[xml] Release of libxml2 2.10.0



Version 2.10.0 of libxml2 is available at:

    https://download.gnome.org/sources/libxml2/2.10/

In this release, I started to remove a lot of old cruft like build systems for outdated platforms which haven't been touched in 10+ years.

The Docbook parser module has been removed completely. As far as I can tell, this was experimental code which never really worked and generated a deprecation warning for 15+ years.

Some other modules are now disabled by default and will eventually be removed completely:

- Support for XPointer locations (ranges and points): This was based on
  a W3C specification which never got beyond Working Draft status. To my
  knowledge, there's no software supporting this spec which is still
  maintained. You now have to enable this code by passing the
  `--with-xptr-locs` configuration option. Be warned that this part of
  the code base is buggy and had many security issues in the past.

- Support for the built-in FTP client (`--with-ftp`).

- Support for "legacy" functions (`--with-legacy`).

I also started to deprecate several functions of the public API. Most of them should be completely unused and will generate a deprecation warning now.

Special thanks to David Seifert and Daniel Engberg who contributed many improvements to the build system, and to David Kilzer for many patches that harden security.

It's likely that this release will break a few things. If you're concerned about stability, I'd suggest to wait for 2.10.1 which I plan to release in 6-8 weeks. Going forward, patch releases will only contain important bug fixes. My plan is to bump the minor version about every six months and possibly make bug fix releases for older branches as well.

Here's the full changelog:

### Security

- [CVE-2022-2309] Reset nsNr in xmlCtxtReset
- Reserve byte for NUL terminator and report errors consistently in xmlBuf and
  xmlBuffer (David Kilzer)
- Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer)
- Fix integer overflow in xmlBufferDump() (David Kilzer)
- xmlBufAvail() should return length without including a byte for NUL
  terminator (David Kilzer)
- Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David
  Kilzer)
- Use xmlNewDocText in xmlXIncludeCopyRange
- Fix use-after-free bugs when calling xmlTextReaderClose() before
  xmlFreeTextReader() on post-validating parser (David Kilzer)
- Use UPDATE_COMPAT() consistently in buf.c (David Kilzer)
- fix: xmlXPathParserContext could be double-delete in  OOM case. (jinsub ahn)

### Removals and deprecations

- Disable XPointer location support by default
- Remove outdated xml2Conf.sh
- Deprecate module init and cleanup functions
- Remove obsolete XML Software Autoupdate (XSA) file
- Remove DOCBparser
- Remove obsolete Python test framework
- Remove broken VxWorks support
- Remove broken Mac OS 9 support
- Remove broken bakefile support
- Remove broken Visual Studio 2010 support
- Remove broken Windows CE support
- Deprecate IDREF-related functions in valid.h
- Deprecate legacy functions
- Disable legacy support by default
- Deprecate all functions in nanoftp.h
- Disable FTP support by default
- Add XML_DEPRECATED macro
- Remove elfgcchack.h

### Regressions

- Skip incorrectly opened HTML comments
- Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer)

### Bug fixes

- Fix memory leak with invalid XSD
- Make XPath depth check work with recursive invocations
- Fix memory leak in xmlLoadEntityContent error path
- Avoid double-free if malloc fails in inputPush
- Properly fold whitespace around the QName value when validating an XSD
  schema. (Damjan Jovanovic)
- Add whitespace folding for some atomic data types that it's missing on.
  (Damjan Jovanovic)
- Don't add IDs containing unexpanded entity references

### Improvements

- Avoid calling xmlSetTreeDoc
- Simplify xmlFreeNode
- Don't reset nsDef when changing node content
- Fix unintended fall-through in xmlNodeAddContentLen
- Remove unused xmlBuf functions (David Kilzer)
- Implement xpath1() XPointer scheme
- Add configuration flag for XPointer locations support
- Fix compiler warnings in Python code
- Mark more static data as `const` (David Kilzer)
- Make xmlStaticCopyNode non-recursive
- Clean up encoding switching code
- Simplify recursive pthread mutex
- Use non-recursive mutex in dict.c
- Fix parser progress checks
- Avoid arithmetic on freed pointers
- Improve buffer allocation scheme
- Remove unneeded #includes
- Add support for some non-standard escapes in regular expressions. (Damjan
  Jovanovic)
- htmlParseComment: handle abruptly-closed comments (Mike Dalessio)
- Add let variable tag support (Oliver Diehl)
- Add value-of tag support (Oliver Diehl)
- Remove useless call to xmlRelaxNGCleanupTypes
- Don't include ICU headers in public headers
- Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio)
- Fix unused variable warnings with disabled features
- Only warn on invalid redeclarations of predefined entities
- Remove unneeded code in xmlreader.c
- Rework validation context flags

### Portability

- Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin)
- Fix Python tests on macOS
- Fix xmlCleanupThreads on Windows
- Fix reinitialization of library on Windows
- Don't mix declarations and code in runtest.c
- Use portable python shebangs (David Seifert)
- Use critical sections as mutex on Windows
- Don't set HAVE_WIN32_THREADS in win32config.h
- Use stdint.h with newer MSVC
- Remove cruft from win32config.h
- Remove isinf/isnan emulation in win32config.h
- Always fopen files with "rb"
- Remove __DJGPP__ checks
- Remove useless __CYGWIN__ checks

### Build system

- Don't autogenerate doc/examples/Makefile.am
- cmake: Install libxml.m4 on UNIX-like platforms (Daniel E)
- cmake: Use symbol versioning on UNIX-like platforms (Daniel E)
- Port genUnicode.py to Python 3
- Port gentest.py to Python 3
- cmake: Fix build without thread support
- cmake: Install documentation in CMAKE_INSTALL_DOCDIR
- cmake: Remove non needed files in docs dir (Daniel E)
- configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
  (Christopher Degawa)
- Move local Autoconf macros into m4 directory
- Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
- Update libxml-2.0-uninstalled.pc.in
- Remove LIBS from XML_PRIVATE_LIBS
- Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
- Don't overlink executables
- cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg)
- build: Make use of variables in libxml's pkg-config file (Daniel Engberg)
- Avoid obsolescent `test -a` constructs (David Seifert)
- Move AM_MAINTAINER_MODE to AM section
- configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert)
- Streamline documentation installation
- Don't try to recreate COPYING symlink
- Detect libm using libtool's macros (David Seifert)
- configure.ac: disable static libraries by default (David Seifert)
- python/Makefile.am: nest python docs in $(docdir) (David Seifert)
- python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
- Makefile.am: install examples more idiomatically (David Seifert)
- configure.ac: remove useless AC_SUBST (David Seifert)
- Respect `--sysconfdir` in source files (David Seifert)
- Ignore configure backup file created by recent autoreconf too (Vadim
  Zeitlin)
- Only install *.html and *.c example files
- Remove --with-html-dir option
- Rework documentation build system
- Remove old website
- Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
- Update genChRanges.py
- Update build_glob.py
- Remove ICONV_CONST test
- Remove obsolete AC_HEADER checks
- Don't check for standard C89 library functions
- Don't check for standard C89 headers
- Remove special configuration for certain maintainers

### Test suite, CI

- Disable network in API tests
- testapi: remove leading slash from "/missing.xml" (Mike Gilbert)
- Build Autotools CI tests out of source tree (VPATH)
- Add --with-minimum build to CI tests
- Fix warnings when testing --with-minimum build
- cmake: Run all tests when threads are disabled
- Also build CI tests with -Werror
- Move doc/examples tests to new test suite
- Simplify 'make check' targets
- Fix schemas and relaxng tests
- Remove unused result files
- Allow missing result files in runtest
- Move regexp tests to runtest
- Move SVG tests to runtest.c
- Move testModule to new test suite
- Move testThreads to new test suite
- Remove major parts of old test suite
- Make testchar return an error on failure (Tony Tascioglu)
- Add CI job for static build
- python/tests: open() relative to test scripts (David Seifert)
- Port some test scripts to Python 3

### Documentation

- Improve documentation of tree manipulation API
- Update xml2-config man page
- Consolidate man pages
- Rename xmlcatalog_man.xml
- Make examples a standalone HTML page
- Fix documentation in entities.c
- Add note about optimization flags

Thanks to all contributors!

Nick



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]