From 4b4d3d85165e6bfca23893cf98834c4bc747a96c Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Fri, 6 Oct 2017 09:00:53 +0200 Subject: [PATCH] Release of libxml2-2.9.6 * configure.ac doc/xml.html doc/news.html: updated for release --- configure.ac | 2 +- doc/libxml2.xsa | 186 ++++++++++++++++++++++++++++-------------------- doc/news.html | 20 +++++- doc/xml.html | 20 ++++++ python/setup.py | 2 +- 5 files changed, 150 insertions(+), 80 deletions(-) diff --git a/configure.ac b/configure.ac index 19e4dc79..ff190a5a 100644 --- a/configure.ac +++ b/configure.ac @@ -9,7 +9,7 @@ AC_CANONICAL_HOST LIBXML_MAJOR_VERSION=2 LIBXML_MINOR_VERSION=9 -LIBXML_MICRO_VERSION=5 +LIBXML_MICRO_VERSION=6 LIBXML_MICRO_VERSION_SUFFIX= LIBXML_VERSION=$LIBXML_MAJOR_VERSION.$LIBXML_MINOR_VERSION.$LIBXML_MICRO_VERSION$LIBXML_MICRO_VERSION_SUFFIX LIBXML_VERSION_INFO=`expr $LIBXML_MAJOR_VERSION + $LIBXML_MINOR_VERSION`:$LIBXML_MICRO_VERSION:$LIBXML_MINOR_VERSION diff --git a/doc/libxml2.xsa b/doc/libxml2.xsa index 74580ff6..25ff51d8 100644 --- a/doc/libxml2.xsa +++ b/doc/libxml2.xsa @@ -8,93 +8,125 @@ libxml2 - 2.9.4 - May 23 2016 + v2.9.5 + Sep 04 2017 http://xmlsoft.org/ - Security: - More format string warnings with possible format string vulnerability (David Kilzer), - Avoid building recursive entities (Daniel Veillard), - Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde), - Heap-based buffer-underreads due to xmlParseName (David Kilzer), - Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde), - Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (Pranjal Jumde), - Fix some format string warnings with possible format string vulnerability (David Kilzer), - Detect change of encoding when parsing HTML names (Hugh Davenport), - Fix inappropriate fetch of entities content (Daniel Veillard), - Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> (Pranjal Jumde), - Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> (Pranjal Jumde), - Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> (David Kilzer), - Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> (Pranjal Jumde), - Add missing increments of recursion depth counter to XML parser. (Peter Simons) + Detect infinite recursion in parameter entities (Nick Wellnhofer), + Fix handling of parameter-entity references (Nick Wellnhofer), + Disallow namespace nodes in XPointer ranges (Nick Wellnhofer), + Fix XPointer paths beginning with range-to (Nick Wellnhofer) - Documentation: - Fix typo: s{ ec -> cr }cipt (Jan Pokorný), - Fix typos: dictio{ nn -> n }ar{y,ies} (Jan Pokorný), - Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } (Jan Pokorný), - Correct a typo. (Shlomi Fish) + Documentation fixes (Nick Wellnhofer), + Spelling and grammar fixes (Nick Wellnhofer) - Portability: - Correct the usage of LDFLAGS (Mattias Hansson), - Revert the use of SAVE_LDFLAGS in configure.ac (Mattias Hansson), - libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles (Mike Frysinger), - Fix apibuild for a recently added construct (Daniel Veillard), - Use pkg-config to locate zlib when possible (Stewart Brodie), - Use pkg-config to locate ICU when possible (Stewart Brodie), - Portability to non C99 compliant compilers (Patrick Monnerat), - dict.h: Move xmlDictPtr definition before includes to allow direct inclusion. (Patrick Monnerat), - os400: tell about xmllint and xmlcatalog in README400. (Patrick Monnerat), - os400: properly process SGML add in XMLCATALOG command. (Patrick Monnerat), - os400: implement CL command XMLCATALOG. (Patrick Monnerat), - os400: compile and install program xmlcatalog (qshell-only). (Patrick Monnerat), - os400: expand tabs in sources, strip trailing blanks. (Patrick Monnerat), - os400: implement CL command XMLLINT. (Patrick Monnerat), - os400: compile and install program xmllint (qshell-only). (Patrick Monnerat), - os400: initscript make_module(): Use options instead of positional parameters. (Patrick Monnerat), - os400: c14n.rpgle: allow *omit for nullable reference parameters. (Patrick Monnerat), - os400: use like() for double type. (Patrick Monnerat), - os400: use like() for int type. (Patrick Monnerat), - os400: use like() for unsigned int type. (Patrick Monnerat), - os400: use like() for enum types. (Patrick Monnerat), - Add xz to xml2-config --libs output (Baruch Siach), - Bug 760190: configure.ac should be able to build --with-icu without icu-config tool <https://bugzilla.gnome.org/show_bug.cgi?id=760190> (David Kilzer), - win32\VC10\config.h and VS 2015 (Bruce Dawson), - Add configure maintainer mode (orzen) + Adding README.zOS to list of extra files for the release (Daniel Veillard), + Description of work needed to compile on zOS (Stéphane Michaut), + Porting libxml2 on zOS encoding of code (Stéphane Michaut), + small changes for OS/400 (Patrick Monnerat), + relaxng.c, xmlschemas.c: Fix build on pre-C99 compilers (Chun-wei Fan) - Bug Fixes: - Avoid an out of bound access when serializing malformed strings (Daniel Veillard), - Unsigned addition may overflow in xmlMallocAtomicLoc() (David Kilzer), - Integer signed/unsigned type mismatch in xmlParserInputGrow() (David Kilzer), - Bug 763071: heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> (Pranjal Jumde), - Integer overflow parsing port number in URI (Michael Paddon), - Fix an error with regexp on nullable counted char transition (Daniel Veillard), - Fix memory leak with XPath namespace nodes (Nick Wellnhofer), - Fix namespace axis traversal (Nick Wellnhofer), - Fix null pointer deref in docs with no root element (Hugh Davenport), - Fix XSD validation of URIs with ampersands (Alex Henrie), - xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of day" and should not cause an error. (Patrick Monnerat), - xmlcatalog: flush stdout before interactive shell input. (Patrick Monnerat), - xmllint: flush stdout before interactive shell input. (Patrick Monnerat), - Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression (Nick Wellnhofer), - Fix namespace::node() XPath expression (Nick Wellnhofer), - Fix OOB write in xmlXPathEmptyNodeSet (Nick Wellnhofer), - Fix parsing of NCNames in XPath (Nick Wellnhofer), - Fix OOB read with invalid UTF-8 in xmlUTF8Strsize (Nick Wellnhofer), - Do normalize string-based datatype value in RelaxNG facet checking (Audric Schiltknecht), - Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix for "xmlSaveUri() incorrectly recomposes URIs with rootless paths" <https://bugzilla.gnome.org/show_bug.cgi?id=760921> (David Kilzer), - Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd <https://bugzilla.gnome.org/show_bug.cgi?id=760861> (David Kilzer), - error.c: *input->cur == 0 does not mean no error (Pavel Raiskup), - Add missing RNG test files (David Kilzer), - Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer <https://bugzilla.gnome.org/show_bug.cgi?id=760183> (David Kilzer), - Bug 758572: ASAN crash in make check <https://bugzilla.gnome.org/show_bug.cgi?id=758572> (David Kilzer), - Bug 721158: Missing ICU string when doing --version on xmllint <https://bugzilla.gnome.org/show_bug.cgi?id=721158> (David Kilzer), - python 3: libxml2.c wrappers create Unicode str already (Michael Stahl), - Add autogen.sh to distrib (orzen), - Heap-based buffer overread in xmlNextChar (Daniel Veillard) + Problem resolving relative URIs (Daniel Veillard), + Fix unwanted warnings when switching encodings (Nick Wellnhofer), + Fix signature of xmlSchemaAugmentImportedIDC (Daniel Veillard), + Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup (David Kilzer), + Fix NULL pointer deref in xmlFAParseCharClassEsc (Nick Wellnhofer), + Fix infinite loops with push parser in recovery mode (Nick Wellnhofer), + Send xmllint usage error to stderr (Nick Wellnhofer), + Fix NULL deref in xmlParseExternalEntityPrivate (Nick Wellnhofer), + Make sure not to call IS_BLANK_CH when parsing the DTD (Nick Wellnhofer), + Fix xmlHaltParser (Nick Wellnhofer), + Fix pathological performance when outputting charrefs (Nick Wellnhofer), + Fix invalid-source-encoding warnings in testWriter.c (Nick Wellnhofer), + Fix duplicate SAX callbacks for entity content (David Kilzer), + Treat URIs with scheme as absolute in C14N (Nick Wellnhofer), + Fix copy-paste errors in error messages (Nick Wellnhofer), + Fix sanity check in htmlParseNameComplex (Nick Wellnhofer), + Fix potential infinite loop in xmlStringLenDecodeEntities (Nick Wellnhofer), + Reset parser input pointers on encoding failure (Nick Wellnhofer), + Fix memory leak in xmlParseEntityDecl error path (Nick Wellnhofer), + Fix xmlBuildRelativeURI for URIs starting with './' (Nick Wellnhofer), + Fix type confusion in xmlValidateOneNamespace (Nick Wellnhofer), + Fix memory leak in xmlStringLenGetNodeList (Nick Wellnhofer), + Fix NULL pointer deref in xmlDumpElementContent (Daniel Veillard), + Fix memory leak in xmlBufAttrSerializeTxtContent (Nick Wellnhofer), + Stop parser on unsupported encodings (Nick Wellnhofer), + Check for integer overflow in memory debug code (Nick Wellnhofer), + Fix buffer size checks in xmlSnprintfElementContent (Nick Wellnhofer), + Avoid reparsing in xmlParseStartTag2 (Nick Wellnhofer), + Fix undefined behavior in xmlRegExecPushStringInternal (Nick Wellnhofer), + Check XPath exponents for overflow (Nick Wellnhofer), + Check for overflow in xmlXPathIsPositionalPredicate (Nick Wellnhofer), + Fix spurious error message (Nick Wellnhofer), + Fix memory leak in xmlCanonicPath (Nick Wellnhofer), + Fix memory leak in xmlXPathCompareNodeSetValue (Nick Wellnhofer), + Fix memory leak in pattern error path (Nick Wellnhofer), + Fix memory leak in parser error path (Nick Wellnhofer), + Fix memory leaks in XPointer error paths (Nick Wellnhofer), + Fix memory leak in xmlXPathNodeSetMergeAndClear (Nick Wellnhofer), + Fix memory leak in XPath filter optimizations (Nick Wellnhofer), + Fix memory leaks in XPath error paths (Nick Wellnhofer), + Do not leak the new CData node if adding fails (David Tardon), + Prevent unwanted external entity reference (Neel Mehta), + Increase buffer space for port in HTTP redirect support (Daniel Veillard), + Fix more NULL pointer derefs in xpointer.c (Nick Wellnhofer), + Avoid function/data pointer conversion in xpath.c (Nick Wellnhofer), + Fix format string warnings (Nick Wellnhofer), + Disallow namespace nodes in XPointer points (Nick Wellnhofer), + Fix comparison with root node in xmlXPathCmpNodes (Nick Wellnhofer), + Fix attribute decoding during XML schema validation (Alex Henrie), + Fix NULL pointer deref in XPointer range-to (Nick Wellnhofer) - Improvements: - Add more debugging info to runtest (Daniel Veillard), - Implement "runtest -u" mode (David Kilzer), - Add a make rule to rebuild for ASAN (Daniel Veillard) + Updating the spec file to reflect Fedora 24 (Daniel Veillard), + Add const in five places to move 1 KiB to .rdata (Bruce Dawson), + Fix missing part of comment for function xmlXPathEvalExpression() (Daniel Veillard), + Get rid of "blanks wrapper" for parameter entities (Nick Wellnhofer), + Simplify handling of parameter entity references (Nick Wellnhofer), + Deduplicate code in encoding.c (Nick Wellnhofer), + Make HTML parser functions take const pointers (Nick Wellnhofer), + Build test programs only when needed (Nick Wellnhofer), + Fix doc/examples/index.py (Nick Wellnhofer), + Fix compiler warnings in threads.c (Nick Wellnhofer), + Fix empty-body warning in nanohttp.c (Nick Wellnhofer), + Fix cast-align warnings (Nick Wellnhofer), + Fix unused-parameter warnings (Nick Wellnhofer), + Rework entity boundary checks (Nick Wellnhofer), + Don't switch encoding for internal parameter entities (Nick Wellnhofer), + Merge duplicate code paths handling PE references (Nick Wellnhofer), + Test SAX2 callbacks with entity substitution (Nick Wellnhofer), + Support catalog and threads tests under --without-sax1 (Nick Wellnhofer), + Misc fixes for 'make tests' (Nick Wellnhofer), + Initialize keepBlanks in HTML parser (Nick Wellnhofer), + Add test cases for bug 758518 (David Kilzer), + Fix compiler warning in htmlParseElementInternal (Nick Wellnhofer), + Remove useless check in xmlParseAttributeListDecl (Nick Wellnhofer), + Allow zero sized memory input buffers (Nick Wellnhofer), + Add TODO comment in xmlSwitchEncoding (Nick Wellnhofer), + Check for integer overflow in xmlXPathFormatNumber (Nick Wellnhofer), + Make Travis print UBSan stacktraces (Nick Wellnhofer), + Add .travis.yml (Nick Wellnhofer), + Fix expected error output in Python tests (Nick Wellnhofer), + Simplify control flow in xmlParseStartTag2 (Nick Wellnhofer), + Disable LeakSanitizer when running API tests (Nick Wellnhofer), + Avoid out-of-bound array access in API tests (Nick Wellnhofer), + Avoid spurious UBSan errors in parser.c (Nick Wellnhofer), + Parse small XPath numbers more accurately (Nick Wellnhofer), + Rework XPath rounding functions (Nick Wellnhofer), + Fix white space in test output (Nick Wellnhofer), + Fix axis traversal from attribute and namespace nodes (Nick Wellnhofer), + Check for trailing characters in XPath expressions earlier (Nick Wellnhofer), + Rework final handling of XPath results (Nick Wellnhofer), + Make xmlXPathEvalExpression call xmlXPathEval (Nick Wellnhofer), + Remove unused variables (Nick Wellnhofer), + Don't print generic error messages in XPath tests (Nick Wellnhofer) + + - Cleanups: + Fix a couple of misleading indentation errors (Daniel Veillard), + Remove unnecessary calls to xmlPopInput (Nick Wellnhofer) diff --git a/doc/news.html b/doc/news.html index 512dba90..9a1d3e37 100644 --- a/doc/news.html +++ b/doc/news.html @@ -8,7 +8,25 @@ H2 {font-family: Verdana,Arial,Helvetica} H3 {font-family: Verdana,Arial,Helvetica} A:link, A:visited, A:active { text-decoration: underline } Releases
Action against software patentsGnome2 LogoW3C LogoRed Hat Logo
Made with Libxml2 Logo

The XML C parser and toolkit of Gnome

Releases

Main Menu
Related links

The change log describes the recents commits -to the GIT code base.

Here is the list of public releases:

v2.9.5: Sep 04 2017

    +to the GIT code base.

    Here is the list of public releases:

    v2.9.6: Oct 06 2017

      +
    • Portability:
      + Change preprocessor OS tests to __linux__ (Nick Wellnhofer)
      +
      • + +
    • Bug Fixes:
      + Fix XPath stack frame logic (Nick Wellnhofer),
      + Report undefined XPath variable error message (Nick Wellnhofer),
      + Fix regression with librsvg (Nick Wellnhofer),
      + Handle more invalid entity values in recovery mode (Nick Wellnhofer),
      + Fix structured validation errors (Nick Wellnhofer),
      + Fix memory leak in LZMA decompressor (Nick Wellnhofer),
      + Set memory limit for LZMA decompression (Nick Wellnhofer),
      + Handle illegal entity values in recovery mode (Nick Wellnhofer),
      + Fix debug dump of streaming XPath expressions (Nick Wellnhofer),
      + Fix memory leak in nanoftp (Nick Wellnhofer),
      + Fix memory leaks in SAX1 parser (Nick Wellnhofer)
      +
      • +

    v2.9.5: Sep 04 2017

    • Security:
      Detect infinite recursion in parameter entities (Nick Wellnhofer),
      diff --git a/doc/xml.html b/doc/xml.html index 52b46e63..019b5bee 100644 --- a/doc/xml.html +++ b/doc/xml.html @@ -709,6 +709,26 @@ to the GIT code base.

      Here is the list of public releases:

      +

      v2.9.6: Oct 06 2017

      +
        +
      • Portability:
        + Change preprocessor OS tests to __linux__ (Nick Wellnhofer)
        +
        • + +
      • Bug Fixes:
        + Fix XPath stack frame logic (Nick Wellnhofer),
        + Report undefined XPath variable error message (Nick Wellnhofer),
        + Fix regression with librsvg (Nick Wellnhofer),
        + Handle more invalid entity values in recovery mode (Nick Wellnhofer),
        + Fix structured validation errors (Nick Wellnhofer),
        + Fix memory leak in LZMA decompressor (Nick Wellnhofer),
        + Set memory limit for LZMA decompression (Nick Wellnhofer),
        + Handle illegal entity values in recovery mode (Nick Wellnhofer),
        + Fix debug dump of streaming XPath expressions (Nick Wellnhofer),
        + Fix memory leak in nanoftp (Nick Wellnhofer),
        + Fix memory leaks in SAX1 parser (Nick Wellnhofer)
        +
        • +

      v2.9.5: Sep 04 2017

        diff --git a/python/setup.py b/python/setup.py index 3e329303..8ff56c28 100755 --- a/python/setup.py +++ b/python/setup.py @@ -226,7 +226,7 @@ else: setup (name = "libxml2-python", # On *nix, the version number is created from setup.py.in # On windows, it is set by configure.js - version = "2.9.5", + version = "2.9.6", description = descr, author = "Daniel Veillard", author_email = "veillard@redhat.com",