Releases

From ff0372312c3a3ba354639d74d771709646eb903d Mon Sep 17 00:00:00 2001 From: DongHun Kwak Date: Tue, 17 Oct 2017 14:42:10 +0900 Subject: [PATCH] Imported Upstream version 2.9.5 Change-Id: I26aba6b2cafb1d9429b90886c5270887df23ef57 Signed-off-by: DongHun Kwak --- doc/bugs.html | 2 +- doc/libxml2.xsa | 134 +++++++++++++++++++++++++------------------- doc/news.html | 126 ++++++++++++++++++++++++++++++++++++++++- doc/xml.html | 126 +++++++++++++++++++++++++++++++++++++++++ include/libxml/xmlversion.h | 2 +- libxml.spec.in | 4 +- libxml2.spec | 6 +- testapi.c | 16 +++--- 8 files changed, 343 insertions(+), 73 deletions(-) diff --git a/doc/bugs.html b/doc/bugs.html index 55ff296..52970d3 100644 --- a/doc/bugs.html +++ b/doc/bugs.html @@ -13,7 +13,7 @@ use the Gnome bug tracking database (make sure to use the "libxml2" module name). I look at reports there regularly and it's good to have a reminder when a bug is still open. Be sure to specify that the bug is for the package libxml2.

For small problems you can try to get help on IRC, the #xml channel on -irc.gnome.org (port 6667) usually have a few person subscribed which may help +irc.gnome.org (port 6667) usually has a few people subscribed which may help (but there is no guarantee and if a real issue is raised it should go on the mailing-list for archival).

There is also a mailing-list xml@gnome.org for libxml, with an on-line archive (old). To subscribe to this list, please visit the associated Web page and diff --git a/doc/libxml2.xsa b/doc/libxml2.xsa index 0d4b8fe..74580ff 100644 --- a/doc/libxml2.xsa +++ b/doc/libxml2.xsa @@ -8,73 +8,93 @@ libxml2 - v2.9.3 - Nov 20 2015 + 2.9.4 + May 23 2016 http://xmlsoft.org/ - Security: - CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport), - CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard), - CVE-2015-7499-2 Detect incoherency on GROW (Daniel Veillard), - CVE-2015-7499-1 Add xmlHaltParser() to stop the parser (Daniel Veillard), - CVE-2015-5312 Another entity expansion issue (David Drysdale), - CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale), - CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard), - CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard), - CVE-2015-7942-2 Fix an error in previous Conditional section patch (Daniel Veillard), - CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard), - CVE-2015-1819 Enforce the reader to run in constant memory (Daniel Veillard) - CVE-2015-7941_2 Cleanup conditional section error handling (Daniel Veillard), - CVE-2015-7941_1 Stop parsing on entities boundaries errors (Daniel Veillard), + More format string warnings with possible format string vulnerability (David Kilzer), + Avoid building recursive entities (Daniel Veillard), + Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde), + Heap-based buffer-underreads due to xmlParseName (David Kilzer), + Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde), + Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (Pranjal Jumde), + Fix some format string warnings with possible format string vulnerability (David Kilzer), + Detect change of encoding when parsing HTML names (Hugh Davenport), + Fix inappropriate fetch of entities content (Daniel Veillard), + Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> (Pranjal Jumde), + Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> (Pranjal Jumde), + Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> (David Kilzer), + Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> (Pranjal Jumde), + Add missing increments of recursion depth counter to XML parser. (Peter Simons) - Documentation: - Correct spelling of "calling" (Alex Henrie), - Fix a small error in xmllint --format description (Fabien Degomme), - Avoid XSS on the search of xmlsoft.org (Daniel Veillard) + Fix typo: s{ ec -> cr }cipt (Jan PokornÃ½), + Fix typos: dictio{ nn -> n }ar{y,ies} (Jan PokornÃ½), + Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } (Jan PokornÃ½), + Correct a typo. (Shlomi Fish) - Portability: - threads: use forward declarations only for glibc (Michael Heimpold), - Update Win32 configure.js to search for configure.ac (Daniel Veillard) + Correct the usage of LDFLAGS (Mattias Hansson), + Revert the use of SAVE_LDFLAGS in configure.ac (Mattias Hansson), + libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles (Mike Frysinger), + Fix apibuild for a recently added construct (Daniel Veillard), + Use pkg-config to locate zlib when possible (Stewart Brodie), + Use pkg-config to locate ICU when possible (Stewart Brodie), + Portability to non C99 compliant compilers (Patrick Monnerat), + dict.h: Move xmlDictPtr definition before includes to allow direct inclusion. (Patrick Monnerat), + os400: tell about xmllint and xmlcatalog in README400. (Patrick Monnerat), + os400: properly process SGML add in XMLCATALOG command. (Patrick Monnerat), + os400: implement CL command XMLCATALOG. (Patrick Monnerat), + os400: compile and install program xmlcatalog (qshell-only). (Patrick Monnerat), + os400: expand tabs in sources, strip trailing blanks. (Patrick Monnerat), + os400: implement CL command XMLLINT. (Patrick Monnerat), + os400: compile and install program xmllint (qshell-only). (Patrick Monnerat), + os400: initscript make_module(): Use options instead of positional parameters. (Patrick Monnerat), + os400: c14n.rpgle: allow *omit for nullable reference parameters. (Patrick Monnerat), + os400: use like() for double type. (Patrick Monnerat), + os400: use like() for int type. (Patrick Monnerat), + os400: use like() for unsigned int type. (Patrick Monnerat), + os400: use like() for enum types. (Patrick Monnerat), + Add xz to xml2-config --libs output (Baruch Siach), + Bug 760190: configure.ac should be able to build --with-icu without icu-config tool <https://bugzilla.gnome.org/show_bug.cgi?id=760190> (David Kilzer), + win32\VC10\config.h and VS 2015 (Bruce Dawson), + Add configure maintainer mode (orzen) - Bug Fixes: - Bug on creating new stream from entity (Daniel Veillard), - Fix some loop issues embedding NEXT (Daniel Veillard), - Do not print error context when there is none (Daniel Veillard), - Avoid extra processing of MarkupDecl when EOF (Hugh Davenport), - Fix parsing short unclosed comment uninitialized access (Daniel Veillard), - Add missing Null check in xmlParseExternalEntityPrivate (Gaurav Gupta), - Fix a bug in CData error handling in the push parser (Daniel Veillard), - Fix a bug on name parsing at the end of current input buffer (Daniel Veillard), - Fix the spurious ID already defined error (Daniel Veillard), - Fix previous change to node sort order (Nick Wellnhofer), - Fix a self assignment issue raised by clang (Scott Graham), - Fail parsing early on if encoding conversion failed (Daniel Veillard), - Do not process encoding values if the declaration if broken (Daniel Veillard), - Silence clang's -Wunknown-attribute (Michael Catanzaro), - xmlMemUsed is not thread-safe (Martin von Gagern), - Fix support for except in nameclasses (Daniel Veillard), - Fix order of root nodes (Nick Wellnhofer), - Allow attributes on descendant-or-self axis (Nick Wellnhofer), - Fix the fix to Windows locking (Steve Nairn), - Fix timsort invariant loop re: Envisage article (Christopher Swenson), - Don't add IDs in xmlSetTreeDoc (Nick Wellnhofer), - Account for ID attributes in xmlSetTreeDoc (Nick Wellnhofer), - Remove various unused value assignments (Philip Withnall), - Fix missing entities after CVE-2014-3660 fix (Daniel Veillard), - Revert "Missing initialization for the catalog module" (Daniel Veillard) + Avoid an out of bound access when serializing malformed strings (Daniel Veillard), + Unsigned addition may overflow in xmlMallocAtomicLoc() (David Kilzer), + Integer signed/unsigned type mismatch in xmlParserInputGrow() (David Kilzer), + Bug 763071: heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> (Pranjal Jumde), + Integer overflow parsing port number in URI (Michael Paddon), + Fix an error with regexp on nullable counted char transition (Daniel Veillard), + Fix memory leak with XPath namespace nodes (Nick Wellnhofer), + Fix namespace axis traversal (Nick Wellnhofer), + Fix null pointer deref in docs with no root element (Hugh Davenport), + Fix XSD validation of URIs with ampersands (Alex Henrie), + xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of day" and should not cause an error. (Patrick Monnerat), + xmlcatalog: flush stdout before interactive shell input. (Patrick Monnerat), + xmllint: flush stdout before interactive shell input. (Patrick Monnerat), + Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression (Nick Wellnhofer), + Fix namespace::node() XPath expression (Nick Wellnhofer), + Fix OOB write in xmlXPathEmptyNodeSet (Nick Wellnhofer), + Fix parsing of NCNames in XPath (Nick Wellnhofer), + Fix OOB read with invalid UTF-8 in xmlUTF8Strsize (Nick Wellnhofer), + Do normalize string-based datatype value in RelaxNG facet checking (Audric Schiltknecht), + Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix for "xmlSaveUri() incorrectly recomposes URIs with rootless paths" <https://bugzilla.gnome.org/show_bug.cgi?id=760921> (David Kilzer), + Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd <https://bugzilla.gnome.org/show_bug.cgi?id=760861> (David Kilzer), + error.c: *input->cur == 0 does not mean no error (Pavel Raiskup), + Add missing RNG test files (David Kilzer), + Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer <https://bugzilla.gnome.org/show_bug.cgi?id=760183> (David Kilzer), + Bug 758572: ASAN crash in make check <https://bugzilla.gnome.org/show_bug.cgi?id=758572> (David Kilzer), + Bug 721158: Missing ICU string when doing --version on xmllint <https://bugzilla.gnome.org/show_bug.cgi?id=721158> (David Kilzer), + python 3: libxml2.c wrappers create Unicode str already (Michael Stahl), + Add autogen.sh to distrib (orzen), + Heap-based buffer overread in xmlNextChar (Daniel Veillard) - Improvements: - Reuse xmlHaltParser() where it makes sense (Daniel Veillard), - xmlStopParser reset errNo (Daniel Veillard), - Reenable xz support by default (Daniel Veillard), - Recover unescaped less-than character in HTML recovery parsing (Daniel Veillard), - Allow HTML serializer to output HTML5 DOCTYPE (Shaun McCance), - Regression test for bug #695699 (Nick Wellnhofer), - Add a couple of XPath tests (Nick Wellnhofer), - Add Python 3 rpm subpackage (Tomas Radej), - libxml2-config.cmake.in: update include directories (Samuel Martin), - Adding example from bugs 738805 to regression tests (Daniel Veillard) - - - Cleanups: + Add more debugging info to runtest (Daniel Veillard), + Implement "runtest -u" mode (David Kilzer), + Add a make rule to rebuild for ASAN (Daniel Veillard) diff --git a/doc/news.html b/doc/news.html index 9ff44f2..512dba9 100644 --- a/doc/news.html +++ b/doc/news.html @@ -8,7 +8,131 @@ H2 {font-family: Verdana,Arial,Helvetica} H3 {font-family: Verdana,Arial,Helvetica} A:link, A:visited, A:active { text-decoration: underline } Releases
The XML C parser and toolkit of Gnome
Releases
Main Menu
Home
Reference Manual
Introduction
FAQ
Developer Menu
Reporting bugs and getting help
How to help
Downloads
Releases
XML
XSLT
Validation & DTDs
Encodings support
Catalog support
Namespaces
Contributions
Code Examples
API Menu
XML Guidelines
Recent Changes
Related links
Mail archive
XSLT libxslt
DOM gdome2
XML-DSig xmlsec
FTP
Windows binaries
Solaris binaries
MacOsX binaries
lxml Python bindings
Perl bindings
C++ bindings
PHP bindings
Pascal bindings
Ruby bindings
Tcl bindings
Bug Tracker
The change log describes the recents commits -to the GIT code base.
Here is the list of public releases:
2.9.4: May 23 2016
+to the GIT code base.
Here is the list of public releases:
v2.9.5: Sep 04 2017
+ +
Security:
+ Detect infinite recursion in parameter entities (Nick Wellnhofer),
+ Fix handling of parameter-entity references (Nick Wellnhofer),
+ Disallow namespace nodes in XPointer ranges (Nick Wellnhofer),
+ Fix XPointer paths beginning with range-to (Nick Wellnhofer)
+
+ +
Documentation:
+ Documentation fixes (Nick Wellnhofer),
+ Spelling and grammar fixes (Nick Wellnhofer)
+
+ +
Portability:
+ Adding README.zOS to list of extra files for the release (Daniel Veillard),
+ Description of work needed to compile on zOS (StÃ©phane Michaut),
+ Porting libxml2 on zOS encoding of code (StÃ©phane Michaut),
+ small changes for OS/400 (Patrick Monnerat),
+ relaxng.c, xmlschemas.c: Fix build on pre-C99 compilers (Chun-wei Fan)
+
+ +
Bug Fixes:
+ Problem resolving relative URIs (Daniel Veillard),
+ Fix unwanted warnings when switching encodings (Nick Wellnhofer),
+ Fix signature of xmlSchemaAugmentImportedIDC (Daniel Veillard),
+ Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup (David Kilzer),
+ Fix NULL pointer deref in xmlFAParseCharClassEsc (Nick Wellnhofer),
+ Fix infinite loops with push parser in recovery mode (Nick Wellnhofer),
+ Send xmllint usage error to stderr (Nick Wellnhofer),
+ Fix NULL deref in xmlParseExternalEntityPrivate (Nick Wellnhofer),
+ Make sure not to call IS_BLANK_CH when parsing the DTD (Nick Wellnhofer),
+ Fix xmlHaltParser (Nick Wellnhofer),
+ Fix pathological performance when outputting charrefs (Nick Wellnhofer),
+ Fix invalid-source-encoding warnings in testWriter.c (Nick Wellnhofer),
+ Fix duplicate SAX callbacks for entity content (David Kilzer),
+ Treat URIs with scheme as absolute in C14N (Nick Wellnhofer),
+ Fix copy-paste errors in error messages (Nick Wellnhofer),
+ Fix sanity check in htmlParseNameComplex (Nick Wellnhofer),
+ Fix potential infinite loop in xmlStringLenDecodeEntities (Nick Wellnhofer),
+ Reset parser input pointers on encoding failure (Nick Wellnhofer),
+ Fix memory leak in xmlParseEntityDecl error path (Nick Wellnhofer),
+ Fix xmlBuildRelativeURI for URIs starting with './' (Nick Wellnhofer),
+ Fix type confusion in xmlValidateOneNamespace (Nick Wellnhofer),
+ Fix memory leak in xmlStringLenGetNodeList (Nick Wellnhofer),
+ Fix NULL pointer deref in xmlDumpElementContent (Daniel Veillard),
+ Fix memory leak in xmlBufAttrSerializeTxtContent (Nick Wellnhofer),
+ Stop parser on unsupported encodings (Nick Wellnhofer),
+ Check for integer overflow in memory debug code (Nick Wellnhofer),
+ Fix buffer size checks in xmlSnprintfElementContent (Nick Wellnhofer),
+ Avoid reparsing in xmlParseStartTag2 (Nick Wellnhofer),
+ Fix undefined behavior in xmlRegExecPushStringInternal (Nick Wellnhofer),
+ Check XPath exponents for overflow (Nick Wellnhofer),
+ Check for overflow in xmlXPathIsPositionalPredicate (Nick Wellnhofer),
+ Fix spurious error message (Nick Wellnhofer),
+ Fix memory leak in xmlCanonicPath (Nick Wellnhofer),
+ Fix memory leak in xmlXPathCompareNodeSetValue (Nick Wellnhofer),
+ Fix memory leak in pattern error path (Nick Wellnhofer),
+ Fix memory leak in parser error path (Nick Wellnhofer),
+ Fix memory leaks in XPointer error paths (Nick Wellnhofer),
+ Fix memory leak in xmlXPathNodeSetMergeAndClear (Nick Wellnhofer),
+ Fix memory leak in XPath filter optimizations (Nick Wellnhofer),
+ Fix memory leaks in XPath error paths (Nick Wellnhofer),
+ Do not leak the new CData node if adding fails (David Tardon),
+ Prevent unwanted external entity reference (Neel Mehta),
+ Increase buffer space for port in HTTP redirect support (Daniel Veillard),
+ Fix more NULL pointer derefs in xpointer.c (Nick Wellnhofer),
+ Avoid function/data pointer conversion in xpath.c (Nick Wellnhofer),
+ Fix format string warnings (Nick Wellnhofer),
+ Disallow namespace nodes in XPointer points (Nick Wellnhofer),
+ Fix comparison with root node in xmlXPathCmpNodes (Nick Wellnhofer),
+ Fix attribute decoding during XML schema validation (Alex Henrie),
+ Fix NULL pointer deref in XPointer range-to (Nick Wellnhofer)
+
+ +
Improvements:
+ Updating the spec file to reflect Fedora 24 (Daniel Veillard),
+ Add const in five places to move 1 KiB to .rdata (Bruce Dawson),
+ Fix missing part of comment for function xmlXPathEvalExpression() (Daniel Veillard),
+ Get rid of "blanks wrapper" for parameter entities (Nick Wellnhofer),
+ Simplify handling of parameter entity references (Nick Wellnhofer),
+ Deduplicate code in encoding.c (Nick Wellnhofer),
+ Make HTML parser functions take const pointers (Nick Wellnhofer),
+ Build test programs only when needed (Nick Wellnhofer),
+ Fix doc/examples/index.py (Nick Wellnhofer),
+ Fix compiler warnings in threads.c (Nick Wellnhofer),
+ Fix empty-body warning in nanohttp.c (Nick Wellnhofer),
+ Fix cast-align warnings (Nick Wellnhofer),
+ Fix unused-parameter warnings (Nick Wellnhofer),
+ Rework entity boundary checks (Nick Wellnhofer),
+ Don't switch encoding for internal parameter entities (Nick Wellnhofer),
+ Merge duplicate code paths handling PE references (Nick Wellnhofer),
+ Test SAX2 callbacks with entity substitution (Nick Wellnhofer),
+ Support catalog and threads tests under --without-sax1 (Nick Wellnhofer),
+ Misc fixes for 'make tests' (Nick Wellnhofer),
+ Initialize keepBlanks in HTML parser (Nick Wellnhofer),
+ Add test cases for bug 758518 (David Kilzer),
+ Fix compiler warning in htmlParseElementInternal (Nick Wellnhofer),
+ Remove useless check in xmlParseAttributeListDecl (Nick Wellnhofer),
+ Allow zero sized memory input buffers (Nick Wellnhofer),
+ Add TODO comment in xmlSwitchEncoding (Nick Wellnhofer),
+ Check for integer overflow in xmlXPathFormatNumber (Nick Wellnhofer),
+ Make Travis print UBSan stacktraces (Nick Wellnhofer),
+ Add .travis.yml (Nick Wellnhofer),
+ Fix expected error output in Python tests (Nick Wellnhofer),
+ Simplify control flow in xmlParseStartTag2 (Nick Wellnhofer),
+ Disable LeakSanitizer when running API tests (Nick Wellnhofer),
+ Avoid out-of-bound array access in API tests (Nick Wellnhofer),
+ Avoid spurious UBSan errors in parser.c (Nick Wellnhofer),
+ Parse small XPath numbers more accurately (Nick Wellnhofer),
+ Rework XPath rounding functions (Nick Wellnhofer),
+ Fix white space in test output (Nick Wellnhofer),
+ Fix axis traversal from attribute and namespace nodes (Nick Wellnhofer),
+ Check for trailing characters in XPath expressions earlier (Nick Wellnhofer),
+ Rework final handling of XPath results (Nick Wellnhofer),
+ Make xmlXPathEvalExpression call xmlXPathEval (Nick Wellnhofer),
+ Remove unused variables (Nick Wellnhofer),
+ Don't print generic error messages in XPath tests (Nick Wellnhofer)
+
+ +
Cleanups:
+ Fix a couple of misleading indentation errors (Daniel Veillard),
+ Remove unnecessary calls to xmlPopInput (Nick Wellnhofer)
+
+
2.9.4: May 23 2016

Security:
More format string warnings with possible format string vulnerability (David Kilzer),
Avoid building recursive entities (Daniel Veillard),
diff --git a/doc/xml.html b/doc/xml.html index 16b3544..52b46e6 100644 --- a/doc/xml.html +++ b/doc/xml.html @@ -709,6 +709,132 @@ to the GIT code base.

Here is the list of public releases:
+
v2.9.5: Sep 04 2017
+
+ +
Security:
+ Detect infinite recursion in parameter entities (Nick Wellnhofer),
+ Fix handling of parameter-entity references (Nick Wellnhofer),
+ Disallow namespace nodes in XPointer ranges (Nick Wellnhofer),
+ Fix XPointer paths beginning with range-to (Nick Wellnhofer)
+
+ +
Documentation:
+ Documentation fixes (Nick Wellnhofer),
+ Spelling and grammar fixes (Nick Wellnhofer)
+
+ +
Portability:
+ Adding README.zOS to list of extra files for the release (Daniel Veillard),
+ Description of work needed to compile on zOS (StÃ©phane Michaut),
+ Porting libxml2 on zOS encoding of code (StÃ©phane Michaut),
+ small changes for OS/400 (Patrick Monnerat),
+ relaxng.c, xmlschemas.c: Fix build on pre-C99 compilers (Chun-wei Fan)
+
+ +
Bug Fixes:
+ Problem resolving relative URIs (Daniel Veillard),
+ Fix unwanted warnings when switching encodings (Nick Wellnhofer),
+ Fix signature of xmlSchemaAugmentImportedIDC (Daniel Veillard),
+ Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup (David Kilzer),
+ Fix NULL pointer deref in xmlFAParseCharClassEsc (Nick Wellnhofer),
+ Fix infinite loops with push parser in recovery mode (Nick Wellnhofer),
+ Send xmllint usage error to stderr (Nick Wellnhofer),
+ Fix NULL deref in xmlParseExternalEntityPrivate (Nick Wellnhofer),
+ Make sure not to call IS_BLANK_CH when parsing the DTD (Nick Wellnhofer),
+ Fix xmlHaltParser (Nick Wellnhofer),
+ Fix pathological performance when outputting charrefs (Nick Wellnhofer),
+ Fix invalid-source-encoding warnings in testWriter.c (Nick Wellnhofer),
+ Fix duplicate SAX callbacks for entity content (David Kilzer),
+ Treat URIs with scheme as absolute in C14N (Nick Wellnhofer),
+ Fix copy-paste errors in error messages (Nick Wellnhofer),
+ Fix sanity check in htmlParseNameComplex (Nick Wellnhofer),
+ Fix potential infinite loop in xmlStringLenDecodeEntities (Nick Wellnhofer),
+ Reset parser input pointers on encoding failure (Nick Wellnhofer),
+ Fix memory leak in xmlParseEntityDecl error path (Nick Wellnhofer),
+ Fix xmlBuildRelativeURI for URIs starting with './' (Nick Wellnhofer),
+ Fix type confusion in xmlValidateOneNamespace (Nick Wellnhofer),
+ Fix memory leak in xmlStringLenGetNodeList (Nick Wellnhofer),
+ Fix NULL pointer deref in xmlDumpElementContent (Daniel Veillard),
+ Fix memory leak in xmlBufAttrSerializeTxtContent (Nick Wellnhofer),
+ Stop parser on unsupported encodings (Nick Wellnhofer),
+ Check for integer overflow in memory debug code (Nick Wellnhofer),
+ Fix buffer size checks in xmlSnprintfElementContent (Nick Wellnhofer),
+ Avoid reparsing in xmlParseStartTag2 (Nick Wellnhofer),
+ Fix undefined behavior in xmlRegExecPushStringInternal (Nick Wellnhofer),
+ Check XPath exponents for overflow (Nick Wellnhofer),
+ Check for overflow in xmlXPathIsPositionalPredicate (Nick Wellnhofer),
+ Fix spurious error message (Nick Wellnhofer),
+ Fix memory leak in xmlCanonicPath (Nick Wellnhofer),
+ Fix memory leak in xmlXPathCompareNodeSetValue (Nick Wellnhofer),
+ Fix memory leak in pattern error path (Nick Wellnhofer),
+ Fix memory leak in parser error path (Nick Wellnhofer),
+ Fix memory leaks in XPointer error paths (Nick Wellnhofer),
+ Fix memory leak in xmlXPathNodeSetMergeAndClear (Nick Wellnhofer),
+ Fix memory leak in XPath filter optimizations (Nick Wellnhofer),
+ Fix memory leaks in XPath error paths (Nick Wellnhofer),
+ Do not leak the new CData node if adding fails (David Tardon),
+ Prevent unwanted external entity reference (Neel Mehta),
+ Increase buffer space for port in HTTP redirect support (Daniel Veillard),
+ Fix more NULL pointer derefs in xpointer.c (Nick Wellnhofer),
+ Avoid function/data pointer conversion in xpath.c (Nick Wellnhofer),
+ Fix format string warnings (Nick Wellnhofer),
+ Disallow namespace nodes in XPointer points (Nick Wellnhofer),
+ Fix comparison with root node in xmlXPathCmpNodes (Nick Wellnhofer),
+ Fix attribute decoding during XML schema validation (Alex Henrie),
+ Fix NULL pointer deref in XPointer range-to (Nick Wellnhofer)
+
+ +
Improvements:
+ Updating the spec file to reflect Fedora 24 (Daniel Veillard),
+ Add const in five places to move 1 KiB to .rdata (Bruce Dawson),
+ Fix missing part of comment for function xmlXPathEvalExpression() (Daniel Veillard),
+ Get rid of "blanks wrapper" for parameter entities (Nick Wellnhofer),
+ Simplify handling of parameter entity references (Nick Wellnhofer),
+ Deduplicate code in encoding.c (Nick Wellnhofer),
+ Make HTML parser functions take const pointers (Nick Wellnhofer),
+ Build test programs only when needed (Nick Wellnhofer),
+ Fix doc/examples/index.py (Nick Wellnhofer),
+ Fix compiler warnings in threads.c (Nick Wellnhofer),
+ Fix empty-body warning in nanohttp.c (Nick Wellnhofer),
+ Fix cast-align warnings (Nick Wellnhofer),
+ Fix unused-parameter warnings (Nick Wellnhofer),
+ Rework entity boundary checks (Nick Wellnhofer),
+ Don't switch encoding for internal parameter entities (Nick Wellnhofer),
+ Merge duplicate code paths handling PE references (Nick Wellnhofer),
+ Test SAX2 callbacks with entity substitution (Nick Wellnhofer),
+ Support catalog and threads tests under --without-sax1 (Nick Wellnhofer),
+ Misc fixes for 'make tests' (Nick Wellnhofer),
+ Initialize keepBlanks in HTML parser (Nick Wellnhofer),
+ Add test cases for bug 758518 (David Kilzer),
+ Fix compiler warning in htmlParseElementInternal (Nick Wellnhofer),
+ Remove useless check in xmlParseAttributeListDecl (Nick Wellnhofer),
+ Allow zero sized memory input buffers (Nick Wellnhofer),
+ Add TODO comment in xmlSwitchEncoding (Nick Wellnhofer),
+ Check for integer overflow in xmlXPathFormatNumber (Nick Wellnhofer),
+ Make Travis print UBSan stacktraces (Nick Wellnhofer),
+ Add .travis.yml (Nick Wellnhofer),
+ Fix expected error output in Python tests (Nick Wellnhofer),
+ Simplify control flow in xmlParseStartTag2 (Nick Wellnhofer),
+ Disable LeakSanitizer when running API tests (Nick Wellnhofer),
+ Avoid out-of-bound array access in API tests (Nick Wellnhofer),
+ Avoid spurious UBSan errors in parser.c (Nick Wellnhofer),
+ Parse small XPath numbers more accurately (Nick Wellnhofer),
+ Rework XPath rounding functions (Nick Wellnhofer),
+ Fix white space in test output (Nick Wellnhofer),
+ Fix axis traversal from attribute and namespace nodes (Nick Wellnhofer),
+ Check for trailing characters in XPath expressions earlier (Nick Wellnhofer),
+ Rework final handling of XPath results (Nick Wellnhofer),
+ Make xmlXPathEvalExpression call xmlXPathEval (Nick Wellnhofer),
+ Remove unused variables (Nick Wellnhofer),
+ Don't print generic error messages in XPath tests (Nick Wellnhofer)
+
+ +
Cleanups:
+ Fix a couple of misleading indentation errors (Daniel Veillard),
+ Remove unnecessary calls to xmlPopInput (Nick Wellnhofer)
+
+

2.9.4: May 23 2016

Security:
diff --git a/include/libxml/xmlversion.h b/include/libxml/xmlversion.h index 59c6c5a..df4e3af 100644 --- a/include/libxml/xmlversion.h +++ b/include/libxml/xmlversion.h @@ -50,7 +50,7 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); * * extra version information, used to show a CVS compilation */ -#define LIBXML_VERSION_EXTRA "-GITv2.9.5-rc1-1-g69936b1" +#define LIBXML_VERSION_EXTRA "-GITv2.9.5-rc2" /** * LIBXML_TEST_VERSION: diff --git a/libxml.spec.in b/libxml.spec.in index e676edd..d5f5ccb 100644 --- a/libxml.spec.in +++ b/libxml.spec.in @@ -3,10 +3,10 @@ Summary: Library providing XML and HTML support Name: libxml2 Version: @VERSION@ -Release: 0rc2%{?dist}%{?extra_release} +Release: 1%{?dist}%{?extra_release} License: MIT Group: Development/Libraries -Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}-rc2.tar.gz +Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: python-devel %if 0%{?with_python3} diff --git a/libxml2.spec b/libxml2.spec index ec02daf..f340c9e 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -3,10 +3,10 @@ Summary: Library providing XML and HTML support Name: libxml2 Version: 2.9.5 -Release: 0rc2%{?dist}%{?extra_release} +Release: 1%{?dist}%{?extra_release} License: MIT Group: Development/Libraries -Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}-rc2.tar.gz +Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: python-devel %if 0%{?with_python3} @@ -203,6 +203,6 @@ rm -fr %{buildroot} %endif # with_python3 %changelog -* Thu Aug 31 2017 Daniel Veillard +* Mon Sep 4 2017 Daniel Veillard - upstream release 2.9.5 see http://xmlsoft.org/news.html diff --git a/testapi.c b/testapi.c index b2f6e46..168ceb6 100644 --- a/testapi.c +++ b/testapi.c @@ -2333,16 +2333,16 @@ test_htmlParseDoc(void) { char * encoding; /* a free form C string describing the HTML document encoding, or NULL */ int n_encoding; - for (n_cur = 0;n_cur < gen_nb_xmlChar_ptr;n_cur++) { + for (n_cur = 0;n_cur < gen_nb_const_xmlChar_ptr;n_cur++) { for (n_encoding = 0;n_encoding < gen_nb_const_char_ptr;n_encoding++) { mem_base = xmlMemBlocks(); - cur = gen_xmlChar_ptr(n_cur, 0); + cur = gen_const_xmlChar_ptr(n_cur, 0); encoding = gen_const_char_ptr(n_encoding, 1); - ret_val = htmlParseDoc(cur, (const char *)encoding); + ret_val = htmlParseDoc((const xmlChar *)cur, (const char *)encoding); desret_htmlDocPtr(ret_val); call_tests++; - des_xmlChar_ptr(n_cur, cur, 0); + des_const_xmlChar_ptr(n_cur, (const xmlChar *)cur, 0); des_const_char_ptr(n_encoding, (const char *)encoding, 1); xmlResetLastError(); if (mem_base != xmlMemBlocks()) { @@ -2685,20 +2685,20 @@ test_htmlSAXParseDoc(void) { void * userData; /* if using SAX, this pointer will be provided on callbacks. */ int n_userData; - for (n_cur = 0;n_cur < gen_nb_xmlChar_ptr;n_cur++) { + for (n_cur = 0;n_cur < gen_nb_const_xmlChar_ptr;n_cur++) { for (n_encoding = 0;n_encoding < gen_nb_const_char_ptr;n_encoding++) { for (n_sax = 0;n_sax < gen_nb_htmlSAXHandlerPtr;n_sax++) { for (n_userData = 0;n_userData < gen_nb_userdata;n_userData++) { mem_base = xmlMemBlocks(); - cur = gen_xmlChar_ptr(n_cur, 0); + cur = gen_const_xmlChar_ptr(n_cur, 0); encoding = gen_const_char_ptr(n_encoding, 1); sax = gen_htmlSAXHandlerPtr(n_sax, 2); userData = gen_userdata(n_userData, 3); - ret_val = htmlSAXParseDoc(cur, (const char *)encoding, sax, userData); + ret_val = htmlSAXParseDoc((const xmlChar *)cur, (const char *)encoding, sax, userData); desret_htmlDocPtr(ret_val); call_tests++; - des_xmlChar_ptr(n_cur, cur, 0); + des_const_xmlChar_ptr(n_cur, (const xmlChar *)cur, 0); des_const_char_ptr(n_encoding, (const char *)encoding, 1); des_htmlSAXHandlerPtr(n_sax, sax, 2); des_userdata(n_userData, userData, 3); -- 2.7.4