Commit graph

200 commits

Author SHA1 Message Date
wiz
686a1908db Updated libxml2 to 2.9.5.
2.9.5: Sep 04 2017
 • Reference Manual
 • Security:
   Detect infinite recursion in parameter entities
   (Nick Wellnhofer),
   Fix handling of parameter-entity references (Nick
   Wellnhofer),
   Disallow namespace nodes in XPointer ranges (Nick
   Wellnhofer),
   Fix XPointer paths beginning with range-to (Nick
   Wellnhofer)
 • Documentation:
   Documentation fixes (Nick Wellnhofer),
   Spelling and grammar fixes (Nick Wellnhofer)
 • Portability:
   Adding README.zOS to list of extra files for the
   release (Daniel Veillard),
   Description of work needed to compile on zOS
   (Stéphane Michaut),
   Porting libxml2 on zOS encoding of code (Stéphane
   Michaut),
   small changes for OS/400 (Patrick Monnerat),
   relaxng.c, xmlschemas.c: Fix build on pre-C99
   compilers (Chun-wei Fan)
 • Bug Fixes:
   Problem resolving relative URIs (Daniel
   Veillard),
   Fix unwanted warnings when switching encodings
   (Nick Wellnhofer),
   Fix signature of xmlSchemaAugmentImportedIDC
   (Daniel Veillard),
   Heap-buffer-overflow read of size 1 in
   xmlFAParsePosCharGroup (David Kilzer),
   Fix NULL pointer deref in xmlFAParseCharClassEsc
   (Nick Wellnhofer),
   Fix infinite loops with push parser in recovery
   mode (Nick Wellnhofer),
   Send xmllint usage error to stderr (Nick
   Wellnhofer),
   Fix NULL deref in xmlParseExternalEntityPrivate
   (Nick Wellnhofer),
   Make sure not to call IS_BLANK_CH when parsing
   the DTD (Nick Wellnhofer),
   Fix xmlHaltParser (Nick Wellnhofer),
   Fix pathological performance when outputting
   charrefs (Nick Wellnhofer),
   Fix invalid-source-encoding warnings in
   testWriter.c (Nick Wellnhofer),
   Fix duplicate SAX callbacks for entity content
   (David Kilzer),
   Treat URIs with scheme as absolute in C14N (Nick
   Wellnhofer),
   Fix copy-paste errors in error messages (Nick
   Wellnhofer),
   Fix sanity check in htmlParseNameComplex (Nick
   Wellnhofer),
   Fix potential infinite loop in
   xmlStringLenDecodeEntities (Nick Wellnhofer),
   Reset parser input pointers on encoding failure
   (Nick Wellnhofer),
   Fix memory leak in xmlParseEntityDecl error path
   (Nick Wellnhofer),
   Fix xmlBuildRelativeURI for URIs starting with '.
   /' (Nick Wellnhofer),
   Fix type confusion in xmlValidateOneNamespace
   (Nick Wellnhofer),
   Fix memory leak in xmlStringLenGetNodeList (Nick
   Wellnhofer),
   Fix NULL pointer deref in xmlDumpElementContent
   (Daniel Veillard),
   Fix memory leak in xmlBufAttrSerializeTxtContent
   (Nick Wellnhofer),
   Stop parser on unsupported encodings (Nick
   Wellnhofer),
   Check for integer overflow in memory debug code
   (Nick Wellnhofer),
   Fix buffer size checks in
   xmlSnprintfElementContent (Nick Wellnhofer),
   Avoid reparsing in xmlParseStartTag2 (Nick
   Wellnhofer),
   Fix undefined behavior in
   xmlRegExecPushStringInternal (Nick Wellnhofer),
   Check XPath exponents for overflow (Nick
   Wellnhofer),
   Check for overflow in
   xmlXPathIsPositionalPredicate (Nick Wellnhofer),
   Fix spurious error message (Nick Wellnhofer),
   Fix memory leak in xmlCanonicPath (Nick
   Wellnhofer),
   Fix memory leak in xmlXPathCompareNodeSetValue
   (Nick Wellnhofer),
   Fix memory leak in pattern error path (Nick
   Wellnhofer),
   Fix memory leak in parser error path (Nick
   Wellnhofer),
   Fix memory leaks in XPointer error paths (Nick
   Wellnhofer),
   Fix memory leak in xmlXPathNodeSetMergeAndClear
   (Nick Wellnhofer),
   Fix memory leak in XPath filter optimizations
   (Nick Wellnhofer),
   Fix memory leaks in XPath error paths (Nick
   Wellnhofer),
   Do not leak the new CData node if adding fails
   (David Tardon),
   Prevent unwanted external entity reference (Neel
   Mehta),
   Increase buffer space for port in HTTP redirect
   support (Daniel Veillard),
   Fix more NULL pointer derefs in xpointer.c (Nick
   Wellnhofer),
   Avoid function/data pointer conversion in xpath.c
   (Nick Wellnhofer),
   Fix format string warnings (Nick Wellnhofer),
   Disallow namespace nodes in XPointer points (Nick
   Wellnhofer),
   Fix comparison with root node in xmlXPathCmpNodes
   (Nick Wellnhofer),
   Fix attribute decoding during XML schema
   validation (Alex Henrie),
   Fix NULL pointer deref in XPointer range-to (Nick
   Wellnhofer)
 • Improvements:
   Updating the spec file to reflect Fedora 24
   (Daniel Veillard),
   Add const in five places to move 1 KiB to .rdata
   (Bruce Dawson),
   Fix missing part of comment for function
   xmlXPathEvalExpression() (Daniel Veillard),
   Get rid of "blanks wrapper" for parameter
   entities (Nick Wellnhofer),
   Simplify handling of parameter entity references
   (Nick Wellnhofer),
   Deduplicate code in encoding.c (Nick Wellnhofer),
   Make HTML parser functions take const pointers
   (Nick Wellnhofer),
   Build test programs only when needed (Nick
   Wellnhofer),
   Fix doc/examples/index.py (Nick Wellnhofer),
   Fix compiler warnings in threads.c (Nick
   Wellnhofer),
   Fix empty-body warning in nanohttp.c (Nick
   Wellnhofer),
   Fix cast-align warnings (Nick Wellnhofer),
   Fix unused-parameter warnings (Nick Wellnhofer),
   Rework entity boundary checks (Nick Wellnhofer),
   Don't switch encoding for internal parameter
   entities (Nick Wellnhofer),
   Merge duplicate code paths handling PE references
   (Nick Wellnhofer),
   Test SAX2 callbacks with entity substitution
   (Nick Wellnhofer),
   Support catalog and threads tests under
   --without-sax1 (Nick Wellnhofer),
   Misc fixes for 'make tests' (Nick Wellnhofer),
   Initialize keepBlanks in HTML parser (Nick
   Wellnhofer),
   Add test cases for bug 758518 (David Kilzer),
   Fix compiler warning in htmlParseElementInternal
   (Nick Wellnhofer),
   Remove useless check in xmlParseAttributeListDecl
   (Nick Wellnhofer),
   Allow zero sized memory input buffers (Nick
   Wellnhofer),
   Add TODO comment in xmlSwitchEncoding (Nick
   Wellnhofer),
   Check for integer overflow in
   xmlXPathFormatNumber (Nick Wellnhofer),
   Make Travis print UBSan stacktraces (Nick
   Wellnhofer),
   Add .travis.yml (Nick Wellnhofer),
   Fix expected error output in Python tests (Nick
   Wellnhofer),
   Simplify control flow in xmlParseStartTag2 (Nick
   Wellnhofer),
   Disable LeakSanitizer when running API tests
   (Nick Wellnhofer),
   Avoid out-of-bound array access in API tests
   (Nick Wellnhofer),
   Avoid spurious UBSan errors in parser.c (Nick
   Wellnhofer),
   Parse small XPath numbers more accurately (Nick
   Wellnhofer),
   Rework XPath rounding functions (Nick
   Wellnhofer),
   Fix white space in test output (Nick Wellnhofer),
   Fix axis traversal from attribute and namespace
   nodes (Nick Wellnhofer),
   Check for trailing characters in XPath
   expressions earlier (Nick Wellnhofer),
   Rework final handling of XPath results (Nick
   Wellnhofer),
   Make xmlXPathEvalExpression call xmlXPathEval
   (Nick Wellnhofer),
   Remove unused variables (Nick Wellnhofer),
   Don't print generic error messages in XPath tests
   (Nick Wellnhofer)
 • Cleanups:
   Fix a couple of misleading indentation errors
   (Daniel Veillard),
   Remove unnecessary calls to xmlPopInput (Nick
   Wellnhofer)
2017-09-10 20:49:20 +00:00
tez
41aa471248 xmlSnprintfElementContent failed to correctly check the available
buffer space in two locations.
Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048).
From: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74


There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.

Percent sign in DTD Names
=========================
This fixes bug 766956 initially reported by Wei Lei and independently by
Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
involved.

xmlParseNameComplex with XML_PARSE_OLD10
========================================
This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
Thanks to Marcel Böhme and Thuan Pham for the report.

Additional hardening
====================
A separate check was added in xmlParseNameComplex to validate the
buffer size.

From: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
2017-06-21 00:23:23 +00:00
maya
ef90709bc9 libxml2: Apply upstream patch for CVE-2017-5969.
(Minor issue, only a denial-of-service when using recover mode)

bump PKGREVISION
2017-06-11 04:40:53 +00:00
agc
30b55df38e Convert all occurrences (353 by my count) of
MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
2017-01-19 18:52:01 +00:00
dholland
2bfcf2281b PKGREVISION shouldn't be in Makefile.common, even though the last two
bumps applied to both users.
2016-12-30 02:17:48 +00:00
sevan
b113b01f59 Patch for CVE-2016-4658 & CVE-2016-5131
Bump rev
2016-12-27 02:34:33 +00:00
sevan
4faf94dda8 Patch CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726
Bump rev.
2016-11-30 14:46:22 +00:00
wiz
06e2fcd1e9 Use standard format for 'used by' lines, since some tools make use of this. 2016-05-28 06:47:51 +00:00
pgoyette
508b5e276e Introduce a Makefile.common so we can share it with textproc/py-libxml2 2016-05-27 23:51:10 +00:00
he
a7e96690b5 Submit the typo part of configure upstream, note the bug-ID. 2016-05-25 07:16:36 +00:00
wiz
aa5ac4ab08 Add upstream bug report URLs (from he@). 2016-05-24 21:08:21 +00:00
he
f6eb8e7e5a Update libxml2 to 2.9.4.
Pkgsrc changes:
 * Add some casts to match types and format strings, plus
   fix value range of toupper() operation.
 * Merge patch-ag into the new patch-encoding.c.
 * Add comments to existing patches which lacked comments.

Upstream changes to libxml2-2.9.4: May 23 2016

Security:

   CVE-2016-3627 Avoid building recursive entities
   CVE-2016-1833 Heap-based buffer overread in htmlCurrentChar
   CVE-2016-1835 Heap use-after-free in xmlSAX2AttributeNs
   CVE-2016-1837 Heap use-after-free in htmlParsePubidLiteral
   	      	 and htmlParseSystemiteral
   CVE-2016-1836 Bug 759398: Heap use-after-free in xmlDictComputeFastKey
   CVE-2016-1839 Bug 758605: Heap-based buffer overread in xmlDictAddString
   CVE-2016-1838 Bug 758588: Heap-based buffer overread in
	      	 xmlParserPrintFileContextInternal
   CVE-2016-1840 Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup
   CVE-2016-4483 Avoid an out of bound access when serializing
   		 malformed strings
   CVE-2016-1834 Bug 763071: heap-buffer-overflow in xmlStrncat
   CVE-2016-3705 Add missing increments of recursion depth counter to
   		 XML parser.
   CVE-2016-1762 Heap-based buffer overread in xmlNextChar

   More format string warnings with possible format string vulnerability
   Heap-based buffer-underreads due to xmlParseName
   Fix some format string warnings with possible format string vulnerability
   Unsigned addition may overflow in xmlMallocAtomicLoc()

Other bugfixes:

   Detect change of encoding when parsing HTML names
   Fix inappropriate fetch of entities content
   Correct the usage of LDFLAGS
   Revert the use of SAVE_LDFLAGS in configure.ac
   libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles
   Add more debugging info to runtest
   Implement "runtest -u" mode
   Integer signed/unsigned type mismatch in xmlParserInputGrow()
   Integer overflow parsing port number in URI
   Fix apibuild for a recently added constructv2.9.4-rc2
   Use pkg-config to locate zlib when possible
   Use pkg-config to locate ICU when possible
   Fix an error with regexp on nullable counted char transition
   Fix memory leak with XPath namespace nodes
   Fix namespace axis traversal
   Add a make rule to rebuild for ASAN
   Fix null pointer deref in docs with no root element
   Portability to non C99 compliant compilers
   dict.h: Move xmlDictPtr definition before includes to allow direct
     inclusion.
   Fix XSD validation of URIs with ampersands
   xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean
     "end of day" and should not cause an error. v2.9.4-rc1
   os400: tell about xmllint and xmlcatalog in README400.
   os400: properly process SGML add in XMLCATALOG command.
   os400: implement CL command XMLCATALOG.
   os400: compile and install program xmlcatalog (qshell-only).
   xmlcatalog: flush stdout before interactive shell input.
   os400: expand tabs in sources, strip trailing blanks.
   os400: implement CL command XMLLINT.
   os400: compile and install program xmllint (qshell-only).
   os400: initscript make_module(): Use options instead of
     positional parameters.
   xmllint: flush stdout before interactive shell input.
   os400: c14n.rpgle: allow *omit for nullable reference parameters.
   os400: use like() for double type.
   os400: use like() for int type.
   os400: use like() for unsigned int type.
   os400: use like() for enum types.
   Add xz to xml2-config --libs output
   Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression
   Fix namespace::node() XPath expression
   Fix OOB write in xmlXPathEmptyNodeSet
   Fix parsing of NCNames in XPath
   Fix OOB read with invalid UTF-8 in xmlUTF8Strsize
   Do normalize string-based datatype value in RelaxNG facet checking
   Fix typo: s{ ec -> cr }cipt
   Fix typos: dictio{ nn -> n }ar{y,ies}
   Fix typos: PATH_{ SEAPARATOR -> SEPARATOR }
   Correct a typo.
   Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix
     for "xmlSaveUri() incorrectly recomposes URIs with rootless paths"
   Bug 760861: REGRESSION (bf9c1dad): Missing results for
     test/schemas/regexp-char-ref_[01].xsd
   error.c: *input->cur == 0 does not mean no error
   Add missing RNG test files
   Bug 760190: configure.ac should be able to build --with-icu without
     icu-config tool
   Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus
     UTF-8 encoding error when multi-byte character in large CDATA
     section is split across buffer
   Bug 758572: ASAN crash in make check
   Bug 721158: Missing ICU string when doing --version on xmllint
   python 3: libxml2.c wrappers create Unicode str already
   win32\VC10\config.h and VS 2015
   Add autogen.sh to distrib
   Add configure maintainer mode
2016-05-24 12:00:08 +00:00
jperkin
36eaaf6066 Use OPSYSVARS. 2016-02-26 10:24:10 +00:00
wiz
b570169750 Update libxml2 to 2.9.3.
v2.9.3: Nov 20 2015

    Security:
    CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport),
    CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard),
    CVE-2015-7499-2 Detect incoherency on GROW (Daniel Veillard),
    CVE-2015-7499-1 Add xmlHaltParser() to stop the parser (Daniel Veillard),
    CVE-2015-5312 Another entity expansion issue (David Drysdale),
    CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale),
    CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard),
    CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard),
    CVE-2015-7942-2 Fix an error in previous Conditional section patch (Daniel Veillard),
    CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard),
    CVE-2015-1819 Enforce the reader to run in constant memory (Daniel Veillard)
    CVE-2015-7941_2 Cleanup conditional section error handling (Daniel Veillard),
    CVE-2015-7941_1 Stop parsing on entities boundaries errors (Daniel Veillard),
    Documentation:
    Correct spelling of "calling" (Alex Henrie),
    Fix a small error in xmllint --format description (Fabien Degomme),
    Avoid XSS on the search of xmlsoft.org (Daniel Veillard)
    Portability:
    threads: use forward declarations only for glibc (Michael Heimpold),
    Update Win32 configure.js to search for configure.ac (Daniel Veillard)
    Bug Fixes:
    Bug on creating new stream from entity (Daniel Veillard),
    Fix some loop issues embedding NEXT (Daniel Veillard),
    Do not print error context when there is none (Daniel Veillard),
    Avoid extra processing of MarkupDecl when EOF (Hugh Davenport),
    Fix parsing short unclosed comment uninitialized access (Daniel Veillard),
    Add missing Null check in xmlParseExternalEntityPrivate (Gaurav Gupta),
    Fix a bug in CData error handling in the push parser (Daniel Veillard),
    Fix a bug on name parsing at the end of current input buffer (Daniel Veillard),
    Fix the spurious ID already defined error (Daniel Veillard),
    Fix previous change to node sort order (Nick Wellnhofer),
    Fix a self assignment issue raised by clang (Scott Graham),
    Fail parsing early on if encoding conversion failed (Daniel Veillard),
    Do not process encoding values if the declaration if broken (Daniel Veillard),
    Silence clang's -Wunknown-attribute (Michael Catanzaro),
    xmlMemUsed is not thread-safe (Martin von Gagern),
    Fix support for except in nameclasses (Daniel Veillard),
    Fix order of root nodes (Nick Wellnhofer),
    Allow attributes on descendant-or-self axis (Nick Wellnhofer),
    Fix the fix to Windows locking (Steve Nairn),
    Fix timsort invariant loop re: Envisage article (Christopher Swenson),
    Don't add IDs in xmlSetTreeDoc (Nick Wellnhofer),
    Account for ID attributes in xmlSetTreeDoc (Nick Wellnhofer),
    Remove various unused value assignments (Philip Withnall),
    Fix missing entities after CVE-2014-3660 fix (Daniel Veillard),
    Revert "Missing initialization for the catalog module" (Daniel Veillard)
    Improvements:
    Reuse xmlHaltParser() where it makes sense (Daniel Veillard),
    xmlStopParser reset errNo (Daniel Veillard),
    Reenable xz support by default (Daniel Veillard),
    Recover unescaped less-than character in HTML recovery parsing (Daniel Veillard),
    Allow HTML serializer to output HTML5 DOCTYPE (Shaun McCance),
    Regression test for bug #695699 (Nick Wellnhofer),
    Add a couple of XPath tests (Nick Wellnhofer),
    Add Python 3 rpm subpackage (Tomas Radej),
    libxml2-config.cmake.in: update include directories (Samuel Martin),
    Adding example from bugs 738805 to regression tests (Daniel Veillard)
2015-11-22 23:49:03 +00:00
agc
2eddae48e5 Add SHA512 digests for distfiles for textproc category
Problems found locating distfiles:
	Package cabocha: missing distfile cabocha-0.68.tar.bz2
	Package convertlit: missing distfile clit18src.zip
	Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:59:17 +00:00
he
1da8d6addb Apply the patch for arbitrary-memory-access vulnerability as reported
in https://bugzilla.gnome.org/show_bug.cgi?id=746048.
Bump PKGREVISION.
2015-07-03 18:55:46 +00:00
spz
6dee5ceb3e patch for CVE-2015-1819 Enforce the reader to run in constant memory
from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9

+general patch refresh
2015-04-24 11:32:29 +00:00
tnn
3e8fa280b7 pass --with-lzma to configure script 2015-03-22 05:53:12 +00:00
tnn
cdb91a1e8c needs dlopen (xmlmodule.c) 2015-03-11 22:53:10 +00:00
jperkin
bfee568f8b Pass explicit path to zlib. 2014-12-15 11:07:09 +00:00
drochner
4e3e3d513a pull in two patches from upstream to fix regressions:
-catalog initialization problem
-problem with entity expansion
This hopefully fixes build failures in KDE3 packages, reported by Joerg.
bump PKGREV
2014-10-28 18:55:56 +00:00
drochner
d87903f98e update to 2.9.2
-security fixes:
 -Fix for CVE-2014-3660 billion laugh variant
 -CVE-2014-0191 Do not fetch external parameter entities (was patched
  in pkgsrc)
-many bugfixes, doc fixes, cleanup
-added cmake macro
2014-10-17 15:46:47 +00:00
wiz
cda18437be Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. 2014-10-09 14:05:50 +00:00
ryoon
f8fdfcc96b Fix SCO OpenServer 5.0.7/3.2 build. 2014-07-18 10:29:37 +00:00
spz
6866b19c37 add a patch for CVE-2014-0191 aka http://secunia.com/advisories/58018/
from https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
2014-05-10 22:45:42 +00:00
tron
fa9e41feef Remove "-thread" related part of the last change. This is not the
correct fix.
2013-12-28 23:04:36 +00:00
tron
e5cce9cd57 Fix build with GCC (4.8?) under Solaris.
This kind of build problem should probably be handled centrally in
"pkgsrc/mk/wrapper/transform-gcc". But I'm not sure how to check
for the platform in that file.
2013-12-28 20:23:44 +00:00
wiz
1c3c1371b8 Fix bug in gzip decompression.
https://bugzilla.gnome.org/show_bug.cgi?id=712528

This made gnucash unable to read some of its files.

Bump PKGREVISION.
2013-11-25 23:30:23 +00:00
adam
b200b47aeb Changes 2.9.1:
Features:
Support for Python3,
Add xmlXPathSetContextNode and xmlXPathNodeEval

Documentation:
Add documentation for xmllint --xpath
Fix the URL of the SAX documentation from James
Fix spelling of "length"

Portability:
Fix python bindings with versions older than 2.7
rebuild docs:Makefile.am
elfgcchack.h after rebuild in doc
elfgcchack for buf module
Fix a uneeded and wrong extra link parameter
Few cleanup patches for Windows
Fix rpmbuild --nocheck
Fix for win32/configure.js and WITH_THREAD_ALLOC
Fix Broken multi-arch support in xml2-config
Fix a portability issue for GCC < 3.4.0
Windows build fixes
Fix a thread portability problem
Downgrade autoconf requirement to 2.63

Bug Fixes:
Fix a linking error for python bindings
Fix a couple of return without value
Improve the hashing functions
Improve handling of xmlStopParser()
Remove risk of lockup in dictionary initialization
Activate detection of encoding in external subset
Fix an output buffer flushing conversion bug
Fix an old bug in xmlSchemaValidateOneElement
Fix configure cannot remove messages
fix schema validation in combination with xsi:nil
xmlCtxtReadFile doesn't work with literal IPv6 URLs
Fix a few problems with setEntityLoader
Detect excessive entities expansion upon replacement
Fix the flushing out of raw buffers on encoding conversions
Fix some buffer conversion issues
When calling xmlNodeDump make sure we grow the buffer quickly
Fix an error in the progressive DTD parsing code
xmllint should not load DTD by default when using the reader
Try IBM-037 when looking for EBCDIC handlers
Fix potential out of bound access
Fix large parse of file from memory
Fix a bug in the nsclean option of the parser
Fix a regression in 2.9.0 breaking validation while streaming
Remove potential calls to exit()

Improvements:
Regenerated API, and testapi, rebuild documentation
Fix tree iterators broken by 2to3 script
update all tests for Python3 and Python2
A few more fixes for python 3 affecting libxml2.py
Fix compilation on Python3
Converting apibuild.py to python3
First pass at starting porting to python3
updated configure.in for python3
Add support for xpathRegisterVariable in Python
Added a regression tests from bug 694228 data
Cache presence of '<' in entities content
Avoid extra processing on entities
Python binding for xmlRegisterInputCallback
Python bindings: DOM casts everything to xmlNode
Define LIBXML_THREAD_ALLOC_ENABLED via xmlversion.h
Adding streaming validation to runtest checks
Add a --pushsmall option to xmllint

Cleanups:
Switched comment in file to UTF-8 encoding
Extend gitignore
Silent the new python test on input
Cleanup of a duplicate test
Cleanup on duplicate test expressions
Fix compiler warning after 153cf15905cf4ec080612ada6703757d10caba1e
Spec cleanups and a fix for multiarch support
Silence a clang warning
Cleanup the Copyright to be pure MIT Licence wording
rand_seed should be static in dict.c
Fix typos in parser comments
2013-05-26 09:22:14 +00:00
drochner
56b5ec71bd add CVE reference 2013-04-19 09:47:43 +00:00
drochner
81799dfd32 add patch from upstream to fix Multiple Use-After-Free Vulnerabilities
(no CVE# assigned yet)
bump PKGREV
2013-04-18 10:17:42 +00:00
tez
88c9a4f688 Fix for CVE-2013-0338 & CVE-2013-0339
from https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab

bump PKGREVISION
2013-03-08 23:59:31 +00:00
joerg
176b97e178 If Docbook support is requested and therefore the SAX1 interface, make
sure to include the corresponding source.
2013-01-15 15:31:57 +00:00
drochner
dcc4468876 add patch from upstream to fix possible array underflow, leading
to DOS or possible code injection (CVE-2012-5134)
bump PKGREV
2012-12-15 12:39:24 +00:00
asau
1f96787c11 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-25 06:55:37 +00:00
adam
232054d798 Changes 2.9.0:
Features:
* A few new API entry points,
* More resilient push parser mode,
* A lot of portability improvement,
* Faster XPath evaluation
2012-09-15 10:23:38 +00:00
drochner
f5f395b02c add patches from upstream to fix integer overflows which can cause
DOS or possibly other corruption (CVE-2012-2807)
bump PKGREV
2012-08-01 14:51:37 +00:00
sbd
d2101c94ff Add missing archivers/xz buildlink.
Bump PKGREVISION
2012-06-14 07:39:36 +00:00
wiz
f98e8b0585 Add inet6 to default suggested options. It's 2012. 2012-06-12 15:45:54 +00:00
wiz
377d644b60 Update to 2.8.0:
2.8.0: May 23 2012

    Features: - add lzma compression support (Anders F Bjorklund)

    Documentation: xmlcatalog: Add uri and delegateURI to possible
    add types in man page. (Ville Skyttä), Update README.tests
    (Daniel Veillard), URI handling code is not OOM resilient
    (Daniel Veillard), Fix an error in comment (Daniel Veillard),
    Fixed bug #617016 (Daniel Mustieles), Fixed two typos in the
    README document (Daniel Neel), add generated html files (Anders
    F Bjorklund), Clarify the need to use xmlFreeNode after
    xmlUnlinkNode (Daniel Veillard), Improve documentation a bit
    (Daniel Veillard), Updated URL for lxml python bindings (Daniel
    Veillard)

    Portability: Restore code for Windows compilation (Daniel
    Veillard), Remove git error message during configure (Christian
    Dywan), xmllint: Build fix for endTimer if !defined(HAVE_GETTIMEOFDAY)
    (Patrick R. Gansterer), remove a bashism in confgure.in (John
    Hein), undef ERROR if already defined (Patrick R. Gansterer),
    Fix library problems with mingw-w64 (Michael Cronenworth), fix
    windows build. ifdef addition from bug 666491 makes no sense
    (Rob Richards), prefer native threads on win32 (Sam Thursfield),
    Allow to compile with Visual Studio 2010 (Thomas Lemm), Fix
    mingw's snprintf configure check (Andoni Morales), fixed a
    64bit big endian issue (Marcus Meissner), Fix portability
    failure if netdb.h lacks NO_ADDRESS (Daniel Veillard), Fix
    windows build from lzma addition (Rob Richards), autogen: Only
    check for libtoolize (Colin Walters), Fix the Windows build
    files (Patrick von Reth), 634846 Remove a linking option breaking
    Windows VC10 (Daniel Veillard), 599241 fix an initialization
    problem on Win64 (Andrew W. Nosenko), fix win build (Rob
    Richards)

    Bug fixes: Part for rand_r checking missing (Daniel Veillard),
    Cleanup on randomization (Daniel Veillard), Fix undefined
    reference in python module (Pacho Ramos), Fix a race in
    xmlNewInputStream (Daniel Veillard), Fix weird streaming RelaxNG
    errors (Noam), Fix various bugs in new code raised by the API
    checking (Daniel Veillard), Fix various problems with "make
    dist" (Daniel Veillard), Fix a memory leak in the xzlib code
    (Daniel Veillard), HTML parser error with <noscript> in the
    <head> (Denis Pauk), XSD: optional element in complex type
    extension (Remi Gacogne), Fix html serialization error and
    htmlSetMetaEncoding() (Daniel Veillard), Fix a wrong return
    value in previous patch (Daniel Veillard), Fix an uninitialized
    variable use (Daniel Veillard), Fix a compilation problem with
    --minimum (Brandon Slack), Remove redundant and ungarded include
    of resolv.h (Daniel Veillard), xinclude with parse="text" does
    not use the entity loader (Shaun McCance), Allow to parse 1
    byte HTML files (Denis Pauk), Patch that fixes the skipping of
    the HTML_PARSE_NOIMPLIED flag (Martin Schröder), Avoid memory
    leak if xmlParserInputBufferCreateIO fails (Lin Yi-Li), Prevent
    an infinite loop when dumping a node with encoding problems
    (Timothy Elliott), xmlParseNodeInContext problems with an empty
    document (Tim Elliott), HTML element position is not detected
    propperly (Pavel Andrejs), Fix an off by one pointer access
    (Jüri Aedla), Try to fix a problem with entities in SAX mode
    (Daniel Veillard), Fix a crash with xmllint --path on empty
    results (Daniel Veillard), Fixed bug #667946 (Daniel Mustieles),
    Fix a logic error in Schemas Component Constraints (Ryan Sleevi),
    Fix a wrong enum type use in Schemas Types (Nico Weber), Fix
    SAX2 builder in case of undefined attributes namespace (Daniel
    Veillard), Fix SAX2 builder in case of undefined element
    namespaces (Daniel Veillard), fix reference to STDOUT_FILENO
    on MSVC (Tay Ray Chuan), fix a pair of possible out of array
    char references (Daniel Veillard), Fix an allocation error when
    copying entities (Daniel Veillard), Make sure the parser returns
    when getting a Stop order (Chris Evans), Fix some potential
    problems on reallocation failures(parser.c) (Xia Xinfeng), Fix
    a schema type duration comparison overflow (Daniel Veillard),
    Fix an unimplemented part in RNG value validation (Daniel
    Veillard), Fix missing error status in XPath evaluation (Daniel
    Veillard), Hardening of XPath evaluation (Daniel Veillard),
    Fix an off by one error in encoding (Daniel Veillard), Fix
    RELAX NG include bug #655288 (Shaun McCance), Fix XSD validation
    bug #630130 (Toyoda Eizi), Fix some potential problems on
    reallocation failures (Chris Evans), __xmlRaiseError: fix use
    of the structured callback channel (Dmitry V. Levin),
    __xmlRaiseError: fix the structured callback channel's data
    initialization (Dmitry V. Levin), Fix memory corruption when
    xmlParseBalancedChunkMemoryInternal is called from
    xmlParseBalancedChunk (Rob Richards), Small fix for previous
    commit (Daniel Veillard), Fix a potential freeing error in
    XPath (Daniel Veillard), Fix a potential memory access error
    (Daniel Veillard), Reactivate the shared library versionning
    script (Daniel Veillard)

    Improvements: use mingw C99 compatible functions {v}snprintf
    instead those from MSVC runtime (Roumen Petrov), New symbols
    added for the next release (Daniel Veillard), xmlTextReader
    bails too quickly on error (Andy Lutomirski), Use a hybrid
    allocation scheme in xmlNodeSetContent (Conrad Irwin), Use
    buffers when constructing string node lists. (Conrad Irwin),
    Add HTML parser support for HTML5 meta charset encoding
    declaration (Denis Pauk), wrong message for double hyp"whereis"
    command to xmllint shell (Ryan), Improve xmllint shell (Ryan),
    add function xmlTextReaderRelaxNGValidateCtxt() (Noam Postavsky),
    Add --system support to autogen.sh (Daniel Veillard), Add hash
    randomization to hash and dict structures (Daniel Veillard),
    included xzlib in dist (Anders F Bjorklund), move xz/lzma
    helpers to separate included files (Anders F Bjorklund), add
    generated devhelp files (Anders F Bjorklund), add XML_WITH_LZMA
    to api (Anders F Bjorklund), autogen.sh: Honor NOCONFIGURE
    environment variable (Colin Walters), Improve the error report
    on undefined REFs (Daniel Veillard), Add exception for new W3C
    PI xml-model (Daniel Veillard), Add options to ignore the
    internal encoding (Daniel Veillard), testapi: use the right
    type for the check (Stefan Kost), various: handle return values
    of write calls (Stefan Kost), testWriter:
    xmlTextWriterWriteFormatElement wants an int instead of a long
    int (Stefan Kost), runxmlconf: update to latest testsuite
    version (Stefan Kost), configure: add -Wno-long-long to CFLAGS
    (Stefan Kost), configure: support silent automake rules if
    possible (Stefan Kost), xmlmemory: add a cast as size_t has no
    portable printf modifier (Stefan Kost), __xmlRaiseError: remove
    redundant schannel initialization (Dmitry V. Levin), __xmlRaiseError:
    do cheap code check early (Dmitry V. Levin)

    Cleanups: Cleanups before 2.8.0-rc2 (Daniel Veillard), Avoid
    an extra operation (Daniel Veillard), Remove vestigial
    de-ANSI-fication support. (Javier Jardón), autogen.sh: Fix
    typo (Javier Jardón), Do not use unsigned but unsigned int
    (Daniel Veillard), Remove two references to u_short (Daniel
    Veillard), Fix -Wempty-body warning from clang (Nico Weber),
    Cleanups of lzma support (Daniel Veillard), Augment the list
    of ignored files (Daniel Veillard), python: remove unused
    variable (Stefan Kost), python: flag two unused args (Stefan
    Kost), configure: acconfig.h is deprecated since autoconf-2.50
    (Stefan Kost), xpath: remove unused variable (Stefan Kost)
2012-06-03 22:18:33 +00:00
taca
75eb41319c Add fix for http://secunia.com/advisories/49177/ from repository.
Bump PKGREVISION.
2012-05-21 12:22:53 +00:00
mishka
d152803710 FreeBSD 6 and earlier misses the pthread_equal() stub as well.
While here, improve comments a little bit.
2012-04-27 15:05:02 +00:00
obache
e38aaccae0 Change behavior of libpthread handling
* Disable linkage with pthread for FreeBSD/DragonFly/NetBSD, they have
  pthread_* () stubs in libc (it result in same as the previous behavior).
  * but NetBSD<4.99.36 does not have pthread_equal() stub in libc,
    so define weak reference to it.
* Treat OpenBSD and MirBSD same as Linux to avoid linkage with libpthread.
* Others will be linked with pthread, fixes PR 46254.

tested NetBSD-5.1.2, and confirmed fixed on NetBSD-4.0.1 and OpenBSD-5.0.

Bump PKGREVISION.
2012-04-03 09:08:33 +00:00
drochner
5db40bbdba Add patch from upstream to add hash randomization.
Without that, (untrusted) input can fill hash buckets uneven, causing
high CPU load. (CVE-2012-0841)
To get a patch which is simple enough to get pulled up to the stable
pkgsrc branch, I've not touched "configure" but just assumed that
the POSIX functions rand(), srand() and time() are present.
bump PKGREV
2012-03-09 12:12:27 +00:00
drochner
8ffca39e4a build the library thread-aware, i.e. use <pthread.h> but do not
link against libpthread. (It doesn't create threads, just uses
locking.) This seems to be wanted by some applications, eg vlc
issues a warning on startup (with no visible consequences afaict,
but anyway).
I hope this works for other OSes too. If not, we should probably
add support for these cases to mk/pthread.bl3.mk.
bump PKGREV
2012-02-22 11:10:17 +00:00
joerg
2d94bdc942 Don't use non-ASCII character literals. 2012-01-23 08:10:56 +00:00
drochner
9ead188492 add patch from upstream to fix potential DOS problem (CVE-2011-3905)
bump PKGREV
2012-01-17 14:43:43 +00:00
drochner
d50a2d4662 add 2 patches from upstream:
-fix buffer overflow on entity references with long name (CVE-2011-3919)
-fix error handling on realloc() failure
bump PKGREV
2012-01-12 11:25:10 +00:00
spz
b93a054be2 sundry security patches taken from libxml2 git
among these patches for http://secunia.com/advisories/46632/
2011-11-01 19:21:06 +00:00
drochner
4a29046189 addmore patches from upstream:
-fix more potential problems on reallocation failures (CVE-2011-1944)
-Fix memory corruption
also replace an error handling which doesn't recover from
integer overflow
bump PKGREV
2011-06-06 12:09:01 +00:00