libxml2 (2.9.14+dfsg-1.3~deb12u1) bookworm; urgency=medium * Rebuild for bookworm -- Salvatore Bonaccorso <carnil@debian.org> Mon, 10 Jul 2023 21:58:07 +0200 libxml2 (2.9.14+dfsg-1.3) unstable; urgency=medium * Non-maintainer upload. * Reset nsNr in xmlCtxtReset (CVE-2022-2309) (Closes: #1039991) * Also reset nsNr in htmlCtxtReset (CVE-2022-2309) (Closes: #1039991) -- Salvatore Bonaccorso <carnil@debian.org> Sat, 08 Jul 2023 21:18:29 +0200 libxml2 (2.9.14+dfsg-1.2) unstable; urgency=medium * Non-maintainer upload. * schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK * Fix null deref in xmlSchemaFixupComplexType (CVE-2023-28484) (Closes: #1034436) * Hashing of empty dict strings isn't deterministic (CVE-2023-29469) (Closes: #1034437) -- Salvatore Bonaccorso <carnil@debian.org> Sat, 15 Apr 2023 16:25:06 +0200 libxml2 (2.9.14+dfsg-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix integer overflows with XML_PARSE_HUGE (CVE-2022-40303) (Closes: #1022224) * Fix dict corruption caused by entity reference cycles (CVE-2022-40304) (Closes: #1022225) -- Salvatore Bonaccorso <carnil@debian.org> Sun, 30 Oct 2022 11:18:06 +0100 libxml2 (2.9.14+dfsg-1) unstable; urgency=high * Team upload. * New upstream version 2.9.14+dfsg. + Integer overflows in xmlBuf/xmlBuffer. CVE-2022-29824 Closes: #1010526 -- Mattia Rizzolo <mattia@debian.org> Thu, 05 May 2022 14:43:51 +0200 libxml2 (2.9.13+dfsg-1) unstable; urgency=medium * Team upload. * New upstream version 2.9.13+dfsg. + Convert devhelp to version2. Closes: #955205 + Use-after-free of ID and IDREF attrs. CVE-2022-23308; Closes: #1006489 * Bump my copyright for debian/*. * d/watch: move download sourceto https://download.gnome.org/. -- Mattia Rizzolo <mattia@debian.org> Sun, 27 Feb 2022 19:57:48 +0100 libxml2 (2.9.12+dfsg-6) unstable; urgency=medium * Team upload. * d/control: + Use the new Description field in the source paragraph and add references to the binary paragraphs. This is a new feature since dpkg 1.19.0 (from 2017). Policy is not yet updated, see #998165. + Drop Build-Depends on python3-all-dbg, not used since the last revision. * Add patches from upstream to fix: + return code of xmllint when incorrectly called. Closes: #727075 + regression with entity references in external DTDs. Closes: #994765 -- Mattia Rizzolo <mattia@debian.org> Sat, 19 Feb 2022 13:11:26 +0100 libxml2 (2.9.12+dfsg-5) unstable; urgency=medium * Team upload. * Stop building the python3-libxml2-dbg package. Closes: #994307 * Add a Conflicts against the old w3c-dtd-xhtml, that contains a .dtd that is not validating anymore. Closes: #993638 * Remove lintian override that was fixed in lintian for debian-rules-uses-supported-python-versions-without-python-all-build-depends -- Mattia Rizzolo <mattia@debian.org> Mon, 20 Sep 2021 15:06:01 +0200 libxml2 (2.9.12+dfsg-4) unstable; urgency=medium * Team upload. * Add a few patches from upstream: + Work around lxml API abuse. + Fix regression in xmlNodeDumpOutputInternal. LP: #1943277 + Fix whitespace when serializing empty HTML documents. + Forbid epsilon-reduction of final states. + Fix buffering in xmlOutputBufferWrite. -- Mattia Rizzolo <mattia@debian.org> Fri, 10 Sep 2021 22:13:09 +0200 libxml2 (2.9.12+dfsg-3) unstable; urgency=medium * Team upload. * Upload to unstable. * Add patch from upstream to fix a regression in the recursion limit for complex XSLT documents. This also fixed the ruby-nokogiri test failure, so drop the previously introduced Breaks. * d/control: Bump Standards-Version to 4.6.0, no changes needed. -- Mattia Rizzolo <mattia@debian.org> Wed, 01 Sep 2021 16:45:21 +0200 libxml2 (2.9.12+dfsg-2) experimental; urgency=medium * Team upload. * d/control: Break ruby-nokogiri (<< 1.11.7). * lintian: + Add a link from usr/share/doc/libxml2/gtk-doc usr/share/gtk-doc/html/libxml2. See #970275 + Override for package-contains-documentation-outside-usr-share-doc. * Add two patches to refactor how docs are installed. * Add a patch to properly install all the documentation we were previously manually installing. * d/rules: Use the now working --docdir flag to install the documentation directly in the right place. * Move the documentation and examples from /usr/share/doc/libxml2-doc to /usr/share/doc/libxml2/, following Policy v3.9.7 ยง12.3. -- Mattia Rizzolo <mattia@debian.org> Thu, 29 Jul 2021 12:22:11 +0200 libxml2 (2.9.12+dfsg-1) experimental; urgency=medium * Team upload. * New upstream version 2.9.12+dfsg. * Drop patches applied upstream. * d/libxml2.symbols: Add a new symbol. * d/control: Bump Standards-Version to 4.5.1, no changes needed. * d/rules: + Bump shlibs version. + Drop the --as-needed linking flag, the default starting from bullseye. -- Mattia Rizzolo <mattia@debian.org> Sun, 18 Jul 2021 15:33:26 +0200 libxml2 (2.9.10+dfsg-6.7) unstable; urgency=medium * Non-maintainer upload. * Patch for security issue CVE-2021-3541 (Closes: #988603) -- Salvatore Bonaccorso <carnil@debian.org> Sat, 22 May 2021 08:21:29 +0200 libxml2 (2.9.10+dfsg-6.6) unstable; urgency=medium * Non-maintainer upload. * Upload to unstable. -- Salvatore Bonaccorso <carnil@debian.org> Thu, 06 May 2021 10:48:16 +0200 libxml2 (2.9.10+dfsg-6.5) experimental; urgency=medium * Non-maintainer upload. * Propagate error in xmlParseElementChildrenContentDeclPriv (CVE-2021-3537) (Closes: #988123) -- Salvatore Bonaccorso <carnil@debian.org> Thu, 06 May 2021 10:28:10 +0200 libxml2 (2.9.10+dfsg-6.4) experimental; urgency=medium * Non-maintainer upload. * Fix use-after-free with `xmllint --html --push` (CVE-2021-3516) (Closes: #987739) * Validate UTF8 in xmlEncodeEntities (CVE-2021-3517) (Closes: #987738) * Fix user-after-free with `xmllint --xinclude --dropdtd` (CVE-2021-3518) (Closes: #987737) -- Salvatore Bonaccorso <carnil@debian.org> Sun, 02 May 2021 16:23:29 +0200 libxml2 (2.9.10+dfsg-6.3) unstable; urgency=medium * Non-maintainer upload. * Remove the Python2 autopkg test. -- Matthias Klose <doko@debian.org> Sun, 29 Nov 2020 11:58:00 +0100 libxml2 (2.9.10+dfsg-6.2) unstable; urgency=medium * Non-maintainer upload. * Fix out-of-bounds read with 'xmllint --htmlout' (CVE-2020-24977) (Closes: #969529) -- Salvatore Bonaccorso <carnil@debian.org> Sun, 25 Oct 2020 13:56:23 +0100 libxml2 (2.9.10+dfsg-6.1) unstable; urgency=medium * Non-maintainer upload. * Fix build with Python 3.9. Closes: #972022. -- Matthias Klose <doko@debian.org> Wed, 14 Oct 2020 08:45:25 +0200 libxml2 (2.9.10+dfsg-6) unstable; urgency=medium * Team upload. [ Mattia Rizzolo ] * Drop Python2 support. Closes: #936941 * Use dh-sequence-python3 to at least simplify one line of d/rules. * Bump debhelper compat level to 13. + Drop dh_missing override, dh13 defaults to --fail-missing. [ Debian Janitor ] * Use correct machine-readable copyright file URI. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. * Rely on pre-initialized dpkg-architecture variables. -- Mattia Rizzolo <mattia@debian.org> Fri, 04 Sep 2020 23:05:12 +0200 libxml2 (2.9.10+dfsg-5) unstable; urgency=medium * Team upload. [ Mattia Rizzolo ] * d/rules: + Drop --disable-silent-rules, already passed by dh_auto_configure. + Drop --parallel, now default with debhelper compat > 10. + Use dh_installdocs and dh_installexamples to install docs and examples. + Use dh_missing --fail-missing (and add the relevant d/not-installed). + Minimize indep build to build only the docs. * d/watch: fix an option to avoid a warning message. * d/control: + Move most of the build-deps to Build-Depends-Arch. + Use ${python:Depends} also for python-libxml2-dbg. * Add a lintian override for debian-rules-uses-supported-python-versions-without-python-all-build-depends [ Gunnar Hjalmarsson ] * d/p/python3-unicode-errors.patch: Fix segfault issue with itstool and py3. LP: #1869814 -- Mattia Rizzolo <mattia@debian.org> Fri, 10 Apr 2020 14:53:23 +0200 libxml2 (2.9.10+dfsg-4) unstable; urgency=medium * Team upload. * Add patch from upstream to prevent a segfault in some platforms with illegal documents. -- Mattia Rizzolo <mattia@debian.org> Thu, 27 Feb 2020 19:21:45 +0100 libxml2 (2.9.10+dfsg-3) unstable; urgency=medium * Team upload. * Add patch so that xml2-config only disaplys libraries needed for dynamic linking. Closes: #952115 -- Mattia Rizzolo <mattia@debian.org> Sun, 23 Feb 2020 12:08:21 +0100 libxml2 (2.9.10+dfsg-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix memory leak in xmlSchemaValidateStream (CVE-2019-20388) (Closes: #949583) * Fix infinite loop in xmlStringLenDecodeEntities (CVE-2020-7595) (Closes: #949582) -- Salvatore Bonaccorso <carnil@debian.org> Sat, 22 Feb 2020 23:36:57 +0100 libxml2 (2.9.10+dfsg-2) unstable; urgency=medium * Team upload * Re-instate Python2 support for now, the rev-deps are not ready. Re-opens: #936941 * python-libxml2-dbg: Depend on python2-dbg instead of python-dbg. Closes: #948493 * d/control: Bump Standards-Version 4.5.0, no changes needed. * Re-instnate the xml2-config script for now. * Upload to unstable. -- Mattia Rizzolo <mattia@debian.org> Fri, 21 Feb 2020 14:45:03 +0100 libxml2 (2.9.10+dfsg-1) experimental; urgency=medium * Team upload. * New upstream version 2.9.10+dfsg. + Fix memory leak. CVE-2019-19956 * Drop all patches. * d/control: + Bump debhelper compat level to 12. + Bump Standards-Version to 4.4.1, no changes needed. * d/libxml2.symbols: add Build-Depends-Package field, by lintian. -- Mattia Rizzolo <mattia@debian.org> Mon, 25 Nov 2019 16:48:13 +0100 libxml2 (2.9.9+dfsg1-1~exp2) experimental; urgency=medium * Team upload. * Merge the lost uploads 2.9.7+dfsg-1 and 2.9.8+dfsg-1. -- Mattia Rizzolo <mattia@debian.org> Tue, 19 Nov 2019 14:53:11 +0100 libxml2 (2.9.9+dfsg1-1~exp1) experimental; urgency=medium [ Rene Engelhard ] * actually remove the override_dh_gencontrol (thanks mattia)... [ Aron Xu ] * New upstream version 2.9.9+dfsg1 + Fix infinite loop in LZMA decompression. CVE-2018-9251; Closes: #895195 + Fix (another) infinite loop in LZMA decompression. CVE-2018-14567 + Fix nullptr deref with XPath logic ops. CVE-2018-14404; Closes: #901817 * Remove patches merged upstream * Update symbols * Remove python2 support Closes: #936941 -- Aron Xu <aron@debian.org> Tue, 29 Oct 2019 10:08:51 +0000 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog python3-libxml2`.
Generated by dwww version 1.15 on Sun Jun 16 16:52:10 CEST 2024.