libxml2 (2.9.14+dfsg-1.3~deb12u1) bookworm; urgency=medium
* Rebuild for bookworm
-- Salvatore Bonaccorso <carnil@debian.org> Mon, 10 Jul 2023 21:58:07 +0200
libxml2 (2.9.14+dfsg-1.3) unstable; urgency=medium
* Non-maintainer upload.
* Reset nsNr in xmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
* Also reset nsNr in htmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 08 Jul 2023 21:18:29 +0200
libxml2 (2.9.14+dfsg-1.2) unstable; urgency=medium
* Non-maintainer upload.
* schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
* Fix null deref in xmlSchemaFixupComplexType (CVE-2023-28484)
(Closes: #1034436)
* Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
(Closes: #1034437)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 15 Apr 2023 16:25:06 +0200
libxml2 (2.9.14+dfsg-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
(Closes: #1022224)
* Fix dict corruption caused by entity reference cycles (CVE-2022-40304)
(Closes: #1022225)
-- Salvatore Bonaccorso <carnil@debian.org> Sun, 30 Oct 2022 11:18:06 +0100
libxml2 (2.9.14+dfsg-1) unstable; urgency=high
* Team upload.
* New upstream version 2.9.14+dfsg.
+ Integer overflows in xmlBuf/xmlBuffer. CVE-2022-29824 Closes: #1010526
-- Mattia Rizzolo <mattia@debian.org> Thu, 05 May 2022 14:43:51 +0200
libxml2 (2.9.13+dfsg-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.9.13+dfsg.
+ Convert devhelp to version2. Closes: #955205
+ Use-after-free of ID and IDREF attrs. CVE-2022-23308; Closes: #1006489
* Bump my copyright for debian/*.
* d/watch: move download sourceto https://download.gnome.org/.
-- Mattia Rizzolo <mattia@debian.org> Sun, 27 Feb 2022 19:57:48 +0100
libxml2 (2.9.12+dfsg-6) unstable; urgency=medium
* Team upload.
* d/control:
+ Use the new Description field in the source paragraph and add references
to the binary paragraphs. This is a new feature since dpkg 1.19.0
(from 2017). Policy is not yet updated, see #998165.
+ Drop Build-Depends on python3-all-dbg, not used since the last revision.
* Add patches from upstream to fix:
+ return code of xmllint when incorrectly called. Closes: #727075
+ regression with entity references in external DTDs. Closes: #994765
-- Mattia Rizzolo <mattia@debian.org> Sat, 19 Feb 2022 13:11:26 +0100
libxml2 (2.9.12+dfsg-5) unstable; urgency=medium
* Team upload.
* Stop building the python3-libxml2-dbg package. Closes: #994307
* Add a Conflicts against the old w3c-dtd-xhtml, that contains a .dtd that
is not validating anymore. Closes: #993638
* Remove lintian override that was fixed in lintian for
debian-rules-uses-supported-python-versions-without-python-all-build-depends
-- Mattia Rizzolo <mattia@debian.org> Mon, 20 Sep 2021 15:06:01 +0200
libxml2 (2.9.12+dfsg-4) unstable; urgency=medium
* Team upload.
* Add a few patches from upstream:
+ Work around lxml API abuse.
+ Fix regression in xmlNodeDumpOutputInternal. LP: #1943277
+ Fix whitespace when serializing empty HTML documents.
+ Forbid epsilon-reduction of final states.
+ Fix buffering in xmlOutputBufferWrite.
-- Mattia Rizzolo <mattia@debian.org> Fri, 10 Sep 2021 22:13:09 +0200
libxml2 (2.9.12+dfsg-3) unstable; urgency=medium
* Team upload.
* Upload to unstable.
* Add patch from upstream to fix a regression in the recursion limit for
complex XSLT documents. This also fixed the ruby-nokogiri test failure,
so drop the previously introduced Breaks.
* d/control: Bump Standards-Version to 4.6.0, no changes needed.
-- Mattia Rizzolo <mattia@debian.org> Wed, 01 Sep 2021 16:45:21 +0200
libxml2 (2.9.12+dfsg-2) experimental; urgency=medium
* Team upload.
* d/control: Break ruby-nokogiri (<< 1.11.7).
* lintian:
+ Add a link from usr/share/doc/libxml2/gtk-doc
usr/share/gtk-doc/html/libxml2. See #970275
+ Override for package-contains-documentation-outside-usr-share-doc.
* Add two patches to refactor how docs are installed.
* Add a patch to properly install all the documentation we were
previously manually installing.
* d/rules: Use the now working --docdir flag to install the documentation
directly in the right place.
* Move the documentation and examples from /usr/share/doc/libxml2-doc
to /usr/share/doc/libxml2/, following Policy v3.9.7 ยง12.3.
-- Mattia Rizzolo <mattia@debian.org> Thu, 29 Jul 2021 12:22:11 +0200
libxml2 (2.9.12+dfsg-1) experimental; urgency=medium
* Team upload.
* New upstream version 2.9.12+dfsg.
* Drop patches applied upstream.
* d/libxml2.symbols: Add a new symbol.
* d/control: Bump Standards-Version to 4.5.1, no changes needed.
* d/rules:
+ Bump shlibs version.
+ Drop the --as-needed linking flag, the default starting from bullseye.
-- Mattia Rizzolo <mattia@debian.org> Sun, 18 Jul 2021 15:33:26 +0200
libxml2 (2.9.10+dfsg-6.7) unstable; urgency=medium
* Non-maintainer upload.
* Patch for security issue CVE-2021-3541 (Closes: #988603)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 22 May 2021 08:21:29 +0200
libxml2 (2.9.10+dfsg-6.6) unstable; urgency=medium
* Non-maintainer upload.
* Upload to unstable.
-- Salvatore Bonaccorso <carnil@debian.org> Thu, 06 May 2021 10:48:16 +0200
libxml2 (2.9.10+dfsg-6.5) experimental; urgency=medium
* Non-maintainer upload.
* Propagate error in xmlParseElementChildrenContentDeclPriv (CVE-2021-3537)
(Closes: #988123)
-- Salvatore Bonaccorso <carnil@debian.org> Thu, 06 May 2021 10:28:10 +0200
libxml2 (2.9.10+dfsg-6.4) experimental; urgency=medium
* Non-maintainer upload.
* Fix use-after-free with `xmllint --html --push` (CVE-2021-3516)
(Closes: #987739)
* Validate UTF8 in xmlEncodeEntities (CVE-2021-3517) (Closes: #987738)
* Fix user-after-free with `xmllint --xinclude --dropdtd` (CVE-2021-3518)
(Closes: #987737)
-- Salvatore Bonaccorso <carnil@debian.org> Sun, 02 May 2021 16:23:29 +0200
libxml2 (2.9.10+dfsg-6.3) unstable; urgency=medium
* Non-maintainer upload.
* Remove the Python2 autopkg test.
-- Matthias Klose <doko@debian.org> Sun, 29 Nov 2020 11:58:00 +0100
libxml2 (2.9.10+dfsg-6.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix out-of-bounds read with 'xmllint --htmlout' (CVE-2020-24977)
(Closes: #969529)
-- Salvatore Bonaccorso <carnil@debian.org> Sun, 25 Oct 2020 13:56:23 +0100
libxml2 (2.9.10+dfsg-6.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix build with Python 3.9. Closes: #972022.
-- Matthias Klose <doko@debian.org> Wed, 14 Oct 2020 08:45:25 +0200
libxml2 (2.9.10+dfsg-6) unstable; urgency=medium
* Team upload.
[ Mattia Rizzolo ]
* Drop Python2 support. Closes: #936941
* Use dh-sequence-python3 to at least simplify one line of d/rules.
* Bump debhelper compat level to 13.
+ Drop dh_missing override, dh13 defaults to --fail-missing.
[ Debian Janitor ]
* Use correct machine-readable copyright file URI.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
* Rely on pre-initialized dpkg-architecture variables.
-- Mattia Rizzolo <mattia@debian.org> Fri, 04 Sep 2020 23:05:12 +0200
libxml2 (2.9.10+dfsg-5) unstable; urgency=medium
* Team upload.
[ Mattia Rizzolo ]
* d/rules:
+ Drop --disable-silent-rules, already passed by dh_auto_configure.
+ Drop --parallel, now default with debhelper compat > 10.
+ Use dh_installdocs and dh_installexamples to install docs and examples.
+ Use dh_missing --fail-missing (and add the relevant d/not-installed).
+ Minimize indep build to build only the docs.
* d/watch: fix an option to avoid a warning message.
* d/control:
+ Move most of the build-deps to Build-Depends-Arch.
+ Use ${python:Depends} also for python-libxml2-dbg.
* Add a lintian override for
debian-rules-uses-supported-python-versions-without-python-all-build-depends
[ Gunnar Hjalmarsson ]
* d/p/python3-unicode-errors.patch:
Fix segfault issue with itstool and py3. LP: #1869814
-- Mattia Rizzolo <mattia@debian.org> Fri, 10 Apr 2020 14:53:23 +0200
libxml2 (2.9.10+dfsg-4) unstable; urgency=medium
* Team upload.
* Add patch from upstream to prevent a segfault in some platforms with
illegal documents.
-- Mattia Rizzolo <mattia@debian.org> Thu, 27 Feb 2020 19:21:45 +0100
libxml2 (2.9.10+dfsg-3) unstable; urgency=medium
* Team upload.
* Add patch so that xml2-config only disaplys libraries needed for dynamic
linking. Closes: #952115
-- Mattia Rizzolo <mattia@debian.org> Sun, 23 Feb 2020 12:08:21 +0100
libxml2 (2.9.10+dfsg-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix memory leak in xmlSchemaValidateStream (CVE-2019-20388)
(Closes: #949583)
* Fix infinite loop in xmlStringLenDecodeEntities (CVE-2020-7595)
(Closes: #949582)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 22 Feb 2020 23:36:57 +0100
libxml2 (2.9.10+dfsg-2) unstable; urgency=medium
* Team upload
* Re-instate Python2 support for now, the rev-deps are not ready.
Re-opens: #936941
* python-libxml2-dbg: Depend on python2-dbg instead of python-dbg.
Closes: #948493
* d/control: Bump Standards-Version 4.5.0, no changes needed.
* Re-instnate the xml2-config script for now.
* Upload to unstable.
-- Mattia Rizzolo <mattia@debian.org> Fri, 21 Feb 2020 14:45:03 +0100
libxml2 (2.9.10+dfsg-1) experimental; urgency=medium
* Team upload.
* New upstream version 2.9.10+dfsg.
+ Fix memory leak. CVE-2019-19956
* Drop all patches.
* d/control:
+ Bump debhelper compat level to 12.
+ Bump Standards-Version to 4.4.1, no changes needed.
* d/libxml2.symbols: add Build-Depends-Package field, by lintian.
-- Mattia Rizzolo <mattia@debian.org> Mon, 25 Nov 2019 16:48:13 +0100
libxml2 (2.9.9+dfsg1-1~exp2) experimental; urgency=medium
* Team upload.
* Merge the lost uploads 2.9.7+dfsg-1 and 2.9.8+dfsg-1.
-- Mattia Rizzolo <mattia@debian.org> Tue, 19 Nov 2019 14:53:11 +0100
libxml2 (2.9.9+dfsg1-1~exp1) experimental; urgency=medium
[ Rene Engelhard ]
* actually remove the override_dh_gencontrol (thanks mattia)...
[ Aron Xu ]
* New upstream version 2.9.9+dfsg1
+ Fix infinite loop in LZMA decompression. CVE-2018-9251; Closes: #895195
+ Fix (another) infinite loop in LZMA decompression. CVE-2018-14567
+ Fix nullptr deref with XPath logic ops. CVE-2018-14404; Closes: #901817
* Remove patches merged upstream
* Update symbols
* Remove python2 support Closes: #936941
-- Aron Xu <aron@debian.org> Tue, 29 Oct 2019 10:08:51 +0000
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog python3-libxml2`.
Generated by dwww version 1.15 on Sat May 18 06:00:38 CEST 2024.