kmx git

Commit	Date	Message
b92768cd	2022-12-08T00:24:53	tests: Enable "runsuite" test This enables some tests with testcases in - test/xsdtest - test/relaxng/OASIS/spectest.xml - test/relaxng/testsuite.xml The XML Schema Test Suite will also be run it was downloaded, see xstc/Makefile.am. Gitlab CI should be updated to fetch these files. There are 10 expected errors in the XSD test suite. This seems to be the case since at least version 2.9.0 from 2012.
4762c856	2022-12-06T21:40:01	Use python3 not python As per https://peps.python.org/pep-0394/, the python binary can be one of the following options: - Python 2 - Python 3 - Not exist All of the scripts in libxml2 use 'python', which may not exist. As Python 2 reached EOL on the 1st January 2020, it's safe to move the scripts to use python3 explicitly.
ff49041c	2022-12-07T12:04:41	xstc/fixup-tests.py: port to Python 3
7640362e	2022-12-07T12:01:39	xstc/fixup-tests.py: unify whitespace The source contains a mix of tabs and spaces, so unify on spaces.
d598d8af	2022-12-05T16:18:14	libxml.m4: deprecate AM_PATH_XML2, wrap PKG_CHECK_MODULES instead pkg-config has been around for a very long time now, so deprecate the hand-written libxml.m4 fragment providing AM_PATH_XML2 and simply change it to a wrapper around PKG_CHECK_MODULES.
0ac8c15e	2022-12-06T15:48:55	python/tests/reader2: use absolute paths everywhere The expected errors contain an relative path, but the messages from the parser contain absolute paths. However, due to the tests not actually failing if there was an error this wasn't noticed. Instead of putting relative paths in the expected messages use format() to embed the correct absolute path. Also use os.path.join() consistently when constructing paths to ensure uniformly formatted paths.
b9ba5e1d	2022-12-06T15:34:04	python/tests/reader2: always exit(1) if a test fails Batch up the errors in the first parse tests and ensure that the last tests exit with an error if they fail. Also remove an unused import.
21f2ce71	2022-12-06T14:33:32	testModule: exit if the module can't be opened Instead of silently exiting with success when the module cannot be found, emit a message and fail the test.
b1b0df6e	2022-12-06T17:00:03	CI: disable modules in gcc:static build When shared libraries are disabled we can't build loadable modules either, so the testModule test can't work as the testdso.la target doesn't build a module.
3aaaf5ca	2022-12-06T17:05:14	CI: fix CI on MinGW builds The XML test case tarball isn't actually compressed: the published URL is a .tar and fetches of the .tar.gz redirect silently to the .tar, which is then passed to gzip which refuses to decompress uncompressed data. Fetch the .tar as that is the documented URL, and remove the decompression.
76c6da42	2022-12-04T23:01:00	error: Make sure that error messages are valid UTF-8 This has caused issues with the Python bindings for a long time. Should fix #64.
4b959ee1	2022-12-01T13:23:09	Remove hacky heuristic from b2dc5675e94aa6b5557ba63f7d66b0f08dd17e4d Checking whether the context is close to the parent context by hardcoding 250 is not portable (I noticed tests were failing on Morello since the value is 288 there due to pointers being 128 bits). Instead we should ensure that the XML_VCTXT_USE_PCTXT flag is not set in cases where the user data is not actually a parser context (or ideally add a separate field but that would be an ABI break. From what I can see in the source, the XML_VCTXT_USE_PCTXT is only set if the userData field points to a valid context, and if this is not the case the flag should be cleared when changing userData rather than relying on the offset between the two. Looking at the history, I think d7cb33cf44aa688f24215c9cd398c1a26f0d25ff fixed most of the need for this workaround, but it looks like there are a few more locations that need updating; This commit changes two more places to set/clear/copy the XML_VCTXT_USE_PCTXT flag, so this heuristic should not be needed anymore. I've also drop two = NULL assignment in xmllint since this is not needed after a call to memset(). There was also an uninitialized vctxt.flags (and other fields) in `xmlShellValidate()`, which I've fixed by adding a memset() call.
c715ded0	2022-12-01T12:53:15	Avoid creating an out-of-bounds pointer by rewriting a check Creating more than one-past-the-end pointers is undefined behaviour in C and while this code is unlikely to be miscompiled, I discovered that an out-of-bounds pointer is being created using UBSan on a CHERI-enabled system.
c62c0d82	2022-12-01T12:58:11	Correctly relocate internal pointers after realloc() Adding an offset to a deallocated pointer and assuming that it can be dereferenced is undefined behaviour. When running libxml2 on CHERI-enabled systems such as Arm Morello this results in the creation of an out-of-bounds pointer that cannot be dereferenced and therefore crashes at runtime. The effect of this UB is not just limited to architectures such as CHERI, incorrect relocation of pointers after realloc can in fact cause FORTIFY_SOURCE errors with recent GCC: https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level
c7a9b85c	2022-11-30T17:11:33	html: Improve parsing of nested lists Allow ul/ol as immediate children of ul/ol. This is more in line with the HTML5 spec. Fixes #447.
ccb6d544	2022-11-27T02:09:27	Hide internal functions These functions were never declared in public headers, so it should be safe to hide them. Fixes #139.
82bd2c37	2022-11-25T18:09:15	python: Fix memory leak checks xmlInitParser doesn't allocate memory anymore, so the checks can be simplified.
1966382b	2022-11-25T17:39:01	memory: Don't use locks in xmlMemUsed The Python tests call xmlMemUsed after xmlCleanupParser which doesn't work with statically allocated mutexes. This is only used for debugging, so a lock isn't necessary.
e414f825	2022-11-25T15:01:22	html: Fix htmlInitAutoClose documentation
c16fd705	2022-11-25T14:52:37	xpath: Make init function private
53ab3840	2022-11-25T14:26:59	encoding: Make init function private
3e9d5e4f	2022-11-25T14:19:36	encoding: Remove unused variable xmlDefaultCharEncodingHandler
05c3a458	2022-11-25T14:15:43	tests: Check that xmlInitParser doesn't allocate memory
78c0391b	2022-11-25T13:55:39	parser: Register atexit handler in locked section
71931233	2022-10-24T21:50:34	threads: Use __libc_single_threaded if available Fixes #427
c73d464a	2022-11-24T15:00:03	threads: Deprecate some internal functions
65d381f3	2022-11-24T20:54:18	threads: Allocate mutexes statically
9dbf1374	2022-11-24T20:52:57	parser: Make some module init/cleanup functions private
cecd364d	2022-11-24T16:38:47	parser: Don't call *DefaultSAXHandlerInit from xmlInitParser Change the default handler definitions to match the result after calling the initialization functions. This makes sure that no thread-local variables are accessed when calling xmlInitParser.
9ef80ff1	2022-11-25T12:33:25	memory: Remove xmlDictInitialized Call xmlInitParser when creating dicts instead.
ed053c50	2022-11-25T12:27:14	dict: Make init/cleanup functions private
2e9aeecb	2022-11-25T12:21:49	memory: Remove xmlMemInitialized Call xmlInitParser instead of xmlInitMemoryInternal.
7010d877	2022-11-25T12:06:27	threads: Rework initialization Make init/cleanup functions private. Merge xmlOnceInit into xmlInitThreadsInternal.
1406b20f	2022-11-24T19:14:33	encoding: Allocate default handlers statically
278e7874	2022-11-23T03:07:56	libxml.m4: fix -Wstrict-prototypes Signed-off-by: Sam James <sam@gentoo.org>
707ade22	2022-11-22T14:56:58	Visual Studio builds: Allow silencing deprecation warnings Define XML_IGNORE_DEPRECATION_WARNINGS and the corresponding XML_POP_WARNINGS for Visual Studio, and consequently define XML_IGNORE_FPTR_CAST_WARNINGS so that we do not get a compiler warning on Visual Studio by doing a __pragma(warning(pop)) without a corresponding __pragma(warning(push)). Also correct the documentation a bit for XML_POP_WARNINGS.
b9590d5d	2022-11-18T11:23:23	Visual Studio: Define XML_DEPRECATED We can mark APIs as deprecated using __declspec(deprecated) with Visual Studio 2005 and later, so add a definition of that so that we can help users avoid using deprecated APIs when using Visual Studio as well. For the existing GCC definition, check whether we are on GCC 3.1+ before enabling the definition.
b1f9c193	2022-11-22T21:39:01	parser: Fix push parser with unterminated CDATA sections Short-lived regression found by OSS-Fuzz.
97c0a9cf	2022-11-22T17:01:39	tests: Fix use-after-free in Python tests The nodeset must be freed before the document. Fixes #443.
55034505	2022-11-22T17:01:21	Fix .editorconfig
34a5a4a5	2022-11-22T15:40:51	tests: Remove unneeded #includes
701beb4e	2022-11-22T15:37:49	xmllint: Include <io.h> on Windows
b9689d13	2022-11-22T15:37:12	gitlab-ci: Make Test-Msvc exit if ctest fails
138c897d	2022-11-22T14:57:58	gitlab-ci: Treat compiler warnings as errors on MSVC
d725addd	2022-11-22T14:50:14	warnings: Work around MSVC bug MSVC apparently complains when passing a `const char *` to memset. Unlike `const char const *`, this isn't a pointer to const memory.
cfbe68e4	2022-11-22T15:20:53	sources: Silence C4013 warnings on Visual Studio The read(), close(), open(), lseek() functions are found in io.h on Visual Studio, which does not ship unistd.h, so include io.h on Windows if unistd.h is not found. C4013 (aka implicit declaration of ...) warnings can often ring alarm bells.
0e193f0d	2022-11-21T22:09:19	parser: Remove dangerous check in xmlParseCharData If this check succeeds, xmlParseCharData could be called over and over again without making progress, resulting in an infinite loop. It's only important to check for XML_PARSER_EOF which is done later. Related to #441.
94ca36c2	2022-11-21T22:07:11	parser: Restore parser state in xmlParseCDSect Fixes #441.
a8b31e68	2022-11-21T21:35:01	parser: Fix progress check when parsing character data Skip over zero bytes to guarantee progress. Short-lived regression.
23491536	2022-11-21T20:11:53	Fix .editorconfig
c63900fb	2022-11-21T20:11:35	parser: Check terminate flag when push parsing CDATA sections Found by OSS-Fuzz.
a781ee33	2022-11-21T20:10:42	Revert "parser: Add overflow checks to xmlParseLookup functions" This reverts commit bfc55d688427972d093be010a8c2ef265375fcb2. It's better to fix the root cause.
bfc55d68	2022-11-21T18:29:54	parser: Add overflow checks to xmlParseLookup functions Short-lived regression found by OSS-Fuzz.
d7e698fc	2022-11-18T17:36:14	python/setup.py.in: Improve Windows import patching Move up the altImport function so that we ensure that it can be referred to and streamline it a bit, since we no longer attempt to build the libxslt Python bits here, at least on Windows.
e208eaa2	2022-11-20T22:41:51	Add .editorconfig Fixes #258.
9e4a46ac	2022-11-20T22:03:08	parser: Merge misc, prolog and epilog cases in push parser
9c63cea5	2022-11-20T15:36:41	test: Add test for push parser boundaries
691a7719	2022-11-20T19:55:12	parser: Fix 'consumed' accounting when switching encodings
c9367938	2022-11-20T19:54:34	html: Fix check for end of comment in push parser Make sure to reset checkIndex. Handle case where "--" or "--!" is at the end of the buffer. Fix "avail" check in htmlParseOrTryFinish.
55fb8f72	2022-11-20T15:35:49	parser: Fix push parser with 1-3 byte initial chunk Make sure that ctxt->charset is initialized properly.
68a6518c	2022-11-15T18:23:33	parser: Rewrite push parser boundary checks Remove inaccurate xmlParseCheckTransition check. Remove non-incremental xmlParseGetLasts check. Add functions that check for several boundary constructs more accurately, keeping track of progress in ctxt->checkIndex. Fixes #439.
f30adb54	2022-11-14T21:05:32	uri: Allow port without host Don't set port to -1 when host is missing. Host can be empty according to spec. Fixes #71.
76d6b0d7	2022-11-14T21:02:15	html: Don't escape ASCII chars in href attributes In several cases, href attributes can contain ASCII characters which are illegal in URIs. Escaping them often does more harm than good. Fixes #321.
4955e0c9	2022-11-14T20:16:22	io: Don't shrink memory input buffers
117bab22	2022-11-14T20:15:59	parser: Don't call xmlSHRINK from push parser xmlSHRINK also calls xmlParserInputGrow which isn't needed in the push parser.
f00739c1	2022-11-14T00:18:39	parser: Ignore cdata argument in xmlParseCharData It never could be used to parse CDATA sections.
e4f56a72	2022-11-13T23:42:10	parser: Simplify xmlParseConditionalSections
3582b07b	2022-11-13T22:57:32	parser: Fix content parser progress checks This is another attempt at fixing parser progress checks. Instead of relying on in->consumed, which could overflow, change some content parser functions to make guaranteed progress on certain byte sequences.
f7ad338e	2022-11-13T21:59:23	parser: Fix attribute parser progress checks This is another attempt at fixing parser progress checks. Instead of relying on in->consumed, which could overflow, make the attribute parser functions return a NULL name only if they don't make progress.
f61b8a62	2022-11-13T21:47:03	parser: Fix DTD parser progress checks This is another attempt at fixing parser progress checks. Instead of relying on in->consumed, which could overflow, change some DTD parser functions to make guaranteed progress on certain byte sequences.
249cee4b	2022-11-13T20:19:13	io: Fix a few integer overflows in I/O statistics There are still many places where arithmetic on "consumed" stats isn't checked for overflow, affecting platforms with a 32-bit long type.
6b570619	2022-11-13T19:44:00	io: Rearrange code in xmlSwitchInputEncodingInt No functional change.
1ef4938f	2022-11-13T17:55:28	io: Rework xmlParserInputBufferGrow with encodings Read data directly into the "raw" buffer when converting encodings. Make sure not to grow memory input buffers.
2059df53	2022-11-14T22:27:58	buf: Deprecate static/immutable buffers
1ca0dfec	2022-11-14T22:00:50	reader: Switch to xmlParserInputBufferCreateMem This is less efficient but can't result in input buffer overreads. Fixes #326.
46cd7d22	2022-11-13T16:30:46	io: Remove xmlInputReadCallbackNop In some cases, for example when using encoders, the read callback was set to NULL, in other cases it was set to xmlInputReadCallbackNop. xmlGROW only tested for xmlInputReadCallbackNop, resulting in errors when parsing large encoded content from memory. Always use a NULL callback for memory buffers to avoid ambiguities. Fixes #262.
9feafbc5	2022-11-13T16:56:10	io: Check for memory buffer early in xmlParserInputGrow
22d879bf	2022-11-13T15:08:44	io: Fix "buffer full" error with certain buffer sizes Remove a useless check in xmlParserInputBufferGrow that could be triggered after changing xmlBufAvail in c14cac8b. Fixes #438.
0d1765fd	2022-11-13T15:20:13	doc: Mention new location of XML catalog as breaking change
a2493721	2022-11-04T15:06:25	doc: Mention potentially breaking changes in NEWS
b693905f	2022-11-04T14:50:39	doc: Remove xmlDllMain from documentation and version script This is a Windows-only symbol.
d48faf1a	2022-11-04T14:30:50	doc: Mention ${sysconfdir} in man pages Fixes #395.
3ab57bf4	2022-11-04T14:25:23	doc: Document xmlcatalog --convert Fixes #417.
ae7096a1	2022-11-04T14:21:53	doc: Document xmllint --nodict and --pedantic Fixes #418.
736487df	2022-11-04T14:17:01	doc: Fix indentation in source XML files
a70f7d47	2022-11-04T14:03:31	parser: Fix error message in xmlParseCommentComplex Fixes #421.
1fa4d14f	2022-11-04T12:34:39	Bypass proxy in nanoHTTP for hosts in "no_proxy"
b4592709	2022-11-02T16:22:54	malloc-fail: Fix memory leak in xmlStringGetNodeList Also make sure to return NULL on error instead of a partial node list. Found with libFuzzer, see #344.
5a19e216	2022-11-02T16:13:27	malloc-fail: Fix use-after-free in xmlXIncludeAddNode Found with libFuzzer, see #344.
afc7e3a7	2022-11-02T16:11:00	malloc-fail: Fix memory leak in xmlParseReference Found with libFuzzer, see #344.
7ceaee94	2022-11-02T16:05:05	malloc-fail: Fix memory leak in xmlSAX2ExternalSubset Found with libFuzzer, see #344.
e129c1d1	2022-11-02T16:02:39	malloc-fail: Fix infinite loop in xmlSkipBlankChars Found with libFuzzer, see #344.
dd50cfeb	2022-11-02T15:58:31	malloc-fail: Fix memory leak in xmlNewDocNodeEatName Found with libFuzzer, see #344.
fa361de0	2022-11-02T15:53:52	malloc-fail: Fix memory leak in xmlNewPropInternal Also fixes a memory leak if called with a non-element node. Found with libFuzzer, see #344.
865e142c	2022-11-02T15:46:11	malloc-fail: Fix memory leak in xmlCreatePushParserCtxt Found with libFuzzer, see #344.
a22bd982	2022-11-02T15:44:42	malloc-fail: Fix memory leak in xmlStaticCopyNodeList Found with libFuzzer, see #344.
abb5a93f	2022-11-02T10:53:24	schemas: Fix infinite loop in xmlSchemaCheckElemSubstGroup Types like xmlSchemaTypeAnyTypeDef have a base type pointing to itself, resulting in an infinite loop. Fixes #430.
9aba613b	2022-10-31T17:09:54	fuzz: Add new XInclude test directory to corpus
b456e3bb	2022-10-30T20:28:20	xinclude: Always allow XPtr expressions in external documents
f14529ba	2022-10-30T12:32:14	xinclude: Fix more memory leaks in xmlXIncludeLoadDoc

b92768cd

2022-12-08T00:24:53

tests: Enable "runsuite" test This enables some tests with testcases in - test/xsdtest - test/relaxng/OASIS/spectest.xml - test/relaxng/testsuite.xml The XML Schema Test Suite will also be run it was downloaded, see xstc/Makefile.am. Gitlab CI should be updated to fetch these files. There are 10 expected errors in the XSD test suite. This seems to be the case since at least version 2.9.0 from 2012.

4762c856

2022-12-06T21:40:01

Use python3 not python As per https://peps.python.org/pep-0394/, the python binary can be one of the following options: - Python 2 - Python 3 - Not exist All of the scripts in libxml2 use 'python', which may not exist. As Python 2 reached EOL on the 1st January 2020, it's safe to move the scripts to use python3 explicitly.

ff49041c

2022-12-07T12:04:41

xstc/fixup-tests.py: port to Python 3

7640362e

2022-12-07T12:01:39

xstc/fixup-tests.py: unify whitespace The source contains a mix of tabs and spaces, so unify on spaces.

d598d8af

2022-12-05T16:18:14

libxml.m4: deprecate AM_PATH_XML2, wrap PKG_CHECK_MODULES instead pkg-config has been around for a very long time now, so deprecate the hand-written libxml.m4 fragment providing AM_PATH_XML2 and simply change it to a wrapper around PKG_CHECK_MODULES.

0ac8c15e

2022-12-06T15:48:55

python/tests/reader2: use absolute paths everywhere The expected errors contain an relative path, but the messages from the parser contain absolute paths. However, due to the tests not actually failing if there was an error this wasn't noticed. Instead of putting relative paths in the expected messages use format() to embed the correct absolute path. Also use os.path.join() consistently when constructing paths to ensure uniformly formatted paths.

b9ba5e1d

2022-12-06T15:34:04

python/tests/reader2: always exit(1) if a test fails Batch up the errors in the first parse tests and ensure that the last tests exit with an error if they fail. Also remove an unused import.

21f2ce71

2022-12-06T14:33:32

testModule: exit if the module can't be opened Instead of silently exiting with success when the module cannot be found, emit a message and fail the test.

b1b0df6e

2022-12-06T17:00:03

CI: disable modules in gcc:static build When shared libraries are disabled we can't build loadable modules either, so the testModule test can't work as the testdso.la target doesn't build a module.

3aaaf5ca

2022-12-06T17:05:14

CI: fix CI on MinGW builds The XML test case tarball isn't actually compressed: the published URL is a .tar and fetches of the .tar.gz redirect silently to the .tar, which is then passed to gzip which refuses to decompress uncompressed data. Fetch the .tar as that is the documented URL, and remove the decompression.

76c6da42

2022-12-04T23:01:00

error: Make sure that error messages are valid UTF-8 This has caused issues with the Python bindings for a long time. Should fix #64.

4b959ee1

2022-12-01T13:23:09

Remove hacky heuristic from b2dc5675e94aa6b5557ba63f7d66b0f08dd17e4d Checking whether the context is close to the parent context by hardcoding 250 is not portable (I noticed tests were failing on Morello since the value is 288 there due to pointers being 128 bits). Instead we should ensure that the XML_VCTXT_USE_PCTXT flag is not set in cases where the user data is not actually a parser context (or ideally add a separate field but that would be an ABI break. From what I can see in the source, the XML_VCTXT_USE_PCTXT is only set if the userData field points to a valid context, and if this is not the case the flag should be cleared when changing userData rather than relying on the offset between the two. Looking at the history, I think d7cb33cf44aa688f24215c9cd398c1a26f0d25ff fixed most of the need for this workaround, but it looks like there are a few more locations that need updating; This commit changes two more places to set/clear/copy the XML_VCTXT_USE_PCTXT flag, so this heuristic should not be needed anymore. I've also drop two = NULL assignment in xmllint since this is not needed after a call to memset(). There was also an uninitialized vctxt.flags (and other fields) in `xmlShellValidate()`, which I've fixed by adding a memset() call.

c715ded0

2022-12-01T12:53:15

Avoid creating an out-of-bounds pointer by rewriting a check Creating more than one-past-the-end pointers is undefined behaviour in C and while this code is unlikely to be miscompiled, I discovered that an out-of-bounds pointer is being created using UBSan on a CHERI-enabled system.

c62c0d82

2022-12-01T12:58:11

Correctly relocate internal pointers after realloc() Adding an offset to a deallocated pointer and assuming that it can be dereferenced is undefined behaviour. When running libxml2 on CHERI-enabled systems such as Arm Morello this results in the creation of an out-of-bounds pointer that cannot be dereferenced and therefore crashes at runtime. The effect of this UB is not just limited to architectures such as CHERI, incorrect relocation of pointers after realloc can in fact cause FORTIFY_SOURCE errors with recent GCC: https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level

c7a9b85c

2022-11-30T17:11:33

html: Improve parsing of nested lists Allow ul/ol as immediate children of ul/ol. This is more in line with the HTML5 spec. Fixes #447.

ccb6d544

2022-11-27T02:09:27

Hide internal functions These functions were never declared in public headers, so it should be safe to hide them. Fixes #139.

82bd2c37

2022-11-25T18:09:15

python: Fix memory leak checks xmlInitParser doesn't allocate memory anymore, so the checks can be simplified.

1966382b

2022-11-25T17:39:01

memory: Don't use locks in xmlMemUsed The Python tests call xmlMemUsed after xmlCleanupParser which doesn't work with statically allocated mutexes. This is only used for debugging, so a lock isn't necessary.

e414f825

2022-11-25T15:01:22

html: Fix htmlInitAutoClose documentation

c16fd705

2022-11-25T14:52:37

xpath: Make init function private

53ab3840

2022-11-25T14:26:59

encoding: Make init function private

3e9d5e4f

2022-11-25T14:19:36

encoding: Remove unused variable xmlDefaultCharEncodingHandler

05c3a458

2022-11-25T14:15:43

tests: Check that xmlInitParser doesn't allocate memory

78c0391b

2022-11-25T13:55:39

parser: Register atexit handler in locked section

71931233

2022-10-24T21:50:34

threads: Use __libc_single_threaded if available Fixes #427

c73d464a

2022-11-24T15:00:03

threads: Deprecate some internal functions

65d381f3

2022-11-24T20:54:18

threads: Allocate mutexes statically

9dbf1374

2022-11-24T20:52:57

parser: Make some module init/cleanup functions private

cecd364d

2022-11-24T16:38:47

parser: Don't call *DefaultSAXHandlerInit from xmlInitParser Change the default handler definitions to match the result after calling the initialization functions. This makes sure that no thread-local variables are accessed when calling xmlInitParser.

9ef80ff1

2022-11-25T12:33:25

memory: Remove xmlDictInitialized Call xmlInitParser when creating dicts instead.

ed053c50

2022-11-25T12:27:14

dict: Make init/cleanup functions private

2e9aeecb

2022-11-25T12:21:49

memory: Remove xmlMemInitialized Call xmlInitParser instead of xmlInitMemoryInternal.

7010d877

2022-11-25T12:06:27

threads: Rework initialization Make init/cleanup functions private. Merge xmlOnceInit into xmlInitThreadsInternal.

1406b20f

2022-11-24T19:14:33

encoding: Allocate default handlers statically

278e7874

2022-11-23T03:07:56

libxml.m4: fix -Wstrict-prototypes Signed-off-by: Sam James <sam@gentoo.org>

707ade22

2022-11-22T14:56:58

Visual Studio builds: Allow silencing deprecation warnings Define XML_IGNORE_DEPRECATION_WARNINGS and the corresponding XML_POP_WARNINGS for Visual Studio, and consequently define XML_IGNORE_FPTR_CAST_WARNINGS so that we do not get a compiler warning on Visual Studio by doing a __pragma(warning(pop)) without a corresponding __pragma(warning(push)). Also correct the documentation a bit for XML_POP_WARNINGS.

b9590d5d

2022-11-18T11:23:23

Visual Studio: Define XML_DEPRECATED We can mark APIs as deprecated using __declspec(deprecated) with Visual Studio 2005 and later, so add a definition of that so that we can help users avoid using deprecated APIs when using Visual Studio as well. For the existing GCC definition, check whether we are on GCC 3.1+ before enabling the definition.

b1f9c193

2022-11-22T21:39:01

parser: Fix push parser with unterminated CDATA sections Short-lived regression found by OSS-Fuzz.

97c0a9cf

2022-11-22T17:01:39

tests: Fix use-after-free in Python tests The nodeset must be freed before the document. Fixes #443.

55034505

2022-11-22T17:01:21

Fix .editorconfig

34a5a4a5

2022-11-22T15:40:51

tests: Remove unneeded #includes

701beb4e

2022-11-22T15:37:49

xmllint: Include <io.h> on Windows

b9689d13

2022-11-22T15:37:12

gitlab-ci: Make Test-Msvc exit if ctest fails

138c897d

2022-11-22T14:57:58

gitlab-ci: Treat compiler warnings as errors on MSVC

d725addd

2022-11-22T14:50:14

warnings: Work around MSVC bug MSVC apparently complains when passing a `const char **` to memset. Unlike `const char *const *`, this isn't a pointer to const memory.

cfbe68e4

2022-11-22T15:20:53

sources: Silence C4013 warnings on Visual Studio The read(), close(), open(), lseek() functions are found in io.h on Visual Studio, which does not ship unistd.h, so include io.h on Windows if unistd.h is not found. C4013 (aka implicit declaration of ...) warnings can often ring alarm bells.

0e193f0d

2022-11-21T22:09:19

parser: Remove dangerous check in xmlParseCharData If this check succeeds, xmlParseCharData could be called over and over again without making progress, resulting in an infinite loop. It's only important to check for XML_PARSER_EOF which is done later. Related to #441.

94ca36c2

2022-11-21T22:07:11

parser: Restore parser state in xmlParseCDSect Fixes #441.

a8b31e68

2022-11-21T21:35:01

parser: Fix progress check when parsing character data Skip over zero bytes to guarantee progress. Short-lived regression.

23491536

2022-11-21T20:11:53

Fix .editorconfig

c63900fb

2022-11-21T20:11:35

parser: Check terminate flag when push parsing CDATA sections Found by OSS-Fuzz.

a781ee33

2022-11-21T20:10:42

Revert "parser: Add overflow checks to xmlParseLookup functions" This reverts commit bfc55d688427972d093be010a8c2ef265375fcb2. It's better to fix the root cause.

bfc55d68

2022-11-21T18:29:54

parser: Add overflow checks to xmlParseLookup functions Short-lived regression found by OSS-Fuzz.

d7e698fc

2022-11-18T17:36:14

python/setup.py.in: Improve Windows import patching Move up the altImport function so that we ensure that it can be referred to and streamline it a bit, since we no longer attempt to build the libxslt Python bits here, at least on Windows.

e208eaa2

2022-11-20T22:41:51

Add .editorconfig Fixes #258.

9e4a46ac

2022-11-20T22:03:08

parser: Merge misc, prolog and epilog cases in push parser

9c63cea5

2022-11-20T15:36:41

test: Add test for push parser boundaries

691a7719

2022-11-20T19:55:12

parser: Fix 'consumed' accounting when switching encodings

c9367938

2022-11-20T19:54:34

html: Fix check for end of comment in push parser Make sure to reset checkIndex. Handle case where "--" or "--!" is at the end of the buffer. Fix "avail" check in htmlParseOrTryFinish.

55fb8f72

2022-11-20T15:35:49

parser: Fix push parser with 1-3 byte initial chunk Make sure that ctxt->charset is initialized properly.

68a6518c

2022-11-15T18:23:33

parser: Rewrite push parser boundary checks Remove inaccurate xmlParseCheckTransition check. Remove non-incremental xmlParseGetLasts check. Add functions that check for several boundary constructs more accurately, keeping track of progress in ctxt->checkIndex. Fixes #439.

f30adb54

2022-11-14T21:05:32

uri: Allow port without host Don't set port to -1 when host is missing. Host can be empty according to spec. Fixes #71.

76d6b0d7

2022-11-14T21:02:15

html: Don't escape ASCII chars in href attributes In several cases, href attributes can contain ASCII characters which are illegal in URIs. Escaping them often does more harm than good. Fixes #321.

4955e0c9

2022-11-14T20:16:22

io: Don't shrink memory input buffers

117bab22

2022-11-14T20:15:59

parser: Don't call xmlSHRINK from push parser xmlSHRINK also calls xmlParserInputGrow which isn't needed in the push parser.

f00739c1

2022-11-14T00:18:39

parser: Ignore cdata argument in xmlParseCharData It never could be used to parse CDATA sections.

e4f56a72

2022-11-13T23:42:10

parser: Simplify xmlParseConditionalSections

3582b07b

2022-11-13T22:57:32

parser: Fix content parser progress checks This is another attempt at fixing parser progress checks. Instead of relying on in->consumed, which could overflow, change some content parser functions to make guaranteed progress on certain byte sequences.

f7ad338e

2022-11-13T21:59:23

parser: Fix attribute parser progress checks This is another attempt at fixing parser progress checks. Instead of relying on in->consumed, which could overflow, make the attribute parser functions return a NULL name only if they don't make progress.

f61b8a62

2022-11-13T21:47:03

parser: Fix DTD parser progress checks This is another attempt at fixing parser progress checks. Instead of relying on in->consumed, which could overflow, change some DTD parser functions to make guaranteed progress on certain byte sequences.

249cee4b

2022-11-13T20:19:13

io: Fix a few integer overflows in I/O statistics There are still many places where arithmetic on "consumed" stats isn't checked for overflow, affecting platforms with a 32-bit long type.

6b570619

2022-11-13T19:44:00

io: Rearrange code in xmlSwitchInputEncodingInt No functional change.

1ef4938f

2022-11-13T17:55:28

io: Rework xmlParserInputBufferGrow with encodings Read data directly into the "raw" buffer when converting encodings. Make sure not to grow memory input buffers.

2059df53

2022-11-14T22:27:58

buf: Deprecate static/immutable buffers

1ca0dfec

2022-11-14T22:00:50

reader: Switch to xmlParserInputBufferCreateMem This is less efficient but can't result in input buffer overreads. Fixes #326.

46cd7d22

2022-11-13T16:30:46

io: Remove xmlInputReadCallbackNop In some cases, for example when using encoders, the read callback was set to NULL, in other cases it was set to xmlInputReadCallbackNop. xmlGROW only tested for xmlInputReadCallbackNop, resulting in errors when parsing large encoded content from memory. Always use a NULL callback for memory buffers to avoid ambiguities. Fixes #262.

9feafbc5

2022-11-13T16:56:10

io: Check for memory buffer early in xmlParserInputGrow

22d879bf

2022-11-13T15:08:44

io: Fix "buffer full" error with certain buffer sizes Remove a useless check in xmlParserInputBufferGrow that could be triggered after changing xmlBufAvail in c14cac8b. Fixes #438.

0d1765fd

2022-11-13T15:20:13

doc: Mention new location of XML catalog as breaking change

a2493721

2022-11-04T15:06:25

doc: Mention potentially breaking changes in NEWS

b693905f

2022-11-04T14:50:39

doc: Remove xmlDllMain from documentation and version script This is a Windows-only symbol.

d48faf1a

2022-11-04T14:30:50

doc: Mention ${sysconfdir} in man pages Fixes #395.

3ab57bf4

2022-11-04T14:25:23

doc: Document xmlcatalog --convert Fixes #417.

ae7096a1

2022-11-04T14:21:53

doc: Document xmllint --nodict and --pedantic Fixes #418.

736487df

2022-11-04T14:17:01

doc: Fix indentation in source XML files

a70f7d47

2022-11-04T14:03:31

parser: Fix error message in xmlParseCommentComplex Fixes #421.

1fa4d14f

2022-11-04T12:34:39

Bypass proxy in nanoHTTP for hosts in "no_proxy"

b4592709

2022-11-02T16:22:54

malloc-fail: Fix memory leak in xmlStringGetNodeList Also make sure to return NULL on error instead of a partial node list. Found with libFuzzer, see #344.

5a19e216

2022-11-02T16:13:27

malloc-fail: Fix use-after-free in xmlXIncludeAddNode Found with libFuzzer, see #344.

afc7e3a7

2022-11-02T16:11:00

malloc-fail: Fix memory leak in xmlParseReference Found with libFuzzer, see #344.

7ceaee94

2022-11-02T16:05:05

malloc-fail: Fix memory leak in xmlSAX2ExternalSubset Found with libFuzzer, see #344.

e129c1d1

2022-11-02T16:02:39

malloc-fail: Fix infinite loop in xmlSkipBlankChars Found with libFuzzer, see #344.

dd50cfeb

2022-11-02T15:58:31

malloc-fail: Fix memory leak in xmlNewDocNodeEatName Found with libFuzzer, see #344.

fa361de0

2022-11-02T15:53:52

malloc-fail: Fix memory leak in xmlNewPropInternal Also fixes a memory leak if called with a non-element node. Found with libFuzzer, see #344.

865e142c

2022-11-02T15:46:11

malloc-fail: Fix memory leak in xmlCreatePushParserCtxt Found with libFuzzer, see #344.

a22bd982

2022-11-02T15:44:42

malloc-fail: Fix memory leak in xmlStaticCopyNodeList Found with libFuzzer, see #344.

abb5a93f

2022-11-02T10:53:24

schemas: Fix infinite loop in xmlSchemaCheckElemSubstGroup Types like xmlSchemaTypeAnyTypeDef have a base type pointing to itself, resulting in an infinite loop. Fixes #430.

9aba613b

2022-10-31T17:09:54

fuzz: Add new XInclude test directory to corpus

b456e3bb

2022-10-30T20:28:20

xinclude: Always allow XPtr expressions in external documents

f14529ba

2022-10-30T12:32:14

xinclude: Fix more memory leaks in xmlXIncludeLoadDoc

kc3-lang/libxml2

Log