kmx git

Commit	Date	Message
f1e1f13b	2025-08-05T22:26:27	tree: Guard against atype corruption Always remove ids if `id` member is set. Untested, but this should fix CVE-2025-7425 reported against libxslt: https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
152fbb60	2025-08-02T21:27:32	parser: Make sure to stop parser before checking max errors Short-lived regression from 7a41b18c.
149c04c0	2025-08-02T14:59:02	html: Escape < and > when serializing attributes This reverts the change in cdaf657f. Coincidentally, the HTML spec just changed to mandate the old escaping behavior: https://github.com/whatwg/html/issues/6235 Fixes #957.
3b96ec75	2025-08-02T14:12:17	doc: Document deprecated default SAX handler globals
00314882	2025-08-01T15:30:33	meson: Add -Wmissing-variable-declarations Originally clang-only, gcc supports this option since version 14. This catches errors like #961.
37bd4b28	2025-08-01T15:30:08	globals: Include HTMLparser.h, fixing Windows build Regressed with c011e760 and 85bd58ef. Fixes #961.
43f7ff0a	2025-08-01T15:27:11	tests: Make global variables static
84369160	2025-07-27T12:55:11	doc: Add another warning to XML_PARSE_DTDVALID While most parts of libxml2, including the parser, are still vulnerable to such attacks, it is unlikely that DTD validation will ever be fixed.
8689523a	2025-07-22T23:57:03	parser: Implement xmlCtxtGetInputWindow See #762.
859899a8	2025-07-26T22:20:58	doc: Document option handling of deprecated "SAX1" functions
ab4a7f30	2025-07-23T02:22:43	doc: Document deprecated xmlBuffer members
af464de1	2025-07-23T02:20:13	io: Deprecate xmlOutputBuffer members
6c018854	2025-07-23T02:15:40	io: Deprecate xmlParserInputBuffer members
2cc77c3a	2025-07-31T15:05:55	fuzz: Stop using xmlParserInputBuffer
7deae0f8	2025-07-31T14:35:11	python: Switch to *CreateIO functions Avoid using deprecated struct members.
d1c3391e	2025-07-23T01:05:46	tests: Silence testparser Regressed with bd9d5e39.
469c847f	2025-07-22T23:44:10	parser: Split out xmlParserInputGetWindow
8aaa53d7	2025-07-22T22:38:50	parser: Implement xmlCtxtGetInputPosition See #762.
144ed959	2025-07-22T22:38:05	parser: Move xmlSaturatedAdd to private header
e3daef5c	2025-07-22T22:31:02	parser: Fix xmlSaturatedAddSizeT argument type This is only used for entity size accounting. The bug only affected platforms where sizeof(long) != sizeof(size_t) and was probably harmless.
a7fc9e1a	2025-07-22T20:50:13	parser: Add more parser context accessors The only thing remaining is access to parser input, see #762.
a2562b9d	2025-07-22T12:15:37	doc: Improve documentation of error levels
7a41b18c	2025-07-22T01:08:38	parser: Remove xmlHaltParser Always halt the parser on resource limit and entity loop errors and remove the remaining calls which seem unnecessary.
cdf4c6f1	2025-07-21T22:43:57	doc: Mention XML_PARSE_NOERROR in more places
77700d3d	2025-07-21T13:00:19	doc: Mention tree API bugs in old versions
c5e7ff09	2025-07-21T12:26:36	tree: More xmlNodeParseContent cleanup - Rename to xmlNodeParseAttValue - Rework argument types - Remove wrapper function
408bd0e1	2025-07-24T11:09:29	const up allowPCData similar to htmlScriptAttributes
0a4fe2f9	2025-07-20T18:52:06	io: Fix argument type See c70d88f1 and #951.
e1174057	2025-07-20T13:05:25	tree: Don't reference recursive entities in xmlNodeParseContent Improve protection against entity cycles when using tree API.
c70d88f1	2025-07-20T13:03:59	io: Fix reading from pipes like stdin on Windows On Windows, lseek doesn't return an error on unseekable streams like pipes. Fixes #951.
8f1cc915	2025-07-18T22:43:49	CMake: Add selector to CMAKE_DL_LIBS transformation At the time of writing, on AIX, the CMAKE_DL_LIBS is set to "-lld", which presents the dependency for using dynamic loading on some old AIX versions. This ensures that resulting list of linker flags on AIX is also properly formatted (without adding additional "-l").
a3d2c177	2025-07-17T16:01:11	CMake: Fix dlopen check Systems can have dlopen symbol in various libraries. For example, on Haiku, dlopen is in 'root' library, which is linked by default. The CMAKE_DL_LIBS variable is automatically set by CMake and contains the name of the library or libraries that contain dynamic loading functionality. CMakePushCheckState checks for the symbol in isolation, so the required libraries variable can be modified.
4d69f91b	2025-07-14T17:19:01	valid: Make validation fail if warnings cause OOM error Make xmlErrValidWarning return -1 on malloc failures.
0c948334	2025-07-10T11:23:44	html: Add newline to error message
bc0bb67b	2025-07-10T11:20:22	html: Don't abort on encoding errors Always enable recovery mode when parsing HTML, so we don't raise fatal errors. Regressed with 462bf0b7. Fixes #947.
3773bb3f	2025-07-09T16:08:10	tree: Make sure that SIZE_MAX is defined
6340f392	2025-07-05T17:08:00	doc: Document HTML type aliases
bd9d5e39	2025-07-09T13:10:31	parser: Fix handling of invalid char refs in recovery mode Revert to the old behavior which handles invalid char refs more gracefully. Probably regressed with 37c6618b (version 2.13.0).
6c796b37	2025-06-22T17:46:13	doc: Misc fixes
c7a9ef1d	2025-07-04T16:20:28	doc: Document struct typedefs Unfortunately, Doxygen's TYPDEF_HIDES_STRUCT option is too broken. Document struct typedefs to make autolinks work.
71e1e8af	2025-07-04T14:28:26	schematron: Fix memory safety issues in xmlSchematronReportOutput Fix use-after-free (CVE-2025-49794) and type confusion (CVE-2025-49796) in xmlSchematronReportOutput. Fixes #931. Fixes #933.
24d7e159	2025-07-04T12:19:20	schematron: Complete fix for CVE-2025-49795 - Fix memory leaks - Fix tests
499bcb78	2025-06-21T12:11:30	Schematron: Fix null pointer dereference leading to DoS (CVE-2025-49795) Fixes #932
069bcda1	2025-06-20T23:05:00	Fix potential buffer overflows of interactive shell CVE-2025-6170 Fixes #941
c34742f3	2025-06-30T16:23:03	tests: Fix build --without-output
9553695d	2025-06-30T16:15:15	relaxng: Make xmlRelaxNGDump depend on debug option
9760a14f	2025-06-30T13:47:33	relaxng: In the simplification step also unlink notAllowed refs from choice This fixes false reports of non allowed content compared to notAllowed as tag within the choice tag.
56a767ed	2025-06-28T02:35:14	doc: Small fix
0d52684e	2025-06-28T02:34:33	parser: Don't set dict limit when setting options This is done in xmlCtxtInitializeLate.
1b737cc8	2025-06-27T19:52:54	parser: Another fix to ]]> detection in push parser The original fix for issue #850 in commit 9efe1414 was incomplete.
70dc8ca0	2025-06-27T18:54:18	xpath: Add extra info to some error messages Fixes #660.
ac5fcb0e	2025-06-25T15:24:24	relaxng: ensure thread safe global initialization Relying on a plain integer flag, with no synchronization primitives does not give thread-safe initialization. All reads & writes of the xmlSchemaTypesInitialized flag need to be protected by a mutex to ensure suitable memory barriers & thus correct ordering wrt any speculative execution. A separate internal initializer tied to xmlParserInit is used to create the mutex used for synchronization, similarly to how catalog.c works. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
80798c40	2025-06-25T15:24:24	xmlschemastypes: ensure thread safe global initialization Relying on a plain integer flag, with no synchronization primitives does not give thread-safe initialization. All reads & writes of the xmlSchemaTypesInitialized flag need to be protected by a mutex to ensure suitable memory barriers & thus correct ordering wrt any speculative execution. A separate internal initializer tied to xmlParserInit is used to create the mutex used for synchronization, similarly to how catalog.c works. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
63f98ee8	2025-06-25T14:27:37	tests: Skip functions taking va_lists in testapi.c See !325.
d4355722	2025-06-25T13:45:32	xmllint: Print document even in case of XInclude errors Keep printing the document while still reporting XInclude errors to match the old behavior.
413cdfb3	2025-06-25T12:37:37	html: Fix push parsing of doctype decls Don't set state to "content" as we might still be in "misc" or "prolog".
ad0f5d27	2025-06-24T13:02:13	tree: Fix xmlGetNodePath - Fix quadratic behavior - Don't truncate names Fixes #715.
22246f21	2025-06-23T22:49:28	schemas: Fix compilation with pre-C99 MSVC Regressed with f307237e. Fixes #944.
7cfa3a26	2025-06-22T22:52:47	reader: Remove unused member xinclude_name
6c5b5552	2025-06-22T22:49:58	debug: Remove obsolete handling of special case The "nbktext" code was removed.
24628f25	2025-06-22T22:18:36	valid: Don't store attribute defaults in dictionary In general, we should only use dicts for names and not values.
600742f0	2025-06-22T20:18:40	valid: Unconst local variable in xmlValidateElement
7c913850	2025-06-22T20:12:48	parser: Remove unnecessary dict checks when freeing strings The following strings are never allocated from a dict: - xmlParserCtxt.version - xmlParserCtxt.encoding - xmlParserCtxt.extSubURI - xmlParserCtxt.extSubSystem - xmlDoc.version - xmlDoc.encoding - xmlDoc.URL - xmlDTD.ExternalID - xmlDTD.SystemID - xmlID.value Also make the struct members point to non-const chars to avoid casts when freeing.
607708b3	2025-06-22T19:18:20	valid: Don't store ID values in document's dictionary ID values are unique. There's some potential for them to be reused as references, but storing them in the dictionary can make the dictionary grow in proportion to the document. Users like lxml replace the `ids` hash table to avoid this. It seems like a good idea to stop using the dictionary for ID values.
ea91a507	2025-06-22T16:45:49	doc: Generate documentation with Doxygen 1.14 The 1.14.0 release fixes a serious bug with autolinks. Note that the downstream tests now run on Ubuntu with libxml2 and libxslt built on Arch. This seems to work but could break at a later point. Fixes #929.
3652fc28	2025-06-22T17:09:42	doc: Fix installation with newer Doxygen Newer versions don't generate PNG files anymore. Simply use . as wildcard.
404aedbd	2025-06-22T15:46:09	doc: Improve xmllint documentation
dd2b4091	2025-06-18T13:55:37	xmllint: Add --strict-namespace option Use xmlCtxtGetStatus() after parsing. If status indicates a namespace error while the --strict-namespace option is enabled, xmllint will exit with XMLLINT_ERR_RDFILE error Fixes #698
bf26cf9d	2025-06-20T21:24:44	xmllint: Replace boolean application options with single flag member Take all of the boolean application options and create a bitmask for each of them. Then use just a single unsigned member to keep track off all of them (regardless of precompile directives)
be812e1e	2025-06-20T19:34:12	xmllint: Rename options -> parseOptions Make it more obvious the options are related to XML parsing
e7802738	2025-06-22T14:39:28	parser: Don't load external content if only XML_SKIP_IDS is set At some point, the `loadsubset` member was augmented to also control handling of ID attributes in addition to loading of external DTDs. These two features are unrelated and shouldn't have been mixed. This mistake was probably inspired by the misnamed XML_DETECT_IDS flag. As a side effect, setting XML_SKIP_IDS always enabled loading of external DTDs and parameter entities. This change makes it possible to ignore IDs without loading external content. This is a deliberate API change that improves security and is unlikely to affect users. This also makes sure that the new XML_PARSE_SKIP_IDS option doesn't enable unsafe behavior.
b424bae7	2025-06-22T13:46:16	html: Fix pull-parsing of initial comments and doctype decls - Parse more bogus comments and multiple doctype declarations before switching to content. - Grow buffer after parsing comment.
1c96d5ef	2025-06-21T15:08:07	parser: Add comment in xmlStopParser
7e381842	2025-06-18T16:24:44	include: s/char const/const char/
19139061	2025-06-18T16:20:46	include: Define XMLPUBVAR directly Using an intermediate macro confuses newer Doxygen versions for some reason.
a4d25b3d	2025-06-18T16:00:57	doc: Small fixes
cf4f9672	2025-06-21T11:16:39	Add XML_PARSE_SKIP_IDS to replace XML_SKIP_IDS Mark loadset member as deprecated Fixes #873
1dcd3df2	2025-06-20T23:46:46	parser: Fix xmlCtxtIsStopped Make xmlCtxtIsStopped check for fatal errors as well. This makes it easier to migrate away from disableSAX.
9c6eebac	2025-06-20T22:22:03	xmllint: Fix --xinclude --path Use resource loader for XInclude. Regressed with f96dca9c.
2963a0f1	2025-06-20T21:41:24	tree: Undeprecate some members used by libxslt
477f9c6b	2025-06-18T13:48:55	Fix CMake iconv handling after change to private dependency
a3992815	2025-06-12T13:51:37	parser: Fix buffer overflow when parsing PublicIds Regressed with 8231c0366 and 30665ae4.
30665ae4	2025-06-11T18:09:41	parser: Fix parsing of PublicIds and VersionNums Regressed in 8231c0366. Fixes #940.
852b070f	2025-06-10T18:47:59	Change comment style
bb7169b5	2025-06-10T18:34:44	Fix relaxng is parsed to an infinite attrs->next loop Test data for the bug.
f428bdd1	2025-06-08T16:43:38	xmllint: Make output options depend on LIBXML_OUTPUT_ENABLED
3e47ceeb	2025-06-08T14:57:56	xmllint: Warn about options with no effect
2ffb8c96	2025-06-08T14:58:29	doc: Improve xmllint documentation Group more options. Clarify effect of some parser options. Mention streaming validation with `--sax`. Remove references to libxml(3).
6b50d8c8	2025-06-08T13:05:22	html: Add missing call to grow parser in htmlParseComment Otherwise, long chains of short comments could exhaust the input buffer when pull parsing.
70335c41	2025-06-06T03:29:57	html: Don't stop on unsupported encoding Continue to parse unlike in the XML case.
416da89d	2025-06-04T20:49:16	html: Make htmlCtxtReset call xmlCtxtReset The two implementations shouldn't diverge.
fa81e849	2025-06-04T20:42:39	xmllint: Fix --memory --repeat Always reset parser context. Should fix #937.
220c813e	2025-06-03T23:33:02	globals: Fix documentation of xmlThrDef* functions
7e08d93c	2025-06-03T23:32:41	doc: Improve documentation of tree data types
86cf217d	2025-06-03T19:35:03	build: Disable Schematron support by default
8da19f23	2025-06-03T16:36:40	doc: Add more warnings to xmlCleanupParser
7e4247b2	2025-06-05T21:28:31	parser: use XML_INT_TO_PTR when storing integers as pointers This fixes warnings when using a CHERI-aware toolchain.
c6206c93	2025-06-05T21:06:11	html: Ignore ASCII-incompatible encoding in meta tag After successfully parsing an ASCII-encoded meta tag, switching to an encoding that isn't ASCII-compatible cannot work.
2b6b3945	2025-06-03T16:12:56	Revert "SAX1: Align handling of default attributes with SAX2" This reverts commit db65b2fc51ef0d6e4d2e9dc65ba12fe948da49f3. This didn't check for duplicate default attributes.
30375877	2025-06-03T15:50:54	parser: Fix custom SAX parsers without cdataBlock handler Use characters handler if cdataBlock handler is NULL. Regressed with 57e4bbd8. Should fix #934.

f1e1f13b

2025-08-05T22:26:27

tree: Guard against atype corruption Always remove ids if `id` member is set. Untested, but this should fix CVE-2025-7425 reported against libxslt: https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

152fbb60

2025-08-02T21:27:32

parser: Make sure to stop parser before checking max errors Short-lived regression from 7a41b18c.

149c04c0

2025-08-02T14:59:02

html: Escape < and > when serializing attributes This reverts the change in cdaf657f. Coincidentally, the HTML spec just changed to mandate the old escaping behavior: https://github.com/whatwg/html/issues/6235 Fixes #957.

3b96ec75

2025-08-02T14:12:17

doc: Document deprecated default SAX handler globals

00314882

2025-08-01T15:30:33

meson: Add -Wmissing-variable-declarations Originally clang-only, gcc supports this option since version 14. This catches errors like #961.

37bd4b28

2025-08-01T15:30:08

globals: Include HTMLparser.h, fixing Windows build Regressed with c011e760 and 85bd58ef. Fixes #961.

43f7ff0a

2025-08-01T15:27:11

tests: Make global variables static

84369160

2025-07-27T12:55:11

doc: Add another warning to XML_PARSE_DTDVALID While most parts of libxml2, including the parser, are still vulnerable to such attacks, it is unlikely that DTD validation will ever be fixed.

8689523a

2025-07-22T23:57:03

parser: Implement xmlCtxtGetInputWindow See #762.

859899a8

2025-07-26T22:20:58

doc: Document option handling of deprecated "SAX1" functions

ab4a7f30

2025-07-23T02:22:43

doc: Document deprecated xmlBuffer members

af464de1

2025-07-23T02:20:13

io: Deprecate xmlOutputBuffer members

6c018854

2025-07-23T02:15:40

io: Deprecate xmlParserInputBuffer members

2cc77c3a

2025-07-31T15:05:55

fuzz: Stop using xmlParserInputBuffer

7deae0f8

2025-07-31T14:35:11

python: Switch to *CreateIO functions Avoid using deprecated struct members.

d1c3391e

2025-07-23T01:05:46

tests: Silence testparser Regressed with bd9d5e39.

469c847f

2025-07-22T23:44:10

parser: Split out xmlParserInputGetWindow

8aaa53d7

2025-07-22T22:38:50

parser: Implement xmlCtxtGetInputPosition See #762.

144ed959

2025-07-22T22:38:05

parser: Move xmlSaturatedAdd to private header

e3daef5c

2025-07-22T22:31:02

parser: Fix xmlSaturatedAddSizeT argument type This is only used for entity size accounting. The bug only affected platforms where sizeof(long) != sizeof(size_t) and was probably harmless.

a7fc9e1a

2025-07-22T20:50:13

parser: Add more parser context accessors The only thing remaining is access to parser input, see #762.

a2562b9d

2025-07-22T12:15:37

doc: Improve documentation of error levels

7a41b18c

2025-07-22T01:08:38

parser: Remove xmlHaltParser Always halt the parser on resource limit and entity loop errors and remove the remaining calls which seem unnecessary.

cdf4c6f1

2025-07-21T22:43:57

doc: Mention XML_PARSE_NOERROR in more places

77700d3d

2025-07-21T13:00:19

doc: Mention tree API bugs in old versions

c5e7ff09

2025-07-21T12:26:36

tree: More xmlNodeParseContent cleanup - Rename to xmlNodeParseAttValue - Rework argument types - Remove wrapper function

408bd0e1

2025-07-24T11:09:29

const up allowPCData similar to htmlScriptAttributes

0a4fe2f9

2025-07-20T18:52:06

io: Fix argument type See c70d88f1 and #951.

e1174057

2025-07-20T13:05:25

tree: Don't reference recursive entities in xmlNodeParseContent Improve protection against entity cycles when using tree API.

c70d88f1

2025-07-20T13:03:59

io: Fix reading from pipes like stdin on Windows On Windows, lseek doesn't return an error on unseekable streams like pipes. Fixes #951.

8f1cc915

2025-07-18T22:43:49

CMake: Add selector to CMAKE_DL_LIBS transformation At the time of writing, on AIX, the CMAKE_DL_LIBS is set to "-lld", which presents the dependency for using dynamic loading on some old AIX versions. This ensures that resulting list of linker flags on AIX is also properly formatted (without adding additional "-l").

a3d2c177

2025-07-17T16:01:11

CMake: Fix dlopen check Systems can have dlopen symbol in various libraries. For example, on Haiku, dlopen is in 'root' library, which is linked by default. The CMAKE_DL_LIBS variable is automatically set by CMake and contains the name of the library or libraries that contain dynamic loading functionality. CMakePushCheckState checks for the symbol in isolation, so the required libraries variable can be modified.

4d69f91b

2025-07-14T17:19:01

valid: Make validation fail if warnings cause OOM error Make xmlErrValidWarning return -1 on malloc failures.

0c948334

2025-07-10T11:23:44

html: Add newline to error message

bc0bb67b

2025-07-10T11:20:22

html: Don't abort on encoding errors Always enable recovery mode when parsing HTML, so we don't raise fatal errors. Regressed with 462bf0b7. Fixes #947.

3773bb3f

2025-07-09T16:08:10

tree: Make sure that SIZE_MAX is defined

6340f392

2025-07-05T17:08:00

doc: Document HTML type aliases

bd9d5e39

2025-07-09T13:10:31

parser: Fix handling of invalid char refs in recovery mode Revert to the old behavior which handles invalid char refs more gracefully. Probably regressed with 37c6618b (version 2.13.0).

6c796b37

2025-06-22T17:46:13

doc: Misc fixes

c7a9ef1d

2025-07-04T16:20:28

doc: Document struct typedefs Unfortunately, Doxygen's TYPDEF_HIDES_STRUCT option is too broken. Document struct typedefs to make autolinks work.

71e1e8af

2025-07-04T14:28:26

schematron: Fix memory safety issues in xmlSchematronReportOutput Fix use-after-free (CVE-2025-49794) and type confusion (CVE-2025-49796) in xmlSchematronReportOutput. Fixes #931. Fixes #933.

24d7e159

2025-07-04T12:19:20

schematron: Complete fix for CVE-2025-49795 - Fix memory leaks - Fix tests

499bcb78

2025-06-21T12:11:30

Schematron: Fix null pointer dereference leading to DoS (CVE-2025-49795) Fixes #932

069bcda1

2025-06-20T23:05:00

Fix potential buffer overflows of interactive shell CVE-2025-6170 Fixes #941

c34742f3

2025-06-30T16:23:03

tests: Fix build --without-output

9553695d

2025-06-30T16:15:15

relaxng: Make xmlRelaxNGDump depend on debug option

9760a14f

2025-06-30T13:47:33

relaxng: In the simplification step also unlink notAllowed refs from choice This fixes false reports of non allowed content compared to notAllowed as tag within the choice tag.

56a767ed

2025-06-28T02:35:14

doc: Small fix

0d52684e

2025-06-28T02:34:33

parser: Don't set dict limit when setting options This is done in xmlCtxtInitializeLate.

1b737cc8

2025-06-27T19:52:54

parser: Another fix to ]]> detection in push parser The original fix for issue #850 in commit 9efe1414 was incomplete.

70dc8ca0

2025-06-27T18:54:18

xpath: Add extra info to some error messages Fixes #660.

ac5fcb0e

2025-06-25T15:24:24

relaxng: ensure thread safe global initialization Relying on a plain integer flag, with no synchronization primitives does not give thread-safe initialization. All reads & writes of the xmlSchemaTypesInitialized flag need to be protected by a mutex to ensure suitable memory barriers & thus correct ordering wrt any speculative execution. A separate internal initializer tied to xmlParserInit is used to create the mutex used for synchronization, similarly to how catalog.c works. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

80798c40

2025-06-25T15:24:24

xmlschemastypes: ensure thread safe global initialization Relying on a plain integer flag, with no synchronization primitives does not give thread-safe initialization. All reads & writes of the xmlSchemaTypesInitialized flag need to be protected by a mutex to ensure suitable memory barriers & thus correct ordering wrt any speculative execution. A separate internal initializer tied to xmlParserInit is used to create the mutex used for synchronization, similarly to how catalog.c works. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

63f98ee8

2025-06-25T14:27:37

tests: Skip functions taking va_lists in testapi.c See !325.

d4355722

2025-06-25T13:45:32

xmllint: Print document even in case of XInclude errors Keep printing the document while still reporting XInclude errors to match the old behavior.

413cdfb3

2025-06-25T12:37:37

html: Fix push parsing of doctype decls Don't set state to "content" as we might still be in "misc" or "prolog".

ad0f5d27

2025-06-24T13:02:13

tree: Fix xmlGetNodePath - Fix quadratic behavior - Don't truncate names Fixes #715.

22246f21

2025-06-23T22:49:28

schemas: Fix compilation with pre-C99 MSVC Regressed with f307237e. Fixes #944.

7cfa3a26

2025-06-22T22:52:47

reader: Remove unused member xinclude_name

6c5b5552

2025-06-22T22:49:58

debug: Remove obsolete handling of special case The "nbktext" code was removed.

24628f25

2025-06-22T22:18:36

valid: Don't store attribute defaults in dictionary In general, we should only use dicts for names and not values.

600742f0

2025-06-22T20:18:40

valid: Unconst local variable in xmlValidateElement

7c913850

2025-06-22T20:12:48

parser: Remove unnecessary dict checks when freeing strings The following strings are never allocated from a dict: - xmlParserCtxt.version - xmlParserCtxt.encoding - xmlParserCtxt.extSubURI - xmlParserCtxt.extSubSystem - xmlDoc.version - xmlDoc.encoding - xmlDoc.URL - xmlDTD.ExternalID - xmlDTD.SystemID - xmlID.value Also make the struct members point to non-const chars to avoid casts when freeing.

607708b3

2025-06-22T19:18:20

valid: Don't store ID values in document's dictionary ID values are unique. There's some potential for them to be reused as references, but storing them in the dictionary can make the dictionary grow in proportion to the document. Users like lxml replace the `ids` hash table to avoid this. It seems like a good idea to stop using the dictionary for ID values.

ea91a507

2025-06-22T16:45:49

doc: Generate documentation with Doxygen 1.14 The 1.14.0 release fixes a serious bug with autolinks. Note that the downstream tests now run on Ubuntu with libxml2 and libxslt built on Arch. This seems to work but could break at a later point. Fixes #929.

3652fc28

2025-06-22T17:09:42

doc: Fix installation with newer Doxygen Newer versions don't generate PNG files anymore. Simply use *.* as wildcard.

404aedbd

2025-06-22T15:46:09

doc: Improve xmllint documentation

dd2b4091

2025-06-18T13:55:37

xmllint: Add --strict-namespace option Use xmlCtxtGetStatus() after parsing. If status indicates a namespace error while the --strict-namespace option is enabled, xmllint will exit with XMLLINT_ERR_RDFILE error Fixes #698

bf26cf9d

2025-06-20T21:24:44

xmllint: Replace boolean application options with single flag member Take all of the boolean application options and create a bitmask for each of them. Then use just a single unsigned member to keep track off all of them (regardless of precompile directives)

be812e1e

2025-06-20T19:34:12

xmllint: Rename options -> parseOptions Make it more obvious the options are related to XML parsing

e7802738

2025-06-22T14:39:28

parser: Don't load external content if only XML_SKIP_IDS is set At some point, the `loadsubset` member was augmented to also control handling of ID attributes in addition to loading of external DTDs. These two features are unrelated and shouldn't have been mixed. This mistake was probably inspired by the misnamed XML_DETECT_IDS flag. As a side effect, setting XML_SKIP_IDS always enabled loading of external DTDs and parameter entities. This change makes it possible to ignore IDs without loading external content. This is a deliberate API change that improves security and is unlikely to affect users. This also makes sure that the new XML_PARSE_SKIP_IDS option doesn't enable unsafe behavior.

b424bae7

2025-06-22T13:46:16

html: Fix pull-parsing of initial comments and doctype decls - Parse more bogus comments and multiple doctype declarations before switching to content. - Grow buffer after parsing comment.

1c96d5ef

2025-06-21T15:08:07

parser: Add comment in xmlStopParser

7e381842

2025-06-18T16:24:44

include: s/char const/const char/

19139061

2025-06-18T16:20:46

include: Define XMLPUBVAR directly Using an intermediate macro confuses newer Doxygen versions for some reason.

a4d25b3d

2025-06-18T16:00:57

doc: Small fixes

cf4f9672

2025-06-21T11:16:39

Add XML_PARSE_SKIP_IDS to replace XML_SKIP_IDS Mark loadset member as deprecated Fixes #873

1dcd3df2

2025-06-20T23:46:46

parser: Fix xmlCtxtIsStopped Make xmlCtxtIsStopped check for fatal errors as well. This makes it easier to migrate away from disableSAX.

9c6eebac

2025-06-20T22:22:03

xmllint: Fix --xinclude --path Use resource loader for XInclude. Regressed with f96dca9c.

2963a0f1

2025-06-20T21:41:24

tree: Undeprecate some members used by libxslt

477f9c6b

2025-06-18T13:48:55

Fix CMake iconv handling after change to private dependency

a3992815

2025-06-12T13:51:37

parser: Fix buffer overflow when parsing PublicIds Regressed with 8231c0366 and 30665ae4.

30665ae4

2025-06-11T18:09:41

parser: Fix parsing of PublicIds and VersionNums Regressed in 8231c0366. Fixes #940.

852b070f

2025-06-10T18:47:59

Change comment style

bb7169b5

2025-06-10T18:34:44

Fix relaxng is parsed to an infinite attrs->next loop Test data for the bug.

f428bdd1

2025-06-08T16:43:38

xmllint: Make output options depend on LIBXML_OUTPUT_ENABLED

3e47ceeb

2025-06-08T14:57:56

xmllint: Warn about options with no effect

2ffb8c96

2025-06-08T14:58:29

doc: Improve xmllint documentation Group more options. Clarify effect of some parser options. Mention streaming validation with `--sax`. Remove references to libxml(3).

6b50d8c8

2025-06-08T13:05:22

html: Add missing call to grow parser in htmlParseComment Otherwise, long chains of short comments could exhaust the input buffer when pull parsing.

70335c41

2025-06-06T03:29:57

html: Don't stop on unsupported encoding Continue to parse unlike in the XML case.

416da89d

2025-06-04T20:49:16

html: Make htmlCtxtReset call xmlCtxtReset The two implementations shouldn't diverge.

fa81e849

2025-06-04T20:42:39

xmllint: Fix --memory --repeat Always reset parser context. Should fix #937.

220c813e

2025-06-03T23:33:02

globals: Fix documentation of xmlThrDef* functions

7e08d93c

2025-06-03T23:32:41

doc: Improve documentation of tree data types

86cf217d

2025-06-03T19:35:03

build: Disable Schematron support by default

8da19f23

2025-06-03T16:36:40

doc: Add more warnings to xmlCleanupParser

7e4247b2

2025-06-05T21:28:31

parser: use XML_INT_TO_PTR when storing integers as pointers This fixes warnings when using a CHERI-aware toolchain.

c6206c93

2025-06-05T21:06:11

html: Ignore ASCII-incompatible encoding in meta tag After successfully parsing an ASCII-encoded meta tag, switching to an encoding that isn't ASCII-compatible cannot work.

2b6b3945

2025-06-03T16:12:56

Revert "SAX1: Align handling of default attributes with SAX2" This reverts commit db65b2fc51ef0d6e4d2e9dc65ba12fe948da49f3. This didn't check for duplicate default attributes.

30375877

2025-06-03T15:50:54

parser: Fix custom SAX parsers without cdataBlock handler Use characters handler if cdataBlock handler is NULL. Regressed with 57e4bbd8. Should fix #934.

kc3-lang/libxml2

Log