diff options
Diffstat (limited to 'doc/libxml2.xsa')
-rw-r--r-- | doc/libxml2.xsa | 177 |
1 files changed, 125 insertions, 52 deletions
diff --git a/doc/libxml2.xsa b/doc/libxml2.xsa index 07f97086..300bfec3 100644 --- a/doc/libxml2.xsa +++ b/doc/libxml2.xsa @@ -8,67 +8,140 @@ </vendor> <product id="libxml2"> <name>libxml2</name> - <version>v2.9.9</version> - <last-release> Jan 03 2019</last-release> + <version>v2.9.10</version> + <last-release> Oct 30 2019</last-release> <info-url>http://xmlsoft.org/</info-url> - <changes> - Security: - CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (Nick Wellnhofer), - CVE-2018-14404 Fix nullptr deref with XPath logic ops (Nick Wellnhofer), - - - Documentation: - reader: Fix documentation comment (Mohammed Sadiq) + <changes> - Documentation: + Fix a few more typos ("fonction") (Nick Wellnhofer), + Large batch of typo fixes (Jared Yanovich), + Fix typos: tree: move{ -> s}, reconcil{i -> }ed, h{o -> e}ld by... (Jan Pokorný), + Fix typo: xpath: simpli{ -> fi}ed (Jan Pokorný), + Doc: do not mislead towards "infeasible" scenario wrt. xmlBufNodeDump (Jan Pokorný), + Fix comments in test code (zhouzhongyuan), + fix comment in testReader.c (zhouzhongyuan) - Portability: - Fix MSVC build with lzma (Nick Wellnhofer), - Variables need 'extern' in static lib on Cygwin (Michael Haubenwallner), - Really declare dllexport/dllimport for Cygwin (Michael Haubenwallner), - Merge branch 'patch-2' into 'master' (Nick Wellnhofer), - Change dir to $THEDIR after ACLOCAL_PATH check autoreconf creates aclocal.m4 in $srcdir (Vitaly Buka), - Improve error message if pkg.m4 couldn't be found (Nick Wellnhofer), - NaN and Inf fixes for pre-C99 compilers (Nick Wellnhofer) + Fix some release issues on Fedora 30 (Daniel Veillard), + Fix exponent digits when running tests under old MSVC (Daniel Richard G), + Work around buggy ceil() function on AIX (Daniel Richard G), + Don't call printf with NULL string in runtest.c (Daniel Richard G), + Switched from unsigned long to ptrdiff_t in parser.c (Stephen Chenney), + timsort.h: support older GCCs (Jérôme Duval), + Make configure.ac work with older pkg-config (Nick Wellnhofer), + Stop defining _REENTRANT on some Win32 platforms (Nick Wellnhofer), + Fix nanohttp.c on MinGW (Nick Wellnhofer), + Fix Windows compiler warning in testC14N.c (Nick Wellnhofer), + Merge testThreadsWin32.c into testThreads.c (Nick Wellnhofer), + Fix Python bindings under Windows (Nick Wellnhofer) - Bug Fixes: - Revert "Support xmlTextReaderNextSibling w/o preparsed doc" (Nick Wellnhofer), - Fix building relative URIs (Thomas Holder), - Problem with data in interleave in RelaxNG validation (Nikolai Weibull), - Fix memory leak in xmlSwitchInputEncodingInt error path (Nick Wellnhofer), - Set doc on element obtained from freeElems (Nick Wellnhofer), - Fix HTML serialization with UTF-8 encoding (Nick Wellnhofer), - Use actual doc in xmlTextReaderRead*Xml (Nick Wellnhofer), - Unlink node before freeing it in xmlSAX2StartElement (Nick Wellnhofer), - Check return value of nodePush in xmlSAX2StartElement (Nick Wellnhofer), - Free input buffer in xmlHaltParser (Nick Wellnhofer), - Reset HTML parser input pointers on encoding failure (Nick Wellnhofer), - Don't run icu_parse_test if EUC-JP is unsupported (Nick Wellnhofer), - Fix xmlSchemaValidCtxtPtr reuse memory leak (Greg Hildstrom), - Fix xmlTextReaderNext with preparsed document (Felix Bünemann), - Remove stray character from comment (Nick Wellnhofer), - Remove a misleading line from xmlCharEncOutput (Andrey Bienkowski), - HTML noscript should not close p (Daniel Veillard), - Don't change context node in xmlXPathRoot (Nick Wellnhofer), - Stop using XPATH_OP_RESET (Nick Wellnhofer), - Revert "Change calls to xmlCharEncInput to set flush false" (Nick Wellnhofer) + Another fix for conditional sections at end of document (Nick Wellnhofer), + Fix for conditional sections at end of document (Nick Wellnhofer), + Make sure that Python tests exit with error code (Nick Wellnhofer), + Audit memory error handling in xpath.c (Nick Wellnhofer), + Fix error code in xmlTextWriterStartDocument (Nick Wellnhofer), + Fix integer overflow when counting written bytes (Nick Wellnhofer), + Fix uninitialized memory access in HTML parser (Nick Wellnhofer), + Fix memory leak in xmlSchemaValAtomicType (Nick Wellnhofer), + Disallow conditional sections in internal subset (Nick Wellnhofer), + Fix use-after-free in xmlTextReaderFreeNodeList (Nick Wellnhofer), + Fix Regextests (Nick Wellnhofer), + Fix empty branch in regex (Nick Wellnhofer), + Fix integer overflow in entity recursion check (Nick Wellnhofer), + Don't read external entities or XIncludes from stdin (Nick Wellnhofer), + Fix Schema determinism check of ##other namespaces (Nick Wellnhofer), + Fix potential null deref in xmlSchemaIDCFillNodeTables (zhouzhongyuan), + Fix potential memory leak in xmlBufBackToBuffer (Nick Wellnhofer), + Fix error message when processing XIncludes with fallbacks (Nick Wellnhofer), + Fix memory leak in xmlRegEpxFromParse (zhouzhongyuan), + 14:00 is a valid timezone for xs:dateTime (Nick Wellnhofer), + Fix memory leak in xmlParseBalancedChunkMemoryRecover (Zhipeng Xie), + Fix potential null deref in xmlRelaxNGParsePatterns (Nick Wellnhofer), + Misleading error message with xs:{min|max}Inclusive (bettermanzzy), + Fix memory leak in xmlXIncludeLoadTxt (Wang Kirin), + Partial fix for comparison of xs:durations (Nick Wellnhofer), + Fix null deref in xmlreader buffer (zhouzhongyuan), + Fix unability to RelaxNG-validate grammar with choice-based name class (Jan Pokorný), + Fix unability to validate ambiguously constructed interleave for RelaxNG (Jan Pokorný), + Fix possible null dereference in xmlXPathIdFunction (zhouzhongyuan), + fix memory leak in xmlAllocOutputBuffer (zhouzhongyuan), + Fix unsigned int overflow (Jens Eggerstedt), + dict.h: gcc 2.95 doesn't allow multiple storage classes (Nick Wellnhofer), + Fix another code path in xmlParseQName (Nick Wellnhofer), + Make sure that xmlParseQName returns NULL in error case (Nick Wellnhofer), + Fix build without reader but with pattern (Nick Wellnhofer), + Fix memory leak in xmlAllocOutputBufferInternal error path (Nick Wellnhofer), + Fix unsigned integer overflow (Nick Wellnhofer), + Fix return value of xmlOutputBufferWrite (Nick Wellnhofer), + Fix parser termination from "Double hyphen within comment" error (David Warring), + Fix call stack overflow in xmlFreePattern (Nick Wellnhofer), + Fix null deref in previous commit (Nick Wellnhofer), + Fix memory leaks in xmlXPathParseNameComplex error paths (Nick Wellnhofer), + Check for integer overflow in xmlXPtrEvalChildSeq (Nick Wellnhofer), + Fix xmllint dump of XPath namespace nodes (Nick Wellnhofer), + Fix float casts in xmlXPathSubstringFunction (Nick Wellnhofer), + Fix null deref in xmlregexp error path (Nick Wellnhofer), + Fix null pointer dereference in xmlTextReaderReadOuterXml (Nick Wellnhofer), + Fix memory leaks in xmlParseStartTag2 error paths (Nick Wellnhofer), + Fix memory leak in xmlSAX2StartElement (Nick Wellnhofer), + Fix commit "Memory leak in xmlFreeID (xmlreader.c)" (Nick Wellnhofer), + Fix NULL pointer deref in xmlTextReaderValidateEntity (Nick Wellnhofer), + Memory leak in xmlFreeTextReader (Nick Wellnhofer), + Memory leak in xmlFreeID (xmlreader.c) (Nick Wellnhofer) - Improvements: - Fix "Problem with data in interleave in RelaxNG validation" (Nikolai Weibull), - cleanup: remove some unreachable code (Thomas Holder), - add --relative to testURI (Thomas Holder), - Remove redefined starts and defines inside include elements (Nikolai Weibull), - Allow choice within choice in nameClass in RELAX NG (Nikolai Weibull), - Look inside divs for starts and defines inside include (Nikolai Weibull), - Add compile and libxml2-config.cmake to .gitignore (Nikolai Weibull), - Stop using doc->charset outside parser code (Nick Wellnhofer), - Add newlines to 'xmllint --xpath' output (Nick Wellnhofer), - Don't include SAX.h from globals.h (Nick Wellnhofer), - Support xmlTextReaderNextSibling w/o preparsed doc (Felix Bünemann), - Don't instruct user to run make when autogen.sh failed (林博仁(Buo-ren Lin)), - Run Travis ASan tests with "sudo: required" (Nick Wellnhofer), - Improve restoring of context size and position (Nick Wellnhofer), - Simplify and harden nodeset filtering (Nick Wellnhofer), - Avoid unnecessary backups of the context node (Nick Wellnhofer), - Fix inconsistency in xmlXPathIsInf (Nick Wellnhofer) + Run XML conformance tests under CI (Nick Wellnhofer), + Update GitLab CI config (Nick Wellnhofer), + Propagate memory errors in valuePush (Nick Wellnhofer), + Propagate memory errors in xmlXPathCompExprAdd (Nick Wellnhofer), + Make xmlFreeDocElementContent non-recursive (Nick Wellnhofer), + Enable continuous integration via GitLab CI (Nick Wellnhofer), + Avoid ignored attribute warnings under GCC (Nick Wellnhofer), + Make xmlDumpElementContent non-recursive (Nick Wellnhofer), + Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE (Nick Wellnhofer), + Mark xmlExp* symbols as removed (Nick Wellnhofer), + Make xmlParseConditionalSections non-recursive (Nick Wellnhofer), + Adjust expected error in Python tests (Nick Wellnhofer), + Make xmlTextReaderFreeNodeList non-recursive (Nick Wellnhofer), + Make xmlFreeNodeList non-recursive (Nick Wellnhofer), + Make xmlParseContent and xmlParseElement non-recursive (Nick Wellnhofer), + Remove executable bit from non-executable files (Nick Wellnhofer), + Fix expected output of test/schemas/any4 (Nick Wellnhofer), + Optimize build instructions in README (zhouzhongyuan), + xml2-config.in: Output CFLAGS and LIBS on the same line (Hugh McMaster), + xml2-config: Add a --dynamic switch to print only shared libraries (Hugh McMaster), + Annotate functions with __attribute__((no_sanitize)) (Nick Wellnhofer), + Fix warnings when compiling without reader or push parser (Nick Wellnhofer), + Remove unused member `doc` in xmlSaveCtxt (Nick Wellnhofer), + Limit recursion depth in xmlXPathCompOpEvalPredicate (Nick Wellnhofer), + Remove -Wno-array-bounds (Nick Wellnhofer), + Remove unreachable code in xmlXPathCountFunction (Nick Wellnhofer), + Improve XPath predicate and filter evaluation (Nick Wellnhofer), + Limit recursion depth in xmlXPathOptimizeExpression (Nick Wellnhofer), + Disable hash randomization when fuzzing (Nick Wellnhofer), + Optional recursion limit when parsing XPath expressions (Nick Wellnhofer), + Optional recursion limit when evaluating XPath expressions (Nick Wellnhofer), + Use break statements in xmlXPathCompOpEval (Nick Wellnhofer), + Optional XPath operation limit (Nick Wellnhofer), + Fix compilation with --with-minimum (Nick Wellnhofer), + Check XPath stack after calling functions (Nick Wellnhofer), + Remove debug printf in xmlreader.c (Nick Wellnhofer), + Always define LIBXML_THREAD_ENABLED when enabled (Michael Haubenwallner), + Regenerate NEWS (Nick Wellnhofer), + Change git repo URL (Nick Wellnhofer), + Change bug tracker URL (Nick Wellnhofer), + Remove outdated HTML file (Nick Wellnhofer), + Fix unused function warning in testapi.c (Nick Wellnhofer), + Add some generated test files to .gitignore (Nick Wellnhofer), + Remove unneeded function pointer casts (Nick Wellnhofer), + Fix -Wcast-function-type warnings (GCC 8) (Nick Wellnhofer), + Fix -Wformat-truncation warnings (GCC 8) (Nick Wellnhofer) - Cleanups: + Rebuild docs (Nick Wellnhofer), + Disable xmlExp regex code (Nick Wellnhofer), + Remove redundant code in xmlRelaxNGValidateState (Nick Wellnhofer), + Remove redundant code in xmlXPathCompRelationalExpr (Nick Wellnhofer) </changes> |