* Team upload.
[ Mattia Rizzolo ]
* d/rules:
+ Drop --disable-silent-rules, already passed by dh_auto_configure.
+ Drop --parallel, now default with debhelper compat > 10.
+ Use dh_installdocs and dh_installexamples to install docs and examples.
+ Use dh_missing --fail-missing (and add the relevant d/not-installed).
+ Minimize indep build to build only the docs.
* d/watch: fix an option to avoid a warning message.
* d/control:
+ Move most of the build-deps to Build-Depends-Arch.
+ Use ${python:Depends} also for python-libxml2-dbg.
* Add a lintian override for
debian-rules-uses-supported-python-versions-without-python-all-build-depends
[ Gunnar Hjalmarsson ]
* d/p/python3-unicode-errors.patch:
Fix segfault issue with itstool and py3. LP: #1869814
* Team upload.
* Add patch from upstream to prevent a segfault in some platforms with
illegal documents.
* Team upload.
* Add patch so that xml2-config only disaplys libraries needed for dynamic
linking. Closes: #952115
* Non-maintainer upload.
* Fix memory leak in xmlSchemaValidateStream (CVE-2019-20388)
(Closes: #949583)
* Fix infinite loop in xmlStringLenDecodeEntities (CVE-2020-7595)
(Closes: #949582)
* Team upload
* Re-instate Python2 support for now, the rev-deps are not ready.
Re-opens: #936941
* python-libxml2-dbg: Depend on python2-dbg instead of python-dbg.
Closes: #948493
* d/control: Bump Standards-Version 4.5.0, no changes needed.
* Re-instnate the xml2-config script for now.
* Upload to unstable.
* Team upload.
* New upstream version 2.9.10+dfsg.
+ Fix memory leak. CVE-2019-19956
* Drop all patches.
* d/control:
+ Bump debhelper compat level to 12.
+ Bump Standards-Version to 4.4.1, no changes needed.
* d/libxml2.symbols: add Build-Depends-Package field, by lintian.
* Team upload.
* Merge the lost uploads 2.9.7+dfsg-1 and 2.9.8+dfsg-1.
[ Rene Engelhard ]
* actually remove the override_dh_gencontrol (thanks mattia)...
[ Aron Xu ]
* New upstream version 2.9.9+dfsg1
+ Fix infinite loop in LZMA decompression. CVE-2018-9251; Closes: #895195
+ Fix (another) infinite loop in LZMA decompression. CVE-2018-14567
+ Fix nullptr deref with XPath logic ops. CVE-2018-14404; Closes: #901817
* Remove patches merged upstream
* Update symbols
* Remove python2 support Closes: #936941
* Team upload.
[ Rene Engelhard ]
* New upstream version 2.9.8+dfsg.
+ Fix possible XML External Entity attack. CVE-2016-9318; Closes: #844581
* Update Vcs-* to salsa.debian.org.
[ Mattia Rizzolo ]
* d/libxml2.symbols:
+ Remove removed symbols xmlNop@Base (no users found anywhere).
+ Add two new symbols.
* Refresh patches.
+ Drop the Python 3.6 compatibility patch, upstreamed.
* d/copyright: Update.
* d/control: Bump Standards-Version to 4.2.1, no changes needed.
* d/rules: Bump shlibs version.
* Team upload.
* New upstream version 2.9.7+dfsg. Closes: #882074
+ Infinite recursion in parameter entities. CVE-2017-16932; Closes: #882613
+ Double entity expansion; Closes: #836698
+ Set memory limit for LZMA decompression. CVE-2017-18258; Closes: #895245
* Refresh patches.
* Refresh symbols.
* Stop installing /usr/bin/xml2-config.
Packages should just use pkg-config instead.
* Remove the libxml2-dbg package, in favour of automatic debug package.
* Team upload.
* Fix autopkgtest: use `python2` instead of `python` and actually run the
`python3` test. Closes: #943386
* Team upload.
* drop automatically generated dependency on (non-existing) libicu60-dbg
from libxm2-dbg (closes: #900113)
* Non-maintainer upload.
* Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872)
(Closes: #862450)
* Team upload.
* d/watch: bump to version 4, wrap lines, and limit matching to released
stable versions.
* Drop libxml2-udeb. The package has been broken in Ubuntu for a while
already, and nobody seems to care anyway.
* d/copyright: Rewrite using copyright-format 1.0.
* Employ automatic upstream tarball repacking.
* Bump debhelper compat level to 11.
* Remove old upgrade code dealing with symlinks-to-dir in /usr/share/doc.
* d/control:
+ Bump Standards-Version to 4.1.3, no changes needed.
+ Set Rules-Requires-Root: no.
+ Move from the deprecated priority:extra to priority:optional also for the
-dbg packages.
+ Lower the priority of the libxml2 package to optional.
Since Policy 4.0.1 library packages should not have a priority higher
than optional. See #886039 for the override change.
* d/rules:
+ Stop installing the TODO files.
+ Install the AUTHORS and README files only on the main libxml2 binary.
+ Workaround debhelper bug #886037 by reshuffling the dh_strip calls.
* Non-maintainer upload.
* Fix XPath stack frame logic (CVE-2017-15412) (Closes: #883790)
* Non-maintainer upload.
* Fix NULL pointer deref in xmlDumpElementContent (CVE-2017-5969)
(Closes: #855001)
* Check for integer overflow in memory debug code (CVE-2017-5130)
(Closes: #880000)
* Fix copy-paste errors in error messages
* python: remove single use of _PyVerify_fd (Closes: #878684)
* Team upload.
* d/control: Bump Standards-Version to 4.1.1, no changes needed.
* d/rules:
+ Use `rename` instead of `prename`, and separate the -v and -f options.
Closes: #876308
+ Fix usage of debhelper's -N and -p options: newer debhelper doesn't
accept specifying packages not present in d/control.
* Team upload.
* Drop Recommends: xml-core from libxml2.
xml-core is not really needed by anything, and packages needing it
already depend on it. Closes: #869744
Thanks to Adam Borowski <kilobyte@angband.pl> for proposing it.
* Run wrap-and-sort.
* Add Build-Depends on rename. Closes: #874211
* Bump Standards-Version to 4.1.0:
+ keep debug packages priority to extra as they are special cased by tools.
* Non-maintainer upload.
* Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
Incorrect limit was used for port values. (Closes: #870865)
* Prevent unwanted external entity reference (CVE-2017-7375)
Missing validation for external entities in xmlParsePEReference.
(Closes: #870867)
* Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
- Heap-based buffer over-read in function xmlDictComputeFastKey
(CVE-2017-9049).
- Heap-based buffer over-read in function xmlDictAddString
(CVE-2017-9050).
(Closes: #863019, #863018)
* Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
CVE-2017-9048)
- Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
- Stack-based buffer overflow in function xmlSnprintfElementContent
(CVE-2017-9048).
(Closes: #863022, #863021)
* Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
Heap buffer overflow in xmlAddID. (Closes: #870870)
* Team upload.
[ Mattia Rizzolo ]
* d/control:
+ Use HTTPS in Vcs-* fields.
+ Remove the deprecated '${python:Provides}' and '${python3:Provides}'.
+ Bump Standards-Version to 4.0.0, no changes needed.
* Build for all supported python versions. Closes: #864328
Thanks to YunQiang Su <wzssyqa@gmail.com> for the initial patch.
* Drop libxml-utils-dbg package in favour of the automatic debug package.
* Replace the upstream ChangeLog with the NEWS file. Closes: #808372
The ChangeLog file stopped being updated in 2009, whereas NEWS is
automatically generated by upstream during releases.
* d/rules:
+ Correctly make use of the dh sequencer in the build step.
Override dh_auto_build instead of using build/build-arch/build-indep
targets directly.
This makes possible for dh to call dh_autoreconf and other helpers that
would otherwise be skipped (like dh_update_autotools_config).
+ Fix duplicated targets for override_dh_auto_install-indep.
+ Streamline dpkg-buildflags usage.
* Bump debhelper compat level to 10
+ remove --parallel, now default
+ remove --with autoreconf, now default
[ Helmut Grohne ]
* Improve build profiles support. Closes: #862867
+ Rename the meaningless stage1 to the meaningful nopython.
+ Use the standard variable DEB_BUILD_PROFILES rather than
DEB_BUILD_PROFILE by checking dh_listpackages.
+ Correctly build nopython even when python is installed.
+ Add build profile annotations to debian/control.
* Non-maintainer upload.
* Fix attribute decoding during XML schema validation
(Closes: #832602, #832864)
* Non-maintainer upload.
* Fix comparison with root node in xmlXPathCmpNodes
* Fix XPointer paths beginning with range-to (CVE-2016-5131)
(Closes: #840554)
* Disallow namespace nodes in XPointer ranges (CVE-2016-4658)
(Closes: #840553)
* Fix more NULL pointer derefs in xpointer.c
[ YunQiang Su ]
* add python3 support (Closes: #737774)
* fix typo in test/control: python->python3
[ Aron Xu ]
* Really allow parallel building
* Mark python3-libxml2* as M-A: same
* Imported Upstream version 2.9.4+dfsg1
- Closes: 829718, CVE-2016-4448
* Drop patches applied upstream, refresh remainers
* Update Std-Ver to 3.9.8 from 3.9.6
* Update symbols for 2.9.4
* cherry-pick: Fix NULL pointer deref in XPointer range-to
[ Simon McVittie ]
* Non-maintainer upload.
* Add -arch suffix to some architecture-specific debhelper overrides,
fixing FTBFS with dpkg-buildpackage -A or when source-only uploads
are used (Closes: #806065)
- Do a build for the default Python version even when we are
building arch-indep-only: we need something for gtk-doc to analyze
* Non-maintainer upload.
* Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
* heap-buffer-overflow in xmlStrncat (CVE-2016-1834)
* Add missing increments of recursion depth counter to XML parser
(CVE-2016-3705) (Closes: #823414)
* Avoid an out of bound access when serializing malformed strings
(CVE-2016-4483) (Closes: #823405)
* Heap-buffer-overflow in xmlFAParsePosCharGroup (CVE-2016-1840)
* Heap-based buffer overread in xmlParserPrintFileContextInternal
(CVE-2016-1838)
* Heap-based buffer overread in xmlDictAddString (CVE-2016-1839
CVE-2015-8806 CVE-2016-2073) (Closes: #813613, #812807)
* Heap use-after-free in xmlDictComputeFastKey (CVE-2016-1836)
* Fix inappropriate fetch of entities content (CVE-2016-4449)
* Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral
(CVE-2016-1837)
* Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
* Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
* Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
* Avoid building recursive entities (CVE-2016-3627) (Closes: #819006)
* New upstream release.
* Revert everything in N'ACKed NMU revert to 2.9.1.
- Resolving regression, Closes: #754424
- Drop the following NMU, not needed in 2.9.2, Closes: #781232
- Drop not approved patch for GNOME #746048
* Revert icu dbg drop, but don't hardcode version,
thanks Matthias Klose <doko>, Closes: #798642
* Cherry pick upstream post release patches:
- Fix for regression triggered by CVE-2014-3660, Closes: #768089
- Fix for the spurious ID already defined error, Closes: #766884
- Fix for CVE-2015-1819, Closes: #782782
- Fix for GNOME #744980, Closes: #783010
- Several fixes for memory related issues.
* Add icu related deps for -dev and -dbg packages
(Closes: #776741)
[ Michael Gilbert ]
* Enable icu support (Closes: #776254)
[ Aron Xu ]
* 0003-Fix-missing-entities-after-CVE-2014-3660-fix.patch:
Fix upstream bug triggered by CVE fix (Closes: #768089)
* New upstream release (Closes: #765722, CVE-2014-3660)
* Remove no-longer-needed upstream patches
* Update distro patch
* Std-ver: 3.9.5 -> 3.9.6, no change.
[ Christian Svensson ]
* Do not build-depend on readline (Closes: #742350)
[ Daniel Schepler ]
* Patch to bootstrap without python (Closes: #738080)
[ Helmut Grohne ]
* Drop unneeded B-D on perl and binutils (Closes: #753005)
[ Adam Conrad ]
* Actually run dh_autoreconf, which the old/new mixed rules file misses.
[ Matthias Klose ]
* Add patch to fix python multiarch issue
* Allow the package to cross-build by tweaking B-Ds on python
* Set PYTHON_LIBS for cross builds
[ Aron Xu ]
* Use correct $CC
* Configure udeb without python
* New round of cherry-picking upstream fixes
- Includes fixes for CVE-2014-0191 (Closes: #747309).
* Call prename with -vf
* Require python-all-dev (>= 2.7.5-5~)
* Bump std-ver: 3.9.4 -> 3.9.5, no change
* debian/patches/0007-Fix-XPath-optimization-with-predicates.patch:
- Upstream patch to fix XPath evaluation issue. (Closes: #713146)
* Upload to unstable.
* debian/patches/000[2-6]-*.patch:
- cherry-picking upstream post-release fixes.
* New upstream release (Closes: #696300, #705722).
* Add -llzma for static linking (Closes: #697382).
* Update symbols.
* Update debian/watch, thanks to Bart Martens.
* Use canonical Vcs-* fields.
* Mark python-libxml2-dbg as "Multi-Arch: same".
[ Daniel Veillard ]
* Fix potential out of bound access
CVE-2012-5134, Closes: #694521.
[ Aron Xu ]
* Remove -L/usr/lib from xml2-config, advise to use pkg-config
in man, and add pkg-config to Suggests. (Closes: #689168)
[ YunQiang Su ]
* Fix python-libxml2 undefined symbol (Closes: #689191)
[ Daniel Holbach ]
* Add simple autopkgtest to the package (Closes: #690047)
* Fix a thread portability problem by cherry-picking upstream
patch (Closes: #688473).
* New upstream release.
* Remove old patches applied upstream, cherry-pick one
upstream post release patch.
* Update symbols.
* Update std-ver 3.9.3 -> 3.9.4, no change required.
[ Daniel Veillard ]
* Fix parser local buffers size problems
* Fix entities local buffers size problems
CVE-2012-2807, Closes: #679280.
* Sanitize the output of `xml2-config --libs`.
* Remove odd output of xml2-config --libs (Closes: #675682).
* Mark libxml2-dev "M-A: same" again, fixed xml2-config
(Closes: #674474).
* debian/control:
- Remove "M-A: same" from libxml2-dev (Closes: #674474).
- Add "M-A: foreign" to libxml2-doc.
* debian/rules:
- Style change on calling dh using --with.
- Enable all hardening features.
- The sed command for removing DEB_HOST_MULTIARCH is not reverted
because it's generally a good idea to avoid it here.
* lintian-overrides:
- libxml2: package-name-doesnt-match-sonames
- python-libxml2-dbg: hardening-no-fortify-functions
* New upstream release. (Closes: #148220, #590934)
* Adjust changelog of previous NMU (Closes: #674739).
* Try to avoid useless space in /usr/bin/xml-config (Closes: #674474).
* Non-maintainer upload by the Security Team.
* Fix CVE-2011-3102: off by one pointer access in xpointer.c
(Closes: #674191).
* Multi-Arch ready. (Closes: #643026)
- M-A:same packages are libxml2, libxml2-dev and libxml2-dbg.
- M-A:foreign package is libxml2-utils, others are not M-A.
- Library files in udeb are still placed under usr/lib directly.
* New binary: libxml2-utils-dbg.
Move debuggings symbols of libxml2-utils binaries to another package
in favor of marking libxml2-dbg as M-A: same. Descriptions of related
binary packages are slightly modified.
* Enable hardening for Python modules. (Closes: #664107)
* Add support for build-arch and build target, essentially make the
package not FTBFS anymore. (Closes: #668672)
* Use dh compat 9. Not hardcoding libdir in debian/rules.
* Port to source format 3.0 to ease future maintenance of patches.
- Old patches are stored in 01_historical_changes.patch
- Do not patch Makefile.in directly, use dh_autoreconf with patches to
configure.in and Makefile.am instead. This will not actually make
bootstraping a new architecture more difficult since we already have
gettext and autoconf in deep B-D, porters need to break it anyway.
- Store doc/examples/index.html in patch to avoid ciculate B-D with
xsltproc, we should not B-D on it.
* debian/*.dirs: removed, useless.
* New maintainer (Closes: #654176).
* Apply upstream patch to add randomization to hashing with large
dictionaries to mitigate hash DoS (CVE-2012-0841; Closes: #660846)
* Bump std-ver to 3.9.3, no change needed.
* Team upload.
* parser.c: Fix an allocation error when copying entities.
CVE-2011-3919. Closes: #656377.
* Team upload.
* Enabled hardened build flags (Closes: #654903).
* error.c: Fix __xmlRaiseError (Closes: #622358).
* Non-maintainer upload.
* encoding.c: Fix off by one error. CVE-2011-0216.
* parser.c: Make sure parser returns when getting a Stop order.
CVE-2011-3905.
* Both closes: #652352.
* xpath.c, xpointer.c, include/libxml/xpath.h: Hardening of XPath evaluation.
CVE-2011-2821.
* xpath.c: Fix for undefined namespaces. CVE-2011-2834.
* Both closes: #643648.
* debian/rules: Add --with python2 to dh call.
* debian/control:
- Remove build dependency on python-support.
- Build depend on python-all-dev >= 2.6.6-3~.
- Remove XB-Python-Version header.
- Bump Standards-Version to 3.9.2.0. No changes required.
* debian/pycompat: Removed. With the above changes, closes: #631416.
Thanks Colin Watson.
* xpath.c: Fix some potential problems on reallocation failures.
Closes: #628537.
* xpath.c: Fix a double-freeing error in XPath processing code.
(CVE-2010-4494). Closes: #607922.
* New upstream release.
* configure.in: Applied upstream fix to reactivate symbol versioning script.
* debian/rules:
- Use a variable to express which sub-targets to invoke for
configure/build/install.
- Refactor configure-% and build-% rules.
- Avoid possible renaming of _d.so files to _d_d.so files in the
install-python%-dbg rules.
* debian/control, debian/control.udeb, debian/libxml2-udeb.install,
debian/rules: Add an udeb package when building for Ubuntu.
Closes: #583767.
* debian/control:
- Remove old Conflicts/Replaces for packages that have disappeared before
etch.
- Bump Standards-Version to 3.9.0.0.
* debian/rules: Use build_python* instead of build-python* as build
directory when configuring python modules. build-python$* would get
matched by make as an existing file and would prevent evaluation of the
corresponding build rule. Thanks Loïc Minier.
* debian/python-libxml2.install: Don't hardcode site-/dist-packages in
.install. Cope with builds which don't have any dist-packages (or
site-packages) based python versions. Thanks Loïc Minier.
* debian/rules, debian/python-libxml2-dbg.install, debian/control:
Add a python-libxml2-dbg package. Closes: #583582.
* debian/rules: Don't link against libpython.
* python-libxml2-dbg.preinst: Remove /usr/share/doc/python-libxml2-dbg
symlink when it exists (which is the case with older Ubuntu packages).
* debian/libxml2-dbg.preinst, debian/libxml2-dev.preinst,
debian/libxml2-utils.preinst: Remove /usr/share/doc symbolic links on
upgrade. They will then be replaced by directories by dpkg.
Closes: #577025.
* New upstream release.
* debian/control:
+ Bump Standards-Version to 3.8.4.0.
+ Depend on a version of debhelper that provides dh and supports
overrides.
* debian/compat: Bump to 7.
* debian/rules:
+ Don't avoid to build in example/. There is no reason to do so anymore.
+ Remove remains of WORKAROUND_MODIFIED_FILES, that was removed 2 years
ago.
+ Change the way python libs are built. We now use configure to set
different environment with and without python, and arrange things so
that we don't have to build the base libxml2 library several times.
+ Deduplicate in /usr/lib/pyshared, not
/usr/lib/python-support/python-libxml2.
+ Remove old source and diff rules that only displayed a message
inviting to use dpkg-source -b.
+ Force -Wl,--as-needed at the beginning of the gcc command line.
+ Simplify rules by switching to dh.
+ Don't refresh COPYING during clean target, it appears not to be
necessary anymore.
+ Use a common cache for main and python configure passes.
* debian/python-libxml2.install: Install python files from
/usr/lib/python*/dist-packages.
* python/generator.py: Sort python generated stubs so that libxml2.py
doesn't differ between python 2.5 and 2.6.
* doc/devhelp/Makefile.{am,in}: Properly install devhelp files when
builddir != srcdir.
* Cherry-picks from upstream git:
+ globals.c: fix the initialization of the mutex.
+ xmlIO.c: remove an abuse of zlib API and use a clean interface
available in zlib >= 1.2.3. Closes: #565683, #565823.
* debian/control:
+ Put libreadline-dev before libreadline5-dev in Build-Deps.
Closes: #553803.
+ Add misc:Depends dependencies where they are missing.
* New upstream release.
* debian/control:
+ Bump Standards-Version to 3.8.3.0.
+ Set libxml2 package priority to standard to match override (see #507783).
* New upstream release.
+ Fixed a RelaxNG bug introduced in 2.7.4. Closes: #546442.
* debian/libxml2.symbols: Force binaries that use versioned symbols to
depend on version 2.7.4 at least.
* parser.c: Fix a parsing problem with little data at startup.
Cherry-picked from upstream git. Closes: #546254, #546488.
* New upstream release.
* Revert old change to entities.c.
* debian/copyright: Change upstream url. Closes: #541082.
* debian/libxml2.symbols: Change symbols file to use newly introduced
symbol versioning
* debian/rules: bump shlibs to current version.
* Non-maintainer upload by the Security Team (Closes: #540865).
* Fix multiple use-after-free flaws when parsing notation and
enumeration attribute types (CVE-2009-2416).
* Fix stack overflow when parsing root XML document element DTD
definition (CVE-2009-2414).
* debian/no-upstream-changelog: Removed.
* debian/rules: Don't use symlinks in /usr/share/doc anymore, and only
install the upstream changelog in the libxml2 package. Considering
its size, we don't need it everywhere. Closes: #496959.
* include/libxml/*.h: change ATTRIBUTE_PRINTF into LIBXML_ATTR_FORMAT
to avoid macro name. Cherry-pick upstream f076f34. Closes: #521994.
* error.c: fix structured error handling problems. Cherry-pick upstream
719f397. Closes: #522669.
* debian/control:
+ Change libxml2-dbg's section to "debug".
+ Bump Standards-Version to 3.8.2.0.
+ Add Homepage, Vcs-Git and Vcs-Browser fields.
* New upstream release.
* parser.c: Remove useless nbParse* variables and avoid exporting them as
symbols.
* debian/libxml2.symbols: Reference the new symbols.
* debian/rules: bump shlibs to current version.
* parserInternals.c: apply patch from upstream revision 3741 to avoid
double-free in some situations. This fixes a crash while running the
W3C/OASIS XML conformance test.
* tree.c: Fix infinite loop. Fixes: CVE-2008-4225.
* SAX2.c: Fix integer overflow. Fixes: CVE-2008-4226.
* Fix regressions due to previous security fixes. Fixes: CVE-2008-3529.
Closes: #498768.
* Fix DoS which leads to recursive evaluation of entities.
Fixes: CVE-2008-3281, without breaking librsvg and others. Closes: #496125.
* debian/control:
+ Use ${binary:Version} instead of ${Source-Version}.
+ Fixed spelling error for "Python".
* debian/rules: Don't ignore make distclean errors.
* debian/libxml2-doc.doc-base: Changed section to fit doc-base sections
changes.
* xml2-config.1: Remove unknown groff command.
* New upstream release.
* debian/control: Bumped Standards-Version to 3.7.3.0. No changes.
* debian/rules:
+ Make dpkg-shlibdeps fail when symbols are missing.
+ Removed the workaround for removed and modified files during build. The
former was for svn-buildpackage that I don't use anymore, and the latter
for a file that isn't in the .orig.tar.gz anymore.
+ Bump shlibs to current version, since a new symbol was added.
* debian/libxml2.symbols: Reference the new symbol.
* debian/rules: Brown paper bag: uncomment $(MAKE) distclean.
Closes: #442656.
* xstc/Makefile.am, xstc/Makefile.in: Properly clean generated files.
* nanohttp.c: Apply fix from svn revision 3685 to allocate enough memory
for the Host HTTP header when containing a port number. Closes: #464173.
* error.c: Don't grow error buffer indefinitely when vsnprintf returns -1,
which, if it happens, on glibc-based systems, will happen indefinitely.
Closes: #456653.
* New upstream release.
* Acknowledged NMU.
* testModule.c: Revert our change to add PATH_MAX for the Hurd, since we now
don't even build this file.
* debian/rules: bump shlibs to current version, since a new symbol was added.
* debian/libxml2.symbols: Reference the new symbol.
* autogen.sh: Switch to automake1.10 to follow upstream.
* Non-maintainer upload by security team.
* This update addresses the following security issue:
- CVE-2007-6284: The xmlCurrentChar function allows context-dependent
attackers to cause a denial of service (infinite loop) via XML
containing invalid UTF-8 sequences (Closes: #460292).
* debian/libxml2.symbols: Add a symbols file to benefit from the new
features in dpkg-shlibdeps.
* debian/control: Build depend on debhelper (>= 5.0.61) and dpkg-dev (>=
1.14.9), accordingly.
* debian/rules:
+ Apply rules suggested in autotools-dev documentation.
+ Add -Wl,--as-needed to LDFLAGS so that useless dependencies are not
added.
* Makefile.am, Makefile.in: Don't build noinst targets.
* libxml.h: define _LARGEFILE64_SOURCE to properly get gzopen64 defines in
zlib.h. Closes: #439843. Thanks Dann Frazier.
* New upstream release.
* New upstream release.
* debian/rules: bump shlibs to current version, since new symbols were added.
* New upstream release:
+ Provides doc/html/index.html. Closes: #405802.
+ Fixed infinite loop with invalid characters in Xincluded files.
Closes: #410762.
* debian/rules: bump shlibs to current version, since new symbols were added.
* New "huge bug fixes list" upstream release.
* autogen.sh: Updated so that doc/examples/index.html gets updated
correctly.
* debian/control: Bumped Standards-Version to 3.7.2.2. No changes required.
* debian/rules: bump shlibs to current version, since new symbols were added.
* debian/control:
+ Bumped Standards-Version to 3.7.2.1. No changes required.
+ Added a conflict to the sarge version of libxslt1.1 to avoid upgrade
problems. Closes: #390733.
* debian/watch: Updated to mangle the Debian version.
* debian/rules, debian/libxml2-dev.install: Don't install libxml2.la
directly and sed it to remove the dependency_libs. Note that will break
linking statically libxml2 with libtool, we recommend to use pkg-config
--static --libs libxml-2.0 instead of relying on libtool.
Closes: #379807, #378511.
* xml2-config.in: Fixed usage alignment of the new option introduced in
previous upload.
* The slithering release.
* debian/python-libxml2.examples.in: Renamed to
debian/python-libxml2.examples
* debian/python-libxml2.install.in: Renamed to
debian/python-libxml2.install, and replaced PYVERS by a wildcard.
* debian/control:
+ Adapted dependencies to fit all changes.
+ Added fields required by new Python policy.
+ Added fields necessary for flawless transition.
+ Replaced dummy python-libxml2 package by a full real package which
itself replaces python2.x-libxml2 packages.
* debian/rules:
+ Changed rules to get the python versions we want to build for and
adapted some rules to fit with the new setting.
+ Changed shell loops to make loops.
+ In case python binary modules are identical (and they are, but they
may not be with future versions of the python headers), replace some
of them with symbolic links.
+ Adapted rules to the fact we're installing in only one python package
instead of several.
* debian/pycompat: Set to 2, for new Python policy. Closes: #373456.
* Switching to the new policy avoids necessity to conflict with very old
versions of the python bindings packages. Closes: #365057.
* debian/libxml2-doc.install: Added the /usr/share/gtk-doc directory.
Closes: #375113.
* debian/control: Made libxml2-doc suggest devhelper.
* libxml-2.0.pc.in, libxml-2.0-uninstalled.pc.in: Split Libs in Libs and
Libs.private.
* configure.in, configure: Adapted to fill the variables correctly for
libraries.
* xml2-config.in, xml2-config.1: Added a --static option to add to --libs
so that we can split what is needed when building statically and what is
needed when building dynamically. Closes: #374017.
* libxml-2.0.pc.in, libxml-2.0-uninstalled.pc.in, xml2-config.in: Added
BASE_THREADS_LIBS to the static link information so that -lpthread would
appear. Closes: #372945.
* debian/control: Removed dependency on zlib-dev for libxml2-dev.
* debian/rules: Add the NEWS file to dh_install calls. Closes: #365596.
* debian/watch: Updated.
* NEWS: Updated.
* New upstream release.
* debian/rules:
+ Added -fno-strict-aliasing to the CFLAGS.
+ Use dpkg-architecture to feed configure.
+ Bumped shlibs to current version, since new symbol for XPath cache has
been added.
* debian/control: Bumped Standards-Version to 3.7.2.0. No changes required.
* New upstream release. Closes: #365246.
* debian/control:
+ Changed libxml2-dbg's priority to extra.
+ Bumped Standards-Version to 3.7.0.0. No changes required.
* debian/rules: bump shlibs to current version, since new symbols were added.
* debian/rules: Correctly strip python modules.
* debian/control: Removed python2.2-libxml2 and build-dep on python2.2-dev.
Closes: #351125.
* doc/xmllint.xml, doc/xmllint.1: Applied patch from upstream cvs. That
improves the manual page by many ways.
* doc/xmllint.html: Manually updated with changes from the .xml file.
* xmllint.c: Don't throw error when failed to load an entity through --path
option of xmllint (patch from upstream cvs). Closes: #352634.
Thanks Daniel Leidert.
* result/, test/: Totally removed. There is more suspicious content than
what has been removed in previous upload, so I'm just dropping the
regression tests from the archive until all files are investigated.
Closes: #331534.
* debian/control, debian/rules: Added a libxml2-dbg package containing
debug symlbols for the library and the utilities. We don't provide the
symbols for the python modules, though. Closes: #296299.
* debian/control, debian/compat: Adjust build dependencies and debhelper
compatibility accordingly.
* debian/libxml2-dbg.dirs: Add /usr/share/doc in the new libxml2-dbg
package.
* NMU.
* Medium urgency due to RC bugfix.
* Removed non-free test files from upstream tarball. Closes: #331534.
* Non-maintainer upload.
* Fix XML parser to unbreak xsltproc (Closes: #346594).
* New upstream release
* debian/control:
+ Added | libreadline-dev for readline dependency.
+ Bumped Standards-Version to 3.6.2.1. No changes needed.
* debian/rules: bump shlibs to current version, since new symbols were added.
* autogen.sh: Changed the way we rebuild the examples.
* debian/rules: Added history support in xmllint. Closes: #318083.
* debian/control: Added build dependency upon libreadline5-dev for history
support in xmllint.
* xmllint.c: Added some spaces in usage(). Closes: #335015.
* testModule.c: Added PATH_MAX definition for the Hurd. Closes: #333623.
* New upstream release
* error.c: Reenable support of validation errors in structured error
handler.
* autogen.sh: Use automake1.9, as upstream does, and run it.
* New upstream release
* debian/control, debian/rules: Removed dummy package. Closes: #322052.
* debian/rules: bump shlibs to current version.
* New upstream release
* debian/rules: bump shlibs to current version.
* The "Sarge got released but I was offline, so couldn't upload" release.
* New upstream release.
* debian/rules: bump shlibs to current version.
* The "dummy packages are arch: all, dammit" release.
* debian/control: Changed to Architecture: all for dummy package.
* The "Let's do it cleaner" release.
* debian/rules: fix installation of python files and make proper use of
DESTDIR at install time.
* debian/watch: use svn-upgrade instead of uupdate.
* debian/control, debian/rules, debian/python-libxml2.*.in:
Added support for several python bindings packages. Currently for python
2.2, 2.3 and 2.4.
* debian/python2.3-libxml2.*: Removed.
* Urgency set to high because we avoid breaking packages depending on us
when we don't properly bytecompile our python bindings.
* debian/rules: Call dh_python. We now get proper maintainer scripts for
bytecompiling files at install time and removing them at removal time.
Closes: #300834.
* debian/control: Adjust build dependencies accordingly.
* tree.c: Avoid adding namespaced attributes to other elements than element
nodes. Closes: #293592.
* encoding.c: Fix the comments to describe the real return values of
UTF8Toisolat1 and isolat1ToUTF8.
* doc/: Regenerate API documentation.
* New upstream release.
* Upload to unstable, targetted for sarge.
* Changed my maintainer address to the fresh new Debian one.
* debian/rules: Added changelog and copyright files in dummy package.
* debian/libxml2-doc.doc-base: Fixed files sections. Closes: #281242.
* New upstream release
* debian/control, debian/rules: Changed libxml2-python2.3's name to
python2.3-libxml2. Added a dummy package for smooth transition.
* debian/libxml2-python2.3.*: Renamed to python2.3-libxml2.*.
Closes: #279343.
* debian/rules:
- Don't install files in the dummy libxml2-python2.3 package.
- Bump shlibs to current version.
* error.c: Removed support of validation errors in structured error handler.
That avoids it to crash when a validation error happens. (That was a
broken feature added in 2.6.15. This will get properly fixed in 2.6.16).
Closes: #279040.
* New upstream release
* debian/rules: Use "dh_makeshlibs -V 'libxml2 (>= 2.6.15)'", since version
2.6.16 introduces some new symbols.
* Backport patch from libxml2-2.6.15 to fix buffer overflows [nanohttp.c,
nanoftp.c, CAN-2004-0989]
* New upstream release. Closes: #273961.
* debian/rules: Use "dh_makeshlibs -V 'libxml2 (>= 2.6.14)'", since version
2.6.14 introduces some new symbols.
* debian/shlibs.local: Removed, since it is not useful any more.
* The "let's do some clean up for sarge" release.
* debian/libxml2-python2.3.install: don't install .a and .la files.
* debian/rules: Avoid compression of both python examples and documentation.
* Reorganization in documentation:
+ debian/libxml2-doc.examples: removed, they will get installed by
libxml2-doc.install, and we don't ship gjob* examples anymore, they
have been superseded by a lot of better examples.
+ debian/libxml2-doc.install, debian/rules: changed the way files are
installed in the libxml2-doc package, and their location.
+ debian/libxml2-doc.doc-base: changed the location of the documentation
base to fit the new one.
+ doc/examples/index.html: generated this file from examples.x?l by
hand. It would otherwise require a build dependency on xsltproc, itself
depending upon libxml2... wouldn't be very reasonnable.
* debian/no-upstream-changelog, debian/rules, debian/libxml2-dev.dirs,
debian/libxml2-utils.dirs: /usr/share/doc directories have been replaced
by a symbolic link in packages libxml2-utils and libxml2-dev.
In libxml2-python2.3, all files but TODO are symlinks to the corresponding
file from libxml2. The one from libxml2-doc is replaced by an explicative
text saying where to find it and why it has been (re)moved.
That will save some space in the archive, especially considering this
file is constantly growing.
* debian/README.Debian: Added a recommentation to upgrade package if user
needs heavy standards compliance.
* debian/shlibs.local: Added to tighten dependencies between libxml2-*
packages.
* xmlIO.c: Fixed typo (Closes: #265740).
* nanohttp.c, nanoftp.c: no_proxy environment variable doesn't disable proxy
anymore. (Closes: #266430)
* debian/rules, debian/control: Removed the workaround to compile with
gcc-3.2 on hppa, since $254549 is closed.
* debian/control: add a space between gcc-3.2 and [hppa]. Closes: #262101.
* python/drv_libxml2.py: add encoding declaration. Closes: #259526.
* debian/rules: Backup files that are removed or modified by upstream build
system and restore them so that calling the clean target actually gives
the same tree as before a build.
* Thanks to Andreas Metzler:
+ Hotfix for toolchain breakage (#254549), because libxml2 blocks lots of
packages from propagating to testing. Compile with gcc-3.2 on hppa.
* New upstream release
* libxml.m4: removed debian changes which have been incorporated upstream.
* debian/rules: Use "dh_makeshlibs -V 'libxml2 (>= 2.6.11)'", since
version 2.6.11 introduces some new functions.
* debian/control: changed deps on libz-dev to zlib1g-dev | libz-dev.
* debian/rules: made binary-indep target actually build the libxml2-doc
package which is Arch: all. Closes: #251971.
* debian/watch: updated the watch file to exclude the cvs-snapshot from
the scope. Closes: #250177.
* debian/rules: rename libxml.m4 to libxml2.m4 in the /usr/share/aclocal
directory.
* libxml.m4: removed the AM_PATH_XML macro which is a macro for checking
libxml, not libxml2. Changed CFLAGS to CPPFLAGS from test compiles so
that using C++ also works. Closes: #249033.
* New upstream release:
+ Fixes xincludes fallback issues. Closes: #243580.
+ Fixes output formatting issues. Closes: #246181.
* debian/rules: Use "dh_makeshlibs -V 'libxml2 (>= 2.6.10)'", since
version 2.6.10 introduces some few new functions.
* Enable AM_MAINTAINER_MODE and re-run the autotools suite.
Closes: #245990.
* New upstream release:
+ xincludes fallbacks fixed. Closes: #243580.
* Urgency set to high because of RC bug fixed and it's been too long
libxml2 has been stucking packages in sid.
* Ran all the autotools suite, especially the latest libtool.
Closes: #244557.
* debian/rules:
+ Removed all python file removals since these files get now
correctly removed upstream.
+ Changed once more the python/libxml2-py.c workaround to finally
work really properly.
* Urgency set to high because of the FTBFS RC bug fixed.
* debian/changelog:
+ Added missing changes for release 2.6.8-1.
+ Converted changelog file to UTF-8.
* debian/rules: Changed the python/libxml2-py.c workaround stuff to
actually work properly
* NMU. Urgency set to high as libxml2 has been preventing too many packages
from entering testing for too long.
* Grabbed from SVN:
Mike Hommey <mh@glandium.org> Sat, 10 Apr 2004 12:42:03 +0900
* debian/control:
+ Updated section for libxml2-doc package.
+ Added dependency on libz-dev for libxml2-dev. (Closes: #242683)
* New upstream release
* debian/rules:
+ Use "dh_makeshlibs -V 'libxml2 (>= 2.6.8)'", since version 2.6.8
introduces some few new functions.
+ Try to circumvent new troubles with the python/libxml2-py.c with
svn-buildpackage not wanting to make the build (the file used to
be removed because it was modified by the build).
* Removed changes about XML_CATALOG_FILES in manual pages, since it has
been incorporated upstream.
* debian/control: Changed Maintainer to Debian SGML/XML Group and
put myself into Uploaders.
* Merged back libxml2-headers into libxml2-dev. That was too much of
a split. Closes: #238109.
* New upstream release
* debian/rules: Use "dh_makeshlibs -V 'libxml2 (>= 2.6.7)'", since
version 2.6.7 introduces some few new functions.
* debian/control:
+ Added a Recommends: xml-core to libxml2 package.
+ Added a libxml2-headers and a libxml2-docs packages to split
arch-dependent and arch-independent files. These files used to be
in the libxml2-dev package. Note that the new libxml2-dev package
depends on libxml2-headers, so that upgrade will keep the header
files on the system, but libxml2-headers only suggests libxml2-doc,
while libxml2-dev doesn't say anything about it, which means that
the documentation files won't be automagically installed on your
system. Closes: #233405.
+ Added the adequate dependencies between new and old packages.
+ Uniformized short descriptions.
+ Slightly modified long descriptions.
* debian/rules:
+ Externalized all dh_* calls with arguments. (i.e. created
corresponding debian/package.dh_stuff files)
+ Moved installation of some doc files to the install target.
* Removed un-needed debian/libxml2-python2.3.docs.
* Moved libxml manpage from libxml2 to libxml2-dev.
* doc/xmlcatalog_man.xml: Added a note about the incompatibility between
xmlcatalog and update-catalog from xml-core in the man page.
* doc/xmllint.xml, doc/xmlcatalog_man.xml: Added a note about the
XML_CATALOG_FILES environment variable. Closes: #232728.
* New upstream release
* Set urgency to high, since this new upstream fixes buffer overflows.
Closes: #232447.
* debian/rules: Use "dh_makeshlibs -V 'libxml2 (>= 2.6.6)'", since
version 2.6.6 introduces some new functions.
* New upstream release
* debian/rules:
- Made better use of CFLAGS.
- Replaced an mv by cp -r. Closes: #227392.
- Use "dh_makeshlibs -V 'libxml2 (>= 2.6.5)'", since version 2.6.5
introduced some new functions.
- Make some clean-up in the example directory.
* New upstream release
* New upstream release
* debian/rules:
- Use "dh_makeshlibs -V 'libxml2 (>= 2.6.3)'", since versions 2.6.3
introduced some new functions.
- Put more examples in /usr/share/doc/libxml2-dev/examples.
* New upstream release
* debian/rules:
- Use "dh_makeshlibs -V 'libxml2 (>= 2.6.2)'", since versions 2.6.2
introduced some new functions.
- Put the API docs back in /usr/share/doc/libxml2-dev/libxml-dev.html.
* New upstream release
* New upstream release: should be API and ABI compatible but got a lot
of changes.
* debian/rules:
- Use "dh_makeshlibs -V 'libxml2 (>= 2.6.0)'", since applications
using the new API won't work on previous versions.
Note that this doesn't prevent applications built with older versions
to work properly with newer releases, since it is not supposed to be
any API/ABI breakage.
- Don't remove non-existant python/test/tmp.xml file on clean rule.
- Remove python/libxml2-py.c file on clean rule, to avoid its changes
made during build to be stored in the diff file.
- Added handling of the nostrip DEB_BUILD_OPTIONS.
- Changed old fashion dh_movefiles to dh_install --sourcedir=debian/tmp.
- Added installation of the python/TODO file in the libxml2-python2.3
package.
- Now take what is installed in debian/tmp/usr/share/doc/... for
documentation.
- Copy Copyright file into COPYING file in clean rule to avoid
unrepresentable changes to source.
* debian/*.files: renamed to debian/*.install.
* debian/libxml2.install: removed reference to non-existant
usr/lib/libxml.so.*
* Removed unneeded debian/libxml2-dev.dirs file.
* debian/rules: Use "dh_makeshlibs -V 'libxml2 (>= 2.5.9)'", since
versions 2.5.8 and 2.5.9 introduced some changes in API.
Closes: #212819, #211318.
* New upstream release.
* New maintainer.
* Bumped Standards-Version to 3.6.1 (no changes needed).
* Removed garbage debian/libxml-utils.
* moved debhelper compatibility to debian/compat.
* New upstream release
* Use python 2.3 (closes: #205145)
* New upstream release
* New upstream release (closes: #194757)
* Updated shlibs file (closes: #191022)
* Put xmllint and xmlcatalog in new package (closes: #174823)
* Update libtool (closes: #188967)
* New upstream release (closes: #188004)
* Applied patch from Graham Wilson <bob@decoy.wox.org> to handle
noopt build option. (closes: #171782)
* New upstream release
* Applied patch by Paul Hampson <Paul.Hampson@anu.edu.au> to correct
licensing information in debian/copyright which Colin Watson reported
as incorrect. (Addresses #178060 for sid)
* New upstream release
* xml2-config --libs should be correct (closes: #155312)
* New upstream release
* New upstream release
* New upstream release
* Upgraded libtool (closes: #172418)
* New upstream release
* Added patch from CVS to fix KDE problems.
* New upstream release
* New upstream release
* New upstream release
* Created new libxml2-python package
* New upstream release
* New upstream release (closes: #149287)
* New upstream release
* New upstream release
* Make libxml2-dev replace libxml2 <= 2.4.19-1 (closes: #142609, #142741)
* Update shlibs version to 2.4.19-4 (closes: #142806)
* Dont use threads for now (closes: #142596)
* Move pkgconfig stuff to -dev package (closes: #142171)
* Compile with thread support (closes: #141764)
* xml2-config --cflags will return same paths as previous versions
(closes: #142229)
* New upstream release
* Fixed doc-base (closes: #141067)
* New version as last version was built with broken debhelper.
* New upstream release
* New upstream release
* New upstream release
* New upstream release
* Applied patch from LaMont Jones <lamont@smallone.fc.hp.com> to fix
gcc 3.0 build problem (closes: #120254)
* New upstream release
* New upstream release
* New upstream release
* New upstream release
* New upstream release
* New upstream release
* Added ncurses and readline build depends.
* xml2-config --libs only outputs -lxml2 (closes: #97739)
* Patched libxml.m4 to include string.h
* New upstream release (closes: #105568)
* Fixed xml2-config to not output -I/usr/include, -L/usr/lib
(closes: #101390)
* NMU (for porting)
* Change configure / configure.in to not specify -I/usr/include
(closes: #104603)
* Don't build example (closes: #103220, #103281)
* xmllint is back
* New upstream release
* Use DH_COMPAT 3
* New upstream release
* Apparently builds on Alpha now (closes: #95938)
* Quick hack to fix makefiles on m68k (closes: #99897)
* New upstream release
* Leave pkgconfig as someone wants it (closes: #97621)
* I am back. Some bugs closed by NMUs (closes: #96944, #86508)
* Updated libtool (closes: #98137)
* Fixed dependency (closes: #98323)
* NMU of a new upstream release.
* Changed shlibs, they should change every time the API is augmented.
* Updated xmllint(1) manpage. Removed useless libxml(4) manpage.
* Non-maintainer upload with permission from maintainer to fix the
libxml-dev conflict.
* The symbolic links to old, libxml-dev names introduced in 2.3.0-1 are
now gone: programs wanting to link with libxml2 should explicity call
the new libxml2-config (almost all the packages in debian are already
doing that.)
* Changed libxml-dev to libxml2-dev in debian/libxml2-dev.doc-base to
resolve libxml-dev conflict.
* Fixed shlibs problem introduced in previous NMU by wrong -V argument
of dh_makeshlibs.
* Non-maintainer upload with permission from maintainer
* New upstream release
* Fixes shlibs version info (closes: #96291)
* config.sub & config.guess updated (closes: #96100)
* New upstream release (closes: #95692)
* Rebuild to avoid link problems (closes: #92721)
* New upstream release
* New upstream release
* Applied IBM S/390 patch on config.sub (closes: #88551)
* Updated shlibs file with dependency (closes: #87337)
* New upstream release
* Fixed xml2Conf.sh so gnome-config works (closes: #88341)
* New upstream release
* New upstream release
* New upstream release (closes: #86379)
For some reason the library has changed name from libxml to libxml2 and
the config script from libxml-config to libxml2-config. I am providing
symbolic links to the old names, hopefully this will prevent stuff from
breaking.
* New upstream release
* Probably a bad idea to remove -lz so put it back and add dependency on
libz-dev in dev-package.
* New upstream release
* Removed -lz from xml-config --libs (closes: #74709)
* New upstream release (closes: #74488, #70051)
* New upstream release
* New upstream release
* Doc-base now uses correct directory
* Renamed dev-package to libxml2-dev
* New upstream release
* New upstream release
* New upstream release
* New upstream release (closes: #56172)
* New upstream release
* New upstream release
* New upstream release
* Oops, must of course replace old libxml0 package. (closes: #43519)
* Provide libxml.so.0 (which is binary compatible with libxml1)
(closes: #43385)
* Include example in dev-package.
* Fixed postinst to only call ldconfig on configure.
* Let dh_installdocs handle doc-base.
* New upstream release
* Added man page for xml-config. (closes: #39471)
* New upstream release. (closes: #39791)
* Use install-docs on dev documents.
* Moved html-documentation to dev package. (closes: #39049)
* Patched xml-config.in. xml-config --version didn't work as expected.
Fixes bug #34881.
* New upstream release
* New upstream release
* New maintainer.
* Some files were missing from the last release (xml-config, encoding.h,
debugXML.h)
* New rules file.
* New upstream version.
* Recompile with lastest GNOME libs.
* Fix #28869.
* Initial debianization.