kmx git

Commit	Date	Message
f77ec16d	2024-09-12T01:45:34	html: Optimize htmlParseCharData
440bd64c	2024-09-12T04:01:38	html: Optimize htmlParseHTMLName
6040785a	2024-09-12T23:12:01	html: Deprecate AutoClose API
76cc6394	2024-09-12T01:43:42	test: Fix XML_PARSE_HTML constant
575be6c1	2024-09-12T01:40:07	html: Fix line numbers with CRs
188cad68	2024-09-12T02:51:20	html: Remove obsolete content model
be874d78	2024-09-11T19:47:07	html: Ignore unexpected DOCTYPE declarations
462bf0b7	2024-09-11T19:06:06	html: Rework options Introduce htmlCtxtSetOptions, see similar changes made to XML parser. Add HTML_PARSE_HUGE alias. Support HTML_PARSE_BIG_LINES.
c34d0ae9	2024-09-12T23:50:20	html: Deprecate htmlIsBooleanAttr
0144f662	2024-09-12T02:30:10	html: Remove obsolete code
16de1346	2024-09-11T19:05:38	parser: Make new options actually work
42c3823d	2024-09-11T19:05:09	html: Update comment
0ce7bfe5	2024-09-12T01:44:18	html: Try to avoid passing XML options to HTML parser
9f04cce6	2024-09-11T17:43:07	html: Remove unused or useless return codes htmlParseStartTag should always succeed (except for malloc failures).
e179f3ec	2024-09-11T17:29:59	html: Stop reporting syntax errors It doesn't make much sense to keep the old syntax error handling which doesn't conform to HTML5. Handling HTML5 parser errors is rather involved and not essential for parsers.
c6af1017	2024-09-08T20:45:48	html: Test tokenizer against html5lib test suite
0d324bde	2024-09-07T03:45:09	html: Simplify node info accounting
ccb61f59	2024-09-07T03:15:50	html: Remove duplicate calls to htmlAutoClose
27752f75	2024-09-11T15:06:55	html: Fix EOF handling in start tags
e1834745	2024-09-07T00:54:25	html: Add character data tests
f9ed30e9	2024-09-06T17:49:04	html: HTML5 character data states
b19d3539	2024-09-11T15:03:49	html: Fix EOF handling in comments
59511792	2024-09-03T15:52:44	html: Parse named character references according to HTML5
d5cd0f07	2022-07-15T17:00:36	html: Prefer SKIP(1) over NEXT in HTML parser Use SKIP(1) where it's safe to avoid a function call.
17e56ac5	2024-09-11T14:24:58	html: Fix parsing of end tags
dc2d4983	2023-05-04T17:47:38	html: Rework htmlLookupSequence Rename to htmlLookupString and use strstr for increased performance.
637215a4	2023-05-04T17:16:51	html: Always terminate doctype declarations on '>' Align with HTML5 spec. This allows to remove the old quote handling in htmlLookupSequence.
24a09033	2024-09-09T02:53:14	html: Fix bogus end tags
72e29f9a	2023-05-04T17:03:22	html: Fix quadratic behavior in push parser Fix quadratic behavior related to unquoted attribute values. We really have to replicate parts of the HTML5 state machine to find the end of tags relibably. Fixes #533.
a80f8b64	2023-05-04T15:59:31	html: Allow attributes in end tags Attribute are syntactically allowed in HTML5 end tags but otherwise ignored.
bca64854	2024-09-09T02:30:18	html: Allow U+000C FORM FEED as whitespace
f2272c23	2023-05-04T15:33:27	html: Handle unexpected-solidus-in-tag according to HTML5
939b53ee	2023-05-04T15:25:24	html: Stop skipping tag content Tag and attributes names should always be parsed succesfully now.
6edf1a64	2024-09-09T02:09:20	html: Fix DOCTYPE parsing
dcb2abb2	2023-05-04T15:16:29	html: Parse tag and attribute names according to HTML5 HTML5 allows bascially all characters in tag and attribute names.
9678163f	2024-09-09T02:01:19	html: Don't check for valid XML characters
a6955c13	2024-09-08T23:19:49	html: Parse numeric character references according to HTML5
4eeac309	2024-09-08T22:20:20	html: Start to fix EOF and U+0000 handling
e062a4a9	2024-09-08T20:40:36	html: Add HTML5 parser option This option passes tokenizer output directly to the SAX callbacks, making it possible to test the tokenizer against the html5lib test suite. This will produce unbalanced calls to the startElement and endElement callbacks, but it's the only way to support a SAX like interface for HTML5. It can be used for filtering or rewriting HTML5, for example. A HTML5 tree builder could then be implemented on top of the SAX callbacks.
17da54c5	2024-09-08T19:16:12	html: Normalize newlines
341dc78f	2024-09-08T19:11:14	html: Deduplicate code in htmlCurrentChar
3adb396d	2024-09-07T15:18:13	html: Parse bogus comments instead of ignoring them Also treat XML processing instructions as bogus comments.
84440175	2024-09-07T14:21:12	html: Add missing calls to htmlCheckParagraph()
86d6b9b0	2024-09-07T04:18:06	html: Deduplicate some code
d67833a3	2024-09-26T19:21:24	xmllint: Use proper type to store seconds since epoch Should avoid year 2038 problem. Fixes #801.
81d38ed0	2024-09-25T07:52:10	meson: Fix duplicate listing of libxml2.devhelp2 The duplication caused a warning when uninstalling.
b1c5aa65	2024-09-19T12:50:59	xpath: Deprecate xmlXPathNAN and xmlXPath*INF Users should simply use the C99 macros.
55ddccb6	2024-09-14T00:03:56	io: Make sure not to pass partial UTF-8 to write callback We cannot split UTF-8 at arbitrary boundaries.
c46b89e2	2024-09-13T21:06:36	xpath: Deprecate xmlXPathEvalExpr Also check the argument instead of crashing if there's no context.
03f1bdd2	2024-09-13T20:59:47	xpath: Make recursion check work with xmlXPathCompile The check for maximum recursion depth required a parser context with an xmlXPathContext which xmlXPathCompile didn't provide. All other code should already set up or require an xmlXPathContext.
dae160c6	2024-09-13T12:08:20	encoding: Fix table entry for "UTF16"
5e787401	2024-09-10T17:12:25	save: Make xmlEscapeTab signed Fixes issues in platforms where char is unsigned. Fixes #797.
6e503eb7	2024-09-10T03:32:37	encoding: Handle more ICU error codes U_ILLEGAL_ESCAPE_SEQUENCE and U_UNSUPPORTED_ESCAPE_SEQUENCE can occur with ISO-2022.
55d36c59	2024-09-10T03:11:18	encoding: Fix error code in xmlUconvConvert Broke in 46ec621e.
de10d4cd	2024-09-04T16:19:42	include: Check whether _MSC_VER is defined Should fix #795.
bd9eed46	2024-09-02T18:37:41	parser: Make unsupported encodings an error in declarations This was changed in 45157261, but in encoding declarations, unsupported encodings should raise a fatal error. Fixes #794.
40abebbc	2024-08-29T01:02:33	python: Fix SAX driver with character streams This apparently broke with Python 3.5 which introduced character streams. Fixes #790.
8ae06d52	2024-08-29T00:07:27	SAX2: Don't merge CDATA sections The Document Object Model (DOM) Level 3 Core Specification says: > Adjacent CDATASection nodes are not merged by use of the normalize > method of the Node interface. Fixes #412.
dde62ae5	2024-08-28T23:58:20	parser: Align push parsing of CDATA sections with pull parser Remove special handling of CDATA sections in push parser. This makes sure that only a single callback is generated for large sections. Fixes #22 and needed for #412.
4d10e53a	2024-08-28T22:47:20	parser: Make sure to set and increment input id Revert part of commits 410931e3 and b9d2f3c9.
6d365ca0	2024-08-28T22:09:30	doc: XML_PARSE_NO_XXE is available since 2.13.0
8ad618d2	2024-08-28T22:03:30	doc: Document all xmllint options Remove --pushsmall. Fixes #785.
67ff748c	2024-08-26T23:53:29	io: don't set the executable bit when creating files Issue seems to have been introduced in 0bef93bf24def68c448af0e71844b942e0ed93ec.
0bb0012e	2024-08-19T21:15:28	catalog: Set xmlCatalogInitialized after setting default catalog
8625db28	2024-08-19T20:02:47	xmlcatalog: Improved fix for #699
4b007878	2024-08-19T20:44:07	Revert "catalog: Fetch XML catalog before dumping" This reverts commit 723b4de04015c5acccd3cda5dd60db7d00702064.
57b92cab	2024-08-19T20:35:54	catalog: Fix regression in xmlCatalogAdd Don't load system catalog.
2abb9033	2024-08-19T17:58:47	tests: Add fallback for glob() Fix build on platforms without glob().
567f612d	2024-08-19T17:43:32	build: Check for declaration of glob() function Don't rely on presence of glob.h.
2191ccdf	2024-08-18T12:16:34	autotools: Fix EXTRA_DIST Fixes #786.
5c608609	2024-08-16T22:35:54	Eliminate false positive -Warray-bounds on some compilers This affects GCC 7.3, MinGW 7.3, and LCC 1.25 and 1.26. In some sense it reverts ad93f087.
a3043b47	2024-08-14T23:40:16	threads: define _WIN32_WINNT as 0x0600 to use InitOnceExecuteOnce()
f59da1a3	2024-08-14T23:22:59	hash: Suppress GCC 7.3 and MINGW maybe-uninitialized warning
103aadbc	2024-08-14T23:15:30	parser: Suppress EDG maybe-uninitialized warning
f2c48847	2024-08-13T14:38:07	io: Add missing calls to xmlInitParser This is required after c9a46a91. Should fix #782.
0c56eb82	2024-08-12T21:38:50	tree: Restore return value of xmlNodeListGetString with NULL list When passing a NULL list to xmlNodeListGetString or xmlNodeListGetRawString, return NULL instead of "" to match the old behavior. Fixes #783.
b45a0f0e	2024-08-06T22:34:29	nanohttp: Avoid ctype(3) misuse. fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/780
1d009fe3	2024-08-05T15:14:21	parser: Report at least one fatal error
bfed6e6a	2024-08-05T14:58:37	parser: Fix error handling after reaching limit Mark document as non-wellformed and stop parser even if error limit was reached. Regressed in abd74186.
6e1e22dc	2024-08-04T11:45:05	malloc-fail: Fix null-deref in xmlPatPushState
a530ff12	2024-07-29T14:18:57	io: Always consume encoding handler when creating output buffers Also free encoding handler in error case. Remove xmlAllocOutputBufferInternal which was identical to xmlAllocOutputBuffer.
36ea881b	2024-07-26T18:07:27	malloc-fail: Fix memory leak in xmlOutputBufferCreateFilename Close encoding handler on error.
02fcb1ef	2024-07-25T17:07:18	parser: Make xmlParseChunk return an error if parser was stopped This regressed after enhancing the disableSAX member in 2.13. Should fix #777.
bc14d70f	2024-07-25T00:26:48	xmlsave: Improve "unsupported encoding" error message Incomplete support of XML_SAVE_* error codes was removed. Error handling still needs work. xmlOutputBufferCreateFilename should return an error code.
1a893230	2024-07-06T01:03:46	[CVE-2024-40896] Fix XXE protection in downstream code Some users set an entity's children manually in the getEntity SAX callback to restrict entity expansion. This stopped working after renaming the "checked" member of xmlEntity, making at least one downstream project and its dependants susceptible to XXE attacks. See #761.
6cc2387e	2024-07-24T11:42:39	shell: Only use readline on terminals Should fix xmllint shell tests.
d04e152d	2024-07-24T11:40:01	shell: Remove access(2) checks The checks didn't handle stdout. Since unistd.h wasn't included, W_OK wasn't defined and the checks wouldn't run anyway.
aa6ca0b1	2024-07-23T03:29:41	module: Deprecate module API This was only used by libxslt which switched to a private implementation.
ec4340b8	2024-07-23T01:32:43	Update NEWS
e1291059	2024-07-22T22:22:48	build: Don't check for pthread.h The Autotools build still checks for pthread.h (and zlib.h and lzma.h) but the result isn't needed in config.h.
cc03c069	2024-07-22T22:15:09	build: Don't check for standard POSIX headers These headers should be available since early POSIX days and are required no matter what.
d7dc2eaf	2024-07-22T21:39:54	build: Don't check for dlfcn.h and dl.h It's enough to check for symbols.
7c10393f	2024-07-22T17:25:15	build: Fix config.h macros We have to emulate AC_CHECK_DECLS. Instead of leaving the macro undefined if a symbol wasn't found, it has to be set to 0.
095b3c7f	2024-07-22T15:37:13	cmake: Implement READLINE and HISTORY options
0172ffa9	2024-07-22T15:21:36	build: Only check for required headers
3ef66611	2024-07-22T14:58:16	build: Rework mmap checks Switch to AC_CHECK_DECLS/check_symbol_exists. Don't check for sys/mman.h separately. Don't check for munmap.
e1657f3f	2024-07-22T14:33:14	build: Use AC_CHECK_DECLS/check_symbol_exists for getentropy This assumes that getentropy is declared in sys/random.h. Should fix issues on iOS. See #774.
278fcf13	2024-07-22T13:02:07	buf: Limit xmlBuffer size to INT_MAX Some API functions like xmlBufUse only support ints.
6a3c0b0d	2024-07-22T12:53:00	parser: Increase XML_MAX_DICTIONARY_LIMIT This limit is somewhat arbitrary and can be reached when fuzzing documents up to 1 MB. Increase limit to 100 MB and disable limit if XML_PARSE_HUGE is set.
d2755cdb	2024-07-22T12:35:29	buf: Fix memory leak if malloc fails before xmlBufBackToBuffer Short-lived regression.

f77ec16d

2024-09-12T01:45:34

html: Optimize htmlParseCharData

440bd64c

2024-09-12T04:01:38

html: Optimize htmlParseHTMLName

6040785a

2024-09-12T23:12:01

html: Deprecate AutoClose API

76cc6394

2024-09-12T01:43:42

test: Fix XML_PARSE_HTML constant

575be6c1

2024-09-12T01:40:07

html: Fix line numbers with CRs

188cad68

2024-09-12T02:51:20

html: Remove obsolete content model

be874d78

2024-09-11T19:47:07

html: Ignore unexpected DOCTYPE declarations

462bf0b7

2024-09-11T19:06:06

html: Rework options Introduce htmlCtxtSetOptions, see similar changes made to XML parser. Add HTML_PARSE_HUGE alias. Support HTML_PARSE_BIG_LINES.

c34d0ae9

2024-09-12T23:50:20

html: Deprecate htmlIsBooleanAttr

0144f662

2024-09-12T02:30:10

html: Remove obsolete code

16de1346

2024-09-11T19:05:38

parser: Make new options actually work

42c3823d

2024-09-11T19:05:09

html: Update comment

0ce7bfe5

2024-09-12T01:44:18

html: Try to avoid passing XML options to HTML parser

9f04cce6

2024-09-11T17:43:07

html: Remove unused or useless return codes htmlParseStartTag should always succeed (except for malloc failures).

e179f3ec

2024-09-11T17:29:59

html: Stop reporting syntax errors It doesn't make much sense to keep the old syntax error handling which doesn't conform to HTML5. Handling HTML5 parser errors is rather involved and not essential for parsers.

c6af1017

2024-09-08T20:45:48

html: Test tokenizer against html5lib test suite

0d324bde

2024-09-07T03:45:09

html: Simplify node info accounting

ccb61f59

2024-09-07T03:15:50

html: Remove duplicate calls to htmlAutoClose

27752f75

2024-09-11T15:06:55

html: Fix EOF handling in start tags

e1834745

2024-09-07T00:54:25

html: Add character data tests

f9ed30e9

2024-09-06T17:49:04

html: HTML5 character data states

b19d3539

2024-09-11T15:03:49

html: Fix EOF handling in comments

59511792

2024-09-03T15:52:44

html: Parse named character references according to HTML5

d5cd0f07

2022-07-15T17:00:36

html: Prefer SKIP(1) over NEXT in HTML parser Use SKIP(1) where it's safe to avoid a function call.

17e56ac5

2024-09-11T14:24:58

html: Fix parsing of end tags

dc2d4983

2023-05-04T17:47:38

html: Rework htmlLookupSequence Rename to htmlLookupString and use strstr for increased performance.

637215a4

2023-05-04T17:16:51

html: Always terminate doctype declarations on '>' Align with HTML5 spec. This allows to remove the old quote handling in htmlLookupSequence.

24a09033

2024-09-09T02:53:14

html: Fix bogus end tags

72e29f9a

2023-05-04T17:03:22

html: Fix quadratic behavior in push parser Fix quadratic behavior related to unquoted attribute values. We really have to replicate parts of the HTML5 state machine to find the end of tags relibably. Fixes #533.

a80f8b64

2023-05-04T15:59:31

html: Allow attributes in end tags Attribute are syntactically allowed in HTML5 end tags but otherwise ignored.

bca64854

2024-09-09T02:30:18

html: Allow U+000C FORM FEED as whitespace

f2272c23

2023-05-04T15:33:27

html: Handle unexpected-solidus-in-tag according to HTML5

939b53ee

2023-05-04T15:25:24

html: Stop skipping tag content Tag and attributes names should always be parsed succesfully now.

6edf1a64

2024-09-09T02:09:20

html: Fix DOCTYPE parsing

dcb2abb2

2023-05-04T15:16:29

html: Parse tag and attribute names according to HTML5 HTML5 allows bascially all characters in tag and attribute names.

9678163f

2024-09-09T02:01:19

html: Don't check for valid XML characters

a6955c13

2024-09-08T23:19:49

html: Parse numeric character references according to HTML5

4eeac309

2024-09-08T22:20:20

html: Start to fix EOF and U+0000 handling

e062a4a9

2024-09-08T20:40:36

html: Add HTML5 parser option This option passes tokenizer output directly to the SAX callbacks, making it possible to test the tokenizer against the html5lib test suite. This will produce unbalanced calls to the startElement and endElement callbacks, but it's the only way to support a SAX like interface for HTML5. It can be used for filtering or rewriting HTML5, for example. A HTML5 tree builder could then be implemented on top of the SAX callbacks.

17da54c5

2024-09-08T19:16:12

html: Normalize newlines

341dc78f

2024-09-08T19:11:14

html: Deduplicate code in htmlCurrentChar

3adb396d

2024-09-07T15:18:13

html: Parse bogus comments instead of ignoring them Also treat XML processing instructions as bogus comments.

84440175

2024-09-07T14:21:12

html: Add missing calls to htmlCheckParagraph()

86d6b9b0

2024-09-07T04:18:06

html: Deduplicate some code

d67833a3

2024-09-26T19:21:24

xmllint: Use proper type to store seconds since epoch Should avoid year 2038 problem. Fixes #801.

81d38ed0

2024-09-25T07:52:10

meson: Fix duplicate listing of libxml2.devhelp2 The duplication caused a warning when uninstalling.

b1c5aa65

2024-09-19T12:50:59

xpath: Deprecate xmlXPathNAN and xmlXPath*INF Users should simply use the C99 macros.

55ddccb6

2024-09-14T00:03:56

io: Make sure not to pass partial UTF-8 to write callback We cannot split UTF-8 at arbitrary boundaries.

c46b89e2

2024-09-13T21:06:36

xpath: Deprecate xmlXPathEvalExpr Also check the argument instead of crashing if there's no context.

03f1bdd2

2024-09-13T20:59:47

xpath: Make recursion check work with xmlXPathCompile The check for maximum recursion depth required a parser context with an xmlXPathContext which xmlXPathCompile didn't provide. All other code should already set up or require an xmlXPathContext.

dae160c6

2024-09-13T12:08:20

encoding: Fix table entry for "UTF16"

5e787401

2024-09-10T17:12:25

save: Make xmlEscapeTab signed Fixes issues in platforms where char is unsigned. Fixes #797.

6e503eb7

2024-09-10T03:32:37

encoding: Handle more ICU error codes U_ILLEGAL_ESCAPE_SEQUENCE and U_UNSUPPORTED_ESCAPE_SEQUENCE can occur with ISO-2022.

55d36c59

2024-09-10T03:11:18

encoding: Fix error code in xmlUconvConvert Broke in 46ec621e.

de10d4cd

2024-09-04T16:19:42

include: Check whether _MSC_VER is defined Should fix #795.

bd9eed46

2024-09-02T18:37:41

parser: Make unsupported encodings an error in declarations This was changed in 45157261, but in encoding declarations, unsupported encodings should raise a fatal error. Fixes #794.

40abebbc

2024-08-29T01:02:33

python: Fix SAX driver with character streams This apparently broke with Python 3.5 which introduced character streams. Fixes #790.

8ae06d52

2024-08-29T00:07:27

SAX2: Don't merge CDATA sections The Document Object Model (DOM) Level 3 Core Specification says: > Adjacent CDATASection nodes are not merged by use of the normalize > method of the Node interface. Fixes #412.

dde62ae5

2024-08-28T23:58:20

parser: Align push parsing of CDATA sections with pull parser Remove special handling of CDATA sections in push parser. This makes sure that only a single callback is generated for large sections. Fixes #22 and needed for #412.

4d10e53a

2024-08-28T22:47:20

parser: Make sure to set and increment input id Revert part of commits 410931e3 and b9d2f3c9.

6d365ca0

2024-08-28T22:09:30

doc: XML_PARSE_NO_XXE is available since 2.13.0

8ad618d2

2024-08-28T22:03:30

doc: Document all xmllint options Remove --pushsmall. Fixes #785.

67ff748c

2024-08-26T23:53:29

io: don't set the executable bit when creating files Issue seems to have been introduced in 0bef93bf24def68c448af0e71844b942e0ed93ec.

0bb0012e

2024-08-19T21:15:28

catalog: Set xmlCatalogInitialized after setting default catalog

8625db28

2024-08-19T20:02:47

xmlcatalog: Improved fix for #699

4b007878

2024-08-19T20:44:07

Revert "catalog: Fetch XML catalog before dumping" This reverts commit 723b4de04015c5acccd3cda5dd60db7d00702064.

57b92cab

2024-08-19T20:35:54

catalog: Fix regression in xmlCatalogAdd Don't load system catalog.

2abb9033

2024-08-19T17:58:47

tests: Add fallback for glob() Fix build on platforms without glob().

567f612d

2024-08-19T17:43:32

build: Check for declaration of glob() function Don't rely on presence of glob.h.

2191ccdf

2024-08-18T12:16:34

autotools: Fix EXTRA_DIST Fixes #786.

5c608609

2024-08-16T22:35:54

Eliminate false positive -Warray-bounds on some compilers This affects GCC 7.3, MinGW 7.3, and LCC 1.25 and 1.26. In some sense it reverts ad93f087.

a3043b47

2024-08-14T23:40:16

threads: define _WIN32_WINNT as 0x0600 to use InitOnceExecuteOnce()

f59da1a3

2024-08-14T23:22:59

hash: Suppress GCC 7.3 and MINGW maybe-uninitialized warning

103aadbc

2024-08-14T23:15:30

parser: Suppress EDG maybe-uninitialized warning

f2c48847

2024-08-13T14:38:07

io: Add missing calls to xmlInitParser This is required after c9a46a91. Should fix #782.

0c56eb82

2024-08-12T21:38:50

tree: Restore return value of xmlNodeListGetString with NULL list When passing a NULL list to xmlNodeListGetString or xmlNodeListGetRawString, return NULL instead of "" to match the old behavior. Fixes #783.

b45a0f0e

2024-08-06T22:34:29

nanohttp: Avoid ctype(3) misuse. fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/780

1d009fe3

2024-08-05T15:14:21

parser: Report at least one fatal error

bfed6e6a

2024-08-05T14:58:37

parser: Fix error handling after reaching limit Mark document as non-wellformed and stop parser even if error limit was reached. Regressed in abd74186.

6e1e22dc

2024-08-04T11:45:05

malloc-fail: Fix null-deref in xmlPatPushState

a530ff12

2024-07-29T14:18:57

io: Always consume encoding handler when creating output buffers Also free encoding handler in error case. Remove xmlAllocOutputBufferInternal which was identical to xmlAllocOutputBuffer.

36ea881b

2024-07-26T18:07:27

malloc-fail: Fix memory leak in xmlOutputBufferCreateFilename Close encoding handler on error.

02fcb1ef

2024-07-25T17:07:18

parser: Make xmlParseChunk return an error if parser was stopped This regressed after enhancing the disableSAX member in 2.13. Should fix #777.

bc14d70f

2024-07-25T00:26:48

xmlsave: Improve "unsupported encoding" error message Incomplete support of XML_SAVE_* error codes was removed. Error handling still needs work. xmlOutputBufferCreateFilename should return an error code.

1a893230

2024-07-06T01:03:46

[CVE-2024-40896] Fix XXE protection in downstream code Some users set an entity's children manually in the getEntity SAX callback to restrict entity expansion. This stopped working after renaming the "checked" member of xmlEntity, making at least one downstream project and its dependants susceptible to XXE attacks. See #761.

6cc2387e

2024-07-24T11:42:39

shell: Only use readline on terminals Should fix xmllint shell tests.

d04e152d

2024-07-24T11:40:01

shell: Remove access(2) checks The checks didn't handle stdout. Since unistd.h wasn't included, W_OK wasn't defined and the checks wouldn't run anyway.

aa6ca0b1

2024-07-23T03:29:41

module: Deprecate module API This was only used by libxslt which switched to a private implementation.

ec4340b8

2024-07-23T01:32:43

Update NEWS

e1291059

2024-07-22T22:22:48

build: Don't check for pthread.h The Autotools build still checks for pthread.h (and zlib.h and lzma.h) but the result isn't needed in config.h.

cc03c069

2024-07-22T22:15:09

build: Don't check for standard POSIX headers These headers should be available since early POSIX days and are required no matter what.

d7dc2eaf

2024-07-22T21:39:54

build: Don't check for dlfcn.h and dl.h It's enough to check for symbols.

7c10393f

2024-07-22T17:25:15

build: Fix config.h macros We have to emulate AC_CHECK_DECLS. Instead of leaving the macro undefined if a symbol wasn't found, it has to be set to 0.

095b3c7f

2024-07-22T15:37:13

cmake: Implement READLINE and HISTORY options

0172ffa9

2024-07-22T15:21:36

build: Only check for required headers

3ef66611

2024-07-22T14:58:16

build: Rework mmap checks Switch to AC_CHECK_DECLS/check_symbol_exists. Don't check for sys/mman.h separately. Don't check for munmap.

e1657f3f

2024-07-22T14:33:14

build: Use AC_CHECK_DECLS/check_symbol_exists for getentropy This assumes that getentropy is declared in sys/random.h. Should fix issues on iOS. See #774.

278fcf13

2024-07-22T13:02:07

buf: Limit xmlBuffer size to INT_MAX Some API functions like xmlBufUse only support ints.

6a3c0b0d

2024-07-22T12:53:00

parser: Increase XML_MAX_DICTIONARY_LIMIT This limit is somewhat arbitrary and can be reached when fuzzing documents up to 1 MB. Increase limit to 100 MB and disable limit if XML_PARSE_HUGE is set.

d2755cdb

2024-07-22T12:35:29

buf: Fix memory leak if malloc fails before xmlBufBackToBuffer Short-lived regression.

kc3-lang/libxml2

Log