[ol6_latest_archive] libxml2-2.7.6-21.0.1.el6_8.1.i686

Name:	libxml2
Version:	2.7.6
Release:	21.0.1.el6_8.1
Architecture:	i686
Group:	Development/Libraries
Size:	1741819
License:	MIT
RPM:	libxml2-2.7.6-21.0.1.el6_8.1.i686.rpm
Source RPM:	libxml2-2.7.6-21.0.1.el6_8.1.src.rpm
Build Date:	Thu Jun 23 2016
Build Host:	x86-ol6-builder-04.us.oracle.com
Vendor:	Oracle America
URL:	http://xmlsoft.org/
Summary:	Library providing XML and HTML support
Description:	This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.

Changelog (Show File list) (Show related packages)

Thu Jun 23 2016 Livy Ge <livy.ge@oracle.com> - 2.7.6-21.0.1.el6.8.1

- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball

Tue Jun 07 2016 Daniel Veillard <veillard@redhat.com> - 2.7.6-21.el6.8.1

- Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
- Bug 763071: Heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> (CVE-2016-1834)
- Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> (CVE-2016-1840)
- Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> (CVE-2016-1838)
- Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> (CVE-2016-1839)
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> (CVE-2016-1836)
- Fix inappropriate fetch of entities content (CVE-2016-4449)
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837)
- Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
- Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
- Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
- Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705)
- Avoid building recursive entities (CVE-2016-3627)
- Fix some format string warnings with possible format string vulnerability (CVE-2016-4448)
- More format string warnings with possible format string vulnerability (CVE-2016-4448)

Sun Jan 24 2016 Daniel Veillard <veillard@redhat.com> - libxml2-2.7.6-21.el6.8
```
- Fix large parse of file from memory (rhbz#862969)
```

Mon Nov 30 2015 Daniel Veillard <veillard@redhat.com> - 2.7.6-20.1

- Fix a series of CVEs (rhbz#1286495)
- CVE-2015-7941 Cleanup conditional section error handling
- CVE-2015-8317 Fail parsing early on if encoding conversion failed
- CVE-2015-7942 Another variation of overflow in Conditional sections
- CVE-2015-7942 Fix an error in previous Conditional section patch
- Fix parsing short unclosed comment uninitialized access
- CVE-2015-7498 Avoid processing entities after encoding conversion failures
- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
- CVE-2015-5312 Another entity expansion issue
- CVE-2015-7499 Add xmlHaltParser() to stop the parser
- CVE-2015-7499 Detect incoherency on GROW
- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
- CVE-2015-8242 Buffer overead with HTML parser in push mode
- Libxml violates the zlib interface and crashes

Wed May 06 2015 Daniel Veillard <veillard@redhat.com> - libxml2-2.7.6-20.el6
```
- CVE-2015-1819 Enforce the reader to run in constant memory(rhbz#1214163)
```

Mon Mar 23 2015 Daniel Veillard <veillard@redhat.com> - libxml2-2.7.6-19.el6

- Stop parsing on entities boundaries errors
- Fix missing entities after CVE-2014-3660 fix (rhbz#1149086)

Mon Mar 16 2015 Daniel Veillard <veillard@redhat.com> - libxml2-2.7.6-18.el6

- CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149086)
- Fix html serialization error and htmlSetMetaEncoding (rhbz#1004513)

Wed Jun 11 2014 Daniel Veillard <veillard@redhat.com> - libxml2-2.7.6-17.el6
```
- Fix a set of regressions introduced in CVE-2014-0191 (rhbz#1105011)
```
Tue May 06 2014 Daniel Veillard <veillard@redhat.com> - libxml2-2.7.6-16.el6
```
- Improve handling of xmlStopParser(CVE-2013-2877)
```
Tue May 06 2014 Daniel Veillard <veillard@redhat.com> - libxml2-2.7.6-15.el6
```
- Do not fetch external parameter entities (CVE-2014-0191)
```

Wed Jun 05 2013 Daniel Veillard <veillard@redhat.com> - libxml2-2.7.6-14.el6

- Fix a regression in 2.9.0 breaking validation while streaming (rhbz#863166)

Tue Feb 19 2013 Daniel Veillard <veillard@redhat.com> - 2.7.6-13.el6

- detect and stop excessive entities expansion upon replacement (rhbz#912575)

Thu Nov 29 2012 Daniel Veillard <veillard@redhat.com> - 2.7.6-12.el6
```
- fix out of range heap access (CVE-2012-5134)
```

Wed Sep 05 2012 Daniel Veillard <veillard@redhat.com> - 2.7.6-11.el6

- Change the XPath code to percolate allocation error (CVE-2011-1944)

Wed Aug 22 2012 Daniel Veillard <veillard@redhat.com> - 2.7.6-10.el6
```
- Fix an off by one pointer access (CVE-2011-3102)
```

Tue Aug 21 2012 Daniel Veillard <veillard@redhat.com> - 2.7.6-9.el6

- Fix a failure to report xmlreader parsing failures
- Fix parser local buffers size problems (rhbz#843742)
- Fix entities local buffers size problems (rhbz#843742)
- Fix an error in previous commit (rhbz#843742)
- Do not fetch external parsed entities
- Impose a reasonable limit on attribute size (rhbz#843742)
- Impose a reasonable limit on comment size (rhbz#843742)
- Impose a reasonable limit on PI size (rhbz#843742)
- Cleanups and new limit APIs for dictionaries (rhbz#843742)
- Introduce some default parser limits (rhbz#843742)
- Implement some default limits in the XPath module
- Fixup limits parser (rhbz#843742)
- Enforce XML_PARSER_EOF state handling through the parser
- Avoid quadratic behaviour in some push parsing cases (rhbz#843742)
- More avoid quadratic behaviour (rhbz#843742)
- Strengthen behaviour of the push parser in problematic situations (rhbz#843742)
- More fixups on the push parser behaviour (rhbz#843742)
- Fix a segfault on XSD validation on pattern error
- Fix an unimplemented part in RNG value validation

Wed Feb 15 2012 Daniel Veillard <veillard@redhat.com> - 2.7.6-8.el6

- remove chunk in patch related to configure.in as it breaks rebuild
- Resolves: rhbz#788846

Mon Feb 13 2012 Daniel Veillard <veillard@redhat.com> - 2.7.6-7.el6

- fix previous build to force compilation of randomization code
- Resolves: rhbz#788846

Fri Feb 10 2012 Daniel Veillard <veillard@redhat.com> - 2.7.6-6.el6

- adds randomization to hash and dict structures CVE-2012-0841
- Resolves: rhbz#788846

Fri Jan 06 2012 Daniel Veillard <veillard@redhat.com> - 2.7.6-5.el6

- Make sure the parser returns when getting a Stop order CVE-2011-3905
- Fix an allocation error when copying entities CVE-2011-3919
- Resolves: rhbz#771910

Tue Oct 11 2011 Daniel Veillard <veillard@redhat.com> - 2.7.6-4

- Fixes another XPath problem CVE-2011-2834
- Resolves: rhbz#732335

Mon Aug 22 2011 Daniel Veillard <veillard@redhat.com> - 2.7.6-3

- Fixes various other issues in 2.7.6 XPath evaluation
- Resolves: rhbz#732335

Tue Jun 28 2011 Daniel Veillard <veillard@redhat.com> - 2.7.6-2

- Fix a potential crasher in XPath or XSLT, CVE-2011-1944
- Resolves: rhbz#710397

Tue Oct 06 2009 Daniel Veillard <veillard@redhat.com> - 2.7.6-1

- Upstream release of 2.7.6
- restore thread support off by default in 2.7.5

Thu Sep 24 2009 Daniel Veillard <veillard@redhat.com> - 2.7.5-1

- Upstream release of 2.7.5
- fix a couple of Relax-NG validation problems
- couple more fixes

Tue Sep 15 2009 Daniel Veillard <veillard@redhat.com> - 2.7.4-2

- fix a problem with little data at startup affecting inkscape #523002

Thu Sep 10 2009 Daniel Veillard <veillard@redhat.com> - 2.7.4-1

- upstream release 2.7.4
- symbol versioning of libxml2 shared libs
- very large number of bug fixes

Mon Aug 10 2009 Daniel Veillard <veillard@redhat.com> - 2.7.3-4

- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416

Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.3-3
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
```
Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.3-2
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
```

Sun Jan 18 2009 Daniel Veillard <veillard@redhat.com> - 2.7.3-1

- new release 2.7.3
- limit default max size of text nodes
- special parser mode for PHP
- bug fixes and more compiler checks

Wed Dec 03 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.7.2-7
```
- Pull back into Python 2.6
```
Wed Dec 03 2008 Caolán McNamara <caolanm@redhat.com> - 2.7.2-6
```
- AutoProvides requires BuildRequires pkgconfig
```
Wed Dec 03 2008 Caolán McNamara <caolanm@redhat.com> - 2.7.2-5
```
- rebuild to get provides(libxml-2.0) into HEAD rawhide
```
Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.7.2-4
```
- Rebuild for pkgconfig logic
```
Fri Nov 28 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.7.2-3
```
- Rebuild for Python 2.6
```

Wed Nov 12 2008 Daniel Veillard <veillard@redhat.com> - 2.7.2-2.fc11

- two patches for size overflows problems CVE-2008-4225 and CVE-2008-4226

Fri Oct 03 2008 Daniel Veillard <veillard@redhat.com> 2.7.2-1.fc10

- new release 2.7.2
- Fixes the known problems in 2.7.1
- increase the set of options when saving documents

Thu Oct 02 2008 Daniel Veillard <veillard@redhat.com> 2.7.1-2.fc10

- fix a nasty bug in 2.7.x, http://bugzilla.gnome.org/show_bug.cgi?id=554660

Mon Sep 01 2008 Daniel Veillard <veillard@redhat.com> 2.7.1-1.fc10

- fix python serialization which was broken in 2.7.0
- Resolve: rhbz#460774

Sat Aug 30 2008 Daniel Veillard <veillard@redhat.com> 2.7.0-1.fc10

- upstream release of 2.7.0
- switch to XML 1.0 5th edition
- switch to RFC 3986 for URI parsing
- better entity handling
- option to remove hardcoded limitations in the parser
- more testing
- a new API to allocate entity nodes
- and lot of fixes and clanups

Mon Aug 25 2008 Daniel Veillard <veillard@redhat.com> 2.6.32-4.fc10
```
- fix for entities recursion problem
- Resolve: rhbz#459714
```

Fri May 30 2008 Daniel Veillard <veillard@redhat.com> 2.6.32-3.fc10

- cleanup based on Fedora packaging guidelines, should fix #226079
- separate a -static package

Thu May 15 2008 Daniel Veillard <veillard@redhat.com> 2.6.32-2.fc10
```
- try to fix multiarch problems like #440206
```

Tue Apr 08 2008 Daniel Veillard <veillard@redhat.com> 2.6.32-1.fc9

- upstream release 2.6.32 see http://xmlsoft.org/news.html
- many bug fixed upstream

Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 2.6.31-2
```
- Autorebuild for GCC 4.3
```

Fri Jan 11 2008 Daniel Veillard <veillard@redhat.com> 2.6.31-1.fc9

- upstream release 2.6.31 see http://xmlsoft.org/news.html
- many bug fixed upstream

Thu Aug 23 2007 Daniel Veillard <veillard@redhat.com> 2.6.30-1

- upstream release 2.6.30 see http://xmlsoft.org/news.html
- many bug fixed upstream

Tue Jun 12 2007 Daniel Veillard <veillard@redhat.com> 2.6.29-1

- upstream release 2.6.29 see http://xmlsoft.org/news.html
- many bug fixed upstream

Wed May 16 2007 Matthias Clasen <mclasen@redhat.com> 2.6.28-2
```
- Bump revision to fix N-V-R problem
```

Tue Apr 17 2007 Daniel Veillard <veillard@redhat.com> 2.6.28-1

- upstream release 2.6.28 see http://xmlsoft.org/news.html
- many bug fixed upstream

Thu Dec 07 2006 Jeremy Katz <katzj@redhat.com> - 2.6.27-2
```
- rebuild against python 2.5
```

Wed Oct 25 2006 Daniel Veillard <veillard@redhat.com> 2.6.27-1

- upstream release 2.6.27 see http://xmlsoft.org/news.html
- very large amount of bug fixes reported upstream

Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.6.26-2.1.1
```
- rebuild
```
Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.6.26-2.1
```
- rebuild
```
Wed Jun 07 2006 Daniel Veillard <veillard@redhat.com> 2.6.26-2
```
- fix bug #192873
```
Tue Jun 06 2006 Daniel Veillard <veillard@redhat.com> 2.6.26-1
```
- upstream release 2.6.26 see http://xmlsoft.org/news.html
```
Tue Jun 06 2006 Daniel Veillard <veillard@redhat.com>
```
- upstream release 2.6.25 broken, do not ship !
```