-
libxml2 (2.12.7+dfsg-2) unstable; urgency=medium
* d/control: Depends on liblzma-dev and zlib1g-dev explicitly
(Closes: #1071834)
-- Aron Xu <email address hidden> Sat, 25 May 2024 22:51:40 +0800
-
libxml2 (2.12.7+dfsg-1) unstable; urgency=medium
* New upstream version 2.12.7+dfsg
* CVE-2024-34459: buffer over-read in xmlHTMLPrintFileContext
(Closes: 1071162).
-- Aron Xu <email address hidden> Sat, 25 May 2024 11:38:42 +0800
-
libxml2 (2.9.14+dfsg-1.3) unstable; urgency=medium
* Non-maintainer upload.
* Reset nsNr in xmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
* Also reset nsNr in htmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
-- Salvatore Bonaccorso <email address hidden> Sat, 08 Jul 2023 21:18:29 +0200
-
libxml2 (2.9.14+dfsg-1.2) unstable; urgency=medium
* Non-maintainer upload.
* schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
* Fix null deref in xmlSchemaFixupComplexType (CVE-2023-28484)
(Closes: #1034436)
* Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
(Closes: #1034437)
-- Salvatore Bonaccorso <email address hidden> Sat, 15 Apr 2023 16:25:06 +0200
-
libxml2 (2.9.14+dfsg-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
(Closes: #1022224)
* Fix dict corruption caused by entity reference cycles (CVE-2022-40304)
(Closes: #1022225)
-- Salvatore Bonaccorso <email address hidden> Sun, 30 Oct 2022 11:18:06 +0100
-
libxml2 (2.9.14+dfsg-1) unstable; urgency=high
* Team upload.
* New upstream version 2.9.14+dfsg.
+ Integer overflows in xmlBuf/xmlBuffer. CVE-2022-29824 Closes: #1010526
-- Mattia Rizzolo <email address hidden> Thu, 05 May 2022 14:43:51 +0200
-
libxml2 (2.9.13+dfsg-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.9.13+dfsg.
+ Convert devhelp to version2. Closes: #955205
+ Use-after-free of ID and IDREF attrs. CVE-2022-23308; Closes: #1006489
* Bump my copyright for debian/*.
* d/watch: move download sourceto https://download.gnome.org/.
-- Mattia Rizzolo <email address hidden> Sun, 27 Feb 2022 19:57:48 +0100
-
libxml2 (2.9.12+dfsg-6) unstable; urgency=medium
* Team upload.
* d/control:
+ Use the new Description field in the source paragraph and add references
to the binary paragraphs. This is a new feature since dpkg 1.19.0
(from 2017). Policy is not yet updated, see #998165.
+ Drop Build-Depends on python3-all-dbg, not used since the last revision.
* Add patches from upstream to fix:
+ return code of xmllint when incorrectly called. Closes: #727075
+ regression with entity references in external DTDs. Closes: #994765
-- Mattia Rizzolo <email address hidden> Sat, 19 Feb 2022 13:11:26 +0100
-
libxml2 (2.9.12+dfsg-5) unstable; urgency=medium
* Team upload.
* Stop building the python3-libxml2-dbg package. Closes: #994307
* Add a Conflicts against the old w3c-dtd-xhtml, that contains a .dtd that
is not validating anymore. Closes: #993638
* Remove lintian override that was fixed in lintian for
debian-rules-uses-supported-python-versions-without-python-all-build-depends
-- Mattia Rizzolo <email address hidden> Mon, 20 Sep 2021 15:06:01 +0200
-
libxml2 (2.9.12+dfsg-4) unstable; urgency=medium
* Team upload.
* Add a few patches from upstream:
+ Work around lxml API abuse.
+ Fix regression in xmlNodeDumpOutputInternal. LP: #1943277
+ Fix whitespace when serializing empty HTML documents.
+ Forbid epsilon-reduction of final states.
+ Fix buffering in xmlOutputBufferWrite.
-- Mattia Rizzolo <email address hidden> Fri, 10 Sep 2021 22:13:09 +0200
-
libxml2 (2.9.12+dfsg-3) unstable; urgency=medium
* Team upload.
* Upload to unstable.
* Add patch from upstream to fix a regression in the recursion limit for
complex XSLT documents. This also fixed the ruby-nokogiri test failure,
so drop the previously introduced Breaks.
* d/control: Bump Standards-Version to 4.6.0, no changes needed.
-- Mattia Rizzolo <email address hidden> Wed, 01 Sep 2021 16:45:21 +0200
-
libxml2 (2.9.10+dfsg-6.7) unstable; urgency=medium
* Non-maintainer upload.
* Patch for security issue CVE-2021-3541 (Closes: #988603)
-- Salvatore Bonaccorso <email address hidden> Sat, 22 May 2021 08:21:29 +0200
-
libxml2 (2.9.10+dfsg-6.6) unstable; urgency=medium
* Non-maintainer upload.
* Upload to unstable.
-- Salvatore Bonaccorso <email address hidden> Thu, 06 May 2021 10:48:16 +0200
-
libxml2 (2.9.10+dfsg-6.3) unstable; urgency=medium
* Non-maintainer upload.
* Remove the Python2 autopkg test.
-- Matthias Klose <email address hidden> Sun, 29 Nov 2020 11:58:00 +0100
-
libxml2 (2.9.10+dfsg-6.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix out-of-bounds read with 'xmllint --htmlout' (CVE-2020-24977)
(Closes: #969529)
-- Salvatore Bonaccorso <email address hidden> Sun, 25 Oct 2020 13:56:23 +0100
-
libxml2 (2.9.10+dfsg-6.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix build with Python 3.9. Closes: #972022.
-- Matthias Klose <email address hidden> Wed, 14 Oct 2020 08:45:25 +0200
-
libxml2 (2.9.10+dfsg-6) unstable; urgency=medium
* Team upload.
[ Mattia Rizzolo ]
* Drop Python2 support. Closes: #936941
* Use dh-sequence-python3 to at least simplify one line of d/rules.
* Bump debhelper compat level to 13.
+ Drop dh_missing override, dh13 defaults to --fail-missing.
[ Debian Janitor ]
* Use correct machine-readable copyright file URI.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
* Rely on pre-initialized dpkg-architecture variables.
-- Mattia Rizzolo <email address hidden> Fri, 04 Sep 2020 23:05:12 +0200
-
libxml2 (2.9.10+dfsg-5) unstable; urgency=medium
* Team upload.
[ Mattia Rizzolo ]
* d/rules:
+ Drop --disable-silent-rules, already passed by dh_auto_configure.
+ Drop --parallel, now default with debhelper compat > 10.
+ Use dh_installdocs and dh_installexamples to install docs and examples.
+ Use dh_missing --fail-missing (and add the relevant d/not-installed).
+ Minimize indep build to build only the docs.
* d/watch: fix an option to avoid a warning message.
* d/control:
+ Move most of the build-deps to Build-Depends-Arch.
+ Use ${python:Depends} also for python-libxml2-dbg.
* Add a lintian override for
debian-rules-uses-supported-python-versions-without-python-all-build-depends
[ Gunnar Hjalmarsson ]
* d/p/python3-unicode-errors.patch:
Fix segfault issue with itstool and py3. LP: #1869814
-- Mattia Rizzolo <email address hidden> Fri, 10 Apr 2020 14:53:23 +0200
-
libxml2 (2.9.10+dfsg-4) unstable; urgency=medium
* Team upload.
* Add patch from upstream to prevent a segfault in some platforms with
illegal documents.
-- Mattia Rizzolo <email address hidden> Thu, 27 Feb 2020 19:21:45 +0100
-
libxml2 (2.9.10+dfsg-3) unstable; urgency=medium
* Team upload.
* Add patch so that xml2-config only disaplys libraries needed for dynamic
linking. Closes: #952115
-- Mattia Rizzolo <email address hidden> Sun, 23 Feb 2020 12:08:21 +0100
-
libxml2 (2.9.10+dfsg-2) unstable; urgency=medium
* Team upload
* Re-instate Python2 support for now, the rev-deps are not ready.
Re-opens: #936941
* python-libxml2-dbg: Depend on python2-dbg instead of python-dbg.
Closes: #948493
* d/control: Bump Standards-Version 4.5.0, no changes needed.
* Re-instnate the xml2-config script for now.
* Upload to unstable.
-- Mattia Rizzolo <email address hidden> Fri, 21 Feb 2020 14:45:03 +0100
-
libxml2 (2.9.4+dfsg1-8) unstable; urgency=medium
* Team upload.
* Fix autopkgtest: use `python2` instead of `python` and actually run the
`python3` test. Closes: #943386
-- Mattia Rizzolo <email address hidden> Tue, 19 Nov 2019 12:05:14 +0100
-
libxml2 (2.9.4+dfsg1-7) unstable; urgency=medium
* Team upload.
* drop automatically generated dependency on (non-existing) libicu60-dbg
from libxm2-dbg (closes: #900113)
-- Rene Engelhard <email address hidden> Sat, 26 May 2018 10:03:44 +0000
-
libxml2 (2.9.4+dfsg1-6.1) unstable; urgency=medium
* Non-maintainer upload.
* Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872)
(Closes: #862450)
-- Salvatore Bonaccorso <email address hidden> Tue, 02 Jan 2018 08:59:03 +0100
-
libxml2 (2.9.4+dfsg1-6) unstable; urgency=medium
* Team upload.
* d/watch: bump to version 4, wrap lines, and limit matching to released
stable versions.
* Drop libxml2-udeb. The package has been broken in Ubuntu for a while
already, and nobody seems to care anyway.
* d/copyright: Rewrite using copyright-format 1.0.
* Employ automatic upstream tarball repacking.
* Bump debhelper compat level to 11.
* Remove old upgrade code dealing with symlinks-to-dir in /usr/share/doc.
* d/control:
+ Bump Standards-Version to 4.1.3, no changes needed.
+ Set Rules-Requires-Root: no.
+ Move from the deprecated priority:extra to priority:optional also for the
-dbg packages.
+ Lower the priority of the libxml2 package to optional.
Since Policy 4.0.1 library packages should not have a priority higher
than optional. See #886039 for the override change.
* d/rules:
+ Stop installing the TODO files.
+ Install the AUTHORS and README files only on the main libxml2 binary.
+ Workaround debhelper bug #886037 by reshuffling the dh_strip calls.
-- Mattia Rizzolo <email address hidden> Tue, 02 Jan 2018 00:54:05 +0100
-
libxml2 (2.9.4+dfsg1-5.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix XPath stack frame logic (CVE-2017-15412) (Closes: #883790)
-- Salvatore Bonaccorso <email address hidden> Thu, 14 Dec 2017 20:36:07 +0100
-
libxml2 (2.9.4+dfsg1-5.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix NULL pointer deref in xmlDumpElementContent (CVE-2017-5969)
(Closes: #855001)
* Check for integer overflow in memory debug code (CVE-2017-5130)
(Closes: #880000)
* Fix copy-paste errors in error messages
* python: remove single use of _PyVerify_fd (Closes: #878684)
-- Salvatore Bonaccorso <email address hidden> Sat, 18 Nov 2017 16:39:04 +0100
-
libxml2 (2.9.4+dfsg1-5) unstable; urgency=medium
* Team upload.
* d/control: Bump Standards-Version to 4.1.1, no changes needed.
* d/rules:
+ Use `rename` instead of `prename`, and separate the -v and -f options.
Closes: #876308
+ Fix usage of debhelper's -N and -p options: newer debhelper doesn't
accept specifying packages not present in d/control.
-- Mattia Rizzolo <email address hidden> Sun, 15 Oct 2017 02:18:26 +0200
-
libxml2 (2.9.4+dfsg1-4) unstable; urgency=medium
* Team upload.
* Drop Recommends: xml-core from libxml2.
xml-core is not really needed by anything, and packages needing it
already depend on it. Closes: #869744
Thanks to Adam Borowski <email address hidden> for proposing it.
* Run wrap-and-sort.
* Add Build-Depends on rename. Closes: #874211
* Bump Standards-Version to 4.1.0:
+ keep debug packages priority to extra as they are special cased by tools.
-- Mattia Rizzolo <email address hidden> Mon, 04 Sep 2017 11:46:04 +0200
-
libxml2 (2.9.4+dfsg1-3.1) unstable; urgency=low
* Non-maintainer upload.
* Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
Incorrect limit was used for port values. (Closes: #870865)
* Prevent unwanted external entity reference (CVE-2017-7375)
Missing validation for external entities in xmlParsePEReference.
(Closes: #870867)
* Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
- Heap-based buffer over-read in function xmlDictComputeFastKey
(CVE-2017-9049).
- Heap-based buffer over-read in function xmlDictAddString
(CVE-2017-9050).
(Closes: #863019, #863018)
* Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
CVE-2017-9048)
- Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
- Stack-based buffer overflow in function xmlSnprintfElementContent
(CVE-2017-9048).
(Closes: #863022, #863021)
* Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
Heap buffer overflow in xmlAddID. (Closes: #870870)
-- Salvatore Bonaccorso <email address hidden> Sun, 20 Aug 2017 06:56:40 +0200
-
libxml2 (2.9.4+dfsg1-3) unstable; urgency=medium
* Team upload.
[ Mattia Rizzolo ]
* d/control:
+ Use HTTPS in Vcs-* fields.
+ Remove the deprecated '${python:Provides}' and '${python3:Provides}'.
+ Bump Standards-Version to 4.0.0, no changes needed.
* Build for all supported python versions. Closes: #864328
Thanks to YunQiang Su <email address hidden> for the initial patch.
* Drop libxml-utils-dbg package in favour of the automatic debug package.
* Replace the upstream ChangeLog with the NEWS file. Closes: #808372
The ChangeLog file stopped being updated in 2009, whereas NEWS is
automatically generated by upstream during releases.
* d/rules:
+ Correctly make use of the dh sequencer in the build step.
Override dh_auto_build instead of using build/build-arch/build-indep
targets directly.
This makes possible for dh to call dh_autoreconf and other helpers that
would otherwise be skipped (like dh_update_autotools_config).
+ Fix duplicated targets for override_dh_auto_install-indep.
+ Streamline dpkg-buildflags usage.
* Bump debhelper compat level to 10
+ remove --parallel, now default
+ remove --with autoreconf, now default
[ Helmut Grohne ]
* Improve build profiles support. Closes: #862867
+ Rename the meaningless stage1 to the meaningful nopython.
+ Use the standard variable DEB_BUILD_PROFILES rather than
DEB_BUILD_PROFILE by checking dh_listpackages.
+ Correctly build nopython even when python is installed.
+ Add build profile annotations to debian/control.
-- Mattia Rizzolo <email address hidden> Tue, 04 Jul 2017 21:59:55 +0200
-
libxml2 (2.9.4+dfsg1-2.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix attribute decoding during XML schema validation
(Closes: #832602, #832864)
-- Mònica Ramírez Arceda <email address hidden> Sat, 14 Jan 2017 15:31:49 +0100
-
libxml2 (2.9.4+dfsg1-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix comparison with root node in xmlXPathCmpNodes
* Fix XPointer paths beginning with range-to (CVE-2016-5131)
(Closes: #840554)
* Disallow namespace nodes in XPointer ranges (CVE-2016-4658)
(Closes: #840553)
* Fix more NULL pointer derefs in xpointer.c
-- Salvatore Bonaccorso <email address hidden> Sun, 30 Oct 2016 16:30:55 +0100
-
libxml2 (2.9.4+dfsg1-2) unstable; urgency=medium
[ YunQiang Su ]
* add python3 support (Closes: #737774)
* fix typo in test/control: python->python3
[ Aron Xu ]
* Really allow parallel building
* Mark python3-libxml2* as M-A: same
-- Aron Xu <email address hidden> Mon, 12 Sep 2016 02:57:02 +0800
-
libxml2 (2.9.4+dfsg1-1) unstable; urgency=medium
* Imported Upstream version 2.9.4+dfsg1
- Closes: 829718, CVE-2016-4448
* Drop patches applied upstream, refresh remainers
* Update Std-Ver to 3.9.8 from 3.9.6
* Update symbols for 2.9.4
* cherry-pick: Fix NULL pointer deref in XPointer range-to
-- Aron Xu <email address hidden> Tue, 19 Jul 2016 11:42:45 +0800
-
libxml2 (2.9.3+dfsg1-1.2) unstable; urgency=medium
[ Simon McVittie ]
* Non-maintainer upload.
* Add -arch suffix to some architecture-specific debhelper overrides,
fixing FTBFS with dpkg-buildpackage -A or when source-only uploads
are used (Closes: #806065)
- Do a build for the default Python version even when we are
building arch-indep-only: we need something for gtk-doc to analyze
-- Salvatore Bonaccorso <email address hidden> Sun, 05 Jun 2016 07:23:42 +0200
-
libxml2 (2.9.3+dfsg1-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
* heap-buffer-overflow in xmlStrncat (CVE-2016-1834)
* Add missing increments of recursion depth counter to XML parser
(CVE-2016-3705) (Closes: #823414)
* Avoid an out of bound access when serializing malformed strings
(CVE-2016-4483) (Closes: #823405)
* Heap-buffer-overflow in xmlFAParsePosCharGroup (CVE-2016-1840)
* Heap-based buffer overread in xmlParserPrintFileContextInternal
(CVE-2016-1838)
* Heap-based buffer overread in xmlDictAddString (CVE-2016-1839
CVE-2015-8806 CVE-2016-2073) (Closes: #813613, #812807)
* Heap use-after-free in xmlDictComputeFastKey (CVE-2016-1836)
* Fix inappropriate fetch of entities content (CVE-2016-4449)
* Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral
(CVE-2016-1837)
* Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
* Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
* Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
* Avoid building recursive entities (CVE-2016-3627) (Closes: #819006)
-- Salvatore Bonaccorso <email address hidden> Sat, 28 May 2016 06:51:08 +0200
-
libxml2 (2.9.3+dfsg1-1) unstable; urgency=medium
* New upstream release.
-- Aron Xu <email address hidden> Mon, 14 Dec 2015 15:35:25 +0800
-
libxml2 (2.9.2+zdfsg1-4) unstable; urgency=medium
* Revert everything in N'ACKed NMU revert to 2.9.1.
- Resolving regression, Closes: #754424
- Drop the following NMU, not needed in 2.9.2, Closes: #781232
- Drop not approved patch for GNOME #746048
* Revert icu dbg drop, but don't hardcode version,
thanks Matthias Klose <doko>, Closes: #798642
* Cherry pick upstream post release patches:
- Fix for regression triggered by CVE-2014-3660, Closes: #768089
- Fix for the spurious ID already defined error, Closes: #766884
- Fix for CVE-2015-1819, Closes: #782782
- Fix for GNOME #744980, Closes: #783010
- Several fixes for memory related issues.
-- Aron Xu <email address hidden> Tue, 22 Sep 2015 16:31:48 +0800
-
libxml2 (2.9.2+really2.9.1+dfsg1-0.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix a problem unparsing URIs without a host part like qemu:///system.
This unbreaks libvirt, libsys-virt-perl and others
(Closes: #781232)
-- Guido Günther <email address hidden> Sun, 06 Sep 2015 11:16:48 +0200
-
libxml2 (2.9.2+really2.9.1+dfsg1-0.1) unstable; urgency=medium
* Non-maintainer upload.
* Go back to 2.9.1+dfsg1 upstream sources so that xmllint works
again. Closes: #766884
* Restore all patches available in 2.9.1+dfsg1-5 in stretch, ensuring
CVE-2014-3660 is fixed too.
* Fix 3 security issues by adding 4 patches:
- CVE-2015-1819: The xmlreader in libxml allows remote attackers to cause
a denial of service (memory consumption) via crafted XML data, related to
an XML Entity Expansion (XEE) attack. Closes: #782782
- Out-of-bounds access when parsing unclosed HTML comment
https://bugzilla.gnome.org/show_bug.cgi?id=746048 Closes: #782985
- Out-of-bounds memory access
https://bugzilla.gnome.org/show_bug.cgi?id=744980 Closes: #783010
* Add dh-python to Build-Depends for dh_python2
-- Raphaël Hertzog <email address hidden> Tue, 25 Aug 2015 22:31:29 +0200
-
libxml2 (2.9.2+dfsg1-3) unstable; urgency=medium
* Add icu related deps for -dev and -dbg packages
(Closes: #776741)
-- Aron Xu <email address hidden> Sun, 01 Feb 2015 12:35:52 +0800
-
libxml2 (2.9.2+dfsg1-2) unstable; urgency=medium
[ Michael Gilbert ]
* Enable icu support (Closes: #776254)
[ Aron Xu ]
* 0003-Fix-missing-entities-after-CVE-2014-3660-fix.patch:
Fix upstream bug triggered by CVE fix (Closes: #768089)
-- Aron Xu <email address hidden> Fri, 30 Jan 2015 13:52:23 +0800
-
libxml2 (2.9.2+dfsg1-1) unstable; urgency=low
* New upstream release (Closes: #765722, CVE-2014-3660)
* Remove no-longer-needed upstream patches
* Update distro patch
* Std-ver: 3.9.5 -> 3.9.6, no change.
-- Aron Xu <email address hidden> Sun, 26 Oct 2014 07:04:50 +0800
-
libxml2 (2.9.1+dfsg1-4) unstable; urgency=low
[ Christian Svensson ]
* Do not build-depend on readline (Closes: #742350)
[ Daniel Schepler ]
* Patch to bootstrap without python (Closes: #738080)
[ Helmut Grohne ]
* Drop unneeded B-D on perl and binutils (Closes: #753005)
[ Adam Conrad ]
* Actually run dh_autoreconf, which the old/new mixed rules file misses.
[ Matthias Klose ]
* Add patch to fix python multiarch issue
* Allow the package to cross-build by tweaking B-Ds on python
* Set PYTHON_LIBS for cross builds
[ Aron Xu ]
* Use correct $CC
* Configure udeb without python
* New round of cherry-picking upstream fixes
- Includes fixes for CVE-2014-0191 (Closes: #747309).
* Call prename with -vf
* Require python-all-dev (>= 2.7.5-5~)
* Bump std-ver: 3.9.4 -> 3.9.5, no change
-- Aron Xu <email address hidden> Wed, 09 Jul 2014 05:40:15 +0800
-
libxml2 (2.9.1+dfsg1-3) unstable; urgency=low
* debian/patches/0007-Fix-XPath-optimization-with-predicates.patch:
- Upstream patch to fix XPath evaluation issue. (Closes: #713146)
-- Aron Xu <email address hidden> Mon, 05 Aug 2013 11:02:43 +0800
-
libxml2 (2.9.1+dfsg1-2) unstable; urgency=low
* Upload to unstable.
* debian/patches/000[2-6]-*.patch:
- cherry-picking upstream post-release fixes.
-- Aron Xu <email address hidden> Mon, 17 Jun 2013 23:24:07 +0800
-
libxml2 (2.8.0+dfsg1-7+nmu1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix cve-2013-0338 and cve-2013-0339: large memory consuption issues when
performing string substition during entity expansion (closes: #702260).
-- Michael Gilbert <email address hidden> Wed, 06 Mar 2013 20:24:06 +0000
-
libxml2 (2.8.0+dfsg1-7) unstable; urgency=low
[ Daniel Veillard ]
* Fix potential out of bound access
CVE-2012-5134, Closes: #694521.
-- Aron Xu <email address hidden> Wed, 28 Nov 2012 22:40:13 +0800
-
libxml2 (2.8.0+dfsg1-6) unstable; urgency=low
[ Daniel Veillard ]
* Fix a failure to report xmlreader parsing failures
Closes: #676210.
[ Aron Xu ]
* Add gbp.conf for wheezy branch.
-- Aron Xu <email address hidden> Sun, 07 Oct 2012 14:18:59 +0800
-
libxml2 (2.8.0+dfsg1-5) unstable; urgency=low
[ Daniel Veillard ]
* Fix parser local buffers size problems
* Fix entities local buffers size problems
CVE-2012-2807, Closes: #679280.
-- Aron Xu <email address hidden> Thu, 19 Jul 2012 17:11:09 +0800
-
libxml2 (2.8.0+dfsg1-4) unstable; urgency=low
* Sanitize the output of `xml2-config --libs`.
-- Aron Xu <email address hidden> Fri, 15 Jun 2012 01:42:55 +0800
-
libxml2 (2.8.0+dfsg1-3) unstable; urgency=low
* Remove odd output of xml2-config --libs (Closes: #675682).
* Mark libxml2-dev "M-A: same" again, fixed xml2-config
(Closes: #674474).
-- Aron Xu <email address hidden> Tue, 05 Jun 2012 01:44:14 +0800
-
libxml2 (2.8.0+dfsg1-2) unstable; urgency=low
* debian/control:
- Remove "M-A: same" from libxml2-dev (Closes: #674474).
- Add "M-A: foreign" to libxml2-doc.
* debian/rules:
- Style change on calling dh using --with.
- Enable all hardening features.
- The sed command for removing DEB_HOST_MULTIARCH is not reverted
because it's generally a good idea to avoid it here.
* lintian-overrides:
- libxml2: package-name-doesnt-match-sonames
- python-libxml2-dbg: hardening-no-fortify-functions
-- Aron Xu <email address hidden> Sat, 02 Jun 2012 15:09:37 +0800
-
libxml2 (2.8.0+dfsg1-1) unstable; urgency=low
* New upstream release. (Closes: #148220, #590934)
* Adjust changelog of previous NMU (Closes: #674739).
* Try to avoid useless space in /usr/bin/xml-config (Closes: #674474).
-- Aron Xu <email address hidden> Fri, 25 May 2012 04:06:35 +0000
-
libxml2 (2.7.8.dfsg-9.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix cve-2012-3102: off by one poinnter access in xpointer.c
(closes: #674191).
-- Michael Gilbert <email address hidden> Wed, 23 May 2012 13:48:52 -0400
-
libxml2 (2.7.8.dfsg-9) unstable; urgency=low
* Multi-Arch ready. (Closes: #643026)
- M-A:same packages are libxml2, libxml2-dev and libxml2-dbg.
- M-A:foreign package is libxml2-utils, others are not M-A.
- Library files in udeb are still placed under usr/lib directly.
* New binary: libxml2-utils-dbg.
Move debuggings symbols of libxml2-utils binaries to another package
in favor of marking libxml2-dbg as M-A: same. Descriptions of related
binary packages are slightly modified.
* Enable hardening for Python modules. (Closes: #664107)
* Add support for build-arch and build target, essentially make the
package not FTBFS anymore. (Closes: #668672)
* Use dh compat 9. Not hardcoding libdir in debian/rules.
* Port to source format 3.0 to ease future maintenance of patches.
- Old patches are stored in 01_historical_changes.patch
- Do not patch Makefile.in directly, use dh_autoreconf with patches to
configure.in and Makefile.am instead. This will not actually make
bootstraping a new architecture more difficult since we already have
gettext and autoconf in deep B-D, porters need to break it anyway.
- Store doc/examples/index.html in patch to avoid ciculate B-D with
xsltproc, we should not B-D on it.
* debian/*.dirs: removed, useless.
-- Aron Xu <email address hidden> Sun, 22 Apr 2012 00:16:37 +0800
-
libxml2 (2.7.8.dfsg-8) unstable; urgency=high
* New maintainer (Closes: #654176).
* Apply upstream patch to add randomization to hashing with large
dictionaries to mitigate hash DoS (CVE-2012-0841; Closes: #660846)
* Bump std-ver to 3.9.3, no change needed.
-- Aron Xu <email address hidden> Thu, 12 Apr 2012 09:19:04 +0800
-
libxml2 (2.7.8.dfsg-7) unstable; urgency=low
* Team upload.
* parser.c: Fix an allocation error when copying entities.
CVE-2011-3919. Closes: #656377.
-- Andrew O. Shadura <email address hidden> Fri, 20 Jan 2012 12:54:41 +0300
-
libxml2 (2.7.8.dfsg-6) unstable; urgency=low
* Team upload.
* Enabled hardened build flags (Closes: #654903).
* error.c: Fix __xmlRaiseError (Closes: #622358).
-- Andrew O. Shadura <email address hidden> Thu, 12 Jan 2012 00:57:32 +0300
-
libxml2 (2.7.8.dfsg-5.1) unstable; urgency=high
* Non-maintainer upload.
* encoding.c: Fix off by one error. CVE-2011-0216.
* parser.c: Make sure parser returns when getting a Stop order.
CVE-2011-3905.
* Both closes: #652352.
-- Luk Claes <email address hidden> Fri, 30 Dec 2011 18:31:13 +0100
-
libxml2 (2.7.8.dfsg-5) unstable; urgency=low
* xpath.c, xpointer.c, include/libxml/xpath.h: Hardening of XPath evaluation.
CVE-2011-2821.
* xpath.c: Fix for undefined namespaces. CVE-2011-2834.
* Both closes: #643648.
-- Mike Hommey <email address hidden> Fri, 07 Oct 2011 09:31:14 +0200
-
libxml2 (2.7.8.dfsg-4) unstable; urgency=low
* debian/rules: Add --with python2 to dh call. * debian/control: - Remove build dependency on python-support. - Build depend on python-all-dev >= 2.6.6-3~. - Remove XB-Python-Version header. - Bump Standards-Version to 3.9.2.0. No changes required. * debian/pycompat: Removed. With the above changes, closes: #631416. Thanks Colin Watson. -- Mike Hommey <email address hidden> Fri, 29 Jul 2011 12:33:08 +0200
-
libxml2 (2.7.8.dfsg-3) unstable; urgency=low
* xpath.c: Fix some potential problems on reallocation failures. Closes: #628537. -- Mike Hommey <email address hidden> Sat, 04 Jun 2011 10:40:39 +0900
-
libxml2 (2.7.8.dfsg-2) unstable; urgency=low
* xpath.c: Fix a double-freeing error in XPath processing code. (CVE-2010-4494). Closes: #607922. -- Mike Hommey <email address hidden> Sat, 25 Dec 2010 10:48:27 +0100
-
libxml2 (2.7.8.dfsg-1) unstable; urgency=low
* New upstream release.
* configure.in: Applied upstream fix to reactivate symbol versioning script.
-- Mike Hommey <email address hidden> Fri, 05 Nov 2010 08:23:58 +0100
-
libxml2 (2.7.7.dfsg-4) unstable; urgency=low
* debian/rules:
- Use a variable to express which sub-targets to invoke for
configure/build/install.
- Refactor configure-% and build-% rules.
- Avoid possible renaming of _d.so files to _d_d.so files in the
install-python%-dbg rules.
* debian/control, debian/control.udeb, debian/libxml2-udeb.install,
debian/rules: Add an udeb package when building for Ubuntu.
Closes: #583767.
* debian/control:
- Remove old Conflicts/Replaces for packages that have disappeared before
etch.
- Bump Standards-Version to 3.9.0.0.
-- Mike Hommey <email address hidden> Tue, 29 Jun 2010 12:42:35 +0200
-
libxml2 (2.7.7.dfsg-3) unstable; urgency=low
* debian/rules: Use build_python* instead of build-python* as build
directory when configuring python modules. build-python$* would get
matched by make as an existing file and would prevent evaluation of the
corresponding build rule. Thanks Loïc Minier.
* debian/python-libxml2.install: Don't hardcode site-/dist-packages in
.install. Cope with builds which don't have any dist-packages (or
site-packages) based python versions. Thanks Loïc Minier.
* debian/rules, debian/python-libxml2-dbg.install, debian/control:
Add a python-libxml2-dbg package. Closes: #583582.
* debian/rules: Don't link against libpython.
* python-libxml2-dbg.preinst: Remove /usr/share/doc/python-libxml2-dbg
symlink when it exists (which is the case with older Ubuntu packages).
-- Mike Hommey <email address hidden> Wed, 23 Jun 2010 18:52:51 +0200
-
libxml2 (2.7.7.dfsg-2) unstable; urgency=low
* debian/libxml2-dbg.preinst, debian/libxml2-dev.preinst,
debian/libxml2-utils.preinst: Remove /usr/share/doc symbolic links on
upgrade. They will then be replaced by directories by dpkg.
Closes: #577025.
-- Mike Hommey <email address hidden> Fri, 09 Apr 2010 10:21:02 +0200
-
libxml2 (2.7.7.dfsg-1) unstable; urgency=low
* New upstream release.
* debian/control:
+ Bump Standards-Version to 3.8.4.0.
+ Depend on a version of debhelper that provides dh and supports
overrides.
* debian/compat: Bump to 7.
* debian/rules:
+ Don't avoid to build in example/. There is no reason to do so anymore.
+ Remove remains of WORKAROUND_MODIFIED_FILES, that was removed 2 years
ago.
+ Change the way python libs are built. We now use configure to set
different environment with and without python, and arrange things so
that we don't have to build the base libxml2 library several times.
+ Deduplicate in /usr/lib/pyshared, not
/usr/lib/python-support/python-libxml2.
+ Remove old source and diff rules that only displayed a message
inviting to use dpkg-source -b.
+ Force -Wl,--as-needed at the beginning of the gcc command line.
+ Simplify rules by switching to dh.
+ Don't refresh COPYING during clean target, it appears not to be
necessary anymore.
+ Use a common cache for main and python configure passes.
* debian/python-libxml2.install: Install python files from
/usr/lib/python*/dist-packages.
* python/generator.py: Sort python generated stubs so that libxml2.py
doesn't differ between python 2.5 and 2.6.
* doc/devhelp/Makefile.{am,in}: Properly install devhelp files when
builddir != srcdir.
-- Mike Hommey <email address hidden> Sun, 21 Mar 2010 09:51:17 +0100
-
libxml2 (2.7.6.dfsg-2) unstable; urgency=low
* Cherry-picks from upstream git:
+ globals.c: fix the initialization of the mutex.
+ xmlIO.c: remove an abuse of zlib API and use a clean interface
available in zlib >= 1.2.3. Closes: #565683, #565823.
* debian/control:
+ Put libreadline-dev before libreadline5-dev in Build-Deps.
Closes: #553803.
+ Add misc:Depends dependencies where they are missing.
-- Mike Hommey <email address hidden> Tue, 19 Jan 2010 18:41:49 +0100
-
libxml2 (2.7.6.dfsg-1) unstable; urgency=low
* New upstream release.
* debian/control:
+ Bump Standards-Version to 3.8.3.0.
+ Set libxml2 package priority to standard to match override.
-- Mike Hommey <email address hidden> Sat, 10 Oct 2009 23:55:41 +0200
-
libxml2 (2.7.5.dfsg-1) unstable; urgency=low
* New upstream release.
+ Fixed a RelaxNG bug introduced in 2.7.4. Closes: #546442.
-- Mike Hommey <email address hidden> Fri, 25 Sep 2009 22:28:53 +0200
-
libxml2 (2.7.4.dfsg-2) unstable; urgency=low
* debian/libxml2.symbols: Force binaries that use versioned symbols to
depend on version 2.7.4 at least.
* parser.c: Fix a parsing problem with little data at startup.
Cherry-picked from upstream git. Closes: #546254, #546488.
-- Mike Hommey <email address hidden> Wed, 16 Sep 2009 00:12:50 +0200
-
libxml2 (2.7.4.dfsg-1) unstable; urgency=low
* New upstream release.
* Revert old change to entities.c.
* debian/copyright: Change upstream url. Closes: #541082.
* debian/libxml2.symbols: Change symbols file to use newly introduced
symbol versioning
* debian/rules: bump shlibs to current version.
-- Mike Hommey <email address hidden> Thu, 10 Sep 2009 23:04:35 +0200
-
libxml2 (2.7.3.dfsg-2.1) unstable; urgency=high
* Non-maintainer upload by the Security Team (Closes: #540865).
* Fix multiple use-after-free flaws when parsing notation and
enumeration attribute types (CVE-2009-2416).
* Fix stack overflow when parsing root XML document element DTD
definition (CVE-2009-2414).
-- Nico Golde <email address hidden> Sun, 16 Aug 2009 17:45:17 +0200
-
libxml2 (2.7.3.dfsg-2) unstable; urgency=low
* debian/no-upstream-changelog: Removed.
* debian/rules: Don't use symlinks in /usr/share/doc anymore, and only
install the upstream changelog in the libxml2 package. Considering
its size, we don't need it everywhere. Closes: #496959.
* include/libxml/*.h: change ATTRIBUTE_PRINTF into LIBXML_ATTR_FORMAT
to avoid macro name. Cherry-pick upstream f076f34. Closes: #521994.
* error.c: fix structured error handling problems. Cherry-pick upstream
719f397. Closes: #522669.
* debian/control:
+ Change libxml2-dbg's section to "debug".
+ Bump Standards-Version to 3.8.2.0.
+ Add Homepage, Vcs-Git and Vcs-Browser fields.
-- Mike Hommey <email address hidden> Mon, 13 Jul 2009 08:56:37 +0200
-
libxml2 (2.7.3.dfsg-1) unstable; urgency=low
* New upstream release.
* parser.c: Remove useless nbParse* variables and avoid exporting them as
symbols.
* debian/libxml2.symbols: Reference the new symbols.
* debian/rules: bump shlibs to current version.
-- Mike Hommey <email address hidden> Sun, 01 Mar 2009 11:57:55 +0100
-
libxml2 (2.6.32.dfsg-5) unstable; urgency=high
* parserInternals.c: apply patch from upstream revision 3741 to avoid
double-free in some situations. This fixes a crash while running the
W3C/OASIS XML conformance test.
* tree.c: Fix infinite loop. Fixes: CVE-2008-4225.
* SAX2.c: Fix integer overflow. Fixes: CVE-2008-4226.
-- Mike Hommey <email address hidden> Tue, 18 Nov 2008 08:08:34 +0100
-
libxml2 (2.6.32.dfsg-4) unstable; urgency=high
* Fix regressions due to previous security fixes. Fixes: CVE-2008-3529.
Closes: #498768.
-- Mike Hommey <email address hidden> Fri, 19 Sep 2008 21:26:19 +0200
