GNOME.org
 

[xml] Release of libxml2-2.9.2

  As planned the release is now available at the usual place
tagged in git and signed tarballs and rpms are at:

   ftp://xmlsoft.org/libxml2/

 With 162 patch that's a rather large release, including a lot of
bug fixes, especially security fixes, the last one CVE-2014-3660
is a variant of the billion laugh entity DOS which escaped the
initial set of patches.
 A lot of work has been done on portability, various issues with
python3, Windows and the native port for OS400. There is still
some improvement too, and documentation updates:

Security:
- Fix for CVE-2014-3660 billion laugh variant (Daniel Veillard)
- CVE-2014-0191 Do not fetch external parameter entities (Daniel Veillard)

Bug Fixes:
- fix memory leak xml header encoding field with XML_PARSE_IGNORE_ENC (Bart De Schuymer)
- xmlmemory: handle realloc properly (Yegor Yefremov)
- Python generator bug raised by the const change (Daniel Veillard)
- Windows Critical sections not released correctly (Daniel Veillard)
- Parser error on repeated recursive entity expansion containing < (Daniel Veillard)
- xpointer : fixing Null Pointers (Gaurav Gupta)
- Remove Unnecessary Null check in xpointer.c (Gaurav Gupta)
- parser bug on misformed namespace attributes (Dennis Filder)
- Pointer dereferenced before null check (Daniel Veillard)
- Leak of struct addrinfo in xmlNanoFTPConnect() (Gaurav Gupta)
- Possible overflow in HTMLParser.c (Daniel Veillard)
- python/tests/sync.py assumes Python dictionaries are ordered (John Beck)
- Fix Enum check and missing break (Gaurav Gupta)
- xmlIO: Handle error returns from dup() (Philip Withnall)
- Fix a problem properly saving URIs (Daniel Veillard)
- wrong error column in structured error when parsing attribute values (Juergen Keil)
- wrong error column in structured error when skipping whitespace in xml decl (Juergen Keil)
- no error column in structured error handler for xml schema validation errors (Juergen Keil)
- Couple of Missing Null checks (Gaurav Gupta)
- Add couple of missing Null checks (Daniel Veillard)
- xmlschemastypes: Fix potential array overflow (Philip Withnall)
- runtest: Fix a memory leak on parse failure (Philip Withnall)
- xmlIO: Fix an FD leak on gzdopen() failure (Philip Withnall)
- xmlcatalog: Fix a memory leak on quit (Philip Withnall)
- HTMLparser: Correctly initialise a stack allocated structure (Philip Withnall)
- Check for tmon in _xmlSchemaDateAdd() is incorrect (David Kilzer)
- Avoid Possible Null Pointer in trio.c (Gaurav Gupta)
- Fix processing in SAX2 in case of an allocation failure (Daniel Veillard)
- XML Shell command "cd" does not handle "/" at end of path (Daniel Veillard)
- Fix various Missing Null checks (Gaurav Gupta)
- Fix a potential NULL dereference (Daniel Veillard)
- Add a couple of misisng check in xmlRelaxNGCleanupTree (Gaurav Gupta)
- Add a missing argument check (Gaurav Gupta)
- Adding a check in case of allocation error (Gaurav Gupta)
- xmlSaveUri() incorrectly recomposes URIs with rootless paths (Dennis Filder)
- Adding some missing NULL checks (Gaurav)
- Fixes for xmlInitParserCtxt (Daniel Veillard)
- Fix regressions introduced by CVE-2014-0191 patch (Daniel Veillard)
- erroneously ignores a validation error if no error callback set (Daniel Veillard)
- xmllint was not parsing the --c14n11 flag (Sérgio Batista)
- Avoid Possible null pointer dereference in memory debug mode (Gaurav)
- Avoid Double Null Check (Gaurav)
- Restore context size and position after XPATH_OP_ARG (Nick Wellnhofer)
- Fix xmlParseInNodeContext() if node is not element (Daniel Veillard)
- Avoid a possible NULL pointer dereference (Gaurav)
- Fix xmlTextWriterWriteElement when a null content is given (Daniel Veillard)
- Fix an typo 'onrest' in htmlScriptAttributes (Daniel Veillard)
- fixing a ptotential uninitialized access (Daniel Veillard)
- Fix an fd leak in an error case (Daniel Veillard)
- Missing initialization for the catalog module (Daniel Veillard)
- Handling of XPath function arguments in error case (Nick Wellnhofer)
- Fix a couple of missing NULL checks (Gaurav)
- Avoid a possibility of dangling encoding handler (Gaurav)
- Fix HTML push parser to accept HTML_PARSE_NODEFDTD (Arnold Hendriks)
- Fix a bug loading some compressed files (Mike Alexander)
- Fix XPath node comparison bug (Gaurav)
- Type mismatch in xmlschemas.c (Gaurav)
- Type mismatch in xmlschemastypes.c (Gaurav)
- Avoid a deadcode in catalog.c (Daniel Veillard)
- run close socket on Solaris, same as we do on other platforms (Denis Pauk)
- Fix pointer dereferenced before null check (Gaurav)
- Fix a potential NULL dereference in tree code (Daniel Veillard)
- Fix potential NULL pointer dereferences in regexp code (Gaurav)
- xmllint --pretty crashed without following numeric argument (Tim Galeckas)
- Fix XPath expressions of the form '@ns:*' (Nick Wellnhofer)
- Fix XPath '//' optimization with predicates (Nick Wellnhofer)
- Clear up a potential NULL dereference (Daniel Veillard)
- Fix a possible NULL dereference (Gaurav)
- Avoid crash if allocation fails (Daniel Veillard)
- Remove occasional leading space in XPath number formatting (Daniel Veillard)
- Fix handling of mmap errors (Daniel Veillard)
- Catch malloc error and exit accordingly (Daniel Veillard)
- missing else in xlink.c (Ami Fischman)
- Fix a parsing bug on non-ascii element and CR/LF usage (Daniel Veillard)
- Fix a regression in xmlGetDocCompressMode() (Daniel Veillard)
- properly quote the namespace uris written out during c14n (Aleksey Sanin)
- Remove premature XInclude check on URI being relative (Alexey Neyman)
- Fix missing break on last() function for attributes (dcb)
- Do not URI escape in server side includes (Romain Bondue)
- Fix an error in xmlCleanupParser (Alexander Pastukhov)

Documentation:
- typo in error messages "colon are forbidden from..." (Daniel Veillard)
- Fix a link to James SAX documentation old page (Daniel Veillard)
- Fix typos in relaxng.c (Jan Pokorný)
- Fix a doc typo (Daniel Veillard)
- Fix typos in {tree,xpath}.c (errror) (Jan Pokorný)
- Add limitations about encoding conversion (Daniel Veillard)
- Fix typos in xmlschemas{,types}.c (Jan Pokorný)
- Fix incorrect spelling entites->entities (Jan Pokorný)
- Forgot to document 2.9.1 release, regenerate docs (Daniel Veillard)

Portability:
- AC_CONFIG_FILES and executable bit (Roumen Petrov)
- remove HAVE_CONFIG_H dependency in testlimits.c (Roumen Petrov)
- fix some tabs mixing incompatible with python3 (Roumen Petrov)
- Visual Studio 14 CTP defines snprintf() (Francis Dupont)
- OS400: do not try to copy unexisting doc files (Patrick Monnerat)
- OS400: use either configure.ac or configure.in. (Patrick Monnerat)
- os400: make-src.sh: create physical file with target CCSID (Patrick Monnerat)
- OS400: Add some more C macros equivalent procedures. (Patrick Monnerat)
- OS400: use C macros to implement equivalent RPG support procedures. (Patrick Monnerat)
- OS400: implement XPath macros as procedures for ILE/RPG support. (Patrick Monnerat)
- OS400: include in distribution tarball. (Patrick Monnerat)
- OS400: Add README: compilation directives and OS/400 specific stuff. (Patrick Monnerat)
- OS400: Add compilation scripts. (Patrick Monnerat)
- OS400: ILE RPG language header files. (Patrick Monnerat)
- OS400: implement some macros as functions for ILE/RPG language support (that as no macros). (Patrick 
Monnerat)
- OS400: UTF8<-->EBCDIC wrappers for system and external library calls (Patrick Monnerat)
- OS400: Easy character transcoding support (Patrick Monnerat)
- OS400: iconv functions compatibility wrappers and table builder. (Patrick Monnerat)
- OS400: create architecture directory. Implement dlfcn emulation. (Patrick Monnerat)
- Fix building when configuring without xpath and xptr (Daniel Veillard)
- configure: Add --with-python-install-dir (Jonas Eriksson)
- Fix compilation with minimum and xinclude. (Nicolas Le Cam)
- Compile out use of xmlValidateNCName() when not available. (Nicolas Le Cam)
- Fix compilation with minimum and schematron. (Nicolas Le Cam)
- Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). (Nicolas Le Cam)
- Don't use xmlValidateName() when not available. (Nicolas Le Cam)
- Fix a portability issue on Windows (Longstreth Jon)
- Various portability patches for OpenVMS (Jacob (Jouk) Jansen)
- Use specific macros for portability to OS/400 (Patrick Monnerat)
- Add macros needed for OS/400 portability (Patrick Monnerat)
- Portability patch for fopen on OS/400 (Patrick Monnerat)
- Portability fixes for OS/400 (Patrick Monnerat)
- Improve va_list portability (Patrick Monnerat)
- Portability fix (Patrick Monnerat)
- Portability fix (Patrick Monnerat)
- Generic portability fix (Patrick Monnerat)
- Shortening lines in headers (Patrick Monnerat)
- build: Use pkg-config to find liblzma in preference to AC_CHECK_LIB (Philip Withnall)
- build: Add @LZMA_LIBS@ to libxml’s pkg-config files (Philip Withnall)
- fix some tabs mixing incompatible with python3 (Daniel Veillard)
- add additional defines checks for support "./configure --with-minimum" (Denis Pauk)
- Another round of fixes for older versions of Python (Arfrever Frehtes Taifersar Arahesis)
- python: fix drv_libxml2.py for python3 compatibility (Alexandre Rostovtsev)
- python: Fix compiler warnings when building python3 bindings (Armin K)
- Fix for compilation with python 2.6.8 (Petr Sumbera)

Improvements:
- win32/libxml2.def.src after rebuild in doc (Roumen Petrov)
- elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() (Roumen Petrov)
- elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode (Roumen Petrov)
- Provide cmake module (Samuel Martin)
- Fix a couple of issues raised by make dist (Daniel Veillard)
- Fix and add const qualifiers (Kurt Roeckx)
- Preparing for upcoming release of 2.9.2 (Daniel Veillard)
- Fix zlib and lzma libraries check via command line (Dmitriy)
- wrong error column in structured error when parsing end tag (Juergen Keil)
- doc/news.html: small update to avoid line join while generating NEWS. (Patrick Monnerat)
- Add methods for python3 iterator (Ron Angeles)
- Support element node traversal in document fragments. (Kyle VanderBeek)
- xmlNodeSetName: Allow setting the name to a substring of the currently set name (Tristan Van Berkom)
- Added macros for argument casts (Eric Zurcher)
- adding init calls to xml and html Read parsing entry points (Daniel Veillard)
- Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c (Jan Pokorný)
- Implement choice for name classes on attributes (Shaun McCance)
- Two small namespace tweaks (Daniel Veillard)
- xmllint --memory should fail on empty files (Daniel Veillard)
- Cast encoding name to char pointer to match arg type (Nikolay Sivov)

Cleanups:
- Removal of old configure.in (Daniel Veillard)
- Unreachable code in tree.c (Gaurav Gupta)
- Remove a couple of dead conditions (Gaurav Gupta)
- Avoid some dead code and cleanup in relaxng.c (Gaurav)
- Drop not needed checks (Denis Pauk)
- Fix a wrong test (Daniel Veillard)

  Thanks everybody for your contributions to this release, be it with
bug reports, suggestions, patches or documentation, now enjoy the new
release !

Daniel

-- 
Daniel Veillard      | Open Source and Standards, Red Hat
veillard redhat com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]