mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
f89feeb1977569a136e0aa4e68bd050c5e03f1cd
21 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Adolf Belka
|
55d134a365 |
libxml2: Update to version 2.12.3
- Update from version 2.11.4 to 2.12.3
- Update of rootfile
- Changelog
2.12.3: Dec 12 2023
### Regressions
- parser: Fix namespaces redefined from default attributes
### Build fixes
- include: Rename XML_EMPTY helper macro
- include: Move declaration of xmlInitGlobals
- include: Add missing includes
- include: Move globals from xmlsave.h to parser.h
- include: Readd circular dependency between tree.h and parser.h
2.12.2: Dec 5 2023
### Regressions
- parser: Fix invalid free in xmlParseBalancedChunkMemoryRecover
- globals: Disable TLS in static Windows builds
- html: Reenable buggy detection of XML declarations
- tree: Fix regression when copying DTDs
- parser: Make CRLF increment line number
### Build fixes
- build: Disable compiler TLS by default
- cmake: Update config.h.cmake.in
- tests: Fix tests --with-valid --without-xinclude
2.12.1: Nov 23 2023
### Regressions
- hash: Fix deletion of entries during scan
- parser: Only enable SAX2 if there are SAX2 element handlers
### Build fixes
- autotools: Stop checking for snprintf
- dict: Fix '__thread' before 'static'
- fix: pthread weak references in globals.c (Mike Dalessio)
- tests: Fix build with older MSVC
2.12.0: Nov 16 2023
### Major changes
Most of the known issues leading to quadratic behavior in the XML parser
were fixed. Internal hash tables were rewritten to reduce memory
consumption.
Starting with this release, it should be enough to add the --with-legacy
configuration option to provide maximum ABI compatibility. For example,
if a code module was removed from the default configuration, the option
will add stubs for the removed symbols.
libxml2 will now store global variables in thread-local storage if supported
by the compiler. This avoids allocating the data lazily which can result in
a fatal error condition. A new API function xmlCheckThreadLocalStorage
was added so the allocation can be checked earlier if compiler TLS is not
supported. To prepare for future improvements, some API functions now expect
or return a const xmlError struct.
Several cyclic dependencies in public header files were fixed. As a result,
certain headers won't include other headers as before.
Refactoring of the encoding code has been mostly completed. Calling
xmlSwitchEncoding from client code is now fully supported, for example to
override the encoding for the push parser.
When parsing data from memory, libxml2 will now stream data chunk by chunk
instead of copying the whole buffer (possibly twice with encodings),
reducing peak memory consumption considerably.
A new API function xmlCtxtSetMaxAmplification was added to allow parsing
of files that would otherwise trigger the billion laughs protection.
Several bugs in the regex determinism checks were fixed. Invalid XML
Schemas which previous versions erroneously accepted will now be
rejected.
### Deprecations
- globals: Deprecate xmlLastError
- parser: Deprecate global parser options
- win32: Deprecate old Windows build system
### Bug fixes
- parser: Stop switching to ISO-8859-1 on encoding errors
- parser: Support encoded external PEs in entity values
- string: Fix UTF-8 validation in xmlGetUTF8Char
- SAX2: Allow multiple top-level elements
- parser: Update line number after coalescing text nodes
- parser: Check for truncated multi-byte sequences
### Improvements
- error: Make more xmlError structs constant
- parser: Remove redundant IS_CHAR check in xmlCurrentChar
- parser: Fix stack handling in xmlParseTryOrFinish
- parser: Protect against quadratic default attribute expansion
- parser: Missing checks for disableSAX
- entities: Make xmlFreeEntity public
- examples: Don't use sprintf
- encoding: Suppress -Wcast-align warnings
- parser: Use hash tables to avoid quadratic behavior
- parser: Don't skip CR in xmlCurrentChar
- dict: Rewrite dictionary hash table code
- hash: Rewrite hash table code
- malloc-fail: Report malloc failure in xmlFARegExec
- malloc-fail: Report malloc failure in xmlRegEpxFromParse
- parser: Simplify xmlStringCurrentChar
- regexp: Fix status codes and handle invalid UTF-8
- error: Make xmlGetLastError return a const error
- html: Fix logic in htmlAutoClose
- globals: Move globals back to correct header files
- globals: Use thread-local storage if available
- globals: Rework global state destruction on Windows
- globals: Define globals using macros
- globals: Introduce xmlCheckThreadLocalStorage
- globals: Make xmlGlobalState private
- threads: Move library initialization code to threads.c
- debug: Remove debugging code
- globals: Move code from threads.c to globals.c
- parser: Avoid undefined behavior in xmlParseStartTag2
- schemas: Fix memory leak of annotations in notations
- dict: Update hash function
- dict: Use thread-local storage for PRNG state
- dict: Use xoroshiro64** as PRNG
- xmllint: Fix error messages
- parser: Fix detection of null bytes
- parser: Improve error handling in push parser
- parser: Don't check inputNr in xmlParseTryOrFinish
- parser: Remove push parser debugging code
- tree: Fix copying of DTDs
- legacy: Add stubs for disabled modules
- parser: Allow to set maximum amplification factor
- entities: Don't change doc when encoding entities
- parser: Never use UTF-8 encoding handler
- encoding: Remove debugging code
- malloc-fail: Fix unsigned integer overflow in xmlTextReaderPushData
- html: Remove encoding hack in htmlCreateFileParserCtxt
- parser: Decode all data in xmlCharEncInput
- parser: Stream data when reading from memory
- parser: Optimize xmlLoadEntityContent
- parser: Don't overwrite EOF parser state
- parser: Simplify input pointer updates
- parser: Don't reinitialize parser input members
- encoding: Move rawconsumed accounting to xmlCharEncInput
- parser: Rework encoding detection
- parser: Always create UTF-8 in xmlParseReference
- html: Remove some debugging code in htmlParseTryOrFinish
- malloc-fail: Fix memory leak in xmlCompileAttributeTest
- parser: Recover more input from encoding errors
- malloc-fail: Handle malloc failures in xmlAddEncodingAlias
- malloc-fail: Fix null-deref with xmllint --copy
- xpath: Ignore entity ref nodes when computing node hash
- malloc-fail: Fix null deref after xmlXIncludeNewRef
- SAX: Always validate xml:ids
- Stop using sprintf
- Fix compiler warning on GCC < 8
- regexp: Fix determinism checks
- regexp: Fix checks for eliminated transitions
- regexp: Simplify xmlFAReduceEpsilonTransitions
- regexp: Fix cycle check in xmlFAReduceEpsilonTransitions
- schemas: Fix filename in xmlSchemaValidateFile
- schemas: Fix line numbers in streaming validation
- writer: Add error check in xmlTextWriterEndDocument
- encoding: Stop calling xmlEncodingErr
- xmlIO: Remove some calls to xmlIOErr
- parser: Improve handling of encoding and IO errors
- parser: Move xmlFatalErr to parserInternals.c
- encoding: Rework error codes
- .gitignore: Split up and rearrange .gitignore files
- .gitignore: Add runsuite.log
- Stop calling xmlMemoryDump
- examples: Don't call xmlCleanupParser and xmlMemoryDump
- xpath: Remove remaining references to valueFrame
### Portability
- python: Make it compatible with python3.12 (Daniel Garcia Moreno)
### Build systems
- cmake: Check whether static linking dependencies found in config files
(James Le Cuirot)
- autotools: Make --with-minimum disable lzma support
- build: Remove some GCC warnings
- Handle NOCONFIG case when setting locations from CMake target properties
(Markus Rickert)
- cmake: Generate better pkg-config file for SYSROOT builds under CMake
(James Le Cuirot)
- autoconf: Include non-pkg-config dependency flags in the pkg-config file
(James Le Cuirot)
- autoconf: Don't bake build time CFLAGS into pkg-config file (James Le Cuirot)
- build: Generate better pkg-config files for static-only builds (James
Le Cuirot)
- build: Generate better pkg-config file for SYSROOT builds (James Le Cuirot)
- autoconf: Allow custom --with-icu configure option
### Tests
- tests: Also test xmlNextChar in testchar.c
- tests: Start with testparser.c for extra tests
- fuzz: Raise rss_limit_mb
- fuzz: Test xmlTextReaderRead after EOF or failure
- fuzz: Test XML_PARSE_XINCLUDE | XML_PARSE_VALID
- tests: Handle entities in SAX tests
- fuzz: Disable XML_PARSE_SAX1 option in xml fuzzer
- tests: Add more tests for redefined attributes
- hash: Add hash table tests
- tests: Add ATTRIBUTE_NO_SANITIZE_INTEGER macro
- fuzz: Allow to fuzz without push, reader or output modules
- gitlab-ci: Add a "medium" config build
- python: Fix tests on MinGW
- test: Add push parser test with overridden encoding
- testapi: test_xmlSAXDefaultVersion() leaves xmlSAX2DefaultVersionValue set
to 1 with LIBXML_SAX1_ENABLED (David Kilzer)
- gitlab-ci: Lower _XOPEN_SOURCE value
- testapi: Don't set http_proxy environment variable
- test: Add push parser tests for split UTF-8 sequences
- xinclude: Lower initial table size when fuzzing
- tests: Test streaming schema validation
- runtest: Skip element name in schema error messages
### Documentation
- doc: Add notes about runtest to MAINTAINERS.md
- doc: Don't document internal macros in xmlversion.h
- doc: Allow 'unsigned' without 'int'
- doc: Improve documentation of configuration options
2.11.6: Nov 16 2023
### Regressions
- threads: Fix --with-thread-alloc
- xinclude: Fix 'last' pointer in xmlXIncludeCopyNode
### Bug fixes
- parser: Fix potential use-after-free in xmlParseCharDataInternal
2.11.5: Aug 9 2023
### Regressions
- parser: Make xmlSwitchEncoding always skip the BOM
- autotools: Improve iconv check
### Bug fixes
- valid: Fix c1->parent pointer in xmlCopyDocElementContent
- encoding: Always call ucnv_convertEx with flush set to false
### Portability
- autotools: fix Python module file ext for cygwin/msys2 (Christoph Reiter)
### Tests
- runtest: Fix compilation without LIBXML_HTML_ENABLED
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
7bf6f900df |
libxml2: Update to version 2.11.4
- Update from version 2.11.1 to 2.11.4
- Update of rootfile
- Changelog
v2.11.4: May 18 2023
Fixes a serious regression.
- parser: Fix regression when push parsing UTF-8 sequences
v2.11.3: May 11 2023
Fixes more regressions.
- xinclude: Fix false positives in inclusion loop detection
- autotools: Fix ICU detection
- parser: Fix "huge input lookup" error with push parser
- xpath: Fix build without LIBXML_XPATH_ENABLED
- hash: Fix possible startup crash with old libxslt versions
- autoconf: fix iconv library paths (Mike Dalessio)
v2.11.2: May 5 2023
Fix regressions.
- threads: Fix startup crash with weak symbol hack
- win32: Don't depend on removed .def file
- schemas: Fix memory leak in xmlSchemaValidateStream
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
d2130887f7 |
libxml2: Update to version 2.11.1
- Update from version 2.10.3 to 2.11.1
- Update of rootfile
- Changelog
There were two CVE's in version 2.10.4
v2.11.1: Apr 30 2023
Fixes build and ABI issues.
- cmake: Fix va_copy detection (Luca Niccoli)
- libxml.m4: Fix quoting
- Link with --undefined-version
- libxml2.syms: Revert removal of version information
v2.11.0: Apr 28 2023
### Major changes
Protection against entity expansion attacks, also known as "billion laughs"
has been greatly improved. Malicious files should be detected reliably now
and false positives should be reduced. It is possible though that large
documents which make heavy use of entities are rejected now.
This release finally fixes symbol visibility on UNIX systems. Internal
symbols will now be hidden. While these symbols were never declared in public
headers, it was still possible to declare them manually. Now this won't work.
All symbol information has been removed from the ELF version script to fix
link errors with --no-undefined-version. The version nodes are kept so it
should still be possible to run binaries linked against older versions.
About 90 memory errors in code paths handling malloc failures have been fixed.
While these issues shouldn't impact security, this improves robustness under
memory pressure.
The XInclude engine has been reworked to properly support nested includes.
Several cases of quadratic behavior in the XML push parser have been fixed.
Refactoring has begun on some buffering and encoding code with the goal of
simplifying this part of the code base and improving error reporting.
Other highlights:
- Consolidated private header files.
- Major rework of the autoconf build.
- Deprecated several outdated and internal functions.
Special thanks to Google's Open Source Security Subsidies program for
sponsoring much of the work on this release!
Ongoing work on libxml2 relies on funding. For a list of important open
issues see <https://gitlab.gnome.org/GNOME/libxml2/-/issues/507>
### Security
- Fix use-after-free in xmlParseContentInternal() (David Kilzer)
- xmllint: Fix use-after-free with --maxmem
- parser: Fix OOB read when formatting error message
- entities: Rework entity amplification checks
### Regressions
- parser: Fix regression in xmlParserNodeInfo accounting
### Bug fixes
- Fix memory errors in code handling malloc failures
- encoding: Fix error code in asciiToUTF8
- xpath: number('-') should return NaN
- xmlParseStartTag2() contains typo when checking for default definitions for
an attribute in a namespace (David Kilzer)
- uri: Fix handling of port numbers
- error: Make sure that error messages are valid UTF-8
- xinclude: Fix nested includes
### Improvements
- xmllint: Validate --maxmem integer option
- xmlValidatePopElement() can return invalid value (-1) (David Kilzer)
- parser: Rework EBCDIC code page detection
- parser: Limit name length in xmlParseEncName
- parser: Rework shrinking of input buffers
- html: Rely on CUR_CHAR to grow the input buffer
- parser: Rely on CUR_CHAR/NEXT to grow the input buffer
- valid: Make xmlValidateElement non-recursive
- html: Fix quadratic behavior in htmlParseTryOrFinish
- xmllint: Fix memory leak with --pattern --stream
- parser: Stop calling xmlParserInputShrink
- html: Impose some length limits
- valid: Allow xmlFreeValidCtxt(NULL)
- parser: Stop calling xmlParserInputGrow
- xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt
- xinclude: Abort immediately if max depth was exceeded
- xpath: Only report the first error
- error: Don't move past current position
- error: Limit number of parser errors
- parser: Lower entity nesting limit with XML_PARSE_HUGE
- parser: Don't increase depth twice when parsing internal entities
- parser: Improve detection of entity loops
- parser: Only report a single entity error
- libxml.h: Remove dubious definition of LIBXML_STATIC
- html: Improve parsing of nested lists
- memory: Don't use locks in xmlMemUsed
- encoding: Remove unused variable xmlDefaultCharEncodingHandler
- Rework initialization code
- Add .editorconfig
- parser: Merge misc, prolog and epilog cases in push parser
- parser: Fix 'consumed' accounting when switching encodings
- html: Fix check for end of comment in push parser
- parser: Fix push parser with 1-3 byte initial chunk
- parser: Rewrite push parser boundary checks
- reader: Switch to xmlParserInputBufferCreateMem
- html: Don't escape ASCII chars in href attributes
- io: Don't shrink memory input buffers
- parser: Don't call xmlSHRINK from push parser
- parser: Ignore cdata argument in xmlParseCharData
- parser: Rework push parser parser progress checks
- io: Fix a few integer overflows in I/O statistics
- io: Rework xmlParserInputBufferGrow with encodings
- io: Remove xmlInputReadCallbackNop
- io: Check for memory buffer early in xmlParserInputGrow
- parser: Fix error message in xmlParseCommentComplex
- Bypass proxy in nanoHTTP for hosts in "no_proxy" (Markus Jörg)
- schemas: Fix infinite loop in xmlSchemaCheckElemSubstGroup
- threads: Remove check for pthread_equal
- xinclude: Rework XInclude cache
- xinclude: Remove inefficient refcounting scheme
- xmllint: Improve handling of empty XPath node sets
- parser: Fix potential memory leak in xmlParseAttValueInternal
- error: Don't use initGenericErrorDefaultFunc
- xpath: Lower XPath recursion limit on Windows
- Stop including sys/types.h
- Don't define WIN32 macro
- Make xmlNewSAXParserCtx take a const sax handler
- Consolidate private header files
- Remove internal macros from parserInternals.h
- Move some HTML functions to correct header file
- xmllint: Stop calling xmlSAXDefaultVersion
- Introduce xmlNewSAXParserCtxt and htmlNewSAXParserCtxt
- Don't mess with parser options in htmlParseDocument
- Remove useless call to htmlDefaultSAXHandlerInit
- Remove htmlDefaultSAXHandler from non-SAX1 build
- Don't initialize SAX handler in htmlReadMemory
- Fix htmlReadMemory mixing up XML and HTML functions
- Don't use default SAX handler to report unrelated errors
- Create stream with buffer in xmlNewStringInputStream
- xmlcatalog: Fix memory leaks
### Code quality
- xzlib: Fix implicit sign change in xz_open
- parser: Simplify calculation of available buffer space
- parser: Use size_t when subtracting input buffer pointers
- parser: Check for integer overflow when updating checkIndex
- xpath: Fix harmless integer overflow in xmlXPathTranslateFunction
- schematron: Use logical and
- relaxng: Remove useless if statement
- schemas: Remove useless if statement
- pattern: Merge identical branches
- regexp: Add sanity check in xmlRegCalloc2
- regexp: Simplify xmlRegAtomPush
- encoding: Cast toupper argument to unsigned char
- uri: Add explicit cast in xmlSaveUri
- buf: Fix return value of xmlBufGetInputBase
- parser: Fix integer overflow of input ID
- parser: Remove useless ent->etype test in xmlParseReference
- parser: Remove useless ent->children tests in xmlParseReference
- xmlmemory.c: Remove xmlMemContentShow
- libxml.h: Add comments and indentation
- libxml.h: Don't include stdio.h
- xmlexports.h: Disable docs for internal macro XMLPUBLIC
- parser: Simplify xmlParseConditionalSections
- io: Rearrange code in xmlSwitchInputEncodingInt
- warnings: Fix -Wstrict-prototypes warning
- warnings: Remove set-but-unused variables
- Fix compiler warnings in SAX2.c
- Fix unused variable warning in python/types.c
- Fix compiler warning in examples
- Fix compiler warnings in fuzzing code
- Remove unused code in nanohttp.c
- Remove or annotate char casts
- Don't use sizeof(xmlChar) or sizeof(char)
- Remove explicit integer casts
### Deprecations
- parser: Deprecate more internal functions
- parser: Deprecate some parser input functions
- parser: Deprecate xmlString*DecodeEntities
- threads: Deprecate some internal functions
- buf: Deprecate static/immutable buffers
- Deprecate internal parser functions
- Deprecate old HTML SAX API
- Generate deprecation warnings for old SAX API
- Mark more functions setting globals as deprecated
- Mark more parser functions as deprecated
- Mark most SAX1 functions as deprecated
- Deprecate some global variables
### Portability
- autoconf: Warn about outdated C compilers
- win32: Remove broken libxml2.def.src
- Remove symbols from version script
- catalog.c: Silence a cast warning on VS 2022 (Lukáš Tyrychtr)
- libxml.h: Remove ancient LynxOS setup
- Use python3 not python (Ross Burton)
- xstc/fixup-tests.py: port to Python 3 (Ross Burton)
- xstc/fixup-tests.py: unify whitespace (Ross Burton)
- Remove hacky heuristic from b2dc5675 (Alex Richardson)
- Avoid creating an out-of-bounds pointer by rewriting a check
(Alex Richardson)
- Hide internal functions
- Correctly relocate internal pointers after realloc() (Alex Richardson)
- Visual Studio builds: Allow silencing deprecation warnings (Chun-wei Fan)
- Visual Studio: Define XML_DEPRECATED (Chun-wei Fan)
- xmllint: Include <io.h> on Windows
- warnings: Work around MSVC bug
- sources: Silence C4013 warnings on Visual Studio (Chun-wei Fan)
- python/setup.py.in: Improve Windows import patching (Chun-wei Fan)
- python: Create .pyd on Windows
- Fix Python build on Windows
- Fix Windows compiler warnings in python/types.c
- Fix libxml_PyFileGet
- Remove BeOS support
- Fix libxml_PyFileGet with stdout on macOS
- Migrate from PyEval_ to PyObject_
- Port build_glob.py to Python 3
- Port genChRanges.py to Python 3
- xmlexports.h: Remove LIBXML_FASTCALL optimization
- Remove XMLCALL and XMLCDECL macros from public headers
- Remove XMLDECL macro from .c files
### Build systems
- cmake: Link against `dl` and `dld` only when `LIBXML2_WITH_MODULES` is
enabled (Alexander Kutelev)
- autotools: Fix make distcheck
- Remove RPM build, Makefile.tests, README.tests
- libxml.m4: deprecate AM_PATH_XML2, wrap PKG_CHECK_MODULES instead
(Ross Burton)
- libxml.m4: fix -Wstrict-prototypes (Sam James)
- cmake: Build static library with -DLIBXML_STATIC
- autotools: Don't use version script on Windows
- autotools: Fix winsock detection
- autotools: Only add network libraries if HTTP/FTP enabled
- autotools: Disable parallel Python build
- python: Don't output missing generators during build
- build: Remove check for broken ss_family
- http: Simplify IPv6 checks
- autotools: Fix network checks on Windows
- Fix detection of GNU libiconv
- cmake: Fix Python installation
- cmake: Don't check for Python 2
- configure.ac: Also check for MSYS host
- Improve network library detection
- Detect ws2_32 with AC_SEARCH_LIBS
- Rework network configure checks
- Remove arg cast configure checks
- Fix dlopen check
- Remove HAVE_WIN32_THREADS configuration flag
- Rework dlopen and pthread detection
- Fix test in configure.ac
- cmake: Enable GCC compiler warnings
- Always link with -no-undefined
- Use AM_CFLAGS and AM_LDFLAGS consistently
- Remove -Wredundant-decls
- Call AC_CHECK_* with multiple arguments
- configure.ac: Remove checks for unused programs
- Rework library detection in configure.ac
- Rearrange configure.ac
- Consolidate zlib and lzma detection
- Remove "runtime debugging"
- Consolidate simple API modules in configure.ac
- Fix dependency resolution in configure.ac
- Fix --with-valid --without-regexps build
- Fix --with-schemas --without-xpath build
- Don't build unneeded .c source files
- Move xmlIsXHTML to tree.c
- Cleanup distribution settings in Makefile.am
- Also clean *.pyc files for Python 2
- Don't distribute libxml2.spec
### Tests
- testchar: Add test for memory pull parser with encoding
- fuzz: Also test init function of URI fuzzer
- fuzz: Separate fuzzer for DTD validation
- gitlab-ci: Enable all "integer" sanitizers
- fuzz: Inject random malloc failures
- fuzz: Support variable integer sizes in fuzz data
- fuzz: Fix duplicate detection in fuzzEntityRecorder
- fuzz: Set filename in xmlFuzzEntityLoader
- fuzz: Allow xmlFuzzReadString(NULL)
- fuzz: Fix Makefile dependencies
- fuzz: Add test/recurse to seed corpus
- fuzz: Add separate XInclude fuzzer
- runsuite: Some errors are expected
- testrecurse: Test entity expansion stats
- testapi.c: Initialize catalog early
- gentest.py: Fix memory leak in API tests
- tests: Enable "runsuite" test
- python/tests/reader2: use absolute paths everywhere (Ross Burton)
- python/tests/reader2: always exit(1) if a test fails (Ross Burton)
- testModule: exit if the module can't be opened (Ross Burton)
- CI: disable modules in gcc:static build (Ross Burton)
- CI: fix CI on MinGW builds (Ross Burton)
- python: Fix memory leak checks
- tests: Check that xmlInitParser doesn't allocate memory
- tests: Fix use-after-free in Python tests
- tests: Remove unneeded #includes
- gitlab-ci: Make Test-Msvc exit if ctest fails
- gitlab-ci: Treat compiler warnings as errors on MSVC
- test: Add test for push parser boundaries
- gitlab-ci: Upgrade image to Ubuntu 22.10, reenable MSan
- gitlab-ci: Reenable LeakSanitizer
- gitlab-ci: Fix llvm-symbolizer
- xinclude: Don't create result doc for test with errors
- xinclude: Also test error messages
- gitlab-ci: Allow cast-align warnings from clang
- gitlab-ci: Fix tar invocation
- gitlab-ci: Move MSVC test to separate script
- gitlab-ci: Fix SUFFIX, remove MINGW_PATH
- gitlab-ci: Consolidate CMake test scripts
- gitlab-ci: Only install MinGW autotools if needed
- gitlab-ci: Only install cmake MinGW package if needed
- gitlab-ci: Install 7-Zip using the .msi
- Use $MSYSTEM and 'bash -lc' in MinGW CI
- Add CI job for MinGW/Autotools
- Consolidate CI scripts
- Allow empty MINGW_PACKAGE_PREFIX
- Move Dockerfile to .gitlab-ci directory
- testapi: Disable on Windows for now
- Disable fuzzer tests if glob.h wasn't found
- Move automata test to runtest.c
- Fix testapi when building --without-sax1
# Documentation
- doc: Remove ancient files
- Remove ancient TODOs
- html: Fix htmlInitAutoClose documentation
- doc: Mention new location of XML catalog as breaking change
- doc: Mention potentially breaking changes in NEWS
- doc: Remove xmlDllMain from documentation and version script
- doc: Mention ${sysconfdir} in man pages
- doc: Document xmlcatalog --convert
- doc: Document xmllint --nodict and --pedantic
- doc: Fix indentation in source XML files
- xmllint: Document --quiet option
- Improve cross-references in API docs
- Improve documentation of globals
- Fix documentation parser
- Support comments for global variables in documentation
- Fix update call in apibuild.py
- Don't index anything in DOC_DISABLE sections
- Fix warnings from apibuild.py
- Start with documentation for maintainers
v2.10.4: Apr 11 2023
### Security
- [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
- schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
### Regressions
- SAX2: Ignore namespaces in HTML documents
- io: Fix "buffer full" error with certain buffer sizes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
|
||
|
Adolf Belka
|
639e23b847 |
libxml2: Update to version 2.10.3
- Update from version 2.9.14 to 2.10.3
- Update of rootfile
- Changelog
v2.10.3: Oct 14 2022
### Security
- [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
- Fix overflow check in SAX2.c
### Portability
- win32: Fix build with VS2013
### Build system
- cmake: Set SOVERSION
v2.10.2: Aug 29 2022
### Improvements
- Remove set-but-unused variable in xmlXPathScanName
- Silence -Warray-bounds warning
### Build system
- build: require automake-1.16.3 or later (Xi Ruoyao)
- Remove generated files from distribution
### Test suite
- Don't create missing.xml when running testapi
v2.10.1: Aug 25 2022
### Regressions
- Fix xmlCtxtReadDoc with encoding
### Bug fixes
- Fix HTML parser with threads and --without-legacy
### Build system
- Fix build with Python 3.10
- cmake: Disable version script on macOS
- Remove Makefile rule to build testapi.c
### Documentation
- Switch back to HTML output for API documentation
- Port doc/examples/index.py to Python 3
- Fix order of exports in libxml2-api.xml
- Remove libxml2-refs.xml
v2.10.0: Aug 17 2022
### Security
- [CVE-2022-2309] Reset nsNr in xmlCtxtReset
- Reserve byte for NUL terminator and report errors consistently in xmlBuf and
xmlBuffer (David Kilzer)
- Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer)
- Fix integer overflow in xmlBufferDump() (David Kilzer)
- xmlBufAvail() should return length without including a byte for NUL
terminator (David Kilzer)
- Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David
Kilzer)
- Use xmlNewDocText in xmlXIncludeCopyRange
- Fix use-after-free bugs when calling xmlTextReaderClose() before
xmlFreeTextReader() on post-validating parser (David Kilzer)
- Use UPDATE_COMPAT() consistently in buf.c (David Kilzer)
- fix: xmlXPathParserContext could be double-delete in OOM case. (jinsub ahn)
### Removals and deprecations
- Disable XPointer location support by default
- Remove outdated xml2Conf.sh
- Deprecate module init and cleanup functions
- Remove obsolete XML Software Autoupdate (XSA) file
- Remove DOCBparser
- Remove obsolete Python test framework
- Remove broken VxWorks support
- Remove broken Mac OS 9 support
- Remove broken bakefile support
- Remove broken Visual Studio 2010 support
- Remove broken Windows CE support
- Deprecate IDREF-related functions in valid.h
- Deprecate legacy functions
- Disable legacy support by default
- Deprecate all functions in nanoftp.h
- Disable FTP support by default
- Add XML_DEPRECATED macro
- Remove elfgcchack.h
### Regressions
- Skip incorrectly opened HTML comments
- Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer)
### Bug fixes
- Fix memory leak with invalid XSD
- Make XPath depth check work with recursive invocations
- Fix memory leak in xmlLoadEntityContent error path
- Avoid double-free if malloc fails in inputPush
- Properly fold whitespace around the QName value when validating an XSD
schema. (Damjan Jovanovic)
- Add whitespace folding for some atomic data types that it's missing on.
(Damjan Jovanovic)
- Don't add IDs containing unexpanded entity references
### Improvements
- Avoid calling xmlSetTreeDoc
- Simplify xmlFreeNode
- Don't reset nsDef when changing node content
- Fix unintended fall-through in xmlNodeAddContentLen
- Remove unused xmlBuf functions (David Kilzer)
- Implement xpath1() XPointer scheme
- Add configuration flag for XPointer locations support
- Fix compiler warnings in Python code
- Mark more static data as `const` (David Kilzer)
- Make xmlStaticCopyNode non-recursive
- Clean up encoding switching code
- Simplify recursive pthread mutex
- Use non-recursive mutex in dict.c
- Fix parser progress checks
- Avoid arithmetic on freed pointers
- Improve buffer allocation scheme
- Remove unneeded #includes
- Add support for some non-standard escapes in regular expressions. (Damjan
Jovanovic)
- htmlParseComment: handle abruptly-closed comments (Mike Dalessio)
- Add let variable tag support (Oliver Diehl)
- Add value-of tag support (Oliver Diehl)
- Remove useless call to xmlRelaxNGCleanupTypes
- Don't include ICU headers in public headers
- Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio)
- Fix unused variable warnings with disabled features
- Only warn on invalid redeclarations of predefined entities
- Remove unneeded code in xmlreader.c
- Rework validation context flags
### Portability
- Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin)
- Fix Python tests on macOS
- Fix xmlCleanupThreads on Windows
- Fix reinitialization of library on Windows
- Don't mix declarations and code in runtest.c
- Use portable python shebangs (David Seifert)
- Use critical sections as mutex on Windows
- Don't set HAVE_WIN32_THREADS in win32config.h
- Use stdint.h with newer MSVC
- Remove cruft from win32config.h
- Remove isinf/isnan emulation in win32config.h
- Always fopen files with "rb"
- Remove __DJGPP__ checks
- Remove useless __CYGWIN__ checks
### Build system
- Don't autogenerate doc/examples/Makefile.am
- cmake: Install libxml.m4 on UNIX-like platforms (Daniel E)
- cmake: Use symbol versioning on UNIX-like platforms (Daniel E)
- Port genUnicode.py to Python 3
- Port gentest.py to Python 3
- cmake: Fix build without thread support
- cmake: Install documentation in CMAKE_INSTALL_DOCDIR
- cmake: Remove non needed files in docs dir (Daniel E)
- configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
(Christopher Degawa)
- Move local Autoconf macros into m4 directory
- Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
- Update libxml-2.0-uninstalled.pc.in
- Remove LIBS from XML_PRIVATE_LIBS
- Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
- Don't overlink executables
- cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg)
- build: Make use of variables in libxml's pkg-config file (Daniel Engberg)
- Avoid obsolescent `test -a` constructs (David Seifert)
- Move AM_MAINTAINER_MODE to AM section
- configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert)
- Streamline documentation installation
- Don't try to recreate COPYING symlink
- Detect libm using libtool's macros (David Seifert)
- configure.ac: disable static libraries by default (David Seifert)
- python/Makefile.am: nest python docs in $(docdir) (David Seifert)
- python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
- Makefile.am: install examples more idiomatically (David Seifert)
- configure.ac: remove useless AC_SUBST (David Seifert)
- Respect `--sysconfdir` in source files (David Seifert)
- Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin)
- Only install *.html and *.c example files
- Remove --with-html-dir option
- Rework documentation build system
- Remove old website
- Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
- Update genChRanges.py
- Update build_glob.py
- Remove ICONV_CONST test
- Remove obsolete AC_HEADER checks
- Don't check for standard C89 library functions
- Don't check for standard C89 headers
- Remove special configuration for certain maintainers
### Test suite, CI
- Disable network in API tests
- testapi: remove leading slash from "/missing.xml" (Mike Gilbert)
- Build Autotools CI tests out of source tree (VPATH)
- Add --with-minimum build to CI tests
- Fix warnings when testing --with-minimum build
- cmake: Run all tests when threads are disabled
- Also build CI tests with -Werror
- Move doc/examples tests to new test suite
- Simplify 'make check' targets
- Fix schemas and relaxng tests
- Remove unused result files
- Allow missing result files in runtest
- Move regexp tests to runtest
- Move SVG tests to runtest.c
- Move testModule to new test suite
- Move testThreads to new test suite
- Remove major parts of old test suite
- Make testchar return an error on failure (Tony Tascioglu)
- Add CI job for static build
- python/tests: open() relative to test scripts (David Seifert)
- Port some test scripts to Python 3
### Documentation
- Improve documentation of tree manipulation API
- Update xml2-config man page
- Consolidate man pages
- Rename xmlcatalog_man.xml
- Make examples a standalone HTML page
- Fix documentation in entities.c
- Add note about optimization flags
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
d30da847cf |
libxml2: Update to version 2.9.14
- Update from version 2.9.12 to 2.9.14
- Update of rootfile
- Changelog
v2.9.14: May 02 2022:
- Security:
[CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
Fix potential double-free in xmlXPtrStringRangeFunction
Fix memory leak in xmlFindCharEncodingHandler
Normalize XPath strings in-place
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars()
(David Kilzer)
Fix leak of xmlElementContent (David Kilzer)
- Bug fixes:
Fix parsing of subtracted regex character classes
Fix recursion check in xinclude.c
Reset last error in xmlCleanupGlobals
Fix certain combinations of regex range quantifiers
Fix range quantifier on subregex
- Improvements:
Fix recovery from invalid HTML start tags
- Build system, portability:
Define LFS macros before including system headers
Initialize XPath floating-point globals
configure: check for icu DEFS (James Hilliard)
configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
Fix build with older Python versions
Fix --without-valid build
v2.9.13: Feb 19 2022:
- Security:
[CVE-2022-23308] Use-after-free of ID and IDREF attributes
(Thanks to Shinji Sato for the report)
Use-after-free in xmlXIncludeCopyRange (David Kilzer)
Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong)
Fix memory leak in xmlXPathCompNodeTest
Fix null pointer deref in xmlStringGetNodeList
Fix several memory leaks found by Coverity (David King)
- Fixed regressions:
Fix regression in RelaxNG pattern matching
Properly handle nested documents in xmlFreeNode
Fix regression with PEs in external DTD
Fix random dropping of characters on dumping ASCII encoded XML (Mohammad Razavi)
Revert "Make schema validation fail with multiple top-level elements"
Fix regression when parsing invalid HTML tags in push mode
Fix regression parsing public IDs literals in HTML
Fix buffering in xmlOutputBufferWrite
Fix whitespace when serializing empty HTML documents
Fix XPath recursion limit
Fix regression in xmlNodeDumpOutputInternal
Work around lxml API abuse
- Bug fixes:
Fix xmlSetTreeDoc with entity references
Fix double counting of CRLF in comments
Make sure to grow input buffer in xmlParseMisc
Don't ignore xmllint options after "-"
Don't normalize namespace URIs in XPointer xmlns() scheme
Fix handling of XSD with empty namespace
Also register HTML document nodes
Make xmllint return an error if arguments are missing
Fix handling of ctxt->base in xmlXPtrEvalXPtrPart
Fix xmllint --maxmem
Fix htmlReadFd, which was using a mix of xml and html context functions (Finn Barber)
Move current position before possible calling of ctxt->sax->characters (Yulin Li)
Fix parse failure when 4-byte character in UTF-16 BE is split across a chunk (David Kilzer)
Patch to forbid epsilon-reduction of final states (Arne Becker)
Avoid segfault at exit when using custom memory functions (Mike Dalessio)
- Tests, code quality, fuzzing:
Remove .travis.yml
Make xmlFuzzReadString return a zero size in error case
Fix unused function warning in testapi.c
Update NewsML DTD in test suite
Add more checks for malloc failures in xmllint.c
Avoid potential integer overflow in xmlstring.c
Run CI tests with UBSan implicit-conversion checks
Fix casting of line numbers in SAX2.c
Fix integer conversion warnings in hash.c
Add explicit casts in runtest.c
Fix integer conversion warning in xmlIconvWrapper
Add suffix to unsigned constant in xmlmemory.c
Add explicit casts in testchar.c
Fix integer conversion warnings in xmlstring.c
Add explicit cast in xmlURIUnescapeString
Remove unused variable in xmlCharEncOutFunc (David King)
- Build system, portability:
Remove xmlwin32version.h
Fix fuzzer test with VPATH build
Support custom prefix when installing Python module
Remove Makefile.win
Remove CVS and SVN-related code
Port python 3.x module to Windows and improve distutils (Chun-wei Fan)
Correctly install the HTML examples into their subdirectory (Mattia Rizzolo)
Refactor the settings of $docdir (Mattia Rizzolo)
Remove unused configure checks (Ben Boeckel)
python/Makefile.am: use *_LIBADD, not *_LDFLAGS for LIBS (Sam James)
Fix check for libtool in autogen.sh
Use version in configure.ac for CMake (Timothy Lyanguzov)
Add CMake alias targets for embedded projects (Markus Rickert)
- Documentation:
Remove SVN keyword anchors
Rework README
Remove README.cvs-commits
Remove old ChangeLog
Update hyperlinks
Remove README.docs
Remove MAINTAINERS
Remove xmltutorial.pdf
Upload documentation to GitLab pages
Document how to escape XML_CATALOG_FILES
Fix libxml2.doap
Update URL for libxml++ C++ binding (Kjell Ahlstedt)
Generate devhelp2 index file (Emmanuele Bassi)
Mention XML_CATALOG_FILES is space-separated (Jan Tojnar)
Add documentaiton for xmllint exit code 10 (Rainer Canavan)
Fix some validation errors in the FAQ (David King)
Add instructions on how to use CMake to compile libxml (Markus Rickert)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
Peter Müller
|
9a7e4d8506 |
Switch checksums from MD5 to BLAKE2
Historically, the MD5 checksums in our LFS files serve as a protection against broken downloads, or accidentally corrupted source files. While the sources are nowadays downloaded via HTTPS, it make sense to beef up integrity protection for them, since transparently intercepting TLS is believed to be feasible for more powerful actors, and the state of the public PKI ecosystem is clearly not helping. Therefore, this patch switches from MD5 to BLAKE2, updating all LFS files as well as make.sh to deal with this checksum algorithm. BLAKE2 is notably faster (and more secure) than SHA2, so the performance penalty introduced by this patch is negligible, if noticeable at all. In preparation of this patch, the toolchain files currently used have been supplied with BLAKE2 checksums as well on https://source.ipfire.org/. Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremeripfire.org> |
||
|
Adolf Belka
|
44f511ee10 |
libxml2: Update to version 2.9.12
- Update from 2.9.10 to 2.9.12 - Update rootfile - Changelog for 2.9.11 is too large to put all of it here. Full details can be found at http://www.xmlsoft.org/news.html Git commit comments:- 2.9.12 Brown paper bag release, some recently added sources were missing from the 2.9.11 tarball 2.9.11 Prompted by CVE-2021-3541, but this includes an awful lot of serious bug fixes by Nick and others Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
607754d63d |
libxml2: Update to disable python2 modules
- Added --without-python to configure section to not build the python2 modules which are not required for libxml2 use in IPFire - Update rootfile Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
35b2b3c619 |
libxml2: Update to 2.9.10
- Update from 2.9.4 to 2.9.10
- Update of rootfile
- Changelog
v2.9.10: Oct 30 2019
Documentation:
Fix a few more typos ("fonction") (Nick Wellnhofer),
Large batch of typo fixes (Jared Yanovich),
Fix typos: tree: move{ -> s}, reconcil{i -> }ed, h{o -> e}ld by... (Jan Pokorný),
Fix typo: xpath: simpli{ -> fi}ed (Jan Pokorný),
Doc: do not mislead towards "infeasible" scenario wrt. xmlBufNodeDump (Jan Pokorný),
Fix comments in test code (zhouzhongyuan),
fix comment in testReader.c (zhouzhongyuan)
Portability:
Fix some release issues on Fedora 30 (Daniel Veillard),
Fix exponent digits when running tests under old MSVC (Daniel Richard G),
Work around buggy ceil() function on AIX (Daniel Richard G),
Don't call printf with NULL string in runtest.c (Daniel Richard G),
Switched from unsigned long to ptrdiff_t in parser.c (Stephen Chenney),
timsort.h: support older GCCs (Jérôme Duval),
Make configure.ac work with older pkg-config (Nick Wellnhofer),
Stop defining _REENTRANT on some Win32 platforms (Nick Wellnhofer),
Fix nanohttp.c on MinGW (Nick Wellnhofer),
Fix Windows compiler warning in testC14N.c (Nick Wellnhofer),
Merge testThreadsWin32.c into testThreads.c (Nick Wellnhofer),
Fix Python bindings under Windows (Nick Wellnhofer)
Bug Fixes:
Another fix for conditional sections at end of document (Nick Wellnhofer),
Fix for conditional sections at end of document (Nick Wellnhofer),
Make sure that Python tests exit with error code (Nick Wellnhofer),
Audit memory error handling in xpath.c (Nick Wellnhofer),
Fix error code in xmlTextWriterStartDocument (Nick Wellnhofer),
Fix integer overflow when counting written bytes (Nick Wellnhofer),
Fix uninitialized memory access in HTML parser (Nick Wellnhofer),
Fix memory leak in xmlSchemaValAtomicType (Nick Wellnhofer),
Disallow conditional sections in internal subset (Nick Wellnhofer),
Fix use-after-free in xmlTextReaderFreeNodeList (Nick Wellnhofer),
Fix Regextests (Nick Wellnhofer),
Fix empty branch in regex (Nick Wellnhofer),
Fix integer overflow in entity recursion check (Nick Wellnhofer),
Don't read external entities or XIncludes from stdin (Nick Wellnhofer),
Fix Schema determinism check of ##other namespaces (Nick Wellnhofer),
Fix potential null deref in xmlSchemaIDCFillNodeTables (zhouzhongyuan),
Fix potential memory leak in xmlBufBackToBuffer (Nick Wellnhofer),
Fix error message when processing XIncludes with fallbacks (Nick Wellnhofer),
Fix memory leak in xmlRegEpxFromParse (zhouzhongyuan),
14:00 is a valid timezone for xs:dateTime (Nick Wellnhofer),
Fix memory leak in xmlParseBalancedChunkMemoryRecover (Zhipeng Xie),
Fix potential null deref in xmlRelaxNGParsePatterns (Nick Wellnhofer),
Misleading error message with xs:{min|max}Inclusive (bettermanzzy),
Fix memory leak in xmlXIncludeLoadTxt (Wang Kirin),
Partial fix for comparison of xs:durations (Nick Wellnhofer),
Fix null deref in xmlreader buffer (zhouzhongyuan),
Fix unability to RelaxNG-validate grammar with choice-based name class (Jan Pokorný),
Fix unability to validate ambiguously constructed interleave for RelaxNG (Jan Pokorný),
Fix possible null dereference in xmlXPathIdFunction (zhouzhongyuan),
fix memory leak in xmlAllocOutputBuffer (zhouzhongyuan),
Fix unsigned int overflow (Jens Eggerstedt),
dict.h: gcc 2.95 doesn't allow multiple storage classes (Nick Wellnhofer),
Fix another code path in xmlParseQName (Nick Wellnhofer),
Make sure that xmlParseQName returns NULL in error case (Nick Wellnhofer),
Fix build without reader but with pattern (Nick Wellnhofer),
Fix memory leak in xmlAllocOutputBufferInternal error path (Nick Wellnhofer),
Fix unsigned integer overflow (Nick Wellnhofer),
Fix return value of xmlOutputBufferWrite (Nick Wellnhofer),
Fix parser termination from "Double hyphen within comment" error (David Warring),
Fix call stack overflow in xmlFreePattern (Nick Wellnhofer),
Fix null deref in previous commit (Nick Wellnhofer),
Fix memory leaks in xmlXPathParseNameComplex error paths (Nick Wellnhofer),
Check for integer overflow in xmlXPtrEvalChildSeq (Nick Wellnhofer),
Fix xmllint dump of XPath namespace nodes (Nick Wellnhofer),
Fix float casts in xmlXPathSubstringFunction (Nick Wellnhofer),
Fix null deref in xmlregexp error path (Nick Wellnhofer),
Fix null pointer dereference in xmlTextReaderReadOuterXml (Nick Wellnhofer),
Fix memory leaks in xmlParseStartTag2 error paths (Nick Wellnhofer),
Fix memory leak in xmlSAX2StartElement (Nick Wellnhofer),
Fix commit "Memory leak in xmlFreeID (xmlreader.c)" (Nick Wellnhofer),
Fix NULL pointer deref in xmlTextReaderValidateEntity (Nick Wellnhofer),
Memory leak in xmlFreeTextReader (Nick Wellnhofer),
Memory leak in xmlFreeID (xmlreader.c) (Nick Wellnhofer)
Improvements:
Run XML conformance tests under CI (Nick Wellnhofer),
Update GitLab CI config (Nick Wellnhofer),
Propagate memory errors in valuePush (Nick Wellnhofer),
Propagate memory errors in xmlXPathCompExprAdd (Nick Wellnhofer),
Make xmlFreeDocElementContent non-recursive (Nick Wellnhofer),
Enable continuous integration via GitLab CI (Nick Wellnhofer),
Avoid ignored attribute warnings under GCC (Nick Wellnhofer),
Make xmlDumpElementContent non-recursive (Nick Wellnhofer),
Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE (Nick Wellnhofer),
Mark xmlExp* symbols as removed (Nick Wellnhofer),
Make xmlParseConditionalSections non-recursive (Nick Wellnhofer),
Adjust expected error in Python tests (Nick Wellnhofer),
Make xmlTextReaderFreeNodeList non-recursive (Nick Wellnhofer),
Make xmlFreeNodeList non-recursive (Nick Wellnhofer),
Make xmlParseContent and xmlParseElement non-recursive (Nick Wellnhofer),
Remove executable bit from non-executable files (Nick Wellnhofer),
Fix expected output of test/schemas/any4 (Nick Wellnhofer),
Optimize build instructions in README (zhouzhongyuan),
xml2-config.in: Output CFLAGS and LIBS on the same line (Hugh McMaster),
xml2-config: Add a --dynamic switch to print only shared libraries (Hugh McMaster),
Annotate functions with __attribute__((no_sanitize)) (Nick Wellnhofer),
Fix warnings when compiling without reader or push parser (Nick Wellnhofer),
Remove unused member `doc` in xmlSaveCtxt (Nick Wellnhofer),
Limit recursion depth in xmlXPathCompOpEvalPredicate (Nick Wellnhofer),
Remove -Wno-array-bounds (Nick Wellnhofer),
Remove unreachable code in xmlXPathCountFunction (Nick Wellnhofer),
Improve XPath predicate and filter evaluation (Nick Wellnhofer),
Limit recursion depth in xmlXPathOptimizeExpression (Nick Wellnhofer),
Disable hash randomization when fuzzing (Nick Wellnhofer),
Optional recursion limit when parsing XPath expressions (Nick Wellnhofer),
Optional recursion limit when evaluating XPath expressions (Nick Wellnhofer),
Use break statements in xmlXPathCompOpEval (Nick Wellnhofer),
Optional XPath operation limit (Nick Wellnhofer),
Fix compilation with --with-minimum (Nick Wellnhofer),
Check XPath stack after calling functions (Nick Wellnhofer),
Remove debug printf in xmlreader.c (Nick Wellnhofer),
Always define LIBXML_THREAD_ENABLED when enabled (Michael Haubenwallner),
Regenerate NEWS (Nick Wellnhofer),
Change git repo URL (Nick Wellnhofer),
Change bug tracker URL (Nick Wellnhofer),
Remove outdated HTML file (Nick Wellnhofer),
Fix unused function warning in testapi.c (Nick Wellnhofer),
Add some generated test files to .gitignore (Nick Wellnhofer),
Remove unneeded function pointer casts (Nick Wellnhofer),
Fix -Wcast-function-type warnings (GCC 8) (Nick Wellnhofer),
Fix -Wformat-truncation warnings (GCC 8) (Nick Wellnhofer)
Cleanups:
Rebuild docs (Nick Wellnhofer),
Disable xmlExp regex code (Nick Wellnhofer),
Remove redundant code in xmlRelaxNGValidateState (Nick Wellnhofer),
Remove redundant code in xmlXPathCompRelationalExpr (Nick Wellnhofer)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
Michael Tremer
|
d530953038 |
libxml2: Update automake
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Peter Müller
|
eee037b890 |
update disclaimer in LFS files
Most of these files still used old dates and/or domain names for contact mail addresses. This is now replaced by an up-to-date copyright line. Just some housekeeping... :-) Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Marcel Lorenz
|
411fb95335 |
libxml2: update to 2.9.4
http://xmlsoft.org/news.html Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Marcel Lorenz
|
f56d44e5f2 |
libxml2: update to 2.9.3
Contains security fixes and other bug fixes: CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport) CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard) CVE-2015-7499-2 Detect incoherency on GROW (Daniel Veillard) CVE-2015-7499-1 Add xmlHaltParser() to stop the parser (Daniel Veillard) CVE-2015-5312 Another entity expansion issue (David Drysdale) CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale) CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard) CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard) CVE-2015-7942-2 Fix an error in previous Conditional section patch (Daniel Veillard) CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard) CVE-2015-1819 Enforce the reader to run in constant memory (Daniel Veillard) CVE-2015-7941_2 Cleanup conditional section error handling (Daniel Veillard) CVE-2015-7941_1 Stop parsing on entities boundaries errors (Daniel Veillard) Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Matthias Fischer
|
b6128a64b8 | libxml2: Update to 2.9.2 | ||
|
Michael Tremer
|
c2741b14ef | libxml2: Update to 2.6.32. | ||
ms
|
70df830214 |
Ein Paar Dateien fuer die GPLv3 angepasst.
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@853 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 |
||
|
ms
|
e989d2d914 |
Hwinfo-Hardwareerkennung entfernt.
Alte Paketdateien entfernt, da der Packager neu geschrieben wird. git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@505 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 |
||
|
ms
|
c5568d645a |
hwinfo in den Installer gebracht.
(Erstmal nur in das Image...) git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@446 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 |
||
|
ms
|
411afd1f4b |
Zwischencommit fuer LFS.
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@320 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 |
||
|
ms
|
a8b159e729 |
Geändert:
* Packager neu erstellt. XAMPP Paket noch nicht drin. ERRORS! :( git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@175 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 |
||
|
ms
|
5e69ef1ac3 |
Hinzugefügt:
* Asterisk - mit Zaptel/LibPRI/BRISTUFF/app_fax * Spandsp * LibTIFF * LibXML2 * eDonkey-commandline-client Geändert: * busybox - tar-parameter zurückgesetzt * postfix hat Beta-Status-1 git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@101 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 |