Re: [xml] Availability of libxml2-2.9.4

[Daniel Veillard]

On Mon, May 23, 2016 at 11:59:55AM +0100, Pete Cordell wrote:
> On 23/05/2016 09:15, Daniel Veillard wrote:
> > (sorry Pete, didn't managed to fix the regexp issue
> > yet :-\ )
> 
> 
> One outa two ain't bad (to quote Meatloaf - kinda!) :-)  Thanks for trying.
> 
> Perhaps more importantly, did you get the patch with the test and results in
> there, or do I need to send it again?

  I got your patch fine but without the main fix, I didn't try to apply it,

   thanks !

Daniel

-- 
Daniel Veillard  | Open Source and Standards, Red Hat
veill...@redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/
___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

Re: [xml] Availability of libxml2-2.9.4

[Pete Cordell]

On 23/05/2016 09:15, Daniel Veillard wrote:

(sorry Pete, didn't managed to fix the regexp issue
yet :-\ )



One outa two ain't bad (to quote Meatloaf - kinda!) :-)  Thanks for trying.

Perhaps more importantly, did you get the patch with the test and 
results in there, or do I need to send it again?


Pete Cordell
___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

[xml] Availability of libxml2-2.9.4

[Daniel Veillard]

  So it took me one more week than expected to get there, but the
release is done, it's gatted in git, and signed tarball and rpms are
available at the usual place:

  ftp://xmlsoft.org/libxml2/

This is a big release, and includes a number of security patches (which
is why that took longer than expected), there is also a significant number
of 'normal' bug fixes (sorry Pete, didn't managed to fix the regexp issue
yet :-\ ) and a fair number of portability fixes including massive patch set
from Patrick for OS400.

Security:
- More format string warnings with possible format string vulnerability (David 
Kilzer)
- Avoid building recursive entities (Daniel Veillard)
- Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde)
- Heap-based buffer-underreads due to xmlParseName (David Kilzer)
- Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde)
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral 
(Pranjal Jumde)
- Fix some format string warnings with possible format string vulnerability 
(David Kilzer)
- Detect change of encoding when parsing HTML names (Hugh Davenport)
- Fix inappropriate fetch of entities content (Daniel Veillard)
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey 
 (Pranjal Jumde)
- Bug 758605: Heap-based buffer overread in xmlDictAddString 
 (Pranjal Jumde)
- Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal 
 (David Kilzer)
- Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup 
 (Pranjal Jumde)
- Add missing increments of recursion depth counter to XML parser. (Peter 
Simons)

Documentation:
- Fix typo: s{ ec -> cr }cipt (Jan Pokorný)
- Fix typos: dictio{ nn -> n }ar{y,ies} (Jan Pokorný)
- Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } (Jan Pokorný)
- Correct a typo. (Shlomi Fish)

Portability:
- Correct the usage of LDFLAGS (Mattias Hansson)
- Revert the use of SAVE_LDFLAGS in configure.ac (Mattias Hansson)
- libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles (Mike 
Frysinger)
- Fix apibuild for a recently added construct (Daniel Veillard)
- Use pkg-config to locate zlib when possible (Stewart Brodie)
- Use pkg-config to locate ICU when possible (Stewart Brodie)
- Portability to non C99 compliant compilers (Patrick Monnerat)
- dict.h: Move xmlDictPtr definition before includes to allow direct inclusion. 
(Patrick Monnerat)
- os400: tell about xmllint and xmlcatalog in README400. (Patrick Monnerat)
- os400: properly process SGML add in XMLCATALOG command. (Patrick Monnerat)
- os400: implement CL command XMLCATALOG. (Patrick Monnerat)
- os400: compile and install program xmlcatalog (qshell-only). (Patrick 
Monnerat)
- os400: expand tabs in sources, strip trailing blanks. (Patrick Monnerat)
- os400: implement CL command XMLLINT. (Patrick Monnerat)
- os400: compile and install program xmllint (qshell-only). (Patrick Monnerat)
- os400: initscript make_module(): Use options instead of positional 
parameters. (Patrick Monnerat)
- os400: c14n.rpgle: allow *omit for nullable reference parameters. (Patrick 
Monnerat)
- os400: use like() for double type. (Patrick Monnerat)
- os400: use like() for int type. (Patrick Monnerat)
- os400: use like() for unsigned int type. (Patrick Monnerat)
- os400: use like() for enum types. (Patrick Monnerat)
- Add xz to xml2-config --libs output (Baruch Siach)
- Bug 760190: configure.ac should be able to build --with-icu without 
icu-config tool  (David 
Kilzer)
- win32\VC10\config.h and VS 2015 (Bruce Dawson)
- Add configure maintainer mode (orzen)

Bug Fixes:
- Avoid an out of bound access when serializing malformed strings (Daniel 
Veillard)
- Unsigned addition may overflow in xmlMallocAtomicLoc() (David Kilzer)
- Integer signed/unsigned type mismatch in xmlParserInputGrow() (David Kilzer)
- Bug 763071: heap-buffer-overflow in xmlStrncat 
 (Pranjal Jumde)
- Integer overflow parsing port number in URI (Michael Paddon)
- Fix an error with regexp on nullable counted char transition (Daniel Veillard)
- Fix memory leak with XPath namespace nodes (Nick Wellnhofer)
- Fix namespace axis traversal (Nick Wellnhofer)
- Fix null pointer deref in docs with no root element (Hugh Davenport)
- Fix XSD validation of URIs with ampersands (Alex Henrie)
- xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of 
day" and should not cause an error. (Patrick Monnerat)
- xmlcatalog: flush stdout before interactive shell input. (Patrick Monnerat)
- xmllint: flush stdout before interactive shell input. (Patrick Monnerat)
- Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression (Nick Wellnhofer)
- Fix namespace::node() XPath expression (Nick Wellnhofer)
- Fix OOB write in