./textproc/libxml2, XML parser library from the GNOME project

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.9.7, Package name: libxml2-2.9.7, Maintainer: pkgsrc-users

XML parser library from the GNOME project



Package options: inet6

Master sites:

SHA1: ab3325e6cdda50ab2382fdfe0bdb6f7d1b9224a6
RMD160: f596599cbcac6d3175482177c3320a56e68b49a2
Filesize: 5339.247 KB

Version history: (Expand)


CVS history: (Expand)


   2017-11-08 23:51:54 by Patrick Welche | Files touched by this commit (3)
Log message:
py-libxml2: in nodeWrap deal with name is None case

Should fix gtk-doc build with itstool 2.0.4:

Error: Could not merge translations:
'NoneType' object is not subscriptable
   2017-11-06 17:16:53 by Patrick Welche | Files touched by this commit (4) | Package updated
Log message:
libxml2: Update to 2.9.7

- Portability:
  Change preprocessor OS tests to __linux__ (Nick Wellnhofer)

- Bug Fixes:
  Fix XPath stack frame logic (Nick Wellnhofer),
  Report undefined XPath variable error message (Nick Wellnhofer),
  Fix regression with librsvg (Nick Wellnhofer),
  Handle more invalid entity values in recovery mode (Nick Wellnhofer),
  Fix structured validation errors (Nick Wellnhofer),
  Fix memory leak in LZMA decompressor (Nick Wellnhofer),
  Set memory limit for LZMA decompression (Nick Wellnhofer),
  Handle illegal entity values in recovery mode (Nick Wellnhofer),
  Fix debug dump of streaming XPath expressions (Nick Wellnhofer),
  Fix memory leak in nanoftp (Nick Wellnhofer),
  Fix memory leaks in SAX1 parser (Nick Wellnhofer)
   2017-11-06 17:12:11 by Patrick Welche | Files touched by this commit (2)
Log message:
py-libxml2: _PyVerify_fd no longer exists

https://bugzilla.gnome.org/show_bug.cgi?id=776815
   2017-11-06 17:02:00 by Patrick Welche | Files touched by this commit (3)
Log message:
py-libxml2: remove patch-python_libxml__wrap.h - the cause of PR pkg/52690

$ python3.6
Python 3.6.3 (default, Oct 27 2017, 17:16:29)
[GCC 5.4.0] on netbsd8
Type "help", "copyright", "credits" or \ 
"license" for more information.
>>> import libxml2
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/pkg/lib/python3.6/site-packages/libxml2.py", line 1, in \ 
<module>
    import libxml2mod
ImportError: /usr/pkg/lib/python3.6/site-packages/libxml2mod.so: Undefined PLT \ 
symbol "PyCObject_Check" (symnum = 488)
   2017-10-31 14:15:44 by Filip Hajny | Files touched by this commit (10)
Log message:
textproc/*libxml2: Move patches and distinfo files under the main package
since the distfile is just one anyway.
   2017-10-30 15:02:03 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update textproc/libxml2 to 2.9.6.

Update Portability:
- Change preprocessor OS tests to __linux__

Bug Fixes:
- Fix XPath stack frame logic
- Report undefined XPath variable error message
- Fix regression with librsvg
- Handle more invalid entity values in recovery mode
- Fix structured validation errors
- Fix memory leak in LZMA decompressor
- Set memory limit for LZMA decompression
- Handle illegal entity values in recovery mode
- Fix debug dump of streaming XPath expressions
- Fix memory leak in nanoftp
- Fix memory leaks in SAX1 parser
   2017-09-10 22:49:20 by Thomas Klausner | Files touched by this commit (14) | Package removed
Log message:
Updated libxml2 to 2.9.5.

2.9.5: Sep 04 2017
 • Reference Manual
 • Security:
   Detect infinite recursion in parameter entities
   (Nick Wellnhofer),
   Fix handling of parameter-entity references (Nick
   Wellnhofer),
   Disallow namespace nodes in XPointer ranges (Nick
   Wellnhofer),
   Fix XPointer paths beginning with range-to (Nick
   Wellnhofer)
 • Documentation:
   Documentation fixes (Nick Wellnhofer),
   Spelling and grammar fixes (Nick Wellnhofer)
 • Portability:
   Adding README.zOS to list of extra files for the
   release (Daniel Veillard),
   Description of work needed to compile on zOS
   (Stéphane Michaut),
   Porting libxml2 on zOS encoding of code (Stéphane
   Michaut),
   small changes for OS/400 (Patrick Monnerat),
   relaxng.c, xmlschemas.c: Fix build on pre-C99
   compilers (Chun-wei Fan)
 • Bug Fixes:
   Problem resolving relative URIs (Daniel
   Veillard),
   Fix unwanted warnings when switching encodings
   (Nick Wellnhofer),
   Fix signature of xmlSchemaAugmentImportedIDC
   (Daniel Veillard),
   Heap-buffer-overflow read of size 1 in
   xmlFAParsePosCharGroup (David Kilzer),
   Fix NULL pointer deref in xmlFAParseCharClassEsc
   (Nick Wellnhofer),
   Fix infinite loops with push parser in recovery
   mode (Nick Wellnhofer),
   Send xmllint usage error to stderr (Nick
   Wellnhofer),
   Fix NULL deref in xmlParseExternalEntityPrivate
   (Nick Wellnhofer),
   Make sure not to call IS_BLANK_CH when parsing
   the DTD (Nick Wellnhofer),
   Fix xmlHaltParser (Nick Wellnhofer),
   Fix pathological performance when outputting
   charrefs (Nick Wellnhofer),
   Fix invalid-source-encoding warnings in
   testWriter.c (Nick Wellnhofer),
   Fix duplicate SAX callbacks for entity content
   (David Kilzer),
   Treat URIs with scheme as absolute in C14N (Nick
   Wellnhofer),
   Fix copy-paste errors in error messages (Nick
   Wellnhofer),
   Fix sanity check in htmlParseNameComplex (Nick
   Wellnhofer),
   Fix potential infinite loop in
   xmlStringLenDecodeEntities (Nick Wellnhofer),
   Reset parser input pointers on encoding failure
   (Nick Wellnhofer),
   Fix memory leak in xmlParseEntityDecl error path
   (Nick Wellnhofer),
   Fix xmlBuildRelativeURI for URIs starting with '.
   /' (Nick Wellnhofer),
   Fix type confusion in xmlValidateOneNamespace
   (Nick Wellnhofer),
   Fix memory leak in xmlStringLenGetNodeList (Nick
   Wellnhofer),
   Fix NULL pointer deref in xmlDumpElementContent
   (Daniel Veillard),
   Fix memory leak in xmlBufAttrSerializeTxtContent
   (Nick Wellnhofer),
   Stop parser on unsupported encodings (Nick
   Wellnhofer),
   Check for integer overflow in memory debug code
   (Nick Wellnhofer),
   Fix buffer size checks in
   xmlSnprintfElementContent (Nick Wellnhofer),
   Avoid reparsing in xmlParseStartTag2 (Nick
   Wellnhofer),
   Fix undefined behavior in
   xmlRegExecPushStringInternal (Nick Wellnhofer),
   Check XPath exponents for overflow (Nick
   Wellnhofer),
   Check for overflow in
   xmlXPathIsPositionalPredicate (Nick Wellnhofer),
   Fix spurious error message (Nick Wellnhofer),
   Fix memory leak in xmlCanonicPath (Nick
   Wellnhofer),
   Fix memory leak in xmlXPathCompareNodeSetValue
   (Nick Wellnhofer),
   Fix memory leak in pattern error path (Nick
   Wellnhofer),
   Fix memory leak in parser error path (Nick
   Wellnhofer),
   Fix memory leaks in XPointer error paths (Nick
   Wellnhofer),
   Fix memory leak in xmlXPathNodeSetMergeAndClear
   (Nick Wellnhofer),
   Fix memory leak in XPath filter optimizations
   (Nick Wellnhofer),
   Fix memory leaks in XPath error paths (Nick
   Wellnhofer),
   Do not leak the new CData node if adding fails
   (David Tardon),
   Prevent unwanted external entity reference (Neel
   Mehta),
   Increase buffer space for port in HTTP redirect
   support (Daniel Veillard),
   Fix more NULL pointer derefs in xpointer.c (Nick
   Wellnhofer),
   Avoid function/data pointer conversion in xpath.c
   (Nick Wellnhofer),
   Fix format string warnings (Nick Wellnhofer),
   Disallow namespace nodes in XPointer points (Nick
   Wellnhofer),
   Fix comparison with root node in xmlXPathCmpNodes
   (Nick Wellnhofer),
   Fix attribute decoding during XML schema
   validation (Alex Henrie),
   Fix NULL pointer deref in XPointer range-to (Nick
   Wellnhofer)
 • Improvements:
   Updating the spec file to reflect Fedora 24
   (Daniel Veillard),
   Add const in five places to move 1 KiB to .rdata
   (Bruce Dawson),
   Fix missing part of comment for function
   xmlXPathEvalExpression() (Daniel Veillard),
   Get rid of "blanks wrapper" for parameter
   entities (Nick Wellnhofer),
   Simplify handling of parameter entity references
   (Nick Wellnhofer),
   Deduplicate code in encoding.c (Nick Wellnhofer),
   Make HTML parser functions take const pointers
   (Nick Wellnhofer),
   Build test programs only when needed (Nick
   Wellnhofer),
   Fix doc/examples/index.py (Nick Wellnhofer),
   Fix compiler warnings in threads.c (Nick
   Wellnhofer),
   Fix empty-body warning in nanohttp.c (Nick
   Wellnhofer),
   Fix cast-align warnings (Nick Wellnhofer),
   Fix unused-parameter warnings (Nick Wellnhofer),
   Rework entity boundary checks (Nick Wellnhofer),
   Don't switch encoding for internal parameter
   entities (Nick Wellnhofer),
   Merge duplicate code paths handling PE references
   (Nick Wellnhofer),
   Test SAX2 callbacks with entity substitution
   (Nick Wellnhofer),
   Support catalog and threads tests under
   --without-sax1 (Nick Wellnhofer),
   Misc fixes for 'make tests' (Nick Wellnhofer),
   Initialize keepBlanks in HTML parser (Nick
   Wellnhofer),
   Add test cases for bug 758518 (David Kilzer),
   Fix compiler warning in htmlParseElementInternal
   (Nick Wellnhofer),
   Remove useless check in xmlParseAttributeListDecl
   (Nick Wellnhofer),
   Allow zero sized memory input buffers (Nick
   Wellnhofer),
   Add TODO comment in xmlSwitchEncoding (Nick
   Wellnhofer),
   Check for integer overflow in
   xmlXPathFormatNumber (Nick Wellnhofer),
   Make Travis print UBSan stacktraces (Nick
   Wellnhofer),
   Add .travis.yml (Nick Wellnhofer),
   Fix expected error output in Python tests (Nick
   Wellnhofer),
   Simplify control flow in xmlParseStartTag2 (Nick
   Wellnhofer),
   Disable LeakSanitizer when running API tests
   (Nick Wellnhofer),
   Avoid out-of-bound array access in API tests
   (Nick Wellnhofer),
   Avoid spurious UBSan errors in parser.c (Nick
   Wellnhofer),
   Parse small XPath numbers more accurately (Nick
   Wellnhofer),
   Rework XPath rounding functions (Nick
   Wellnhofer),
   Fix white space in test output (Nick Wellnhofer),
   Fix axis traversal from attribute and namespace
   nodes (Nick Wellnhofer),
   Check for trailing characters in XPath
   expressions earlier (Nick Wellnhofer),
   Rework final handling of XPath results (Nick
   Wellnhofer),
   Make xmlXPathEvalExpression call xmlXPathEval
   (Nick Wellnhofer),
   Remove unused variables (Nick Wellnhofer),
   Don't print generic error messages in XPath tests
   (Nick Wellnhofer)
 • Cleanups:
   Fix a couple of misleading indentation errors
   (Daniel Veillard),
   Remove unnecessary calls to xmlPopInput (Nick
   Wellnhofer)
   2017-06-21 02:23:24 by Tim Zingelman | Files touched by this commit (4)
Log message:
xmlSnprintfElementContent failed to correctly check the available
buffer space in two locations.
Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048).
From: \ 
https://git.gnome.org/browse/libxml2/co … d175959d74

There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.

Percent sign in DTD Names
=========================
This fixes bug 766956 initially reported by Wei Lei and independently by
Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
involved.

xmlParseNameComplex with XML_PARSE_OLD10
========================================
This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
Thanks to Marcel Böhme and Thuan Pham for the report.

Additional hardening
====================
A separate check was added in xmlParseNameComplex to validate the
buffer size.

From: \ 
https://git.gnome.org/browse/libxml2/co … b6767251e3