Changelog for
libxml2-devel-32bit-2.7.3-2.13.1.x86_64.rpm :
Thu Jul 11 14:00:00 2013 vcizekAATTsuse.com
- fix for CVE-2013-2877 (bnc#829077)
* added libxml2-CVE-2013-2877.patch
Fri Mar 22 13:00:00 2013 lijewski.stefanAATTgmail.com
- fix for CVE-2013-0338 (bnc#805233)
libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch
Wed Dec 19 13:00:00 2012 lijewski.stefanAATTgmail.com
- fixed CVE-2012-5134 (bnc#793334) / libxml2-CVE-2012-5134.patch
Mon Aug 27 14:00:00 2012 lijewski.stefanAATTzabka.pl
- fixed CVE-2012-2807 (bnc#769184)
Thu Jun 14 14:00:00 2012 lijewski.stefanAATTzabka.pl
- fixed CVE-2011-3102 (bnc#764538)
Fri Mar 9 13:00:00 2012 johann.luceAATTwanadoo.fr
- add libxml2-CVE-2012-0841.patch
This update of libxml2 fixes the hash table collision flaw
which could be exploited by attackers to cause a Denial of
Service (CVE-2012-0841).
Fri Jan 20 13:00:00 2012 lijewski.stefanAATTzabka.pl
- A heap-based buffer overflow during decoding of entity
references with overly long names has been fixed (bnc#739894)
patch: libxml2-CVE-2011-3919.patch
Thu Jan 12 13:00:00 2012 johann.luceAATTwanadoo.fr
- add libxml2-CVE-2011-2821.patch (bnc#732787)
Wed Aug 10 14:00:00 2011 lijewski.stefanAATTgmail.com
- add libxml2-CVE-2011-1944.patch (bnc#697372)
Mon Jan 3 13:00:00 2011 puzelAATTnovell.com
- add libxml2-CVE-2010-4494.patch (bnc#661471)
Mon Nov 1 13:00:00 2010 puzelAATTnovell.com
- add libxml2-xpath-ns-attr-axis.patch (bnc#648277)
Thu Mar 19 13:00:00 2009 prusnakAATTsuse.cz
- updated to 2.7.2
* Portability fix: fix solaris compilation problem,
fix compilation if XPath is not configured in
* Bug fixes: nasty entity bug introduced in 2.7.0, restore old
behaviour when saving an HTML doc with an xml dump function,
HTML UTF-8 parsing bug, fix reader custom error handlers
(Riccardo Scussat)
* Improvement: xmlSave options for more flexibility to save
as XML/HTML/XHTML, handle leading BOM in HTML documents
- updated to 2.7.3
* Build fix: fix build when HTML support is not included.
* Bug fixes: avoid memory overflow in gigantic text nodes,
indentation problem on the writed (Rob Richards),
xmlAddChildList pointer problem (Rob Richards and Kevin Milburn),
xmlAddChild problem with attribute (Rob Richards and Kris Breuker),
avoid a memory leak in an edge case (Daniel Zimmermann),
deallocate some pthread data (Alex Ott).
* Improvements: configure option to avoid rebuilding docs
(Adrian Bunk), limit text nodes to 10MB max by default,
add element traversal APIs, add a parser option to enable
pre 2.7 SAX behavior (Rob Richards),
add gcc malloc checking (Marcus Meissner),
add gcc printf like functions parameters checking (Marcus Meissner).
- dropped obsoleted patches:
* alloc_size.patch (mainline)
* CVE-2008-4225.patch (mainline)
* CVE-2008-4226.patch (mainline)
* CVE-2008-4409.patch (mainline)
* oldsax.patch (mainline)
* pritnf.patch (mainline)
* xmlsave.patch (mainline)
Mon Jan 12 13:00:00 2009 prusnakAATTsuse.cz
- added oldsax.patch to enable pre 2.7.0 sax behaviour [bnc#457056]
Wed Dec 10 13:00:00 2008 olhAATTsuse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
Tue Nov 25 13:00:00 2008 prusnakAATTsuse.cz
- fix broken xmlsave (xmlsave.patch) [bnc#437203]
Tue Nov 18 13:00:00 2008 prusnakAATTsuse.cz
- fixed CVE-2008-4225 [bnc#445677]
Thu Nov 6 13:00:00 2008 prusnakAATTsuse.cz
- fixed CVE-2008-4226 [bnc#441368]
Thu Oct 30 13:00:00 2008 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)
Mon Oct 6 14:00:00 2008 prusnakAATTsuse.cz
- fixed CVE-2008-4409 [bnc#432486]
Tue Sep 9 14:00:00 2008 meissnerAATTsuse.de
- added GCC attribute alloc_size markup (alloc_size.patch)
Wed Sep 3 14:00:00 2008 prusnakAATTsuse.cz
- updated to 2.7.1
* Portability fix: Borland C fix (Moritz Both)
* Bug fixes: python serialization wrappers, XPath QName corner
case handking and leaks (Martin)
* Improvement: extend the xmlSave to handle HTML documents and trees
* Cleanup: python serialization wrappers
Wed Sep 3 14:00:00 2008 prusnakAATTsuse.cz
- updated to 2.7.0
* Documentation: switch ChangeLog to UTF-8, improve mutithreads and
xmlParserCleanup docs
* Portability fixes: Older Win32 platforms (Rob Richards), MSVC
porting fix (Rob Richards), Mac OS X regression tests (Sven Herzberg),
non GNUCC builds (Rob Richards), compilation on Haiku (Andreas Färber)
* Bug fixes: various realloc problems (Ashwin), potential double-free
(Ashwin), regexp crash, icrash with invalid whitespace facets (Rob
Richards), pattern fix when streaming (William Brack), various XML
parsing and validation fixes based on the W3C regression tests, reader
tree skipping function fix (Ashwin), Schemas regexps escaping fix
(Volker Grabsch), handling of entity push errors (Ashwin), fix a slowdown
when encoder cant serialize characters on output
* Code cleanup: compilation fix without the reader, without the output
(Robert Schwebel), python whitespace (Martin), many space/tabs cleanups,
serious cleanup of the entity handling code
* Improvement: switch parser to XML-1.0 5th edition, add parsing flags
for old versions, switch URI parsing to RFC 3986,
add xmlSchemaValidCtxtGetParserCtxt (Holger Kaelberer),
new hashing functions for dictionnaries (based on Stefan Behnel work),
improve handling of misplaced html/head/body in HTML parser, better
regression test tools and code coverage display, better algorithms
to detect various versions of the billion laughts attacks, make
arbitrary parser limits avoidable as a parser option
- dropped obsoleted patches:
* billion-laughs.patch (included in update)
Wed Aug 13 14:00:00 2008 prusnakAATTsuse.cz
- fixed billion laughs vulnerability (billion-laughs.patch) [bnc#415371]
Fri Apr 11 14:00:00 2008 prusnakAATTsuse.cz
- updated to 2.6.32
* Documentation:
- returning heap memory to kernel (Wolfram Sang)
- trying to clarify xmlCleanupParser() use
- xmlXPathContext improvement (Jack Jansen)
- improve the
*Recover
* functions documentation
- XmlNodeType doc link fix (Martijn Arts)
* Bug fixes:
- internal subset memory leak (Ashwin)
- avoid problem with paths starting with // (Petr Sumbera)
- streaming XSD validation callback patches (Ashwin)
- fix redirection on port other than 80 (William Brack)
- SAX2 leak (Ashwin)
- XInclude fragment of own document (Chris Ryan)
- regexp bug with \'.\' (Andrew Tosh)
- flush the writer at the end of the document (Alfred Mickautsch)
- output I/O bug fix (William Brack)
- writer CDATA output after a text node (Alex Khesin)
- UTF-16 encoding detection (William Brack)
- fix handling of empty CDATA nodes for Safari team
- python binding problem with namespace nodes
- improve HTML parsing (Arnold Hendriks)
- regexp automata build bug
- memory leak fix (Vasily Chekalkin)
- XSD test crash
- weird system parameter entity parsing problem
- allow save to file:///X/ windows paths
- various attribute normalisation problems
- externalSubsetSplit fix (Ashwin)
- attribute redefinition in the DTD (Ashwin)
- fix in char ref parsing check (Alex Khesin)
- many out of memory handling fixes (Ashwin)
- XPath out of memory handling fixes (Alvaro Herrera)
- various realloc problems (Ashwin)
- UCS4 encoding conversion buffer size (Christian Fruth)
- problems with EatName functions on memory errors
- BOM handling in external parsed entities (Mark Rowe)
* Code cleanup:
- fix build under VS 2008 (David Wimsey)
- remove useless mutex in xmlDict (Florent Guilian)
- Mingw32 compilation fix (Carlo Bramini)
- Win and MacOS EOL cleanups (Florent Guiliani)
- iconv need a const detection (Roumen Petrov)
- simplify xmlSetProp (Julien Charbon)
- cross compilation fixes for Mingw (Roumen Petrov)
- SCO Openserver build fix (Florent Guiliani)
- iconv uses const on Win32 (Rob Richards)
- duplicate code removal (Ashwin)
- missing malloc test and error reports (Ashwin)
- VMS makefile fix (Tycho Hilhorst)
* improvements:
- better plug of schematron in the normal error handling (Tobias Minich)
Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support
Fri Mar 21 13:00:00 2008 vuntzAATTsuse.de
- Remove libxml2-2.6.31-gcc4.patch after discussion with upstream.
I compiled the package on all architectures without the patch
without any problem, and upstream doesn\'t see the point of the
patch.
Thu Mar 13 13:00:00 2008 rodrigoAATTsuse.de
- Upstream and tag patches
Thu Jan 24 13:00:00 2008 prusnakAATTsuse.cz
- rename rpmlintrc-libxml2-python to libxml2-python-rpmlintrc :)
Tue Jan 22 13:00:00 2008 prusnakAATTsuse.cz
- build --without-python to allow compilation from src.rpm
Tue Jan 22 13:00:00 2008 prusnakAATTsuse.cz
- rename rpmlintrc to rpmlintrc-libxml2-python
Tue Jan 15 13:00:00 2008 prusnakAATTsuse.cz
- updated to 2.6.31
o security fix:
* missing of checks in UTF-8 parsing
o bug fixes:
* regexp bug
* dump attribute from XHTML document
* fix xmlFree(NULL) to not crash in debug mode
* Schematron parsing crash
* XSD crash due to double free
* indentation fix in xmlTextWriterFullEndElement
* error in attribute type parsing if attribute redeclared
* avoid crash in hash list scanner if deleting elements, column counter bug fix
* HTML embed element saving fix
* avoid -L/usr/lib output from xml2-config
* avoid an xmllint crash
* don\'t stop HTML parsing on out of range chars
o code cleanup:
* fix open() call third argument,
* regexp cut\'n paste copy error,
* unused variable in __xmlGlobalInitMutexLock
* some make distcheck realted fixes
o improvements:
* HTTP Header: includes port number
* testURI --debug option
- removed obsolete patches:
* CVE-2007-6284.patch (included in update)
* open_create.patch (included in update)
Fri Jan 11 13:00:00 2008 sbrabecAATTsuse.cz
- Split documentation into a separate packages.
- Install devhelp documentation (#350918).
- Follow upstream documentation structure.
- Build again with strict aliasing.
- Removed s390
* work-arounds. New gcc builds it again with -O2.
Tue Dec 18 13:00:00 2007 prusnakAATTsuse.cz
- fix libxml2 DoS (CVE-2007-6284.patch) [#349151]
Tue Dec 4 13:00:00 2007 prusnakAATTsuse.cz
- fix call to open() where 3rd parameter is needed (open_create.patch)
Tue Sep 18 14:00:00 2007 sbrabecAATTsuse.cz
- Updated to version 2.6.30:
* Portability: Solaris crash on error handling, windows path
fixes, mingw build
* Bugfixes: xmlXPathNodeSetSort problem, leak when reusing a
writer for a new document, Schemas xsi:nil handling patch,
relative URI build problem, crash in xmlDocFormatDump, invalid
char in comment detection bug, fix disparity with
xmlSAXUserParseMemory, automata generation for complex regexp
counts problems, Schemas IDC import problems, xpath predicate
evailation error handling
Thu Sep 13 14:00:00 2007 dmuellerAATTsuse.de
- build on s390x
Tue Aug 28 14:00:00 2007 prusnakAATTsuse.cz
- applied some fixes from 2.6.30 to fix regression that prevents
the documentation from updating to Beta2 [#300675]
(up30.patch)
Mon Aug 20 14:00:00 2007 sbrabecAATTsuse.cz
- Commented out NoSource to provide comfortable rebuild.
Wed Jun 13 14:00:00 2007 prusnakAATTsuse.cz
- updated to 2.6.29:
o bug fixes:
* fixed xmlBufferAdd problem
* regexp interpretation of \'\\\'
* XPath number serialization
* nanohttp gzipped stream fix
* uri bug
* XPath string value of PI nodes
* XPath node set sorting bugs
* avoid outputting namespace decl dups in the writer
* xmlCtxtReset bug
* UTF-8 encoding error handling
* recustion on next in catalogs
* Relax-NG crash
* invalid character in attribute detection bug
o improved:
* keep URI query parts in raw form
* embed tag support in HTML
- dropped obsolete patches:
* pinode.patch (included in update)
Tue Jun 5 14:00:00 2007 prusnakAATTsuse.cz
- suppress spurious-executable-perm for test scripts using rpmlintrc
Thu May 31 14:00:00 2007 prusnakAATTsuse.cz
- moved tests to tests subdirectory in docdir
- cleaned spec file
Thu May 31 14:00:00 2007 prusnakAATTsuse.cz
- fixed problem with xpath\'s string-value for a PI node
with no content (pinode.path) [#278173]
- cleaned spec file
Tue Apr 24 14:00:00 2007 prusnakAATTsuse.cz
- updated to 2.6.28:
o bug fixes:
* XPath memory leak, node comparison error
* HTML parser autoclose stack usage
* various regexp fixes
* htmlCtxtReset fix
* invalid char in text XInclude
* fix the big string memory leak
* fix whitespace usage
* and many more ... see NEWS
- dropped obsoleted patches:
* null-retval.patch (included in update)
* tabs-spaces.patch (included in update)
Mon Apr 2 14:00:00 2007 rguentherAATTsuse.de
- add zlib-devel BuildRequires
Thu Feb 22 13:00:00 2007 prusnakAATTsuse.cz
- fixed inconsistent use of tabs and spaces in indentation
(tabs-spaces.patch) by Andreas Hanke [#246203]
Thu Jan 25 13:00:00 2007 prusnakAATTsuse.cz
- fixed crash on ENOMEM (null-retval.patch) [#215223]
Tue Jan 9 13:00:00 2007 sbrabecAATTsuse.cz
- gnomeprefix changed to /usr.
- Removed obsolete PreReq.
Mon Dec 11 13:00:00 2006 keAATTsuse.de
- 2.6.27; many improvements and bug fixes. For details, see the NEWS
file.
- Remove libxml2-xpath-1.318.patch (obsolete).
Tue Nov 28 13:00:00 2006 keAATTsuse.de
- Do not install static Python module; reported by Andreas Hanke
[#223696].
Tue Oct 17 14:00:00 2006 keAATTsuse.de
- Move manpage to devel subpackage; reported by Andreas Hanke [#
212441].
Tue Aug 15 14:00:00 2006 keAATTsuse.de
- Remove left-over SuSEconfig traces in %files list.
Mon Aug 14 14:00:00 2006 keAATTsuse.de
- Remove SuSEconfig related files completely. /etc/xml/catalog is now
provided by the sgml-skel package.
