Subject: CVS commit: [pkgsrc-2022Q4] pkgsrc/textproc/libxml2
From: S.P.Zeidler
Date: 2023-03-04 13:54:51
Message id: 20230304125451.E2BB7FA90@cvs.NetBSD.org

Log Message:
Pullup ticket #6737 - requested by taca
textproc/libxml2: security update

Revisions pulled up:
- textproc/libxml2/Makefile                                     1.166-1.167
- textproc/libxml2/Makefile.common                              1.17-1.19
- textproc/libxml2/PLIST                                        1.48
- textproc/libxml2/distinfo                                     1.142-1.143
- textproc/libxml2/patches/patch-Makefile.in                    deleted
- textproc/libxml2/patches/patch-catalog.c                      deleted
- textproc/libxml2/patches/patch-configure                      1.5
- textproc/libxml2/patches/patch-doc_examples_Makefile.in       deleted
- textproc/libxml2/patches/patch-encoding.c                     1.4
- textproc/libxml2/patches/patch-error.c                        1.1
- textproc/libxml2/patches/patch-python_libxml.c                deleted
- textproc/libxml2/patches/patch-python_libxml.py               deleted
- textproc/libxml2/patches/patch-python_libxml2.py              deleted
- textproc/libxml2/patches/patch-python_setup.py                deleted
- textproc/libxml2/patches/patch-xmlcatalog.c                   deleted

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sun Jan 22 10:30:09 UTC 2023

   Modified Files:
   	pkgsrc/textproc/libxml2: Makefile Makefile.common PLIST distinfo
   	pkgsrc/textproc/libxml2/patches: patch-configure patch-encoding.c
   Removed Files:
   	pkgsrc/textproc/libxml2/patches: patch-Makefile.in patch-catalog.c
   	    patch-doc_examples_Makefile.in patch-python_libxml.c
   	    patch-python_libxml.py patch-python_libxml2.py
   	    patch-python_setup.py patch-xmlcatalog.c

   Log Message:
   libxml2: update to 2.10.3.

   NEWS file for libxml2

   v2.10.3: Oct 14 2022

   ### Security

   - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
   - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
   - Fix overflow check in SAX2.c

   ### Portability

   - win32: Fix build with VS2013

   ### Build system

   - cmake: Set SOVERSION

   v2.10.2: Aug 29 2022

   ### Improvements

   - Remove set-but-unused variable in xmlXPathScanName
   - Silence -Warray-bounds warning

   ### Build system

   - build: require automake-1.16.3 or later (Xi Ruoyao)
   - Remove generated files from distribution

   ### Test suite

   - Don't create missing.xml when running testapi

   v2.10.1: Aug 25 2022

   ### Regressions

   - Fix xmlCtxtReadDoc with encoding

   ### Bug fixes

   - Fix HTML parser with threads and --without-legacy

   ### Build system

   - Fix build with Python 3.10
   - cmake: Disable version script on macOS
   - Remove Makefile rule to build testapi.c

   ### Documentation

   - Switch back to HTML output for API documentation
   - Port doc/examples/index.py to Python 3
   - Fix order of exports in libxml2-api.xml
   - Remove libxml2-refs.xml

   v2.10.0: Aug 17 2022

   ### Security

   - [CVE-2022-2309] Reset nsNr in xmlCtxtReset
   - Reserve byte for NUL terminator and report errors consistently in xmlBuf and
     xmlBuffer (David Kilzer)
   - Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer)
   - Fix integer overflow in xmlBufferDump() (David Kilzer)
   - xmlBufAvail() should return length without including a byte for NUL
     terminator (David Kilzer)
   - Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David
     Kilzer)
   - Use xmlNewDocText in xmlXIncludeCopyRange
   - Fix use-after-free bugs when calling xmlTextReaderClose() before
     xmlFreeTextReader() on post-validating parser (David Kilzer)
   - Use UPDATE_COMPAT() consistently in buf.c (David Kilzer)
   - fix: xmlXPathParserContext could be double-delete in  OOM case. (jinsub ahn)

   ### Removals and deprecations

   - Disable XPointer location support by default
   - Remove outdated xml2Conf.sh
   - Deprecate module init and cleanup functions
   - Remove obsolete XML Software Autoupdate (XSA) file
   - Remove DOCBparser
   - Remove obsolete Python test framework
   - Remove broken VxWorks support
   - Remove broken Mac OS 9 support
   - Remove broken bakefile support
   - Remove broken Visual Studio 2010 support
   - Remove broken Windows CE support
   - Deprecate IDREF-related functions in valid.h
   - Deprecate legacy functions
   - Disable legacy support by default
   - Deprecate all functions in nanoftp.h
   - Disable FTP support by default
   - Add XML_DEPRECATED macro
   - Remove elfgcchack.h

   ### Regressions

   - Skip incorrectly opened HTML comments
   - Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer)

   ### Bug fixes

   - Fix memory leak with invalid XSD
   - Make XPath depth check work with recursive invocations
   - Fix memory leak in xmlLoadEntityContent error path
   - Avoid double-free if malloc fails in inputPush
   - Properly fold whitespace around the QName value when validating an XSD
     schema. (Damjan Jovanovic)
   - Add whitespace folding for some atomic data types that it's missing on.
     (Damjan Jovanovic)
   - Don't add IDs containing unexpanded entity references

   ### Improvements

   - Avoid calling xmlSetTreeDoc
   - Simplify xmlFreeNode
   - Don't reset nsDef when changing node content
   - Fix unintended fall-through in xmlNodeAddContentLen
   - Remove unused xmlBuf functions (David Kilzer)
   - Implement xpath1() XPointer scheme
   - Add configuration flag for XPointer locations support
   - Fix compiler warnings in Python code
   - Mark more static data as `const` (David Kilzer)
   - Make xmlStaticCopyNode non-recursive
   - Clean up encoding switching code
   - Simplify recursive pthread mutex
   - Use non-recursive mutex in dict.c
   - Fix parser progress checks
   - Avoid arithmetic on freed pointers
   - Improve buffer allocation scheme
   - Remove unneeded #includes
   - Add support for some non-standard escapes in regular expressions. (Damjan
     Jovanovic)
   - htmlParseComment: handle abruptly-closed comments (Mike Dalessio)
   - Add let variable tag support (Oliver Diehl)
   - Add value-of tag support (Oliver Diehl)
   - Remove useless call to xmlRelaxNGCleanupTypes
   - Don't include ICU headers in public headers
   - Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio)
   - Fix unused variable warnings with disabled features
   - Only warn on invalid redeclarations of predefined entities
   - Remove unneeded code in xmlreader.c
   - Rework validation context flags

   ### Portability

   - Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin)
   - Fix Python tests on macOS
   - Fix xmlCleanupThreads on Windows
   - Fix reinitialization of library on Windows
   - Don't mix declarations and code in runtest.c
   - Use portable python shebangs (David Seifert)
   - Use critical sections as mutex on Windows
   - Don't set HAVE_WIN32_THREADS in win32config.h
   - Use stdint.h with newer MSVC
   - Remove cruft from win32config.h
   - Remove isinf/isnan emulation in win32config.h
   - Always fopen files with "rb"
   - Remove __DJGPP__ checks
   - Remove useless __CYGWIN__ checks

   ### Build system

   - Don't autogenerate doc/examples/Makefile.am
   - cmake: Install libxml.m4 on UNIX-like platforms (Daniel E)
   - cmake: Use symbol versioning on UNIX-like platforms (Daniel E)
   - Port genUnicode.py to Python 3
   - Port gentest.py to Python 3
   - cmake: Fix build without thread support
   - cmake: Install documentation in CMAKE_INSTALL_DOCDIR
   - cmake: Remove non needed files in docs dir (Daniel E)
   - configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
     (Christopher Degawa)
   - Move local Autoconf macros into m4 directory
   - Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
   - Update libxml-2.0-uninstalled.pc.in
   - Remove LIBS from XML_PRIVATE_LIBS
   - Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
   - Don't overlink executables
   - cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg)
   - build: Make use of variables in libxml's pkg-config file (Daniel Engberg)
   - Avoid obsolescent `test -a` constructs (David Seifert)
   - Move AM_MAINTAINER_MODE to AM section
   - configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert)
   - Streamline documentation installation
   - Don't try to recreate COPYING symlink
   - Detect libm using libtool's macros (David Seifert)
   - configure.ac: disable static libraries by default (David Seifert)
   - python/Makefile.am: nest python docs in $(docdir) (David Seifert)
   - python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
   - Makefile.am: install examples more idiomatically (David Seifert)
   - configure.ac: remove useless AC_SUBST (David Seifert)
   - Respect `--sysconfdir` in source files (David Seifert)
   - Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin)
   - Only install *.html and *.c example files
   - Remove --with-html-dir option
   - Rework documentation build system
   - Remove old website
   - Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
   - Update genChRanges.py
   - Update build_glob.py
   - Remove ICONV_CONST test
   - Remove obsolete AC_HEADER checks
   - Don't check for standard C89 library functions
   - Don't check for standard C89 headers
   - Remove special configuration for certain maintainers

   ### Test suite, CI

   - Disable network in API tests
   - testapi: remove leading slash from "/missing.xml" (Mike Gilbert)
   - Build Autotools CI tests out of source tree (VPATH)
   - Add --with-minimum build to CI tests
   - Fix warnings when testing --with-minimum build
   - cmake: Run all tests when threads are disabled
   - Also build CI tests with -Werror
   - Move doc/examples tests to new test suite
   - Simplify 'make check' targets
   - Fix schemas and relaxng tests
   - Remove unused result files
   - Allow missing result files in runtest
   - Move regexp tests to runtest
   - Move SVG tests to runtest.c
   - Move testModule to new test suite
   - Move testThreads to new test suite
   - Remove major parts of old test suite
   - Make testchar return an error on failure (Tony Tascioglu)
   - Add CI job for static build
   - python/tests: open() relative to test scripts (David Seifert)
   - Port some test scripts to Python 3

   ### Documentation

   - Improve documentation of tree manipulation API
   - Update xml2-config man page
   - Consolidate man pages
   - Rename xmlcatalog_man.xml
   - Make examples a standalone HTML page
   - Fix documentation in entities.c
   - Add note about optimization flags

   To generate a diff of this commit:
   cvs rdiff -u -r1.165 -r1.166 pkgsrc/textproc/libxml2/Makefile
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/libxml2/Makefile.common
   cvs rdiff -u -r1.47 -r1.48 pkgsrc/textproc/libxml2/PLIST
   cvs rdiff -u -r1.141 -r1.142 pkgsrc/textproc/libxml2/distinfo
   cvs rdiff -u -r1.2 -r0 pkgsrc/textproc/libxml2/patches/patch-Makefile.in \
       pkgsrc/textproc/libxml2/patches/patch-doc_examples_Makefile.in \
       pkgsrc/textproc/libxml2/patches/patch-python_setup.py
   cvs rdiff -u -r1.1 -r0 pkgsrc/textproc/libxml2/patches/patch-catalog.c \
       pkgsrc/textproc/libxml2/patches/patch-python_libxml.py \
       pkgsrc/textproc/libxml2/patches/patch-python_libxml2.py \
       pkgsrc/textproc/libxml2/patches/patch-xmlcatalog.c
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/textproc/libxml2/patches/patch-configure
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/libxml2/patches/patch-encoding.c
   cvs rdiff -u -r1.4 -r0 pkgsrc/textproc/libxml2/patches/patch-python_libxml.c

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	gutteridge
   Date:		Thu Jan 26 01:49:16 UTC 2023

   Modified Files:
   	pkgsrc/textproc/libxml2: Makefile.common distinfo
   Added Files:
   	pkgsrc/textproc/libxml2/patches: patch-error.c

   Log Message:
   libxml2: Make sure that error messages are valid UTF-8

   Fixes segfaults with itstool, which were breaking various MATE package
   builds. (This is the third time a variant of a patch to fix this same
   issue has been applied here.)

   To generate a diff of this commit:
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/textproc/libxml2/Makefile.common
   cvs rdiff -u -r1.142 -r1.143 pkgsrc/textproc/libxml2/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-error.c

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Fri Jan 27 14:49:37 UTC 2023

   Modified Files:
   	pkgsrc/textproc/libxml2: Makefile Makefile.common

   Log Message:
   libxml2: Ensure --sysconfdir is passed.

   Fixes widespread breakage of recent update on systems where PKG_SYSCONFDIR
   is not PREFIX/etc so the catalog files could not be found.

   Move PKGREVISION out of Makefile.common and bump.

   To generate a diff of this commit:
   cvs rdiff -u -r1.166 -r1.167 pkgsrc/textproc/libxml2/Makefile
   cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/libxml2/Makefile.common

Files:
RevisionActionfile
1.165.2.1modifypkgsrc/textproc/libxml2/Makefile
1.16.6.1modifypkgsrc/textproc/libxml2/Makefile.common
1.47.8.1modifypkgsrc/textproc/libxml2/PLIST
1.141.6.1modifypkgsrc/textproc/libxml2/distinfo
1.4.8.1modifypkgsrc/textproc/libxml2/patches/patch-configure
1.3.18.1modifypkgsrc/textproc/libxml2/patches/patch-encoding.c
1.1.2.2addpkgsrc/textproc/libxml2/patches/patch-error.c
1.2removepkgsrc/textproc/libxml2/patches/patch-Makefile.in
1.1removepkgsrc/textproc/libxml2/patches/patch-catalog.c
1.2removepkgsrc/textproc/libxml2/patches/patch-doc_examples_Makefile.in
1.4removepkgsrc/textproc/libxml2/patches/patch-python_libxml.c
1.1removepkgsrc/textproc/libxml2/patches/patch-python_libxml.py
1.1removepkgsrc/textproc/libxml2/patches/patch-python_libxml2.py
1.2removepkgsrc/textproc/libxml2/patches/patch-python_setup.py
1.1removepkgsrc/textproc/libxml2/patches/patch-xmlcatalog.c