Wellnhofer),<br />
+ Fix memory leak in xmlCanonicPath (Nick Wellnhofer),<br />
+ Fix memory leak in xmlXPathCompareNodeSetValue (Nick Wellnhofer),<br />
+ Fix memory leak in pattern error path (Nick Wellnhofer),<br />
+ Fix memory leak in parser error path (Nick Wellnhofer),<br />
+ Fix memory leaks in XPointer error paths (Nick Wellnhofer),<br />
+ Fix memory leak in xmlXPathNodeSetMergeAndClear (Nick Wellnhofer),<br />
+ Fix memory leak in XPath filter optimizations (Nick Wellnhofer),<br />
+ Fix memory leaks in XPath error paths (Nick Wellnhofer),<br />
+ Do not leak the new CData node if adding fails (David Tardon),<br />
+ Prevent unwanted external entity reference (Neel Mehta),<br />
+ Increase buffer space for port in HTTP redirect support (Daniel Veillard),<br />
+ Fix more NULL pointer derefs in xpointer.c (Nick Wellnhofer),<br />
+ Avoid function/data pointer conversion in xpath.c (Nick Wellnhofer),<br />
+ Fix format string warnings (Nick Wellnhofer),<br />
+ Disallow namespace nodes in XPointer points (Nick Wellnhofer),<br />
+ Fix comparison with root node in xmlXPathCmpNodes (Nick Wellnhofer),<br />
+ Fix attribute decoding during XML schema validation (Alex Henrie),<br />
+ Fix NULL pointer deref in XPointer range-to (Nick Wellnhofer)<br />
+ </li>
+
+ <li>Improvements:<br />
+ Updating the spec file to reflect Fedora 24 (Daniel Veillard),<br />
+ Add const in five places to move 1 KiB to .rdata (Bruce Dawson),<br />
+ Fix missing part of comment for function xmlXPathEvalExpression() (Daniel Veillard),<br />
+ Get rid of "blanks wrapper" for parameter entities (Nick Wellnhofer),<br />
+ Simplify handling of parameter entity references (Nick Wellnhofer),<br />
+ Deduplicate code in encoding.c (Nick Wellnhofer),<br />
+ Make HTML parser functions take const pointers (Nick Wellnhofer),<br />
+ Build test programs only when needed (Nick Wellnhofer),<br />
+ Fix doc/examples/index.py (Nick Wellnhofer),<br />
+ Fix compiler warnings in threads.c (Nick Wellnhofer),<br />
+ Fix empty-body warning in nanohttp.c (Nick Wellnhofer),<br />
+ Fix cast-align warnings (Nick Wellnhofer),<br />
+ Fix unused-parameter warnings (Nick Wellnhofer),<br />
+ Rework entity boundary checks (Nick Wellnhofer),<br />
+ Don't switch encoding for internal parameter entities (Nick Wellnhofer),<br />
+ Merge duplicate code paths handling PE references (Nick Wellnhofer),<br />
+ Test SAX2 callbacks with entity substitution (Nick Wellnhofer),<br />
+ Support catalog and threads tests under --without-sax1 (Nick Wellnhofer),<br />
+ Misc fixes for 'make tests' (Nick Wellnhofer),<br />
+ Initialize keepBlanks in HTML parser (Nick Wellnhofer),<br />
+ Add test cases for bug 758518 (David Kilzer),<br />
+ Fix compiler warning in htmlParseElementInternal (Nick Wellnhofer),<br />
+ Remove useless check in xmlParseAttributeListDecl (Nick Wellnhofer),<br />
+ Allow zero sized memory input buffers (Nick Wellnhofer),<br />
+ Add TODO comment in xmlSwitchEncoding (Nick Wellnhofer),<br />
+ Check for integer overflow in xmlXPathFormatNumber (Nick Wellnhofer),<br />
+ Make Travis print UBSan stacktraces (Nick Wellnhofer),<br />
+ Add .travis.yml (Nick Wellnhofer),<br />
+ Fix expected error output in Python tests (Nick Wellnhofer),<br />
+ Simplify control flow in xmlParseStartTag2 (Nick Wellnhofer),<br />
+ Disable LeakSanitizer when running API tests (Nick Wellnhofer),<br />
+ Avoid out-of-bound array access in API tests (Nick Wellnhofer),<br />
+ Avoid spurious UBSan errors in parser.c (Nick Wellnhofer),<br />
+ Parse small XPath numbers more accurately (Nick Wellnhofer),<br />
+ Rework XPath rounding functions (Nick Wellnhofer),<br />
+ Fix white space in test output (Nick Wellnhofer),<br />
+ Fix axis traversal from attribute and namespace nodes (Nick Wellnhofer),<br />
+ Check for trailing characters in XPath expressions earlier (Nick Wellnhofer),<br />
+ Rework final handling of XPath results (Nick Wellnhofer),<br />
+ Make xmlXPathEvalExpression call xmlXPathEval (Nick Wellnhofer),<br />
+ Remove unused variables (Nick Wellnhofer),<br />
+ Don't print generic error messages in XPath tests (Nick Wellnhofer)<br />
+ </li>
+
+ <li>Cleanups:<br />
+ Fix a couple of misleading indentation errors (Daniel Veillard),<br />
+ Remove unnecessary calls to xmlPopInput (Nick Wellnhofer)<br />
+ </li>
+</ul><h3>2.9.4: May 23 2016</h3><ul>
<li>Security:<br />
More format string warnings with possible format string vulnerability (David Kilzer),<br />
Avoid building recursive entities (Daniel Veillard),<br />
<p>Here is the list of public releases:</p>
+<h3>v2.9.5: Sep 04 2017</h3>
+<ul>
+
+ <li>Security:<br/>
+ Detect infinite recursion in parameter entities (Nick Wellnhofer),<br/>
+ Fix handling of parameter-entity references (Nick Wellnhofer),<br/>
+ Disallow namespace nodes in XPointer ranges (Nick Wellnhofer),<br/>
+ Fix XPointer paths beginning with range-to (Nick Wellnhofer)<br/>
+ </li>
+
+ <li>Documentation:<br/>
+ Documentation fixes (Nick Wellnhofer),<br/>
+ Spelling and grammar fixes (Nick Wellnhofer)<br/>
+ </li>
+
+ <li>Portability:<br/>
+ Adding README.zOS to list of extra files for the release (Daniel Veillard),<br/>
+ Description of work needed to compile on zOS (Stéphane Michaut),<br/>
+ Porting libxml2 on zOS encoding of code (Stéphane Michaut),<br/>
+ small changes for OS/400 (Patrick Monnerat),<br/>
+ relaxng.c, xmlschemas.c: Fix build on pre-C99 compilers (Chun-wei Fan)<br/>
+ </li>
+
+ <li>Bug Fixes:<br/>
+ Problem resolving relative URIs (Daniel Veillard),<br/>
+ Fix unwanted warnings when switching encodings (Nick Wellnhofer),<br/>
+ Fix signature of xmlSchemaAugmentImportedIDC (Daniel Veillard),<br/>
+ Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup (David Kilzer),<br/>
+ Fix NULL pointer deref in xmlFAParseCharClassEsc (Nick Wellnhofer),<br/>
+ Fix infinite loops with push parser in recovery mode (Nick Wellnhofer),<br/>
+ Send xmllint usage error to stderr (Nick Wellnhofer),<br/>
+ Fix NULL deref in xmlParseExternalEntityPrivate (Nick Wellnhofer),<br/>
+ Make sure not to call IS_BLANK_CH when parsing the DTD (Nick Wellnhofer),<br/>
+ Fix xmlHaltParser (Nick Wellnhofer),<br/>
+ Fix pathological performance when outputting charrefs (Nick Wellnhofer),<br/>
+ Fix invalid-source-encoding warnings in testWriter.c (Nick Wellnhofer),<br/>
+ Fix duplicate SAX callbacks for entity content (David Kilzer),<br/>
+ Treat URIs with scheme as absolute in C14N (Nick Wellnhofer),<br/>
+ Fix copy-paste errors in error messages (Nick Wellnhofer),<br/>
+ Fix sanity check in htmlParseNameComplex (Nick Wellnhofer),<br/>
+ Fix potential infinite loop in xmlStringLenDecodeEntities (Nick Wellnhofer),<br/>
+ Reset parser input pointers on encoding failure (Nick Wellnhofer),<br/>
+ Fix memory leak in xmlParseEntityDecl error path (Nick Wellnhofer),<br/>
+ Fix xmlBuildRelativeURI for URIs starting with './' (Nick Wellnhofer),<br/>
+ Fix type confusion in xmlValidateOneNamespace (Nick Wellnhofer),<br/>
+ Fix memory leak in xmlStringLenGetNodeList (Nick Wellnhofer),<br/>
+ Fix NULL pointer deref in xmlDumpElementContent (Daniel Veillard),<br/>
+ Fix memory leak in xmlBufAttrSerializeTxtContent (Nick Wellnhofer),<br/>
+ Stop parser on unsupported encodings (Nick Wellnhofer),<br/>
+ Check for integer overflow in memory debug code (Nick Wellnhofer),<br/>
+ Fix buffer size checks in xmlSnprintfElementContent (Nick Wellnhofer),<br/>
+ Avoid reparsing in xmlParseStartTag2 (Nick Wellnhofer),<br/>
+ Fix undefined behavior in xmlRegExecPushStringInternal (Nick Wellnhofer),<br/>
+ Check XPath exponents for overflow (Nick Wellnhofer),<br/>
+ Check for overflow in xmlXPathIsPositionalPredicate (Nick Wellnhofer),<br/>
+ Fix spurious error message (Nick Wellnhofer),<br/>
+ Fix memory leak in xmlCanonicPath (Nick Wellnhofer),<br/>
+ Fix memory leak in xmlXPathCompareNodeSetValue (Nick Wellnhofer),<br/>
+ Fix memory leak in pattern error path (Nick Wellnhofer),<br/>
+ Fix memory leak in parser error path (Nick Wellnhofer),<br/>
+ Fix memory leaks in XPointer error paths (Nick Wellnhofer),<br/>
+ Fix memory leak in xmlXPathNodeSetMergeAndClear (Nick Wellnhofer),<br/>
+ Fix memory leak in XPath filter optimizations (Nick Wellnhofer),<br/>
+ Fix memory leaks in XPath error paths (Nick Wellnhofer),<br/>
+ Do not leak the new CData node if adding fails (David Tardon),<br/>
+ Prevent unwanted external entity reference (Neel Mehta),<br/>
+ Increase buffer space for port in HTTP redirect support (Daniel Veillard),<br/>
+ Fix more NULL pointer derefs in xpointer.c (Nick Wellnhofer),<br/>
+ Avoid function/data pointer conversion in xpath.c (Nick Wellnhofer),<br/>
+ Fix format string warnings (Nick Wellnhofer),<br/>
+ Disallow namespace nodes in XPointer points (Nick Wellnhofer),<br/>
+ Fix comparison with root node in xmlXPathCmpNodes (Nick Wellnhofer),<br/>
+ Fix attribute decoding during XML schema validation (Alex Henrie),<br/>
+ Fix NULL pointer deref in XPointer range-to (Nick Wellnhofer)<br/>
+ </li>
+
+ <li>Improvements:<br/>
+ Updating the spec file to reflect Fedora 24 (Daniel Veillard),<br/>
+ Add const in five places to move 1 KiB to .rdata (Bruce Dawson),<br/>
+ Fix missing part of comment for function xmlXPathEvalExpression() (Daniel Veillard),<br/>
+ Get rid of "blanks wrapper" for parameter entities (Nick Wellnhofer),<br/>
+ Simplify handling of parameter entity references (Nick Wellnhofer),<br/>
+ Deduplicate code in encoding.c (Nick Wellnhofer),<br/>
+ Make HTML parser functions take const pointers (Nick Wellnhofer),<br/>
+ Build test programs only when needed (Nick Wellnhofer),<br/>
+ Fix doc/examples/index.py (Nick Wellnhofer),<br/>
+ Fix compiler warnings in threads.c (Nick Wellnhofer),<br/>
+ Fix empty-body warning in nanohttp.c (Nick Wellnhofer),<br/>
+ Fix cast-align warnings (Nick Wellnhofer),<br/>
+ Fix unused-parameter warnings (Nick Wellnhofer),<br/>
+ Rework entity boundary checks (Nick Wellnhofer),<br/>
+ Don't switch encoding for internal parameter entities (Nick Wellnhofer),<br/>
+ Merge duplicate code paths handling PE references (Nick Wellnhofer),<br/>
+ Test SAX2 callbacks with entity substitution (Nick Wellnhofer),<br/>
+ Support catalog and threads tests under --without-sax1 (Nick Wellnhofer),<br/>
+ Misc fixes for 'make tests' (Nick Wellnhofer),<br/>
+ Initialize keepBlanks in HTML parser (Nick Wellnhofer),<br/>
+ Add test cases for bug 758518 (David Kilzer),<br/>
+ Fix compiler warning in htmlParseElementInternal (Nick Wellnhofer),<br/>
+ Remove useless check in xmlParseAttributeListDecl (Nick Wellnhofer),<br/>
+ Allow zero sized memory input buffers (Nick Wellnhofer),<br/>
+ Add TODO comment in xmlSwitchEncoding (Nick Wellnhofer),<br/>
+ Check for integer overflow in xmlXPathFormatNumber (Nick Wellnhofer),<br/>
+ Make Travis print UBSan stacktraces (Nick Wellnhofer),<br/>
+ Add .travis.yml (Nick Wellnhofer),<br/>
+ Fix expected error output in Python tests (Nick Wellnhofer),<br/>
+ Simplify control flow in xmlParseStartTag2 (Nick Wellnhofer),<br/>
+ Disable LeakSanitizer when running API tests (Nick Wellnhofer),<br/>
+ Avoid out-of-bound array access in API tests (Nick Wellnhofer),<br/>
+ Avoid spurious UBSan errors in parser.c (Nick Wellnhofer),<br/>
+ Parse small XPath numbers more accurately (Nick Wellnhofer),<br/>
+ Rework XPath rounding functions (Nick Wellnhofer),<br/>
+ Fix white space in test output (Nick Wellnhofer),<br/>
+ Fix axis traversal from attribute and namespace nodes (Nick Wellnhofer),<br/>
+ Check for trailing characters in XPath expressions earlier (Nick Wellnhofer),<br/>
+ Rework final handling of XPath results (Nick Wellnhofer),<br/>
+ Make xmlXPathEvalExpression call xmlXPathEval (Nick Wellnhofer),<br/>
+ Remove unused variables (Nick Wellnhofer),<br/>
+ Don't print generic error messages in XPath tests (Nick Wellnhofer)<br/>
+ </li>
+
+ <li>Cleanups:<br/>
+ Fix a couple of misleading indentation errors (Daniel Veillard),<br/>
+ Remove unnecessary calls to xmlPopInput (Nick Wellnhofer)<br/>
+ </li>
+</ul>
<h3>2.9.4: May 23 2016</h3>
<ul>
<li>Security:<br/>
*
* extra version information, used to show a CVS compilation
*/
-#define LIBXML_VERSION_EXTRA "-GITv2.9.5-rc1-1-g69936b1"
+#define LIBXML_VERSION_EXTRA "-GITv2.9.5-rc2"
/**
* LIBXML_TEST_VERSION:
Summary: Library providing XML and HTML support
Name: libxml2
Version: @VERSION@
-Release: 0rc2%{?dist}%{?extra_release}
+Release: 1%{?dist}%{?extra_release}
License: MIT
Group: Development/Libraries
-Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}-rc2.tar.gz
+Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: python-devel
%if 0%{?with_python3}
Summary: Library providing XML and HTML support
Name: libxml2
Version: 2.9.5
-Release: 0rc2%{?dist}%{?extra_release}
+Release: 1%{?dist}%{?extra_release}
License: MIT
Group: Development/Libraries
-Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}-rc2.tar.gz
+Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: python-devel
%if 0%{?with_python3}
%endif # with_python3
%changelog
-* Thu Aug 31 2017 Daniel Veillard <veillard@redhat.com>
+* Mon Sep 4 2017 Daniel Veillard <veillard@redhat.com>
- upstream release 2.9.5 see http://xmlsoft.org/news.html
char * encoding; /* a free form C string describing the HTML document encoding, or NULL */
int n_encoding;
- for (n_cur = 0;n_cur < gen_nb_xmlChar_ptr;n_cur++) {
+ for (n_cur = 0;n_cur < gen_nb_const_xmlChar_ptr;n_cur++) {
for (n_encoding = 0;n_encoding < gen_nb_const_char_ptr;n_encoding++) {
mem_base = xmlMemBlocks();
- cur = gen_xmlChar_ptr(n_cur, 0);
+ cur = gen_const_xmlChar_ptr(n_cur, 0);
encoding = gen_const_char_ptr(n_encoding, 1);
- ret_val = htmlParseDoc(cur, (const char *)encoding);
+ ret_val = htmlParseDoc((const xmlChar *)cur, (const char *)encoding);
desret_htmlDocPtr(ret_val);
call_tests++;
- des_xmlChar_ptr(n_cur, cur, 0);
+ des_const_xmlChar_ptr(n_cur, (const xmlChar *)cur, 0);
des_const_char_ptr(n_encoding, (const char *)encoding, 1);
xmlResetLastError();
if (mem_base != xmlMemBlocks()) {
void * userData; /* if using SAX, this pointer will be provided on callbacks. */
int n_userData;
- for (n_cur = 0;n_cur < gen_nb_xmlChar_ptr;n_cur++) {
+ for (n_cur = 0;n_cur < gen_nb_const_xmlChar_ptr;n_cur++) {
for (n_encoding = 0;n_encoding < gen_nb_const_char_ptr;n_encoding++) {
for (n_sax = 0;n_sax < gen_nb_htmlSAXHandlerPtr;n_sax++) {
for (n_userData = 0;n_userData < gen_nb_userdata;n_userData++) {
mem_base = xmlMemBlocks();
- cur = gen_xmlChar_ptr(n_cur, 0);
+ cur = gen_const_xmlChar_ptr(n_cur, 0);
encoding = gen_const_char_ptr(n_encoding, 1);
sax = gen_htmlSAXHandlerPtr(n_sax, 2);
userData = gen_userdata(n_userData, 3);
- ret_val = htmlSAXParseDoc(cur, (const char *)encoding, sax, userData);
+ ret_val = htmlSAXParseDoc((const xmlChar *)cur, (const char *)encoding, sax, userData);
desret_htmlDocPtr(ret_val);
call_tests++;
- des_xmlChar_ptr(n_cur, cur, 0);
+ des_const_xmlChar_ptr(n_cur, (const xmlChar *)cur, 0);
des_const_char_ptr(n_encoding, (const char *)encoding, 1);
des_htmlSAXHandlerPtr(n_sax, sax, 2);
des_userdata(n_userData, userData, 3);