kmx git

Commit	Date	Message
1dafb427	2018-09-03T15:29:50	Don't include SAX.h from globals.h SAX.h contains a legacy interface with several unprefixed symbols like `reference`, causing severe namespace pollution. The globals.h header doesn't need any of these symbols, so remove the #include.
bfec41b3	2018-06-23T12:14:28	Support xmlTextReaderNextSibling w/o preparsed doc This implements missing support for readers that are not based on a preparsed document in xmlTextReaderNextSibling.
d2ef114c	2018-06-23T13:08:46	Fix xmlTextReaderNext with preparsed document This fixes the traversal of parent nodes using xmlTextReaderNext() when the reader is based on a preparsed document (created using xmlReaderWalker(doc)). Without this fix the parser will abort even though there are parent nodes it should traverse to, if it is not currently on an element or attribute node. This is incorrect, since it can be for example on a text node when it needs to enter backtracking.
c65c9e8e	2018-08-31T11:42:14	Really declare dllexport/dllimport for Cygwin Cygwin does not define _WIN32, but still requires dllexport/dllimport tags for when applications use the --disable-auto-import linker flag, probably set by the gl_WOE32_DLL autoconf macro in woe32-dll.m4 file.
33d7ca53	2018-08-24T10:10:02	Merge branch 'patch-2' into 'master' Change dir to $THEDIR after ACLOCAL_PATH check See merge request GNOME/libxml2!6
19f5efd6	2018-08-23T20:42:23	Change dir to $THEDIR after ACLOCAL_PATH check autoreconf creates aclocal.m4 in $srcdir
b6ab8b44	2018-08-19T18:59:10	Improve error message if pkg.m4 couldn't be found Check whether aclocal.m4 contains the pkg.m4 macro package after running autoreconf and print a more helpful error message. Thanks to 林博仁 (Buo-ren Lin) for the initial patch. Closes: #21
173ea684	2018-08-18T14:22:57	Don't instruct user to run make when autogen.sh failed Currently the autogen script will always tell user to run make even when the configure script failed, this patch changes the behavior to only show this message when the configure script terminates without error.
2240fbf5	2018-07-30T13:14:11	Fix infinite loop in LZMA decompression Check the liblzma error code more thoroughly to avoid infinite loops. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13 Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914 This is CVE-2018-9251 and CVE-2018-14567. Thanks to Dongliang Mu and Simon Wörner for the reports.
a4363749	2018-07-30T12:54:38	Fix nullptr deref with XPath logic ops If the XPath stack is corrupted, for example by a misbehaving extension function, the "and" and "or" XPath operators could dereference NULL pointers. Check that the XPath stack isn't empty and optimize the logic operators slightly. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5 Also see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817 https://bugzilla.redhat.com/show_bug.cgi?id=1595985 This is CVE-2018-14404. Thanks to Guy Inbar for the report.
b7c50b8d	2018-04-17T12:07:08	Remove stray character from comment Fixes bug #795316: https://bugzilla.gnome.org/show_bug.cgi?id=795316
d2293cdb	2018-01-30T15:04:11	Remove a misleading line from xmlCharEncOutput Closes: https://bugzilla.gnome.org/show_bug.cgi?id=793028 It seams this line was accidentally copied over from xmlCharEncOutFunc. In xmlCharEncOutput output is a pointer so incrementing it by ret can point it where it wasn't supposed to be pointing. Luckily the current implementation doesn't dereference the pointer after advancing it. Signed-off-by: Daniel Veillard <veillard@redhat.com>
35e83488	2018-04-18T15:58:42	HTML noscript should not close p For https://bugzilla.gnome.org/show_bug.cgi?id=795343 - HTMLparser.c: noscript should not close <p> but it should close <script>
e61c8217	2018-04-16T20:46:13	Run Travis ASan tests with "sudo: required" See https://github.com/travis-ci/travis-ci/issues/9033
fa33bf31	2017-05-25T00:45:10	Improve restoring of context size and position Restore context size and position where it is modified, not in seemingly random places.
665df41d	2018-04-16T19:37:34	Simplify and harden nodeset filtering If a nodeset to be filtered is empty, it can be returned without popping it from the stack. Make sure to restore the context node in all error paths and never set it to NULL. Save and restore the context node in RANGETO operations.
029d0e96	2017-05-25T01:28:27	Avoid unnecessary backups of the context node
938835e7	2017-05-25T01:21:57	Don't change context node in xmlXPathRoot
e22a83b1	2017-05-25T01:18:36	Stop using XPATH_OP_RESET It only sets the context node to NULL which doesn't seem useful and can even cause bugs like bug #795299: https://bugzilla.gnome.org/show_bug.cgi?id=795299
ebe12882	2018-04-16T18:18:11	Fix inconsistency in xmlXPathIsInf We don't use HUGE_VAL for INFINITY after the most recent fix.
7a1bd7f6	2018-03-17T00:03:24	Revert "Change calls to xmlCharEncInput to set flush false" This reverts commit 6e6ae5daa6cd9640c9a83c1070896273e9b30d14 which broke decoding of larger documents with ICU. See https://bugs.chromium.org/p/chromium/issues/detail?id=820163
7abec671	2018-03-15T19:33:52	NaN and Inf fixes for pre-C99 compilers On some pre-C99 compilers, the NAN and INFINITY macros don't expand to constant expressions. Some MSVC versions complain about floating point division by zero in constants. Thanks to Fabrice Manfroi for the report.
18890f47	2018-03-05T17:09:43	Release of libxml2-2.9.8 * configure.ac doc/* libxml2.syms testapi.c: updated for the new release
d910e99c	2017-11-06T16:20:25	python: remove single use of _PyVerify_fd _PyVerify_fd disappeared from python with: https://hg.python.org/cpython/rev/e88e2049b793 https://bugzilla.gnome.org/show_bug.cgi?id=776815
707ad080	2018-01-23T16:37:54	Fix xmlParserEntityCheck A previous commit removed the check for XML_ERR_ENTITY_LOOP which is required to abort early in case of excessive entity recursion.
ab362ab0	2018-01-22T15:40:05	Halt parser in case of encoding error Should fix crbug.com/793715, although I wasn't able to reproduce the issue.
60dded12	2018-01-22T15:04:58	Clear entity content in case of errors This only affects recovery mode and avoids integer overflow in xmlStringGetNodeList and possibly other nasty surprises. See bug 783052 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3874 https://bugs.chromium.org/p/chromium/issues/detail?id=796804
6e6ae5da	2018-01-02T21:47:35	Change calls to xmlCharEncInput to set flush false when not final call. Having flush incorrectly set to true causes errors for ICU.
1637d612	2018-01-08T19:19:42	Disable pointer-overflow UBSan checks under Travis clang 5 added UBSan checks for pointer overflow which are triggered by an API test.
132af1a0	2018-01-08T18:48:01	Fix buffer over-read in xmlParseNCNameComplex Calling GROW can halt the parser if the buffer grows too large. This will set the buffer to an empty string. Return immediately in this case, otherwise the "current" pointer is advanced leading to a buffer over-read. Found with OSS-Fuzz. See https://oss-fuzz.com/testcase?key=6683819592646656 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5031
ad88b54f	2017-12-08T09:42:31	Improve handling of context input_id For https://bugzilla.gnome.org/show_bug.cgi?id=772726 This was used in xmlsec to detect issues with accessing external entities and prevent them, but was unreliable, based on a patch from Aleksey Sanin * parser.c: make sure input_id is incremented when creating sub-entities for parsing or when parsing out of context
8ac759a6	2017-11-27T18:23:58	Build more test executables on Windows/MSVC Build all test executables required by 'make checktests'.
706926fd	2017-11-27T18:17:38	Fix ICU library filenames on Windows/MSVC Fixes bug 790119.
d4049198	2017-11-27T15:08:00	Add resource file to Windows DLL Add a resource file containing verison information for the Windows DLL. This is only used by the MSVC build for now.
790c230f	2017-11-12T19:19:53	Run Travis tests with -Werror
45efd0b0	2017-11-13T22:05:22	Build with "-Wall -Wextra" Remove warning options that are enabled with "-Wall -Wextra". Disable -Warray-bounds warning that produces a (seemingly) false positive in xpath.c.
2677fbf4	2017-11-27T14:20:31	Fix -Wtautological-pointer-compare warnings Skip tautological pointer comparisons on pthread systems where we don't use the weak symbols hack.
ff628d46	2017-11-13T18:35:51	Stop including ansidecl.h This seems to be an undocumented, internal GCC header added a long time ago. I don't know why it was included, but I think it can be safely removed.
bf3b4563	2017-11-13T18:33:23	Remove unused AC_CHECKs
cb5541c9	2017-11-13T17:08:38	Fix libz and liblzma detection If libz or liblzma are detected with pkg-config, AC_CHECK_HEADERS must not be run because the correct CPPFLAGS aren't set. It is actually not required have separate checks for LIBXML_ZLIB_ENABLED and HAVE_ZLIB_H. Only check for LIBXML_ZLIB_ENABLED and remove HAVE_ZLIB_H macro. Fixes bug 764657, bug 787041.
ddbb075b	2017-11-27T14:30:19	Fix xmlXPathIsNaN broken by recent commit
c1002101	2017-11-12T20:06:21	Update information about contributing The contents of the HACKING file were hopelessly outdated. Remove the file and start with a CONTRIBUTING document.
b2189571	2017-11-13T21:23:17	Fix -Wenum-compare warnings Also fixes a serious bug in xmlXPtrNewRangeNodePoint.
359e7504	2017-11-13T21:13:46	Fix -Wmisleading-indentation warnings
8cb8e317	2017-11-12T18:22:23	Don't touch CFLAGS in configure.ac CFLAGS shouldn't be touched by configure.ac. The variable is supplied by the user and must come after other flags, so flags like warning options can be overridden. Rename CFLAGS to EXTRA_CFLAGS and add the value to AM_CFLAGS. This also makes it possible to override flags for each Automake program or library.
00859f91	2017-11-12T17:38:08	Fix callback signature in testapi.c
13acadbb	2017-11-12T17:28:12	Ignore function pointer cast warnings Use GCC pragmas as these warnings are enabled by -Wpedantic and there's no way to disable them selectively.
8813f397	2017-09-21T00:11:26	Simplify XPath NaN, inf and -0 handling Use C99 macros NAN, INFINITY, isnan, isinf. If they're not available: - Assume that (0.0 / 0.0) generates a NaN and !(x == x) tests for NaN. - Use C89's HUGE_VAL for INFINITY. Remove manual handling of NaN, infinity and negative zero in functions xmlXPathValueFlipSign and xmlXPathDivValues. Remove xmlXPathGetSign. All the tests for negative zero can be replaced with a test for negative or positive zero. Simplify xmlXPathRoundFunction. Remove Trio dependency. This should work on IEEE 754 compliant implementations even if the C99 macros aren't available, but will likely break some ancient platforms. If problems arise, my plan is to port the relevant trionan.c solution to xpath.c. Note that non-compliant implementations are impossible to fully support, anyway, since XPath requires IEEE 754.
86182390	2017-11-13T22:17:53	Revert "Compile testapi with -Wno-unused-function" This reverts commit f404c4f500a0ec18b04463581d5d1b3aae7f7730. The change broke non-GCC compilers.
772c0648	2017-11-09T17:56:31	Fix unused parameter warning without ICU
86615e43	2017-11-09T17:47:47	Fix IO callback signatures
e5f33e56	2017-11-09T17:29:22	Fix misc callback signatures Fix parameter and return types for xmlC14NIsVisibleCallback and xmlRegExecCallbacks.
4dd6d7a5	2017-11-09T17:28:00	Fix list callback signatures Make sure that all parameters and return values of list callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Also change the `user` parameter type from `const void ` to `void `.
e03f0a19	2017-11-09T16:42:47	Fix hash callback signatures Make sure that all parameters and return values of hash callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Fixes bug 784861.
71462a60	2017-11-09T13:42:33	Introduce xmlPosixStrdup and update xmlMemStrdup Introduce xmlPosixStrdup, an internal strdup implementation matching the POSIX strdup type signature, and update xmlMemStrdup to use it. Thanks to Vlad Tsyrklevich for the initial patch.
28f52fe8	2017-08-10T15:08:48	Refactor name and type signature for xmlNop Update xmlNop's name to xmlInputReadCallbackNop and its type signature to match xmlInputReadCallback. Fixes bug 786134.
72182550	2017-11-04T15:38:58	Add test for ICU flush and pivot buffer
0b19f236	2017-10-25T18:11:12	Fixed ICU to set flush correctly and provide pivot buffer. By always setting flush=TRUE when doing multiple reads, ICU will not correctly handle truncated utf8 chars across read boundaries. The fix is to set flush=TRUE only on final read, and to provide a pivot buffer which is maintained by libxml between calls to ucnv_convertEx.
4b413597	2017-10-31T17:17:16	Skip EBCDIC tests if EBCDIC isn't supported Fixes bug 603432.
f404c4f5	2017-10-31T17:14:43	Compile testapi with -Wno-unused-function
bc5a5d65	2017-11-02T21:26:55	Release of libxnl2-2.9.7 * configure.ac doc/news.html : update for release * doc/news.html doc/xmlcatalog.1 doc/xmlcatalog_man.html: regenerated
09f51ecb	2017-10-24T14:29:26	Add Makefile rules to rebuild HTML man pages This should make sure that the online version of the man pages for xmllint and xmlcatalog stay up to date. Also rebuild both HTML documents.
ca01f813	2017-10-24T13:51:34	xmlcatalog: refresh man page wrt. quering system catalog easily Also normalize "lookup" spelling.
6b780f65	2017-10-19T13:27:29	xmlcatalog: restore ability to query system catalog easily I've noticed that easy way of locating a DocBook XSLT in a configure script of another project doesn't work anymore. It is using something like: xmlcatalog "" ${DOCBOOK_XSL_URI}/${DOCBOOK_XSL_PATH}. The script is then forced to a plain, suboptimal search using find utility. Indeed, I retrospectively realize that the check was working just by mere accident given that the window this presumably side-effect was applicable had not lasted long, some 8 months between 054c716ea1bf001544127a4ab4f4346d1b9947e7 introducing xmlInitializeCatalog in the LIBXML_TEST_VERSION-rooted call chain, and f65128f38289d77ff322d63aef2858cc0a819c34 reverting that again. So while one can state /etc/xml/catalog constant explicitly, in some use cases (such as the mentioned one -- that's why I wanted to omit stating the full path in the first place), this is rather an implementation detail, perhaps subject to change from that POV. Therefore I propose to restore that behaviour in the targeted manner without global disruptions this time around. As a side-effect, this fixes indenting of the affected part.
5e986e3b	2017-10-21T15:09:33	Fix mixed decls and code in timsort.h
cfa912dd	2017-10-21T15:00:47	Fix deprecated Travis compiler flag
cf820462	2017-10-21T14:43:00	Rework handling of return values in thread tests Pass a struct to each thread that contains the filename and the return value. This avoids casting a DWORD to a pointer on Windows.
f05af837	2017-10-21T14:09:16	Add declaration for DllMain Fixes a compiler warning.
882a165a	2017-10-21T14:04:20	Fix preprocessor conditional in threads.h Make sure that the preprocessor conditions and types for xmlDllMain match exactly in threads.h and threads.c.
154824ee	2017-10-21T14:07:38	Fix unused variable warnings in testrecurse
a4864c2f	2017-10-21T14:01:10	Fix pointer comparison warnings on 64-bit Windows
8bc6c878	2017-10-21T13:57:44	Fix macro redefinition warning
d2c329a9	2017-10-21T13:49:31	Fix -Wimplicit-fallthrough warnings Add "falls through" comments to quench implicit-fallthrough warnings which are enabled by -Wextra under GCC 7.
bec3c17f	2017-10-12T15:15:58	Upgrade timsort.h to latest revision Upgrade timsort.h to revision 05fd77bfec049ce8b7c408c4d3dd2d51ee061a15 from https://github.com/swenson/sort Removed all code unrelated to Timsort and made minor adjustments for cross-platform compatibility.
25499fc2	2017-10-09T02:39:16	Increase warning level to /W3 under MSVC With the exception of timsort.h and warnings 4244 and 4267, the MSVC build is now warnings-free with /W3.
6472dfe3	2017-10-09T16:50:57	Fix a couple of warnings in dict.c and threads.c Only visible on Windows.
8575c117	2017-10-09T16:41:58	Default to native threads on MinGW-w64
56723974	2017-10-09T15:35:32	Simplify Windows IO functions Remove "native" non-Unicode functions which were only needed for pre-NT systems like Windows 95/98. Don't redefine `stat` but use `struct _stat` and `_stat()` instead.
d1505ef5	2017-10-09T02:10:11	Update .gitignore for Windows
82e0394d	2017-10-09T02:05:41	Fix runtest on Windows Unbuffer the output and fix some compiler warnings.
ecbdfa9e	2017-10-09T02:01:00	Fix unused variable warnings in nanohttp.c Some variables are only used if certain macros are set. Move the declarations around.
e3890546	2017-10-09T00:20:01	Fix the Windows header mess Don't include windows.h and wsockcompat.h from config.h but only when needed. Don't define _WINSOCKAPI_ manually. This was apparently done to stop windows.h from including winsock.h which is a problem if winsock2.h wasn't included first. But on MinGW, this causes compiler warnings. Define WIN32_LEAN_AND_MEAN instead which has the same effect. Always use the compiler-defined _WIN32 macro instead of WIN32.
bee8f1e4	2017-10-09T00:19:06	Don't include winsock2.h in xmllint.c I'm not sure why xmllint.c did include winsock2.h at all. Stop including the header as both MinGW and MSVC builds don't seem to require it.
45b0ebdc	2017-10-09T00:08:10	socklen_t is always int on Windows Define XML_SOCKLEN_T as `int` unconditionally in wsockcompat.h. Fixes compiler warnings and removes some duplicated code.
5b2324b6	2017-10-09T00:05:04	Don't redefine socket error codes on Windows Translate WSA error codes instead of blindly redefining POSIX error codes on Windows. The redefinitions caused warnings in modern Windows environments, but simply ifdef'ing out the redefinitions seems like the wrong approach.
d422b954	2017-10-09T13:37:42	Fix pointer/int cast warnings on 64-bit Windows On 64-bit Windows, `long` is 32 bits wide and can't hold a pointer. Switch to ptrdiff_t instead which should be the same size as a pointer on every somewhat sane platform without requiring C99 types like intptr_t. Fixes bug 788312. Thanks to J. Peter Mugaas for the report and initial patch.
41c0a13f	2017-10-09T13:32:20	Fix Windows compiler warnings in xmlCanonicPath The code handling Windows paths assigned some char/xmlChar pointers without explicit casts. Also remove an unused variable.
5af594d8	2017-10-07T14:54:45	Fix comparison of nodesets to strings Fix two bugs in xmlXPathNodeValHash which could lead to errors when comparing nodesets to strings: - Only use contents of text nodes to compute the hash for element nodes. Comments, PIs, and other node types don't affect the string-value and must be ignored. - Reset `string` to NULL for node types other than text. Reported by Aleksei on the mailing list: https://mail.gnome.org/archives/xml/2017-September/msg00016.html
0c913916	2017-10-07T14:40:34	Remove generated file python/setup.py from version control
03a238f9	2017-09-29T13:00:50	Use __linux__ macro in generated code
4b4d3d85	2017-10-06T09:00:53	Release of libxml2-2.9.6 * configure.ac doc/xml.html doc/news.html: updated for release
0f3b843b	2017-06-01T23:12:19	Fix XPath stack frame logic Move the calls to xmlXPathSetFrame and xmlXPathPopFrame around in xmlXPathCompOpEvalPositionalPredicate to make sure that the context object on the stack is actually protected. Otherwise, memory corruption can occur when calling sloppily coded XPath extension functions. Fixes bug 783160.
3157cf4e	2017-09-20T16:13:29	Report undefined XPath variable error message Commit c851970 removed a redundant error message if XPath evaluation failed. This uncovered a case where an undefined XPath variable error wasn't reported correctly. Thanks to Petr Pisar for the report. Fixes bug 787941.
b90d8989	2017-09-19T15:45:35	Fix regression with librsvg Instead of using xmlCreateIOParserCtxt, librsvg pushes its own xmlParserInput on top of a memory push parser. This incorrect use of the API confuses several parser checks and, since 2.9.5, completely breaks documents with internal subsets. Work around the problem with internal subsets. Thanks to Petr Sumbera for the report: https://mail.gnome.org/archives/xml/2017-September/msg00011.html Also see https://bugzilla.gnome.org/show_bug.cgi?id=787895
2cdaaab1	2017-09-14T21:30:51	Change preprocessor OS tests to __linux__ "linux" without leading underscores is deprecated and less reliable.
abbda93c	2017-09-11T01:14:16	Handle more invalid entity values in recovery mode In attribute content, don't emit entity references if there are problems with the entity value. Otherwise some illegal entity values like <!ENTITY a '&#x123456789;'> would later cause problems like integer overflow. Make xmlStringLenDecodeEntities return NULL on more error conditions including invalid char refs and errors from recursive calls. Remove some fragile error checks based on lastError that shouldn't be needed now. Clear the entity content in xmlParseAttValueComplex if an error was found. Found by OSS-Fuzz. Should fix bug 783052. Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3343
c709f3f2	2017-09-07T19:52:39	Fix structured validation errors Also pass 'str2'. Fixes bug 777473.
07e227ed	2017-09-07T18:55:46	Fix memory leak in LZMA decompressor
e2a9122b	2017-09-07T18:36:01	Set memory limit for LZMA decompression Otherwise malicious LZMA compressed files could consume large amounts of memory when decompressed. According to the xz man page, files compressed with `xz -9` currently require 65 MB to decompress, so set the limit to 100 MB. Should fix bug 786696.
0fcab658	2017-09-07T18:25:11	Handle illegal entity values in recovery mode Make xmlParseEntityValue always return NULL on error. Otherwise some illegal entity values like <!ENTITY e '&%#4294967298;'> would later cause problems like integer overflow. Found by OSS-Fuzz. Should fix bug 783052. Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=592 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2732

1dafb427

2018-09-03T15:29:50

Don't include SAX.h from globals.h SAX.h contains a legacy interface with several unprefixed symbols like `reference`, causing severe namespace pollution. The globals.h header doesn't need any of these symbols, so remove the #include.

bfec41b3

2018-06-23T12:14:28

Support xmlTextReaderNextSibling w/o preparsed doc This implements missing support for readers that are not based on a preparsed document in xmlTextReaderNextSibling.

d2ef114c

2018-06-23T13:08:46

Fix xmlTextReaderNext with preparsed document This fixes the traversal of parent nodes using xmlTextReaderNext() when the reader is based on a preparsed document (created using xmlReaderWalker(doc)). Without this fix the parser will abort even though there are parent nodes it should traverse to, if it is not currently on an element or attribute node. This is incorrect, since it can be for example on a text node when it needs to enter backtracking.

c65c9e8e

2018-08-31T11:42:14

Really declare dllexport/dllimport for Cygwin Cygwin does not define _WIN32, but still requires dllexport/dllimport tags for when applications use the --disable-auto-import linker flag, probably set by the gl_WOE32_DLL autoconf macro in woe32-dll.m4 file.

33d7ca53

2018-08-24T10:10:02

Merge branch 'patch-2' into 'master' Change dir to $THEDIR after ACLOCAL_PATH check See merge request GNOME/libxml2!6

19f5efd6

2018-08-23T20:42:23

Change dir to $THEDIR after ACLOCAL_PATH check autoreconf creates aclocal.m4 in $srcdir

b6ab8b44

2018-08-19T18:59:10

Improve error message if pkg.m4 couldn't be found Check whether aclocal.m4 contains the pkg.m4 macro package after running autoreconf and print a more helpful error message. Thanks to 林博仁 (Buo-ren Lin) for the initial patch. Closes: #21

173ea684

2018-08-18T14:22:57

Don't instruct user to run make when autogen.sh failed Currently the autogen script will always tell user to run make even when the configure script failed, this patch changes the behavior to only show this message when the configure script terminates without error.

2240fbf5

2018-07-30T13:14:11

Fix infinite loop in LZMA decompression Check the liblzma error code more thoroughly to avoid infinite loops. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13 Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914 This is CVE-2018-9251 and CVE-2018-14567. Thanks to Dongliang Mu and Simon Wörner for the reports.

a4363749

2018-07-30T12:54:38

Fix nullptr deref with XPath logic ops If the XPath stack is corrupted, for example by a misbehaving extension function, the "and" and "or" XPath operators could dereference NULL pointers. Check that the XPath stack isn't empty and optimize the logic operators slightly. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5 Also see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817 https://bugzilla.redhat.com/show_bug.cgi?id=1595985 This is CVE-2018-14404. Thanks to Guy Inbar for the report.

b7c50b8d

2018-04-17T12:07:08

Remove stray character from comment Fixes bug #795316: https://bugzilla.gnome.org/show_bug.cgi?id=795316

d2293cdb

2018-01-30T15:04:11

Remove a misleading line from xmlCharEncOutput Closes: https://bugzilla.gnome.org/show_bug.cgi?id=793028 It seams this line was accidentally copied over from xmlCharEncOutFunc. In xmlCharEncOutput output is a pointer so incrementing it by ret can point it where it wasn't supposed to be pointing. Luckily the current implementation doesn't dereference the pointer after advancing it. Signed-off-by: Daniel Veillard <veillard@redhat.com>

35e83488

2018-04-18T15:58:42

HTML noscript should not close p For https://bugzilla.gnome.org/show_bug.cgi?id=795343 - HTMLparser.c: noscript should not close <p> but it should close <script>

e61c8217

2018-04-16T20:46:13

Run Travis ASan tests with "sudo: required" See https://github.com/travis-ci/travis-ci/issues/9033

fa33bf31

2017-05-25T00:45:10

Improve restoring of context size and position Restore context size and position where it is modified, not in seemingly random places.

665df41d

2018-04-16T19:37:34

Simplify and harden nodeset filtering If a nodeset to be filtered is empty, it can be returned without popping it from the stack. Make sure to restore the context node in all error paths and never set it to NULL. Save and restore the context node in RANGETO operations.

029d0e96

2017-05-25T01:28:27

Avoid unnecessary backups of the context node

938835e7

2017-05-25T01:21:57

Don't change context node in xmlXPathRoot

e22a83b1

2017-05-25T01:18:36

Stop using XPATH_OP_RESET It only sets the context node to NULL which doesn't seem useful and can even cause bugs like bug #795299: https://bugzilla.gnome.org/show_bug.cgi?id=795299

ebe12882

2018-04-16T18:18:11

Fix inconsistency in xmlXPathIsInf We don't use HUGE_VAL for INFINITY after the most recent fix.

7a1bd7f6

2018-03-17T00:03:24

Revert "Change calls to xmlCharEncInput to set flush false" This reverts commit 6e6ae5daa6cd9640c9a83c1070896273e9b30d14 which broke decoding of larger documents with ICU. See https://bugs.chromium.org/p/chromium/issues/detail?id=820163

7abec671

2018-03-15T19:33:52

NaN and Inf fixes for pre-C99 compilers On some pre-C99 compilers, the NAN and INFINITY macros don't expand to constant expressions. Some MSVC versions complain about floating point division by zero in constants. Thanks to Fabrice Manfroi for the report.

18890f47

2018-03-05T17:09:43

Release of libxml2-2.9.8 * configure.ac doc/* libxml2.syms testapi.c: updated for the new release

d910e99c

2017-11-06T16:20:25

python: remove single use of _PyVerify_fd _PyVerify_fd disappeared from python with: https://hg.python.org/cpython/rev/e88e2049b793 https://bugzilla.gnome.org/show_bug.cgi?id=776815

707ad080

2018-01-23T16:37:54

Fix xmlParserEntityCheck A previous commit removed the check for XML_ERR_ENTITY_LOOP which is required to abort early in case of excessive entity recursion.

ab362ab0

2018-01-22T15:40:05

Halt parser in case of encoding error Should fix crbug.com/793715, although I wasn't able to reproduce the issue.

60dded12

2018-01-22T15:04:58

Clear entity content in case of errors This only affects recovery mode and avoids integer overflow in xmlStringGetNodeList and possibly other nasty surprises. See bug 783052 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3874 https://bugs.chromium.org/p/chromium/issues/detail?id=796804

6e6ae5da

2018-01-02T21:47:35

Change calls to xmlCharEncInput to set flush false when not final call. Having flush incorrectly set to true causes errors for ICU.

1637d612

2018-01-08T19:19:42

Disable pointer-overflow UBSan checks under Travis clang 5 added UBSan checks for pointer overflow which are triggered by an API test.

132af1a0

2018-01-08T18:48:01

Fix buffer over-read in xmlParseNCNameComplex Calling GROW can halt the parser if the buffer grows too large. This will set the buffer to an empty string. Return immediately in this case, otherwise the "current" pointer is advanced leading to a buffer over-read. Found with OSS-Fuzz. See https://oss-fuzz.com/testcase?key=6683819592646656 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5031

ad88b54f

2017-12-08T09:42:31

Improve handling of context input_id For https://bugzilla.gnome.org/show_bug.cgi?id=772726 This was used in xmlsec to detect issues with accessing external entities and prevent them, but was unreliable, based on a patch from Aleksey Sanin * parser.c: make sure input_id is incremented when creating sub-entities for parsing or when parsing out of context

8ac759a6

2017-11-27T18:23:58

Build more test executables on Windows/MSVC Build all test executables required by 'make checktests'.

706926fd

2017-11-27T18:17:38

Fix ICU library filenames on Windows/MSVC Fixes bug 790119.

d4049198

2017-11-27T15:08:00

Add resource file to Windows DLL Add a resource file containing verison information for the Windows DLL. This is only used by the MSVC build for now.

790c230f

2017-11-12T19:19:53

Run Travis tests with -Werror

45efd0b0

2017-11-13T22:05:22

Build with "-Wall -Wextra" Remove warning options that are enabled with "-Wall -Wextra". Disable -Warray-bounds warning that produces a (seemingly) false positive in xpath.c.

2677fbf4

2017-11-27T14:20:31

Fix -Wtautological-pointer-compare warnings Skip tautological pointer comparisons on pthread systems where we don't use the weak symbols hack.

ff628d46

2017-11-13T18:35:51

Stop including ansidecl.h This seems to be an undocumented, internal GCC header added a long time ago. I don't know why it was included, but I think it can be safely removed.

bf3b4563

2017-11-13T18:33:23

Remove unused AC_CHECKs

cb5541c9

2017-11-13T17:08:38

Fix libz and liblzma detection If libz or liblzma are detected with pkg-config, AC_CHECK_HEADERS must not be run because the correct CPPFLAGS aren't set. It is actually not required have separate checks for LIBXML_ZLIB_ENABLED and HAVE_ZLIB_H. Only check for LIBXML_ZLIB_ENABLED and remove HAVE_ZLIB_H macro. Fixes bug 764657, bug 787041.

ddbb075b

2017-11-27T14:30:19

Fix xmlXPathIsNaN broken by recent commit

c1002101

2017-11-12T20:06:21

Update information about contributing The contents of the HACKING file were hopelessly outdated. Remove the file and start with a CONTRIBUTING document.

b2189571

2017-11-13T21:23:17

Fix -Wenum-compare warnings Also fixes a serious bug in xmlXPtrNewRangeNodePoint.

359e7504

2017-11-13T21:13:46

Fix -Wmisleading-indentation warnings

8cb8e317

2017-11-12T18:22:23

Don't touch CFLAGS in configure.ac CFLAGS shouldn't be touched by configure.ac. The variable is supplied by the user and must come after other flags, so flags like warning options can be overridden. Rename CFLAGS to EXTRA_CFLAGS and add the value to AM_CFLAGS. This also makes it possible to override flags for each Automake program or library.

00859f91

2017-11-12T17:38:08

Fix callback signature in testapi.c

13acadbb

2017-11-12T17:28:12

Ignore function pointer cast warnings Use GCC pragmas as these warnings are enabled by -Wpedantic and there's no way to disable them selectively.

8813f397

2017-09-21T00:11:26

Simplify XPath NaN, inf and -0 handling Use C99 macros NAN, INFINITY, isnan, isinf. If they're not available: - Assume that (0.0 / 0.0) generates a NaN and !(x == x) tests for NaN. - Use C89's HUGE_VAL for INFINITY. Remove manual handling of NaN, infinity and negative zero in functions xmlXPathValueFlipSign and xmlXPathDivValues. Remove xmlXPathGetSign. All the tests for negative zero can be replaced with a test for negative or positive zero. Simplify xmlXPathRoundFunction. Remove Trio dependency. This should work on IEEE 754 compliant implementations even if the C99 macros aren't available, but will likely break some ancient platforms. If problems arise, my plan is to port the relevant trionan.c solution to xpath.c. Note that non-compliant implementations are impossible to fully support, anyway, since XPath requires IEEE 754.

86182390

2017-11-13T22:17:53

Revert "Compile testapi with -Wno-unused-function" This reverts commit f404c4f500a0ec18b04463581d5d1b3aae7f7730. The change broke non-GCC compilers.

772c0648

2017-11-09T17:56:31

Fix unused parameter warning without ICU

86615e43

2017-11-09T17:47:47

Fix IO callback signatures

e5f33e56

2017-11-09T17:29:22

Fix misc callback signatures Fix parameter and return types for xmlC14NIsVisibleCallback and xmlRegExecCallbacks.

4dd6d7a5

2017-11-09T17:28:00

Fix list callback signatures Make sure that all parameters and return values of list callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Also change the `user` parameter type from `const void *` to `void *`.

e03f0a19

2017-11-09T16:42:47

Fix hash callback signatures Make sure that all parameters and return values of hash callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Fixes bug 784861.

71462a60

2017-11-09T13:42:33

Introduce xmlPosixStrdup and update xmlMemStrdup Introduce xmlPosixStrdup, an internal strdup implementation matching the POSIX strdup type signature, and update xmlMemStrdup to use it. Thanks to Vlad Tsyrklevich for the initial patch.

28f52fe8

2017-08-10T15:08:48

Refactor name and type signature for xmlNop Update xmlNop's name to xmlInputReadCallbackNop and its type signature to match xmlInputReadCallback. Fixes bug 786134.

72182550

2017-11-04T15:38:58

Add test for ICU flush and pivot buffer

0b19f236

2017-10-25T18:11:12

Fixed ICU to set flush correctly and provide pivot buffer. By always setting flush=TRUE when doing multiple reads, ICU will not correctly handle truncated utf8 chars across read boundaries. The fix is to set flush=TRUE only on final read, and to provide a pivot buffer which is maintained by libxml between calls to ucnv_convertEx.

4b413597

2017-10-31T17:17:16

Skip EBCDIC tests if EBCDIC isn't supported Fixes bug 603432.

f404c4f5

2017-10-31T17:14:43

Compile testapi with -Wno-unused-function

bc5a5d65

2017-11-02T21:26:55

Release of libxnl2-2.9.7 * configure.ac doc/news.html : update for release * doc/news.html doc/xmlcatalog.1 doc/xmlcatalog_man.html: regenerated

09f51ecb

2017-10-24T14:29:26

Add Makefile rules to rebuild HTML man pages This should make sure that the online version of the man pages for xmllint and xmlcatalog stay up to date. Also rebuild both HTML documents.

ca01f813

2017-10-24T13:51:34

xmlcatalog: refresh man page wrt. quering system catalog easily Also normalize "lookup" spelling.

6b780f65

2017-10-19T13:27:29

xmlcatalog: restore ability to query system catalog easily I've noticed that easy way of locating a DocBook XSLT in a configure script of another project doesn't work anymore. It is using something like: xmlcatalog "" ${DOCBOOK_XSL_URI}/${DOCBOOK_XSL_PATH}. The script is then forced to a plain, suboptimal search using find utility. Indeed, I retrospectively realize that the check was working just by mere accident given that the window this presumably side-effect was applicable had not lasted long, some 8 months between 054c716ea1bf001544127a4ab4f4346d1b9947e7 introducing xmlInitializeCatalog in the LIBXML_TEST_VERSION-rooted call chain, and f65128f38289d77ff322d63aef2858cc0a819c34 reverting that again. So while one can state /etc/xml/catalog constant explicitly, in some use cases (such as the mentioned one -- that's why I wanted to omit stating the full path in the first place), this is rather an implementation detail, perhaps subject to change from that POV. Therefore I propose to restore that behaviour in the targeted manner without global disruptions this time around. As a side-effect, this fixes indenting of the affected part.

5e986e3b

2017-10-21T15:09:33

Fix mixed decls and code in timsort.h

cfa912dd

2017-10-21T15:00:47

Fix deprecated Travis compiler flag

cf820462

2017-10-21T14:43:00

Rework handling of return values in thread tests Pass a struct to each thread that contains the filename and the return value. This avoids casting a DWORD to a pointer on Windows.

f05af837

2017-10-21T14:09:16

Add declaration for DllMain Fixes a compiler warning.

882a165a

2017-10-21T14:04:20

Fix preprocessor conditional in threads.h Make sure that the preprocessor conditions and types for xmlDllMain match exactly in threads.h and threads.c.

154824ee

2017-10-21T14:07:38

Fix unused variable warnings in testrecurse

a4864c2f

2017-10-21T14:01:10

Fix pointer comparison warnings on 64-bit Windows

8bc6c878

2017-10-21T13:57:44

Fix macro redefinition warning

d2c329a9

2017-10-21T13:49:31

Fix -Wimplicit-fallthrough warnings Add "falls through" comments to quench implicit-fallthrough warnings which are enabled by -Wextra under GCC 7.

bec3c17f

2017-10-12T15:15:58

Upgrade timsort.h to latest revision Upgrade timsort.h to revision 05fd77bfec049ce8b7c408c4d3dd2d51ee061a15 from https://github.com/swenson/sort Removed all code unrelated to Timsort and made minor adjustments for cross-platform compatibility.

25499fc2

2017-10-09T02:39:16

Increase warning level to /W3 under MSVC With the exception of timsort.h and warnings 4244 and 4267, the MSVC build is now warnings-free with /W3.

6472dfe3

2017-10-09T16:50:57

Fix a couple of warnings in dict.c and threads.c Only visible on Windows.

8575c117

2017-10-09T16:41:58

Default to native threads on MinGW-w64

56723974

2017-10-09T15:35:32

Simplify Windows IO functions Remove "native" non-Unicode functions which were only needed for pre-NT systems like Windows 95/98. Don't redefine `stat` but use `struct _stat` and `_stat()` instead.

d1505ef5

2017-10-09T02:10:11

Update .gitignore for Windows

82e0394d

2017-10-09T02:05:41

Fix runtest on Windows Unbuffer the output and fix some compiler warnings.

ecbdfa9e

2017-10-09T02:01:00

Fix unused variable warnings in nanohttp.c Some variables are only used if certain macros are set. Move the declarations around.

e3890546

2017-10-09T00:20:01

Fix the Windows header mess Don't include windows.h and wsockcompat.h from config.h but only when needed. Don't define _WINSOCKAPI_ manually. This was apparently done to stop windows.h from including winsock.h which is a problem if winsock2.h wasn't included first. But on MinGW, this causes compiler warnings. Define WIN32_LEAN_AND_MEAN instead which has the same effect. Always use the compiler-defined _WIN32 macro instead of WIN32.

bee8f1e4

2017-10-09T00:19:06

Don't include winsock2.h in xmllint.c I'm not sure why xmllint.c did include winsock2.h at all. Stop including the header as both MinGW and MSVC builds don't seem to require it.

45b0ebdc

2017-10-09T00:08:10

socklen_t is always int on Windows Define XML_SOCKLEN_T as `int` unconditionally in wsockcompat.h. Fixes compiler warnings and removes some duplicated code.

5b2324b6

2017-10-09T00:05:04

Don't redefine socket error codes on Windows Translate WSA error codes instead of blindly redefining POSIX error codes on Windows. The redefinitions caused warnings in modern Windows environments, but simply ifdef'ing out the redefinitions seems like the wrong approach.

d422b954

2017-10-09T13:37:42

Fix pointer/int cast warnings on 64-bit Windows On 64-bit Windows, `long` is 32 bits wide and can't hold a pointer. Switch to ptrdiff_t instead which should be the same size as a pointer on every somewhat sane platform without requiring C99 types like intptr_t. Fixes bug 788312. Thanks to J. Peter Mugaas for the report and initial patch.

41c0a13f

2017-10-09T13:32:20

Fix Windows compiler warnings in xmlCanonicPath The code handling Windows paths assigned some char/xmlChar pointers without explicit casts. Also remove an unused variable.

5af594d8

2017-10-07T14:54:45

Fix comparison of nodesets to strings Fix two bugs in xmlXPathNodeValHash which could lead to errors when comparing nodesets to strings: - Only use contents of text nodes to compute the hash for element nodes. Comments, PIs, and other node types don't affect the string-value and must be ignored. - Reset `string` to NULL for node types other than text. Reported by Aleksei on the mailing list: https://mail.gnome.org/archives/xml/2017-September/msg00016.html

0c913916

2017-10-07T14:40:34

Remove generated file python/setup.py from version control

03a238f9

2017-09-29T13:00:50

Use __linux__ macro in generated code

4b4d3d85

2017-10-06T09:00:53

Release of libxml2-2.9.6 * configure.ac doc/xml.html doc/news.html: updated for release

0f3b843b

2017-06-01T23:12:19

Fix XPath stack frame logic Move the calls to xmlXPathSetFrame and xmlXPathPopFrame around in xmlXPathCompOpEvalPositionalPredicate to make sure that the context object on the stack is actually protected. Otherwise, memory corruption can occur when calling sloppily coded XPath extension functions. Fixes bug 783160.

3157cf4e

2017-09-20T16:13:29

Report undefined XPath variable error message Commit c851970 removed a redundant error message if XPath evaluation failed. This uncovered a case where an undefined XPath variable error wasn't reported correctly. Thanks to Petr Pisar for the report. Fixes bug 787941.

b90d8989

2017-09-19T15:45:35

Fix regression with librsvg Instead of using xmlCreateIOParserCtxt, librsvg pushes its own xmlParserInput on top of a memory push parser. This incorrect use of the API confuses several parser checks and, since 2.9.5, completely breaks documents with internal subsets. Work around the problem with internal subsets. Thanks to Petr Sumbera for the report: https://mail.gnome.org/archives/xml/2017-September/msg00011.html Also see https://bugzilla.gnome.org/show_bug.cgi?id=787895

2cdaaab1

2017-09-14T21:30:51

Change preprocessor OS tests to __linux__ "linux" without leading underscores is deprecated and less reliable.

abbda93c

2017-09-11T01:14:16

Handle more invalid entity values in recovery mode In attribute content, don't emit entity references if there are problems with the entity value. Otherwise some illegal entity values like <!ENTITY a '&#x123456789;'> would later cause problems like integer overflow. Make xmlStringLenDecodeEntities return NULL on more error conditions including invalid char refs and errors from recursive calls. Remove some fragile error checks based on lastError that shouldn't be needed now. Clear the entity content in xmlParseAttValueComplex if an error was found. Found by OSS-Fuzz. Should fix bug 783052. Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3343

c709f3f2

2017-09-07T19:52:39

Fix structured validation errors Also pass 'str2'. Fixes bug 777473.

07e227ed

2017-09-07T18:55:46

Fix memory leak in LZMA decompressor

e2a9122b

2017-09-07T18:36:01

Set memory limit for LZMA decompression Otherwise malicious LZMA compressed files could consume large amounts of memory when decompressed. According to the xz man page, files compressed with `xz -9` currently require 65 MB to decompress, so set the limit to 100 MB. Should fix bug 786696.

0fcab658

2017-09-07T18:25:11

Handle illegal entity values in recovery mode Make xmlParseEntityValue always return NULL on error. Otherwise some illegal entity values like <!ENTITY e '&%#4294967298;'> would later cause problems like integer overflow. Found by OSS-Fuzz. Should fix bug 783052. Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=592 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2732

kc3-lang/libxml2

Log