SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libxml2-2-2.10.3-5.3.i586.rpm :

* Wed Feb 01 2023 Dirk Müller - remove zlib-devel, pkgconfig(zlib) is sufficient
* Mon Oct 31 2022 David Anes - Add W3C conformance tests to the testsuite (bsc#1204585):
* Added file xmlts20080827.tar.gz
* Fri Oct 14 2022 Bjørn Lie - Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304): + Security: - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE - Fix overflow check in SAX2.c + Build system: cmake: Set SOVERSION- Rebase patches with quilt.
* Thu Sep 01 2022 Pedro Monreal - Build for now with --with-legacy to enable APIs that have been deprecated recently. (bsc#1202965)
* Tue Aug 30 2022 Bjørn Lie - Update to version 2.10.2:
* Improvements: + Remove set-but-unused variable in xmlXPathScanName + Silence -Warray-bounds warning
* Build system + build: require automake-1.16.3 or later + Remove generated files from distribution
* Test suite: Don\'t create missing.xml when running testapi- Add configure --with-python=%{__python3} inbefore python build, as upstream no longer ships pre-grenerated files.- Use sed to fix env-script-interpreter in documentation example.- Pass with-ftp to configure, build ftp support.
* Thu Aug 25 2022 Bjørn Lie - Update to version 2.10.1:
* Regressions: Fix xmlCtxtReadDoc with encoding
* Bug fixes: Fix HTML parser with threads and --without-legacy
* Build system: + Fix build with Python 3.10 + cmake: Disable version script on macOS + Remove Makefile rule to build testapi.c
* Documentation: + Switch back to HTML output for API documentation + Port doc/examples/index.py to Python 3 + Fix order of exports in libxml2-api.xml + Remove libxml2-refs.xml
* Thu Aug 18 2022 David Anes - Update to 2.10.0:
* Security + [CVE-2022-2309] Reset nsNr in xmlCtxtReset + Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer + Fix missing NUL terminators in xmlBuf and xmlBuffer functions + Fix integer overflow in xmlBufferDump() + xmlBufAvail() should return length without including a byte for NUL terminator + Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() + Use xmlNewDocText in xmlXIncludeCopyRange + Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser + Use UPDATE_COMPAT() consistently in buf.c + fix: xmlXPathParserContext could be double-delete in OOM case.
* Removals and deprecations + Disable XPointer location support by default + Remove outdated xml2Conf.sh + Deprecate module init and cleanup functions + Remove obsolete XML Software Autoupdate (XSA) file + Remove DOCBparser + Remove obsolete Python test framework + Remove broken VxWorks support + Remove broken Mac OS 9 support + Remove broken bakefile support + Remove broken Visual Studio 2010 support + Remove broken Windows CE support + Deprecate IDREF-related functions in valid.h + Deprecate legacy functions + Disable legacy support by default + Deprecate all functions in nanoftp.h + Disable FTP support by default + Add XML_DEPRECATED macro + Remove elfgcchack.h
* Regressions + Skip incorrectly opened HTML comments + Restore behavior of htmlDocContentDumpFormatOutput()
* Bug fixes + Fix memory leak with invalid XSD + Make XPath depth check work with recursive invocations + Fix memory leak in xmlLoadEntityContent error path + Avoid double-free if malloc fails in inputPush + Properly fold whitespace around the QName value when validating an XSD schema. + Add whitespace folding for some atomic data types that it\'s missing on. + Don\'t add IDs containing unexpanded entity references
* Improvements + Avoid calling xmlSetTreeDoc + Simplify xmlFreeNode + Don\'t reset nsDef when changing node content + Fix unintended fall-through in xmlNodeAddContentLen + Remove unused xmlBuf functions + Implement xpath1() XPointer scheme + Add configuration flag for XPointer locations support + Fix compiler warnings in Python code + Mark more static data as `const` + Make xmlStaticCopyNode non-recursive + Clean up encoding switching code + Simplify recursive pthread mutex + Use non-recursive mutex in dict.c + Fix parser progress checks + Avoid arithmetic on freed pointers + Improve buffer allocation scheme + Remove unneeded #includes + Add support for some non-standard escapes in regular expressions. + htmlParseComment: handle abruptly-closed comments + Add let variable tag support + Add value-of tag support + Remove useless call to xmlRelaxNGCleanupTypes + Don\'t include ICU headers in public headers + Update `xmlStrlen()` to use POSIX / ISO C `strlen()` + Fix unused variable warnings with disabled features + Only warn on invalid redeclarations of predefined entities + Remove unneeded code in xmlreader.c + Rework validation context flags
* Portability + Use NAN/INFINITY if available to init XPath NaN/Inf + Fix Python tests on macOS + Fix xmlCleanupThreads on Windows + Fix reinitialization of library on Windows + Don\'t mix declarations and code in runtest.c + Use portable python shebangs + Use critical sections as mutex on Windows + Don\'t set HAVE_WIN32_THREADS in win32config.h + Use stdint.h with newer MSVC + Remove cruft from win32config.h + Remove isinf/isnan emulation in win32config.h + Always fopen files with \"rb\" + Remove __DJGPP__ checks + Remove useless __CYGWIN__ checks
* Build system + Don\'t autogenerate doc/examples/Makefile.am + cmake: Install libxml.m4 on UNIX-like platforms + cmake: Use symbol versioning on UNIX-like platforms + Port genUnicode.py to Python 3 + Port gentest.py to Python 3 + cmake: Fix build without thread support + cmake: Install documentation in CMAKE_INSTALL_DOCDIR + cmake: Remove non needed files in docs dir + configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set + Move local Autoconf macros into m4 directory + Use XML_PRIVATE_LIBS in libxml2_la_LIBADD + Update libxml-2.0-uninstalled.pc.in + Remove LIBS from XML_PRIVATE_LIBS + Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS + Don\'t overlink executables + cmake: Adjust paths for UNIX or UNIX-like target systems + build: Make use of variables in libxml\'s pkg-config file + Avoid obsolescent `test -a` constructs + Move AM_MAINTAINER_MODE to AM section + configure.ac: make AM_SILENT_RULES([yes]) unconditional + Streamline documentation installation + Don\'t try to recreate COPYING symlink + Detect libm using libtool\'s macros + configure.ac: disable static libraries by default + python/Makefile.am: nest python docs in $(docdir) + python/Makefile.am: rely on global AM_INIT_AUTOMAKE + Makefile.am: install examples more idiomatically + configure.ac: remove useless AC_SUBST + Respect `--sysconfdir` in source files + Ignore configure backup file created by recent autoreconf too + Only install
*.html and
*.c example files + Remove --with-html-dir option + Rework documentation build system + Remove old website + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings + Update genChRanges.py + Update build_glob.py + Remove ICONV_CONST test + Remove obsolete AC_HEADER checks + Don\'t check for standard C89 library functions + Don\'t check for standard C89 headers + Remove special configuration for certain maintainers
* Test suite, CI + Disable network in API tests + testapi: remove leading slash from \"/missing.xml\" + Build Autotools CI tests out of source tree (VPATH) + Add --with-minimum build to CI tests + Fix warnings when testing --with-minimum build + cmake: Run all tests when threads are disabled + Also build CI tests with -Werror + Move doc/examples tests to new test suite + Simplify \'make check\' targets + Fix schemas and relaxng tests + Remove unused result files + Allow missing result files in runtest + Move regexp tests to runtest + Move SVG tests to runtest.c + Move testModule to new test suite + Move testThreads to new test suite + Remove major parts of old test suite + Make testchar return an error on failure + Add CI job for static build + python/tests: open() relative to test scripts + Port some test scripts to Python 3
* Documentation + Improve documentation of tree manipulation API + Update xml2-config man page + Consolidate man pages + Rename xmlcatalog_man.xml + Make examples a standalone HTML page + Fix documentation in entities.c + Add note about optimization flags
* Mon May 02 2022 David Anes - Update to 2.9.14:
* Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent
* Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex
* Improvements: + Fix recovery from invalid HTML start tags
* Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build
* Fri Mar 18 2022 Dominique Leuenberger - Build python bindings in a 2nd run, using multibuild: otherwise, libxml2 requires pkgconfig(libxml-2.0) to build, causing issues to bootstrap.
* Tue Mar 08 2022 Luciano Santos - Update to version 2.9.13:
* Security fixes: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes (boo#1196490); + Several memory leaks and another issues.
* Many regressions fixes.
* Numerous bug fixes, including, among many others: + xmllint\'s --maxmem option should work as expected now; + xmllint now returns an error if arguments are missing.
* Numerous tests and code and fuzzing fixes and improvements.
* Updated documentation.- The full Libxml2 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxml2/2.9/\\ libxml2-2.9.13.news.- Replace version-release macros in all 3 Obsoletes tag with plain 2.9.13 to avoid unwanted behaviors in the future.- Remove dropped upstream AUTHORS file from list of files to be installed in the documentation location with \'cp\' command.- Update http://xmlsoft.org URL tag to Libxml2\'s new web home: https://gitlab.gnome.org/GNOME/libxml2.- Update ftp://xmlsoft.org Source tag to Libxml2\'s new download host: https://download.gnome.org.- Drop deprecated Python-2-related macro definitions/conditional statement from spec file.- Drop merged upstream patches: libxml2-fix-lxml-corrupted-subtree-structures.patch; libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch.- Drop libxml2.keyring source file as the new download host doesn\'t offer GPG signatures.- Use ldconfig_scriptlets macro for post(un) handling.
* Wed Oct 20 2021 Matej Cepl - Rewrite package to the single-spec %python_subpackage_only style and eliminate unnecessary multibuild.
* Tue Jun 01 2021 Pedro Monreal - Fix python-lxml regression with libxml2 2.9.12:
* Work around lxml API abuse: gitlab.gnome.org/GNOME/libxml2/issues/255- Add upstream patches:
* libxml2-fix-lxml-corrupted-subtree-structures.patch
* libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch
* Tue Jun 01 2021 Ferdinand Thiessen - Update to version 2.9.12
* Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879), CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928)
* Fix null deref in legacy SAX1 parser
* Fix handling of unexpected EOF in xmlParseContent
* Fix user-after-free
* Validate UTF8 in xmlEncodeEntities
* Fix memory leak in xmlParseElementMixedContentDecl
* Fix integer overflow in xmlSchemaGetParticleTotalRangeMin
* Fix SEGV in xmlSAXParseFileWithData
* Don\'t process siblings of root in xmlXIncludeProcess
* Full changes: http://xmlsoft.org/news.html- Drop upstream fixed
* libxml2-CVE-2021-3541.patch
* libxml2-CVE-2021-3537.patch
* libxml2-CVE-2021-3518.patch
* libxml2-CVE-2021-3517.patch
* libxml2-CVE-2021-3516.patch
* libxml2-CVE-2020-7595.patch
* libxml2-CVE-2019-20388.patch
* libxml2-CVE-2020-24977.patch
* libxml2-CVE-2019-19956.patch
* libxml2-python39.patch
* libxml2-Avoid-quadratic-checking-of-identity-constraints.patch- Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch- Drop since 2.8.0 merged fix-perl.diff- Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Wed May 19 2021 Pedro Monreal - Security fix: [bsc#1186015, CVE-2021-3541]
* Exponential entity expansion attack bypasses all existing protection mechanisms.- Add libxml2-CVE-2021-3541.patch
* Mon May 10 2021 Pedro Monreal - Security fix: [bsc#1185698, CVE-2021-3537]
* NULL pointer dereference in valid.c:xmlValidBuildAContentModel
* Add libxml2-CVE-2021-3537.patch
* Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185408, CVE-2021-3518]
* Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
* Add libxml2-CVE-2021-3518.patch
* Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185410, CVE-2021-3517]
* Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3517.patch
* Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185409, CVE-2021-3516]
* Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3516.patch
* Tue Feb 23 2021 Teemu Mannermaa - Fails to build against Python 3.9:
* Add upstream commit that fixes the issue https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1- Add patch libxml2-python39.patch
* Thu Dec 17 2020 Pedro Monreal - Security fix: [bsc#1161521, CVE-2019-20388]
* Memory leak in xmlSchemaPreRun in xmlschemas.c- Add libxml2-CVE-2019-20388.patch
* Wed Nov 25 2020 Pedro Monreal - Avoid quadratic checking of identity-constraints: [bsc#1178823]
* key/unique/keyref schema attributes currently use qudratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.- Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
* Fri Oct 23 2020 Benjamin Greiner - Make python subpackage ready for multiple python3 flavors gh#openSUSE/python-rpm-macros#66
* Mon Sep 07 2020 Pedro Monreal - Security fix: [bsc#1176179, CVE-2020-24977]
* xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal- Add patch libxml2-CVE-2020-24977.patch
* Wed May 27 2020 Pedro Monreal Gonzalez - Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021]- Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549
* Add patch libxml2-CVE-2019-19956.patch
* Mon Mar 16 2020 Pedro Monreal Gonzalez - Security fix: [bsc#1161517, CVE-2020-7595]
* xmlStringLenDecodeEntities in parser.c has an infinite loop in a certain end-of-file situation- Add libxml2-CVE-2020-7595.patch
* Mon Mar 16 2020 Tomáš Chvátal - Do not pull in the non-python deps on the python build
* Sat Mar 14 2020 Tomáš Chvátal - Revert the previous change and use multibuild to determine supported flavors. We need to be able to enable/disable pythons in prjconf and multibuild directly clashes with that.
  
ICM