-
libxml2 (2.7.7.dfsg-4ubuntu0.4) maverick-security; urgency=low
* SECURITY UPDATE: add randomization to dictionaries with hash tables
help prevent denial of service via hash algorithm collision
- configure.in: lookup for rand, srand and time
- dict.c: add randomization to dictionaries hash tables
- hash.c: add randomization to normal hash tables
- 8973d58b7498fa5100a876815476b81fd1a2412a
- CVE-2012-0841
-- Jamie Strandboge <email address hidden> Fri, 24 Feb 2012 15:16:59 -0600
-
libxml2 (2.7.7.dfsg-4ubuntu0.3) maverick-security; urgency=low
* SECURITY UPDATE: fix off-by-one leading to denial of service
- encoding.c: adjust calculation of space available
- 69f04562f75212bfcabecd190ea8b06ace28ece2
- CVE-2011-0216
* SECURITY UPDATE: fix double free in XPath evaluation
- xpath.h, xpath.c: add a mechanism of frame for XPath evaluation when
entering a function or a scoped evaluation
- f5048b3e71fc30ad096970b8df6e7af073bae4cb
- CVE-2011-2821
* SECURITY UPDATE: fix double free in XPath evaluation
- xpath.c: fix missing error status in XPath evaluation
- 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd
- CVE-2011-2834
* SECURITY UPDATE: fix out of bounds read
- parser.c: make sure the parser returns when getting a Stop order
- 77404b8b69bc122d12231807abf1a837d121b551
- CVE-2011-3905
* SECURITY UPDATE: fix heap overflow
- parser.c: fix an allocation error when copying entities
- 5bd3c061823a8499b27422aee04ea20aae24f03e
- CVE-2011-3919
-- Jamie Strandboge <email address hidden> Wed, 18 Jan 2012 13:46:22 -0600
-
libxml2 (2.7.7.dfsg-4ubuntu0.2) maverick-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
specially crafted xml file
- xpath.c: update count only if allocation succeeds.
- http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4
- CVE-2011-1944
-- Marc Deslauriers <email address hidden> Thu, 16 Jun 2011 09:26:36 -0400
-
libxml2 (2.7.7.dfsg-4ubuntu0.1) maverick-security; urgency=low
* SECURITY UPDATE: fix invalid memory read by fixing the semantic of XPath
axis for namespace/attribute context nodes
- http://git.gnome.org/browse/libxml2/patch/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
- http://git.gnome.org/browse/libxml2/patch/?id=ea90b894146030c214a7df6d8375310174f134b9
- CVE-2010-4008
-- Jamie Strandboge <email address hidden> Mon, 08 Nov 2010 13:02:43 -0600
-
libxml2 (2.7.7.dfsg-4) unstable; urgency=low
* debian/rules:
- Use a variable to express which sub-targets to invoke for
configure/build/install.
- Refactor configure-% and build-% rules.
- Avoid possible renaming of _d.so files to _d_d.so files in the
install-python%-dbg rules.
* debian/control, debian/control.udeb, debian/libxml2-udeb.install,
debian/rules: Add an udeb package when building for Ubuntu.
Closes: #583767.
* debian/control:
- Remove old Conflicts/Replaces for packages that have disappeared before
etch.
- Bump Standards-Version to 3.9.0.0.
libxml2 (2.7.7.dfsg-3) unstable; urgency=low
* debian/rules: Use build_python* instead of build-python* as build
directory when configuring python modules. build-python$* would get
matched by make as an existing file and would prevent evaluation of the
corresponding build rule. Thanks Loïc Minier.
* debian/python-libxml2.install: Don't hardcode site-/dist-packages in
.install. Cope with builds which don't have any dist-packages (or
site-packages) based python versions. Thanks Loïc Minier.
* debian/rules, debian/python-libxml2-dbg.install, debian/control:
Add a python-libxml2-dbg package. Closes: #583582.
* debian/rules: Don't link against libpython.
* python-libxml2-dbg.preinst: Remove /usr/share/doc/python-libxml2-dbg
symlink when it exists (which is the case with older Ubuntu packages).
-- Lo?c Minier <email address hidden> Mon, 05 Jul 2010 13:11:26 +0100
-
libxml2 (2.7.7.dfsg-2ubuntu1) maverick; urgency=low
* Shuffle old Debian changelog entries around to match the Debian layout and
reduce the diff.
* Drop /usr/share/doc/python-libxml2-dbg -> python-libxml2 symlink which was
added to optimize disk space, the -dbg package is huge anyway. Add a
preinst snippet to deal with upgrades.
* Merge with Debian.
- Keep the new Debian build-deps "libreadline-dev | libreadline5-dev"
since this should work fine with Ubuntu buildds reinstalling everything
on each build.
- Drop duplicate -Wall and -g from -dbg CFLAGS.
- Drop addition of -Wl,-Bsymbolic-functions to LDFLAGS since LDFLAGS
aren't overriden in the Debian rules anymore.
- Don't set PYTHON_VERSION and PYTHON_SITE_PACKAGES during python$*-dbg
builds since these should be correct already.
- Drop explicit zlib1g-dev dep, .pc only mentions zlib in Libs.private and
the .la file isn't shipped anymore, so there should be no mention of -lz
requiring this anymore.
- Rework creation of -dbg package (python$*-dbg) for the new dh 7 rules;
install to debian/tmp-dbg.
- Remaining changes:
+ Add python-libxml2-dbg package built with python$*-dbg and these
CFLAGS: -Wall -Wextra -g -O0 -fno-strict-aliasing -pedantic.
+ Add libxml2-udeb package.
+ Fix debian/python-libxml2.install to cope with builds which don't have
any site-packages based python versions.
+ rm -rf build-python$* in configure-python% to fix FTBFS.
* Fix dependency of python-libxml2-dbg on python-libxml2 to use
${binary:Version}, not ${source:Version}.
* Add ${misc:Depends} to python-libxml2-dbg.
libxml2 (2.7.7.dfsg-2) unstable; urgency=low
* debian/libxml2-dbg.preinst, debian/libxml2-dev.preinst,
debian/libxml2-utils.preinst: Remove /usr/share/doc symbolic links on
upgrade. They will then be replaced by directories by dpkg.
Closes: #577025.
libxml2 (2.7.7.dfsg-1) unstable; urgency=low
* New upstream release.
* debian/control:
+ Bump Standards-Version to 3.8.4.0.
+ Depend on a version of debhelper that provides dh and supports
overrides.
* debian/compat: Bump to 7.
* debian/rules:
+ Don't avoid to build in example/. There is no reason to do so anymore.
+ Remove remains of WORKAROUND_MODIFIED_FILES, that was removed 2 years
ago.
+ Change the way python libs are built. We now use configure to set
different environment with and without python, and arrange things so
that we don't have to build the base libxml2 library several times.
+ Deduplicate in /usr/lib/pyshared, not
/usr/lib/python-support/python-libxml2.
+ Remove old source and diff rules that only displayed a message
inviting to use dpkg-source -b.
+ Force -Wl,--as-needed at the beginning of the gcc command line.
+ Simplify rules by switching to dh.
+ Don't refresh COPYING during clean target, it appears not to be
necessary anymore.
+ Use a common cache for main and python configure passes.
* debian/python-libxml2.install: Install python files from
/usr/lib/python*/dist-packages.
* python/generator.py: Sort python generated stubs so that libxml2.py
doesn't differ between python 2.5 and 2.6.
* doc/devhelp/Makefile.{am,in}: Properly install devhelp files when
builddir != srcdir.
libxml2 (2.7.6.dfsg-2) unstable; urgency=low
* Cherry-picks from upstream git:
+ globals.c: fix the initialization of the mutex.
+ xmlIO.c: remove an abuse of zlib API and use a clean interface
available in zlib >= 1.2.3. Closes: #565683, #565823.
* debian/control:
+ Put libreadline-dev before libreadline5-dev in Build-Deps.
Closes: #553803.
+ Add misc:Depends dependencies where they are missing.
-- Loic Minier <email address hidden> Sun, 30 May 2010 11:41:13 +0200
-
libxml2 (2.7.6.dfsg-1ubuntu1) lucid; urgency=low
* Merge from debian testing, remaining changes:
- Create -udeb and python -dbg packages
- Link using -Bsymbolic-functions
- Add missing zlib1g-dev to -dev
- Fix site-/dist-packages
- Build-depend on libreadline6-dev instead of libreadline5-dev.
libxml2 (2.7.6.dfsg-1) unstable; urgency=low
* New upstream release.
* debian/control:
+ Bump Standards-Version to 3.8.3.0.
+ Set libxml2 package priority to standard to match override.
-- Scott Kitterman <email address hidden> Tue, 15 Dec 2009 22:35:20 -0500
