Re: [xml] Availability of libxml2-2.9.4

2016-05-23 Thread Daniel Veillard 
On Mon, May 23, 2016 at 11:59:55AM +0100, Pete Cordell wrote:
> On 23/05/2016 09:15, Daniel Veillard wrote:
> > (sorry Pete, didn't managed to fix the regexp issue
> > yet :-\ )
> 
> 
> One outa two ain't bad (to quote Meatloaf - kinda!) :-)  Thanks for trying.
> 
> Perhaps more importantly, did you get the patch with the test and results in
> there, or do I need to send it again?

  I got your patch fine but without the main fix, I didn't try to apply it,

   thanks !

Daniel

-- 
Daniel Veillard  | Open Source and Standards, Red Hat
veill...@redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/
___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

Re: [xml] Availability of libxml2-2.9.4

2016-05-23 Thread Pete Cordell 

On 23/05/2016 09:15, Daniel Veillard wrote:

(sorry Pete, didn't managed to fix the regexp issue
yet :-\ )



One outa two ain't bad (to quote Meatloaf - kinda!) :-)  Thanks for trying.

Perhaps more importantly, did you get the patch with the test and 
results in there, or do I need to send it again?


Pete Cordell
___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

[xml] Availability of libxml2-2.9.4

2016-05-23 Thread Daniel Veillard 
  So it took me one more week than expected to get there, but the
release is done, it's gatted in git, and signed tarball and rpms are
available at the usual place:

  ftp://xmlsoft.org/libxml2/

This is a big release, and includes a number of security patches (which
is why that took longer than expected), there is also a significant number
of 'normal' bug fixes (sorry Pete, didn't managed to fix the regexp issue
yet :-\ ) and a fair number of portability fixes including massive patch set
from Patrick for OS400.

Security:
- More format string warnings with possible format string vulnerability (David 
Kilzer)
- Avoid building recursive entities (Daniel Veillard)
- Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde)
- Heap-based buffer-underreads due to xmlParseName (David Kilzer)
- Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde)
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral 
(Pranjal Jumde)
- Fix some format string warnings with possible format string vulnerability 
(David Kilzer)
- Detect change of encoding when parsing HTML names (Hugh Davenport)
- Fix inappropriate fetch of entities content (Daniel Veillard)
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey 
 (Pranjal Jumde)
- Bug 758605: Heap-based buffer overread in xmlDictAddString 
 (Pranjal Jumde)
- Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal 
 (David Kilzer)
- Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup 
 (Pranjal Jumde)
- Add missing increments of recursion depth counter to XML parser. (Peter 
Simons)

Documentation:
- Fix typo: s{ ec -> cr }cipt (Jan Pokorný)
- Fix typos: dictio{ nn -> n }ar{y,ies} (Jan Pokorný)
- Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } (Jan Pokorný)
- Correct a typo. (Shlomi Fish)

Portability:
- Correct the usage of LDFLAGS (Mattias Hansson)
- Revert the use of SAVE_LDFLAGS in configure.ac (Mattias Hansson)
- libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles (Mike 
Frysinger)
- Fix apibuild for a recently added construct (Daniel Veillard)
- Use pkg-config to locate zlib when possible (Stewart Brodie)
- Use pkg-config to locate ICU when possible (Stewart Brodie)
- Portability to non C99 compliant compilers (Patrick Monnerat)
- dict.h: Move xmlDictPtr definition before includes to allow direct inclusion. 
(Patrick Monnerat)
- os400: tell about xmllint and xmlcatalog in README400. (Patrick Monnerat)
- os400: properly process SGML add in XMLCATALOG command. (Patrick Monnerat)
- os400: implement CL command XMLCATALOG. (Patrick Monnerat)
- os400: compile and install program xmlcatalog (qshell-only). (Patrick 
Monnerat)
- os400: expand tabs in sources, strip trailing blanks. (Patrick Monnerat)
- os400: implement CL command XMLLINT. (Patrick Monnerat)
- os400: compile and install program xmllint (qshell-only). (Patrick Monnerat)
- os400: initscript make_module(): Use options instead of positional 
parameters. (Patrick Monnerat)
- os400: c14n.rpgle: allow *omit for nullable reference parameters. (Patrick 
Monnerat)
- os400: use like() for double type. (Patrick Monnerat)
- os400: use like() for int type. (Patrick Monnerat)
- os400: use like() for unsigned int type. (Patrick Monnerat)
- os400: use like() for enum types. (Patrick Monnerat)
- Add xz to xml2-config --libs output (Baruch Siach)
- Bug 760190: configure.ac should be able to build --with-icu without 
icu-config tool  (David 
Kilzer)
- win32\VC10\config.h and VS 2015 (Bruce Dawson)
- Add configure maintainer mode (orzen)

Bug Fixes:
- Avoid an out of bound access when serializing malformed strings (Daniel 
Veillard)
- Unsigned addition may overflow in xmlMallocAtomicLoc() (David Kilzer)
- Integer signed/unsigned type mismatch in xmlParserInputGrow() (David Kilzer)
- Bug 763071: heap-buffer-overflow in xmlStrncat 
 (Pranjal Jumde)
- Integer overflow parsing port number in URI (Michael Paddon)
- Fix an error with regexp on nullable counted char transition (Daniel Veillard)
- Fix memory leak with XPath namespace nodes (Nick Wellnhofer)
- Fix namespace axis traversal (Nick Wellnhofer)
- Fix null pointer deref in docs with no root element (Hugh Davenport)
- Fix XSD validation of URIs with ampersands (Alex Henrie)
- xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of 
day" and should not cause an error. (Patrick Monnerat)
- xmlcatalog: flush stdout before interactive shell input. (Patrick Monnerat)
- xmllint: flush stdout before interactive shell input. (Patrick Monnerat)
- Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression (Nick Wellnhofer)
- Fix namespace::node() XPath expression (Nick Wellnhofer)
- Fix OOB write in

Re: [xml] Availability of libxml2-2.9.4 release candidate 2

2016-05-12 Thread Patrick Monnerat 

On 05/09/2016 04:56 AM, Daniel Veillard wrote:

As planned I tagged in git a release candidate 2, and pushed to the
server the signed tarball and rpms for rc2:
  
 ftp://xmlsoft.org/xml/




RC2 compiles and runs perfectly on OS/400. I have nothing more to change 
yet.


Thanks a lot.
Patrick
___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

Re: [xml] Availability of libxml2-2.9.4 release candidate 2

2016-05-09 Thread Roumen Petrov 

Hi Daniel,

Daniel Veillard wrote:

As planned I tagged in git a release candidate 2, and pushed to the
server the signed tarball and rpms for rc2:

 ftp://xmlsoft.org/xml/

I will run this on my machine until the release and try to see if there
is any nastyness popping up. I suggest others to do so too for their workload !

   I still have pending patches, but most likely next week end I will push the
final 2.9.4, if things don't look nice I may push an rc3 instead.

Please give it some testing and report,

I note a minor documentation issue :
- patch "Fix typos: dictio{ nn -> n }ar{y,ies}" does not modify "xml.html"

No issues with build and tests.

Regard,
Roumen


___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

Re: [xml] Availability of libxml2-2.9.4 release candidate 2 - regexp

2016-05-09 Thread Pete Cordell 

On 09/05/2016 13:55, Daniel Veillard wrote:

On Mon, May 09, 2016 at 11:35:28AM +0100, Pete Cordell wrote:

On 09/05/2016 10:26, Daniel Veillard wrote:
Is this OK?  I used git format-patch.  I'm new to submitting diffs!  If you
want another format let me know.


Yup, just add it as an attachment instead, it's easier to process and avoid
mail agents and tools to mess with the content. Also would need to results ;-)


Hopefully the attached is better...

Pete.
Date: Mon, 9 May 2016 11:08:26 +0100
Subject: [PATCH] Additional regexp test vectors

---
 result/regexp/multiple-rollback-paths |  2 ++
 result/regexp/optional-as-zero-one| 15 +++
 test/regexp/multiple-rollback-paths   |  2 ++
 test/regexp/optional-as-zero-one  | 15 +++
 4 files changed, 34 insertions(+)
 create mode 100644 result/regexp/multiple-rollback-paths
 create mode 100644 result/regexp/optional-as-zero-one
 create mode 100644 test/regexp/multiple-rollback-paths
 create mode 100644 test/regexp/optional-as-zero-one

diff --git a/result/regexp/multiple-rollback-paths 
b/result/regexp/multiple-rollback-paths
new file mode 100644
index 000..84d53b7
--- /dev/null
+++ b/result/regexp/multiple-rollback-paths
@@ -0,0 +1,2 @@
+Regexp: ((2{1,2}|24)\.){2}2
+24.24.2: Fail
diff --git a/result/regexp/optional-as-zero-one 
b/result/regexp/optional-as-zero-one
new file mode 100644
index 000..9eccc6b
--- /dev/null
+++ b/result/regexp/optional-as-zero-one
@@ -0,0 +1,15 @@
+Regexp: ab?c{0,1}
+a: Ok
+ab: Ok
+abc: Ok
+ac: Ok
+Regexp: ab?c?
+a: Ok
+ab: Ok
+abc: Ok
+ac: Ok
+Regexp: ab{0,1}c{0,1}
+a: Ok
+ab: Ok
+abc: Ok
+ac: Ok
diff --git a/test/regexp/multiple-rollback-paths 
b/test/regexp/multiple-rollback-paths
new file mode 100644
index 000..eea526a
--- /dev/null
+++ b/test/regexp/multiple-rollback-paths
@@ -0,0 +1,2 @@
+=>((2{1,2}|24)\.){2}2
+24.24.2
diff --git a/test/regexp/optional-as-zero-one b/test/regexp/optional-as-zero-one
new file mode 100644
index 000..0c696f1
--- /dev/null
+++ b/test/regexp/optional-as-zero-one
@@ -0,0 +1,15 @@
+=>ab?c{0,1}
+a
+ab
+abc
+ac
+=>ab?c?
+a
+ab
+abc
+ac
+=>ab{0,1}c{0,1}
+a
+ab
+abc
+ac
-- 
2.5.3.windows.1

___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

Re: [xml] Availability of libxml2-2.9.4 release candidate 2 - regexp

2016-05-09 Thread Daniel Veillard 
On Mon, May 09, 2016 at 11:35:28AM +0100, Pete Cordell wrote:
> On 09/05/2016 10:26, Daniel Veillard wrote:
> >   Hi Pete,
> > 
> > On Mon, May 09, 2016 at 10:02:28AM +0100, Pete Cordell wrote:
> > > Thanks Daniel.  I've managed to verify that the ab?c{0,1} pattern now 
> > > works.
> > > But the following pattern still appears to fail:
> > > 
> > > =>((2{1,2}|24)\.){2}2
> > > #fails
> > > 24.24.2
> > 
> >   Right, I gave it 30mn, looked at the graph buildup, epsilon transition
> > and state reduction, and then the advance through the state machine
> > (it's a non-determinist one with rollbacks) and somehow the rollback to pick
> > 24 instead of 2{1,2} works in the first 24. occurence but not the second
> > one, didn't finished and decided to let this for after the rc2 release
> 
> Rather you than me :-)  Thanks for trying.  I mainly wanted to make sure
> that you hadn't missed it as it was buried at the end of a message after
> quite a lot of noise!

  :-)

> > > Also, I see you haven't had a chance to put the test vectors in the
> > > test/regexp dir.  If you let me know what form you'd like them in I could
> > > submit something as a patch / copy of files / whatever.
> > 
> >   a git diff with the new tests and results would be great if you can
> > provide it :-)
> 
> Is this OK?  I used git format-patch.  I'm new to submitting diffs!  If you
> want another format let me know.

Yup, just add it as an attachment instead, it's easier to process and avoid
mail agents and tools to mess with the content. Also would need to results ;-)

Daniel

> -
> 
> Date: Mon, 9 May 2016 11:08:26 +0100
> Subject: [PATCH] Additional regexp test vectors
> 
> ---
>  test/regexp/multiple-rollback-paths |  3 +++
>  test/regexp/optional-as-zero-one| 15 +++
>  2 files changed, 18 insertions(+)
>  create mode 100644 test/regexp/multiple-rollback-paths
>  create mode 100644 test/regexp/optional-as-zero-one
> 
> diff --git a/test/regexp/multiple-rollback-paths
> b/test/regexp/multiple-rollback-paths
> new file mode 100644
> index 000..98bc5c3
> --- /dev/null
> +++ b/test/regexp/multiple-rollback-paths
> @@ -0,0 +1,3 @@
> +=>((2{1,2}|24)\.){2}2
> +#fails
> +24.24.2
> diff --git a/test/regexp/optional-as-zero-one
> b/test/regexp/optional-as-zero-one
> new file mode 100644
> index 000..0c696f1
> --- /dev/null
> +++ b/test/regexp/optional-as-zero-one
> @@ -0,0 +1,15 @@
> +=>ab?c{0,1}
> +a
> +ab
> +abc
> +ac
> +=>ab?c?
> +a
> +ab
> +abc
> +ac
> +=>ab{0,1}c{0,1}
> +a
> +ab
> +abc
> +ac
> -- 
> 2.5.3.windows.1
> 
> ---
> 
> Thanks again,
> 
> Pete.

-- 
Daniel Veillard  | Open Source and Standards, Red Hat
veill...@redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/
___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

Re: [xml] Availability of libxml2-2.9.4 release candidate 2 - regexp

2016-05-09 Thread Pete Cordell 
Thanks Daniel.  I've managed to verify that the ab?c{0,1} pattern now 
works.  But the following pattern still appears to fail:


=>((2{1,2}|24)\.){2}2
#fails
24.24.2

Also, I see you haven't had a chance to put the test vectors in the 
test/regexp dir.  If you let me know what form you'd like them in I 
could submit something as a patch / copy of files / whatever.


Thanks again,

Pete.

On 09/05/2016 03:56, Daniel Veillard wrote:

   As planned I tagged in git a release candidate 2, and pushed to the
server the signed tarball and rpms for rc2:

ftp://xmlsoft.org/xml/

   I will run this on my machine until the release and try to see if there
is any nastyness popping up. I suggest others to do so too for their workload !

  I still have pending patches, but most likely next week end I will push the
final 2.9.4, if things don't look nice I may push an rc3 instead.

   Please give it some testing and report,

 thanks !

Daniel


___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

[xml] Availability of libxml2-2.9.4 release candidate 2

2016-05-08 Thread Daniel Veillard 
   As planned I tagged in git a release candidate 2, and pushed to the
server the signed tarball and rpms for rc2:
 
ftp://xmlsoft.org/xml/
 
   I will run this on my machine until the release and try to see if there
is any nastyness popping up. I suggest others to do so too for their workload !

  I still have pending patches, but most likely next week end I will push the
final 2.9.4, if things don't look nice I may push an rc3 instead.

   Please give it some testing and report,

 thanks !

Daniel

-- 
Daniel Veillard  | Open Source and Standards, Red Hat
veill...@redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/
___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

Re: [xml] Availability of libxml2-2.9.4 release candidate 1

2016-05-08 Thread Daniel Veillard 
On Wed, May 04, 2016 at 01:05:23PM +0100, Stewart Brodie wrote:
> Daniel Veillard  wrote:
> 
> >   So as said a few weeks ago, I'm starting the process for a new release,
> > I tagged in git a release candidate 1, and pushed to the server the
> > signed tarball and rpms for rc1:
> > 
> >ftp://xmlsoft.org/xml/
> > 
> >   I will run this on my machine for the newxt few weeks, and see if there
> > is any nastyness popping up. I suggest others to do so too for their
> > workload ! I still have a number of patches pending and not commited, so
> > there will be more release candidates, at least one more next week-end,
> > and at best we can have a final release in 2 weeks, but if we need more
> > cycles, so be it !
> > 
> >   So give it some testing, thanks !
> 
> 
> This fails to cross-compile for me, due to use of icu-config and also the
> configure script finding the build machine's libz.so rather than the
> cross-compiled version when testing whether zlib is available.
> 
> 
> I raised bug 765979 for this, and attached patches there directly that
> resolve the issue for me.
> 
> 
> These are actually be long-standing issues rather than new problems since
> the 2.9.3 release. I've been patching the icu-config usage out of the
> configure script in 2.9.1 for ages, but the zlib problem was new in 2.9.2 (I
> think - we just jumped from 2.9.1 to 2.9.3 last week, which caused some of
> our builds to all keel over)
> 

  Okay, since the patches fallback to the previous code if pkg-config step
fails I think this is the best way to handle this, so pushed and applied

https://git.gnome.org/browse/libxml2/commit/?id=3d75c2e82806955542a41ff62a5be25e04287d89

https://git.gnome.org/browse/libxml2/commit/?id=45f0abd4278776e1c12df38672b8d20a3cc471a8

 Thanks !

Daniel

-- 
Daniel Veillard  | Open Source and Standards, Red Hat
veill...@redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/
___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

Re: [xml] Availability of libxml2-2.9.4 release candidate 1

2016-05-04 Thread Stewart Brodie 
Daniel Veillard  wrote:

>   So as said a few weeks ago, I'm starting the process for a new release,
> I tagged in git a release candidate 1, and pushed to the server the
> signed tarball and rpms for rc1:
> 
>ftp://xmlsoft.org/xml/
> 
>   I will run this on my machine for the newxt few weeks, and see if there
> is any nastyness popping up. I suggest others to do so too for their
> workload ! I still have a number of patches pending and not commited, so
> there will be more release candidates, at least one more next week-end,
> and at best we can have a final release in 2 weeks, but if we need more
> cycles, so be it !
> 
>   So give it some testing, thanks !


This fails to cross-compile for me, due to use of icu-config and also the
configure script finding the build machine's libz.so rather than the
cross-compiled version when testing whether zlib is available.


I raised bug 765979 for this, and attached patches there directly that
resolve the issue for me.


These are actually be long-standing issues rather than new problems since
the 2.9.3 release. I've been patching the icu-config usage out of the
configure script in 2.9.1 for ages, but the zlib problem was new in 2.9.2 (I
think - we just jumped from 2.9.1 to 2.9.3 last week, which caused some of
our builds to all keel over)


-- 
Stewart Brodie
Senior Software Engineer
Espial UK
___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml

[xml] Availability of libxml2-2.9.4 release candidate 1

2016-05-01 Thread Daniel Veillard 
  So as said a few weeks ago, I'm starting the process for a new release,
I tagged in git a release candidate 1, and pushed to the server the
signed tarball and rpms for rc1:

   ftp://xmlsoft.org/xml/

  I will run this on my machine for the newxt few weeks, and see if there
is any nastyness popping up. I suggest others to do so too for their workload !
I still have a number of patches pending and not commited, so there will be
more release candidates, at least one more next week-end, and at best we can
have a final release in 2 weeks, but if we need more cycles, so be it !

  So give it some testing, thanks !

Daniel

-- 
Daniel Veillard  | Open Source and Standards, Red Hat
veill...@redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/
___
xml mailing list, project page  http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml