Changes between Version 1 and Version 3 of Ticket #16161
- Timestamp:
- 02/23/2022 07:35:50 PM (2 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #16161 – Description
v1 v3 1 {{{2 1 Version 2.9.13 of libxml2 is available at: 3 2 … … 6 5 Note that starting with this release, libxml2 tarballs are published on download.gnome.org instead of ftp.xmlsoft.org. 7 6 8 # ##Security7 # Security 9 8 10 9 - [CVE-2022-23308] Use-after-free of ID and IDREF attributes 11 (Thanks to Shinji Sato for the report) 12 - Use-after-free in xmlXIncludeCopyRange (David Kilzer) 13 - Fix null deref in xmlSchemaGetComponentTargetNs (huangduirong) 10 - Use-after-free in xmlXIncludeCopyRange 11 - Fix null deref in xmlSchemaGetComponentTargetNs 14 12 - Fix memory leak in xmlXPathCompNodeTest 15 13 - Fix null pointer deref in xmlStringGetNodeList 16 - Fix several memory leaks found by Coverity (David King)14 - Fix several memory leaks found by Coverity 17 15 18 # ##Fixed regressions16 # Fixed regressions 19 17 20 18 - Fix regression in RelaxNG pattern matching 21 19 - Properly handle nested documents in xmlFreeNode 22 20 - Fix regression with PEs in external DTD 23 - Fix random dropping of characters on dumping ASCII encoded XML (Mohammad 24 Razavi) 21 - Fix random dropping of characters on dumping ASCII encoded XML 25 22 - Revert "Make schema validation fail with multiple top-level elements" 26 23 - Fix regression when parsing invalid HTML tags in push mode … … 32 29 - Work around lxml API abuse 33 30 34 # ##Bug fixes31 # Bug fixes 35 32 36 33 - Fix xmlSetTreeDoc with entity references … … 45 42 - Fix xmllint --maxmem 46 43 - Fix htmlReadFd, which was using a mix of xml and html context functions 47 (Finn Barber)48 44 - Move current position before possible calling of ctxt->sax->characters 49 (Yulin Li)50 45 - Fix parse failure when 4-byte character in UTF-16 BE is split across a chunk 51 (David Kilzer) 52 - Patch to forbid epsilon-reduction of final states (Arne Becker) 53 - Avoid segfault at exit when using custom memory functions (Mike Dalessio) 46 - Patch to forbid epsilon-reduction of final states 47 - Avoid segfault at exit when using custom memory functions 54 48 55 # ##Tests, code quality, fuzzing49 # Tests, code quality, fuzzing 56 50 57 51 - Remove .travis.yml … … 70 64 - Fix integer conversion warnings in xmlstring.c 71 65 - Add explicit cast in xmlURIUnescapeString 72 - Remove unused variable in xmlCharEncOutFunc (David King)66 - Remove unused variable in xmlCharEncOutFunc 73 67 74 # ##Build system, portability68 # Build system, portability 75 69 76 70 - Remove xmlwin32version.h … … 79 73 - Remove Makefile.win 80 74 - Remove CVS and SVN-related code 81 - Port python 3.x module to Windows and improve distutils (Chun-wei Fan)82 - Correctly install the HTML examples into their subdirectory (Mattia Rizzolo)83 - Refactor the settings of $docdir (Mattia Rizzolo)84 - Remove unused configure checks (Ben Boeckel)85 - python/Makefile.am: use *_LIBADD, not *_LDFLAGS for LIBS (Sam James)75 - Port python 3.x module to Windows and improve distutils 76 - Correctly install the HTML examples into their subdirectory 77 - Refactor the settings of $docdir 78 - Remove unused configure checks 79 - python/Makefile.am: use *_LIBADD, not *_LDFLAGS for LIBS 86 80 - Fix check for libtool in autogen.sh 87 - Use version in configure.ac for CMake (Timothy Lyanguzov)88 - Add CMake alias targets for embedded projects (Markus Rickert)81 - Use version in configure.ac for CMake 82 - Add CMake alias targets for embedded projects 89 83 90 # ##Documentation84 # Documentation 91 85 92 86 - Remove SVN keyword anchors … … 101 95 - Document how to escape XML_CATALOG_FILES 102 96 - Fix libxml2.doap 103 - Update URL for libxml++ C++ binding (Kjell Ahlstedt)104 - Generate devhelp2 index file (Emmanuele Bassi)105 - Mention XML_CATALOG_FILES is space-separated (Jan Tojnar)106 - Add documentaiton for xmllint exit code 10 (Rainer Canavan)107 - Fix some validation errors in the FAQ (David King)108 - Add instructions on how to use CMake to compile libxml (Markus Rickert)109 }}} 97 - Update URL for libxml++ C++ binding 98 - Generate devhelp2 index file 99 - Mention XML_CATALOG_FILES is space-separated 100 - Add documentaiton for xmllint exit code 10 101 - Fix some validation errors in the FAQ 102 - Add instructions on how to use CMake to compile libxml 103 110 104 111 105 As now both the two main XML parsers in LFS/BLFS (expat and libxml) contain security fixes, I think the only rational way is make rc2.