As planned the release is now available at the usual place tagged in git and signed tarballs and rpms are at:
ftp://xmlsoft.org/libxml2/ With 162 patch that's a rather large release, including a lot of bug fixes, especially security fixes, the last one CVE-2014-3660 is a variant of the billion laugh entity DOS which escaped the initial set of patches. A lot of work has been done on portability, various issues with python3, Windows and the native port for OS400. There is still some improvement too, and documentation updates: Security: - Fix for CVE-2014-3660 billion laugh variant (Daniel Veillard) - CVE-2014-0191 Do not fetch external parameter entities (Daniel Veillard) Bug Fixes: - fix memory leak xml header encoding field with XML_PARSE_IGNORE_ENC (Bart De Schuymer) - xmlmemory: handle realloc properly (Yegor Yefremov) - Python generator bug raised by the const change (Daniel Veillard) - Windows Critical sections not released correctly (Daniel Veillard) - Parser error on repeated recursive entity expansion containing < (Daniel Veillard) - xpointer : fixing Null Pointers (Gaurav Gupta) - Remove Unnecessary Null check in xpointer.c (Gaurav Gupta) - parser bug on misformed namespace attributes (Dennis Filder) - Pointer dereferenced before null check (Daniel Veillard) - Leak of struct addrinfo in xmlNanoFTPConnect() (Gaurav Gupta) - Possible overflow in HTMLParser.c (Daniel Veillard) - python/tests/sync.py assumes Python dictionaries are ordered (John Beck) - Fix Enum check and missing break (Gaurav Gupta) - xmlIO: Handle error returns from dup() (Philip Withnall) - Fix a problem properly saving URIs (Daniel Veillard) - wrong error column in structured error when parsing attribute values (Juergen Keil) - wrong error column in structured error when skipping whitespace in xml decl (Juergen Keil) - no error column in structured error handler for xml schema validation errors (Juergen Keil) - Couple of Missing Null checks (Gaurav Gupta) - Add couple of missing Null checks (Daniel Veillard) - xmlschemastypes: Fix potential array overflow (Philip Withnall) - runtest: Fix a memory leak on parse failure (Philip Withnall) - xmlIO: Fix an FD leak on gzdopen() failure (Philip Withnall) - xmlcatalog: Fix a memory leak on quit (Philip Withnall) - HTMLparser: Correctly initialise a stack allocated structure (Philip Withnall) - Check for tmon in _xmlSchemaDateAdd() is incorrect (David Kilzer) - Avoid Possible Null Pointer in trio.c (Gaurav Gupta) - Fix processing in SAX2 in case of an allocation failure (Daniel Veillard) - XML Shell command "cd" does not handle "/" at end of path (Daniel Veillard) - Fix various Missing Null checks (Gaurav Gupta) - Fix a potential NULL dereference (Daniel Veillard) - Add a couple of misisng check in xmlRelaxNGCleanupTree (Gaurav Gupta) - Add a missing argument check (Gaurav Gupta) - Adding a check in case of allocation error (Gaurav Gupta) - xmlSaveUri() incorrectly recomposes URIs with rootless paths (Dennis Filder) - Adding some missing NULL checks (Gaurav) - Fixes for xmlInitParserCtxt (Daniel Veillard) - Fix regressions introduced by CVE-2014-0191 patch (Daniel Veillard) - erroneously ignores a validation error if no error callback set (Daniel Veillard) - xmllint was not parsing the --c14n11 flag (Sérgio Batista) - Avoid Possible null pointer dereference in memory debug mode (Gaurav) - Avoid Double Null Check (Gaurav) - Restore context size and position after XPATH_OP_ARG (Nick Wellnhofer) - Fix xmlParseInNodeContext() if node is not element (Daniel Veillard) - Avoid a possible NULL pointer dereference (Gaurav) - Fix xmlTextWriterWriteElement when a null content is given (Daniel Veillard) - Fix an typo 'onrest' in htmlScriptAttributes (Daniel Veillard) - fixing a ptotential uninitialized access (Daniel Veillard) - Fix an fd leak in an error case (Daniel Veillard) - Missing initialization for the catalog module (Daniel Veillard) - Handling of XPath function arguments in error case (Nick Wellnhofer) - Fix a couple of missing NULL checks (Gaurav) - Avoid a possibility of dangling encoding handler (Gaurav) - Fix HTML push parser to accept HTML_PARSE_NODEFDTD (Arnold Hendriks) - Fix a bug loading some compressed files (Mike Alexander) - Fix XPath node comparison bug (Gaurav) - Type mismatch in xmlschemas.c (Gaurav) - Type mismatch in xmlschemastypes.c (Gaurav) - Avoid a deadcode in catalog.c (Daniel Veillard) - run close socket on Solaris, same as we do on other platforms (Denis Pauk) - Fix pointer dereferenced before null check (Gaurav) - Fix a potential NULL dereference in tree code (Daniel Veillard) - Fix potential NULL pointer dereferences in regexp code (Gaurav) - xmllint --pretty crashed without following numeric argument (Tim Galeckas) - Fix XPath expressions of the form '@ns:*' (Nick Wellnhofer) - Fix XPath '//' optimization with predicates (Nick Wellnhofer) - Clear up a potential NULL dereference (Daniel Veillard) - Fix a possible NULL dereference (Gaurav) - Avoid crash if allocation fails (Daniel Veillard) - Remove occasional leading space in XPath number formatting (Daniel Veillard) - Fix handling of mmap errors (Daniel Veillard) - Catch malloc error and exit accordingly (Daniel Veillard) - missing else in xlink.c (Ami Fischman) - Fix a parsing bug on non-ascii element and CR/LF usage (Daniel Veillard) - Fix a regression in xmlGetDocCompressMode() (Daniel Veillard) - properly quote the namespace uris written out during c14n (Aleksey Sanin) - Remove premature XInclude check on URI being relative (Alexey Neyman) - Fix missing break on last() function for attributes (dcb) - Do not URI escape in server side includes (Romain Bondue) - Fix an error in xmlCleanupParser (Alexander Pastukhov) Documentation: - typo in error messages "colon are forbidden from..." (Daniel Veillard) - Fix a link to James SAX documentation old page (Daniel Veillard) - Fix typos in relaxng.c (Jan Pokorný) - Fix a doc typo (Daniel Veillard) - Fix typos in {tree,xpath}.c (errror) (Jan Pokorný) - Add limitations about encoding conversion (Daniel Veillard) - Fix typos in xmlschemas{,types}.c (Jan Pokorný) - Fix incorrect spelling entites->entities (Jan Pokorný) - Forgot to document 2.9.1 release, regenerate docs (Daniel Veillard) Portability: - AC_CONFIG_FILES and executable bit (Roumen Petrov) - remove HAVE_CONFIG_H dependency in testlimits.c (Roumen Petrov) - fix some tabs mixing incompatible with python3 (Roumen Petrov) - Visual Studio 14 CTP defines snprintf() (Francis Dupont) - OS400: do not try to copy unexisting doc files (Patrick Monnerat) - OS400: use either configure.ac or configure.in. (Patrick Monnerat) - os400: make-src.sh: create physical file with target CCSID (Patrick Monnerat) - OS400: Add some more C macros equivalent procedures. (Patrick Monnerat) - OS400: use C macros to implement equivalent RPG support procedures. (Patrick Monnerat) - OS400: implement XPath macros as procedures for ILE/RPG support. (Patrick Monnerat) - OS400: include in distribution tarball. (Patrick Monnerat) - OS400: Add README: compilation directives and OS/400 specific stuff. (Patrick Monnerat) - OS400: Add compilation scripts. (Patrick Monnerat) - OS400: ILE RPG language header files. (Patrick Monnerat) - OS400: implement some macros as functions for ILE/RPG language support (that as no macros). (Patrick Monnerat) - OS400: UTF8<-->EBCDIC wrappers for system and external library calls (Patrick Monnerat) - OS400: Easy character transcoding support (Patrick Monnerat) - OS400: iconv functions compatibility wrappers and table builder. (Patrick Monnerat) - OS400: create architecture directory. Implement dlfcn emulation. (Patrick Monnerat) - Fix building when configuring without xpath and xptr (Daniel Veillard) - configure: Add --with-python-install-dir (Jonas Eriksson) - Fix compilation with minimum and xinclude. (Nicolas Le Cam) - Compile out use of xmlValidateNCName() when not available. (Nicolas Le Cam) - Fix compilation with minimum and schematron. (Nicolas Le Cam) - Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). (Nicolas Le Cam) - Don't use xmlValidateName() when not available. (Nicolas Le Cam) - Fix a portability issue on Windows (Longstreth Jon) - Various portability patches for OpenVMS (Jacob (Jouk) Jansen) - Use specific macros for portability to OS/400 (Patrick Monnerat) - Add macros needed for OS/400 portability (Patrick Monnerat) - Portability patch for fopen on OS/400 (Patrick Monnerat) - Portability fixes for OS/400 (Patrick Monnerat) - Improve va_list portability (Patrick Monnerat) - Portability fix (Patrick Monnerat) - Portability fix (Patrick Monnerat) - Generic portability fix (Patrick Monnerat) - Shortening lines in headers (Patrick Monnerat) - build: Use pkg-config to find liblzma in preference to AC_CHECK_LIB (Philip Withnall) - build: Add @LZMA_LIBS@ to libxml’s pkg-config files (Philip Withnall) - fix some tabs mixing incompatible with python3 (Daniel Veillard) - add additional defines checks for support "./configure --with-minimum" (Denis Pauk) - Another round of fixes for older versions of Python (Arfrever Frehtes Taifersar Arahesis) - python: fix drv_libxml2.py for python3 compatibility (Alexandre Rostovtsev) - python: Fix compiler warnings when building python3 bindings (Armin K) - Fix for compilation with python 2.6.8 (Petr Sumbera) Improvements: - win32/libxml2.def.src after rebuild in doc (Roumen Petrov) - elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() (Roumen Petrov) - elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode (Roumen Petrov) - Provide cmake module (Samuel Martin) - Fix a couple of issues raised by make dist (Daniel Veillard) - Fix and add const qualifiers (Kurt Roeckx) - Preparing for upcoming release of 2.9.2 (Daniel Veillard) - Fix zlib and lzma libraries check via command line (Dmitriy) - wrong error column in structured error when parsing end tag (Juergen Keil) - doc/news.html: small update to avoid line join while generating NEWS. (Patrick Monnerat) - Add methods for python3 iterator (Ron Angeles) - Support element node traversal in document fragments. (Kyle VanderBeek) - xmlNodeSetName: Allow setting the name to a substring of the currently set name (Tristan Van Berkom) - Added macros for argument casts (Eric Zurcher) - adding init calls to xml and html Read parsing entry points (Daniel Veillard) - Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c (Jan Pokorný) - Implement choice for name classes on attributes (Shaun McCance) - Two small namespace tweaks (Daniel Veillard) - xmllint --memory should fail on empty files (Daniel Veillard) - Cast encoding name to char pointer to match arg type (Nikolay Sivov) Cleanups: - Removal of old configure.in (Daniel Veillard) - Unreachable code in tree.c (Gaurav Gupta) - Remove a couple of dead conditions (Gaurav Gupta) - Avoid some dead code and cleanup in relaxng.c (Gaurav) - Drop not needed checks (Denis Pauk) - Fix a wrong test (Daniel Veillard) Thanks everybody for your contributions to this release, be it with bug reports, suggestions, patches or documentation, now enjoy the new release ! Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veill...@redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ _______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org https://mail.gnome.org/mailman/listinfo/xml