Author: Aron Xu
Revision Date: 2015-09-22 16:31:48 UTC

* Revert everything in N'ACKed NMU revert to 2.9.1.
  - Resolving regression, Closes: #754424
  - Drop the following NMU, not needed in 2.9.2, Closes: #781232
  - Drop not approved patch for GNOME #746048
* Revert icu dbg drop, but don't hardcode version,
  thanks Matthias Klose <doko>, Closes: #798642
* Cherry pick upstream post release patches:
  - Fix for regression triggered by CVE-2014-3660, Closes: #768089
  - Fix for the spurious ID already defined error, Closes: #766884
  - Fix for CVE-2015-1819, Closes: #782782
  - Fix for GNOME #744980, Closes: #783010
  - Several fixes for memory related issues.

Author: Aron Xu
Revision Date: 2015-09-22 16:31:48 UTC

* Revert everything in N'ACKed NMU revert to 2.9.1.
  - Resolving regression, Closes: #754424
  - Drop the following NMU, not needed in 2.9.2, Closes: #781232
  - Drop not approved patch for GNOME #746048
* Revert icu dbg drop, but don't hardcode version,
  thanks Matthias Klose <doko>, Closes: #798642
* Cherry pick upstream post release patches:
  - Fix for regression triggered by CVE-2014-3660, Closes: #768089
  - Fix for the spurious ID already defined error, Closes: #766884
  - Fix for CVE-2015-1819, Closes: #782782
  - Fix for GNOME #744980, Closes: #783010
  - Several fixes for memory related issues.

Author: Aron Xu
Revision Date: 2015-02-01 12:35:52 UTC

Add icu related deps for -dev and -dbg packages
(Closes: #776741)

Author: Aron Xu
Revision Date: 2015-02-01 12:35:52 UTC

Add icu related deps for -dev and -dbg packages
(Closes: #776741)

Author: Marc Deslauriers
Revision Date: 2014-10-22 14:27:25 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

Author: Marc Deslauriers
Revision Date: 2014-10-22 14:27:25 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

Author: Marc Deslauriers
Revision Date: 2014-10-22 12:16:42 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

Author: Marc Deslauriers
Revision Date: 2014-10-22 12:16:42 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

Author: Marc Deslauriers
Revision Date: 2014-10-16 15:30:49 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - debian/patches/CVE-2014-3660.patch: added additional tests to
    parser.c.
  - CVE-2014-3660

Author: Marc Deslauriers
Revision Date: 2014-10-16 15:30:49 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - debian/patches/CVE-2014-3660.patch: added additional tests to
    parser.c.
  - CVE-2014-3660

Author: Marc Deslauriers
Revision Date: 2014-10-16 15:28:40 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - debian/patches/CVE-2014-3660.patch: added additional tests to
    parser.c.
  - CVE-2014-3660

Author: Marc Deslauriers
Revision Date: 2014-10-16 15:28:40 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - debian/patches/CVE-2014-3660.patch: added additional tests to
    parser.c.
  - CVE-2014-3660

Author: Marc Deslauriers
Revision Date: 2014-06-13 08:34:17 UTC

* SECURITY REGRESSION: more xmllint regressions (LP: #1321869)
  - debian/patches/lp1321869.patch: use upstream commit which includes
    additional regression fixes to parser.c.

Author: Marc Deslauriers
Revision Date: 2014-06-13 08:34:17 UTC

* SECURITY REGRESSION: more xmllint regressions (LP: #1321869)
  - debian/patches/lp1321869.patch: use upstream commit which includes
    additional regression fixes to parser.c.

Author: Marc Deslauriers
Revision Date: 2014-05-08 14:29:41 UTC

* SECURITY UPDATE: resource exhaustion via external parameter entities
  - debian/patches/CVE-2014-0191.patch: do not fetch external parameter
    entities in parser.c.
  - CVE-2014-0191

Author: Marc Deslauriers
Revision Date: 2014-05-08 14:29:41 UTC

* SECURITY UPDATE: resource exhaustion via external parameter entities
  - debian/patches/CVE-2014-0191.patch: do not fetch external parameter
    entities in parser.c.
  - CVE-2014-0191

Author: Matthias Klose
Revision Date: 2014-02-23 13:48:26 UTC

Rebuild to drop files installed into /usr/share/pyshared.

Author: Matthias Klose
Revision Date: 2014-02-23 13:48:26 UTC

Rebuild to drop files installed into /usr/share/pyshared.

Author: Dimitri John Ledkov
Revision Date: 2013-08-22 21:34:37 UTC

[ Tim Galeckas ]
Fix SIGSEGV when --pretty is specified. LP: #923691

Author: Dimitri John Ledkov
Revision Date: 2013-08-22 21:34:37 UTC

[ Tim Galeckas ]
Fix SIGSEGV when --pretty is specified. LP: #923691

Author: Marc Deslauriers
Revision Date: 2013-07-16 13:46:23 UTC

* SECURITY REGRESSION: wrong return values
  - debian/patches/CVE-2013-2877.patch: revised to fix up a couple of
    return values.
  - CVE-2013-2877

Author: Marc Deslauriers
Revision Date: 2013-07-16 13:46:23 UTC

* SECURITY REGRESSION: wrong return values
  - debian/patches/CVE-2013-2877.patch: revised to fix up a couple of
    return values.
  - CVE-2013-2877

Author: Marc Deslauriers
Revision Date: 2013-03-26 10:31:51 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

Author: Marc Deslauriers
Revision Date: 2013-03-26 10:31:51 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

Author: Marc Deslauriers
Revision Date: 2013-03-26 10:25:45 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

Author: Marc Deslauriers
Revision Date: 2013-03-26 10:25:45 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

Author: Marc Deslauriers
Revision Date: 2013-03-26 10:04:58 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - debian/patches/CVE-2013-0338.patch: limit number of entity expansions
    in include/libxml/parser.h, parser.c, parserInternals.c.
  - CVE-2013-0338

Author: Marc Deslauriers
Revision Date: 2013-03-26 10:04:58 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - debian/patches/CVE-2013-0338.patch: limit number of entity expansions
    in include/libxml/parser.h, parser.c, parserInternals.c.
  - CVE-2013-0338

Author: Daniel Holbach
Revision Date: 2012-10-10 08:15:16 UTC

debian/tests/control: added pkg-config as depends for the test.
Change forwarded to Debian as bug 690047.

Author: Marc Deslauriers
Revision Date: 2012-09-26 13:16:03 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer sizes.
  - http://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626
  - http://git.gnome.org/browse/libxml2/commit/?id=4f9fdc709c4861c390cd84e2ed1fd878b3442e28
  - http://git.gnome.org/browse/libxml2/commit/?id=baaf03f80f817bb34c421421e6cb4d68c353ac9a
  - CVE-2012-2807

Author: Marc Deslauriers
Revision Date: 2012-09-26 13:16:03 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer sizes.
  - http://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626
  - http://git.gnome.org/browse/libxml2/commit/?id=4f9fdc709c4861c390cd84e2ed1fd878b3442e28
  - http://git.gnome.org/browse/libxml2/commit/?id=baaf03f80f817bb34c421421e6cb4d68c353ac9a
  - CVE-2012-2807

Author: Jamie Strandboge
Revision Date: 2012-02-28 07:20:11 UTC

* SECURITY UPDATE: add randomization to dictionaries with hash tables
  help prevent denial of service via hash algorithm collision
  - configure.in: lookup for rand, srand and time
  - dict.c: add randomization to dictionaries hash tables
  - hash.c: add randomization to normal hash tables
  - 8973d58b7498fa5100a876815476b81fd1a2412a
  - CVE-2012-0841

Author: Jamie Strandboge
Revision Date: 2012-02-24 15:16:59 UTC

* SECURITY UPDATE: add randomization to dictionaries with hash tables
  help prevent denial of service via hash algorithm collision
  - configure.in: lookup for rand, srand and time
  - dict.c: add randomization to dictionaries hash tables
  - hash.c: add randomization to normal hash tables
  - 8973d58b7498fa5100a876815476b81fd1a2412a
  - CVE-2012-0841

Author: Jamie Strandboge
Revision Date: 2012-02-24 15:16:59 UTC

* SECURITY UPDATE: add randomization to dictionaries with hash tables
  help prevent denial of service via hash algorithm collision
  - configure.in: lookup for rand, srand and time
  - dict.c: add randomization to dictionaries hash tables
  - hash.c: add randomization to normal hash tables
  - 8973d58b7498fa5100a876815476b81fd1a2412a
  - CVE-2012-0841

Author: Mike Hommey
Revision Date: 2011-07-29 12:33:08 UTC

* debian/rules: Add --with python2 to dh call.
* debian/control:
  - Remove build dependency on python-support.
  - Build depend on python-all-dev >= 2.6.6-3~.
  - Remove XB-Python-Version header.
  - Bump Standards-Version to 3.9.2.0. No changes required.
* debian/pycompat: Removed. With the above changes, closes: #631416.
  Thanks Colin Watson.

Author: Peter Pearse
Revision Date: 2011-04-08 08:50:11 UTC

Patch for cross building.

Author: Mike Hommey
Revision Date: 2010-12-25 10:48:27 UTC

xpath.c: Fix a double-freeing error in XPath processing code.
(CVE-2010-4494). Closes: #607922.

Author: Jamie Strandboge
Revision Date: 2010-11-08 13:01:23 UTC

* SECURITY UPDATE: fix invalid memory read by fixing the semantic of XPath
  axis for namespace/attribute context nodes
  - http://git.gnome.org/browse/libxml2/patch/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
  - http://git.gnome.org/browse/libxml2/patch/?id=ea90b894146030c214a7df6d8375310174f134b9
  - CVE-2010-4008

Author: Jamie Strandboge
Revision Date: 2010-11-08 13:01:23 UTC

* SECURITY UPDATE: fix invalid memory read by fixing the semantic of XPath
  axis for namespace/attribute context nodes
  - http://git.gnome.org/browse/libxml2/patch/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
  - http://git.gnome.org/browse/libxml2/patch/?id=ea90b894146030c214a7df6d8375310174f134b9
  - CVE-2010-4008

Author: Jamie Strandboge
Revision Date: 2010-11-08 12:56:54 UTC

* SECURITY UPDATE: fix invalid memory read by fixing the semantic of XPath
  axis for namespace/attribute context nodes
  - http://git.gnome.org/browse/libxml2/patch/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
  - http://git.gnome.org/browse/libxml2/patch/?id=ea90b894146030c214a7df6d8375310174f134b9
  - CVE-2010-4008

Author: Jamie Strandboge
Revision Date: 2010-11-08 12:56:54 UTC

* SECURITY UPDATE: fix invalid memory read by fixing the semantic of XPath
  axis for namespace/attribute context nodes
  - http://git.gnome.org/browse/libxml2/patch/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
  - http://git.gnome.org/browse/libxml2/patch/?id=ea90b894146030c214a7df6d8375310174f134b9
  - CVE-2010-4008

Author: Mike Hommey
Revision Date: 2010-06-29 12:42:35 UTC

* debian/rules:
  - Use a variable to express which sub-targets to invoke for
    configure/build/install.
  - Refactor configure-% and build-% rules.
  - Avoid possible renaming of _d.so files to _d_d.so files in the
    install-python%-dbg rules.
* debian/control, debian/control.udeb, debian/libxml2-udeb.install,
  debian/rules: Add an udeb package when building for Ubuntu.
  Closes: #583767.
* debian/control:
  - Remove old Conflicts/Replaces for packages that have disappeared before
    etch.
  - Bump Standards-Version to 3.9.0.0.

Author: Jonathan Riddell
Revision Date: 2009-12-28 23:40:10 UTC

Build using --with-threads, closes LP: #309149

Author: Scott Kitterman
Revision Date: 2009-12-15 22:35:20 UTC

* Merge from debian testing, remaining changes:
  - Create -udeb and python -dbg packages
  - Link using -Bsymbolic-functions
  - Add missing zlib1g-dev to -dev
  - Fix site-/dist-packages
  - Build-depend on libreadline6-dev instead of libreadline5-dev.

Author: Matthias Klose
Revision Date: 2009-10-08 13:24:56 UTC

* Merge with Debian (LP: #433253); remaining changes:
  - Create -udeb and python -dbg packages
  - Link using -Bsymbolic-functions
  - Add missing zlib1g-dev to -dev
  - Fix site-/dist-packages
  - error.c: Grab fix from SVN to avoid pidgin/jabber crash
  - Build-depend on libreadline-dev instead of libreadline5-dev.

Author: Marc Deslauriers
Revision Date: 2009-08-11 11:37:31 UTC

* SECURITY UPDATE: denial of service via stack overflow from crafted
  root XML document element DTD definition
  - parser.c: validate ctxt->depth isn't too deep
  - CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
  Notation and Enumeration attribute types
  - parser.c: use xmlFreeEnumeration before returning.
  - CVE-2009-2416
* SECURITY UPDATE: heap overflow in entity name parsing
  - parser.c: reintroduce the security fix for CVE-2008-3529 that got
    lost somehow
  - CVE-2008-3529

Author: Marc Deslauriers
Revision Date: 2009-08-11 11:37:31 UTC

* SECURITY UPDATE: denial of service via stack overflow from crafted
  root XML document element DTD definition
  - parser.c: validate ctxt->depth isn't too deep
  - CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
  Notation and Enumeration attribute types
  - parser.c: use xmlFreeEnumeration before returning.
  - CVE-2009-2416
* SECURITY UPDATE: heap overflow in entity name parsing
  - parser.c: reintroduce the security fix for CVE-2008-3529 that got
    lost somehow
  - CVE-2008-3529

Author: Marc Deslauriers
Revision Date: 2009-08-10 16:31:24 UTC

* SECURITY UPDATE: denial of service via stack overflow from crafted
  root XML document element DTD definition
  - parser.c: validate ctxt->depth isn't too deep
  - CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
  Notation and Enumeration attribute types
  - parser.c: use xmlFreeEnumeration before returning.
  - CVE-2009-2416

Author: Marc Deslauriers
Revision Date: 2009-08-10 16:31:24 UTC

* SECURITY UPDATE: denial of service via stack overflow from crafted
  root XML document element DTD definition
  - parser.c: validate ctxt->depth isn't too deep
  - CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
  Notation and Enumeration attribute types
  - parser.c: use xmlFreeEnumeration before returning.
  - CVE-2009-2416

Author: Sebastien Bacher
Revision Date: 2009-04-08 22:22:46 UTC

error.c: use svn change to fix error handling issues leading to pidgin crash
when connecting jabber (lp: #357949)

Author: Matthias Klose
Revision Date: 2008-09-25 14:19:49 UTC

* Merge with Debian; remaining changes:
  - debian/rules: create a udeb for debian-installer, correct libxml2-dev
    Depends to include zlib1g-dev.
  - Build a python-libxml2-dbg package.
  - Link using -Bsymbolic-functions.

Author: Matthias Klose
Revision Date: 2008-03-12 10:25:35 UTC

* Merge with Debian; remaining changes:
  - debian/rules: create a udeb for debian-installer, correct libxml2-dev
    Depends to include zlib1g-dev.
  - Build a python-libxml2-dbg package.
  - Link using -Bsymbolic-functions.
* Fixed: USN-569-1, denial of service bug in UTF-8 handling. LP: #181985.

Author: Kees Cook
Revision Date: 2008-11-18 09:01:48 UTC

* SECURITY UPDATE: infinite loop, integer overflow, and double-free.
  - parserInternals.c: upstream fix for double-free (svn rev 3741).
  - tree.c: fix for infinite loop, thanks to Mike Hommey (CVE-2008-4225).
  - SAX2.c: fix for integer overflow, thanks to Mike Hommey CVE-2008-4226).

Author: Kees Cook
Revision Date: 2008-11-18 09:01:48 UTC

* SECURITY UPDATE: infinite loop, integer overflow, and double-free.
  - parserInternals.c: upstream fix for double-free (svn rev 3741).
  - tree.c: fix for infinite loop, thanks to Mike Hommey (CVE-2008-4225).
  - SAX2.c: fix for integer overflow, thanks to Mike Hommey CVE-2008-4226).

Author: Matthias Klose
Revision Date: 2007-10-03 14:35:16 UTC

* Merge with Debian; remaining changes:
  - debian/rules: create a udeb for debian-installer, correct libxml2-dev
    Depends to include zlib1g-dev.
  - Build a python-libxml2-dbg package.
* Fixes a regression using XSLT copy element. LP: #147144.

Author: Kees Cook
Revision Date: 2008-09-11 10:47:54 UTC

* SECURITY UPDATE: heap overflow in entity name parsing.
* parser.c: upstream fixes thanks to Tomas Hoger.
* include/libxml/parser.h, parser.c: improvements to CVE-2008-3281 fix,
  thanks to Tomas Hoger.
* References
  CVE-2008-3529

Author: Kees Cook
Revision Date: 2008-09-11 10:47:54 UTC

* SECURITY UPDATE: heap overflow in entity name parsing.
* parser.c: upstream fixes thanks to Tomas Hoger.
* include/libxml/parser.h, parser.c: improvements to CVE-2008-3281 fix,
  thanks to Tomas Hoger.
* References
  CVE-2008-3529

Author: Matthias Klose
Revision Date: 2007-02-18 22:24:20 UTC

Install the python debug build into the same temporary installation dir.

Author: Kees Cook
Revision Date: 2008-01-14 09:56:09 UTC

* SECURITY UPDATE: infinite loop with malformed UTF8
* parserInternals.c: patched inline with upstream changes, thanks to
  Daniel Veillard.
* References
  http://mail.gnome.org/archives/xml/2008-January/msg00036.html
  CVE-2007-6284

Author: Kees Cook
Revision Date: 2008-01-14 09:56:09 UTC

* SECURITY UPDATE: infinite loop with malformed UTF8
* parserInternals.c: patched inline with upstream changes, thanks to
  Daniel Veillard.
* References
  http://mail.gnome.org/archives/xml/2008-January/msg00036.html
  CVE-2007-6284

Author: Kees Cook
Revision Date: 2006-10-13 10:24:25 UTC

debian/control: Add zlib1g-dev/libz-dev to libxml2-dev Depends.

Author: Daniel Holbach
Revision Date: 2006-05-02 10:50:59 UTC

* Resynchronized with Debian. Only changes to Debian:
  - debian/control:
    - dropped python2.3 Build-Dep and python2.3-libxml2 package. Thanks to
      the super-dooper Build-System of Debian's libxml2 that's the only
      change we need.
  - debian/libxml2-doc.install:
    - add usr/share/gtk-doc/

Author: Daniel Holbach
Revision Date: 2005-09-05 10:37:55 UTC

* New upstream release.
* debian/control:
  - Bumped Standards-Version.
  - added xsltproc to Build-Depends, to build index.html
* debian/rules:
  - rebuild index.html (in doc/examples).

Author: Sebastien Bacher
Revision Date: 2005-01-17 12:45:43 UTC

* New upstream release:
* debian/control:
  - changed the python version to 2.4.
* debian/rules:
  - updated the shlibs.
* doc/examples/index.html:
  - added.

Author: Martin Pitt
Revision Date: 2004-10-28 10:36:28 UTC

* SECURITY UPDATE: fix multiple buffer overflows (Warty bug #2809)
* nanoftp.c, nanohttp.c: verified and applied patch from Josh Bressers to
  fix several memcpy() and array accesses without proper bounds checking
* References:
  CAN-2004-0989
  http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0

Author: Sebastien Bacher
Revision Date: 2004-09-23 15:44:35 UTC

Upload of the new version in warty, that's required for the new
shared-mime-info.