lp:ubuntu/natty-security/libxml2

Created by James Westby on 2011-06-16 and last modified on 2012-09-26
Get this branch:
bzr branch lp:ubuntu/natty-security/libxml2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

44. By Jamie Strandboge on 2012-05-18

* SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
  - d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
  - CVE-2011-3102

43. By Jamie Strandboge on 2012-02-24

* SECURITY UPDATE: add randomization to dictionaries with hash tables
  help prevent denial of service via hash algorithm collision
  - configure.in: lookup for rand, srand and time
  - dict.c: add randomization to dictionaries hash tables
  - hash.c: add randomization to normal hash tables
  - 8973d58b7498fa5100a876815476b81fd1a2412a
  - CVE-2012-0841

42. By Jamie Strandboge on 2012-01-18

* SECURITY UPDATE: fix off-by-one leading to denial of service
  - encoding.c: adjust calculation of space available
  - 69f04562f75212bfcabecd190ea8b06ace28ece2
  - CVE-2011-0216
* SECURITY UPDATE: fix double free in XPath evaluation
  - xpath.h, xpath.c: add a mechanism of frame for XPath evaluation when
    entering a function or a scoped evaluation
  - f5048b3e71fc30ad096970b8df6e7af073bae4cb
  - CVE-2011-2821
* SECURITY UPDATE: fix double free in XPath evaluation
  - xpath.c: fix missing error status in XPath evaluation
  - 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd
  - CVE-2011-2834
* SECURITY UPDATE: fix out of bounds read
  - parser.c: make sure the parser returns when getting a Stop order
  - 77404b8b69bc122d12231807abf1a837d121b551
  - CVE-2011-3905
* SECURITY UPDATE: fix heap overflow
  - parser.c: fix an allocation error when copying entities
  - 5bd3c061823a8499b27422aee04ea20aae24f03e
  - CVE-2011-3919

41. By Marc Deslauriers on 2011-06-16

* SECURITY UPDATE: denial of service and possible code execution via
  specially crafted xml file
  - xpath.c: update count only if allocation succeeds.
  - http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4
  - CVE-2011-1944

40. By Mike Hommey <email address hidden> on 2010-12-25

xpath.c: Fix a double-freeing error in XPath processing code.
(CVE-2010-4494). Closes: #607922.

39. By Mike Hommey <email address hidden> on 2010-11-05

* New upstream release.
* configure.in: Applied upstream fix to reactivate symbol versioning script.

38. By Mike Hommey <email address hidden> on 2010-06-29

* debian/rules:
  - Use a variable to express which sub-targets to invoke for
    configure/build/install.
  - Refactor configure-% and build-% rules.
  - Avoid possible renaming of _d.so files to _d_d.so files in the
    install-python%-dbg rules.
* debian/control, debian/control.udeb, debian/libxml2-udeb.install,
  debian/rules: Add an udeb package when building for Ubuntu.
  Closes: #583767.
* debian/control:
  - Remove old Conflicts/Replaces for packages that have disappeared before
    etch.
  - Bump Standards-Version to 3.9.0.0.

37. By Loïc Minier on 2010-05-30

* Shuffle old Debian changelog entries around to match the Debian layout and
  reduce the diff.
* Drop /usr/share/doc/python-libxml2-dbg -> python-libxml2 symlink which was
  added to optimize disk space, the -dbg package is huge anyway. Add a
  preinst snippet to deal with upgrades.
* Merge with Debian.
  - Keep the new Debian build-deps "libreadline-dev | libreadline5-dev"
    since this should work fine with Ubuntu buildds reinstalling everything
    on each build.
  - Drop duplicate -Wall and -g from -dbg CFLAGS.
  - Drop addition of -Wl,-Bsymbolic-functions to LDFLAGS since LDFLAGS
    aren't overriden in the Debian rules anymore.
  - Don't set PYTHON_VERSION and PYTHON_SITE_PACKAGES during python$*-dbg
    builds since these should be correct already.
  - Drop explicit zlib1g-dev dep, .pc only mentions zlib in Libs.private and
    the .la file isn't shipped anymore, so there should be no mention of -lz
    requiring this anymore.
  - Rework creation of -dbg package (python$*-dbg) for the new dh 7 rules;
    install to debian/tmp-dbg.
  - Remaining changes:
    + Add python-libxml2-dbg package built with python$*-dbg and these
      CFLAGS: -Wall -Wextra -g -O0 -fno-strict-aliasing -pedantic.
    + Add libxml2-udeb package.
    + Fix debian/python-libxml2.install to cope with builds which don't have
      any site-packages based python versions.
    + rm -rf build-python$* in configure-python% to fix FTBFS.
* Fix dependency of python-libxml2-dbg on python-libxml2 to use
  ${binary:Version}, not ${source:Version}.
* Add ${misc:Depends} to python-libxml2-dbg.

36. By Scott Kitterman on 2009-12-15

* Merge from debian testing, remaining changes:
  - Create -udeb and python -dbg packages
  - Link using -Bsymbolic-functions
  - Add missing zlib1g-dev to -dev
  - Fix site-/dist-packages
  - Build-depend on libreadline6-dev instead of libreadline5-dev.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/oneiric/libxml2
This branch contains Public information 
Everyone can see this information.

Subscribers