* configure.ac doc/xml.html: updated for the release
* doc/*: regenerated docs, APIs, etc ...

Also add llvm to Docker image so that backtraces can be symbolized.

The previous fix introduced an uninitialized read.

* doc/Makefile.am: xzlib.html seems not generated anymore since it
  was only containing an internal define we can drop it
* libxml.spec.in: don't run python tests as part of %check as this
  is now breaking on F30

Parsing conditional sections would fail if the final ']]>' was at the
end of the document. Short-lived regression caused by commit c51e38cb.

Closes #108.

- Update Dockerfile
- Don't configure with -Werror
- Don't mention Travis in CONTRIBUTING

Memory allocation errors in the following functions a often ignored.
Add TODO comments.

- xmlXPathNodeSetCreate
- xmlXPathNodeSetAdd*
- xmlXPathNodeSetMerge*
- xmlXPathNodeSetDupNs

Note that the following functions currently lack a way to propagate
memory errors:

- xmlXPathCompareNodeSets
- xmlXPathEqualNodeSets

Currently, many memory allocation errors in xpath.c aren't propagated to
the parser/evaluation context and for the most part ignored. Most
XPath objects allocated via one of the New, Wrap or Copy functions end
up being pushed on the stack, so adding a check in valuePush handles
many cases without much effort.

Also simplify the code a little and make sure to return -1 in case of
error.

Make sure that memory errors in xmlXPathCompExprAdd are propagated to
the parser context. Hitting the step limit or running out of memory
without raising an error could also lead to an out-of-bounds read.

Also fixes a memory leak in xmlXPathErrMemory.

Found by OSS-Fuzz.

Avoid call stack overflow when freeing element type declarations with
deeply nested contents.

Found by OSS-Fuzz.

Return XML_ERR_UNSUPPORTED_ENCODING if no encoding handler could be
found.

Fixes bug #521808:
https://bugzilla.gnome.org/show_bug.cgi?id=521808

Resolves !53.

Check for integer overflow when updating the `written` member of
struct xmlOutputBuffer in xmlIO.c.

Closes #112. Resolves !54 and !55.

Daniel Richard G. authored Oct 14, 2019 and Nick Wellnhofer committed Oct 14, 2019

Switch printf output format to two-digit exponent under certain MSVC
versions.

Closes #111.

The SAX2 character handler expects NULL-terminated buffer.

Closes #106.

Also see https://github.com/lxml/lxml/pull/288

Don't collapse anyUris twice.

Closes #104.

Port the Travis CI setup to GitLab. We currently run three builds:

- GCC with -std=c89
- clang with ASan and UBSan
- clang with MSan

Closes #110.

GCC doesn't support the unsigned-integer-overflow sanitizer.

Avoid call stack overflow when dumping deeply nested element
declarations.

Found by OSS-Fuzz.

Jared Yanovich authored Sep 30, 2019 and Nick Wellnhofer committed Sep 30, 2019

Closes #109.

Conditional sections are only allowed in *external* parameter entities
referenced from the internal subset.

Avoid call stack overflow in deeply nested conditional sections.

Found by OSS-Fuzz.

Closes #107.

This is apparently another regex engine that was never used, see commit
81a8ec6b.

Recent commit 1fbcf409 caused a use-after-free read because it didn't
account for the fact that xmlTextReaderFreeDoc frees entities before
freeing entity references via xmlTextReaderFreeNodeList.

Found by OSS-Fuzz.

- One of the bug316338 test cases is expected to succeed.
- Memory leak in testRegexp.c.
- Refcount handling in xmlExpHashGetEntry.

Fixes bug 649244:
https://bugzilla.gnome.org/show_bug.cgi?id=649244

Closes #57.

Avoid call stack overflow when freeing deeply nested documents.

Found by OSS-Fuzz.

Avoid call stack overflow when freeing deeply nested documents.

Split xmlParseElement into subfunctions. Use nameNsPush to store prefix,
URI and nsNr on the heap, similar to the push parser.

Closes #84.

The file input callbacks try to read from stdin if "-" is passed as URL.
This should never be done when loading indirect resources like external
entities or XIncludes. Unfortunately, the stdin substitution happens
deep inside the IO code, so we simply replace "-" with "./-" in specific
locations.

This issue also affects other users of the library like libxslt.
Ideally, stdin should only be substituted on explicit request. But more
intrusive changes could break existing code.

Closes #90 and #102.

libxml2 correctly rejects any4_0.xsd as invalid schema. I can't figure
out what the intent behind this test case was. Simply adjust the
expected output to match the current behavior.

Closes #92.

Non-compound (##local) and compound string atoms are always disjoint
regardless of whether the compound atom is negated (##other).

Closes #40.

zhouzhongyuan authored Sep 02, 2019 and Nick Wellnhofer committed Sep 13, 2019

Merge request !45