NEWS file for libxml2 v2.13.0: Jun 12 2024 ### Major changes Most of the core code should now report malloc failures reliably. Some API functions were extended with versions that report malloc failures. New API functions for error handling were added: - xmlCtxtSetErrorHandler - xmlXPathSetErrorHandler - xmlXIncludeSetErrorHandler This makes it possible to register per-context error handlers without resorting to global handlers. A few error messages were improved and consolidated. Please update downstream test suites accordingly. A new parser option XML_PARSE_NO_XXE can be used to disable loading of external entities or DTDs. This is most useful in connection with XML_PARSE_NOENT. Support for HTTP POST was removed. Support for zlib, liblzma and HTTP is now disabled by default and has to be enabled by passing --with-zlib, --with-lzma or --with-http to configure. In legacy mode (--with-legacy) these options are enabled by default as before. Support for FTP and xpointer() XPath extensions will be removed in the next release. Several more legacy symbols were deprecated. Users of the old "SAX1" API functions are encouraged to upgrade to the new "SAX2" API, available since version 2.6.0 from 2003. Some deprecated global variables were made const: - htmlDefaultSAXHandler - oldXMLWDcompatibility - xmlDefaultSAXHandler - xmlDefaultSAXLocator - xmlParserDebugEntities ### Deprecations and removals - threads: Deprecate remaining ThrDef functions - unicode: Deprecate most xmlUCSIs* functions - memory: Remove memory debugging - tree: Deprecate xmlRegisterNodeDefault - tree: Deprecate xmlSetCompressMode - html: Deprecate htmlHandleOmittedElem - valid: Deprecate internal validation functions - valid: Deprecate old DTD serialization API - nanohttp: Deprecate public API - Remove VMS support - Remove Trio ### Bug fixes - parser: Fix base URI of internal parameter entities - tree: Handle predefined entities in xmlBufGetEntityRefContent - schemas: Allow unlimited length decimals, integers etc. (Tomáš Ženčák) - reader: Fix preservation of attributes - parser: Always decode entities in namespace URIs - relaxng: Fix tree corruption in xmlRelaxNGParseNameClass (Seiya Nakata) - schemas: Fix ADD_ANNOTATION - tree: Fix tree iteration in xmlDOMWrapRemoveNode - tree: Declare namespace on clone in xmlDOMWrapCloneNode - tree: Fix xmlAddSibling with last sibling - tree: Fix xmlDocSetRootElement with multiple top-level elements - catalog: Fetch XML catalog before dumping - html: Don't close fd in htmlCtxtReadFd ### Improvements - parser: Fix "Truncated multi-byte sequence" error - Add missing _cplusplus processing clause (Sadaf Ebrahimi) - parser: Rework handling of undeclared entities - SAX2: Warn if URI resolution failed - parser: Don't report error on invalid URI - xmllint: Clean up option handling - xmllint: Rework parsing - parser: Don't create undeclared entity refs in substitution mode - Make some globals const - reader: Make xmlTextReaderReadString non-recursive - reader: Rework xmlTextReaderRead{Inner,Outer}Xml - Remove redundant size check (Niels Dossche) - Remove redundant NULL check on cur (Niels Dossche) - Remove always-false check old == cur (Niels Dossche) - Remove redundant NULL check on cur (Niels Dossche) - tree: Don't return empty localname in xmlSplitQName{2,3} - xinclude: Don't try to fix base of non-elements - tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling - SAX2: Optimize appending children - tree: Align xmlAddChild with other node insertion functions - html: Use binary search in htmlEntityValueLookup - io: Allocate output buffer with XML_BUFFER_ALLOC_IO - encoding: Don't shrink input too early in xmlCharEncOutput - tree: Tighten source doc check in xmlDOMWrapAdoptNode - tree: Check destParent->doc in xmlDOMWrapCloneNode - tree: Refactor text node updates - tree: Refactor node insertion - tree: Refactor element creation and parsing of attribute values - tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent - buf: Don't use default buffer size for small strings - string: Fix xmlStrncatNew(NULL, "") - entities: Don't allow null name in xmlNewEntity - html: Fix quadratic behavior in htmlNodeDump - tree: Rewrite xmlSetTreeDoc - valid: Rework xmlAddID - tree: Remove unused node types - tree: Make namespace comparison more consistent - tree: Don't allow NULL name in xmlSetNsProp - tree: Rework xmlNodeListGetString - tree: Rework xmlTextMerge - tree: Rework xmlNodeSetName - tree: Simplify xmlAddChild with text parent - tree: Disallow setting content of entity reference nodes - tree: Rework xmlReconciliateNs - schemas: fix spurious warning about truncated snprintf output (Benjamin Gilbert) - xmlschemastypes: Remove unreachable if statement (Maks Mishin) - relaxng: Remove useless if statement (Maks Mishin) - tree: Check for integer overflow in xmlStringGetNodeList - http: Improve error message for HTTPS redirects - catalog: Remove Windows hack - save: Move DTD serialization code to xmlsave.c - parser: Report fatal error if document entity couldn't be loaded - xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest - SAX2: Limit entity URI length to 2000 bytes - parser: Account for full size of non-well-formed entities - parser: Pop inputs if parsing DTD failed - parser: Fix quadratic behavior when copying entities - writer: Implement xmlTextWriterClose - parser: Avoid duplicate namespace errors - parser: Add XML_PARSE_NO_XXE parser option - parser: Make xmlParseContent more useful - error: Make xmlFormatError public - encoding: Check whether encoding handlers support input/output - SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE - parser: Lower maximum entity nesting depth - parser: Set depth limit to 2048 with XML_PARSE_HUGE - parser: Implement xmlCtxtSetOptions - parser: Always prefer option members over bitmask - parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set - parser: Rework parsing of attribute and entity values - save: Output U+FFFD replacement characters - parser: Simplify entity size accounting - parser: Avoid unwanted expansion of parameter entities - parser: Always copy content from entity to target - parser: Simplify control flow in xmlParseReference - parser: Remove xmlSetEntityReferenceFunc feature - parser: Push general entity input streams on the stack - parser: Move progressive flag into input struct - parser: Fix in-parameter-entity and in-external-dtd checks - xpath: Rewrite substring-before and substring-after - xinclude: Only set xml:base if necessary - xinclude: Allow empty nodesets - parser: Rework general entity parsing - io: Fix close error handling - io: Fix read/write error handling - io: More refactoring and unescaping fixes - io: Move some code from xmlIO.c to parserInternals.c - uri: Clean up special parsing modes - xinclude: Rework xml:base fixup - parser: Also set document properties when push parsing - include: Move non-generated parts from xmlversion.h.in - io: Remove support for HTTP POST - dict: Move local RNG state to global state - dict: Get random seed from system PRNG - io: Don't use "-" to read from stdin - io: Rework initialization - io: Consolidate error messages - xzlib: Fix harmless unsigned integer overflow - io: Always use unbuffered input - io: Fix detection of compressed streams - io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile - io: Rework default callbacks - error: Stop printing some errors by default - xpath: Don't free nodes of XSLT result value trees - valid: Fix handling of enumerations - parser: Allow recovery in xmlParseInNodeContext - encoding: Support ASCII in xmlLookupCharEncodingHandler - include: Remove useless 'const' from function arguments - Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const' conversions (makise-homura) - Avoid EDG deprecation warnings for LCC compiler (makise-homura) - Avoid EDG -Woverflow warnings on truncating conversions by manually truncating operand (makise-homura) - Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by conversion from unsigned int to int (makise-homura) - Avoid using no_sanitize attribute on EDG even if compiler shows as GCC (makise-homura) ### Build systems - meson: convert boolean options to feature option (Rosen Penev) - meson: Pass LIBXML_STATIC in dependency (Andrew Potter) - meson: fix compilation with local binaries (Rosen Penev) - meson: don't use dl dependency on old meson (Rosen Penev) - meson: fix usage as a subproject (Rosen Penev) - autotools: Fix pthread detection on FreeBSD - build: Remove --with-fexceptions configuration option - autotools: Remove --with-coverage configuration option - build: Disable HTTP support by default - Stop defining _REENTRANT - doc: Don't install example code - meson: Initial commit (Vincent Torri) - build: Disable support for compression libraries by default - Set LIBXML2_FOUND if it has been properly configured (Michele Bianchi) - Makefile.am: omit $(top_builddir) from DEPS and LDADDS (Mike Dalessio) ### Test suite - runtest: Work around broken EUC-JP support in musl iconv - runtest: Check for IBM-1141 encoding handler - fuzz: Add xmllint fuzzer - fuzz: Add fuzzer for XML reader API - fuzz: New tree API fuzzer - tests: Remove testOOM - Don't let gentest.py cast types to 'const somethingPtr' to avoid -Wignored-qualifiers (makise-homura) v2.12.8: Jun 12 2024 ### Regressions - parser: Fix performance regression when parsing namespaces v2.12.7: May 13 2024 ### Security - [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` ### Regressions - xmllint: Fix --pedantic option - save: Handle invalid parent pointers in xhtmlNodeDumpOutput v2.12.6: Mar 15 2024 ### Regressions - parser: Fix detection of duplicate attributes in XML namespace - xmlreader: Fix xmlTextReaderConstEncoding - html: Fix htmlCreatePushParserCtxt with encoding - xmllint: Return error code if XPath returns empty nodeset v2.12.5: Feb 4 2024 ### Security - [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking ### Regressions - parser: Fix crash in xmlParseInNodeContext with HTML documents v2.12.4: Jan 15 2024 ### Regressions - parser: Fix regression parsing standalone declarations - autotools: Readd --with-xptr-locs configuration option - parser: Fix build --without-output - parser: Don't grow or shrink pull parser memory buffers - io: Fix memory lifetime issue with input buffers v2.12.3: Dec 12 2023 ### Regressions - parser: Fix namespaces redefined from default attributes ### Build fixes - include: Rename XML_EMPTY helper macro - include: Move declaration of xmlInitGlobals - include: Add missing includes - include: Move globals from xmlsave.h to parser.h - include: Readd circular dependency between tree.h and parser.h v2.12.2: Dec 5 2023 ### Regressions - parser: Fix invalid free in xmlParseBalancedChunkMemoryRecover - globals: Disable TLS in static Windows builds - html: Reenable buggy detection of XML declarations - tree: Fix regression when copying DTDs - parser: Make CRLF increment line number ### Build fixes - build: Disable compiler TLS by default - cmake: Update config.h.cmake.in - tests: Fix tests --with-valid --without-xinclude v2.12.1: Nov 23 2023 ### Regressions - hash: Fix deletion of entries during scan - parser: Only enable SAX2 if there are SAX2 element handlers ### Build fixes - autotools: Stop checking for snprintf - dict: Fix '__thread' before 'static' - fix: pthread weak references in globals.c (Mike Dalessio) - tests: Fix build with older MSVC v2.12.0: Nov 16 2023 ### Major changes Most of the known issues leading to quadratic behavior in the XML parser were fixed. Internal hash tables were rewritten to reduce memory consumption. Starting with this release, it should be enough to add the --with-legacy configuration option to provide maximum ABI compatibility. For example, if a code module was removed from the default configuration, the option will add stubs for the removed symbols. libxml2 will now store global variables in thread-local storage if supported by the compiler. This avoids allocating the data lazily which can result in a fatal error condition. A new API function xmlCheckThreadLocalStorage was added so the allocation can be checked earlier if compiler TLS is not supported. To prepare for future improvements, some API functions now expect or return a const xmlError struct. Several cyclic dependencies in public header files were fixed. As a result, certain headers won't include other headers as before. Refactoring of the encoding code has been mostly completed. Calling xmlSwitchEncoding from client code is now fully supported, for example to override the encoding for the push parser. When parsing data from memory, libxml2 will now stream data chunk by chunk instead of copying the whole buffer (possibly twice with encodings), reducing peak memory consumption considerably. A new API function xmlCtxtSetMaxAmplification was added to allow parsing of files that would otherwise trigger the billion laughs protection. Several bugs in the regex determinism checks were fixed. Invalid XML Schemas which previous versions erroneously accepted will now be rejected. ### Deprecations - globals: Deprecate xmlLastError - parser: Deprecate global parser options - win32: Deprecate old Windows build system ### Bug fixes - parser: Stop switching to ISO-8859-1 on encoding errors - parser: Support encoded external PEs in entity values - string: Fix UTF-8 validation in xmlGetUTF8Char - SAX2: Allow multiple top-level elements - parser: Update line number after coalescing text nodes - parser: Check for truncated multi-byte sequences ### Improvements - error: Make more xmlError structs constant - parser: Remove redundant IS_CHAR check in xmlCurrentChar - parser: Fix stack handling in xmlParseTryOrFinish - parser: Protect against quadratic default attribute expansion - parser: Missing checks for disableSAX - entities: Make xmlFreeEntity public - examples: Don't use sprintf - encoding: Suppress -Wcast-align warnings - parser: Use hash tables to avoid quadratic behavior - parser: Don't skip CR in xmlCurrentChar - dict: Rewrite dictionary hash table code - hash: Rewrite hash table code - malloc-fail: Report malloc failure in xmlFARegExec - malloc-fail: Report malloc failure in xmlRegEpxFromParse - parser: Simplify xmlStringCurrentChar - regexp: Fix status codes and handle invalid UTF-8 - error: Make xmlGetLastError return a const error - html: Fix logic in htmlAutoClose - globals: Move globals back to correct header files - globals: Use thread-local storage if available - globals: Rework global state destruction on Windows - globals: Define globals using macros - globals: Introduce xmlCheckThreadLocalStorage - globals: Make xmlGlobalState private - threads: Move library initialization code to threads.c - debug: Remove debugging code - globals: Move code from threads.c to globals.c - parser: Avoid undefined behavior in xmlParseStartTag2 - schemas: Fix memory leak of annotations in notations - dict: Update hash function - dict: Use thread-local storage for PRNG state - dict: Use xoroshiro64** as PRNG - xmllint: Fix error messages - parser: Fix detection of null bytes - parser: Improve error handling in push parser - parser: Don't check inputNr in xmlParseTryOrFinish - parser: Remove push parser debugging code - tree: Fix copying of DTDs - legacy: Add stubs for disabled modules - parser: Allow to set maximum amplification factor - entities: Don't change doc when encoding entities - parser: Never use UTF-8 encoding handler - encoding: Remove debugging code - malloc-fail: Fix unsigned integer overflow in xmlTextReaderPushData - html: Remove encoding hack in htmlCreateFileParserCtxt - parser: Decode all data in xmlCharEncInput - parser: Stream data when reading from memory - parser: Optimize xmlLoadEntityContent - parser: Don't overwrite EOF parser state - parser: Simplify input pointer updates - parser: Don't reinitialize parser input members - encoding: Move rawconsumed accounting to xmlCharEncInput - parser: Rework encoding detection - parser: Always create UTF-8 in xmlParseReference - html: Remove some debugging code in htmlParseTryOrFinish - malloc-fail: Fix memory leak in xmlCompileAttributeTest - parser: Recover more input from encoding errors - malloc-fail: Handle malloc failures in xmlAddEncodingAlias - malloc-fail: Fix null-deref with xmllint --copy - xpath: Ignore entity ref nodes when computing node hash - malloc-fail: Fix null deref after xmlXIncludeNewRef - SAX: Always validate xml:ids - Stop using sprintf - Fix compiler warning on GCC < 8 - regexp: Fix determinism checks - regexp: Fix checks for eliminated transitions - regexp: Simplify xmlFAReduceEpsilonTransitions - regexp: Fix cycle check in xmlFAReduceEpsilonTransitions - schemas: Fix filename in xmlSchemaValidateFile - schemas: Fix line numbers in streaming validation - writer: Add error check in xmlTextWriterEndDocument - encoding: Stop calling xmlEncodingErr - xmlIO: Remove some calls to xmlIOErr - parser: Improve handling of encoding and IO errors - parser: Move xmlFatalErr to parserInternals.c - encoding: Rework error codes - .gitignore: Split up and rearrange .gitignore files - .gitignore: Add runsuite.log - Stop calling xmlMemoryDump - examples: Don't call xmlCleanupParser and xmlMemoryDump - xpath: Remove remaining references to valueFrame ### Portability - python: Make it compatible with python3.12 (Daniel Garcia Moreno) ### Build systems - cmake: Check whether static linking dependencies found in config files (James Le Cuirot) - autotools: Make --with-minimum disable lzma support - build: Remove some GCC warnings - Handle NOCONFIG case when setting locations from CMake target properties (Markus Rickert) - cmake: Generate better pkg-config file for SYSROOT builds under CMake (James Le Cuirot) - autoconf: Include non-pkg-config dependency flags in the pkg-config file (James Le Cuirot) - autoconf: Don't bake build time CFLAGS into pkg-config file (James Le Cuirot) - build: Generate better pkg-config files for static-only builds (James Le Cuirot) - build: Generate better pkg-config file for SYSROOT builds (James Le Cuirot) - autoconf: Allow custom --with-icu configure option ### Tests - tests: Also test xmlNextChar in testchar.c - tests: Start with testparser.c for extra tests - fuzz: Raise rss_limit_mb - fuzz: Test xmlTextReaderRead after EOF or failure - fuzz: Test XML_PARSE_XINCLUDE | XML_PARSE_VALID - tests: Handle entities in SAX tests - fuzz: Disable XML_PARSE_SAX1 option in xml fuzzer - tests: Add more tests for redefined attributes - hash: Add hash table tests - tests: Add ATTRIBUTE_NO_SANITIZE_INTEGER macro - fuzz: Allow to fuzz without push, reader or output modules - gitlab-ci: Add a "medium" config build - python: Fix tests on MinGW - test: Add push parser test with overridden encoding - testapi: test_xmlSAXDefaultVersion() leaves xmlSAX2DefaultVersionValue set to 1 with LIBXML_SAX1_ENABLED (David Kilzer) - gitlab-ci: Lower _XOPEN_SOURCE value - testapi: Don't set http_proxy environment variable - test: Add push parser tests for split UTF-8 sequences - xinclude: Lower initial table size when fuzzing - tests: Test streaming schema validation - runtest: Skip element name in schema error messages ### Documentation - doc: Add notes about runtest to MAINTAINERS.md - doc: Don't document internal macros in xmlversion.h - doc: Allow 'unsigned' without 'int' - doc: Improve documentation of configuration options v2.11.6: Nov 16 2023 ### Regressions - threads: Fix --with-thread-alloc - xinclude: Fix 'last' pointer in xmlXIncludeCopyNode ### Bug fixes - parser: Fix potential use-after-free in xmlParseCharDataInternal v2.11.5: Aug 9 2023 ### Regressions - parser: Make xmlSwitchEncoding always skip the BOM - autotools: Improve iconv check ### Bug fixes - valid: Fix c1->parent pointer in xmlCopyDocElementContent - encoding: Always call ucnv_convertEx with flush set to false ### Portability - autotools: fix Python module file ext for cygwin/msys2 (Christoph Reiter) ### Tests - runtest: Fix compilation without LIBXML_HTML_ENABLED v2.11.4: May 18 2023 Fixes a serious regression. - parser: Fix regression when push parsing UTF-8 sequences v2.11.3: May 11 2023 Fixes more regressions. - xinclude: Fix false positives in inclusion loop detection - autotools: Fix ICU detection - parser: Fix "huge input lookup" error with push parser - xpath: Fix build without LIBXML_XPATH_ENABLED - hash: Fix possible startup crash with old libxslt versions - autoconf: fix iconv library paths (Mike Dalessio) v2.11.2: May 5 2023 Fix regressions. - threads: Fix startup crash with weak symbol hack - win32: Don't depend on removed .def file - schemas: Fix memory leak in xmlSchemaValidateStream v2.11.1: Apr 30 2023 Fixes build and ABI issues. - cmake: Fix va_copy detection (Luca Niccoli) - libxml.m4: Fix quoting - Link with --undefined-version - libxml2.syms: Revert removal of version information v2.11.0: Apr 28 2023 ### Major changes Protection against entity expansion attacks, also known as "billion laughs" has been greatly improved. Malicious files should be detected reliably now and false positives should be reduced. It is possible though that large documents which make heavy use of entities are rejected now. This release finally fixes symbol visibility on UNIX systems. Internal symbols will now be hidden. While these symbols were never declared in public headers, it was still possible to declare them manually. Now this won't work. All symbol information has been removed from the ELF version script to fix link errors with --no-undefined-version. The version nodes are kept so it should still be possible to run binaries linked against older versions. About 90 memory errors in code paths handling malloc failures have been fixed. While these issues shouldn't impact security, this improves robustness under memory pressure. The XInclude engine has been reworked to properly support nested includes. Several cases of quadratic behavior in the XML push parser have been fixed. Refactoring has begun on some buffering and encoding code with the goal of simplifying this part of the code base and improving error reporting. Other highlights: - Consolidated private header files. - Major rework of the autoconf build. - Deprecated several outdated and internal functions. Special thanks to Google's Open Source Security Subsidies program for sponsoring much of the work on this release! Ongoing work on libxml2 relies on funding. For a list of important open issues see ### Security - Fix use-after-free in xmlParseContentInternal() (David Kilzer) - xmllint: Fix use-after-free with --maxmem - parser: Fix OOB read when formatting error message - entities: Rework entity amplification checks ### Regressions - parser: Fix regression in xmlParserNodeInfo accounting ### Bug fixes - Fix memory errors in code handling malloc failures - encoding: Fix error code in asciiToUTF8 - xpath: number('-') should return NaN - xmlParseStartTag2() contains typo when checking for default definitions for an attribute in a namespace (David Kilzer) - uri: Fix handling of port numbers - error: Make sure that error messages are valid UTF-8 - xinclude: Fix nested includes ### Improvements - xmllint: Validate --maxmem integer option - xmlValidatePopElement() can return invalid value (-1) (David Kilzer) - parser: Rework EBCDIC code page detection - parser: Limit name length in xmlParseEncName - parser: Rework shrinking of input buffers - html: Rely on CUR_CHAR to grow the input buffer - parser: Rely on CUR_CHAR/NEXT to grow the input buffer - valid: Make xmlValidateElement non-recursive - html: Fix quadratic behavior in htmlParseTryOrFinish - xmllint: Fix memory leak with --pattern --stream - parser: Stop calling xmlParserInputShrink - html: Impose some length limits - valid: Allow xmlFreeValidCtxt(NULL) - parser: Stop calling xmlParserInputGrow - xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt - xinclude: Abort immediately if max depth was exceeded - xpath: Only report the first error - error: Don't move past current position - error: Limit number of parser errors - parser: Lower entity nesting limit with XML_PARSE_HUGE - parser: Don't increase depth twice when parsing internal entities - parser: Improve detection of entity loops - parser: Only report a single entity error - libxml.h: Remove dubious definition of LIBXML_STATIC - html: Improve parsing of nested lists - memory: Don't use locks in xmlMemUsed - encoding: Remove unused variable xmlDefaultCharEncodingHandler - Rework initialization code - Add .editorconfig - parser: Merge misc, prolog and epilog cases in push parser - parser: Fix 'consumed' accounting when switching encodings - html: Fix check for end of comment in push parser - parser: Fix push parser with 1-3 byte initial chunk - parser: Rewrite push parser boundary checks - reader: Switch to xmlParserInputBufferCreateMem - html: Don't escape ASCII chars in href attributes - io: Don't shrink memory input buffers - parser: Don't call xmlSHRINK from push parser - parser: Ignore cdata argument in xmlParseCharData - parser: Rework push parser parser progress checks - io: Fix a few integer overflows in I/O statistics - io: Rework xmlParserInputBufferGrow with encodings - io: Remove xmlInputReadCallbackNop - io: Check for memory buffer early in xmlParserInputGrow - parser: Fix error message in xmlParseCommentComplex - Bypass proxy in nanoHTTP for hosts in "no_proxy" (Markus Jörg) - schemas: Fix infinite loop in xmlSchemaCheckElemSubstGroup - threads: Remove check for pthread_equal - xinclude: Rework XInclude cache - xinclude: Remove inefficient refcounting scheme - xmllint: Improve handling of empty XPath node sets - parser: Fix potential memory leak in xmlParseAttValueInternal - error: Don't use initGenericErrorDefaultFunc - xpath: Lower XPath recursion limit on Windows - Stop including sys/types.h - Don't define WIN32 macro - Make xmlNewSAXParserCtx take a const sax handler - Consolidate private header files - Remove internal macros from parserInternals.h - Move some HTML functions to correct header file - xmllint: Stop calling xmlSAXDefaultVersion - Introduce xmlNewSAXParserCtxt and htmlNewSAXParserCtxt - Don't mess with parser options in htmlParseDocument - Remove useless call to htmlDefaultSAXHandlerInit - Remove htmlDefaultSAXHandler from non-SAX1 build - Don't initialize SAX handler in htmlReadMemory - Fix htmlReadMemory mixing up XML and HTML functions - Don't use default SAX handler to report unrelated errors - Create stream with buffer in xmlNewStringInputStream - xmlcatalog: Fix memory leaks ### Code quality - xzlib: Fix implicit sign change in xz_open - parser: Simplify calculation of available buffer space - parser: Use size_t when subtracting input buffer pointers - parser: Check for integer overflow when updating checkIndex - xpath: Fix harmless integer overflow in xmlXPathTranslateFunction - schematron: Use logical and - relaxng: Remove useless if statement - schemas: Remove useless if statement - pattern: Merge identical branches - regexp: Add sanity check in xmlRegCalloc2 - regexp: Simplify xmlRegAtomPush - encoding: Cast toupper argument to unsigned char - uri: Add explicit cast in xmlSaveUri - buf: Fix return value of xmlBufGetInputBase - parser: Fix integer overflow of input ID - parser: Remove useless ent->etype test in xmlParseReference - parser: Remove useless ent->children tests in xmlParseReference - xmlmemory.c: Remove xmlMemContentShow - libxml.h: Add comments and indentation - libxml.h: Don't include stdio.h - xmlexports.h: Disable docs for internal macro XMLPUBLIC - parser: Simplify xmlParseConditionalSections - io: Rearrange code in xmlSwitchInputEncodingInt - warnings: Fix -Wstrict-prototypes warning - warnings: Remove set-but-unused variables - Fix compiler warnings in SAX2.c - Fix unused variable warning in python/types.c - Fix compiler warning in examples - Fix compiler warnings in fuzzing code - Remove unused code in nanohttp.c - Remove or annotate char casts - Don't use sizeof(xmlChar) or sizeof(char) - Remove explicit integer casts ### Deprecations - parser: Deprecate more internal functions - parser: Deprecate some parser input functions - parser: Deprecate xmlString*DecodeEntities - threads: Deprecate some internal functions - buf: Deprecate static/immutable buffers - Deprecate internal parser functions - Deprecate old HTML SAX API - Generate deprecation warnings for old SAX API - Mark more functions setting globals as deprecated - Mark more parser functions as deprecated - Mark most SAX1 functions as deprecated - Deprecate some global variables ### Portability - autoconf: Warn about outdated C compilers - win32: Remove broken libxml2.def.src - Remove symbols from version script - catalog.c: Silence a cast warning on VS 2022 (Lukáš Tyrychtr) - libxml.h: Remove ancient LynxOS setup - Use python3 not python (Ross Burton) - xstc/fixup-tests.py: port to Python 3 (Ross Burton) - xstc/fixup-tests.py: unify whitespace (Ross Burton) - Remove hacky heuristic from b2dc5675 (Alex Richardson) - Avoid creating an out-of-bounds pointer by rewriting a check (Alex Richardson) - Hide internal functions - Correctly relocate internal pointers after realloc() (Alex Richardson) - Visual Studio builds: Allow silencing deprecation warnings (Chun-wei Fan) - Visual Studio: Define XML_DEPRECATED (Chun-wei Fan) - xmllint: Include on Windows - warnings: Work around MSVC bug - sources: Silence C4013 warnings on Visual Studio (Chun-wei Fan) - python/setup.py.in: Improve Windows import patching (Chun-wei Fan) - python: Create .pyd on Windows - Fix Python build on Windows - Fix Windows compiler warnings in python/types.c - Fix libxml_PyFileGet - Remove BeOS support - Fix libxml_PyFileGet with stdout on macOS - Migrate from PyEval_ to PyObject_ - Port build_glob.py to Python 3 - Port genChRanges.py to Python 3 - xmlexports.h: Remove LIBXML_FASTCALL optimization - Remove XMLCALL and XMLCDECL macros from public headers - Remove XMLDECL macro from .c files ### Build systems - cmake: Link against `dl` and `dld` only when `LIBXML2_WITH_MODULES` is enabled (Alexander Kutelev) - autotools: Fix make distcheck - Remove RPM build, Makefile.tests, README.tests - libxml.m4: deprecate AM_PATH_XML2, wrap PKG_CHECK_MODULES instead (Ross Burton) - libxml.m4: fix -Wstrict-prototypes (Sam James) - cmake: Build static library with -DLIBXML_STATIC - autotools: Don't use version script on Windows - autotools: Fix winsock detection - autotools: Only add network libraries if HTTP/FTP enabled - autotools: Disable parallel Python build - python: Don't output missing generators during build - build: Remove check for broken ss_family - http: Simplify IPv6 checks - autotools: Fix network checks on Windows - Fix detection of GNU libiconv - cmake: Fix Python installation - cmake: Don't check for Python 2 - configure.ac: Also check for MSYS host - Improve network library detection - Detect ws2_32 with AC_SEARCH_LIBS - Rework network configure checks - Remove arg cast configure checks - Fix dlopen check - Remove HAVE_WIN32_THREADS configuration flag - Rework dlopen and pthread detection - Fix test in configure.ac - cmake: Enable GCC compiler warnings - Always link with -no-undefined - Use AM_CFLAGS and AM_LDFLAGS consistently - Remove -Wredundant-decls - Call AC_CHECK_* with multiple arguments - configure.ac: Remove checks for unused programs - Rework library detection in configure.ac - Rearrange configure.ac - Consolidate zlib and lzma detection - Remove "runtime debugging" - Consolidate simple API modules in configure.ac - Fix dependency resolution in configure.ac - Fix --with-valid --without-regexps build - Fix --with-schemas --without-xpath build - Don't build unneeded .c source files - Move xmlIsXHTML to tree.c - Cleanup distribution settings in Makefile.am - Also clean *.pyc files for Python 2 - Don't distribute libxml2.spec ### Tests - testchar: Add test for memory pull parser with encoding - fuzz: Also test init function of URI fuzzer - fuzz: Separate fuzzer for DTD validation - gitlab-ci: Enable all "integer" sanitizers - fuzz: Inject random malloc failures - fuzz: Support variable integer sizes in fuzz data - fuzz: Fix duplicate detection in fuzzEntityRecorder - fuzz: Set filename in xmlFuzzEntityLoader - fuzz: Allow xmlFuzzReadString(NULL) - fuzz: Fix Makefile dependencies - fuzz: Add test/recurse to seed corpus - fuzz: Add separate XInclude fuzzer - runsuite: Some errors are expected - testrecurse: Test entity expansion stats - testapi.c: Initialize catalog early - gentest.py: Fix memory leak in API tests - tests: Enable "runsuite" test - python/tests/reader2: use absolute paths everywhere (Ross Burton) - python/tests/reader2: always exit(1) if a test fails (Ross Burton) - testModule: exit if the module can't be opened (Ross Burton) - CI: disable modules in gcc:static build (Ross Burton) - CI: fix CI on MinGW builds (Ross Burton) - python: Fix memory leak checks - tests: Check that xmlInitParser doesn't allocate memory - tests: Fix use-after-free in Python tests - tests: Remove unneeded #includes - gitlab-ci: Make Test-Msvc exit if ctest fails - gitlab-ci: Treat compiler warnings as errors on MSVC - test: Add test for push parser boundaries - gitlab-ci: Upgrade image to Ubuntu 22.10, reenable MSan - gitlab-ci: Reenable LeakSanitizer - gitlab-ci: Fix llvm-symbolizer - xinclude: Don't create result doc for test with errors - xinclude: Also test error messages - gitlab-ci: Allow cast-align warnings from clang - gitlab-ci: Fix tar invocation - gitlab-ci: Move MSVC test to separate script - gitlab-ci: Fix SUFFIX, remove MINGW_PATH - gitlab-ci: Consolidate CMake test scripts - gitlab-ci: Only install MinGW autotools if needed - gitlab-ci: Only install cmake MinGW package if needed - gitlab-ci: Install 7-Zip using the .msi - Use $MSYSTEM and 'bash -lc' in MinGW CI - Add CI job for MinGW/Autotools - Consolidate CI scripts - Allow empty MINGW_PACKAGE_PREFIX - Move Dockerfile to .gitlab-ci directory - testapi: Disable on Windows for now - Disable fuzzer tests if glob.h wasn't found - Move automata test to runtest.c - Fix testapi when building --without-sax1 # Documentation - doc: Remove ancient files - Remove ancient TODOs - html: Fix htmlInitAutoClose documentation - doc: Mention new location of XML catalog as breaking change - doc: Mention potentially breaking changes in NEWS - doc: Remove xmlDllMain from documentation and version script - doc: Mention ${sysconfdir} in man pages - doc: Document xmlcatalog --convert - doc: Document xmllint --nodict and --pedantic - doc: Fix indentation in source XML files - xmllint: Document --quiet option - Improve cross-references in API docs - Improve documentation of globals - Fix documentation parser - Support comments for global variables in documentation - Fix update call in apibuild.py - Don't index anything in DOC_DISABLE sections - Fix warnings from apibuild.py - Start with documentation for maintainers v2.10.4: Apr 11 2023 ### Security - [CVE-2023-29469] Hashing of empty dict strings isn't deterministic - [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType - schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK ### Regressions - SAX2: Ignore namespaces in HTML documents - io: Fix "buffer full" error with certain buffer sizes v2.10.3: Oct 14 2022 ### Security - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE - Fix overflow check in SAX2.c ### Portability - win32: Fix build with VS2013 ### Build system - cmake: Set SOVERSION v2.10.2: Aug 29 2022 ### Improvements - Remove set-but-unused variable in xmlXPathScanName - Silence -Warray-bounds warning ### Build system - build: require automake-1.16.3 or later (Xi Ruoyao) - Remove generated files from distribution ### Test suite - Don't create missing.xml when running testapi v2.10.1: Aug 25 2022 ### Regressions - Fix xmlCtxtReadDoc with encoding ### Bug fixes - Fix HTML parser with threads and --without-legacy ### Build system - Fix build with Python 3.10 - cmake: Disable version script on macOS - Remove Makefile rule to build testapi.c ### Documentation - Switch back to HTML output for API documentation - Port doc/examples/index.py to Python 3 - Fix order of exports in libxml2-api.xml - Remove libxml2-refs.xml v2.10.0: Aug 17 2022 ### Breaking changes The Docbook parser module and all related symbols habe been removed completely. This was experimental code which never worked and generated a deprecation warning for 15+ years. The library's soname wasn't changed in order to allow seamless upgrades to later versions. If this concerns you, consider bumping soname yourself. Some other modules are now disabled by default and will eventually be removed completely: - Support for XPointer locations (ranges and points): This was based on a W3C specification which never got beyond Working Draft status. To my knowledge, there's no software supporting this spec which is still maintained. You now have to enable this code by passing the `--with-xptr-locs` configuration option. Be warned that this part of the code base is buggy and had many security issues in the past. - Support for the built-in FTP client (`--with-ftp`). - Support for "legacy" functions (`--with-legacy`). If you're concerned about ABI stability and haven't disabled these modules already, add the following configuration options or bump soname yourself: --with-ftp --with-legacy --with-xptr-locs Several functions of the public API were deprecated. Most of them should be completely unused and will generate a deprecation warning now. The autoconf build now uses the sysconfdir variable for the location of the default catalog file. The path changed from hardcoded /etc/xml/catalog to ${sysconfdir}/xml/catalog. The sysconfdir variable defaults to ${prefix}/etc, prefix defaults to /usr/local, so without other options the path becomes /usr/local/etc/xml/catalog. If you want the old behavior, configure with --sysconfdir=/etc ### Security - [CVE-2022-2309] Reset nsNr in xmlCtxtReset - Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer (David Kilzer) - Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer) - Fix integer overflow in xmlBufferDump() (David Kilzer) - xmlBufAvail() should return length without including a byte for NUL terminator (David Kilzer) - Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David Kilzer) - Use xmlNewDocText in xmlXIncludeCopyRange - Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser (David Kilzer) - Use UPDATE_COMPAT() consistently in buf.c (David Kilzer) - fix: xmlXPathParserContext could be double-delete in OOM case. (jinsub ahn) ### Removals and deprecations - Disable XPointer location support by default - Remove outdated xml2Conf.sh - Deprecate module init and cleanup functions - Remove obsolete XML Software Autoupdate (XSA) file - Remove DOCBparser - Remove obsolete Python test framework - Remove broken VxWorks support - Remove broken Mac OS 9 support - Remove broken bakefile support - Remove broken Visual Studio 2010 support - Remove broken Windows CE support - Deprecate IDREF-related functions in valid.h - Deprecate legacy functions - Disable legacy support by default - Deprecate all functions in nanoftp.h - Disable FTP support by default - Add XML_DEPRECATED macro - Remove elfgcchack.h ### Regressions - Skip incorrectly opened HTML comments - Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer) ### Bug fixes - Fix memory leak with invalid XSD - Make XPath depth check work with recursive invocations - Fix memory leak in xmlLoadEntityContent error path - Avoid double-free if malloc fails in inputPush - Properly fold whitespace around the QName value when validating an XSD schema. (Damjan Jovanovic) - Add whitespace folding for some atomic data types that it's missing on. (Damjan Jovanovic) - Don't add IDs containing unexpanded entity references ### Improvements - Avoid calling xmlSetTreeDoc - Simplify xmlFreeNode - Don't reset nsDef when changing node content - Fix unintended fall-through in xmlNodeAddContentLen - Remove unused xmlBuf functions (David Kilzer) - Implement xpath1() XPointer scheme - Add configuration flag for XPointer locations support - Fix compiler warnings in Python code - Mark more static data as `const` (David Kilzer) - Make xmlStaticCopyNode non-recursive - Clean up encoding switching code - Simplify recursive pthread mutex - Use non-recursive mutex in dict.c - Fix parser progress checks - Avoid arithmetic on freed pointers - Improve buffer allocation scheme - Remove unneeded #includes - Add support for some non-standard escapes in regular expressions. (Damjan Jovanovic) - htmlParseComment: handle abruptly-closed comments (Mike Dalessio) - Add let variable tag support (Oliver Diehl) - Add value-of tag support (Oliver Diehl) - Remove useless call to xmlRelaxNGCleanupTypes - Don't include ICU headers in public headers - Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio) - Fix unused variable warnings with disabled features - Only warn on invalid redeclarations of predefined entities - Remove unneeded code in xmlreader.c - Rework validation context flags ### Portability - Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin) - Fix Python tests on macOS - Fix xmlCleanupThreads on Windows - Fix reinitialization of library on Windows - Don't mix declarations and code in runtest.c - Use portable python shebangs (David Seifert) - Use critical sections as mutex on Windows - Don't set HAVE_WIN32_THREADS in win32config.h - Use stdint.h with newer MSVC - Remove cruft from win32config.h - Remove isinf/isnan emulation in win32config.h - Always fopen files with "rb" - Remove __DJGPP__ checks - Remove useless __CYGWIN__ checks ### Build system - Don't autogenerate doc/examples/Makefile.am - cmake: Install libxml.m4 on UNIX-like platforms (Daniel E) - cmake: Use symbol versioning on UNIX-like platforms (Daniel E) - Port genUnicode.py to Python 3 - Port gentest.py to Python 3 - cmake: Fix build without thread support - cmake: Install documentation in CMAKE_INSTALL_DOCDIR - cmake: Remove non needed files in docs dir (Daniel E) - configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set (Christopher Degawa) - Move local Autoconf macros into m4 directory - Use XML_PRIVATE_LIBS in libxml2_la_LIBADD - Update libxml-2.0-uninstalled.pc.in - Remove LIBS from XML_PRIVATE_LIBS - Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS - Don't overlink executables - cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg) - build: Make use of variables in libxml's pkg-config file (Daniel Engberg) - Avoid obsolescent `test -a` constructs (David Seifert) - Move AM_MAINTAINER_MODE to AM section - configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert) - Streamline documentation installation - Don't try to recreate COPYING symlink - Detect libm using libtool's macros (David Seifert) - configure.ac: disable static libraries by default (David Seifert) - python/Makefile.am: nest python docs in $(docdir) (David Seifert) - python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert) - Makefile.am: install examples more idiomatically (David Seifert) - configure.ac: remove useless AC_SUBST (David Seifert) - Respect `--sysconfdir` in source files (David Seifert) - Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin) - Only install *.html and *.c example files - Remove --with-html-dir option - Rework documentation build system - Remove old website - Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert) - Update genChRanges.py - Update build_glob.py - Remove ICONV_CONST test - Remove obsolete AC_HEADER checks - Don't check for standard C89 library functions - Don't check for standard C89 headers - Remove special configuration for certain maintainers ### Test suite, CI - Disable network in API tests - testapi: remove leading slash from "/missing.xml" (Mike Gilbert) - Build Autotools CI tests out of source tree (VPATH) - Add --with-minimum build to CI tests - Fix warnings when testing --with-minimum build - cmake: Run all tests when threads are disabled - Also build CI tests with -Werror - Move doc/examples tests to new test suite - Simplify 'make check' targets - Fix schemas and relaxng tests - Remove unused result files - Allow missing result files in runtest - Move regexp tests to runtest - Move SVG tests to runtest.c - Move testModule to new test suite - Move testThreads to new test suite - Remove major parts of old test suite - Make testchar return an error on failure (Tony Tascioglu) - Add CI job for static build - python/tests: open() relative to test scripts (David Seifert) - Port some test scripts to Python 3 ### Documentation - Improve documentation of tree manipulation API - Update xml2-config man page - Consolidate man pages - Rename xmlcatalog_man.xml - Make examples a standalone HTML page - Fix documentation in entities.c - Add note about optimization flags v2.9.14: May 02 2022: - Security: [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer Fix potential double-free in xmlXPtrStringRangeFunction Fix memory leak in xmlFindCharEncodingHandler Normalize XPath strings in-place Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer) Fix leak of xmlElementContent (David Kilzer) - Bug fixes: Fix parsing of subtracted regex character classes Fix recursion check in xinclude.c Reset last error in xmlCleanupGlobals Fix certain combinations of regex range quantifiers Fix range quantifier on subregex - Improvements: Fix recovery from invalid HTML start tags - Build system, portability: Define LFS macros before including system headers Initialize XPath floating-point globals configure: check for icu DEFS (James Hilliard) configure.ac: produce tar.xz only (GNOME policy) (David Seifert) CMakeLists.txt: Fix LIBXML_VERSION_NUMBER Fix build with older Python versions Fix --without-valid build v2.9.13: Feb 19 2022: - Security: [CVE-2022-23308] Use-after-free of ID and IDREF attributes (Thanks to Shinji Sato for the report) Use-after-free in xmlXIncludeCopyRange (David Kilzer) Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong) Fix memory leak in xmlXPathCompNodeTest Fix null pointer deref in xmlStringGetNodeList Fix several memory leaks found by Coverity (David King) - Fixed regressions: Fix regression in RelaxNG pattern matching Properly handle nested documents in xmlFreeNode Fix regression with PEs in external DTD Fix random dropping of characters on dumping ASCII encoded XML (Mohammad Razavi) Revert "Make schema validation fail with multiple top-level elements" Fix regression when parsing invalid HTML tags in push mode Fix regression parsing public IDs literals in HTML Fix buffering in xmlOutputBufferWrite Fix whitespace when serializing empty HTML documents Fix XPath recursion limit Fix regression in xmlNodeDumpOutputInternal Work around lxml API abuse - Bug fixes: Fix xmlSetTreeDoc with entity references Fix double counting of CRLF in comments Make sure to grow input buffer in xmlParseMisc Don't ignore xmllint options after "-" Don't normalize namespace URIs in XPointer xmlns() scheme Fix handling of XSD with empty namespace Also register HTML document nodes Make xmllint return an error if arguments are missing Fix handling of ctxt->base in xmlXPtrEvalXPtrPart Fix xmllint --maxmem Fix htmlReadFd, which was using a mix of xml and html context functions (Finn Barber) Move current position before possible calling of ctxt->sax->characters (Yulin Li) Fix parse failure when 4-byte character in UTF-16 BE is split across a chunk (David Kilzer) Patch to forbid epsilon-reduction of final states (Arne Becker) Avoid segfault at exit when using custom memory functions (Mike Dalessio) - Tests, code quality, fuzzing: Remove .travis.yml Make xmlFuzzReadString return a zero size in error case Fix unused function warning in testapi.c Update NewsML DTD in test suite Add more checks for malloc failures in xmllint.c Avoid potential integer overflow in xmlstring.c Run CI tests with UBSan implicit-conversion checks Fix casting of line numbers in SAX2.c Fix integer conversion warnings in hash.c Add explicit casts in runtest.c Fix integer conversion warning in xmlIconvWrapper Add suffix to unsigned constant in xmlmemory.c Add explicit casts in testchar.c Fix integer conversion warnings in xmlstring.c Add explicit cast in xmlURIUnescapeString Remove unused variable in xmlCharEncOutFunc (David King) - Build system, portability: Remove xmlwin32version.h Fix fuzzer test with VPATH build Support custom prefix when installing Python module Remove Makefile.win Remove CVS and SVN-related code Port python 3.x module to Windows and improve distutils (Chun-wei Fan) Correctly install the HTML examples into their subdirectory (Mattia Rizzolo) Refactor the settings of $docdir (Mattia Rizzolo) Remove unused configure checks (Ben Boeckel) python/Makefile.am: use *_LIBADD, not *_LDFLAGS for LIBS (Sam James) Fix check for libtool in autogen.sh Use version in configure.ac for CMake (Timothy Lyanguzov) Add CMake alias targets for embedded projects (Markus Rickert) - Documentation: Remove SVN keyword anchors Rework README Remove README.cvs-commits Remove old ChangeLog Update hyperlinks Remove README.docs Remove MAINTAINERS Remove xmltutorial.pdf Upload documentation to GitLab pages Document how to escape XML_CATALOG_FILES Fix libxml2.doap Update URL for libxml++ C++ binding (Kjell Ahlstedt) Generate devhelp2 index file (Emmanuele Bassi) Mention XML_CATALOG_FILES is space-separated (Jan Tojnar) Add documentaiton for xmllint exit code 10 (Rainer Canavan) Fix some validation errors in the FAQ (David King) Add instructions on how to use CMake to compile libxml (Markus Rickert) v2.9.12: May 13 2021: - Build system: Add fuzz.h and seed/regexp to EXTRA_DIST v2.9.11: May 13 2021: - Security: Patch for security issue CVE-2021-3541 (Daniel Veillard) - Documentation: Clarify xmlNewDocProp documentation (Nick Wellnhofer) - Portability: CMake: Only add postfixes if MSVC (Christopher Degawa), Fix XPath NaN/Inf for older GCC versions (Nick Wellnhofer), Use CMake PROJECT_VERSION (Markus Rickert), Fix warnings in libxml.m4 with autoconf 2.70+. (Simon Josefsson), Add CI for CMake on MSVC (Markus Rickert), Update minimum required CMake version (Markus Rickert), Add variables for configured options to CMake config files (Markus Rickert), Check if variables exist when defining targets (Markus Rickert), Check if target exists when reading target properties (Markus Rickert), Add xmlcatalog target and definition to config files (Markus Rickert), Remove include directories for link-only dependencies (Markus Rickert), Fix ICU build in CMake (Markus Rickert), Configure pkgconfig, xml2-config, and xml2Conf.sh file (Markus Rickert), Update CMake config files (Markus Rickert), Add xmlcatalog and xmllint to CMake export (Markus Rickert), Simplify xmlexports.h (Nick Wellnhofer), Require dependencies based on enabled CMake options (Markus Rickert), Use NAMELINK_COMPONENT in CMake install (Markus Rickert), Add CMake files to EXTRA_DIST (Markus Rickert), Add missing compile definition for static builds to CMake (Markus Rickert), Add CI for CMake on Linux and MinGW (Markus Rickert), Fix variable name in win32/configure.js (Nick Wellnhofer), Fix version parsing in win32/configure.js (Nick Wellnhofer), Fix autotools warnings (Nick Wellnhofer), Update config.h.cmake.in (Markus Rickert), win32: allow passing *FLAGS on command line (Michael Stahl), Configure file xmlwin32version.h.in on MSVC (Markus Rickert), List headers individually (Markus Rickert), Add CMake build files (Markus Rickert), Parenthesize Py_Check() in ifs (Miro Hrončok), Minor fixes to configure.js (Nick Wellnhofer) - Bug Fixes: Fix null deref in legacy SAX1 parser (Nick Wellnhofer), Fix handling of unexpected EOF in xmlParseContent (Nick Wellnhofer), Fix line numbers in error messages for mismatched tags (Nick Wellnhofer), Fix htmlTagLookup (Nick Wellnhofer), Propagate error in xmlParseElementChildrenContentDeclPriv (Nick Wellnhofer), Fix user-after-free with `xmllint --xinclude --dropdtd` (Nick Wellnhofer), Fix dangling pointer with `xmllint --dropdtd` (Nick Wellnhofer), Validate UTF8 in xmlEncodeEntities (Joel Hockey), Fix use-after-free with `xmllint --html --push` (Nick Wellnhofer), Allow FP division by zero in xmlXPathInit (Nick Wellnhofer), Fix xmlGetNodePath with invalid node types (Nick Wellnhofer), Fix exponential behavior with recursive entities (Nick Wellnhofer), Fix quadratic behavior when looking up xml:* attributes (Nick Wellnhofer), Fix slow parsing of HTML with encoding errors (Nick Wellnhofer), Fix null deref introduced with previous commit (Nick Wellnhofer), Check for invalid redeclarations of predefined entities (Nick Wellnhofer), Add the copy of type from original xmlDoc in xmlCopyDoc() (SVGAnimate), parser.c: shrink the input buffer when appropriate (Mike Dalessio), Fix infinite loop in HTML parser introduced with recent commits (Nick Wellnhofer), Fix quadratic runtime when parsing CDATA sections (Nick Wellnhofer), Fix timeout when handling recursive entities (Nick Wellnhofer), Fix memory leak in xmlParseElementMixedContentDecl (Nick Wellnhofer), Fix null deref in xmlStringGetNodeList (Nick Wellnhofer), use new htmlParseLookupCommentEnd to find comment ends (Mike Dalessio), htmlParseComment: treat `--!>` as if it closed the comment (Mike Dalessio), Fix integer overflow in xmlSchemaGetParticleTotalRangeMin (Nick Wellnhofer), encoding: fix memleak in xmlRegisterCharEncodingHandler() (Xiaoming Ni), xmlschemastypes.c: xmlSchemaGetFacetValueAsULong add, check "facet->val" (Xiaoming Ni), Fix null pointer deref in xmlXPtrRangeInsideFunction (Nick Wellnhofer), Fix quadratic runtime in HTML push parser with null bytes (Nick Wellnhofer), Avoid quadratic checking of identity-constraints (Michael Matz), Fix building with ICU 68. (Frederik Seiffert), Convert python/libxml.c to PY_SSIZE_T_CLEAN (Victor Stinner), Fix xmlURIEscape memory leaks. (Elliott Hughes), Avoid call stack overflow with XML reader and recursive XIncludes (Nick Wellnhofer), Fix caret in regexp character group (Nick Wellnhofer), parser.c: xmlParseCharData peek behavior fixed wrt newlines (Mike Dalessio), Fix memory leaks in XPointer string-range function (Nick Wellnhofer), Fix use-after-free when XIncluding text from Reader (Nick Wellnhofer), Fix SEGV in xmlSAXParseFileWithData (yanjinjq), Fix null deref in XPointer expression error path (Nick Wellnhofer), Don't call xmlXPathInit directly (Nick Wellnhofer), Fix cleanup of attributes in XML reader (Nick Wellnhofer), Fix double free in XML reader with XIncludes (Nick Wellnhofer), Fix memory leak in xmlXIncludeAddNode error paths (Nick Wellnhofer), Revert "Fix quadratic runtime in xi:fallback processing" (Nick Wellnhofer), Fix error reporting with xi:fallback (Nick Wellnhofer), Fix quadratic runtime in xi:fallback processing (Nick Wellnhofer), Fix corner case with empty xi:fallback (Nick Wellnhofer), Fix XInclude regression introduced with recent commit (Nick Wellnhofer), Fix memory leak in runtest.c (Nick Wellnhofer), Make "xmllint --push --recovery" work (Nick Wellnhofer), Revert "Do not URI escape in server side includes" (Nick Wellnhofer), Fix column number accounting in xmlParse*NameAndCompare (Nick Wellnhofer), Stop counting nbChars in parser context (Nick Wellnhofer), Fix out-of-bounds read with 'xmllint --htmlout' (Nick Wellnhofer), Fix exponential runtime and memory in xi:fallback processing (Nick Wellnhofer), Don't process siblings of root in xmlXIncludeProcess (Nick Wellnhofer), Don't recurse into xi:include children in xmlXIncludeDoProcess (Nick Wellnhofer), Fix memory leak in xmlXIncludeIncludeNode error paths (Nick Wellnhofer), Check for custom free function in global destructor (Nick Wellnhofer), Fix integer overflow when comparing schema dates (Nick Wellnhofer), Fix exponential runtime in xmlFARecurseDeterminism (Nick Wellnhofer), Don't try to handle namespaces when building HTML documents (Nick Wellnhofer), Fix several quadratic runtime issues in HTML push parser (Nick Wellnhofer), Fix quadratic runtime when push parsing HTML start tags (Nick Wellnhofer), Reset XML parser input before reporting errors (David Kilzer), Fix quadratic runtime when push parsing HTML entity refs (Nick Wellnhofer), Fix HTML push parser lookahead (Nick Wellnhofer), Make htmlCurrentChar always translate U+0000 (Nick Wellnhofer), Fix UTF-8 decoder in HTML parser (Nick Wellnhofer), Fix quadratic runtime when parsing HTML script content (Nick Wellnhofer), Reset HTML parser input before reporting error (Nick Wellnhofer), Fix more quadratic runtime issues in HTML push parser (Nick Wellnhofer), Fix regression introduced with 477c7f6a (Nick Wellnhofer), Fix quadratic runtime in HTML parser (Nick Wellnhofer), Reset HTML parser input before reporting encoding error (Nick Wellnhofer), Fix integer overflow in xmlFAParseQuantExact (Nick Wellnhofer), Fix return value of xmlC14NDocDumpMemory (Nick Wellnhofer), Don't follow next pointer on documents in xmlXPathRunStreamEval (Nick Wellnhofer), Fix integer overflow in _xmlSchemaParseGYear (Nick Wellnhofer), Fix integer overflow when parsing {min,max}Occurs (Nick Wellnhofer), Fix another memory leak in xmlSchemaValAtomicType (Nick Wellnhofer), Fix unsigned integer overflow in htmlParseTryOrFinish (Nick Wellnhofer), Fix integer overflow in htmlParseCharRef (Nick Wellnhofer), Fix undefined behavior in UTF16LEToUTF8 (Nick Wellnhofer), Fix return value of xmlCharEncOutput (Nick Wellnhofer), Never expand parameter entities in text declaration (Nick Wellnhofer), Fix undefined behavior in xmlXPathTryStreamCompile (Nick Wellnhofer), Fix use-after-free with validating reader (Nick Wellnhofer), xmlParseBalancedChunkMemory must not be called with NULL doc (Nick Wellnhofer), Revert "Fix memory leak in xmlParseBalancedChunkMemoryRecover" (Nick Wellnhofer), Fix memory leak in xmlXIncludeLoadDoc error path (Nick Wellnhofer), Make schema validation fail with multiple top-level elements (Nick Wellnhofer), Call xmlCleanupParser on ELF destruction (Samuel Thibault), Fix copying of entities in xmlParseReference (Nick Wellnhofer), Fix memory leak in xmlSchemaValidateStream (Zhipeng Xie), Fix xmlSchemaGetCanonValue formatting for date and dateTime (Kevin Puetz), Fix memory leak when shared libxml.dll is unloaded (Kevin Puetz), Fix potentially-uninitialized critical section in Win32 DLL builds (Kevin Puetz), Fix integer overflow in xmlBufferResize (Nick Wellnhofer), Check for overflow when allocating two-dimensional arrays (Nick Wellnhofer), Remove useless comparisons (Nick Wellnhofer), Fix overflow check in xmlNodeDump (Nick Wellnhofer), Fix infinite loop in xmlStringLenDecodeEntities (Zhipeng Xie), Fix freeing of nested documents (Nick Wellnhofer), Fix more memory leaks in error paths of XPath parser (Nick Wellnhofer), Fix memory leaks of encoding handlers in xmlsave.c (Nick Wellnhofer), Fix xml2-config error code (Nick Wellnhofer), Fix memory leak in error path of XPath expr parser (Nick Wellnhofer), Fix overflow handling in xmlBufBackToBuffer (Nick Wellnhofer), Null pointer handling in catalog.c (raniervf), xml2-config.in: fix regressions introduced by commit 2f2bf4b2c (Dmitry V. Levin) - Improvements: Store per-element parser state in a struct (Nick Wellnhofer), update for xsd:language type check (PaulHiggs), Update INSTALL.libxml2 (Nick Wellnhofer), Fix include order in c14n.h (Nick Wellnhofer), Fix duplicate xmlStrEqual calls in htmlParseEndTag (Nick Wellnhofer), Speed up htmlCheckAutoClose (Nick Wellnhofer), Speed up htmlTagLookup (Nick Wellnhofer), Stop checking attributes for UTF-8 validity (Nick Wellnhofer), Reduce some fuzzer timeouts (Nick Wellnhofer), Only run a few CI tests unless scheduled (Nick Wellnhofer), Improve fuzzer stability (Nick Wellnhofer), Check for feature flags in fuzzer tests (Nick Wellnhofer), Another attempt at improving fuzzer stability (Nick Wellnhofer), Revert "Improve HTML fuzzer stability" (Nick Wellnhofer), Add charset names to fuzzing dictionaries (Nick Wellnhofer), Improve HTML fuzzer stability (Nick Wellnhofer), Add CI for MSVC x86 (Markus Rickert), Add a flag to not output anything when xmllint succeeded (hhb), Speed up HTML fuzzer (Nick Wellnhofer), Remove unused encoding parameter of HTML output functions (Nick Wellnhofer), Handle malloc failures in fuzzing code (Nick Wellnhofer), add test coverage for incorrectly-closed comments (Mike Dalessio), Enforce maximum length of fuzz input (Nick Wellnhofer), Remove temporary members from struct _xmlXPathContext (Nick Wellnhofer), Build the Python extension with PY_SSIZE_T_CLEAN (Victor Stinner), Add CI test for Python 3 (Nick Wellnhofer), Add fuzzing dictionaries to EXTRA_DIST (Nick Wellnhofer), Add 'fuzz' subdirectory to DIST_SUBDIRS (Nick Wellnhofer), Allow port numbers up to INT_MAX (Nick Wellnhofer), Handle dumps of corrupted documents more gracefully (Nick Wellnhofer), Limit size of free lists in XML reader when fuzzing (Nick Wellnhofer), Hardcode maximum XPath recursion depth (Nick Wellnhofer), Pass URL of main entity in XML fuzzer (Nick Wellnhofer), Consolidate seed corpus generation (Nick Wellnhofer), Test fuzz targets with dummy driver (Nick Wellnhofer), Fix regression introduced with commit d88df4b (Nick Wellnhofer), Fix regression introduced with commit 74dcc10b (Nick Wellnhofer), Add TODO comment in xinclude.c (Nick Wellnhofer), Stop using maxParserDepth in xpath.c (Nick Wellnhofer), Remove dead code in xinclude.c (Nick Wellnhofer), Don't add formatting newlines to XInclude nodes (Nick Wellnhofer), Don't use SAX1 if all element handlers are NULL (Nick Wellnhofer), Remove unneeded progress checks in HTML parser (Nick Wellnhofer), Use strcmp when fuzzing (Nick Wellnhofer), Fix XPath fuzzer (Nick Wellnhofer), Fuzz XInclude engine (Nick Wellnhofer), Add XPath and XPointer fuzzer (Nick Wellnhofer), Update fuzzing code (Nick Wellnhofer), More *NodeDumpOutput fixes (Nick Wellnhofer), Fix *NodeDumpOutput functions (Nick Wellnhofer), Make xmlNodeDumpOutputInternal non-recursive (Nick Wellnhofer), Make xhtmlNodeDumpOutput non-recursive (Nick Wellnhofer), Make htmlNodeDumpFormatOutput non-recursive (Nick Wellnhofer), Fix .gitattributes (Nick Wellnhofer), Rework control flow in htmlCurrentChar (Nick Wellnhofer), Make 'xmllint --html --push -' read from stdin (Nick Wellnhofer), Remove misleading comments in xpath.c (Nick Wellnhofer), Update to Devhelp index file format version 2 (Andre Klapper), Set project language to C (Markus Rickert), Add variable for working directory of XML Conformance Test Suite (Markus Rickert), Add additional tests and XML Conformance Test Suite (Markus Rickert), Add command line option for temp directory in runtest (Markus Rickert), Ensure LF line endings for test files (Markus Rickert), Enable runtests and testThreads (Markus Rickert), Limit regexp nesting depth (Nick Wellnhofer), Fix return values and documentation in encoding.c (Nick Wellnhofer), Add regexp regression tests (David Kilzer), Report error for invalid regexp quantifiers (Nick Wellnhofer), Fix rebuilding docs, by hiding __attribute__((...)) behind a macro. (Martin Vidner), Copy xs:duration parser from libexslt (Nick Wellnhofer), Fuzz target for XML Schemas (Nick Wellnhofer), Move entity recorder to fuzz.c (Nick Wellnhofer), Fuzz target for HTML parser (Nick Wellnhofer), Update GitLab CI container (Nick Wellnhofer), Add options file for xml fuzzer (Nick Wellnhofer), Add a couple of libFuzzer targets (Nick Wellnhofer), Guard new calls to xmlValidatePopElement in xml_reader.c (Daniel Cheng), Add LIBXML_VALID_ENABLED to xmlreader (Łukasz Wojniłowicz), Fix typos (Nick Wellnhofer), Disable LeakSanitizer (Nick Wellnhofer), Stop calling SAX getEntity handler from XMLReader (Nick Wellnhofer), Add test case for recursive external parsed entities (Nick Wellnhofer), Enable error tests with entity substitution (Nick Wellnhofer), Don't load external entity from xmlSAX2GetEntity (Nick Wellnhofer), Merge code paths loading external entities (Nick Wellnhofer), Copy some XMLReader option flags to parser context (Nick Wellnhofer), Add xmlPopOutputCallbacks (Nick Wellnhofer), Updated Python test reader2.py (Pieter van Oostrum), Updated python/tests/tstLastError.py (Pieter van Oostrum), Use random seed in xmlDictComputeFastKey (Ranier Vilela), Enable more undefined behavior sanitizers (Nick Wellnhofer) v2.9.10: Oct 30 2019: - Documentation: Fix a few more typos ("fonction") (Nick Wellnhofer), Large batch of typo fixes (Jared Yanovich), Fix typos: tree: move{ -> s}, reconcil{i -> }ed, h{o -> e}ld by... (Jan Pokorný), Fix typo: xpath: simpli{ -> fi}ed (Jan Pokorný), Doc: do not mislead towards "infeasible" scenario wrt. xmlBufNodeDump (Jan Pokorný), Fix comments in test code (zhouzhongyuan), fix comment in testReader.c (zhouzhongyuan) - Portability: Fix some release issues on Fedora 30 (Daniel Veillard), Fix exponent digits when running tests under old MSVC (Daniel Richard G), Work around buggy ceil() function on AIX (Daniel Richard G), Don't call printf with NULL string in runtest.c (Daniel Richard G), Switched from unsigned long to ptrdiff_t in parser.c (Stephen Chenney), timsort.h: support older GCCs (Jérôme Duval), Make configure.ac work with older pkg-config (Nick Wellnhofer), Stop defining _REENTRANT on some Win32 platforms (Nick Wellnhofer), Fix nanohttp.c on MinGW (Nick Wellnhofer), Fix Windows compiler warning in testC14N.c (Nick Wellnhofer), Merge testThreadsWin32.c into testThreads.c (Nick Wellnhofer), Fix Python bindings under Windows (Nick Wellnhofer) - Bug Fixes: Another fix for conditional sections at end of document (Nick Wellnhofer), Fix for conditional sections at end of document (Nick Wellnhofer), Make sure that Python tests exit with error code (Nick Wellnhofer), Audit memory error handling in xpath.c (Nick Wellnhofer), Fix error code in xmlTextWriterStartDocument (Nick Wellnhofer), Fix integer overflow when counting written bytes (Nick Wellnhofer), Fix uninitialized memory access in HTML parser (Nick Wellnhofer), Fix memory leak in xmlSchemaValAtomicType (Nick Wellnhofer), Disallow conditional sections in internal subset (Nick Wellnhofer), Fix use-after-free in xmlTextReaderFreeNodeList (Nick Wellnhofer), Fix Regextests (Nick Wellnhofer), Fix empty branch in regex (Nick Wellnhofer), Fix integer overflow in entity recursion check (Nick Wellnhofer), Don't read external entities or XIncludes from stdin (Nick Wellnhofer), Fix Schema determinism check of ##other namespaces (Nick Wellnhofer), Fix potential null deref in xmlSchemaIDCFillNodeTables (zhouzhongyuan), Fix potential memory leak in xmlBufBackToBuffer (Nick Wellnhofer), Fix error message when processing XIncludes with fallbacks (Nick Wellnhofer), Fix memory leak in xmlRegEpxFromParse (zhouzhongyuan), 14:00 is a valid timezone for xs:dateTime (Nick Wellnhofer), Fix memory leak in xmlParseBalancedChunkMemoryRecover (Zhipeng Xie), Fix potential null deref in xmlRelaxNGParsePatterns (Nick Wellnhofer), Misleading error message with xs:{min|max}Inclusive (bettermanzzy), Fix memory leak in xmlXIncludeLoadTxt (Wang Kirin), Partial fix for comparison of xs:durations (Nick Wellnhofer), Fix null deref in xmlreader buffer (zhouzhongyuan), Fix unability to RelaxNG-validate grammar with choice-based name class (Jan Pokorný), Fix unability to validate ambiguously constructed interleave for RelaxNG (Jan Pokorný), Fix possible null dereference in xmlXPathIdFunction (zhouzhongyuan), fix memory leak in xmlAllocOutputBuffer (zhouzhongyuan), Fix unsigned int overflow (Jens Eggerstedt), dict.h: gcc 2.95 doesn't allow multiple storage classes (Nick Wellnhofer), Fix another code path in xmlParseQName (Nick Wellnhofer), Make sure that xmlParseQName returns NULL in error case (Nick Wellnhofer), Fix build without reader but with pattern (Nick Wellnhofer), Fix memory leak in xmlAllocOutputBufferInternal error path (Nick Wellnhofer), Fix unsigned integer overflow (Nick Wellnhofer), Fix return value of xmlOutputBufferWrite (Nick Wellnhofer), Fix parser termination from "Double hyphen within comment" error (David Warring), Fix call stack overflow in xmlFreePattern (Nick Wellnhofer), Fix null deref in previous commit (Nick Wellnhofer), Fix memory leaks in xmlXPathParseNameComplex error paths (Nick Wellnhofer), Check for integer overflow in xmlXPtrEvalChildSeq (Nick Wellnhofer), Fix xmllint dump of XPath namespace nodes (Nick Wellnhofer), Fix float casts in xmlXPathSubstringFunction (Nick Wellnhofer), Fix null deref in xmlregexp error path (Nick Wellnhofer), Fix null pointer dereference in xmlTextReaderReadOuterXml (Nick Wellnhofer), Fix memory leaks in xmlParseStartTag2 error paths (Nick Wellnhofer), Fix memory leak in xmlSAX2StartElement (Nick Wellnhofer), Fix commit "Memory leak in xmlFreeID (xmlreader.c)" (Nick Wellnhofer), Fix NULL pointer deref in xmlTextReaderValidateEntity (Nick Wellnhofer), Memory leak in xmlFreeTextReader (Nick Wellnhofer), Memory leak in xmlFreeID (xmlreader.c) (Nick Wellnhofer) - Improvements: Run XML conformance tests under CI (Nick Wellnhofer), Update GitLab CI config (Nick Wellnhofer), Propagate memory errors in valuePush (Nick Wellnhofer), Propagate memory errors in xmlXPathCompExprAdd (Nick Wellnhofer), Make xmlFreeDocElementContent non-recursive (Nick Wellnhofer), Enable continuous integration via GitLab CI (Nick Wellnhofer), Avoid ignored attribute warnings under GCC (Nick Wellnhofer), Make xmlDumpElementContent non-recursive (Nick Wellnhofer), Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE (Nick Wellnhofer), Mark xmlExp* symbols as removed (Nick Wellnhofer), Make xmlParseConditionalSections non-recursive (Nick Wellnhofer), Adjust expected error in Python tests (Nick Wellnhofer), Make xmlTextReaderFreeNodeList non-recursive (Nick Wellnhofer), Make xmlFreeNodeList non-recursive (Nick Wellnhofer), Make xmlParseContent and xmlParseElement non-recursive (Nick Wellnhofer), Remove executable bit from non-executable files (Nick Wellnhofer), Fix expected output of test/schemas/any4 (Nick Wellnhofer), Optimize build instructions in README (zhouzhongyuan), xml2-config.in: Output CFLAGS and LIBS on the same line (Hugh McMaster), xml2-config: Add a --dynamic switch to print only shared libraries (Hugh McMaster), Annotate functions with __attribute__((no_sanitize)) (Nick Wellnhofer), Fix warnings when compiling without reader or push parser (Nick Wellnhofer), Remove unused member `doc` in xmlSaveCtxt (Nick Wellnhofer), Limit recursion depth in xmlXPathCompOpEvalPredicate (Nick Wellnhofer), Remove -Wno-array-bounds (Nick Wellnhofer), Remove unreachable code in xmlXPathCountFunction (Nick Wellnhofer), Improve XPath predicate and filter evaluation (Nick Wellnhofer), Limit recursion depth in xmlXPathOptimizeExpression (Nick Wellnhofer), Disable hash randomization when fuzzing (Nick Wellnhofer), Optional recursion limit when parsing XPath expressions (Nick Wellnhofer), Optional recursion limit when evaluating XPath expressions (Nick Wellnhofer), Use break statements in xmlXPathCompOpEval (Nick Wellnhofer), Optional XPath operation limit (Nick Wellnhofer), Fix compilation with --with-minimum (Nick Wellnhofer), Check XPath stack after calling functions (Nick Wellnhofer), Remove debug printf in xmlreader.c (Nick Wellnhofer), Always define LIBXML_THREAD_ENABLED when enabled (Michael Haubenwallner), Regenerate NEWS (Nick Wellnhofer), Change git repo URL (Nick Wellnhofer), Change bug tracker URL (Nick Wellnhofer), Remove outdated HTML file (Nick Wellnhofer), Fix unused function warning in testapi.c (Nick Wellnhofer), Add some generated test files to .gitignore (Nick Wellnhofer), Remove unneeded function pointer casts (Nick Wellnhofer), Fix -Wcast-function-type warnings (GCC 8) (Nick Wellnhofer), Fix -Wformat-truncation warnings (GCC 8) (Nick Wellnhofer) - Cleanups: Rebuild docs (Nick Wellnhofer), Disable xmlExp regex code (Nick Wellnhofer), Remove redundant code in xmlRelaxNGValidateState (Nick Wellnhofer), Remove redundant code in xmlXPathCompRelationalExpr (Nick Wellnhofer) v2.9.9: Jan 03 2019: - Security: CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (Nick Wellnhofer), CVE-2018-14404 Fix nullptr deref with XPath logic ops (Nick Wellnhofer), - Documentation: reader: Fix documentation comment (Mohammed Sadiq) - Portability: Fix MSVC build with lzma (Nick Wellnhofer), Variables need 'extern' in static lib on Cygwin (Michael Haubenwallner), Really declare dllexport/dllimport for Cygwin (Michael Haubenwallner), Merge branch 'patch-2' into 'master' (Nick Wellnhofer), Change dir to $THEDIR after ACLOCAL_PATH check autoreconf creates aclocal.m4 in $srcdir (Vitaly Buka), Improve error message if pkg.m4 couldn't be found (Nick Wellnhofer), NaN and Inf fixes for pre-C99 compilers (Nick Wellnhofer) - Bug Fixes: Revert "Support xmlTextReaderNextSibling w/o preparsed doc" (Nick Wellnhofer), Fix building relative URIs (Thomas Holder), Problem with data in interleave in RelaxNG validation (Nikolai Weibull), Fix memory leak in xmlSwitchInputEncodingInt error path (Nick Wellnhofer), Set doc on element obtained from freeElems (Nick Wellnhofer), Fix HTML serialization with UTF-8 encoding (Nick Wellnhofer), Use actual doc in xmlTextReaderRead*Xml (Nick Wellnhofer), Unlink node before freeing it in xmlSAX2StartElement (Nick Wellnhofer), Check return value of nodePush in xmlSAX2StartElement (Nick Wellnhofer), Free input buffer in xmlHaltParser (Nick Wellnhofer), Reset HTML parser input pointers on encoding failure (Nick Wellnhofer), Don't run icu_parse_test if EUC-JP is unsupported (Nick Wellnhofer), Fix xmlSchemaValidCtxtPtr reuse memory leak (Greg Hildstrom), Fix xmlTextReaderNext with preparsed document (Felix Bünemann), Remove stray character from comment (Nick Wellnhofer), Remove a misleading line from xmlCharEncOutput (Andrey Bienkowski), HTML noscript should not close p (Daniel Veillard), Don't change context node in xmlXPathRoot (Nick Wellnhofer), Stop using XPATH_OP_RESET (Nick Wellnhofer), Revert "Change calls to xmlCharEncInput to set flush false" (Nick Wellnhofer) - Improvements: Fix "Problem with data in interleave in RelaxNG validation" (Nikolai Weibull), cleanup: remove some unreachable code (Thomas Holder), add --relative to testURI (Thomas Holder), Remove redefined starts and defines inside include elements (Nikolai Weibull), Allow choice within choice in nameClass in RELAX NG (Nikolai Weibull), Look inside divs for starts and defines inside include (Nikolai Weibull), Add compile and libxml2-config.cmake to .gitignore (Nikolai Weibull), Stop using doc->charset outside parser code (Nick Wellnhofer), Add newlines to 'xmllint --xpath' output (Nick Wellnhofer), Don't include SAX.h from globals.h (Nick Wellnhofer), Support xmlTextReaderNextSibling w/o preparsed doc (Felix Bünemann), Don't instruct user to run make when autogen.sh failed (林博仁(Buo-ren Lin)), Run Travis ASan tests with "sudo: required" (Nick Wellnhofer), Improve restoring of context size and position (Nick Wellnhofer), Simplify and harden nodeset filtering (Nick Wellnhofer), Avoid unnecessary backups of the context node (Nick Wellnhofer), Fix inconsistency in xmlXPathIsInf (Nick Wellnhofer) - Cleanups: v2.9.8: Mar 05 2018: - Portability: python: remove single use of _PyVerify_fd (Patrick Welche), Build more test executables on Windows/MSVC (Nick Wellnhofer), Stop including ansidecl.h (Nick Wellnhofer), Fix libz and liblzma detection (Nick Wellnhofer), Revert "Compile testapi with -Wno-unused-function" (Nick Wellnhofer) - Bug Fixes: Fix xmlParserEntityCheck (Nick Wellnhofer), Halt parser in case of encoding error (Nick Wellnhofer), Clear entity content in case of errors (Nick Wellnhofer), Change calls to xmlCharEncInput to set flush false when not final call. Having flush incorrectly set to true causes errors for ICU. (Joel Hockey), Fix buffer over-read in xmlParseNCNameComplex (Nick Wellnhofer), Fix ICU library filenames on Windows/MSVC (Nick Wellnhofer), Fix xmlXPathIsNaN broken by recent commit (Nick Wellnhofer), Fix -Wenum-compare warnings (Nick Wellnhofer), Fix callback signature in testapi.c (Nick Wellnhofer), Fix unused parameter warning without ICU (Nick Wellnhofer), Fix IO callback signatures (Nick Wellnhofer), Fix misc callback signatures (Nick Wellnhofer), Fix list callback signatures (Nick Wellnhofer), Fix hash callback signatures (Nick Wellnhofer), Refactor name and type signature for xmlNop (Vlad Tsyrklevich), Fixed ICU to set flush correctly and provide pivot buffer. (Joel Hockey), Skip EBCDIC tests if EBCDIC isn't supported (Nick Wellnhofer) - Improvements: Disable pointer-overflow UBSan checks under Travis (Nick Wellnhofer), Improve handling of context input_id (Daniel Veillard), Add resource file to Windows DLL (ccpaging), Run Travis tests with -Werror (Nick Wellnhofer), Build with "-Wall -Wextra" (Nick Wellnhofer), Fix -Wtautological-pointer-compare warnings (Nick Wellnhofer), Remove unused AC_CHECKs (Nick Wellnhofer), Update information about contributing (Nick Wellnhofer), Fix -Wmisleading-indentation warnings (Nick Wellnhofer), Don't touch CFLAGS in configure.ac (Nick Wellnhofer), Ignore function pointer cast warnings (Nick Wellnhofer), Simplify XPath NaN, inf and -0 handling (Nick Wellnhofer), Introduce xmlPosixStrdup and update xmlMemStrdup (Nick Wellnhofer), Add test for ICU flush and pivot buffer (Nick Wellnhofer), Compile testapi with -Wno-unused-function (Nick Wellnhofer) 2.9.7: Nov 02 2017: - Documentation: xmlcatalog: refresh man page wrt. querying system catalog easily (Jan Pokorný) - Portability: Fix deprecated Travis compiler flag (Nick Wellnhofer), Add declaration for DllMain (J. Peter Mugaas), Fix preprocessor conditional in threads.h (J. Peter Mugaas), Fix pointer comparison warnings on 64-bit Windows (J. Peter Mugaas), Fix macro redefinition warning (J. Peter Mugaas), Default to native threads on MinGW-w64 (Nick Wellnhofer), Simplify Windows IO functions (Nick Wellnhofer), Fix runtest on Windows (Nick Wellnhofer), socklen_t is always int on Windows (Nick Wellnhofer), Don't redefine socket error codes on Windows (Nick Wellnhofer), Fix pointer/int cast warnings on 64-bit Windows (Nick Wellnhofer), Fix Windows compiler warnings in xmlCanonicPath (Nick Wellnhofer) - Bug Fixes: xmlcatalog: restore ability to query system catalog easily (Jan Pokorný), Fix comparison of nodesets to strings (Nick Wellnhofer) - Improvements: Add Makefile rules to rebuild HTML man pages (Nick Wellnhofer), Fix mixed decls and code in timsort.h (Nick Wellnhofer), Rework handling of return values in thread tests (Nick Wellnhofer), Fix unused variable warnings in testrecurse (Nick Wellnhofer), Fix -Wimplicit-fallthrough warnings (J. Peter Mugaas), Upgrade timsort.h to latest revision (Nick Wellnhofer), Increase warning level to /W3 under MSVC (Nick Wellnhofer), Fix a couple of warnings in dict.c and threads.c (Nick Wellnhofer), Update .gitignore for Windows (Nick Wellnhofer), Fix unused variable warnings in nanohttp.c (Nick Wellnhofer), Fix the Windows header mess (Nick Wellnhofer), Don't include winsock2.h in xmllint.c (Nick Wellnhofer), Remove generated file python/setup.py from version control (Nick Wellnhofer), Use __linux__ macro in generated code (Nick Wellnhofer) v2.9.6: Oct 06 2017: - Portability: Change preprocessor OS tests to __linux__ (Nick Wellnhofer) - Bug Fixes: Fix XPath stack frame logic (Nick Wellnhofer), Report undefined XPath variable error message (Nick Wellnhofer), Fix regression with librsvg (Nick Wellnhofer), Handle more invalid entity values in recovery mode (Nick Wellnhofer), Fix structured validation errors (Nick Wellnhofer), Fix memory leak in LZMA decompressor (Nick Wellnhofer), Set memory limit for LZMA decompression (Nick Wellnhofer), Handle illegal entity values in recovery mode (Nick Wellnhofer), Fix debug dump of streaming XPath expressions (Nick Wellnhofer), Fix memory leak in nanoftp (Nick Wellnhofer), Fix memory leaks in SAX1 parser (Nick Wellnhofer) v2.9.5: Sep 04 2017: - Security: Detect infinite recursion in parameter entities (Nick Wellnhofer), Fix handling of parameter-entity references (Nick Wellnhofer), Disallow namespace nodes in XPointer ranges (Nick Wellnhofer), Fix XPointer paths beginning with range-to (Nick Wellnhofer) - Documentation: Documentation fixes (Nick Wellnhofer), Spelling and grammar fixes (Nick Wellnhofer) - Portability: Adding README.zOS to list of extra files for the release (Daniel Veillard), Description of work needed to compile on zOS (Stéphane Michaut), Porting libxml2 on zOS encoding of code (Stéphane Michaut), small changes for OS/400 (Patrick Monnerat), relaxng.c, xmlschemas.c: Fix build on pre-C99 compilers (Chun-wei Fan) - Bug Fixes: Problem resolving relative URIs (Daniel Veillard), Fix unwanted warnings when switching encodings (Nick Wellnhofer), Fix signature of xmlSchemaAugmentImportedIDC (Daniel Veillard), Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup (David Kilzer), Fix NULL pointer deref in xmlFAParseCharClassEsc (Nick Wellnhofer), Fix infinite loops with push parser in recovery mode (Nick Wellnhofer), Send xmllint usage error to stderr (Nick Wellnhofer), Fix NULL deref in xmlParseExternalEntityPrivate (Nick Wellnhofer), Make sure not to call IS_BLANK_CH when parsing the DTD (Nick Wellnhofer), Fix xmlHaltParser (Nick Wellnhofer), Fix pathological performance when outputting charrefs (Nick Wellnhofer), Fix invalid-source-encoding warnings in testWriter.c (Nick Wellnhofer), Fix duplicate SAX callbacks for entity content (David Kilzer), Treat URIs with scheme as absolute in C14N (Nick Wellnhofer), Fix copy-paste errors in error messages (Nick Wellnhofer), Fix sanity check in htmlParseNameComplex (Nick Wellnhofer), Fix potential infinite loop in xmlStringLenDecodeEntities (Nick Wellnhofer), Reset parser input pointers on encoding failure (Nick Wellnhofer), Fix memory leak in xmlParseEntityDecl error path (Nick Wellnhofer), Fix xmlBuildRelativeURI for URIs starting with './' (Nick Wellnhofer), Fix type confusion in xmlValidateOneNamespace (Nick Wellnhofer), Fix memory leak in xmlStringLenGetNodeList (Nick Wellnhofer), Fix NULL pointer deref in xmlDumpElementContent (Daniel Veillard), Fix memory leak in xmlBufAttrSerializeTxtContent (Nick Wellnhofer), Stop parser on unsupported encodings (Nick Wellnhofer), Check for integer overflow in memory debug code (Nick Wellnhofer), Fix buffer size checks in xmlSnprintfElementContent (Nick Wellnhofer), Avoid reparsing in xmlParseStartTag2 (Nick Wellnhofer), Fix undefined behavior in xmlRegExecPushStringInternal (Nick Wellnhofer), Check XPath exponents for overflow (Nick Wellnhofer), Check for overflow in xmlXPathIsPositionalPredicate (Nick Wellnhofer), Fix spurious error message (Nick Wellnhofer), Fix memory leak in xmlCanonicPath (Nick Wellnhofer), Fix memory leak in xmlXPathCompareNodeSetValue (Nick Wellnhofer), Fix memory leak in pattern error path (Nick Wellnhofer), Fix memory leak in parser error path (Nick Wellnhofer), Fix memory leaks in XPointer error paths (Nick Wellnhofer), Fix memory leak in xmlXPathNodeSetMergeAndClear (Nick Wellnhofer), Fix memory leak in XPath filter optimizations (Nick Wellnhofer), Fix memory leaks in XPath error paths (Nick Wellnhofer), Do not leak the new CData node if adding fails (David Tardon), Prevent unwanted external entity reference (Neel Mehta), Increase buffer space for port in HTTP redirect support (Daniel Veillard), Fix more NULL pointer derefs in xpointer.c (Nick Wellnhofer), Avoid function/data pointer conversion in xpath.c (Nick Wellnhofer), Fix format string warnings (Nick Wellnhofer), Disallow namespace nodes in XPointer points (Nick Wellnhofer), Fix comparison with root node in xmlXPathCmpNodes (Nick Wellnhofer), Fix attribute decoding during XML schema validation (Alex Henrie), Fix NULL pointer deref in XPointer range-to (Nick Wellnhofer) - Improvements: Updating the spec file to reflect Fedora 24 (Daniel Veillard), Add const in five places to move 1 KiB to .rdata (Bruce Dawson), Fix missing part of comment for function xmlXPathEvalExpression() (Daniel Veillard), Get rid of "blanks wrapper" for parameter entities (Nick Wellnhofer), Simplify handling of parameter entity references (Nick Wellnhofer), Deduplicate code in encoding.c (Nick Wellnhofer), Make HTML parser functions take const pointers (Nick Wellnhofer), Build test programs only when needed (Nick Wellnhofer), Fix doc/examples/index.py (Nick Wellnhofer), Fix compiler warnings in threads.c (Nick Wellnhofer), Fix empty-body warning in nanohttp.c (Nick Wellnhofer), Fix cast-align warnings (Nick Wellnhofer), Fix unused-parameter warnings (Nick Wellnhofer), Rework entity boundary checks (Nick Wellnhofer), Don't switch encoding for internal parameter entities (Nick Wellnhofer), Merge duplicate code paths handling PE references (Nick Wellnhofer), Test SAX2 callbacks with entity substitution (Nick Wellnhofer), Support catalog and threads tests under --without-sax1 (Nick Wellnhofer), Misc fixes for 'make tests' (Nick Wellnhofer), Initialize keepBlanks in HTML parser (Nick Wellnhofer), Add test cases for bug 758518 (David Kilzer), Fix compiler warning in htmlParseElementInternal (Nick Wellnhofer), Remove useless check in xmlParseAttributeListDecl (Nick Wellnhofer), Allow zero sized memory input buffers (Nick Wellnhofer), Add TODO comment in xmlSwitchEncoding (Nick Wellnhofer), Check for integer overflow in xmlXPathFormatNumber (Nick Wellnhofer), Make Travis print UBSan stacktraces (Nick Wellnhofer), Add .travis.yml (Nick Wellnhofer), Fix expected error output in Python tests (Nick Wellnhofer), Simplify control flow in xmlParseStartTag2 (Nick Wellnhofer), Disable LeakSanitizer when running API tests (Nick Wellnhofer), Avoid out-of-bound array access in API tests (Nick Wellnhofer), Avoid spurious UBSan errors in parser.c (Nick Wellnhofer), Parse small XPath numbers more accurately (Nick Wellnhofer), Rework XPath rounding functions (Nick Wellnhofer), Fix white space in test output (Nick Wellnhofer), Fix axis traversal from attribute and namespace nodes (Nick Wellnhofer), Check for trailing characters in XPath expressions earlier (Nick Wellnhofer), Rework final handling of XPath results (Nick Wellnhofer), Make xmlXPathEvalExpression call xmlXPathEval (Nick Wellnhofer), Remove unused variables (Nick Wellnhofer), Don't print generic error messages in XPath tests (Nick Wellnhofer) - Cleanups: Fix a couple of misleading indentation errors (Daniel Veillard), Remove unnecessary calls to xmlPopInput (Nick Wellnhofer) 2.9.4: May 23 2016: - Security: More format string warnings with possible format string vulnerability (David Kilzer), Avoid building recursive entities (Daniel Veillard), Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde), Heap-based buffer-underreads due to xmlParseName (David Kilzer), Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde), Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (Pranjal Jumde), Fix some format string warnings with possible format string vulnerability (David Kilzer), Detect change of encoding when parsing HTML names (Hugh Davenport), Fix inappropriate fetch of entities content (Daniel Veillard), Bug 759398: Heap use-after-free in xmlDictComputeFastKey (Pranjal Jumde), Bug 758605: Heap-based buffer overread in xmlDictAddString (Pranjal Jumde), Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal (David Kilzer), Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup (Pranjal Jumde), Add missing increments of recursion depth counter to XML parser. (Peter Simons) - Documentation: Fix typo: s{ ec -> cr }cipt (Jan Pokorný), Fix typos: dictio{ nn -> n }ar{y,ies} (Jan Pokorný), Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } (Jan Pokorný), Correct a typo. (Shlomi Fish) - Portability: Correct the usage of LDFLAGS (Mattias Hansson), Revert the use of SAVE_LDFLAGS in configure.ac (Mattias Hansson), libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles (Mike Frysinger), Fix apibuild for a recently added construct (Daniel Veillard), Use pkg-config to locate zlib when possible (Stewart Brodie), Use pkg-config to locate ICU when possible (Stewart Brodie), Portability to non C99 compliant compilers (Patrick Monnerat), dict.h: Move xmlDictPtr definition before includes to allow direct inclusion. (Patrick Monnerat), os400: tell about xmllint and xmlcatalog in README400. (Patrick Monnerat), os400: properly process SGML add in XMLCATALOG command. (Patrick Monnerat), os400: implement CL command XMLCATALOG. (Patrick Monnerat), os400: compile and install program xmlcatalog (qshell-only). (Patrick Monnerat), os400: expand tabs in sources, strip trailing blanks. (Patrick Monnerat), os400: implement CL command XMLLINT. (Patrick Monnerat), os400: compile and install program xmllint (qshell-only). (Patrick Monnerat), os400: initscript make_module(): Use options instead of positional parameters. (Patrick Monnerat), os400: c14n.rpgle: allow *omit for nullable reference parameters. (Patrick Monnerat), os400: use like() for double type. (Patrick Monnerat), os400: use like() for int type. (Patrick Monnerat), os400: use like() for unsigned int type. (Patrick Monnerat), os400: use like() for enum types. (Patrick Monnerat), Add xz to xml2-config --libs output (Baruch Siach), Bug 760190: configure.ac should be able to build --with-icu without icu-config tool (David Kilzer), win32\VC10\config.h and VS 2015 (Bruce Dawson), Add configure maintainer mode (orzen) - Bug Fixes: Avoid an out of bound access when serializing malformed strings (Daniel Veillard), Unsigned addition may overflow in xmlMallocAtomicLoc() (David Kilzer), Integer signed/unsigned type mismatch in xmlParserInputGrow() (David Kilzer), Bug 763071: heap-buffer-overflow in xmlStrncat (Pranjal Jumde), Integer overflow parsing port number in URI (Michael Paddon), Fix an error with regexp on nullable counted char transition (Daniel Veillard), Fix memory leak with XPath namespace nodes (Nick Wellnhofer), Fix namespace axis traversal (Nick Wellnhofer), Fix null pointer deref in docs with no root element (Hugh Davenport), Fix XSD validation of URIs with ampersands (Alex Henrie), xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of day" and should not cause an error. (Patrick Monnerat), xmlcatalog: flush stdout before interactive shell input. (Patrick Monnerat), xmllint: flush stdout before interactive shell input. (Patrick Monnerat), Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression (Nick Wellnhofer), Fix namespace::node() XPath expression (Nick Wellnhofer), Fix OOB write in xmlXPathEmptyNodeSet (Nick Wellnhofer), Fix parsing of NCNames in XPath (Nick Wellnhofer), Fix OOB read with invalid UTF-8 in xmlUTF8Strsize (Nick Wellnhofer), Do normalize string-based datatype value in RelaxNG facet checking (Audric Schiltknecht), Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix for "xmlSaveUri() incorrectly recomposes URIs with rootless paths" (David Kilzer), Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd (David Kilzer), error.c: *input->cur == 0 does not mean no error (Pavel Raiskup), Add missing RNG test files (David Kilzer), Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer (David Kilzer), Bug 758572: ASAN crash in make check (David Kilzer), Bug 721158: Missing ICU string when doing --version on xmllint (David Kilzer), python 3: libxml2.c wrappers create Unicode str already (Michael Stahl), Add autogen.sh to distrib (orzen), Heap-based buffer overread in xmlNextChar (Daniel Veillard) - Improvements: Add more debugging info to runtest (Daniel Veillard), Implement "runtest -u" mode (David Kilzer), Add a make rule to rebuild for ASAN (Daniel Veillard) v2.9.3: Nov 20 2015: - Security: CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport), CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard), CVE-2015-7499-2 Detect incoherency on GROW (Daniel Veillard), CVE-2015-7499-1 Add xmlHaltParser() to stop the parser (Daniel Veillard), CVE-2015-5312 Another entity expansion issue (David Drysdale), CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale), CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard), CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard), CVE-2015-7942-2 Fix an error in previous Conditional section patch (Daniel Veillard), CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard), CVE-2015-1819 Enforce the reader to run in constant memory (Daniel Veillard) CVE-2015-7941_2 Cleanup conditional section error handling (Daniel Veillard), CVE-2015-7941_1 Stop parsing on entities boundaries errors (Daniel Veillard), - Documentation: Correct spelling of "calling" (Alex Henrie), Fix a small error in xmllint --format description (Fabien Degomme), Avoid XSS on the search of xmlsoft.org (Daniel Veillard) - Portability: threads: use forward declarations only for glibc (Michael Heimpold), Update Win32 configure.js to search for configure.ac (Daniel Veillard) - Bug Fixes: Bug on creating new stream from entity (Daniel Veillard), Fix some loop issues embedding NEXT (Daniel Veillard), Do not print error context when there is none (Daniel Veillard), Avoid extra processing of MarkupDecl when EOF (Hugh Davenport), Fix parsing short unclosed comment uninitialized access (Daniel Veillard), Add missing Null check in xmlParseExternalEntityPrivate (Gaurav Gupta), Fix a bug in CData error handling in the push parser (Daniel Veillard), Fix a bug on name parsing at the end of current input buffer (Daniel Veillard), Fix the spurious ID already defined error (Daniel Veillard), Fix previous change to node sort order (Nick Wellnhofer), Fix a self assignment issue raised by clang (Scott Graham), Fail parsing early on if encoding conversion failed (Daniel Veillard), Do not process encoding values if the declaration if broken (Daniel Veillard), Silence clang's -Wunknown-attribute (Michael Catanzaro), xmlMemUsed is not thread-safe (Martin von Gagern), Fix support for except in nameclasses (Daniel Veillard), Fix order of root nodes (Nick Wellnhofer), Allow attributes on descendant-or-self axis (Nick Wellnhofer), Fix the fix to Windows locking (Steve Nairn), Fix timsort invariant loop re: Envisage article (Christopher Swenson), Don't add IDs in xmlSetTreeDoc (Nick Wellnhofer), Account for ID attributes in xmlSetTreeDoc (Nick Wellnhofer), Remove various unused value assignments (Philip Withnall), Fix missing entities after CVE-2014-3660 fix (Daniel Veillard), Revert "Missing initialization for the catalog module" (Daniel Veillard) - Improvements: Reuse xmlHaltParser() where it makes sense (Daniel Veillard), xmlStopParser reset errNo (Daniel Veillard), Re-enable xz support by default (Daniel Veillard), Recover unescaped less-than character in HTML recovery parsing (Daniel Veillard), Allow HTML serializer to output HTML5 DOCTYPE (Shaun McCance), Regression test for bug #695699 (Nick Wellnhofer), Add a couple of XPath tests (Nick Wellnhofer), Add Python 3 rpm subpackage (Tomas Radej), libxml2-config.cmake.in: update include directories (Samuel Martin), Adding example from bugs 738805 to regression tests (Daniel Veillard) - Cleanups: 2.9.2: Oct 16 2014: - Security: Fix for CVE-2014-3660 billion laugh variant (Daniel Veillard), CVE-2014-0191 Do not fetch external parameter entities (Daniel Veillard) - Bug Fixes: fix memory leak xml header encoding field with XML_PARSE_IGNORE_ENC (Bart De Schuymer), xmlmemory: handle realloc properly (Yegor Yefremov), Python generator bug raised by the const change (Daniel Veillard), Windows Critical sections not released correctly (Daniel Veillard), Parser error on repeated recursive entity expansion containing < (Daniel Veillard), xpointer : fixing Null Pointers (Gaurav Gupta), Remove Unnecessary Null check in xpointer.c (Gaurav Gupta), parser bug on misformed namespace attributes (Dennis Filder), Pointer dereferenced before null check (Daniel Veillard), Leak of struct addrinfo in xmlNanoFTPConnect() (Gaurav Gupta), Possible overflow in HTMLParser.c (Daniel Veillard), python/tests/sync.py assumes Python dictionaries are ordered (John Beck), Fix Enum check and missing break (Gaurav Gupta), xmlIO: Handle error returns from dup() (Philip Withnall), Fix a problem properly saving URIs (Daniel Veillard), wrong error column in structured error when parsing attribute values (Juergen Keil), wrong error column in structured error when skipping whitespace in xml decl (Juergen Keil), no error column in structured error handler for xml schema validation errors (Juergen Keil), Couple of Missing Null checks (Gaurav Gupta), Add couple of missing Null checks (Daniel Veillard), xmlschemastypes: Fix potential array overflow (Philip Withnall), runtest: Fix a memory leak on parse failure (Philip Withnall), xmlIO: Fix an FD leak on gzdopen() failure (Philip Withnall), xmlcatalog: Fix a memory leak on quit (Philip Withnall), HTMLparser: Correctly initialise a stack allocated structure (Philip Withnall), Check for tmon in _xmlSchemaDateAdd() is incorrect (David Kilzer), Avoid Possible Null Pointer in trio.c (Gaurav Gupta), Fix processing in SAX2 in case of an allocation failure (Daniel Veillard), XML Shell command "cd" does not handle "/" at end of path (Daniel Veillard), Fix various Missing Null checks (Gaurav Gupta), Fix a potential NULL dereference (Daniel Veillard), Add a couple of misisng check in xmlRelaxNGCleanupTree (Gaurav Gupta), Add a missing argument check (Gaurav Gupta), Adding a check in case of allocation error (Gaurav Gupta), xmlSaveUri() incorrectly recomposes URIs with rootless paths (Dennis Filder), Adding some missing NULL checks (Gaurav), Fixes for xmlInitParserCtxt (Daniel Veillard), Fix regressions introduced by CVE-2014-0191 patch (Daniel Veillard), erroneously ignores a validation error if no error callback set (Daniel Veillard), xmllint was not parsing the --c14n11 flag (Sérgio Batista), Avoid Possible null pointer dereference in memory debug mode (Gaurav), Avoid Double Null Check (Gaurav), Restore context size and position after XPATH_OP_ARG (Nick Wellnhofer), Fix xmlParseInNodeContext() if node is not element (Daniel Veillard), Avoid a possible NULL pointer dereference (Gaurav), Fix xmlTextWriterWriteElement when a null content is given (Daniel Veillard), Fix an typo 'onrest' in htmlScriptAttributes (Daniel Veillard), fixing a ptotential uninitialized access (Daniel Veillard), Fix an fd leak in an error case (Daniel Veillard), Missing initialization for the catalog module (Daniel Veillard), Handling of XPath function arguments in error case (Nick Wellnhofer), Fix a couple of missing NULL checks (Gaurav), Avoid a possibility of dangling encoding handler (Gaurav), Fix HTML push parser to accept HTML_PARSE_NODEFDTD (Arnold Hendriks), Fix a bug loading some compressed files (Mike Alexander), Fix XPath node comparison bug (Gaurav), Type mismatch in xmlschemas.c (Gaurav), Type mismatch in xmlschemastypes.c (Gaurav), Avoid a deadcode in catalog.c (Daniel Veillard), run close socket on Solaris, same as we do on other platforms (Denis Pauk), Fix pointer dereferenced before null check (Gaurav), Fix a potential NULL dereference in tree code (Daniel Veillard), Fix potential NULL pointer dereferences in regexp code (Gaurav), xmllint --pretty crashed without following numeric argument (Tim Galeckas), Fix XPath expressions of the form '@ns:*' (Nick Wellnhofer), Fix XPath '//' optimization with predicates (Nick Wellnhofer), Clear up a potential NULL dereference (Daniel Veillard), Fix a possible NULL dereference (Gaurav), Avoid crash if allocation fails (Daniel Veillard), Remove occasional leading space in XPath number formatting (Daniel Veillard), Fix handling of mmap errors (Daniel Veillard), Catch malloc error and exit accordingly (Daniel Veillard), missing else in xlink.c (Ami Fischman), Fix a parsing bug on non-ascii element and CR/LF usage (Daniel Veillard), Fix a regression in xmlGetDocCompressMode() (Daniel Veillard), properly quote the namespace uris written out during c14n (Aleksey Sanin), Remove premature XInclude check on URI being relative (Alexey Neyman), Fix missing break on last() function for attributes (dcb), Do not URI escape in server side includes (Romain Bondue), Fix an error in xmlCleanupParser (Alexander Pastukhov) - Documentation: typo in error messages "colon are forbidden from..." (Daniel Veillard), Fix a link to James SAX documentation old page (Daniel Veillard), Fix typos in relaxng.c (Jan Pokorný), Fix a doc typo (Daniel Veillard), Fix typos in {tree,xpath}.c (errror) (Jan Pokorný), Add limitations about encoding conversion (Daniel Veillard), Fix typos in xmlschemas{,types}.c (Jan Pokorný), Fix incorrect spelling entites->entities (Jan Pokorný), Forgot to document 2.9.1 release, regenerate docs (Daniel Veillard) - Portability: AC_CONFIG_FILES and executable bit (Roumen Petrov), remove HAVE_CONFIG_H dependency in testlimits.c (Roumen Petrov), fix some tabs mixing incompatible with python3 (Roumen Petrov), Visual Studio 14 CTP defines snprintf() (Francis Dupont), OS400: do not try to copy unexisting doc files (Patrick Monnerat), OS400: use either configure.ac or configure.in. (Patrick Monnerat), os400: make-src.sh: create physical file with target CCSID (Patrick Monnerat), OS400: Add some more C macros equivalent procedures. (Patrick Monnerat), OS400: use C macros to implement equivalent RPG support procedures. (Patrick Monnerat), OS400: implement XPath macros as procedures for ILE/RPG support. (Patrick Monnerat), OS400: include in distribution tarball. (Patrick Monnerat), OS400: Add README: compilation directives and OS/400 specific stuff. (Patrick Monnerat), OS400: Add compilation scripts. (Patrick Monnerat), OS400: ILE RPG language header files. (Patrick Monnerat), OS400: implement some macros as functions for ILE/RPG language support (that as no macros). (Patrick Monnerat), OS400: UTF8<-->EBCDIC wrappers for system and external library calls (Patrick Monnerat), OS400: Easy character transcoding support (Patrick Monnerat), OS400: iconv functions compatibility wrappers and table builder. (Patrick Monnerat), OS400: create architecture directory. Implement dlfcn emulation. (Patrick Monnerat), Fix building when configuring without xpath and xptr (Daniel Veillard), configure: Add --with-python-install-dir (Jonas Eriksson), Fix compilation with minimum and xinclude. (Nicolas Le Cam), Compile out use of xmlValidateNCName() when not available. (Nicolas Le Cam), Fix compilation with minimum and schematron. (Nicolas Le Cam), Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). (Nicolas Le Cam), Don't use xmlValidateName() when not available. (Nicolas Le Cam), Fix a portability issue on Windows (Longstreth Jon), Various portability patches for OpenVMS (Jacob (Jouk) Jansen), Use specific macros for portability to OS/400 (Patrick Monnerat), Add macros needed for OS/400 portability (Patrick Monnerat), Portability patch for fopen on OS/400 (Patrick Monnerat), Portability fixes for OS/400 (Patrick Monnerat), Improve va_list portability (Patrick Monnerat), Portability fix (Patrick Monnerat), Portability fix (Patrick Monnerat), Generic portability fix (Patrick Monnerat), Shortening lines in headers (Patrick Monnerat), build: Use pkg-config to find liblzma in preference to AC_CHECK_LIB (Philip Withnall), build: Add @LZMA_LIBS@ to libxml’s pkg-config files (Philip Withnall), fix some tabs mixing incompatible with python3 (Daniel Veillard), add additional defines checks for support "./configure --with-minimum" (Denis Pauk), Another round of fixes for older versions of Python (Arfrever Frehtes Taifersar Arahesis), python: fix drv_libxml2.py for python3 compatibility (Alexandre Rostovtsev), python: Fix compiler warnings when building python3 bindings (Armin K), Fix for compilation with python 2.6.8 (Petr Sumbera) - Improvements: win32/libxml2.def.src after rebuild in doc (Roumen Petrov), elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() (Roumen Petrov), elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode (Roumen Petrov), Provide cmake module (Samuel Martin), Fix a couple of issues raised by make dist (Daniel Veillard), Fix and add const qualifiers (Kurt Roeckx), Preparing for upcoming release of 2.9.2 (Daniel Veillard), Fix zlib and lzma libraries check via command line (Dmitriy), wrong error column in structured error when parsing end tag (Juergen Keil), doc/news.html: small update to avoid line join while generating NEWS. (Patrick Monnerat), Add methods for python3 iterator (Ron Angeles), Support element node traversal in document fragments. (Kyle VanderBeek), xmlNodeSetName: Allow setting the name to a substring of the currently set name (Tristan Van Berkom), Added macros for argument casts (Eric Zurcher), adding init calls to xml and html Read parsing entry points (Daniel Veillard), Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c (Jan Pokorný), Implement choice for name classes on attributes (Shaun McCance), Two small namespace tweaks (Daniel Veillard), xmllint --memory should fail on empty files (Daniel Veillard), Cast encoding name to char pointer to match arg type (Nikolay Sivov) - Cleanups: Removal of old configure.in (Daniel Veillard), Unreachable code in tree.c (Gaurav Gupta), Remove a couple of dead conditions (Gaurav Gupta), Avoid some dead code and cleanup in relaxng.c (Gaurav), Drop not needed checks (Denis Pauk), Fix a wrong test (Daniel Veillard) 2.9.1: Apr 19 2013: - Features: Support for Python3 (Daniel Veillard), Add xmlXPathSetContextNode and xmlXPathNodeEval (Alex Bligh) - Documentation: Add documentation for xmllint --xpath (Daniel Veillard), Fix the URL of the SAX documentation from James (Daniel Veillard), Fix spelling of "length". (Michael Wood) - Portability: Fix python bindings with versions older than 2.7 (Daniel Veillard), rebuild docs:Makefile.am (Roumen Petrov), elfgcchack.h after rebuild in doc (Roumen Petrov), elfgcchack for buf module (Roumen Petrov), Fix a uneeded and wrong extra link parameter (Daniel Veillard), Few cleanup patches for Windows (Denis Pauk), Fix rpmbuild --nocheck (Mark Salter), Fix for win32/configure.js and WITH_THREAD_ALLOC (Daniel Richard), Fix Broken multi-arch support in xml2-config (Daniel Veillard), Fix a portability issue for GCC < 3.4.0 (Daniel Veillard), Windows build fixes (Daniel Richard), Fix a thread portability problem (Friedrich Haubensak), Downgrade autoconf requirement to 2.63 (Daniel Veillard) - Bug Fixes: Fix a linking error for python bindings (Daniel Veillard), Fix a couple of return without value (Jüri Aedla), Improve the hashing functions (Daniel Franke), Improve handling of xmlStopParser() (Daniel Veillard), Remove risk of lockup in dictionary initialization (Daniel Veillard), Activate detection of encoding in external subset (Daniel Veillard), Fix an output buffer flushing conversion bug (Mikhail Titov), Fix an old bug in xmlSchemaValidateOneElement (Csaba László), Fix configure cannot remove messages (Gilles Espinasse), fix schema validation in combination with xsi:nil (Daniel Veillard), xmlCtxtReadFile doesn't work with literal IPv6 URLs (Steve Wolf), Fix a few problems with setEntityLoader (Alexey Neyman), Detect excessive entities expansion upon replacement (Daniel Veillard), Fix the flushing out of raw buffers on encoding conversions (Daniel, Veillard), Fix some buffer conversion issues (Daniel Veillard), When calling xmlNodeDump make sure we grow the buffer quickly (Daniel, Veillard), Fix an error in the progressive DTD parsing code (Dan Winship), xmllint should not load DTD by default when using the reader (Daniel, Veillard), Try IBM-037 when looking for EBCDIC handlers (Petr Sumbera), Fix potential out of bound access (Daniel Veillard), Fix large parse of file from memory (Daniel Veillard), Fix a bug in the nsclean option of the parser (Daniel Veillard), Fix a regression in 2.9.0 breaking validation while streaming (Daniel, Veillard), Remove potential calls to exit() (Daniel Veillard) - Improvements: Regenerated API, and testapi, rebuild documentation (Daniel Veillard), Fix tree iterators broken by 2to3 script (Daniel Veillard), update all tests for Python3 and Python2 (Daniel Veillard), A few more fixes for python 3 affecting libxml2.py (Daniel Veillard), Fix compilation on Python3 (Daniel Veillard), Converting apibuild.py to python3 (Daniel Veillard), First pass at starting porting to python3 (Daniel Veillard), updated configure.in for python3 (Daniel Veillard), Add support for xpathRegisterVariable in Python (Shaun McCance), Added a regression tests from bug 694228 data (Daniel Veillard), Cache presence of '<' in entities content (Daniel Veillard), Avoid extra processing on entities (Daniel Veillard), Python binding for xmlRegisterInputCallback (Alexey Neyman), Python bindings: DOM casts everything to xmlNode (Alexey Neyman), Define LIBXML_THREAD_ALLOC_ENABLED via xmlversion.h (Tim Starling), Adding streaming validation to runtest checks (Daniel Veillard), Add a --pushsmall option to xmllint (Daniel Veillard) - Cleanups: Switched comment in file to UTF-8 encoding (Daniel Veillard), Extend gitignore (Daniel Veillard), Silent the new python test on input (Alexey Neyman), Cleanup of a duplicate test (Daniel Veillard), Cleanup on duplicate test expressions (Daniel Veillard), Fix compiler warning after 153cf15905cf4ec080612ada6703757d10caba1e (Patrick, Gansterer), Spec cleanups and a fix for multiarch support (Daniel Veillard), Silence a clang warning (Daniel Veillard), Cleanup the Copyright to be pure MIT Licence wording (Daniel Veillard), rand_seed should be static in dict.c (Wouter Van Rooy), Fix typos in parser comments (Jan Pokorný) 2.9.0: Sep 11 2012: - Features: A few new API entry points, More resilient push parser mode, A lot of portability improvement, Faster XPath evaluation - Documentation: xml2-config.1 markup error (Christian Weisgerber), libxml(3) manpage typo fix (John Bradshaw), More cleanups to the documentation part of libxml2 (Daniel Richard G) - Portability: Bug 676544 - fails to build with --without-sax1 (Akira TAGOH), fix builds not having stdint.h (Rob Richards), GetProcAddressA is available only on WinCE (Daniel Veillard), More updates and cleanups on autotools and Makefiles (Daniel Richard G), More changes for Win32 compilation (Eric Zurcher), Basic changes for Win32 builds of release 2.9.0: compile buf.c (Eric Zurcher), Bundles all generated files for python into the distribution (Daniel Richard G), Fix compiler warnings of wincecompat.c (Patrick Gansterer), Fix non __GNUC__ build (Patrick Gansterer), Fix windows unicode build (Patrick Gansterer), clean redefinition of {v}snprintf in C-source (Roumen Petrov), use xmlBuf... if DEBUG_INPUT is defined (Roumen Petrov), fix runtests to use pthreads support for various Unix platforms (Daniel Richard G), Various "make distcheck" and portability fixups 2nd part (Daniel Richard G), Various "make distcheck" and portability fixups (Daniel Richard G), Fix compilation on older Visual Studio (Daniel Veillard) - Bug Fixes: Change the XPath code to percolate allocation errors (Daniel Veillard), Fix reuse of xmlInitParser (Daniel Veillard), Fix potential crash on entities errors (Daniel Veillard), initialize var (Rob Richards), Fix the XPath arity check to also check the XPath stack limits (Daniel Veillard), Fix problem with specific and generic error handlers (Pietro Cerutti), Avoid a potential infinite recursion (Daniel Veillard), Fix an XSD error when generating internal automata (Daniel Veillard), Patch for xinclude of text using multibyte characters (Vitaly Ostanin), Fix a segfault on XSD validation on pattern error (Daniel Veillard), Fix missing xmlsave.h module which was ignored in recent builds (Daniel Veillard), Add a missing element check (Daniel Veillard), Adding various checks on node type though the API (Daniel Veillard), Namespace nodes can't be unlinked with xmlUnlinkNode (Daniel Veillard), Fix make dist to include new private header files (Daniel Veillard), More fixups on the push parser behaviour (Daniel Veillard), Strengthen behaviour of the push parser in problematic situations (Daniel Veillard), Enforce XML_PARSER_EOF state handling through the parser (Daniel Veillard), Fixup limits parser (Daniel Veillard), Do not fetch external parsed entities (Daniel Veillard), Fix an error in previous commit (Aron Xu), Fix entities local buffers size problems (Daniel Veillard), Fix parser local buffers size problems (Daniel Veillard), Fix a failure to report xmlreader parsing failures (Daniel Veillard) - Improvements: Keep libxml2.syms when running "make distclean" (Daniel Veillard), Allow to set the quoting character of an xmlWriter (Csaba Raduly), Keep non-significant blanks node in HTML parser (Daniel Veillard), Add a forbidden variable error number and message to XPath (Daniel Veillard), Support long path names on WNT (Michael Stahl), Improve HTML escaping of attribute on output (Daniel Veillard), Handle ICU_LIBS as LIBADD, not LDFLAGS to prevent linking errors (Arfrever Frehtes Taifersar Arahesis), Switching XPath node sorting to Timsort (Vojtech Fried), Optimizing '//' in XPath expressions (Nick Wellnhofer), Expose xmlBufShrink in the public tree API (Daniel Veillard), Visible HTML elements close the head tag (Conrad Irwin), Fix file and line report for XSD SAX and reader streaming validation (Daniel Veillard), Fix const qualifyer to definition of xmlBufferDetach (Daniel Veillard), minimize use of HAVE_CONFIG_H (Roumen Petrov), fixup regression in Various "make distcheck" and portability fixups (Roumen Petrov), Add support for big line numbers in error reporting (Daniel Veillard), Avoid using xmlBuffer for serialization (Daniel Veillard), Improve compatibility between xmlBuf and xmlBuffer (Daniel Veillard), Provide new accessors for xmlOutputBuffer (Daniel Veillard), Improvements for old buffer compatibility (Daniel Veillard), Expand the limit test program (Daniel Veillard), Improve error reporting on parser errors (Daniel Veillard), Implement some default limits in the XPath module (Daniel Veillard), Introduce some default parser limits (Daniel Veillard), Cleanups and new limit APIs for dictionaries (Daniel Veillard), Fixup for buf.c (Daniel Veillard), Cleanup URI module memory allocation code (Daniel Veillard), Extend testlimits (Daniel Veillard), More avoid quadratic behaviour (Daniel Veillard), Impose a reasonable limit on PI size (Daniel Veillard), first version of testlimits new test (Daniel Veillard), Avoid quadratic behaviour in some push parsing cases (Daniel Veillard), Impose a reasonable limit on comment size (Daniel Veillard), Impose a reasonable limit on attribute size (Daniel Veillard), Harden the buffer code and make it more compatible (Daniel Veillard), More cleanups for input/buffers code (Daniel Veillard), Cleanup function xmlBufResetInput(), to set input from Buffer (Daniel Veillard) Switch the test program for characters to new input buffers (Daniel Veillard), Convert the HTML tree module to the new buffers (Daniel Veillard), Convert of the HTML parser to new input buffers (Daniel Veillard), Convert the writer to new output buffer and save APIs (Daniel Veillard), Convert XMLReader to the new input buffers (Daniel Veillard), New saving functions using xmlBuf and conversion (Daniel Veillard), Provide new xmlBuf based saving functions (Daniel Veillard), Convert XInclude to the new input buffers (Daniel Veillard), Convert catalog code to the new input buffers (Daniel Veillard), Convert C14N to the new Input buffer (Daniel Veillard), Convert xmlIO.c to the new input and output buffers (Daniel Veillard), Convert XML parser to the new input buffers (Daniel Veillard), Incompatible change to the Input and Output buffers (Daniel Veillard), Adding new encoding function to deal with the new structures (Daniel Veillard), Convert XPath to xmlBuf (Daniel Veillard), Adding a new buf module for buffers (Daniel Veillard), Memory error within SAX2 reuse common framework (Daniel Veillard), Fix xmllint --xpath node initialization (Daniel Veillard) - Cleanups: Various cleanups to avoid compiler warnings (Daniel Veillard), Big space and tab cleanup (Daniel Veillard), Followup to LibXML2 docs/examples cleanup patch (Daniel Veillard), Second round of cleanups for LibXML2 docs/examples (Daniel Richard), Remove all .cvsignore as they are not used anymore (Daniel Veillard), Fix a Timsort function helper comment (Daniel Veillard), Small cleanup for valgrind target (Daniel Veillard), Patch for portability of latin characters in C files (Daniel Veillard), Cleanup some of the parser code (Daniel Veillard), Fix a variable name in comment (Daniel Veillard), Regenerated testapi.c (Daniel Veillard), Regenerating docs and API files (Daniel Veillard), Small cleanup of unused variables in test (Daniel Veillard), Expand .gitignore with more files (Daniel Veillard) 2.8.0: May 23 2012: - Features: add lzma compression support (Anders F Bjorklund) - Documentation: xmlcatalog: Add uri and delegateURI to possible add types in man page. (Ville Skyttä), Update README.tests (Daniel Veillard), URI handling code is not OOM resilient (Daniel Veillard), Fix an error in comment (Daniel Veillard), Fixed bug #617016 (Daniel Mustieles), Fixed two typos in the README document (Daniel Neel), add generated html files (Anders F Bjorklund), Clarify the need to use xmlFreeNode after xmlUnlinkNode (Daniel Veillard), Improve documentation a bit (Daniel Veillard), Updated URL for lxml python bindings (Daniel Veillard) - Portability: Restore code for Windows compilation (Daniel Veillard), Remove git error message during configure (Christian Dywan), xmllint: Build fix for endTimer if !defined(HAVE_GETTIMEOFDAY) (Patrick R. Gansterer), remove a bashism in confgure.in (John Hein), undef ERROR if already defined (Patrick R. Gansterer), Fix library problems with mingw-w64 (Michael Cronenworth), fix windows build. ifdef addition from bug 666491 makes no sense (Rob Richards), prefer native threads on win32 (Sam Thursfield), Allow to compile with Visual Studio 2010 (Thomas Lemm), Fix mingw's snprintf configure check (Andoni Morales), fixed a 64bit big endian issue (Marcus Meissner), Fix portability failure if netdb.h lacks NO_ADDRESS (Daniel Veillard), Fix windows build from lzma addition (Rob Richards), autogen: Only check for libtoolize (Colin Walters), Fix the Windows build files (Patrick von Reth), 634846 Remove a linking option breaking Windows VC10 (Daniel Veillard), 599241 fix an initialization problem on Win64 (Andrew W. Nosenko), fix win build (Rob Richards) - Bug fixes: Part for rand_r checking missing (Daniel Veillard), Cleanup on randomization (Daniel Veillard), Fix undefined reference in python module (Pacho Ramos), Fix a race in xmlNewInputStream (Daniel Veillard), Fix weird streaming RelaxNG errors (Noam), Fix various bugs in new code raised by the API checking (Daniel Veillard), Fix various problems with "make dist" (Daniel Veillard), Fix a memory leak in the xzlib code (Daniel Veillard), HTML parser error with