1<?xml version="1.0"?> 2<!DOCTYPE xsa PUBLIC "-//LM Garshol//DTD XML Software Autoupdate 1.0//EN//XML" "http://www.garshol.priv.no/download/xsa/xsa.dtd"> 3<xsa> 4 <vendor> 5 <name>Daniel Veillard</name> 6 <email>daniel@veillard.com</email> 7 <url>http://veillard.com/</url> 8 </vendor> 9 <product id="libxml2"> 10 <name>libxml2</name> 11 <version>2.9.2</version> 12 <last-release> Oct 16 2014</last-release> 13 <info-url>http://xmlsoft.org/</info-url> 14 <changes> - Security: 15 Fix for CVE-2014-3660 billion laugh variant (Daniel Veillard), 16 CVE-2014-0191 Do not fetch external parameter entities (Daniel Veillard) 17 18 - Bug Fixes: 19 fix memory leak xml header encoding field with XML_PARSE_IGNORE_ENC (Bart De Schuymer), 20 xmlmemory: handle realloc properly (Yegor Yefremov), 21 Python generator bug raised by the const change (Daniel Veillard), 22 Windows Critical sections not released correctly (Daniel Veillard), 23 Parser error on repeated recursive entity expansion containing &lt; (Daniel Veillard), 24 xpointer : fixing Null Pointers (Gaurav Gupta), 25 Remove Unnecessary Null check in xpointer.c (Gaurav Gupta), 26 parser bug on misformed namespace attributes (Dennis Filder), 27 Pointer dereferenced before null check (Daniel Veillard), 28 Leak of struct addrinfo in xmlNanoFTPConnect() (Gaurav Gupta), 29 Possible overflow in HTMLParser.c (Daniel Veillard), 30 python/tests/sync.py assumes Python dictionaries are ordered (John Beck), 31 Fix Enum check and missing break (Gaurav Gupta), 32 xmlIO: Handle error returns from dup() (Philip Withnall), 33 Fix a problem properly saving URIs (Daniel Veillard), 34 wrong error column in structured error when parsing attribute values (Juergen Keil), 35 wrong error column in structured error when skipping whitespace in xml decl (Juergen Keil), 36 no error column in structured error handler for xml schema validation errors (Juergen Keil), 37 Couple of Missing Null checks (Gaurav Gupta), 38 Add couple of missing Null checks (Daniel Veillard), 39 xmlschemastypes: Fix potential array overflow (Philip Withnall), 40 runtest: Fix a memory leak on parse failure (Philip Withnall), 41 xmlIO: Fix an FD leak on gzdopen() failure (Philip Withnall), 42 xmlcatalog: Fix a memory leak on quit (Philip Withnall), 43 HTMLparser: Correctly initialise a stack allocated structure (Philip Withnall), 44 Check for tmon in _xmlSchemaDateAdd() is incorrect (David Kilzer), 45 Avoid Possible Null Pointer in trio.c (Gaurav Gupta), 46 Fix processing in SAX2 in case of an allocation failure (Daniel Veillard), 47 XML Shell command "cd" does not handle "/" at end of path (Daniel Veillard), 48 Fix various Missing Null checks (Gaurav Gupta), 49 Fix a potential NULL dereference (Daniel Veillard), 50 Add a couple of misisng check in xmlRelaxNGCleanupTree (Gaurav Gupta), 51 Add a missing argument check (Gaurav Gupta), 52 Adding a check in case of allocation error (Gaurav Gupta), 53 xmlSaveUri() incorrectly recomposes URIs with rootless paths (Dennis Filder), 54 Adding some missing NULL checks (Gaurav), 55 Fixes for xmlInitParserCtxt (Daniel Veillard), 56 Fix regressions introduced by CVE-2014-0191 patch (Daniel Veillard), 57 erroneously ignores a validation error if no error callback set (Daniel Veillard), 58 xmllint was not parsing the --c14n11 flag (Sérgio Batista), 59 Avoid Possible null pointer dereference in memory debug mode (Gaurav), 60 Avoid Double Null Check (Gaurav), 61 Restore context size and position after XPATH_OP_ARG (Nick Wellnhofer), 62 Fix xmlParseInNodeContext() if node is not element (Daniel Veillard), 63 Avoid a possible NULL pointer dereference (Gaurav), 64 Fix xmlTextWriterWriteElement when a null content is given (Daniel Veillard), 65 Fix an typo 'onrest' in htmlScriptAttributes (Daniel Veillard), 66 fixing a ptotential uninitialized access (Daniel Veillard), 67 Fix an fd leak in an error case (Daniel Veillard), 68 Missing initialization for the catalog module (Daniel Veillard), 69 Handling of XPath function arguments in error case (Nick Wellnhofer), 70 Fix a couple of missing NULL checks (Gaurav), 71 Avoid a possibility of dangling encoding handler (Gaurav), 72 Fix HTML push parser to accept HTML_PARSE_NODEFDTD (Arnold Hendriks), 73 Fix a bug loading some compressed files (Mike Alexander), 74 Fix XPath node comparison bug (Gaurav), 75 Type mismatch in xmlschemas.c (Gaurav), 76 Type mismatch in xmlschemastypes.c (Gaurav), 77 Avoid a deadcode in catalog.c (Daniel Veillard), 78 run close socket on Solaris, same as we do on other platforms (Denis Pauk), 79 Fix pointer dereferenced before null check (Gaurav), 80 Fix a potential NULL dereference in tree code (Daniel Veillard), 81 Fix potential NULL pointer dereferences in regexp code (Gaurav), 82 xmllint --pretty crashed without following numeric argument (Tim Galeckas), 83 Fix XPath expressions of the form '@ns:*' (Nick Wellnhofer), 84 Fix XPath '//' optimization with predicates (Nick Wellnhofer), 85 Clear up a potential NULL dereference (Daniel Veillard), 86 Fix a possible NULL dereference (Gaurav), 87 Avoid crash if allocation fails (Daniel Veillard), 88 Remove occasional leading space in XPath number formatting (Daniel Veillard), 89 Fix handling of mmap errors (Daniel Veillard), 90 Catch malloc error and exit accordingly (Daniel Veillard), 91 missing else in xlink.c (Ami Fischman), 92 Fix a parsing bug on non-ascii element and CR/LF usage (Daniel Veillard), 93 Fix a regression in xmlGetDocCompressMode() (Daniel Veillard), 94 properly quote the namespace uris written out during c14n (Aleksey Sanin), 95 Remove premature XInclude check on URI being relative (Alexey Neyman), 96 Fix missing break on last() function for attributes (dcb), 97 Do not URI escape in server side includes (Romain Bondue), 98 Fix an error in xmlCleanupParser (Alexander Pastukhov) 99 100 - Documentation: 101 typo in error messages "colon are forbidden from..." (Daniel Veillard), 102 Fix a link to James SAX documentation old page (Daniel Veillard), 103 Fix typos in relaxng.c (Jan Pokorný), 104 Fix a doc typo (Daniel Veillard), 105 Fix typos in {tree,xpath}.c (errror) (Jan Pokorný), 106 Add limitations about encoding conversion (Daniel Veillard), 107 Fix typos in xmlschemas{,types}.c (Jan Pokorný), 108 Fix incorrect spelling entites->entities (Jan Pokorný), 109 Forgot to document 2.9.1 release, regenerate docs (Daniel Veillard) 110 111 - Portability: 112 AC_CONFIG_FILES and executable bit (Roumen Petrov), 113 remove HAVE_CONFIG_H dependency in testlimits.c (Roumen Petrov), 114 fix some tabs mixing incompatible with python3 (Roumen Petrov), 115 Visual Studio 14 CTP defines snprintf() (Francis Dupont), 116 OS400: do not try to copy unexisting doc files (Patrick Monnerat), 117 OS400: use either configure.ac or configure.in. (Patrick Monnerat), 118 os400: make-src.sh: create physical file with target CCSID (Patrick Monnerat), 119 OS400: Add some more C macros equivalent procedures. (Patrick Monnerat), 120 OS400: use C macros to implement equivalent RPG support procedures. (Patrick Monnerat), 121 OS400: implement XPath macros as procedures for ILE/RPG support. (Patrick Monnerat), 122 OS400: include in distribution tarball. (Patrick Monnerat), 123 OS400: Add README: compilation directives and OS/400 specific stuff. (Patrick Monnerat), 124 OS400: Add compilation scripts. (Patrick Monnerat), 125 OS400: ILE RPG language header files. (Patrick Monnerat), 126 OS400: implement some macros as functions for ILE/RPG language support (that as no macros). (Patrick Monnerat), 127 OS400: UTF8<-->EBCDIC wrappers for system and external library calls (Patrick Monnerat), 128 OS400: Easy character transcoding support (Patrick Monnerat), 129 OS400: iconv functions compatibility wrappers and table builder. (Patrick Monnerat), 130 OS400: create architecture directory. Implement dlfcn emulation. (Patrick Monnerat), 131 Fix building when configuring without xpath and xptr (Daniel Veillard), 132 configure: Add --with-python-install-dir (Jonas Eriksson), 133 Fix compilation with minimum and xinclude. (Nicolas Le Cam), 134 Compile out use of xmlValidateNCName() when not available. (Nicolas Le Cam), 135 Fix compilation with minimum and schematron. (Nicolas Le Cam), 136 Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). (Nicolas Le Cam), 137 Don't use xmlValidateName() when not available. (Nicolas Le Cam), 138 Fix a portability issue on Windows (Longstreth Jon), 139 Various portability patches for OpenVMS (Jacob (Jouk) Jansen), 140 Use specific macros for portability to OS/400 (Patrick Monnerat), 141 Add macros needed for OS/400 portability (Patrick Monnerat), 142 Portability patch for fopen on OS/400 (Patrick Monnerat), 143 Portability fixes for OS/400 (Patrick Monnerat), 144 Improve va_list portability (Patrick Monnerat), 145 Portability fix (Patrick Monnerat), 146 Portability fix (Patrick Monnerat), 147 Generic portability fix (Patrick Monnerat), 148 Shortening lines in headers (Patrick Monnerat), 149 build: Use pkg-config to find liblzma in preference to AC_CHECK_LIB (Philip Withnall), 150 build: Add @LZMA_LIBS@ to libxml’s pkg-config files (Philip Withnall), 151 fix some tabs mixing incompatible with python3 (Daniel Veillard), 152 add additional defines checks for support "./configure --with-minimum" (Denis Pauk), 153 Another round of fixes for older versions of Python (Arfrever Frehtes Taifersar Arahesis), 154 python: fix drv_libxml2.py for python3 compatibility (Alexandre Rostovtsev), 155 python: Fix compiler warnings when building python3 bindings (Armin K), 156 Fix for compilation with python 2.6.8 (Petr Sumbera) 157 158 - Improvements: 159 win32/libxml2.def.src after rebuild in doc (Roumen Petrov), 160 elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() (Roumen Petrov), 161 elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode (Roumen Petrov), 162 Provide cmake module (Samuel Martin), 163 Fix a couple of issues raised by make dist (Daniel Veillard), 164 Fix and add const qualifiers (Kurt Roeckx), 165 Preparing for upcoming release of 2.9.2 (Daniel Veillard), 166 Fix zlib and lzma libraries check via command line (Dmitriy), 167 wrong error column in structured error when parsing end tag (Juergen Keil), 168 doc/news.html: small update to avoid line join while generating NEWS. (Patrick Monnerat), 169 Add methods for python3 iterator (Ron Angeles), 170 Support element node traversal in document fragments. (Kyle VanderBeek), 171 xmlNodeSetName: Allow setting the name to a substring of the currently set name (Tristan Van Berkom), 172 Added macros for argument casts (Eric Zurcher), 173 adding init calls to xml and html Read parsing entry points (Daniel Veillard), 174 Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c (Jan Pokorný), 175 Implement choice for name classes on attributes (Shaun McCance), 176 Two small namespace tweaks (Daniel Veillard), 177 xmllint --memory should fail on empty files (Daniel Veillard), 178 Cast encoding name to char pointer to match arg type (Nikolay Sivov) 179 180 - Cleanups: 181 Removal of old configure.in (Daniel Veillard), 182 Unreachable code in tree.c (Gaurav Gupta), 183 Remove a couple of dead conditions (Gaurav Gupta), 184 Avoid some dead code and cleanup in relaxng.c (Gaurav), 185 Drop not needed checks (Denis Pauk), 186 Fix a wrong test (Daniel Veillard) 187 188 189</changes> 190 </product> 191</xsa> 192