summaryrefslogtreecommitdiff
path: root/textproc/libxml2/Makefile
AgeCommit message (Collapse)AuthorFilesLines
2022-11-23massive revision bump after textproc/icu updateadam1-1/+2
2022-05-06libxml2: update to 2.9.14, includes security fixesgutteridge1-2/+1
v2.9.14: May 02 2022: - Security: [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer Fix potential double-free in xmlXPtrStringRangeFunction Fix memory leak in xmlFindCharEncodingHandler Normalize XPath strings in-place Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer) Fix leak of xmlElementContent (David Kilzer) - Bug fixes: Fix parsing of subtracted regex character classes Fix recursion check in xinclude.c Reset last error in xmlCleanupGlobals Fix certain combinations of regex range quantifiers Fix range quantifier on subregex - Improvements: Fix recovery from invalid HTML start tags - Build system, portability: Define LFS macros before including system headers Initialize XPath floating-point globals configure: check for icu DEFS (James Hilliard) configure.ac: produce tar.xz only (GNOME policy) (David Seifert) CMakeLists.txt: Fix LIBXML_VERSION_NUMBER Fix build with older Python versions Fix --without-valid build
2022-04-18revbump for textproc/icu updateadam1-1/+2
2022-03-12textproc/libxml2: Update to 2.9.13kim1-3/+5
NEWS: v2.9.13: Feb 19 2022: - Security: [CVE-2022-23308] Use-after-free of ID and IDREF attributes (Thanks to Shinji Sato for the report) Use-after-free in xmlXIncludeCopyRange (David Kilzer) Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong) Fix memory leak in xmlXPathCompNodeTest Fix null pointer deref in xmlStringGetNodeList Fix several memory leaks found by Coverity (David King) - Fixed regressions: Fix regression in RelaxNG pattern matching Properly handle nested documents in xmlFreeNode Fix regression with PEs in external DTD Fix random dropping of characters on dumping ASCII encoded XML (Mohammad Razavi) Revert "Make schema validation fail with multiple top-level elements" Fix regression when parsing invalid HTML tags in push mode Fix regression parsing public IDs literals in HTML Fix buffering in xmlOutputBufferWrite Fix whitespace when serializing empty HTML documents Fix XPath recursion limit Fix regression in xmlNodeDumpOutputInternal Work around lxml API abuse - Bug fixes: Fix xmlSetTreeDoc with entity references Fix double counting of CRLF in comments Make sure to grow input buffer in xmlParseMisc Don't ignore xmllint options after "-" Don't normalize namespace URIs in XPointer xmlns() scheme Fix handling of XSD with empty namespace Also register HTML document nodes Make xmllint return an error if arguments are missing Fix handling of ctxt->base in xmlXPtrEvalXPtrPart Fix xmllint --maxmem Fix htmlReadFd, which was using a mix of xml and html context functions (Finn Barber) Move current position before possible calling of ctxt->sax->characters (Yulin Li) Fix parse failure when 4-byte character in UTF-16 BE is split across a chunk (David Kilzer) Patch to forbid epsilon-reduction of final states (Arne Becker) Avoid segfault at exit when using custom memory functions (Mike Dalessio) - Tests, code quality, fuzzing: Remove .travis.yml Make xmlFuzzReadString return a zero size in error case Fix unused function warning in testapi.c Update NewsML DTD in test suite Add more checks for malloc failures in xmllint.c Avoid potential integer overflow in xmlstring.c Run CI tests with UBSan implicit-conversion checks Fix casting of line numbers in SAX2.c Fix integer conversion warnings in hash.c Add explicit casts in runtest.c Fix integer conversion warning in xmlIconvWrapper Add suffix to unsigned constant in xmlmemory.c Add explicit casts in testchar.c Fix integer conversion warnings in xmlstring.c Add explicit cast in xmlURIUnescapeString Remove unused variable in xmlCharEncOutFunc (David King) - Build system, portability: Remove xmlwin32version.h Fix fuzzer test with VPATH build Support custom prefix when installing Python module Remove Makefile.win Remove CVS and SVN-related code Port python 3.x module to Windows and improve distutils (Chun-wei Fan) Correctly install the HTML examples into their subdirectory (Mattia Rizzolo) Refactor the settings of $docdir (Mattia Rizzolo) Remove unused configure checks (Ben Boeckel) python/Makefile.am: use *_LIBADD, not *_LDFLAGS for LIBS (Sam James) Fix check for libtool in autogen.sh Use version in configure.ac for CMake (Timothy Lyanguzov) Add CMake alias targets for embedded projects (Markus Rickert) - Documentation: Remove SVN keyword anchors Rework README Remove README.cvs-commits Remove old ChangeLog Update hyperlinks Remove README.docs Remove MAINTAINERS Remove xmltutorial.pdf Upload documentation to GitLab pages Document how to escape XML_CATALOG_FILES Fix libxml2.doap Update URL for libxml++ C++ binding (Kjell Ahlstedt) Generate devhelp2 index file (Emmanuele Bassi) Mention XML_CATALOG_FILES is space-separated (Jan Tojnar) Add documentaiton for xmllint exit code 10 (Rainer Canavan) Fix some validation errors in the FAQ (David King) Add instructions on how to use CMake to compile libxml (Markus Rickert)
2021-12-08revbump for icu and libffiadam1-2/+2
2021-07-21libxml2: don't show non-existent -I/usr/include in "xml2-config --cflags"tnn1-1/+2
Check that the iconv include directory actually exists before adding it to xml2-config. This fixes build of lang/llvm on Darwin. Bump PKGREVISION.
2021-05-23libxml2: update to 2.9.12nia1-2/+1
2.9.12: "Brown paper bag release, some recently added sources were missing from the 2.9.11 tarball." 2.9.11: "Prompted by CVE-2021-3541, but this includes an awful lot of serious bug fixes by Nick and others."
2021-04-21revbump for textproc/icuadam1-2/+2
2020-11-05*: Recursive revbump from textproc/icu-68.1ryoon1-2/+2
2020-06-02Revbump for icuadam1-2/+2
2020-01-24Apply upstream patch for CVE-2020-7595.kim1-1/+2
Apply upstream pull request for CVE-2019-20388.
2019-11-04textproc: align variable assignmentsrillig1-2/+2
pkglint -Wall -F --only aligned --only indent -r No manual corrections.
2019-07-03Avoid trying to disable warnings for array boundary checks on Darwin.sevan1-1/+2
On legacy toolchains e.g Tiger, it results in a hard error as it's not recognised.
2019-01-09libxml2: updated to 2.9.9adam1-5/+3
v2.9.9: Security: CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression CVE-2018-14404 Fix nullptr deref with XPath logic ops Documentation: reader: Fix documentation comment Portability: Fix MSVC build with lzma Variables need 'extern' in static lib on Cygwin Really declare dllexport/dllimport for Cygwin Merge branch 'patch-2' into 'master' Change dir to $THEDIR after ACLOCAL_PATH check autoreconf creates aclocal.m4 in $srcdir Improve error message if pkg.m4 couldn't be found NaN and Inf fixes for pre-C99 compilers Bug Fixes: Revert "Support xmlTextReaderNextSibling w/o preparsed doc" Fix building relative URIs Problem with data in interleave in RelaxNG validation Fix memory leak in xmlSwitchInputEncodingInt error path Set doc on element obtained from freeElems Fix HTML serialization with UTF-8 encoding Use actual doc in xmlTextReaderRead*Xml Unlink node before freeing it in xmlSAX2StartElement Check return value of nodePush in xmlSAX2StartElement Free input buffer in xmlHaltParser Reset HTML parser input pointers on encoding failure Don't run icu_parse_test if EUC-JP is unsupported Fix xmlSchemaValidCtxtPtr reuse memory leak Fix xmlTextReaderNext with preparsed document Remove stray character from comment Remove a misleading line from xmlCharEncOutput HTML noscript should not close p Don't change context node in xmlXPathRoot Stop using XPATH_OP_RESET Revert "Change calls to xmlCharEncInput to set flush false" Improvements: Fix "Problem with data in interleave in RelaxNG validation" cleanup: remove some unreachable code add --relative to testURI Remove redefined starts and defines inside include elements Allow choice within choice in nameClass in RELAX NG Look inside divs for starts and defines inside include Add compile and libxml2-config.cmake to .gitignore Stop using doc->charset outside parser code Add newlines to 'xmllint --xpath' output Don't include SAX.h from globals.h Support xmlTextReaderNextSibling w/o preparsed doc Don't instruct user to run make when autogen.sh failed Run Travis ASan tests with "sudo: required" Improve restoring of context size and position Simplify and harden nodeset filtering Avoid unnecessary backups of the context node Fix inconsistency in xmlXPathIsInf
2018-11-09libxml2: Add a patch from upstream to fix CVE-2017-8872leot1-2/+2
Patch provided by Attila Fülöp via PR pkg/53704, thanks!
2018-10-13libxml2: Backport upstream patch for CVE-2018-9251 and CVE-2018-14567leot1-2/+2
2018-08-09textproc/libxml2: Fix CVE-2018-14404.snj1-2/+2
Bump PKGREVISION.
2018-06-20libxml2: Fix for CVE-2018-9251tez1-1/+3
from https://bugzilla.gnome.org/show_bug.cgi?id=794914
2018-03-14libxml2: fix compilation on Solaris 11.3maya1-1/+3
We use INFINITY which is available on C99 and later, so be explicit that we compile C99 code. Also tested as compiling fine on netbsd-current. Fixes PR pkg/53098
2017-09-10Updated libxml2 to 2.9.5.wiz1-3/+1
2.9.5: Sep 04 2017 • Reference Manual • Security: Detect infinite recursion in parameter entities (Nick Wellnhofer), Fix handling of parameter-entity references (Nick Wellnhofer), Disallow namespace nodes in XPointer ranges (Nick Wellnhofer), Fix XPointer paths beginning with range-to (Nick Wellnhofer) • Documentation: Documentation fixes (Nick Wellnhofer), Spelling and grammar fixes (Nick Wellnhofer) • Portability: Adding README.zOS to list of extra files for the release (Daniel Veillard), Description of work needed to compile on zOS (Stéphane Michaut), Porting libxml2 on zOS encoding of code (Stéphane Michaut), small changes for OS/400 (Patrick Monnerat), relaxng.c, xmlschemas.c: Fix build on pre-C99 compilers (Chun-wei Fan) • Bug Fixes: Problem resolving relative URIs (Daniel Veillard), Fix unwanted warnings when switching encodings (Nick Wellnhofer), Fix signature of xmlSchemaAugmentImportedIDC (Daniel Veillard), Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup (David Kilzer), Fix NULL pointer deref in xmlFAParseCharClassEsc (Nick Wellnhofer), Fix infinite loops with push parser in recovery mode (Nick Wellnhofer), Send xmllint usage error to stderr (Nick Wellnhofer), Fix NULL deref in xmlParseExternalEntityPrivate (Nick Wellnhofer), Make sure not to call IS_BLANK_CH when parsing the DTD (Nick Wellnhofer), Fix xmlHaltParser (Nick Wellnhofer), Fix pathological performance when outputting charrefs (Nick Wellnhofer), Fix invalid-source-encoding warnings in testWriter.c (Nick Wellnhofer), Fix duplicate SAX callbacks for entity content (David Kilzer), Treat URIs with scheme as absolute in C14N (Nick Wellnhofer), Fix copy-paste errors in error messages (Nick Wellnhofer), Fix sanity check in htmlParseNameComplex (Nick Wellnhofer), Fix potential infinite loop in xmlStringLenDecodeEntities (Nick Wellnhofer), Reset parser input pointers on encoding failure (Nick Wellnhofer), Fix memory leak in xmlParseEntityDecl error path (Nick Wellnhofer), Fix xmlBuildRelativeURI for URIs starting with '. /' (Nick Wellnhofer), Fix type confusion in xmlValidateOneNamespace (Nick Wellnhofer), Fix memory leak in xmlStringLenGetNodeList (Nick Wellnhofer), Fix NULL pointer deref in xmlDumpElementContent (Daniel Veillard), Fix memory leak in xmlBufAttrSerializeTxtContent (Nick Wellnhofer), Stop parser on unsupported encodings (Nick Wellnhofer), Check for integer overflow in memory debug code (Nick Wellnhofer), Fix buffer size checks in xmlSnprintfElementContent (Nick Wellnhofer), Avoid reparsing in xmlParseStartTag2 (Nick Wellnhofer), Fix undefined behavior in xmlRegExecPushStringInternal (Nick Wellnhofer), Check XPath exponents for overflow (Nick Wellnhofer), Check for overflow in xmlXPathIsPositionalPredicate (Nick Wellnhofer), Fix spurious error message (Nick Wellnhofer), Fix memory leak in xmlCanonicPath (Nick Wellnhofer), Fix memory leak in xmlXPathCompareNodeSetValue (Nick Wellnhofer), Fix memory leak in pattern error path (Nick Wellnhofer), Fix memory leak in parser error path (Nick Wellnhofer), Fix memory leaks in XPointer error paths (Nick Wellnhofer), Fix memory leak in xmlXPathNodeSetMergeAndClear (Nick Wellnhofer), Fix memory leak in XPath filter optimizations (Nick Wellnhofer), Fix memory leaks in XPath error paths (Nick Wellnhofer), Do not leak the new CData node if adding fails (David Tardon), Prevent unwanted external entity reference (Neel Mehta), Increase buffer space for port in HTTP redirect support (Daniel Veillard), Fix more NULL pointer derefs in xpointer.c (Nick Wellnhofer), Avoid function/data pointer conversion in xpath.c (Nick Wellnhofer), Fix format string warnings (Nick Wellnhofer), Disallow namespace nodes in XPointer points (Nick Wellnhofer), Fix comparison with root node in xmlXPathCmpNodes (Nick Wellnhofer), Fix attribute decoding during XML schema validation (Alex Henrie), Fix NULL pointer deref in XPointer range-to (Nick Wellnhofer) • Improvements: Updating the spec file to reflect Fedora 24 (Daniel Veillard), Add const in five places to move 1 KiB to .rdata (Bruce Dawson), Fix missing part of comment for function xmlXPathEvalExpression() (Daniel Veillard), Get rid of "blanks wrapper" for parameter entities (Nick Wellnhofer), Simplify handling of parameter entity references (Nick Wellnhofer), Deduplicate code in encoding.c (Nick Wellnhofer), Make HTML parser functions take const pointers (Nick Wellnhofer), Build test programs only when needed (Nick Wellnhofer), Fix doc/examples/index.py (Nick Wellnhofer), Fix compiler warnings in threads.c (Nick Wellnhofer), Fix empty-body warning in nanohttp.c (Nick Wellnhofer), Fix cast-align warnings (Nick Wellnhofer), Fix unused-parameter warnings (Nick Wellnhofer), Rework entity boundary checks (Nick Wellnhofer), Don't switch encoding for internal parameter entities (Nick Wellnhofer), Merge duplicate code paths handling PE references (Nick Wellnhofer), Test SAX2 callbacks with entity substitution (Nick Wellnhofer), Support catalog and threads tests under --without-sax1 (Nick Wellnhofer), Misc fixes for 'make tests' (Nick Wellnhofer), Initialize keepBlanks in HTML parser (Nick Wellnhofer), Add test cases for bug 758518 (David Kilzer), Fix compiler warning in htmlParseElementInternal (Nick Wellnhofer), Remove useless check in xmlParseAttributeListDecl (Nick Wellnhofer), Allow zero sized memory input buffers (Nick Wellnhofer), Add TODO comment in xmlSwitchEncoding (Nick Wellnhofer), Check for integer overflow in xmlXPathFormatNumber (Nick Wellnhofer), Make Travis print UBSan stacktraces (Nick Wellnhofer), Add .travis.yml (Nick Wellnhofer), Fix expected error output in Python tests (Nick Wellnhofer), Simplify control flow in xmlParseStartTag2 (Nick Wellnhofer), Disable LeakSanitizer when running API tests (Nick Wellnhofer), Avoid out-of-bound array access in API tests (Nick Wellnhofer), Avoid spurious UBSan errors in parser.c (Nick Wellnhofer), Parse small XPath numbers more accurately (Nick Wellnhofer), Rework XPath rounding functions (Nick Wellnhofer), Fix white space in test output (Nick Wellnhofer), Fix axis traversal from attribute and namespace nodes (Nick Wellnhofer), Check for trailing characters in XPath expressions earlier (Nick Wellnhofer), Rework final handling of XPath results (Nick Wellnhofer), Make xmlXPathEvalExpression call xmlXPathEval (Nick Wellnhofer), Remove unused variables (Nick Wellnhofer), Don't print generic error messages in XPath tests (Nick Wellnhofer) • Cleanups: Fix a couple of misleading indentation errors (Daniel Veillard), Remove unnecessary calls to xmlPopInput (Nick Wellnhofer)
2017-06-21xmlSnprintfElementContent failed to correctly check the availabletez1-2/+2
buffer space in two locations. Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). From: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74 There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Percent sign in DTD Names ========================= This fixes bug 766956 initially reported by Wei Lei and independently by Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone involved. xmlParseNameComplex with XML_PARSE_OLD10 ======================================== This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). Thanks to Marcel Böhme and Thuan Pham for the report. Additional hardening ==================== A separate check was added in xmlParseNameComplex to validate the buffer size. From: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
2017-06-11libxml2: Apply upstream patch for CVE-2017-5969.maya1-2/+2
(Minor issue, only a denial-of-service when using recover mode) bump PKGREVISION
2016-12-30PKGREVISION shouldn't be in Makefile.common, even though the last twodholland1-1/+3
bumps applied to both users.
2016-05-27Introduce a Makefile.common so we can share it with textproc/py-libxml2pgoyette1-7/+2
2016-05-24Update libxml2 to 2.9.4.he1-2/+2
Pkgsrc changes: * Add some casts to match types and format strings, plus fix value range of toupper() operation. * Merge patch-ag into the new patch-encoding.c. * Add comments to existing patches which lacked comments. Upstream changes to libxml2-2.9.4: May 23 2016 Security: CVE-2016-3627 Avoid building recursive entities CVE-2016-1833 Heap-based buffer overread in htmlCurrentChar CVE-2016-1835 Heap use-after-free in xmlSAX2AttributeNs CVE-2016-1837 Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral CVE-2016-1836 Bug 759398: Heap use-after-free in xmlDictComputeFastKey CVE-2016-1839 Bug 758605: Heap-based buffer overread in xmlDictAddString CVE-2016-1838 Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal CVE-2016-1840 Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup CVE-2016-4483 Avoid an out of bound access when serializing malformed strings CVE-2016-1834 Bug 763071: heap-buffer-overflow in xmlStrncat CVE-2016-3705 Add missing increments of recursion depth counter to XML parser. CVE-2016-1762 Heap-based buffer overread in xmlNextChar More format string warnings with possible format string vulnerability Heap-based buffer-underreads due to xmlParseName Fix some format string warnings with possible format string vulnerability Unsigned addition may overflow in xmlMallocAtomicLoc() Other bugfixes: Detect change of encoding when parsing HTML names Fix inappropriate fetch of entities content Correct the usage of LDFLAGS Revert the use of SAVE_LDFLAGS in configure.ac libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles Add more debugging info to runtest Implement "runtest -u" mode Integer signed/unsigned type mismatch in xmlParserInputGrow() Integer overflow parsing port number in URI Fix apibuild for a recently added constructv2.9.4-rc2 Use pkg-config to locate zlib when possible Use pkg-config to locate ICU when possible Fix an error with regexp on nullable counted char transition Fix memory leak with XPath namespace nodes Fix namespace axis traversal Add a make rule to rebuild for ASAN Fix null pointer deref in docs with no root element Portability to non C99 compliant compilers dict.h: Move xmlDictPtr definition before includes to allow direct inclusion. Fix XSD validation of URIs with ampersands xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of day" and should not cause an error. v2.9.4-rc1 os400: tell about xmllint and xmlcatalog in README400. os400: properly process SGML add in XMLCATALOG command. os400: implement CL command XMLCATALOG. os400: compile and install program xmlcatalog (qshell-only). xmlcatalog: flush stdout before interactive shell input. os400: expand tabs in sources, strip trailing blanks. os400: implement CL command XMLLINT. os400: compile and install program xmllint (qshell-only). os400: initscript make_module(): Use options instead of positional parameters. xmllint: flush stdout before interactive shell input. os400: c14n.rpgle: allow *omit for nullable reference parameters. os400: use like() for double type. os400: use like() for int type. os400: use like() for unsigned int type. os400: use like() for enum types. Add xz to xml2-config --libs output Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression Fix namespace::node() XPath expression Fix OOB write in xmlXPathEmptyNodeSet Fix parsing of NCNames in XPath Fix OOB read with invalid UTF-8 in xmlUTF8Strsize Do normalize string-based datatype value in RelaxNG facet checking Fix typo: s{ ec -> cr }cipt Fix typos: dictio{ nn -> n }ar{y,ies} Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } Correct a typo. Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix for "xmlSaveUri() incorrectly recomposes URIs with rootless paths" Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd error.c: *input->cur == 0 does not mean no error Add missing RNG test files Bug 760190: configure.ac should be able to build --with-icu without icu-config tool Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer Bug 758572: ASAN crash in make check Bug 721158: Missing ICU string when doing --version on xmllint python 3: libxml2.c wrappers create Unicode str already win32\VC10\config.h and VS 2015 Add autogen.sh to distrib Add configure maintainer mode
2016-02-26Use OPSYSVARS.jperkin1-6/+2
2015-11-22Update libxml2 to 2.9.3.wiz1-3/+2
v2.9.3: Nov 20 2015 Security: CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport), CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard), CVE-2015-7499-2 Detect incoherency on GROW (Daniel Veillard), CVE-2015-7499-1 Add xmlHaltParser() to stop the parser (Daniel Veillard), CVE-2015-5312 Another entity expansion issue (David Drysdale), CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale), CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard), CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard), CVE-2015-7942-2 Fix an error in previous Conditional section patch (Daniel Veillard), CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard), CVE-2015-1819 Enforce the reader to run in constant memory (Daniel Veillard) CVE-2015-7941_2 Cleanup conditional section error handling (Daniel Veillard), CVE-2015-7941_1 Stop parsing on entities boundaries errors (Daniel Veillard), Documentation: Correct spelling of "calling" (Alex Henrie), Fix a small error in xmllint --format description (Fabien Degomme), Avoid XSS on the search of xmlsoft.org (Daniel Veillard) Portability: threads: use forward declarations only for glibc (Michael Heimpold), Update Win32 configure.js to search for configure.ac (Daniel Veillard) Bug Fixes: Bug on creating new stream from entity (Daniel Veillard), Fix some loop issues embedding NEXT (Daniel Veillard), Do not print error context when there is none (Daniel Veillard), Avoid extra processing of MarkupDecl when EOF (Hugh Davenport), Fix parsing short unclosed comment uninitialized access (Daniel Veillard), Add missing Null check in xmlParseExternalEntityPrivate (Gaurav Gupta), Fix a bug in CData error handling in the push parser (Daniel Veillard), Fix a bug on name parsing at the end of current input buffer (Daniel Veillard), Fix the spurious ID already defined error (Daniel Veillard), Fix previous change to node sort order (Nick Wellnhofer), Fix a self assignment issue raised by clang (Scott Graham), Fail parsing early on if encoding conversion failed (Daniel Veillard), Do not process encoding values if the declaration if broken (Daniel Veillard), Silence clang's -Wunknown-attribute (Michael Catanzaro), xmlMemUsed is not thread-safe (Martin von Gagern), Fix support for except in nameclasses (Daniel Veillard), Fix order of root nodes (Nick Wellnhofer), Allow attributes on descendant-or-self axis (Nick Wellnhofer), Fix the fix to Windows locking (Steve Nairn), Fix timsort invariant loop re: Envisage article (Christopher Swenson), Don't add IDs in xmlSetTreeDoc (Nick Wellnhofer), Account for ID attributes in xmlSetTreeDoc (Nick Wellnhofer), Remove various unused value assignments (Philip Withnall), Fix missing entities after CVE-2014-3660 fix (Daniel Veillard), Revert "Missing initialization for the catalog module" (Daniel Veillard) Improvements: Reuse xmlHaltParser() where it makes sense (Daniel Veillard), xmlStopParser reset errNo (Daniel Veillard), Reenable xz support by default (Daniel Veillard), Recover unescaped less-than character in HTML recovery parsing (Daniel Veillard), Allow HTML serializer to output HTML5 DOCTYPE (Shaun McCance), Regression test for bug #695699 (Nick Wellnhofer), Add a couple of XPath tests (Nick Wellnhofer), Add Python 3 rpm subpackage (Tomas Radej), libxml2-config.cmake.in: update include directories (Samuel Martin), Adding example from bugs 738805 to regression tests (Daniel Veillard)
2015-07-03Apply the patch for arbitrary-memory-access vulnerability as reportedhe1-2/+2
in https://bugzilla.gnome.org/show_bug.cgi?id=746048. Bump PKGREVISION.
2015-04-24patch for CVE-2015-1819 Enforce the reader to run in constant memoryspz1-2/+2
from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9 +general patch refresh
2015-03-22pass --with-lzma to configure scripttnn1-1/+2
2015-03-11needs dlopen (xmlmodule.c)tnn1-1/+2
2014-12-15Pass explicit path to zlib.jperkin1-1/+2
2014-10-28pull in two patches from upstream to fix regressions:drochner1-1/+2
-catalog initialization problem -problem with entity expansion This hopefully fixes build failures in KDE3 packages, reported by Joerg. bump PKGREV
2014-10-17update to 2.9.2drochner1-3/+2
-security fixes: -Fix for CVE-2014-3660 billion laugh variant -CVE-2014-0191 Do not fetch external parameter entities (was patched in pkgsrc) -many bugfixes, doc fixes, cleanup -added cmake macro
2014-10-09Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles.wiz1-3/+1
2014-07-18Fix SCO OpenServer 5.0.7/3.2 build.ryoon1-1/+3
2014-05-10add a patch for CVE-2014-0191 aka http://secunia.com/advisories/58018/spz1-2/+2
from https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
2013-12-28Remove "-thread" related part of the last change. This is not thetron1-7/+1
correct fix.
2013-12-28Fix build with GCC (4.8?) under Solaris.tron1-1/+11
This kind of build problem should probably be handled centrally in "pkgsrc/mk/wrapper/transform-gcc". But I'm not sure how to check for the platform in that file.
2013-11-25Fix bug in gzip decompression.wiz1-1/+2
https://bugzilla.gnome.org/show_bug.cgi?id=712528 This made gnucash unable to read some of its files. Bump PKGREVISION.
2013-05-26Changes 2.9.1:adam1-3/+2
Features: Support for Python3, Add xmlXPathSetContextNode and xmlXPathNodeEval Documentation: Add documentation for xmllint --xpath Fix the URL of the SAX documentation from James Fix spelling of "length" Portability: Fix python bindings with versions older than 2.7 rebuild docs:Makefile.am elfgcchack.h after rebuild in doc elfgcchack for buf module Fix a uneeded and wrong extra link parameter Few cleanup patches for Windows Fix rpmbuild --nocheck Fix for win32/configure.js and WITH_THREAD_ALLOC Fix Broken multi-arch support in xml2-config Fix a portability issue for GCC < 3.4.0 Windows build fixes Fix a thread portability problem Downgrade autoconf requirement to 2.63 Bug Fixes: Fix a linking error for python bindings Fix a couple of return without value Improve the hashing functions Improve handling of xmlStopParser() Remove risk of lockup in dictionary initialization Activate detection of encoding in external subset Fix an output buffer flushing conversion bug Fix an old bug in xmlSchemaValidateOneElement Fix configure cannot remove messages fix schema validation in combination with xsi:nil xmlCtxtReadFile doesn't work with literal IPv6 URLs Fix a few problems with setEntityLoader Detect excessive entities expansion upon replacement Fix the flushing out of raw buffers on encoding conversions Fix some buffer conversion issues When calling xmlNodeDump make sure we grow the buffer quickly Fix an error in the progressive DTD parsing code xmllint should not load DTD by default when using the reader Try IBM-037 when looking for EBCDIC handlers Fix potential out of bound access Fix large parse of file from memory Fix a bug in the nsclean option of the parser Fix a regression in 2.9.0 breaking validation while streaming Remove potential calls to exit() Improvements: Regenerated API, and testapi, rebuild documentation Fix tree iterators broken by 2to3 script update all tests for Python3 and Python2 A few more fixes for python 3 affecting libxml2.py Fix compilation on Python3 Converting apibuild.py to python3 First pass at starting porting to python3 updated configure.in for python3 Add support for xpathRegisterVariable in Python Added a regression tests from bug 694228 data Cache presence of '<' in entities content Avoid extra processing on entities Python binding for xmlRegisterInputCallback Python bindings: DOM casts everything to xmlNode Define LIBXML_THREAD_ALLOC_ENABLED via xmlversion.h Adding streaming validation to runtest checks Add a --pushsmall option to xmllint Cleanups: Switched comment in file to UTF-8 encoding Extend gitignore Silent the new python test on input Cleanup of a duplicate test Cleanup on duplicate test expressions Fix compiler warning after 153cf15905cf4ec080612ada6703757d10caba1e Spec cleanups and a fix for multiarch support Silence a clang warning Cleanup the Copyright to be pure MIT Licence wording rand_seed should be static in dict.c Fix typos in parser comments
2013-04-18add patch from upstream to fix Multiple Use-After-Free Vulnerabilitiesdrochner1-2/+2
(no CVE# assigned yet) bump PKGREV
2013-03-08Fix for CVE-2013-0338 & CVE-2013-0339tez1-2/+2
from https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab bump PKGREVISION
2012-12-15add patch from upstream to fix possible array underflow, leadingdrochner1-1/+2
to DOS or possible code injection (CVE-2012-5134) bump PKGREV
2012-10-25Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.asau1-2/+1
2012-09-15Changes 2.9.0:adam1-11/+8
Features: * A few new API entry points, * More resilient push parser mode, * A lot of portability improvement, * Faster XPath evaluation
2012-08-01add patches from upstream to fix integer overflows which can causedrochner1-2/+2
DOS or possibly other corruption (CVE-2012-2807) bump PKGREV
2012-06-14Add missing archivers/xz buildlink.sbd1-1/+3
Bump PKGREVISION
2012-06-03Update to 2.8.0:wiz1-3/+2
2.8.0: May 23 2012 Features: - add lzma compression support (Anders F Bjorklund) Documentation: xmlcatalog: Add uri and delegateURI to possible add types in man page. (Ville Skyttä), Update README.tests (Daniel Veillard), URI handling code is not OOM resilient (Daniel Veillard), Fix an error in comment (Daniel Veillard), Fixed bug #617016 (Daniel Mustieles), Fixed two typos in the README document (Daniel Neel), add generated html files (Anders F Bjorklund), Clarify the need to use xmlFreeNode after xmlUnlinkNode (Daniel Veillard), Improve documentation a bit (Daniel Veillard), Updated URL for lxml python bindings (Daniel Veillard) Portability: Restore code for Windows compilation (Daniel Veillard), Remove git error message during configure (Christian Dywan), xmllint: Build fix for endTimer if !defined(HAVE_GETTIMEOFDAY) (Patrick R. Gansterer), remove a bashism in confgure.in (John Hein), undef ERROR if already defined (Patrick R. Gansterer), Fix library problems with mingw-w64 (Michael Cronenworth), fix windows build. ifdef addition from bug 666491 makes no sense (Rob Richards), prefer native threads on win32 (Sam Thursfield), Allow to compile with Visual Studio 2010 (Thomas Lemm), Fix mingw's snprintf configure check (Andoni Morales), fixed a 64bit big endian issue (Marcus Meissner), Fix portability failure if netdb.h lacks NO_ADDRESS (Daniel Veillard), Fix windows build from lzma addition (Rob Richards), autogen: Only check for libtoolize (Colin Walters), Fix the Windows build files (Patrick von Reth), 634846 Remove a linking option breaking Windows VC10 (Daniel Veillard), 599241 fix an initialization problem on Win64 (Andrew W. Nosenko), fix win build (Rob Richards) Bug fixes: Part for rand_r checking missing (Daniel Veillard), Cleanup on randomization (Daniel Veillard), Fix undefined reference in python module (Pacho Ramos), Fix a race in xmlNewInputStream (Daniel Veillard), Fix weird streaming RelaxNG errors (Noam), Fix various bugs in new code raised by the API checking (Daniel Veillard), Fix various problems with "make dist" (Daniel Veillard), Fix a memory leak in the xzlib code (Daniel Veillard), HTML parser error with <noscript> in the <head> (Denis Pauk), XSD: optional element in complex type extension (Remi Gacogne), Fix html serialization error and htmlSetMetaEncoding() (Daniel Veillard), Fix a wrong return value in previous patch (Daniel Veillard), Fix an uninitialized variable use (Daniel Veillard), Fix a compilation problem with --minimum (Brandon Slack), Remove redundant and ungarded include of resolv.h (Daniel Veillard), xinclude with parse="text" does not use the entity loader (Shaun McCance), Allow to parse 1 byte HTML files (Denis Pauk), Patch that fixes the skipping of the HTML_PARSE_NOIMPLIED flag (Martin Schröder), Avoid memory leak if xmlParserInputBufferCreateIO fails (Lin Yi-Li), Prevent an infinite loop when dumping a node with encoding problems (Timothy Elliott), xmlParseNodeInContext problems with an empty document (Tim Elliott), HTML element position is not detected propperly (Pavel Andrejs), Fix an off by one pointer access (Jüri Aedla), Try to fix a problem with entities in SAX mode (Daniel Veillard), Fix a crash with xmllint --path on empty results (Daniel Veillard), Fixed bug #667946 (Daniel Mustieles), Fix a logic error in Schemas Component Constraints (Ryan Sleevi), Fix a wrong enum type use in Schemas Types (Nico Weber), Fix SAX2 builder in case of undefined attributes namespace (Daniel Veillard), Fix SAX2 builder in case of undefined element namespaces (Daniel Veillard), fix reference to STDOUT_FILENO on MSVC (Tay Ray Chuan), fix a pair of possible out of array char references (Daniel Veillard), Fix an allocation error when copying entities (Daniel Veillard), Make sure the parser returns when getting a Stop order (Chris Evans), Fix some potential problems on reallocation failures(parser.c) (Xia Xinfeng), Fix a schema type duration comparison overflow (Daniel Veillard), Fix an unimplemented part in RNG value validation (Daniel Veillard), Fix missing error status in XPath evaluation (Daniel Veillard), Hardening of XPath evaluation (Daniel Veillard), Fix an off by one error in encoding (Daniel Veillard), Fix RELAX NG include bug #655288 (Shaun McCance), Fix XSD validation bug #630130 (Toyoda Eizi), Fix some potential problems on reallocation failures (Chris Evans), __xmlRaiseError: fix use of the structured callback channel (Dmitry V. Levin), __xmlRaiseError: fix the structured callback channel's data initialization (Dmitry V. Levin), Fix memory corruption when xmlParseBalancedChunkMemoryInternal is called from xmlParseBalancedChunk (Rob Richards), Small fix for previous commit (Daniel Veillard), Fix a potential freeing error in XPath (Daniel Veillard), Fix a potential memory access error (Daniel Veillard), Reactivate the shared library versionning script (Daniel Veillard) Improvements: use mingw C99 compatible functions {v}snprintf instead those from MSVC runtime (Roumen Petrov), New symbols added for the next release (Daniel Veillard), xmlTextReader bails too quickly on error (Andy Lutomirski), Use a hybrid allocation scheme in xmlNodeSetContent (Conrad Irwin), Use buffers when constructing string node lists. (Conrad Irwin), Add HTML parser support for HTML5 meta charset encoding declaration (Denis Pauk), wrong message for double hyp"whereis" command to xmllint shell (Ryan), Improve xmllint shell (Ryan), add function xmlTextReaderRelaxNGValidateCtxt() (Noam Postavsky), Add --system support to autogen.sh (Daniel Veillard), Add hash randomization to hash and dict structures (Daniel Veillard), included xzlib in dist (Anders F Bjorklund), move xz/lzma helpers to separate included files (Anders F Bjorklund), add generated devhelp files (Anders F Bjorklund), add XML_WITH_LZMA to api (Anders F Bjorklund), autogen.sh: Honor NOCONFIGURE environment variable (Colin Walters), Improve the error report on undefined REFs (Daniel Veillard), Add exception for new W3C PI xml-model (Daniel Veillard), Add options to ignore the internal encoding (Daniel Veillard), testapi: use the right type for the check (Stefan Kost), various: handle return values of write calls (Stefan Kost), testWriter: xmlTextWriterWriteFormatElement wants an int instead of a long int (Stefan Kost), runxmlconf: update to latest testsuite version (Stefan Kost), configure: add -Wno-long-long to CFLAGS (Stefan Kost), configure: support silent automake rules if possible (Stefan Kost), xmlmemory: add a cast as size_t has no portable printf modifier (Stefan Kost), __xmlRaiseError: remove redundant schannel initialization (Dmitry V. Levin), __xmlRaiseError: do cheap code check early (Dmitry V. Levin) Cleanups: Cleanups before 2.8.0-rc2 (Daniel Veillard), Avoid an extra operation (Daniel Veillard), Remove vestigial de-ANSI-fication support. (Javier Jardón), autogen.sh: Fix typo (Javier Jardón), Do not use unsigned but unsigned int (Daniel Veillard), Remove two references to u_short (Daniel Veillard), Fix -Wempty-body warning from clang (Nico Weber), Cleanups of lzma support (Daniel Veillard), Augment the list of ignored files (Daniel Veillard), python: remove unused variable (Stefan Kost), python: flag two unused args (Stefan Kost), configure: acconfig.h is deprecated since autoconf-2.50 (Stefan Kost), xpath: remove unused variable (Stefan Kost)
2012-05-21Add fix for http://secunia.com/advisories/49177/ from repository.taca1-2/+2
Bump PKGREVISION.