Commit Graph

117 Commits

Author SHA1 Message Date
Drew Hess
81eddf1516 libxml2: upstream patch for Python 3.9. 2020-11-28 18:26:15 +01:00
Martin Weinelt
ab61f1622b libxml2: fix CVE-2020-24977
Fixes an out-of-bounds read when using xmllint with the --htmlout
parameter.

Fixes: CVE-2020-24977
2020-11-27 20:33:58 +01:00
John Wiegley
6a359b2333
libxml2Python: Darwin builds require libintl (better fix) 2020-08-06 15:52:57 -07:00
Daiderd Jordan
cc148a4b3e
libxml2: fix python2 build on darwin 2020-07-05 15:09:38 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Martin Milata
291c73568a libxml2: add patch for CVE-2019-20388 2020-03-12 23:43:47 +00:00
Andrew Dunham
147f32ac2b libxml2: add patch for CVE-2020-7595 2020-02-01 15:23:47 -08:00
Alyssa Ross
863fc6574d libxml2: don't propagate Python bindings 2020-01-13 16:46:02 +00:00
Robin Gloster
74c2020e8c
libxml2: fix further structuredAttrs issues 2019-12-30 11:13:38 +01:00
Robert Scott
c3c77ecfde libxml2: 2.9.9 -> 2.9.10
disable python test which was previously failing anyway, but in previous
versions it was being ignored
2019-11-11 01:18:39 +00:00
Chuck
c0cecd0e60 python3Packages.libxml2: Patch to work around python3 + utf-8 itstool crash
1. Gnumeric has unbalanced XML tags in its doc translations.
2. itstool's XML error handler tries to print this error with context.
3. libxml2's context snipper treats the data as bytes, not UTF-8.
4. python3Packages.libxml2 casts the context to a UTF-8 Python string.
5. itstool dereferences a null pointer.

This patch intervenes at #4.

In https://bugzilla.gnome.org/show_bug.cgi?id=789714#c4 , upstream
suggests that intervening at #3 would be better -- that each of the four
copies of xmlParserPrintFileContextInternal() have four additional UTF-8
problems, one of which is that the caret indicator ought to count
"unicode characters" not bytes.  But to position a caret correctly, a
character count is not sufficient -- this would need to use icu's BiDi
logic (with fallback to doing something wrong when libxml2 is configured
not to use icu) -- which makes a 'correct' fix a much larger project
than this simple band-aid.
2019-10-31 17:30:33 -07:00
Frederik Rietdijk
a51aa02c78 libxml2: use python3 for build and as default for bindings
Changing the default may cause breakage, however, users should have
already switched to `pythonPackages.libxml2` long ago.
2019-10-29 13:47:03 +01:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
volth
f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Will Dietz
96890e2390 libxml2: 2.9.8 -> 2.9.9 2019-01-03 14:36:08 -06:00
Matthew Bauer
245f25586b libxml2: only use static output with both shared & static
The static output should only get created when both enableShared and
enableStatic are set. Otherwise there would be libraries missing from
the main output when enableShared = false & enableStatic = true. This
can cause issues in some packages that don’t know about libxml2’s
static output.

(cherry picked from commit 2bd6bb0a4bf21005d8877c735709cd21d22e05bd)
(cherry picked from commit 1421a39c1e62584d346185ad49484b11b7703dc1)
2018-11-13 06:57:54 -06:00
Frederik Rietdijk
d0d04c26d7 libxml2: support python3 2018-10-17 10:00:20 +02:00
John Ericson
0828e2d8c3 treewide: Remove usage of remaining redundant platform compatability stuff
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
2018-08-30 17:20:32 -04:00
Andreas Rammhold
06e7a48f45
libxml2: fix CVE-2018-14567 & CVE-2018-14404
Since the already added patch for CVE-2018-9251 also affects
CVE-2018-14567 I renamed the applied patch accordingly.
2018-08-15 22:54:52 +02:00
Tim Steinbach
99fb65fb11
libxml2: Fix CVE-2018-9251 2018-08-05 18:20:33 -04:00
John Ericson
e517da3929 libxml2: Use enableFeature 2018-08-02 15:10:43 -04:00
John Ericson
5be14c5c74 libxml2: Remove crossAttrs 2018-07-24 18:36:59 -04:00
Matthew Bauer
916f096911
Merge pull request #43890 from matthewbauer/mingw-fixes
Mingw fixes
2018-07-21 17:04:20 -04:00
Matthew Bauer
92daacc9b0 libxml2: support all platforms
Mingw/Windows support works out of the box.
2018-07-21 10:10:47 -04:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Antoine Eiche
5bfdf34bed libxml2: add enableStatic argument
If `enableStatic` is set to true, the output `static` contains the
static library.
2018-06-22 21:00:20 +02:00
Orivej Desh
ea69fba953 Revert "libxml2: add static output"
This reverts commit 1897c352f5 on master.

This is a mass rebuild that should go through staging.
2018-06-13 16:07:54 +00:00
Antoine Eiche
1897c352f5 libxml2: add static output 2018-06-13 09:20:02 +02:00
Ryan Mulligan
3157bd3dc9 libxml2: 2.9.7 -> 2.9.8
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:

- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 2.9.8 in filename of file in /nix/store/cjycf1wx5a5l22a9kwhpnnh2h9i7pahk-libxc-4.0.4
2018-03-14 19:51:48 -07:00
Will Dietz
158c3c4864 libxml2: disable tests also 2018-02-13 09:44:41 -06:00
Jan Tojnar
98ff9fca29
libxml2: 2.9.5 → 2.9.7 2017-11-23 05:28:39 +01:00
Ben Gamari
09ce1ebd8f libxml2: Don't run tests when cross-compiling 2017-10-27 20:32:25 -04:00
Orivej Desh
604ca93182 libxml2: 2.9.4 -> 2.9.5 2017-09-15 17:28:31 +00:00
Tuomas Tynkkynen
1ff422aa23 treewide: Add man & info outputs where necessary (instead of doc)
Because man & info pages won't be going to $doc after the next commit.
Scripted change for the files having one-package-per-file.
2017-08-11 21:32:54 +03:00
John Ericson
8ca8293dbc libxml2: Don't use stdenv.cross 2017-06-28 00:51:59 -04:00
Dan Peebles
1a4ca220e1 treewide: fix assorted issues revealed by the meta checker
Turns out a couple of the licenses were wrong, as well as being strings.
2017-04-28 23:07:42 -04:00
Vladimír Čunát
5ad81ab09c
libxml2: bugfix updates from git upstream
This should solve CVE-2016-5131 and some other bugs, but not what Suse
calls CVE-2016-9597: https://bugzilla.suse.com/show_bug.cgi?id=1017497
The bugzilla discussion seems to indicate that the CVE is referenced
incorrectly and only shows reproducing when using command-line flags
that are considered "unsafe".

CVE-2016-9318 also remains unfixed, as I consider their reasoning OK:
https://lwn.net/Alerts/714411/

/cc #22826.
2017-02-16 20:18:17 +01:00
Peter Hoeg
52d6927413 libxml2: add optional icu support 2017-02-11 18:16:38 +08:00
Frederik Rietdijk
6b70ac81bb libxml2: supportPython -> pythonSupport
since that is more commonly used in Nixpkgs.
2016-11-08 17:10:05 +01:00
Franz Pletz
64902aebb0
libxml2: add patch to fix CVE-2016-4658
cc #20078
2016-11-03 02:45:18 +01:00
Frederik Rietdijk
47a95edc1e libxml2: use python2 2016-10-18 23:14:31 +02:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Vladimír Čunát
dc13593b9f libxml2: disable checks on Darwin
Apparently they won't work there.
2016-05-27 09:45:46 +02:00
Vladimír Čunát
f4bddaf51f libxml2: doCheck = true
That wouldn't uncover the problem fixed in parent commit,
but it shouldn't hurt.
2016-05-26 15:09:28 +02:00
Vladimír Čunát
3069606108 libxml2: fixup validation problems with 2.9.4
... by reverting an upstream commit
/cc #15697.

I should make some distro pay me for digging into such things :-)
2016-05-26 13:49:08 +02:00
Graham Christensen
772851ff46 libxml2: 2.9.3 -> 2.9.4 for three CVEs (close #15697)
- CVE-2016-4447: libxml2: Heap-based buffer underreads due to xmlParseName
   https://bugzilla.redhat.com/show_bug.cgi?id=1338686

 - CVE-2016-4448 libxml2: Format string vulnerability
   https://bugzilla.redhat.com/show_bug.cgi?id=1338700

 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content
   https://bugzilla.redhat.com/show_bug.cgi?id=1338701

and many other fixed issues, available at http://www.xmlsoft.org/news.html
2016-05-25 18:28:52 +02:00
Vladimír Čunát
7a005601d4 Merge branch 'master' to resolve conflicts 2016-05-05 08:25:38 +02:00
Vladimír Čunát
94eba25103 libxml2: fix on mingw, without DLLs ATM
After closure-size merge we need to disable python support,
as python upstream doesn't support cross-building linux -> mingw.
2016-04-23 10:52:02 +02:00
Karn Kallio
c4ab7e2cd4 libxml2 : Have exec_prefix match the location of bin/xml2-config. 2016-04-21 13:00:21 +02:00
Vladimír Čunát
716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00