| <?xml version="1.0"?> |
| <!DOCTYPE xsa PUBLIC "-//LM Garshol//DTD XML Software Autoupdate 1.0//EN//XML" "http://www.garshol.priv.no/download/xsa/xsa.dtd"> |
| <xsa> |
| <vendor> |
| <name>Daniel Veillard</name> |
| <email>daniel@veillard.com</email> |
| <url>http://veillard.com/</url> |
| </vendor> |
| <product id="libxml2"> |
| <name>libxml2</name> |
| <version>2.9.2</version> |
| <last-release> Oct 16 2014</last-release> |
| <info-url>http://xmlsoft.org/</info-url> |
| <changes> - Security: |
| Fix for CVE-2014-3660 billion laugh variant (Daniel Veillard), |
| CVE-2014-0191 Do not fetch external parameter entities (Daniel Veillard) |
| |
| - Bug Fixes: |
| fix memory leak xml header encoding field with XML_PARSE_IGNORE_ENC (Bart De Schuymer), |
| xmlmemory: handle realloc properly (Yegor Yefremov), |
| Python generator bug raised by the const change (Daniel Veillard), |
| Windows Critical sections not released correctly (Daniel Veillard), |
| Parser error on repeated recursive entity expansion containing &lt; (Daniel Veillard), |
| xpointer : fixing Null Pointers (Gaurav Gupta), |
| Remove Unnecessary Null check in xpointer.c (Gaurav Gupta), |
| parser bug on misformed namespace attributes (Dennis Filder), |
| Pointer dereferenced before null check (Daniel Veillard), |
| Leak of struct addrinfo in xmlNanoFTPConnect() (Gaurav Gupta), |
| Possible overflow in HTMLParser.c (Daniel Veillard), |
| python/tests/sync.py assumes Python dictionaries are ordered (John Beck), |
| Fix Enum check and missing break (Gaurav Gupta), |
| xmlIO: Handle error returns from dup() (Philip Withnall), |
| Fix a problem properly saving URIs (Daniel Veillard), |
| wrong error column in structured error when parsing attribute values (Juergen Keil), |
| wrong error column in structured error when skipping whitespace in xml decl (Juergen Keil), |
| no error column in structured error handler for xml schema validation errors (Juergen Keil), |
| Couple of Missing Null checks (Gaurav Gupta), |
| Add couple of missing Null checks (Daniel Veillard), |
| xmlschemastypes: Fix potential array overflow (Philip Withnall), |
| runtest: Fix a memory leak on parse failure (Philip Withnall), |
| xmlIO: Fix an FD leak on gzdopen() failure (Philip Withnall), |
| xmlcatalog: Fix a memory leak on quit (Philip Withnall), |
| HTMLparser: Correctly initialise a stack allocated structure (Philip Withnall), |
| Check for tmon in _xmlSchemaDateAdd() is incorrect (David Kilzer), |
| Avoid Possible Null Pointer in trio.c (Gaurav Gupta), |
| Fix processing in SAX2 in case of an allocation failure (Daniel Veillard), |
| XML Shell command "cd" does not handle "/" at end of path (Daniel Veillard), |
| Fix various Missing Null checks (Gaurav Gupta), |
| Fix a potential NULL dereference (Daniel Veillard), |
| Add a couple of misisng check in xmlRelaxNGCleanupTree (Gaurav Gupta), |
| Add a missing argument check (Gaurav Gupta), |
| Adding a check in case of allocation error (Gaurav Gupta), |
| xmlSaveUri() incorrectly recomposes URIs with rootless paths (Dennis Filder), |
| Adding some missing NULL checks (Gaurav), |
| Fixes for xmlInitParserCtxt (Daniel Veillard), |
| Fix regressions introduced by CVE-2014-0191 patch (Daniel Veillard), |
| erroneously ignores a validation error if no error callback set (Daniel Veillard), |
| xmllint was not parsing the --c14n11 flag (Sérgio Batista), |
| Avoid Possible null pointer dereference in memory debug mode (Gaurav), |
| Avoid Double Null Check (Gaurav), |
| Restore context size and position after XPATH_OP_ARG (Nick Wellnhofer), |
| Fix xmlParseInNodeContext() if node is not element (Daniel Veillard), |
| Avoid a possible NULL pointer dereference (Gaurav), |
| Fix xmlTextWriterWriteElement when a null content is given (Daniel Veillard), |
| Fix an typo 'onrest' in htmlScriptAttributes (Daniel Veillard), |
| fixing a ptotential uninitialized access (Daniel Veillard), |
| Fix an fd leak in an error case (Daniel Veillard), |
| Missing initialization for the catalog module (Daniel Veillard), |
| Handling of XPath function arguments in error case (Nick Wellnhofer), |
| Fix a couple of missing NULL checks (Gaurav), |
| Avoid a possibility of dangling encoding handler (Gaurav), |
| Fix HTML push parser to accept HTML_PARSE_NODEFDTD (Arnold Hendriks), |
| Fix a bug loading some compressed files (Mike Alexander), |
| Fix XPath node comparison bug (Gaurav), |
| Type mismatch in xmlschemas.c (Gaurav), |
| Type mismatch in xmlschemastypes.c (Gaurav), |
| Avoid a deadcode in catalog.c (Daniel Veillard), |
| run close socket on Solaris, same as we do on other platforms (Denis Pauk), |
| Fix pointer dereferenced before null check (Gaurav), |
| Fix a potential NULL dereference in tree code (Daniel Veillard), |
| Fix potential NULL pointer dereferences in regexp code (Gaurav), |
| xmllint --pretty crashed without following numeric argument (Tim Galeckas), |
| Fix XPath expressions of the form '@ns:*' (Nick Wellnhofer), |
| Fix XPath '//' optimization with predicates (Nick Wellnhofer), |
| Clear up a potential NULL dereference (Daniel Veillard), |
| Fix a possible NULL dereference (Gaurav), |
| Avoid crash if allocation fails (Daniel Veillard), |
| Remove occasional leading space in XPath number formatting (Daniel Veillard), |
| Fix handling of mmap errors (Daniel Veillard), |
| Catch malloc error and exit accordingly (Daniel Veillard), |
| missing else in xlink.c (Ami Fischman), |
| Fix a parsing bug on non-ascii element and CR/LF usage (Daniel Veillard), |
| Fix a regression in xmlGetDocCompressMode() (Daniel Veillard), |
| properly quote the namespace uris written out during c14n (Aleksey Sanin), |
| Remove premature XInclude check on URI being relative (Alexey Neyman), |
| Fix missing break on last() function for attributes (dcb), |
| Do not URI escape in server side includes (Romain Bondue), |
| Fix an error in xmlCleanupParser (Alexander Pastukhov) |
| |
| - Documentation: |
| typo in error messages "colon are forbidden from..." (Daniel Veillard), |
| Fix a link to James SAX documentation old page (Daniel Veillard), |
| Fix typos in relaxng.c (Jan Pokorný), |
| Fix a doc typo (Daniel Veillard), |
| Fix typos in {tree,xpath}.c (errror) (Jan Pokorný), |
| Add limitations about encoding conversion (Daniel Veillard), |
| Fix typos in xmlschemas{,types}.c (Jan Pokorný), |
| Fix incorrect spelling entites->entities (Jan Pokorný), |
| Forgot to document 2.9.1 release, regenerate docs (Daniel Veillard) |
| |
| - Portability: |
| AC_CONFIG_FILES and executable bit (Roumen Petrov), |
| remove HAVE_CONFIG_H dependency in testlimits.c (Roumen Petrov), |
| fix some tabs mixing incompatible with python3 (Roumen Petrov), |
| Visual Studio 14 CTP defines snprintf() (Francis Dupont), |
| OS400: do not try to copy unexisting doc files (Patrick Monnerat), |
| OS400: use either configure.ac or configure.in. (Patrick Monnerat), |
| os400: make-src.sh: create physical file with target CCSID (Patrick Monnerat), |
| OS400: Add some more C macros equivalent procedures. (Patrick Monnerat), |
| OS400: use C macros to implement equivalent RPG support procedures. (Patrick Monnerat), |
| OS400: implement XPath macros as procedures for ILE/RPG support. (Patrick Monnerat), |
| OS400: include in distribution tarball. (Patrick Monnerat), |
| OS400: Add README: compilation directives and OS/400 specific stuff. (Patrick Monnerat), |
| OS400: Add compilation scripts. (Patrick Monnerat), |
| OS400: ILE RPG language header files. (Patrick Monnerat), |
| OS400: implement some macros as functions for ILE/RPG language support (that as no macros). (Patrick Monnerat), |
| OS400: UTF8<-->EBCDIC wrappers for system and external library calls (Patrick Monnerat), |
| OS400: Easy character transcoding support (Patrick Monnerat), |
| OS400: iconv functions compatibility wrappers and table builder. (Patrick Monnerat), |
| OS400: create architecture directory. Implement dlfcn emulation. (Patrick Monnerat), |
| Fix building when configuring without xpath and xptr (Daniel Veillard), |
| configure: Add --with-python-install-dir (Jonas Eriksson), |
| Fix compilation with minimum and xinclude. (Nicolas Le Cam), |
| Compile out use of xmlValidateNCName() when not available. (Nicolas Le Cam), |
| Fix compilation with minimum and schematron. (Nicolas Le Cam), |
| Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). (Nicolas Le Cam), |
| Don't use xmlValidateName() when not available. (Nicolas Le Cam), |
| Fix a portability issue on Windows (Longstreth Jon), |
| Various portability patches for OpenVMS (Jacob (Jouk) Jansen), |
| Use specific macros for portability to OS/400 (Patrick Monnerat), |
| Add macros needed for OS/400 portability (Patrick Monnerat), |
| Portability patch for fopen on OS/400 (Patrick Monnerat), |
| Portability fixes for OS/400 (Patrick Monnerat), |
| Improve va_list portability (Patrick Monnerat), |
| Portability fix (Patrick Monnerat), |
| Portability fix (Patrick Monnerat), |
| Generic portability fix (Patrick Monnerat), |
| Shortening lines in headers (Patrick Monnerat), |
| build: Use pkg-config to find liblzma in preference to AC_CHECK_LIB (Philip Withnall), |
| build: Add @LZMA_LIBS@ to libxml’s pkg-config files (Philip Withnall), |
| fix some tabs mixing incompatible with python3 (Daniel Veillard), |
| add additional defines checks for support "./configure --with-minimum" (Denis Pauk), |
| Another round of fixes for older versions of Python (Arfrever Frehtes Taifersar Arahesis), |
| python: fix drv_libxml2.py for python3 compatibility (Alexandre Rostovtsev), |
| python: Fix compiler warnings when building python3 bindings (Armin K), |
| Fix for compilation with python 2.6.8 (Petr Sumbera) |
| |
| - Improvements: |
| win32/libxml2.def.src after rebuild in doc (Roumen Petrov), |
| elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() (Roumen Petrov), |
| elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode (Roumen Petrov), |
| Provide cmake module (Samuel Martin), |
| Fix a couple of issues raised by make dist (Daniel Veillard), |
| Fix and add const qualifiers (Kurt Roeckx), |
| Preparing for upcoming release of 2.9.2 (Daniel Veillard), |
| Fix zlib and lzma libraries check via command line (Dmitriy), |
| wrong error column in structured error when parsing end tag (Juergen Keil), |
| doc/news.html: small update to avoid line join while generating NEWS. (Patrick Monnerat), |
| Add methods for python3 iterator (Ron Angeles), |
| Support element node traversal in document fragments. (Kyle VanderBeek), |
| xmlNodeSetName: Allow setting the name to a substring of the currently set name (Tristan Van Berkom), |
| Added macros for argument casts (Eric Zurcher), |
| adding init calls to xml and html Read parsing entry points (Daniel Veillard), |
| Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c (Jan Pokorný), |
| Implement choice for name classes on attributes (Shaun McCance), |
| Two small namespace tweaks (Daniel Veillard), |
| xmllint --memory should fail on empty files (Daniel Veillard), |
| Cast encoding name to char pointer to match arg type (Nikolay Sivov) |
| |
| - Cleanups: |
| Removal of old configure.in (Daniel Veillard), |
| Unreachable code in tree.c (Gaurav Gupta), |
| Remove a couple of dead conditions (Gaurav Gupta), |
| Avoid some dead code and cleanup in relaxng.c (Gaurav), |
| Drop not needed checks (Denis Pauk), |
| Fix a wrong test (Daniel Veillard) |
| |
| |
| </changes> |
| </product> |
| </xsa> |