Custom Query (19676 matches)

Version 2.9.13 of libxml2 is available at:

​https://download.gnome.org/sources/libxml2/2.9/

Note that starting with this release, libxml2 tarballs are published on download.gnome.org instead of ftp.xmlsoft.org.

# Security

• [CVE-2022-23308] Use-after-free of ID and IDREF attributes
• Use-after-free in xmlXIncludeCopyRange
• Fix null deref in xmlSchemaGetComponentTargetNs
• Fix memory leak in xmlXPathCompNodeTest
• Fix null pointer deref in xmlStringGetNodeList
• Fix several memory leaks found by Coverity

# Fixed regressions

• Fix regression in RelaxNG pattern matching
• Properly handle nested documents in xmlFreeNode
• Fix regression with PEs in external DTD
• Fix random dropping of characters on dumping ASCII encoded XML
• Revert "Make schema validation fail with multiple top-level elements"
• Fix regression when parsing invalid HTML tags in push mode
• Fix regression parsing public IDs literals in HTML
• Fix buffering in xmlOutputBufferWrite
• Fix whitespace when serializing empty HTML documents
• Fix XPath recursion limit
• Fix regression in xmlNodeDumpOutputInternal
• Work around lxml API abuse

# Bug fixes

• Fix xmlSetTreeDoc with entity references
• Fix double counting of CRLF in comments
• Make sure to grow input buffer in xmlParseMisc
• Don't ignore xmllint options after "-"
• Don't normalize namespace URIs in XPointer xmlns() scheme
• Fix handling of XSD with empty namespace
• Also register HTML document nodes
• Make xmllint return an error if arguments are missing
• Fix handling of ctxt->base in xmlXPtrEvalXPtrPart
• Fix xmllint --maxmem
• Fix htmlReadFd, which was using a mix of xml and html context functions
• Move current position before possible calling of ctxt->sax->characters
• Fix parse failure when 4-byte character in UTF-16 BE is split across a chunk
• Patch to forbid epsilon-reduction of final states
• Avoid segfault at exit when using custom memory functions

# Tests, code quality, fuzzing

• Remove .travis.yml
• Make xmlFuzzReadString return a zero size in error case
• Fix unused function warning in testapi.c
• Update NewsML DTD in test suite
• Add more checks for malloc failures in xmllint.c
• Avoid potential integer overflow in xmlstring.c
• Run CI tests with UBSan implicit-conversion checks
• Fix casting of line numbers in SAX2.c
• Fix integer conversion warnings in hash.c
• Add explicit casts in runtest.c
• Fix integer conversion warning in xmlIconvWrapper
• Add suffix to unsigned constant in xmlmemory.c
• Add explicit casts in testchar.c
• Fix integer conversion warnings in xmlstring.c
• Add explicit cast in xmlURIUnescapeString
• Remove unused variable in xmlCharEncOutFunc

# Build system, portability

• Remove xmlwin32version.h
• Fix fuzzer test with VPATH build
• Support custom prefix when installing Python module
• Remove Makefile.win
• Remove CVS and SVN-related code
• Port python 3.x module to Windows and improve distutils
• Correctly install the HTML examples into their subdirectory
• Refactor the settings of $docdir
• Remove unused configure checks
• python/Makefile.am: use *_LIBADD, not *_LDFLAGS for LIBS
• Fix check for libtool in autogen.sh
• Use version in configure.ac for CMake
• Add CMake alias targets for embedded projects

# Documentation

• Remove SVN keyword anchors
• Rework README
• Remove README.cvs-commits
• Remove old ChangeLog
• Update hyperlinks
• Remove README.docs
• Remove MAINTAINERS
• Remove xmltutorial.pdf
• Upload documentation to GitLab pages
• Document how to escape XML_CATALOG_FILES
• Fix libxml2.doap
• Update URL for libxml++ C++ binding
• Generate devhelp2 index file
• Mention XML_CATALOG_FILES is space-separated
• Add documentaiton for xmllint exit code 10
• Fix some validation errors in the FAQ
• Add instructions on how to use CMake to compile libxml

As now both the two main XML parsers in LFS/BLFS (expat and libxml) contain security fixes, I think the only rational way is make rc2.

New minor version 1.6.

It's needed by #16249. (epiphany)

New minor version.