It's out ! I tagged the release in git and pushed the signed tarball and rpms to the usual place:
ftp://xmlsoft.org/libxml2/ This is mostly a a security and bug fixes, most of the credit goes to Nick who wrote or reviewed most of the patches. There is a significant set of changes, but users are invited to upgrade if only to get the security fixes ! There is also portability fixes for those ever special OSes :-) Security: - Detect infinite recursion in parameter entities (Nick Wellnhofer) - Fix handling of parameter-entity references (Nick Wellnhofer) - Disallow namespace nodes in XPointer ranges (Nick Wellnhofer) - Fix XPointer paths beginning with range-to (Nick Wellnhofer) Documentation: - Documentation fixes (Nick Wellnhofer) - Spelling and grammar fixes (Nick Wellnhofer) Portability: - Adding README.zOS to list of extra files for the release (Daniel Veillard) - Description of work needed to compile on zOS (Stéphane Michaut) - Porting libxml2 on zOS encoding of code (Stéphane Michaut) - small changes for OS/400 (Patrick Monnerat) - relaxng.c, xmlschemas.c: Fix build on pre-C99 compilers (Chun-wei Fan) Bug Fixes: - Problem resolving relative URIs (Daniel Veillard) - Fix unwanted warnings when switching encodings (Nick Wellnhofer) - Fix signature of xmlSchemaAugmentImportedIDC (Daniel Veillard) - Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup (David Kilzer) - Fix NULL pointer deref in xmlFAParseCharClassEsc (Nick Wellnhofer) - Fix infinite loops with push parser in recovery mode (Nick Wellnhofer) - Send xmllint usage error to stderr (Nick Wellnhofer) - Fix NULL deref in xmlParseExternalEntityPrivate (Nick Wellnhofer) - Make sure not to call IS_BLANK_CH when parsing the DTD (Nick Wellnhofer) - Fix xmlHaltParser (Nick Wellnhofer) - Fix pathological performance when outputting charrefs (Nick Wellnhofer) - Fix invalid-source-encoding warnings in testWriter.c (Nick Wellnhofer) - Fix duplicate SAX callbacks for entity content (David Kilzer) - Treat URIs with scheme as absolute in C14N (Nick Wellnhofer) - Fix copy-paste errors in error messages (Nick Wellnhofer) - Fix sanity check in htmlParseNameComplex (Nick Wellnhofer) - Fix potential infinite loop in xmlStringLenDecodeEntities (Nick Wellnhofer) - Reset parser input pointers on encoding failure (Nick Wellnhofer) - Fix memory leak in xmlParseEntityDecl error path (Nick Wellnhofer) - Fix xmlBuildRelativeURI for URIs starting with './' (Nick Wellnhofer) - Fix type confusion in xmlValidateOneNamespace (Nick Wellnhofer) - Fix memory leak in xmlStringLenGetNodeList (Nick Wellnhofer) - Fix NULL pointer deref in xmlDumpElementContent (Daniel Veillard) - Fix memory leak in xmlBufAttrSerializeTxtContent (Nick Wellnhofer) - Stop parser on unsupported encodings (Nick Wellnhofer) - Check for integer overflow in memory debug code (Nick Wellnhofer) - Fix buffer size checks in xmlSnprintfElementContent (Nick Wellnhofer) - Avoid reparsing in xmlParseStartTag2 (Nick Wellnhofer) - Fix undefined behavior in xmlRegExecPushStringInternal (Nick Wellnhofer) - Check XPath exponents for overflow (Nick Wellnhofer) - Check for overflow in xmlXPathIsPositionalPredicate (Nick Wellnhofer) - Fix spurious error message (Nick Wellnhofer) - Fix memory leak in xmlCanonicPath (Nick Wellnhofer) - Fix memory leak in xmlXPathCompareNodeSetValue (Nick Wellnhofer) - Fix memory leak in pattern error path (Nick Wellnhofer) - Fix memory leak in parser error path (Nick Wellnhofer) - Fix memory leaks in XPointer error paths (Nick Wellnhofer) - Fix memory leak in xmlXPathNodeSetMergeAndClear (Nick Wellnhofer) - Fix memory leak in XPath filter optimizations (Nick Wellnhofer) - Fix memory leaks in XPath error paths (Nick Wellnhofer) - Do not leak the new CData node if adding fails (David Tardon) - Prevent unwanted external entity reference (Neel Mehta) - Increase buffer space for port in HTTP redirect support (Daniel Veillard) - Fix more NULL pointer derefs in xpointer.c (Nick Wellnhofer) - Avoid function/data pointer conversion in xpath.c (Nick Wellnhofer) - Fix format string warnings (Nick Wellnhofer) - Disallow namespace nodes in XPointer points (Nick Wellnhofer) - Fix comparison with root node in xmlXPathCmpNodes (Nick Wellnhofer) - Fix attribute decoding during XML schema validation (Alex Henrie) - Fix NULL pointer deref in XPointer range-to (Nick Wellnhofer) Improvements: - Updating the spec file to reflect Fedora 24 (Daniel Veillard) - Add const in five places to move 1 KiB to .rdata (Bruce Dawson) - Fix missing part of comment for function xmlXPathEvalExpression() (Daniel Veillard) - Get rid of "blanks wrapper" for parameter entities (Nick Wellnhofer) - Simplify handling of parameter entity references (Nick Wellnhofer) - Deduplicate code in encoding.c (Nick Wellnhofer) - Make HTML parser functions take const pointers (Nick Wellnhofer) - Build test programs only when needed (Nick Wellnhofer) - Fix doc/examples/index.py (Nick Wellnhofer) - Fix compiler warnings in threads.c (Nick Wellnhofer) - Fix empty-body warning in nanohttp.c (Nick Wellnhofer) - Fix cast-align warnings (Nick Wellnhofer) - Fix unused-parameter warnings (Nick Wellnhofer) - Rework entity boundary checks (Nick Wellnhofer) - Don't switch encoding for internal parameter entities (Nick Wellnhofer) - Merge duplicate code paths handling PE references (Nick Wellnhofer) - Test SAX2 callbacks with entity substitution (Nick Wellnhofer) - Support catalog and threads tests under --without-sax1 (Nick Wellnhofer) - Misc fixes for 'make tests' (Nick Wellnhofer) - Initialize keepBlanks in HTML parser (Nick Wellnhofer) - Add test cases for bug 758518 (David Kilzer) - Fix compiler warning in htmlParseElementInternal (Nick Wellnhofer) - Print error messages for truncated UTF-8 sequences (Nick Wellnhofer) - Remove useless check in xmlParseAttributeListDecl (Nick Wellnhofer) - Allow zero sized memory input buffers (Nick Wellnhofer) - Add TODO comment in xmlSwitchEncoding (Nick Wellnhofer) - Check for integer overflow in xmlXPathFormatNumber (Nick Wellnhofer) - Make Travis print UBSan stacktraces (Nick Wellnhofer) - Add .travis.yml (Nick Wellnhofer) - Fix expected error output in Python tests (Nick Wellnhofer) - Simplify control flow in xmlParseStartTag2 (Nick Wellnhofer) - Disable LeakSanitizer when running API tests (Nick Wellnhofer) - Avoid out-of-bound array access in API tests (Nick Wellnhofer) - Avoid spurious UBSan errors in parser.c (Nick Wellnhofer) - Parse small XPath numbers more accurately (Nick Wellnhofer) - Rework XPath rounding functions (Nick Wellnhofer) - Fix white space in test output (Nick Wellnhofer) - Fix axis traversal from attribute and namespace nodes (Nick Wellnhofer) - Check for trailing characters in XPath expressions earlier (Nick Wellnhofer) - Rework final handling of XPath results (Nick Wellnhofer) - Make xmlXPathEvalExpression call xmlXPathEval (Nick Wellnhofer) - Remove unused variables (Nick Wellnhofer) - Don't print generic error messages in XPath tests (Nick Wellnhofer) Cleanups: - Fix a couple of misleading indentation errors (Daniel Veillard) - Remove unnecessary calls to xmlPopInput (Nick Wellnhofer) Thanks everybody and especially Nick who contributed to this release with bug reports, patches, docs, etc ... Enjoy the release! I really expect to have a new release a month from now with whatever will have been fixed/commited in git in the meantime so give feedback quickly if you have issues with 2.9.5 thanks, Daniel -- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veill...@redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ _______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org https://mail.gnome.org/mailman/listinfo/xml