SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libxml2-2-2.9.4-5.20.1.i586.rpm :
Thu Jul 27 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Security fix [CVE-2017-8872, bsc#1038444]

* global-buffer-overflow in htmlParseTryOrFinish

* Added patch libxml2-2.9.4-CVE-2017-8872.patch

Fri Jun 23 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Security fix:

* libxml2-CVE-2017-7376.patch [bsc#1044887, CVE-2017-7376]

* Increase buffer space for port in HTTP redirect support

Tue Jun 20 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Security fix:

* libxml2-CVE-2017-7375.patch [bsc#1044894, CVE-2017-7375]

* Prevent unwanted external entity reference

Tue Jun 20 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Upstream patches updated and with tests:

* libxml2-CVE-2017-9047.patch and libxml2-CVE-2017-9048.patch
merged into libxml2-CVE-2017-9047.patch
[bsc#1039066, bsc#1039661]

* libxml2-CVE-2017-9049.patch and libxml2-CVE-2017-9050.patch
merged into libxml2-CVE-2017-9049.patch
[bsc#1039063, bsc#1039064]

Thu Jun 15 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Security fix:

* libxml2-CVE-2017-0663.patch [bsc#1044337, CVE-2017-0663]

* Fix Heap buffer overflow in xmlAddID

Wed Jun 14 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Security fix:

* libxml2-CVE-2017-5969.patch [bsc#1024989, CVE-2017-5969]

* Fix NULL pointer deref in xmlDumpElementContent

* Deleted patch libxml2-NULL-deref-xmlDumpElementContent.patch

Wed May 17 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Security fixes:

* libxml2-CVE-2017-9050.patch [bsc#1039069, bsc#1039661]

* heap-based buffer overflow (xmlDictAddString func)

* libxml2-CVE-2017-9049.patch [bsc#1039066]

* heap-based buffer overflow (xmlDictComputeFastKey func)

* libxml2-CVE-2017-9048.patch [bsc#1039063]

* stack overflow vulnerability (xmlSnprintfElementContent func)

* libxml2-CVE-2017-9047.patch [bsc#1039064]

* stack overflow vulnerability (xmlSnprintfElementContent func)

Mon Jan 9 13:00:00 2017 sfleesAATTsuse.de
- Security fix

* libxml2-CVE-2016-9597.patch

* Stack overflow before detecting invalid XML file

* [bnc#1017497, CVE-2016-9597]

Wed Dec 14 13:00:00 2016 sfleesAATTsuse.de
- Security fix

* libxml2-CVE-2016-9318.patch

* XML External Entity vulnerability, as this would be an invasive
fix, a new flag has been added to disable the feature if not need.

* [bnc#1010675,bnc#1013930]

* libxml2-2.9.4-CVE-2016-4658.patch

* use-after-free error

* [bnc#1005544]
- Fix NULL dereference in xpointer.c when in recovery mode

* libxml2-NULL-deref-xpointer.patch

* [bnc#1014873]
- Fix NULL dereference in xmlDumpElementContent when in recovery mode

* libxml2-NULL-deref-xmlDumpElementContent.patch

* [bnc#1014873]
- Fix infinite recursion in xmlParseConditionalSections when in recovery mode

* libxml2-inf-rec-xmlParseConditionalSections.patch

* [bnc#1014873]

Wed Jun 8 14:00:00 2016 kstreitovaAATTsuse.com
- add libxml2-2.9.4-fix_attribute_decoding.patch to fix attribute
decoding during XML schema validation [bnc#983288]

Fri May 27 14:00:00 2016 psimonsAATTsuse.com
- Update libxml2 to version libxml2-2.9.4. The new version is
resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835,
CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838,
CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and
CVE-2016-1762.
- Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch and
0001-Add-missing-increments-of-recursion-depth-counter-to.patch.

Tue May 3 14:00:00 2016 sfleesAATTsuse.de
- Add libxml2-2.9.1-CVE-2016-3627.patch to fix stack exhaustion
while parsing certain XML files in recovery mode (CVE-2016-3627,
bnc#972335).
- Add 0001-Add-missing-increments-of-recursion-depth-counter-to.patch
to improve protection against Billion Laughs Attack (bnc#975947).

Fri Apr 15 14:00:00 2016 mgorseAATTsuse.com
- Update to GNOME 3.20 Fate#318572
- Drop 0001-Fix-a-regression-in-xmlGetDocCompressMode.patch,
libxml2-2.9.1-CVE-2015-1819.patch,
libxml2-2.9.1-CVE-2015-5312.patch,
libxml2-2.9.1-CVE-2015-7497.patch,
libxml2-2.9.1-CVE-2015-7498.patch,
libxml2-2.9.1-CVE-2015-7499.patch,
libxml2-2.9.1-CVE-2015-7500.patch,
libxml2-2.9.1-CVE-2015-7941.patch,
libxml2-2.9.1-CVE-2015-7942.patch,
libxml2-2.9.1-CVE-2015-8035.patch,
libxml2-2.9.1-CVE-2015-8241.patch,
libxml2-2.9.1-CVE-2015-8242.patch,
libxml2-2.9.1-CVE-2015-8317.patch,
libxml2-2.9.1-CVE-2015-8710.patch: fixed upstream.

Tue Jan 12 13:00:00 2016 kstreitovaAATTsuse.com
- add libxml2-2.9.1-CVE-2015-8710.patch to fix parsing short
unclosed comment uninitialized access
[bnc#960674], [CVE-2015-8710]

Fri Dec 11 13:00:00 2015 kstreitovaAATTsuse.com
- security update:

* libxml2-2.9.1-CVE-2015-1819.patch

* enforce the reader to run in constant memory

* [CVE-2015-1819], [bnc#928193]

* libxml2-2.9.1-CVE-2015-7941.patch

* fix out of bound read with crafted xml input by stopping
parsing on entities boundaries errors

* [CVE-2015-7941], [bnc#951734]

* libxml2-2.9.1-CVE-2015-7942.patch

* fix another variation of overflow in Conditional sections

* [CVE-2015-7942], [bnc#951735]

* libxml2-2.9.1-CVE-2015-8035.patch

* fix DoS when parsing specially crafted XML document if
XZ support is compiled in

* [CVE-2015-8035], [bnc#954429]

* libxml2-2.9.1-CVE-2015-8241.patch

* avoid extra processing of MarkupDecl when EOF

* [CVE-2015-8241], [bnc#956018]

* libxml2-2.9.1-CVE-2015-8242.patch

* buffer overead with HTML parser in push mode

* [CVE-2015-8242], [bnc#956021]

* libxml2-2.9.1-CVE-2015-8317.patch

* return if the encoding declaration is broken or encoding
conversion failed

* [CVE-2015-8317], [bnc#956260]

* libxml2-2.9.1-CVE-2015-5312.patch

* fix another entity expansion issue

* [CVE-2015-5312], [bnc#957105]

* libxml2-2.9.1-CVE-2015-7497.patch

* avoid an heap buffer overflow in xmlDictComputeFastQKey

* [CVE-2015-7497], [bnc#957106]

* libxml2-2.9.1-CVE-2015-7498.patch

* avoid processing entities after encoding conversion failures

* [CVE-2015-7498], [bnc#957107]

* libxml2-2.9.1-CVE-2015-7499.patch

* add xmlHaltParser() to stop the parser / detect incoherency
on GROW

* [CVE-2015-7499], [bnc#957109]

* libxml2-2.9.1-CVE-2015-7500.patch

* fix memory access error due to incorrect entities boundaries

* [CVE-2015-7500], [bnc#957110]

Tue Nov 24 13:00:00 2015 rpmAATTfthiessen.de
- Update to new upstream release 2.9.3 (bsc#954429):

* Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941,
CVE-2015-1819, CVE-2015-7497, CVE-2015-7498, CVE-2015-5312,
CVE-2015-7499, CVE-2015-7500 and CVE-2015-8242

* And other bugfixes
- Removed upstream fixed patches:

* libxml2-dont_initialize_catalog.patch

* 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch

* 0002-Adding-example-from-bugs-738805-to-regression-tests.patch

Thu Dec 4 13:00:00 2014 vcizekAATTsuse.com
- fix a regression in xzlib compression support (bnc#908376)

* added 0001-Fix-a-regression-in-xmlGetDocCompressMode.patch
- fix a regression caused by CVE-2014-3660 patch (bgo#738805)

* added 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch

* added 0002-Adding-example-from-bugs-738805-to-regression-tests.patch

Mon Nov 3 13:00:00 2014 vcizekAATTsuse.com
- fix a missing entities after CVE-2014-3660 fix
(https://bugzilla.gnome.org/show_bug.cgi?id=738805)

* added patches:
0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
0002-Adding-example-from-bugs-738805-to-regression-tests.patch

Mon Nov 3 13:00:00 2014 vcizekAATTsuse.com
- fix a regression in libxml2 2.9.2

* https://bugzilla.redhat.com/show_bug.cgi?id=1153753
- add libxml2-dont_initialize_catalog.patch

Fri Oct 31 13:00:00 2014 vcizekAATTsuse.com
- update to 2.9.2

* drop libxml2-CVE-2014-3660.patch (upstream)

* add keyring to verify tarball
Security:
Fix for CVE-2014-3660 billion laugh variant
CVE-2014-0191 Do not fetch external parameter entities
Improvements:
win32/libxml2.def.src after rebuild in doc
elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement()
elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode
Provide cmake module
Fix a couple of issues raised by make dist
Fix and add const qualifiers
Preparing for upcoming release of 2.9.2
Fix zlib and lzma libraries check via command line
wrong error column in structured error when parsing end tag
doc/news.html: small update to avoid line join while generating NEWS.
Add methods for python3 iterator
Support element node traversal in document fragments
xmlNodeSetName: Allow setting the name to a substring of the currently set name
Added macros for argument casts
adding init calls to xml and html Read parsing entry points
Get rid of \'REPLACEMENT CHARACTER\' Unicode chars in xmlschemas.c
Implement choice for name classes on attributes
Two small namespace tweaks
xmllint --memory should fail on empty files
Cast encoding name to char pointer to match arg type

Fri Oct 17 14:00:00 2014 vcizekAATTsuse.com
- fix for CVE-2014-3660 (bnc#901546)

* denial of service via recursive entity expansion
(related to billion laughs)

* added libxml2-CVE-2014-3660.patch

Mon Aug 18 14:00:00 2014 fcrozatAATTsuse.com
- Add obsoletes/provides to baselibs.conf.

Wed Jun 25 14:00:00 2014 vcizekAATTsuse.com
- removed libxml2-CVE-2014-0191.patch since it causes existing
applications to break

Fri May 23 14:00:00 2014 vcizekAATTsuse.com
- fix for CVE-2014-0191 (bnc#876652)

* libxml2: external parameter entity loaded when entity
substitution is disabled

* added libxml2-CVE-2014-0191.patch

Fri Aug 2 14:00:00 2013 vcizekAATTsuse.com
- update to 2.9.1
dropped patches (in upstream):

* libxml2-2.9.0-CVE-2012-5134.patch

* libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch

* libxml2-CVE-2013-1969.patch
New features:

* Support for Python3

* Add xmlXPathSetContextNode and xmlXPathNodeEval

Thu Apr 18 14:00:00 2013 vcizekAATTsuse.com
- fix for CVE-2013-1969 (bnc#815665)

* libxml2-CVE-2013-1969.patch

Thu Mar 7 13:00:00 2013 vcizekAATTsuse.com
- fix for CVE-2013-0338 (bnc#805233)
libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch

Sat Dec 15 13:00:00 2012 p.drouandAATTgmail.com
- update to 2.9.0 version:

* please see the Changelog
- Updated patchs to get working with new version:

* libxml2-2.9.0-CVE-2012-5134.patch ( libxml2-CVE-2012-5134.patch )

* fix-perl.diff

Fri Dec 7 13:00:00 2012 vcizekAATTsuse.com
- Add libxml2-CVE-2012-5134.patch to fix CVE-2012-5134 (bnc#793334)

Sun Sep 23 14:00:00 2012 dimstarAATTopensuse.org
- Add a comment next to libxml2.la to make sure that anybody
removing it knows why it\'s there and reconsiders.

Sun Sep 23 14:00:00 2012 cooloAATTsuse.com
- readd .la file, python-libxml2 needs it

Fri Sep 21 14:00:00 2012 jengelhAATTinai.de
- Remove .la files; make sure installation succeeds for
Fedora_17 target

Tue Jun 12 14:00:00 2012 chrisAATTcomputersalat.de
- update to 2.8.0

* please se ChangeLog for more info
- remove obsolete bigendian64 patch
- rebase fix-perl patch

Sun Mar 11 13:00:00 2012 jengelhAATTmedozas.de
- libxml2-2 should not require libxml2-tools. There is no trouble
expected, since attempting to install libxml2 will already pull
in libxml2-tools due to Provides tags.

Mon Mar 5 13:00:00 2012 cooloAATTsuse.com
- revert the two commits that broke perl-XML-LibXML\'s test case,
I hope the two upstreams will figure it out

Fri Mar 2 13:00:00 2012 cooloAATTsuse.com
- update to git to fix some issues

* Fix a logic error in Schemas Component ConstraintsHEADmaster

* Fix a wrong enum type use in Schemas Types

Thu Mar 1 13:00:00 2012 meissnerAATTsuse.de
- fixed a 64bit big endian bug in the file reader.

Sat Feb 25 13:00:00 2012 cooloAATTsuse.com
- the fallout of requiring libxml2-tools as explicit buildrequire
is just too large, so avoid it for now and create a cycle between
libxml2-2 and libxml2-tools

Sat Feb 25 13:00:00 2012 cooloAATTsuse.com
- add provide for the old name to fix packages with explicit
library dependency

Thu Feb 23 13:00:00 2012 cooloAATTsuse.com
- update to today\'s GIT snapshot:
include XZ support
- split libxml2-2 according to shared library policy

Mon Dec 26 13:00:00 2011 jengelhAATTmedozas.de
- Remove redundant tags/sections

Wed Dec 21 13:00:00 2011 cooloAATTsuse.com
- add autoconf as buildrequire to avoid implicit dependency

Tue Dec 20 13:00:00 2011 cooloAATTsuse.com
- own aclocal directory, there is no other reason to buildrequire
automake

Fri Jul 8 14:00:00 2011 saschpeAATTsuse.de
- update to libxml-2.7.8+git20110708
- several important bugfixes
- drop upstreamed patches:

* libxml2-CVE-2010-4494.patch

* libxml2-CVE-2011-1944.patch

* noxref.patch

* symbol-versioning.patch

Wed Jun 29 14:00:00 2011 puzelAATTnovell.com
- add libxml2-CVE-2011-1944.patch (bnc#697372)

Sun Jun 5 14:00:00 2011 cshorlerAATTgooglemail.com
- add symbol-versioning.patch to restore 11.3 versioned symbols

Mon Jan 3 13:00:00 2011 puzelAATTnovell.com
- add libxml2-CVE-2010-4494.patch (bnc#661471)

Fri Dec 3 13:00:00 2010 puzelAATTnovell.com
- update to libxml-2.7.8
- number of bufixes, documentation and portability fixes
- update language ID parser to RFC 5646
- sort python generated stubs
- add an HTML parser option to avoid a default doctype
- see http://xmlsoft.org/news.html for exact details
- drop libxml2-xpath-ns-attr-axis.patch (in upstream)
- clean up specfile

Mon Nov 1 13:00:00 2010 puzelAATTnovell.com
- add libxml2-xpath-ns-attr-axis.patch (bnc#648277)

Sat Oct 30 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Use --disable-static

Mon Sep 20 14:00:00 2010 puzelAATTnovell.com
- drop libxml2-largefile64.patch (revert last change)
- the issue is fixed in zlib

Fri Sep 17 14:00:00 2010 puzelAATTnovell.com
- add libxml2-largefile64.patch (fixes build)
- debian bug#439843

Wed Jul 14 14:00:00 2010 jwAATTnovell.com
- added noxref.patch,
this implements a new --noxref option, which turns
validation errors about missing xrefs into warnings.
Upstreamed as https://bugzilla.gnome.org/show_bug.cgi?id=624386

Sat Apr 24 14:00:00 2010 cooloAATTnovell.com
- buildrequire pkg-config to fix provides

Tue Mar 23 13:00:00 2010 mrdocsAATTopensuse.org
- update to 2.7.7
- add extra options to ./configure for scribus features and avoid a crash
- updates from 2.7.3 > 2.7.7 include a number of portability, correctness
memory leaks and build fixes including some CVE
- see http://xmlsoft.org/news.html for exact details

Mon Feb 22 13:00:00 2010 mrdocsAATTopensuse.org
- add sax parser option compiled in

Mon Dec 14 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
- package documentation as noarch

Sun Aug 2 14:00:00 2009 jansimon.moellerAATTopensuse.org
- Disable the check for ARM as qemu-arm can\'t keep up atm.

Thu Mar 19 13:00:00 2009 prusnakAATTsuse.cz
- updated to 2.7.2

* Portability fix: fix solaris compilation problem,
fix compilation if XPath is not configured in

* Bug fixes: nasty entity bug introduced in 2.7.0, restore old
behaviour when saving an HTML doc with an xml dump function,
HTML UTF-8 parsing bug, fix reader custom error handlers
(Riccardo Scussat)

* Improvement: xmlSave options for more flexibility to save
as XML/HTML/XHTML, handle leading BOM in HTML documents
- updated to 2.7.3

* Build fix: fix build when HTML support is not included.

* Bug fixes: avoid memory overflow in gigantic text nodes,
indentation problem on the writed (Rob Richards),
xmlAddChildList pointer problem (Rob Richards and Kevin Milburn),
xmlAddChild problem with attribute (Rob Richards and Kris Breuker),
avoid a memory leak in an edge case (Daniel Zimmermann),
deallocate some pthread data (Alex Ott).

* Improvements: configure option to avoid rebuilding docs
(Adrian Bunk), limit text nodes to 10MB max by default,
add element traversal APIs, add a parser option to enable
pre 2.7 SAX behavior (Rob Richards),
add gcc malloc checking (Marcus Meissner),
add gcc printf like functions parameters checking (Marcus Meissner).
- dropped obsoleted patches:

* alloc_size.patch (mainline)

* CVE-2008-4225.patch (mainline)

* CVE-2008-4226.patch (mainline)

* CVE-2008-4409.patch (mainline)

* oldsax.patch (mainline)

* pritnf.patch (mainline)

* xmlsave.patch (mainline)


  
ICM