kmx git

Commit	Date	Message
4fe116eb	2024-05-10T00:05:44	parser: Don't report error on invalid URI Only fragment identifiers are an error. This removes the last user of xmlErrMsg*. Now every error reported by the parser should result in one of ctxt->wellFormed, ctxt->nsWellFormed or ctxt->valid being set to zero.
3dea98ef	2024-05-09T21:10:28	xmllint: Don't free DTD with --dropdtd Entity references point to entities in the DTD, so only unlink the DTD and don't destroy it.
c83147bf	2024-05-08T03:04:15	xmllint: Fix --pedantic option Regressed in 74c84a8c.
3665d667	2024-05-07T16:53:43	xmllint: Clean up option handling Remove unnecessary globals and make some local. Remove unnecessary calls to xmlTextReaderSetParserProp. Remove unused "oldout" code. Fix skipArgs.
3ad7f816	2024-05-08T11:49:31	[CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` Add a missing bounds check. Fixes #720.
5bfaab77	2024-05-06T18:03:01	fuzz: Fix reader fuzzer
f8ff4d86	2024-05-07T15:23:03	xmllint: Rework parsing Merge a few code paths, making options like --valid or --htmlout work with some other options. Improve error handling.
0bef1704	2024-05-07T12:15:24	c14n: Fix memory leak after malloc failure
72e9267c	2024-05-06T11:36:25	html: Fix memory leak after malloc failure
3afaff7e	2024-05-06T11:16:01	xmllint: Check for NULL input in xmlHTMLValidityError `ctxt->input` can be NULL after commit 61b4c42f.
ef6e6012	2024-05-06T01:13:49	xmllint: Fix parsing of maxmem option Fix corner cases like 'xmllint --encode --maxmem 123'. Also fixes --path without LIBXML_VALID_ENABLED.
907a5a48	2024-05-06T02:34:01	xmllint: Fix memory leak in walkDoc
a7854e26	2024-05-06T01:30:18	http: Don't pass NULL pointer as memcpy source
f4826c84	2024-05-06T00:33:19	xmllint: Add macro for error stream Prepare for fuzzing.
826baf00	2024-05-06T00:29:07	xmllint: Fix --insert option Make sure that parent is an element when calling xmlValidGetValidElements.
20a0de95	2024-05-06T00:08:54	xmllint: Fix --pushsmall option This is only a debugging aid but also useful when fuzzing.
81611e06	2024-05-05T18:16:44	reader: Don't call xmlCtxtErrMemory with NULL ctxt This can happen in "walker" mode.
a39e862b	2024-05-05T18:16:11	xmllint: Add explicit cast for -fsanitize=integer
d644a23e	2024-05-05T23:37:03	fuzz: Improve xml.dict - Add standalone declaration - Add doctype declaration - Expand ATTLIST matrix in xml.dict
a4c2b723	2024-05-05T17:26:31	io: Don't set close callback in xmlParserInputBufferCreateFd
422ae462	2024-05-05T15:20:15	xmllint: Make some strings const
71a7a33e	2024-05-03T00:44:42	parser: Fix base URI of internal parameter entities Search parent inputs of internal parameter entities for base URI. Fixes a long-standing bug, which manifested in a different way after commit 955c177f. Reproduce with xmllint --noent xmlconf/eduni/errata-2e/E18.xml
fdc5ff36	2024-05-02T16:23:04	parser: Always throw entity errors if external DTD is loaded When parsing with XML_PARSE_DTDLOAD, missing entities are always an error. Also consolidate behavior when validating. See b717abdd.
39e5b35b	2024-05-02T22:06:19	parser: Don't create undeclared entity refs in substitution mode We never want to create entity reference nodes if entity substitution is enabled. This also applies to undeclared entities.
ae23a4ce	2024-04-30T17:26:28	unicode: Deprecate most xmlUCSIs* functions These don't seem to be used by downstream code.
e6379535	2024-04-30T17:00:01	Remove references to old mailing list
d2f623d1	2024-04-30T16:36:44	reader: Report malloc failure in xmlTextReaderConstValue
b8597f46	2024-04-30T15:58:01	tree: Handle predefined entities in xmlBufGetEntityRefContent It's possible to create references to predefined entities using the tree API. This edge case was exposed by making predefined entities const in commit 63ce5f9a.
619e2808	2024-04-30T15:53:08	tree: Don't call xmlNewCharRef in xmlNodeParseContent xmlNewCharRef also tries to handle strings like '&name;' but in xmlNodeParseContentInternal, we really want to use the possibly invalid name without modification. Otherwise, content like '&"' could create a reference to a predefined entity.
ae960cac	2023-11-07T21:08:01	Allow unlimited length decimals, integers etc.
bffef46c	2024-04-28T22:58:06	doc: Don't install example code
5f75c956	2024-04-28T22:57:02	doc: Remove tutorial The tutorial was moved to the Wiki: https://gitlab.gnome.org/GNOME/libxml2/-/wikis/Tutorial
d381e5de	2024-04-28T21:14:32	doc: Move doc/examples to example
1cdfece1	2024-04-28T18:33:40	memory: Remove memory debugging This is useless compared to sanitizers or valgrind and has a considerable performance impact if enabled accidentally.
5e80f438	2024-04-28T17:33:19	tree: Deprecate xmlRegisterNodeDefault This rarely used feature should be phased out.
88169bfd	2024-04-28T17:54:36	tree: Deprecate xmlSetCompressMode
05654cfe	2024-04-28T17:54:20	html: Deprecate htmlHandleOmittedElem
63ce5f9a	2024-04-28T17:32:35	Make some globals const
577fb0e3	2024-04-27T16:31:01	xinclude: Report malloc failure in xmlXIncludeMergeEntities
68e440ee	2024-04-24T22:52:06	fuzz: Use all test directories for XML seed corpus It's probably better to add as many files as possible to the seed corpus even if they're less specific to a fuzzer.
651465f9	2024-04-24T22:50:53	test: Remove unused test files
0977d7a3	2024-04-23T22:39:53	fuzz: Build with compression support on OSS-Fuzz
510c7988	2024-04-23T18:43:12	fuzz: Remove reader pass from XML fuzzers The reader API is fuzzed separately now.
6641a7e8	2024-04-23T18:17:02	fuzz: Enable reader fuzzer on OSS-Fuzz
45fe9924	2024-04-22T17:12:54	parser: Don't create reference in xmlLookupGeneralEntity This should only be done in xmlParseReference. The handling of undeclared entities is still somewhat inconsistent. In element content we create references even if entity substitution is enabled. In attribute values undeclared entities are always ignored.
b717abdd	2024-04-22T15:42:39	parser: Consolidate error handling for undeclared entities Always use XML_WAR_UNDECLARED_ENTITY with warning error level in documents with external subset or parameter entities. Use XML_ERR_UNDECLARED_ENTITY otherwise.
00336f0f	2024-04-20T20:54:41	cmake: Don't use tabs in CMakeLists.txt Always use spaces and indent_size=4 except for Makefiles.
b62ccf7f	2024-04-16T13:24:12	fuzz: Add fuzzer for XML reader API
087a3464	2024-04-18T11:57:46	xinclude: Increase error count in xmlXIncludeErrMemory
7cbf609a	2024-04-18T12:57:15	reader: Make xmlTextReaderReadString non-recursive Also report malloc failures. Fixes #607.
f6964781	2024-04-22T12:23:39	reader: Rework xmlTextReaderRead{Inner,Outer}Xml Use an xmlOutputBuffer. Report malloc failures.
cdb3103b	2024-04-22T12:23:06	reader: Report malloc failures
d2daf33e	2024-04-16T14:53:07	reader: Fix preservation of attributes Don't use 'curnode' which might be an attribute or namespace node which doesn't have an 'extra' member.
5aa56e73	2024-04-18T14:21:19	reader: Add tests for content accessors
6053f1ff	2023-11-02T13:57:54	Remove redundant size check The condition size > UINT_MAX - 10 is already checked earlier, so the check is always false.
fbea03f3	2024-04-19T15:22:30	tree: Remove another redundant check in xmlDOMWrapCloneNode The node type was already checked earlier.
1a865567	2023-11-02T14:07:00	Remove redundant NULL check on cur This variable is already NULL checked in the previous if condition.
6fadd798	2023-11-02T14:05:31	Remove always-false check old == cur This case is already checked at the start of the function. There it returns NULL, which seems more correct.
27665200	2023-11-02T13:59:54	Remove redundant NULL check on cur cur = node, and node cannot be NULL as it is checked at the start of the function.
a0341ac8	2024-04-18T12:08:30	tree: Don't return empty localname in xmlSplitQName{2,3} Match the behavior of xmlSplitQName and xmlSplitQName4.
f506ec66	2024-04-15T11:27:44	parser: Always decode entities in namespace URIs Also decode entities in namespace URIs if entity substitution wasn't requested. This should fix some corner cases when comparing namespace URIs. The Namespaces in XML 1.0 spec says: > In a namespace declaration, the URI reference is the normalized value > of the attribute, so replacement of XML character and entity > references has already been done before any comparison. Make the serialization code escape special characters in namespace URIs like in attribute values. This fixes serialization if entities were substituted when parsing. Fixes https://gitlab.gnome.org/GNOME/libxslt/-/issues/106
971ce404	2024-04-14T19:33:21	fuzz: Also set fuzzAllocFailed if a real allocation fails Avoid false positives in real OOM situations.
20b0bd98	2024-04-09T18:00:13	fuzz: Account for quadratic runtime in xmlXPathTranslateFunction Avoid fuzzer timeouts caused by this known issue.
fd8a3511	2024-04-09T16:54:02	error: Fix direct invocation of SAX error handlers Revert part of commit c5a8aef2 to make it safe to call the default SAX error handlers directly. This has been deprecated for a long time but even xmllint still uses these handlers. Should fix #713.
20fca2bb	2024-04-09T15:39:06	save: Report malloc failure in xmlAttrSerializeTxtContent Flush buffer before checking for errors.
1f18d377	2024-04-02T23:19:28	fuzz: Add a few more comments
5bb84b47	2024-04-04T11:55:28	relaxng: Fix tree corruption in xmlRelaxNGParseNameClass Don't create cycles in tree structure. This will lead to an infinite loop or call stack overflow later. Closes: https://gitlab.gnome.org/GNOME/libxml2/-/issues/711
16ccb61d	2024-04-05T13:19:56	xinclude: Don't try to fix base of non-elements This would result in a spurious error.
af2bda4e	2024-04-05T13:09:45	SAX2: Also check URI length before resolving We don't want to exceed the size limit of 1 MB in uri.c. Such errors can't be distinguished from malloc failures.
5732ce56	2024-04-04T12:14:46	meson: Initial commit
650f842d	2024-04-02T15:25:28	string: Don't validate UTF-8 in xmlUTF8Strsub Most string functions can assume valid UTF-8. In order to detect malloc failures reliably, xmlUTF8Strsub should only return NULL if the start index is out of bounds or a memory allocation failed.
86c27206	2024-04-02T14:41:15	save: Handle invalid parent pointers in xhtmlNodeDumpOutput See #255 and commit 85b1792e.
f7f14537	2024-04-02T12:56:11	build: Disable support for compression libraries by default libxml2 has limited support for reading and writing compressed data with the help of zlib and liblzma which used to be enabled by default. This only works for files read from the file system and never worked with memory buffers. My guess is that this feature is virtually unused. In light of the recently discovered xz backdoor, it's a good time to disable these features by default to reduce attack surface and prepare for eventual removal. If --with-legacy is passed to the Autotools build, compression will be enabled by default as before.
365976db	2024-03-30T17:17:21	xinclude: Don't use xmlHasNsProp This function can malloc and doesn't report failures. Another design mistake is that xmlUnsetNsProp requires an xmlNs struct.
fe3cbf89	2024-03-29T14:54:39	fuzz: Check node type before xmlDocSetRootElement
5c553325	2024-03-29T13:45:19	Revert "tree: Only allow elements in xmlDocSetRootElement" This reverts commit 4b698dbaec9bc6775fc8341ef8a3f0d8321f8548. lxml assumes that xmlDocSetRootElement works with non-elements.
7c5daa37	2024-03-29T14:35:07	tree: Ignore namespace with NULL href in xmlSearchNs Some users set href to NULL to unset a namespace without deleting it. Also change the duplicate check in xmlNewNs which must agree with xmlSearchNs. Short-lived regression from f960c60d.
f43197fc	2024-03-29T11:16:45	tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling Commit 9e1c72da from 2001 introduced a bug where xmlAddPrevSibling and xmlAddNextSibling would only try to merge text nodes with one of its new siblings. Commit 4ccd3eb8 fixed this bug but unfortunately, lxml and possibly other downstream code depend on text nodes not being merged. To avoid breaking downstream code while still having somewhat consistent API behavior, it's probably best to make these functions never coalesce text nodes.
2cc7f710	2024-03-29T11:55:20	SAX2: Fix xmlSAX2EntityDecl with empty base Short-lived regression.
730de88b	2024-03-28T15:42:02	SAX2: Optimize appending children xmlSAX2AppendChild can make several assumptions which make appending nodes more efficient. Also handle line numbers in xmlSAX2AppendChild.
2a713a80	2024-03-28T15:09:46	tree: Document behavior if xmlSetTreeDoc fails
f1e9c7bd	2024-03-28T14:54:18	tree: Optimize xmlInsertNode Relink the node directly without calling xmlUnlinkNodeInternal.
ea0ee365	2024-03-28T12:38:43	tree: Align xmlAddChild with other node insertion functions Make xmlAddChild unlink the child before insertion. Originally, linked children would most likely cause tree corruption. The first fix disallowed linked nodes, but there are cases where insertion of such nodes could succeed. Don't abort if the node is already a child of parent. In this case, the node will be moved to the end of the child list.
e5cdb23f	2024-03-28T14:09:10	tree: Introduce xmlUnlinkNodeInternal xmlUnlinkNode also removes references to DTD nodes which shouldn't be done when moving nodes within a document. Introduce a new function xmlUnlinkNodeInternal which only unlinks a node from the tree. Remove references to DTD nodes in xmlNodeSetDoc. Note that moving element and attribute declarations to another document will still leave references in the source document.
1d50df87	2024-03-28T12:08:13	examples: Don't leave temp files
bfb02fbc	2024-03-28T11:30:05	fuzz: Fix xmlSetProp in API fuzzer Finding the old attribute node is a bit more involved.
9bce9dbb	2024-03-26T14:30:57	valid: Report malloc failure in xmlValidateOneElement
887ad90a	2024-03-26T14:23:51	fuzz: Restrict input size of API fuzzer
6c5248e2	2024-03-26T14:21:47	fuzz: Restrict number of copies in API fuzzer Avoid timeouts with large inputs.
aa04838e	2024-03-26T14:10:58	html: Use binary search in htmlEntityValueLookup
23a81841	2024-03-25T20:51:14	tree: Work on documentation
52efb20a	2024-03-24T13:43:25	fuzz: Enable float-divide-by-zero on OSS-Fuzz This was recently disabled globally: https://github.com/google/oss-fuzz/pull/11567
1ace0e85	2024-03-24T12:28:22	xinclude: Report malloc failure in xmlXIncludeAddNode
ad9a5637	2024-03-22T19:37:12	tree: Fix uninitialized value in xmlSearchNsSafe Short-lived regression.
00c2f549	2024-03-22T18:45:31	ci: Support ASan in Docker container Ubuntu now requires libclang-rt-dev for ASan libraries.
0e6e3921	2024-03-22T18:36:49	ci: Show config.log if configuration failed
c978a5d8	2024-03-22T18:34:12	ci: Remove Python 2 job, update C89 job Python 2 isn't supported on newer Ubuntu releases. Newer Python releases have header files which aren't compatible with C89.
3d6a25e5	2024-03-22T18:12:25	doc: Update Docker CI instructions
e7ff3ca4	2024-03-22T18:09:23	ci: Update Docker container to Ubuntu 23.10 This removes Python 2.
22455e97	2024-03-22T17:52:35	ci: Add meson to Docker container

4fe116eb

2024-05-10T00:05:44

parser: Don't report error on invalid URI Only fragment identifiers are an error. This removes the last user of xmlErrMsg*. Now every error reported by the parser should result in one of ctxt->wellFormed, ctxt->nsWellFormed or ctxt->valid being set to zero.

3dea98ef

2024-05-09T21:10:28

xmllint: Don't free DTD with --dropdtd Entity references point to entities in the DTD, so only unlink the DTD and don't destroy it.

c83147bf

2024-05-08T03:04:15

xmllint: Fix --pedantic option Regressed in 74c84a8c.

3665d667

2024-05-07T16:53:43

xmllint: Clean up option handling Remove unnecessary globals and make some local. Remove unnecessary calls to xmlTextReaderSetParserProp. Remove unused "oldout" code. Fix skipArgs.

3ad7f816

2024-05-08T11:49:31

[CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` Add a missing bounds check. Fixes #720.

5bfaab77

2024-05-06T18:03:01

fuzz: Fix reader fuzzer

f8ff4d86

2024-05-07T15:23:03

xmllint: Rework parsing Merge a few code paths, making options like --valid or --htmlout work with some other options. Improve error handling.

0bef1704

2024-05-07T12:15:24

c14n: Fix memory leak after malloc failure

72e9267c

2024-05-06T11:36:25

html: Fix memory leak after malloc failure

3afaff7e

2024-05-06T11:16:01

xmllint: Check for NULL input in xmlHTMLValidityError `ctxt->input` can be NULL after commit 61b4c42f.

ef6e6012

2024-05-06T01:13:49

xmllint: Fix parsing of maxmem option Fix corner cases like 'xmllint --encode --maxmem 123'. Also fixes --path without LIBXML_VALID_ENABLED.

907a5a48

2024-05-06T02:34:01

xmllint: Fix memory leak in walkDoc

a7854e26

2024-05-06T01:30:18

http: Don't pass NULL pointer as memcpy source

f4826c84

2024-05-06T00:33:19

xmllint: Add macro for error stream Prepare for fuzzing.

826baf00

2024-05-06T00:29:07

xmllint: Fix --insert option Make sure that parent is an element when calling xmlValidGetValidElements.

20a0de95

2024-05-06T00:08:54

xmllint: Fix --pushsmall option This is only a debugging aid but also useful when fuzzing.

81611e06

2024-05-05T18:16:44

reader: Don't call xmlCtxtErrMemory with NULL ctxt This can happen in "walker" mode.

a39e862b

2024-05-05T18:16:11

xmllint: Add explicit cast for -fsanitize=integer

d644a23e

2024-05-05T23:37:03

fuzz: Improve xml.dict - Add standalone declaration - Add doctype declaration - Expand ATTLIST matrix in xml.dict

a4c2b723

2024-05-05T17:26:31

io: Don't set close callback in xmlParserInputBufferCreateFd

422ae462

2024-05-05T15:20:15

xmllint: Make some strings const

71a7a33e

2024-05-03T00:44:42

parser: Fix base URI of internal parameter entities Search parent inputs of internal parameter entities for base URI. Fixes a long-standing bug, which manifested in a different way after commit 955c177f. Reproduce with xmllint --noent xmlconf/eduni/errata-2e/E18.xml

fdc5ff36

2024-05-02T16:23:04

parser: Always throw entity errors if external DTD is loaded When parsing with XML_PARSE_DTDLOAD, missing entities are always an error. Also consolidate behavior when validating. See b717abdd.

39e5b35b

2024-05-02T22:06:19

parser: Don't create undeclared entity refs in substitution mode We never want to create entity reference nodes if entity substitution is enabled. This also applies to undeclared entities.

ae23a4ce

2024-04-30T17:26:28

unicode: Deprecate most xmlUCSIs* functions These don't seem to be used by downstream code.

e6379535

2024-04-30T17:00:01

Remove references to old mailing list

d2f623d1

2024-04-30T16:36:44

reader: Report malloc failure in xmlTextReaderConstValue

b8597f46

2024-04-30T15:58:01

tree: Handle predefined entities in xmlBufGetEntityRefContent It's possible to create references to predefined entities using the tree API. This edge case was exposed by making predefined entities const in commit 63ce5f9a.

619e2808

2024-04-30T15:53:08

tree: Don't call xmlNewCharRef in xmlNodeParseContent xmlNewCharRef also tries to handle strings like '&name;' but in xmlNodeParseContentInternal, we really want to use the possibly invalid name without modification. Otherwise, content like '&"' could create a reference to a predefined entity.

ae960cac

2023-11-07T21:08:01

Allow unlimited length decimals, integers etc.

bffef46c

2024-04-28T22:58:06

doc: Don't install example code

5f75c956

2024-04-28T22:57:02

doc: Remove tutorial The tutorial was moved to the Wiki: https://gitlab.gnome.org/GNOME/libxml2/-/wikis/Tutorial

d381e5de

2024-04-28T21:14:32

doc: Move doc/examples to example

1cdfece1

2024-04-28T18:33:40

memory: Remove memory debugging This is useless compared to sanitizers or valgrind and has a considerable performance impact if enabled accidentally.

5e80f438

2024-04-28T17:33:19

tree: Deprecate xmlRegisterNodeDefault This rarely used feature should be phased out.

88169bfd

2024-04-28T17:54:36

tree: Deprecate xmlSetCompressMode

05654cfe

2024-04-28T17:54:20

html: Deprecate htmlHandleOmittedElem

63ce5f9a

2024-04-28T17:32:35

Make some globals const

577fb0e3

2024-04-27T16:31:01

xinclude: Report malloc failure in xmlXIncludeMergeEntities

68e440ee

2024-04-24T22:52:06

fuzz: Use all test directories for XML seed corpus It's probably better to add as many files as possible to the seed corpus even if they're less specific to a fuzzer.

651465f9

2024-04-24T22:50:53

test: Remove unused test files

0977d7a3

2024-04-23T22:39:53

fuzz: Build with compression support on OSS-Fuzz

510c7988

2024-04-23T18:43:12

fuzz: Remove reader pass from XML fuzzers The reader API is fuzzed separately now.

6641a7e8

2024-04-23T18:17:02

fuzz: Enable reader fuzzer on OSS-Fuzz

45fe9924

2024-04-22T17:12:54

parser: Don't create reference in xmlLookupGeneralEntity This should only be done in xmlParseReference. The handling of undeclared entities is still somewhat inconsistent. In element content we create references even if entity substitution is enabled. In attribute values undeclared entities are always ignored.

b717abdd

2024-04-22T15:42:39

parser: Consolidate error handling for undeclared entities Always use XML_WAR_UNDECLARED_ENTITY with warning error level in documents with external subset or parameter entities. Use XML_ERR_UNDECLARED_ENTITY otherwise.

00336f0f

2024-04-20T20:54:41

cmake: Don't use tabs in CMakeLists.txt Always use spaces and indent_size=4 except for Makefiles.

b62ccf7f

2024-04-16T13:24:12

fuzz: Add fuzzer for XML reader API

087a3464

2024-04-18T11:57:46

xinclude: Increase error count in xmlXIncludeErrMemory

7cbf609a

2024-04-18T12:57:15

reader: Make xmlTextReaderReadString non-recursive Also report malloc failures. Fixes #607.

f6964781

2024-04-22T12:23:39

reader: Rework xmlTextReaderRead{Inner,Outer}Xml Use an xmlOutputBuffer. Report malloc failures.

cdb3103b

2024-04-22T12:23:06

reader: Report malloc failures

d2daf33e

2024-04-16T14:53:07

reader: Fix preservation of attributes Don't use 'curnode' which might be an attribute or namespace node which doesn't have an 'extra' member.

5aa56e73

2024-04-18T14:21:19

reader: Add tests for content accessors

6053f1ff

2023-11-02T13:57:54

Remove redundant size check The condition size > UINT_MAX - 10 is already checked earlier, so the check is always false.

fbea03f3

2024-04-19T15:22:30

tree: Remove another redundant check in xmlDOMWrapCloneNode The node type was already checked earlier.

1a865567

2023-11-02T14:07:00

Remove redundant NULL check on cur This variable is already NULL checked in the previous if condition.

6fadd798

2023-11-02T14:05:31

Remove always-false check old == cur This case is already checked at the start of the function. There it returns NULL, which seems more correct.

27665200

2023-11-02T13:59:54

Remove redundant NULL check on cur cur = node, and node cannot be NULL as it is checked at the start of the function.

a0341ac8

2024-04-18T12:08:30

tree: Don't return empty localname in xmlSplitQName{2,3} Match the behavior of xmlSplitQName and xmlSplitQName4.

f506ec66

2024-04-15T11:27:44

parser: Always decode entities in namespace URIs Also decode entities in namespace URIs if entity substitution wasn't requested. This should fix some corner cases when comparing namespace URIs. The Namespaces in XML 1.0 spec says: > In a namespace declaration, the URI reference is the normalized value > of the attribute, so replacement of XML character and entity > references has already been done before any comparison. Make the serialization code escape special characters in namespace URIs like in attribute values. This fixes serialization if entities were substituted when parsing. Fixes https://gitlab.gnome.org/GNOME/libxslt/-/issues/106

971ce404

2024-04-14T19:33:21

fuzz: Also set fuzzAllocFailed if a real allocation fails Avoid false positives in real OOM situations.

20b0bd98

2024-04-09T18:00:13

fuzz: Account for quadratic runtime in xmlXPathTranslateFunction Avoid fuzzer timeouts caused by this known issue.

fd8a3511

2024-04-09T16:54:02

error: Fix direct invocation of SAX error handlers Revert part of commit c5a8aef2 to make it safe to call the default SAX error handlers directly. This has been deprecated for a long time but even xmllint still uses these handlers. Should fix #713.

20fca2bb

2024-04-09T15:39:06

save: Report malloc failure in xmlAttrSerializeTxtContent Flush buffer before checking for errors.

1f18d377

2024-04-02T23:19:28

fuzz: Add a few more comments

5bb84b47

2024-04-04T11:55:28

relaxng: Fix tree corruption in xmlRelaxNGParseNameClass Don't create cycles in tree structure. This will lead to an infinite loop or call stack overflow later. Closes: https://gitlab.gnome.org/GNOME/libxml2/-/issues/711

16ccb61d

2024-04-05T13:19:56

xinclude: Don't try to fix base of non-elements This would result in a spurious error.

af2bda4e

2024-04-05T13:09:45

SAX2: Also check URI length before resolving We don't want to exceed the size limit of 1 MB in uri.c. Such errors can't be distinguished from malloc failures.

5732ce56

2024-04-04T12:14:46

meson: Initial commit

650f842d

2024-04-02T15:25:28

string: Don't validate UTF-8 in xmlUTF8Strsub Most string functions can assume valid UTF-8. In order to detect malloc failures reliably, xmlUTF8Strsub should only return NULL if the start index is out of bounds or a memory allocation failed.

86c27206

2024-04-02T14:41:15

save: Handle invalid parent pointers in xhtmlNodeDumpOutput See #255 and commit 85b1792e.

f7f14537

2024-04-02T12:56:11

build: Disable support for compression libraries by default libxml2 has limited support for reading and writing compressed data with the help of zlib and liblzma which used to be enabled by default. This only works for files read from the file system and never worked with memory buffers. My guess is that this feature is virtually unused. In light of the recently discovered xz backdoor, it's a good time to disable these features by default to reduce attack surface and prepare for eventual removal. If --with-legacy is passed to the Autotools build, compression will be enabled by default as before.

365976db

2024-03-30T17:17:21

xinclude: Don't use xmlHasNsProp This function can malloc and doesn't report failures. Another design mistake is that xmlUnsetNsProp requires an xmlNs struct.

fe3cbf89

2024-03-29T14:54:39

fuzz: Check node type before xmlDocSetRootElement

5c553325

2024-03-29T13:45:19

Revert "tree: Only allow elements in xmlDocSetRootElement" This reverts commit 4b698dbaec9bc6775fc8341ef8a3f0d8321f8548. lxml assumes that xmlDocSetRootElement works with non-elements.

7c5daa37

2024-03-29T14:35:07

tree: Ignore namespace with NULL href in xmlSearchNs Some users set href to NULL to unset a namespace without deleting it. Also change the duplicate check in xmlNewNs which must agree with xmlSearchNs. Short-lived regression from f960c60d.

f43197fc

2024-03-29T11:16:45

tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling Commit 9e1c72da from 2001 introduced a bug where xmlAddPrevSibling and xmlAddNextSibling would only try to merge text nodes with one of its new siblings. Commit 4ccd3eb8 fixed this bug but unfortunately, lxml and possibly other downstream code depend on text nodes not being merged. To avoid breaking downstream code while still having somewhat consistent API behavior, it's probably best to make these functions never coalesce text nodes.

2cc7f710

2024-03-29T11:55:20

SAX2: Fix xmlSAX2EntityDecl with empty base Short-lived regression.

730de88b

2024-03-28T15:42:02

SAX2: Optimize appending children xmlSAX2AppendChild can make several assumptions which make appending nodes more efficient. Also handle line numbers in xmlSAX2AppendChild.

2a713a80

2024-03-28T15:09:46

tree: Document behavior if xmlSetTreeDoc fails

f1e9c7bd

2024-03-28T14:54:18

tree: Optimize xmlInsertNode Relink the node directly without calling xmlUnlinkNodeInternal.

ea0ee365

2024-03-28T12:38:43

tree: Align xmlAddChild with other node insertion functions Make xmlAddChild unlink the child before insertion. Originally, linked children would most likely cause tree corruption. The first fix disallowed linked nodes, but there are cases where insertion of such nodes could succeed. Don't abort if the node is already a child of parent. In this case, the node will be moved to the end of the child list.

e5cdb23f

2024-03-28T14:09:10

tree: Introduce xmlUnlinkNodeInternal xmlUnlinkNode also removes references to DTD nodes which shouldn't be done when moving nodes within a document. Introduce a new function xmlUnlinkNodeInternal which only unlinks a node from the tree. Remove references to DTD nodes in xmlNodeSetDoc. Note that moving element and attribute declarations to another document will still leave references in the source document.

1d50df87

2024-03-28T12:08:13

examples: Don't leave temp files

bfb02fbc

2024-03-28T11:30:05

fuzz: Fix xmlSetProp in API fuzzer Finding the old attribute node is a bit more involved.

9bce9dbb

2024-03-26T14:30:57

valid: Report malloc failure in xmlValidateOneElement

887ad90a

2024-03-26T14:23:51

fuzz: Restrict input size of API fuzzer

6c5248e2

2024-03-26T14:21:47

fuzz: Restrict number of copies in API fuzzer Avoid timeouts with large inputs.

aa04838e

2024-03-26T14:10:58

html: Use binary search in htmlEntityValueLookup

23a81841

2024-03-25T20:51:14

tree: Work on documentation

52efb20a

2024-03-24T13:43:25

fuzz: Enable float-divide-by-zero on OSS-Fuzz This was recently disabled globally: https://github.com/google/oss-fuzz/pull/11567

1ace0e85

2024-03-24T12:28:22

xinclude: Report malloc failure in xmlXIncludeAddNode

ad9a5637

2024-03-22T19:37:12

tree: Fix uninitialized value in xmlSearchNsSafe Short-lived regression.

00c2f549

2024-03-22T18:45:31

ci: Support ASan in Docker container Ubuntu now requires libclang-rt-dev for ASan libraries.

0e6e3921

2024-03-22T18:36:49

ci: Show config.log if configuration failed

c978a5d8

2024-03-22T18:34:12

ci: Remove Python 2 job, update C89 job Python 2 isn't supported on newer Ubuntu releases. Newer Python releases have header files which aren't compatible with C89.

3d6a25e5

2024-03-22T18:12:25

doc: Update Docker CI instructions

e7ff3ca4

2024-03-22T18:09:23

ci: Update Docker container to Ubuntu 23.10 This removes Python 2.

22455e97

2024-03-22T17:52:35

ci: Add meson to Docker container

kc3-lang/libxml2

Log