diff options
Diffstat (limited to 'doc/libxml2.xsa')
-rw-r--r-- | doc/libxml2.xsa | 253 |
1 files changed, 170 insertions, 83 deletions
diff --git a/doc/libxml2.xsa b/doc/libxml2.xsa index da61d57d..0825d53f 100644 --- a/doc/libxml2.xsa +++ b/doc/libxml2.xsa @@ -8,95 +8,182 @@ </vendor> <product id="libxml2"> <name>libxml2</name> - <version>2.9.1</version> - <last-release> Apr 19 2013</last-release> + <version>2.9.2</version> + <last-release> Oct 16 2014</last-release> <info-url>http://xmlsoft.org/</info-url> - <changes> - Features: - Support for Python3 (Daniel Veillard), - Add xmlXPathSetContextNode and xmlXPathNodeEval (Alex Bligh) + <changes> - Security: + Fix for CVE-2014-3660 billion laugh variant (Daniel Veillard), + CVE-2014-0191 Do not fetch external parameter entities (Daniel Veillard) - - Documentation: - Add documentation for xmllint --xpath (Daniel Veillard), - Fix the URL of the SAX documentation from James (Daniel Veillard), - Fix spelling of "length". (Michael Wood) + - Bug Fixes: + fix memory leak xml header encoding field with XML_PARSE_IGNORE_ENC (Bart De Schuymer), + xmlmemory: handle realloc properly (Yegor Yefremov), + Python generator bug raised by the const change (Daniel Veillard), + Windows Critical sections not released correctly (Daniel Veillard), + Parser error on repeated recursive entity expansion containing &lt; (Daniel Veillard), + xpointer : fixing Null Pointers (Gaurav Gupta), + Remove Unnecessary Null check in xpointer.c (Gaurav Gupta), + parser bug on misformed namespace attributes (Dennis Filder), + Pointer dereferenced before null check (Daniel Veillard), + Leak of struct addrinfo in xmlNanoFTPConnect() (Gaurav Gupta), + Possible overflow in HTMLParser.c (Daniel Veillard), + python/tests/sync.py assumes Python dictionaries are ordered (John Beck), + Fix Enum check and missing break (Gaurav Gupta), + xmlIO: Handle error returns from dup() (Philip Withnall), + Fix a problem properly saving URIs (Daniel Veillard), + wrong error column in structured error when parsing attribute values (Juergen Keil), + wrong error column in structured error when skipping whitespace in xml decl (Juergen Keil), + no error column in structured error handler for xml schema validation errors (Juergen Keil), + Couple of Missing Null checks (Gaurav Gupta), + Add couple of missing Null checks (Daniel Veillard), + xmlschemastypes: Fix potential array overflow (Philip Withnall), + runtest: Fix a memory leak on parse failure (Philip Withnall), + xmlIO: Fix an FD leak on gzdopen() failure (Philip Withnall), + xmlcatalog: Fix a memory leak on quit (Philip Withnall), + HTMLparser: Correctly initialise a stack allocated structure (Philip Withnall), + Check for tmon in _xmlSchemaDateAdd() is incorrect (David Kilzer), + Avoid Possible Null Pointer in trio.c (Gaurav Gupta), + Fix processing in SAX2 in case of an allocation failure (Daniel Veillard), + XML Shell command "cd" does not handle "/" at end of path (Daniel Veillard), + Fix various Missing Null checks (Gaurav Gupta), + Fix a potential NULL dereference (Daniel Veillard), + Add a couple of misisng check in xmlRelaxNGCleanupTree (Gaurav Gupta), + Add a missing argument check (Gaurav Gupta), + Adding a check in case of allocation error (Gaurav Gupta), + xmlSaveUri() incorrectly recomposes URIs with rootless paths (Dennis Filder), + Adding some missing NULL checks (Gaurav), + Fixes for xmlInitParserCtxt (Daniel Veillard), + Fix regressions introduced by CVE-2014-0191 patch (Daniel Veillard), + erroneously ignores a validation error if no error callback set (Daniel Veillard), + xmllint was not parsing the --c14n11 flag (Sérgio Batista), + Avoid Possible null pointer dereference in memory debug mode (Gaurav), + Avoid Double Null Check (Gaurav), + Restore context size and position after XPATH_OP_ARG (Nick Wellnhofer), + Fix xmlParseInNodeContext() if node is not element (Daniel Veillard), + Avoid a possible NULL pointer dereference (Gaurav), + Fix xmlTextWriterWriteElement when a null content is given (Daniel Veillard), + Fix an typo 'onrest' in htmlScriptAttributes (Daniel Veillard), + fixing a ptotential uninitialized access (Daniel Veillard), + Fix an fd leak in an error case (Daniel Veillard), + Missing initialization for the catalog module (Daniel Veillard), + Handling of XPath function arguments in error case (Nick Wellnhofer), + Fix a couple of missing NULL checks (Gaurav), + Avoid a possibility of dangling encoding handler (Gaurav), + Fix HTML push parser to accept HTML_PARSE_NODEFDTD (Arnold Hendriks), + Fix a bug loading some compressed files (Mike Alexander), + Fix XPath node comparison bug (Gaurav), + Type mismatch in xmlschemas.c (Gaurav), + Type mismatch in xmlschemastypes.c (Gaurav), + Avoid a deadcode in catalog.c (Daniel Veillard), + run close socket on Solaris, same as we do on other platforms (Denis Pauk), + Fix pointer dereferenced before null check (Gaurav), + Fix a potential NULL dereference in tree code (Daniel Veillard), + Fix potential NULL pointer dereferences in regexp code (Gaurav), + xmllint --pretty crashed without following numeric argument (Tim Galeckas), + Fix XPath expressions of the form '@ns:*' (Nick Wellnhofer), + Fix XPath '//' optimization with predicates (Nick Wellnhofer), + Clear up a potential NULL dereference (Daniel Veillard), + Fix a possible NULL dereference (Gaurav), + Avoid crash if allocation fails (Daniel Veillard), + Remove occasional leading space in XPath number formatting (Daniel Veillard), + Fix handling of mmap errors (Daniel Veillard), + Catch malloc error and exit accordingly (Daniel Veillard), + missing else in xlink.c (Ami Fischman), + Fix a parsing bug on non-ascii element and CR/LF usage (Daniel Veillard), + Fix a regression in xmlGetDocCompressMode() (Daniel Veillard), + properly quote the namespace uris written out during c14n (Aleksey Sanin), + Remove premature XInclude check on URI being relative (Alexey Neyman), + Fix missing break on last() function for attributes (dcb), + Do not URI escape in server side includes (Romain Bondue), + Fix an error in xmlCleanupParser (Alexander Pastukhov) - - Portability: - Fix python bindings with versions older than 2.7 (Daniel Veillard), - rebuild docs:Makefile.am (Roumen Petrov), - elfgcchack.h after rebuild in doc (Roumen Petrov), - elfgcchack for buf module (Roumen Petrov), - Fix a uneeded and wrong extra link parameter (Daniel Veillard), - Few cleanup patches for Windows (Denis Pauk), - Fix rpmbuild --nocheck (Mark Salter), - Fix for win32/configure.js and WITH_THREAD_ALLOC (Daniel Richard), - Fix Broken multi-arch support in xml2-config (Daniel Veillard), - Fix a portability issue for GCC < 3.4.0 (Daniel Veillard), - Windows build fixes (Daniel Richard), - Fix a thread portability problem (Friedrich Haubensak), - Downgrade autoconf requirement to 2.63 (Daniel Veillard) + - Documentation: + typo in error messages "colon are forbidden from..." (Daniel Veillard), + Fix a link to James SAX documentation old page (Daniel Veillard), + Fix typos in relaxng.c (Jan Pokorný), + Fix a doc typo (Daniel Veillard), + Fix typos in {tree,xpath}.c (errror) (Jan Pokorný), + Add limitations about encoding conversion (Daniel Veillard), + Fix typos in xmlschemas{,types}.c (Jan Pokorný), + Fix incorrect spelling entites->entities (Jan Pokorný), + Forgot to document 2.9.1 release, regenerate docs (Daniel Veillard) - - Bug Fixes: - Fix a linking error for python bindings (Daniel Veillard), - Fix a couple of return without value (Jüri Aedla), - Improve the hashing functions (Daniel Franke), - Improve handling of xmlStopParser() (Daniel Veillard), - Remove risk of lockup in dictionary initialization (Daniel Veillard), - Activate detection of encoding in external subset (Daniel Veillard), - Fix an output buffer flushing conversion bug (Mikhail Titov), - Fix an old bug in xmlSchemaValidateOneElement (Csaba László), - Fix configure cannot remove messages (Gilles Espinasse), - fix schema validation in combination with xsi:nil (Daniel Veillard), - xmlCtxtReadFile doesn't work with literal IPv6 URLs (Steve Wolf), - Fix a few problems with setEntityLoader (Alexey Neyman), - Detect excessive entities expansion upon replacement (Daniel Veillard), - Fix the flushing out of raw buffers on encoding conversions (Daniel, -Veillard), - Fix some buffer conversion issues (Daniel Veillard), - When calling xmlNodeDump make sure we grow the buffer quickly (Daniel, -Veillard), - Fix an error in the progressive DTD parsing code (Dan Winship), - xmllint should not load DTD by default when using the reader (Daniel, -Veillard), - Try IBM-037 when looking for EBCDIC handlers (Petr Sumbera), - Fix potential out of bound access (Daniel Veillard), - Fix large parse of file from memory (Daniel Veillard), - Fix a bug in the nsclean option of the parser (Daniel Veillard), - Fix a regression in 2.9.0 breaking validation while streaming (Daniel, -Veillard), - Remove potential calls to exit() (Daniel Veillard) + - Portability: + AC_CONFIG_FILES and executable bit (Roumen Petrov), + remove HAVE_CONFIG_H dependency in testlimits.c (Roumen Petrov), + fix some tabs mixing incompatible with python3 (Roumen Petrov), + Visual Studio 14 CTP defines snprintf() (Francis Dupont), + OS400: do not try to copy unexisting doc files (Patrick Monnerat), + OS400: use either configure.ac or configure.in. (Patrick Monnerat), + os400: make-src.sh: create physical file with target CCSID (Patrick Monnerat), + OS400: Add some more C macros equivalent procedures. (Patrick Monnerat), + OS400: use C macros to implement equivalent RPG support procedures. (Patrick Monnerat), + OS400: implement XPath macros as procedures for ILE/RPG support. (Patrick Monnerat), + OS400: include in distribution tarball. (Patrick Monnerat), + OS400: Add README: compilation directives and OS/400 specific stuff. (Patrick Monnerat), + OS400: Add compilation scripts. (Patrick Monnerat), + OS400: ILE RPG language header files. (Patrick Monnerat), + OS400: implement some macros as functions for ILE/RPG language support (that as no macros). (Patrick Monnerat), + OS400: UTF8<-->EBCDIC wrappers for system and external library calls (Patrick Monnerat), + OS400: Easy character transcoding support (Patrick Monnerat), + OS400: iconv functions compatibility wrappers and table builder. (Patrick Monnerat), + OS400: create architecture directory. Implement dlfcn emulation. (Patrick Monnerat), + Fix building when configuring without xpath and xptr (Daniel Veillard), + configure: Add --with-python-install-dir (Jonas Eriksson), + Fix compilation with minimum and xinclude. (Nicolas Le Cam), + Compile out use of xmlValidateNCName() when not available. (Nicolas Le Cam), + Fix compilation with minimum and schematron. (Nicolas Le Cam), + Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). (Nicolas Le Cam), + Don't use xmlValidateName() when not available. (Nicolas Le Cam), + Fix a portability issue on Windows (Longstreth Jon), + Various portability patches for OpenVMS (Jacob (Jouk) Jansen), + Use specific macros for portability to OS/400 (Patrick Monnerat), + Add macros needed for OS/400 portability (Patrick Monnerat), + Portability patch for fopen on OS/400 (Patrick Monnerat), + Portability fixes for OS/400 (Patrick Monnerat), + Improve va_list portability (Patrick Monnerat), + Portability fix (Patrick Monnerat), + Portability fix (Patrick Monnerat), + Generic portability fix (Patrick Monnerat), + Shortening lines in headers (Patrick Monnerat), + build: Use pkg-config to find liblzma in preference to AC_CHECK_LIB (Philip Withnall), + build: Add @LZMA_LIBS@ to libxml’s pkg-config files (Philip Withnall), + fix some tabs mixing incompatible with python3 (Daniel Veillard), + add additional defines checks for support "./configure --with-minimum" (Denis Pauk), + Another round of fixes for older versions of Python (Arfrever Frehtes Taifersar Arahesis), + python: fix drv_libxml2.py for python3 compatibility (Alexandre Rostovtsev), + python: Fix compiler warnings when building python3 bindings (Armin K), + Fix for compilation with python 2.6.8 (Petr Sumbera) - - Improvements: - Regenerated API, and testapi, rebuild documentation (Daniel Veillard), - Fix tree iterators broken by 2to3 script (Daniel Veillard), - update all tests for Python3 and Python2 (Daniel Veillard), - A few more fixes for python 3 affecting libxml2.py (Daniel Veillard), - Fix compilation on Python3 (Daniel Veillard), - Converting apibuild.py to python3 (Daniel Veillard), - First pass at starting porting to python3 (Daniel Veillard), - updated configure.in for python3 (Daniel Veillard), - Add support for xpathRegisterVariable in Python (Shaun McCance), - Added a regression tests from bug 694228 data (Daniel Veillard), - Cache presence of '<' in entities content (Daniel Veillard), - Avoid extra processing on entities (Daniel Veillard), - Python binding for xmlRegisterInputCallback (Alexey Neyman), - Python bindings: DOM casts everything to xmlNode (Alexey Neyman), - Define LIBXML_THREAD_ALLOC_ENABLED via xmlversion.h (Tim Starling), - Adding streaming validation to runtest checks (Daniel Veillard), - Add a --pushsmall option to xmllint (Daniel Veillard) + - Improvements: + win32/libxml2.def.src after rebuild in doc (Roumen Petrov), + elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() (Roumen Petrov), + elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode (Roumen Petrov), + Provide cmake module (Samuel Martin), + Fix a couple of issues raised by make dist (Daniel Veillard), + Fix and add const qualifiers (Kurt Roeckx), + Preparing for upcoming release of 2.9.2 (Daniel Veillard), + Fix zlib and lzma libraries check via command line (Dmitriy), + wrong error column in structured error when parsing end tag (Juergen Keil), + doc/news.html: small update to avoid line join while generating NEWS. (Patrick Monnerat), + Add methods for python3 iterator (Ron Angeles), + Support element node traversal in document fragments. (Kyle VanderBeek), + xmlNodeSetName: Allow setting the name to a substring of the currently set name (Tristan Van Berkom), + Added macros for argument casts (Eric Zurcher), + adding init calls to xml and html Read parsing entry points (Daniel Veillard), + Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c (Jan Pokorný), + Implement choice for name classes on attributes (Shaun McCance), + Two small namespace tweaks (Daniel Veillard), + xmllint --memory should fail on empty files (Daniel Veillard), + Cast encoding name to char pointer to match arg type (Nikolay Sivov) - - Cleanups: - Switched comment in file to UTF-8 encoding (Daniel Veillard), - Extend gitignore (Daniel Veillard), - Silent the new python test on input (Alexey Neyman), - Cleanup of a duplicate test (Daniel Veillard), - Cleanup on duplicate test expressions (Daniel Veillard), - Fix compiler warning after 153cf15905cf4ec080612ada6703757d10caba1e (Patrick, -Gansterer), - Spec cleanups and a fix for multiarch support (Daniel Veillard), - Silence a clang warning (Daniel Veillard), - Cleanup the Copyright to be pure MIT Licence wording (Daniel Veillard), - rand_seed should be static in dict.c (Wouter Van Rooy), - Fix typos in parser comments (Jan Pokorný) + - Cleanups: + Removal of old configure.in (Daniel Veillard), + Unreachable code in tree.c (Gaurav Gupta), + Remove a couple of dead conditions (Gaurav Gupta), + Avoid some dead code and cleanup in relaxng.c (Gaurav), + Drop not needed checks (Denis Pauk), + Fix a wrong test (Daniel Veillard) </changes> |