blob: 0825d53f2aa3550772f9fdc5d201a5a1d6cc542a [file] [log] [blame]
<?xml version="1.0"?>
<!DOCTYPE xsa PUBLIC "-//LM Garshol//DTD XML Software Autoupdate 1.0//EN//XML" "http://www.garshol.priv.no/download/xsa/xsa.dtd">
<xsa>
<vendor>
<name>Daniel Veillard</name>
<email>daniel@veillard.com</email>
<url>http://veillard.com/</url>
</vendor>
<product id="libxml2">
<name>libxml2</name>
<version>2.9.2</version>
<last-release> Oct 16 2014</last-release>
<info-url>http://xmlsoft.org/</info-url>
<changes> - Security:
Fix for CVE-2014-3660 billion laugh variant (Daniel Veillard),
CVE-2014-0191 Do not fetch external parameter entities (Daniel Veillard)
- Bug Fixes:
fix memory leak xml header encoding field with XML_PARSE_IGNORE_ENC (Bart De Schuymer),
xmlmemory: handle realloc properly (Yegor Yefremov),
Python generator bug raised by the const change (Daniel Veillard),
Windows Critical sections not released correctly (Daniel Veillard),
Parser error on repeated recursive entity expansion containing &amp;lt; (Daniel Veillard),
xpointer : fixing Null Pointers (Gaurav Gupta),
Remove Unnecessary Null check in xpointer.c (Gaurav Gupta),
parser bug on misformed namespace attributes (Dennis Filder),
Pointer dereferenced before null check (Daniel Veillard),
Leak of struct addrinfo in xmlNanoFTPConnect() (Gaurav Gupta),
Possible overflow in HTMLParser.c (Daniel Veillard),
python/tests/sync.py assumes Python dictionaries are ordered (John Beck),
Fix Enum check and missing break (Gaurav Gupta),
xmlIO: Handle error returns from dup() (Philip Withnall),
Fix a problem properly saving URIs (Daniel Veillard),
wrong error column in structured error when parsing attribute values (Juergen Keil),
wrong error column in structured error when skipping whitespace in xml decl (Juergen Keil),
no error column in structured error handler for xml schema validation errors (Juergen Keil),
Couple of Missing Null checks (Gaurav Gupta),
Add couple of missing Null checks (Daniel Veillard),
xmlschemastypes: Fix potential array overflow (Philip Withnall),
runtest: Fix a memory leak on parse failure (Philip Withnall),
xmlIO: Fix an FD leak on gzdopen() failure (Philip Withnall),
xmlcatalog: Fix a memory leak on quit (Philip Withnall),
HTMLparser: Correctly initialise a stack allocated structure (Philip Withnall),
Check for tmon in _xmlSchemaDateAdd() is incorrect (David Kilzer),
Avoid Possible Null Pointer in trio.c (Gaurav Gupta),
Fix processing in SAX2 in case of an allocation failure (Daniel Veillard),
XML Shell command "cd" does not handle "/" at end of path (Daniel Veillard),
Fix various Missing Null checks (Gaurav Gupta),
Fix a potential NULL dereference (Daniel Veillard),
Add a couple of misisng check in xmlRelaxNGCleanupTree (Gaurav Gupta),
Add a missing argument check (Gaurav Gupta),
Adding a check in case of allocation error (Gaurav Gupta),
xmlSaveUri() incorrectly recomposes URIs with rootless paths (Dennis Filder),
Adding some missing NULL checks (Gaurav),
Fixes for xmlInitParserCtxt (Daniel Veillard),
Fix regressions introduced by CVE-2014-0191 patch (Daniel Veillard),
erroneously ignores a validation error if no error callback set (Daniel Veillard),
xmllint was not parsing the --c14n11 flag (Sérgio Batista),
Avoid Possible null pointer dereference in memory debug mode (Gaurav),
Avoid Double Null Check (Gaurav),
Restore context size and position after XPATH_OP_ARG (Nick Wellnhofer),
Fix xmlParseInNodeContext() if node is not element (Daniel Veillard),
Avoid a possible NULL pointer dereference (Gaurav),
Fix xmlTextWriterWriteElement when a null content is given (Daniel Veillard),
Fix an typo 'onrest' in htmlScriptAttributes (Daniel Veillard),
fixing a ptotential uninitialized access (Daniel Veillard),
Fix an fd leak in an error case (Daniel Veillard),
Missing initialization for the catalog module (Daniel Veillard),
Handling of XPath function arguments in error case (Nick Wellnhofer),
Fix a couple of missing NULL checks (Gaurav),
Avoid a possibility of dangling encoding handler (Gaurav),
Fix HTML push parser to accept HTML_PARSE_NODEFDTD (Arnold Hendriks),
Fix a bug loading some compressed files (Mike Alexander),
Fix XPath node comparison bug (Gaurav),
Type mismatch in xmlschemas.c (Gaurav),
Type mismatch in xmlschemastypes.c (Gaurav),
Avoid a deadcode in catalog.c (Daniel Veillard),
run close socket on Solaris, same as we do on other platforms (Denis Pauk),
Fix pointer dereferenced before null check (Gaurav),
Fix a potential NULL dereference in tree code (Daniel Veillard),
Fix potential NULL pointer dereferences in regexp code (Gaurav),
xmllint --pretty crashed without following numeric argument (Tim Galeckas),
Fix XPath expressions of the form '@ns:*' (Nick Wellnhofer),
Fix XPath '//' optimization with predicates (Nick Wellnhofer),
Clear up a potential NULL dereference (Daniel Veillard),
Fix a possible NULL dereference (Gaurav),
Avoid crash if allocation fails (Daniel Veillard),
Remove occasional leading space in XPath number formatting (Daniel Veillard),
Fix handling of mmap errors (Daniel Veillard),
Catch malloc error and exit accordingly (Daniel Veillard),
missing else in xlink.c (Ami Fischman),
Fix a parsing bug on non-ascii element and CR/LF usage (Daniel Veillard),
Fix a regression in xmlGetDocCompressMode() (Daniel Veillard),
properly quote the namespace uris written out during c14n (Aleksey Sanin),
Remove premature XInclude check on URI being relative (Alexey Neyman),
Fix missing break on last() function for attributes (dcb),
Do not URI escape in server side includes (Romain Bondue),
Fix an error in xmlCleanupParser (Alexander Pastukhov)
- Documentation:
typo in error messages "colon are forbidden from..." (Daniel Veillard),
Fix a link to James SAX documentation old page (Daniel Veillard),
Fix typos in relaxng.c (Jan Pokorný),
Fix a doc typo (Daniel Veillard),
Fix typos in {tree,xpath}.c (errror) (Jan Pokorný),
Add limitations about encoding conversion (Daniel Veillard),
Fix typos in xmlschemas{,types}.c (Jan Pokorný),
Fix incorrect spelling entites-&gt;entities (Jan Pokorný),
Forgot to document 2.9.1 release, regenerate docs (Daniel Veillard)
- Portability:
AC_CONFIG_FILES and executable bit (Roumen Petrov),
remove HAVE_CONFIG_H dependency in testlimits.c (Roumen Petrov),
fix some tabs mixing incompatible with python3 (Roumen Petrov),
Visual Studio 14 CTP defines snprintf() (Francis Dupont),
OS400: do not try to copy unexisting doc files (Patrick Monnerat),
OS400: use either configure.ac or configure.in. (Patrick Monnerat),
os400: make-src.sh: create physical file with target CCSID (Patrick Monnerat),
OS400: Add some more C macros equivalent procedures. (Patrick Monnerat),
OS400: use C macros to implement equivalent RPG support procedures. (Patrick Monnerat),
OS400: implement XPath macros as procedures for ILE/RPG support. (Patrick Monnerat),
OS400: include in distribution tarball. (Patrick Monnerat),
OS400: Add README: compilation directives and OS/400 specific stuff. (Patrick Monnerat),
OS400: Add compilation scripts. (Patrick Monnerat),
OS400: ILE RPG language header files. (Patrick Monnerat),
OS400: implement some macros as functions for ILE/RPG language support (that as no macros). (Patrick Monnerat),
OS400: UTF8&lt;--&gt;EBCDIC wrappers for system and external library calls (Patrick Monnerat),
OS400: Easy character transcoding support (Patrick Monnerat),
OS400: iconv functions compatibility wrappers and table builder. (Patrick Monnerat),
OS400: create architecture directory. Implement dlfcn emulation. (Patrick Monnerat),
Fix building when configuring without xpath and xptr (Daniel Veillard),
configure: Add --with-python-install-dir (Jonas Eriksson),
Fix compilation with minimum and xinclude. (Nicolas Le Cam),
Compile out use of xmlValidateNCName() when not available. (Nicolas Le Cam),
Fix compilation with minimum and schematron. (Nicolas Le Cam),
Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). (Nicolas Le Cam),
Don't use xmlValidateName() when not available. (Nicolas Le Cam),
Fix a portability issue on Windows (Longstreth Jon),
Various portability patches for OpenVMS (Jacob (Jouk) Jansen),
Use specific macros for portability to OS/400 (Patrick Monnerat),
Add macros needed for OS/400 portability (Patrick Monnerat),
Portability patch for fopen on OS/400 (Patrick Monnerat),
Portability fixes for OS/400 (Patrick Monnerat),
Improve va_list portability (Patrick Monnerat),
Portability fix (Patrick Monnerat),
Portability fix (Patrick Monnerat),
Generic portability fix (Patrick Monnerat),
Shortening lines in headers (Patrick Monnerat),
build: Use pkg-config to find liblzma in preference to AC_CHECK_LIB (Philip Withnall),
build: Add @LZMA_LIBS@ to libxml’s pkg-config files (Philip Withnall),
fix some tabs mixing incompatible with python3 (Daniel Veillard),
add additional defines checks for support "./configure --with-minimum" (Denis Pauk),
Another round of fixes for older versions of Python (Arfrever Frehtes Taifersar Arahesis),
python: fix drv_libxml2.py for python3 compatibility (Alexandre Rostovtsev),
python: Fix compiler warnings when building python3 bindings (Armin K),
Fix for compilation with python 2.6.8 (Petr Sumbera)
- Improvements:
win32/libxml2.def.src after rebuild in doc (Roumen Petrov),
elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() (Roumen Petrov),
elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode (Roumen Petrov),
Provide cmake module (Samuel Martin),
Fix a couple of issues raised by make dist (Daniel Veillard),
Fix and add const qualifiers (Kurt Roeckx),
Preparing for upcoming release of 2.9.2 (Daniel Veillard),
Fix zlib and lzma libraries check via command line (Dmitriy),
wrong error column in structured error when parsing end tag (Juergen Keil),
doc/news.html: small update to avoid line join while generating NEWS. (Patrick Monnerat),
Add methods for python3 iterator (Ron Angeles),
Support element node traversal in document fragments. (Kyle VanderBeek),
xmlNodeSetName: Allow setting the name to a substring of the currently set name (Tristan Van Berkom),
Added macros for argument casts (Eric Zurcher),
adding init calls to xml and html Read parsing entry points (Daniel Veillard),
Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c (Jan Pokorný),
Implement choice for name classes on attributes (Shaun McCance),
Two small namespace tweaks (Daniel Veillard),
xmllint --memory should fail on empty files (Daniel Veillard),
Cast encoding name to char pointer to match arg type (Nikolay Sivov)
- Cleanups:
Removal of old configure.in (Daniel Veillard),
Unreachable code in tree.c (Gaurav Gupta),
Remove a couple of dead conditions (Gaurav Gupta),
Avoid some dead code and cleanup in relaxng.c (Gaurav),
Drop not needed checks (Denis Pauk),
Fix a wrong test (Daniel Veillard)
</changes>
</product>
</xsa>