Age | Commit message (Collapse) | Author | Files | Lines |
|
https://gitlab.gnome.org/GNOME/libxml2/-/compare/v2.10.3...v2.10.4
- CVE-2023-29469: Hashing of empty dict strings isn't deterministic
- CVE-2023-28484: Fix null deref in xmlSchemaFixupComplexType
|
|
|
|
https://gitlab.gnome.org/GNOME/libxml2/-/compare/v2.10.2...v2.10.3
CVE-2022-40304
CVE-2022-40303
Changelog-Reviewed-By: Jan Tojnar <jtojnar@gmail.com>
|
|
|
|
/cc the update PR #195748
|
|
|
|
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.1
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2
https://gitlab.gnome.org/GNOME/libxml2/-/compare/v2.10.0...v2.10.2
|
|
|
|
- Massive cleanups
- CVE-2022-2309
- More security fixes
- Removal of outdated development manpage libxml.3
https://gitlab.gnome.org/GNOME/libxml2/-/compare/v2.9.14...v2.10.0
- Python detection is broken by `strictDeps` for unknown reasons.
- Also replaced `moveToOutput` with more declarative `outputMan`.
|
|
...into staging
|
|
|
|
|
|
|
|
|
|
appears the lack of sandbox on most darwin machines allows the
tests to accidentally find /usr/lib/libxml2.dylib, which
causes problems
|
|
Fixes CVE-2022-29824, see https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
|
|
Fixes CVE-2022-23308
https://mail.gnome.org/archives/xml/2022-February/msg00009.html
|
|
`$dev` will be substituted by empty string (would have to be `$(dev)`),
causing issues in 2.9.13. Let’s fix that and use the cannonical name.
|
|
|
|
Avoid stale autotools files and allow building from git easily.
|
|
Must have been fixed for a while now.
|
|
|
|
New versions will only be published there.
Also add GNOME update script.
|
|
|
|
This fixes e.g. python3Packages.beautifulsoup4, which has tests relying
on the wider encoding support enabled by libiconv.
Fixes #137678.
|
|
|
|
|
|
|
|
libxml2 is used in bootstrapping, so the alternates solution of
running libtoolize is tricky here.
|
|
https://mail.gnome.org/archives/xml/2021-May/msg00000.html
CVE-2021-3541
|
|
Signed-off-by: Ben Siraphob <bensiraphob@gmail.com>
|
|
We can use use `stdenv.hostPlatform.isStatic` instead, and move the
logic per package. The least opionated benefit of this is that it makes
it much easier to replace packages with modified ones, as there is no
longer any issue of overlay order.
CC @FRidh @matthewbauer
|
|
|
|
Fixes an out-of-bounds read when using xmllint with the --htmlout
parameter.
Fixes: CVE-2020-24977
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
disable python test which was previously failing anyway, but in previous
versions it was being ignored
|
|
1. Gnumeric has unbalanced XML tags in its doc translations.
2. itstool's XML error handler tries to print this error with context.
3. libxml2's context snipper treats the data as bytes, not UTF-8.
4. python3Packages.libxml2 casts the context to a UTF-8 Python string.
5. itstool dereferences a null pointer.
This patch intervenes at #4.
In https://bugzilla.gnome.org/show_bug.cgi?id=789714#c4 , upstream
suggests that intervening at #3 would be better -- that each of the four
copies of xmlParserPrintFileContextInternal() have four additional UTF-8
problems, one of which is that the caret indicator ought to count
"unicode characters" not bytes. But to position a caret correctly, a
character count is not sufficient -- this would need to use icu's BiDi
logic (with fallback to doing something wrong when libxml2 is configured
not to use icu) -- which makes a 'correct' fix a much larger project
than this simple band-aid.
|
|
Changing the default may cause breakage, however, users should have
already switched to `pythonPackages.libxml2` long ago.
|
|
treewide replacement of
stdenv.mkDerivation rec {
name = "*-${version}";
version = "*";
to pname
|
|
* treewide: remove unused variables
* making ofborg happy
|
|
|
|
The static output should only get created when both enableShared and
enableStatic are set. Otherwise there would be libraries missing from
the main output when enableShared = false & enableStatic = true. This
can cause issues in some packages that don’t know about libxml2’s
static output.
(cherry picked from commit 2bd6bb0a4bf21005d8877c735709cd21d22e05bd)
(cherry picked from commit 1421a39c1e62584d346185ad49484b11b7703dc1)
|
|
|
|
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
|