-fix more potential problems on reallocation failures (CVE-2011-1944)
-Fix memory corruption
also replace an error handling which doesn't recover from
integer overflow
bump PKGREV
changes:
-add code to plug in ICU converters by default
-Add xmlSaveOption XML_SAVE_WSNONSIG
-documentation fixes
-portability fixes
-bugfixes, in particular for an XPath problem which can be exploited
to crash the program by a malformed XPath expression (CVE-2010-4008)
-misc improvements, cleanup
changes:
-bugfixes
-portability and documentation improvements
-cleanup
pkgsrc note: added some tweaks to EBCDIC support, both to fix non-
portable assumptions in the code and to work around NetBSD deficiencies;
now it needs only a little fix to CP273 (newline conversion) to make
the selftest succeed on NetBSD
2.7.3: Jan 18 2009
* Build fix: fix build when HTML support is not included.
* Bug fixes: avoid memory overflow in gigantic text nodes,
indentation problem on the writed (Rob Richards), xmlAddChildList
pointer problem (Rob Richards and Kevin Milburn), xmlAddChild
problem with attribute (Rob Richards and Kris Breuker), avoid
a memory leak in an edge case (Daniel Zimmermann), deallocate
some pthread data (Alex Ott).
* Improvements: configure option to avoid rebuilding docs
(Adrian Bunk), limit text nodes to 10MB max by default, add
element traversal APIs, add a parser option to enable pre 2.7
SAX behavior (Rob Richards), add gcc malloc checking (Marcus
Meissner), add gcc printf like functions parameters checking
(Marcus Meissner).
changes:
-Portability fix: fix solaris compilation problem, fix compilation
if XPath is not configured in
-Bug fixes: nasty entity bug introduced in 2.7.0, restore old behaviour
when saving an HTML doc with an xml dump function,
HTML UTF-8 parsing bug, fix reader custom error handlers
-Improvement: xmlSave options for more flexibility to save
as XML/HTML/XHTML, handle leading BOM in HTML documents
cvs: ----------------------------------------------------------------------
2.7.1: Sep 1 2008
* Portability fix: Borland C fix (Moritz Both)
* Bug fixes: python serialization wrappers, XPath QName corner
case handking and leaks (Martin)
* Improvement: extend the xmlSave to handle HTML documents and trees
* Cleanup: python serialization wrappers
2.7.0: Aug 30 2008
* Documentation: switch ChangeLog to UTF-8, improve mutithreads
and xmlParserCleanup docs
* Portability fixes: Older Win32 platforms (Rob Richards), MSVC
porting fix (Rob Richards), Mac OS X regression tests (Sven
Herzberg), non GNUCC builds (Rob Richards), compilation on
Haiku (Andreas F�rber)
* Bug fixes: various realloc problems (Ashwin), potential
double-free (Ashwin), regexp crash, icrash with invalid whitespace
facets (Rob Richards), pattern fix when streaming (William
Brack), various XML parsing and validation fixes based on the
W3C regression tests, reader tree skipping function fix (Ashwin),
Schemas regexps escaping fix (Volker Grabsch), handling of
entity push errors (Ashwin), fix a slowdown when encoder cant
serialize characters on output
* Code cleanup: compilation fix without the reader, without
the output (Robert Schwebel), python whitespace (Martin), many
space/tabs cleanups, serious cleanup of the entity handling
code
* Improvement: switch parser to XML-1.0 5th edition, add parsing
flags for old versions, switch URI parsing to RFC 3986, add
xmlSchemaValidCtxtGetParserCtxt (Holger Kaelberer), new hashing
functions for dictionnaries (based on Stefan Behnel work),
improve handling of misplaced html/head/body in HTML parser,
better regression test tools and code coverage display, better
algorithms to detect various versions of the billion laughts
attacks, make arbitrary parser limits avoidable as a parser
option
2.6.31: Jan 11 2008:
- Security fix: missing of checks in UTF-8 parsing
- Bug fixes: regexp bug, dump attribute from XHTML document, fix
xmlFree(NULL) to not crash in debug mode, Schematron parsing crash
(Rob Richards), global lock free on Windows (Marc-Antoine Ruel),
XSD crash due to double free (Rob Richards), indentation fix in
xmlTextWriterFullEndElement (Felipe Pena), error in attribute type
parsing if attribute redeclared, avoid crash in hash list scanner if
deleting elements, column counter bug fix (Christian Schmidt),
HTML embed element saving fix (Stefan Behnel), avoid -L/usr/lib
output from xml2-config (Fred Crozat), avoid an xmllint crash
(Stefan Kost), don't stop HTML parsing on out of range chars.
- Code cleanup: fix open() call third argument, regexp cut'n paste
copy error, unused variable in __xmlGlobalInitMutexLock (Hannes Eder),
some make distcheck realted fixes (John Carr)
- Improvements: HTTP Header: includes port number (William Brack),
testURI --debug option,
* Portability: Solaris crash on error handling, windows path fixes
(Roland Schwarz and Rob Richards), mingw build (Roland Schwarz)
* Bugfixes: xmlXPathNodeSetSort problem (William Brack), leak when
reusing a writer for a new document (Dodji Seketeli), Schemas
xsi:nil handling patch (Frank Gross), relative URI build problem
(Patrik Fimml), crash in xmlDocFormatDump, invalid char in comment
detection bug, fix disparity with xmlSAXUserParseMemory, automata
generation for complex regexp counts problems, Schemas IDC import
problems (Frank Gross), xpath predicate evailation error handling
(William Brack)
2.6.29: Jun 12 2007:
- Portability: patches from Andreas Stricke for WinCEi,
fix compilation warnings (William Brack), avoid warnings on Apple OS/X
(Wendy Doyle and Mark Rowe), Windows compilation and threading
improvements (Rob Richards), compilation against old Python versions,
new GNU tar changes (Ryan Hill)
- Documentation: xmlURIUnescapeString comment,
- Bugfixes: xmlBufferAdd problem (Richard Jones), 'make valgrind'
flag fix (Richard Jones), regexp interpretation of \,
htmlCreateDocParserCtxt (Jean-Daniel Dupas), configure.in
typo (Bjorn Reese), entity content failure, xmlListAppend() fix
(Georges-André Silber), XPath number serialization (William Brack),
nanohttp gzipped stream fix (William Brack and Alex Cornejo),
xmlCharEncFirstLine typo (Mark Rowe), uri bug (François Delyon),
XPath string value of PI nodes (William Brack), XPath node set
sorting bugs (William Brack), avoid outputting namespace decl
dups in the writer (Rob Richards), xmlCtxtReset bug, UTF-8 encoding
error handling, recustion on next in catalogs, fix a Relax-NG crash,
workaround wrong file: URIs, htmlNodeDumpFormatOutput on attributes,
invalid character in attribute detection bug, big comments before
internal subset streaming bug, HTML parsing of attributes with : in
the name
- Improvement: keep URI query parts in raw form (Richard Jones),
embed tag support in HTML (Michael Day)
2.6.28: Apr 17 2007:
- Documentation: comment fixes (Markus Keim), xpath comments fixes too
(James Dennett)
- Bug fixes: XPath bug (William Brack), HTML parser autoclose stack usage
(Usamah Malik), various regexp bug fixes (DV and William), path conversion
on Windows (Igor Zlatkovic), htmlCtxtReset fix (Michael Day), XPath
principal node of axis bug, HTML serialization of some codepoint
(Steven Rainwater), user data propagation in XInclude (Michael Day),
standalone and XML decl detection (Michael Day), Python id ouptut
for some id, fix the big python string memory leak, URI parsing fixes
(Stéphane Bidoul and William), long comments parsing bug (William),
concurrent threads initialization (Ted Phelps), invalid char
in text XInclude (William), XPath memory leak (William), tab in
python problems (Andreas Hanke), XPath node comparison error
(Oleg Paraschenko), cleanup patch for reader (Julien Reichel),
XML Schemas attribute group (William), HTML parsing problem (William),
fix char 0x2d in regexps (William), regexp quantifier range with
min occurs of 0 (William), HTML script/style parsing (Mike Day)
- Improvement: make xmlTextReaderSetup() public
- Compilation and postability: fix a missing include problem (William),
__ss_familly on AIX again (Björn Wiberg), compilation without zlib
(Michael Day), catalog patch for Win32 (Christian Ehrlicher),
Windows CE fixes (Andreas Stricke)
- Various CVS to SVN infrastructure changes
2.6.21: Sep 4 2005:
- build fixes: Cygwin portability fixes (Gerrit P. Haase), calling
convention problems on Windows (Marcus Boerger), cleanups based on
Linus' sparse tool, update of win32/configure.js (Rob Richards),
remove warnings on Windows(Marcus Boerger), compilation without SAX1,
detection of the Python binary, use $GCC inestad of $CC = 'gcc' (Andrew
W. Nosenko), compilation/link with threads and old gcc, compile
problem by C370 on Z/OS,
- bug fixes: http_proxy environments (Peter Breitenlohner), HTML UTF-8
bug (Jiri Netolicky), XPath NaN compare bug (William Brack),
htmlParseScript potential bug, Schemas regexp handling of spaces,
Base64 Schemas comparisons NIST passes, automata build error xsd:all,
xmlGetNodePath for namespaced attributes (Alexander Pohoyda),
xmlSchemas foreign namespaces handling, XML Schemas facet comparison
(Kupriyanov Anatolij), xmlSchemaPSimpleTypeErr error report (Kasimier
Buchcik), xml: namespace ahndling in Schemas (Kasimier), empty model
group in Schemas (Kasimier), wilcard in Schemas (Kasimier), URI
composition (William), xs:anyType in Schemas (Kasimier), Python resolver
emmitting error messages directly, Python xmlAttr.parent (Jakub Piotr
Clapa), trying to fix the file path/URI conversion,
xmlTextReaderGetAttribute fix (Rob Richards), xmlSchemaFreeAnnot memleak
(Kasimier), HTML UTF-8 serialization, streaming XPath, Schemas determinism
detection problem, XInclude bug, Schemas context type (Dean Hill),
validation fix (Derek Poon), xmlTextReaderGetAttribute[Ns] namespaces
(Rob Richards), Schemas type fix (Kuba Nowakowski), UTF-8 parser bug,
error in encoding handling, xmlGetLineNo fixes, bug on entities handling,
entity name extraction in error handling with XInclude, text nodes
in HTML body tags (Gary Coady), xml:id and IDness at the treee level
fixes, XPath streaming patterns bugs.
- improvements: structured interfaces for schemas and RNG error reports
(Marcus Boerger), optimization of the char data inner loop parsing
(thanks to Behdad Esfahbod for the idea), schematron validation
though not finished yet, xmlSaveOption to omit XML declaration,
keyref match error reports (Kasimier), formal expression handling
code not plugged yet, more lax mode for the HTML parser,
parser XML_PARSE_COMPACT option for text nodes allocation.
- documentation: xmllint man page had --nonet duplicated
2.6.20: Jul 10 2005:
- build fixes: Windows build (Rob Richards), Mingw compilation (Igor
Zlatkovic), Windows Makefile (Igor), gcc warnings (Kasimier and
andriy@google.com), use gcc weak references to pthread to avoid the
pthread dependancy on Linux, compilation problem (Steve Nairn),
compiling of subset (Morten Welinder), IPv6/ss_family compilation
(William Brack), compilation when disabling parts of the library,
standalone test distribution.
- bug fixes: bug in lang(), memory cleanup on errors (William Brack),
HTTP query strings (Aron Stansvik), memory leak in DTD (William),
integer overflow in XPath (William), nanoftp buffer size, pattern
"." apth fixup (Kasimier), leak in tree reported by Malcolm Rowe,
replaceNode patch (Brent Hendricks), CDATA with NULL content
(Mark Vakoc), xml:base fixup on XInclude (William), pattern
fixes (William), attribute bug in exclusive c14n (Aleksey Sanin),
xml:space and xml:lang with SAX2 (Rob Richards), namespace
trouble in complex parsing (Malcolm Rowe), XSD type QNames fixes
(Kasimier), XPath streaming fixups (William), RelaxNG bug (Rob Richards),
Schemas for Schemas fixes (Kasimier), removal of ID (Rob Richards),
a small RelaxNG leak, HTML parsing in push mode bug (James Bursa),
failure to detect UTF-8 parsing bugs in CDATA sections, areBlanks()
heuristic failure, duplicate attributes in DTD bug (William).
- improvements: lot of work on Schemas by Kasimier Buchcik both on
conformance and streaming, Schemas validation messages (Kasimier
Buchcik, Matthew Burgess), namespace removal at the python level
(Brent Hendricks), Update to new Schemas regression tests from
W3C/Nist (Kasimier), xmlSchemaValidateFile() (Kasimier), implementation
of xmlTextReaderReadInnerXml and xmlTextReaderReadOuterXml (James Wert),
standalone test framework and programs, new DOM import APIs
xmlDOMWrapReconcileNamespaces() xmlDOMWrapAdoptNode() and
xmlDOMWrapRemoveNode(), extension of xmllint capabilities for
SAX and Schemas regression tests, xmlStopParser() available in
pull mode too, ienhancement to xmllint --shell namespaces support,
Windows port of the standalone testing tools (Kasimier and William),
xmlSchemaValidateStream() xmlSchemaSAXPlug() and xmlSchemaSAXUnplug()
SAX Schemas APIs, Schemas xmlReader support.
This release include a number of bug fixes, some build fixes and more
improvements on the W3C XML Schemas validation from Kasimier Buchcik:
build fixes:
- drop .la from RPMs
- --with-minimum build fix (William Brack)
- use XML_SOCKLEN_T instead of SOCKLEN_T because it breaks with
AIX 5.3 compiler
- fixed elfgcchack.h generation and PLT reduction code on Linux/ELF/gcc4
bug fixes:
- schemas type decimal fixups (William Brack)
- xmmlint return code (Gerry Murphy)
- small schemas fixes (Matthew Burgess and GUY Fabrice)
- workaround "DAV:" namespace brokeness in c14n (Aleksey Sanin)
- segfault in Schemas (Kasimier Buchcik)
- Schemas attribute validation (Kasimier)
- Prop related functions and xmlNewNodeEatName (Rob Richards)
- HTML serialization of name attribute on a elements
- Python error handlers leaks and improvement (Brent Hendricks)
- uninitialized variable in encoding code
- Relax-NG validation bug
- potential crash if gnorableWhitespace is NULL
- xmlSAXParseDoc and xmlParseDoc signatures
- switched back to assuming UTF-8 in case no encoding is given
at serialization time
improvements:
- lot of work on Schemas by Kasimier Buchcik on facets checking and
also mixed handling.
catalog path in the relevant files (catalog.c, xmlcatalog.c) directly
rather than defining it in the CFLAGS.
Do not bump pkgrevision since nothing changed in the resulting binaries.
This release includes a lot of fixes and improvement to existing
features plus a few new APIs:
* build fixes:
- Windows
- warnings removal (William Brack)
- maintainer-clean dependency(William)
- build in a different directory (William)
- fixing --with-minimum configure build (William)
- BeOS build (Marcin Konicki)
- compilation on AIX (Dan McNichol)
* bug fixes:
- xmlTextReaderHasAttributes (Rob Richards)
- xmlCtxtReadFile() to use the catalog(s)
- loop on output (William Brack)
- XPath memory leak
- ID deallocation problem (Steve Shepard)
- debugDumpNode crash (William)
- warning not using error callback (William)
- xmlStopParser bug (William)
- UTF-16 with BOM on DTDs (William)
- namespace bug on empty elements in push mode (Rob Richards)
- line and col computations fixups (Aleksey Sanin)
- xmlURIEscape fix (William)
- xmlXPathErr on bad range (William)
- patterns with too many steps
- bug in RNG choice optimization
- line number sometimes missing.
* improvements:
- XSD Schemas (Kasimier Buchcik)
- xmlUTF8Strpos speedup (William)
- XSD error reports (Kasimier Buchcik)
* new APIs:
- added xmlDictExists()
- GetLineNumber and GetColumnNumber for the xmlReader (Aleksey Sanin)
- Dynamic Shared Libraries APIs (mostly Joel Reed)
- error extraction API from regexps
- new XMLSave option for format (Phil Shafer)
* documentation:
- site improvement (John Fleck), FAQ entries (William).
2.6.16: Nov 10 2004:
- general hardening and bug fixing crossing all the API based on new
automated regression testing
- build fix: IPv6 build and test on AIX (Dodji Seketeli)
- bug fixes: problem with XML::Libxml reported by Petr Pajas, encoding
conversion functions return values, UTF-8 bug affecting XPath reported by
Markus Bertheau, catalog problem with NULL entries (William Brack)
- documentation: fix to xmllint man page, some API function descritpion
were updated.
- improvements: DTD validation APIs provided at the Python level (Brent
Hendricks)
changes:
* security fixes on the nanoftp and nanohttp modules
For details see:
http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0
* build fixes:
- xmllint detection bug in configure
- building outside the source tree (Thomas Fitzsimmons)
* bug fixes:
- HTML parser on broken ASCII chars in names (William)
- Python paths (Malcolm Tredinnick)
- xmlHasNsProp and default namespace (William)
- saving to python file objects (Malcolm Tredinnick)
- DTD lookup fix (Malcolm)
- save back <group> in catalogs (William)
- tree build fixes (DV and Rob Richards)
- Schemas memory bug
- structured error handler on Python 64bits
- thread local memory deallocation
- memory leak reported by Volker Roth
- xmlValidateDtd in the presence of an internal subset
- entities and _private problem (William)
- xmlBuildRelativeURI error (William).
* improvements:
- better XInclude error reports (William)
- tree debugging module and tests
- convenience functions at the Reader API (Graham Bennett)
- add support for PI in the HTML parser.
Update BUILDLINK_RECOMMENDED to 2.6.15 for the security fix.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
