Path to this page:
Subject: CVS commit: [pkgsrc-2022Q4] pkgsrc/textproc/libxml2
From: S.P.Zeidler
Date: 2023-03-04 13:54:51
Message id: 20230304125451.E2BB7FA90@cvs.NetBSD.org
Log Message:
Pullup ticket #6737 - requested by taca
textproc/libxml2: security update
Revisions pulled up:
- textproc/libxml2/Makefile 1.166-1.167
- textproc/libxml2/Makefile.common 1.17-1.19
- textproc/libxml2/PLIST 1.48
- textproc/libxml2/distinfo 1.142-1.143
- textproc/libxml2/patches/patch-Makefile.in deleted
- textproc/libxml2/patches/patch-catalog.c deleted
- textproc/libxml2/patches/patch-configure 1.5
- textproc/libxml2/patches/patch-doc_examples_Makefile.in deleted
- textproc/libxml2/patches/patch-encoding.c 1.4
- textproc/libxml2/patches/patch-error.c 1.1
- textproc/libxml2/patches/patch-python_libxml.c deleted
- textproc/libxml2/patches/patch-python_libxml.py deleted
- textproc/libxml2/patches/patch-python_libxml2.py deleted
- textproc/libxml2/patches/patch-python_setup.py deleted
- textproc/libxml2/patches/patch-xmlcatalog.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sun Jan 22 10:30:09 UTC 2023
Modified Files:
pkgsrc/textproc/libxml2: Makefile Makefile.common PLIST distinfo
pkgsrc/textproc/libxml2/patches: patch-configure patch-encoding.c
Removed Files:
pkgsrc/textproc/libxml2/patches: patch-Makefile.in patch-catalog.c
patch-doc_examples_Makefile.in patch-python_libxml.c
patch-python_libxml.py patch-python_libxml2.py
patch-python_setup.py patch-xmlcatalog.c
Log Message:
libxml2: update to 2.10.3.
NEWS file for libxml2
v2.10.3: Oct 14 2022
### Security
- [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
- Fix overflow check in SAX2.c
### Portability
- win32: Fix build with VS2013
### Build system
- cmake: Set SOVERSION
v2.10.2: Aug 29 2022
### Improvements
- Remove set-but-unused variable in xmlXPathScanName
- Silence -Warray-bounds warning
### Build system
- build: require automake-1.16.3 or later (Xi Ruoyao)
- Remove generated files from distribution
### Test suite
- Don't create missing.xml when running testapi
v2.10.1: Aug 25 2022
### Regressions
- Fix xmlCtxtReadDoc with encoding
### Bug fixes
- Fix HTML parser with threads and --without-legacy
### Build system
- Fix build with Python 3.10
- cmake: Disable version script on macOS
- Remove Makefile rule to build testapi.c
### Documentation
- Switch back to HTML output for API documentation
- Port doc/examples/index.py to Python 3
- Fix order of exports in libxml2-api.xml
- Remove libxml2-refs.xml
v2.10.0: Aug 17 2022
### Security
- [CVE-2022-2309] Reset nsNr in xmlCtxtReset
- Reserve byte for NUL terminator and report errors consistently in xmlBuf and
xmlBuffer (David Kilzer)
- Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer)
- Fix integer overflow in xmlBufferDump() (David Kilzer)
- xmlBufAvail() should return length without including a byte for NUL
terminator (David Kilzer)
- Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David
Kilzer)
- Use xmlNewDocText in xmlXIncludeCopyRange
- Fix use-after-free bugs when calling xmlTextReaderClose() before
xmlFreeTextReader() on post-validating parser (David Kilzer)
- Use UPDATE_COMPAT() consistently in buf.c (David Kilzer)
- fix: xmlXPathParserContext could be double-delete in OOM case. (jinsub ahn)
### Removals and deprecations
- Disable XPointer location support by default
- Remove outdated xml2Conf.sh
- Deprecate module init and cleanup functions
- Remove obsolete XML Software Autoupdate (XSA) file
- Remove DOCBparser
- Remove obsolete Python test framework
- Remove broken VxWorks support
- Remove broken Mac OS 9 support
- Remove broken bakefile support
- Remove broken Visual Studio 2010 support
- Remove broken Windows CE support
- Deprecate IDREF-related functions in valid.h
- Deprecate legacy functions
- Disable legacy support by default
- Deprecate all functions in nanoftp.h
- Disable FTP support by default
- Add XML_DEPRECATED macro
- Remove elfgcchack.h
### Regressions
- Skip incorrectly opened HTML comments
- Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer)
### Bug fixes
- Fix memory leak with invalid XSD
- Make XPath depth check work with recursive invocations
- Fix memory leak in xmlLoadEntityContent error path
- Avoid double-free if malloc fails in inputPush
- Properly fold whitespace around the QName value when validating an XSD
schema. (Damjan Jovanovic)
- Add whitespace folding for some atomic data types that it's missing on.
(Damjan Jovanovic)
- Don't add IDs containing unexpanded entity references
### Improvements
- Avoid calling xmlSetTreeDoc
- Simplify xmlFreeNode
- Don't reset nsDef when changing node content
- Fix unintended fall-through in xmlNodeAddContentLen
- Remove unused xmlBuf functions (David Kilzer)
- Implement xpath1() XPointer scheme
- Add configuration flag for XPointer locations support
- Fix compiler warnings in Python code
- Mark more static data as `const` (David Kilzer)
- Make xmlStaticCopyNode non-recursive
- Clean up encoding switching code
- Simplify recursive pthread mutex
- Use non-recursive mutex in dict.c
- Fix parser progress checks
- Avoid arithmetic on freed pointers
- Improve buffer allocation scheme
- Remove unneeded #includes
- Add support for some non-standard escapes in regular expressions. (Damjan
Jovanovic)
- htmlParseComment: handle abruptly-closed comments (Mike Dalessio)
- Add let variable tag support (Oliver Diehl)
- Add value-of tag support (Oliver Diehl)
- Remove useless call to xmlRelaxNGCleanupTypes
- Don't include ICU headers in public headers
- Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio)
- Fix unused variable warnings with disabled features
- Only warn on invalid redeclarations of predefined entities
- Remove unneeded code in xmlreader.c
- Rework validation context flags
### Portability
- Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin)
- Fix Python tests on macOS
- Fix xmlCleanupThreads on Windows
- Fix reinitialization of library on Windows
- Don't mix declarations and code in runtest.c
- Use portable python shebangs (David Seifert)
- Use critical sections as mutex on Windows
- Don't set HAVE_WIN32_THREADS in win32config.h
- Use stdint.h with newer MSVC
- Remove cruft from win32config.h
- Remove isinf/isnan emulation in win32config.h
- Always fopen files with "rb"
- Remove __DJGPP__ checks
- Remove useless __CYGWIN__ checks
### Build system
- Don't autogenerate doc/examples/Makefile.am
- cmake: Install libxml.m4 on UNIX-like platforms (Daniel E)
- cmake: Use symbol versioning on UNIX-like platforms (Daniel E)
- Port genUnicode.py to Python 3
- Port gentest.py to Python 3
- cmake: Fix build without thread support
- cmake: Install documentation in CMAKE_INSTALL_DOCDIR
- cmake: Remove non needed files in docs dir (Daniel E)
- configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
(Christopher Degawa)
- Move local Autoconf macros into m4 directory
- Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
- Update libxml-2.0-uninstalled.pc.in
- Remove LIBS from XML_PRIVATE_LIBS
- Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
- Don't overlink executables
- cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg)
- build: Make use of variables in libxml's pkg-config file (Daniel Engberg)
- Avoid obsolescent `test -a` constructs (David Seifert)
- Move AM_MAINTAINER_MODE to AM section
- configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert)
- Streamline documentation installation
- Don't try to recreate COPYING symlink
- Detect libm using libtool's macros (David Seifert)
- configure.ac: disable static libraries by default (David Seifert)
- python/Makefile.am: nest python docs in $(docdir) (David Seifert)
- python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
- Makefile.am: install examples more idiomatically (David Seifert)
- configure.ac: remove useless AC_SUBST (David Seifert)
- Respect `--sysconfdir` in source files (David Seifert)
- Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin)
- Only install *.html and *.c example files
- Remove --with-html-dir option
- Rework documentation build system
- Remove old website
- Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
- Update genChRanges.py
- Update build_glob.py
- Remove ICONV_CONST test
- Remove obsolete AC_HEADER checks
- Don't check for standard C89 library functions
- Don't check for standard C89 headers
- Remove special configuration for certain maintainers
### Test suite, CI
- Disable network in API tests
- testapi: remove leading slash from "/missing.xml" (Mike Gilbert)
- Build Autotools CI tests out of source tree (VPATH)
- Add --with-minimum build to CI tests
- Fix warnings when testing --with-minimum build
- cmake: Run all tests when threads are disabled
- Also build CI tests with -Werror
- Move doc/examples tests to new test suite
- Simplify 'make check' targets
- Fix schemas and relaxng tests
- Remove unused result files
- Allow missing result files in runtest
- Move regexp tests to runtest
- Move SVG tests to runtest.c
- Move testModule to new test suite
- Move testThreads to new test suite
- Remove major parts of old test suite
- Make testchar return an error on failure (Tony Tascioglu)
- Add CI job for static build
- python/tests: open() relative to test scripts (David Seifert)
- Port some test scripts to Python 3
### Documentation
- Improve documentation of tree manipulation API
- Update xml2-config man page
- Consolidate man pages
- Rename xmlcatalog_man.xml
- Make examples a standalone HTML page
- Fix documentation in entities.c
- Add note about optimization flags
To generate a diff of this commit:
cvs rdiff -u -r1.165 -r1.166 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/libxml2/Makefile.common
cvs rdiff -u -r1.47 -r1.48 pkgsrc/textproc/libxml2/PLIST
cvs rdiff -u -r1.141 -r1.142 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r1.2 -r0 pkgsrc/textproc/libxml2/patches/patch-Makefile.in \
pkgsrc/textproc/libxml2/patches/patch-doc_examples_Makefile.in \
pkgsrc/textproc/libxml2/patches/patch-python_setup.py
cvs rdiff -u -r1.1 -r0 pkgsrc/textproc/libxml2/patches/patch-catalog.c \
pkgsrc/textproc/libxml2/patches/patch-python_libxml.py \
pkgsrc/textproc/libxml2/patches/patch-python_libxml2.py \
pkgsrc/textproc/libxml2/patches/patch-xmlcatalog.c
cvs rdiff -u -r1.4 -r1.5 pkgsrc/textproc/libxml2/patches/patch-configure
cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/libxml2/patches/patch-encoding.c
cvs rdiff -u -r1.4 -r0 pkgsrc/textproc/libxml2/patches/patch-python_libxml.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Thu Jan 26 01:49:16 UTC 2023
Modified Files:
pkgsrc/textproc/libxml2: Makefile.common distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-error.c
Log Message:
libxml2: Make sure that error messages are valid UTF-8
Fixes segfaults with itstool, which were breaking various MATE package
builds. (This is the third time a variant of a patch to fix this same
issue has been applied here.)
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/textproc/libxml2/Makefile.common
cvs rdiff -u -r1.142 -r1.143 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-error.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: jperkin
Date: Fri Jan 27 14:49:37 UTC 2023
Modified Files:
pkgsrc/textproc/libxml2: Makefile Makefile.common
Log Message:
libxml2: Ensure --sysconfdir is passed.
Fixes widespread breakage of recent update on systems where PKG_SYSCONFDIR
is not PREFIX/etc so the catalog files could not be found.
Move PKGREVISION out of Makefile.common and bump.
To generate a diff of this commit:
cvs rdiff -u -r1.166 -r1.167 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/libxml2/Makefile.common
Files: