SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libxml2-2-2.10.2-2.2.x86_64.rpm :

* Thu Sep 01 2022 Pedro Monreal - Build for now with --with-legacy to enable APIs that have been deprecated recently. (bsc#1202965)
* Tue Aug 30 2022 Bjørn Lie - Update to version 2.10.2:
* Improvements: + Remove set-but-unused variable in xmlXPathScanName + Silence -Warray-bounds warning
* Build system + build: require automake-1.16.3 or later + Remove generated files from distribution
* Test suite: Don\'t create missing.xml when running testapi- Add configure --with-python=%{__python3} inbefore python build, as upstream no longer ships pre-grenerated files.- Use sed to fix env-script-interpreter in documentation example.- Pass with-ftp to configure, build ftp support.
* Thu Aug 25 2022 Bjørn Lie - Update to version 2.10.1:
* Regressions: Fix xmlCtxtReadDoc with encoding
* Bug fixes: Fix HTML parser with threads and --without-legacy
* Build system: + Fix build with Python 3.10 + cmake: Disable version script on macOS + Remove Makefile rule to build testapi.c
* Documentation: + Switch back to HTML output for API documentation + Port doc/examples/index.py to Python 3 + Fix order of exports in libxml2-api.xml + Remove libxml2-refs.xml
* Thu Aug 18 2022 David Anes - Update to 2.10.0:
* Security + [CVE-2022-2309] Reset nsNr in xmlCtxtReset + Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer + Fix missing NUL terminators in xmlBuf and xmlBuffer functions + Fix integer overflow in xmlBufferDump() + xmlBufAvail() should return length without including a byte for NUL terminator + Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() + Use xmlNewDocText in xmlXIncludeCopyRange + Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser + Use UPDATE_COMPAT() consistently in buf.c + fix: xmlXPathParserContext could be double-delete in OOM case.
* Removals and deprecations + Disable XPointer location support by default + Remove outdated xml2Conf.sh + Deprecate module init and cleanup functions + Remove obsolete XML Software Autoupdate (XSA) file + Remove DOCBparser + Remove obsolete Python test framework + Remove broken VxWorks support + Remove broken Mac OS 9 support + Remove broken bakefile support + Remove broken Visual Studio 2010 support + Remove broken Windows CE support + Deprecate IDREF-related functions in valid.h + Deprecate legacy functions + Disable legacy support by default + Deprecate all functions in nanoftp.h + Disable FTP support by default + Add XML_DEPRECATED macro + Remove elfgcchack.h
* Regressions + Skip incorrectly opened HTML comments + Restore behavior of htmlDocContentDumpFormatOutput()
* Bug fixes + Fix memory leak with invalid XSD + Make XPath depth check work with recursive invocations + Fix memory leak in xmlLoadEntityContent error path + Avoid double-free if malloc fails in inputPush + Properly fold whitespace around the QName value when validating an XSD schema. + Add whitespace folding for some atomic data types that it\'s missing on. + Don\'t add IDs containing unexpanded entity references
* Improvements + Avoid calling xmlSetTreeDoc + Simplify xmlFreeNode + Don\'t reset nsDef when changing node content + Fix unintended fall-through in xmlNodeAddContentLen + Remove unused xmlBuf functions + Implement xpath1() XPointer scheme + Add configuration flag for XPointer locations support + Fix compiler warnings in Python code + Mark more static data as `const` + Make xmlStaticCopyNode non-recursive + Clean up encoding switching code + Simplify recursive pthread mutex + Use non-recursive mutex in dict.c + Fix parser progress checks + Avoid arithmetic on freed pointers + Improve buffer allocation scheme + Remove unneeded #includes + Add support for some non-standard escapes in regular expressions. + htmlParseComment: handle abruptly-closed comments + Add let variable tag support + Add value-of tag support + Remove useless call to xmlRelaxNGCleanupTypes + Don\'t include ICU headers in public headers + Update `xmlStrlen()` to use POSIX / ISO C `strlen()` + Fix unused variable warnings with disabled features + Only warn on invalid redeclarations of predefined entities + Remove unneeded code in xmlreader.c + Rework validation context flags
* Portability + Use NAN/INFINITY if available to init XPath NaN/Inf + Fix Python tests on macOS + Fix xmlCleanupThreads on Windows + Fix reinitialization of library on Windows + Don\'t mix declarations and code in runtest.c + Use portable python shebangs + Use critical sections as mutex on Windows + Don\'t set HAVE_WIN32_THREADS in win32config.h + Use stdint.h with newer MSVC + Remove cruft from win32config.h + Remove isinf/isnan emulation in win32config.h + Always fopen files with \"rb\" + Remove __DJGPP__ checks + Remove useless __CYGWIN__ checks
* Build system + Don\'t autogenerate doc/examples/Makefile.am + cmake: Install libxml.m4 on UNIX-like platforms + cmake: Use symbol versioning on UNIX-like platforms + Port genUnicode.py to Python 3 + Port gentest.py to Python 3 + cmake: Fix build without thread support + cmake: Install documentation in CMAKE_INSTALL_DOCDIR + cmake: Remove non needed files in docs dir + configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set + Move local Autoconf macros into m4 directory + Use XML_PRIVATE_LIBS in libxml2_la_LIBADD + Update libxml-2.0-uninstalled.pc.in + Remove LIBS from XML_PRIVATE_LIBS + Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS + Don\'t overlink executables + cmake: Adjust paths for UNIX or UNIX-like target systems + build: Make use of variables in libxml\'s pkg-config file + Avoid obsolescent `test -a` constructs + Move AM_MAINTAINER_MODE to AM section + configure.ac: make AM_SILENT_RULES([yes]) unconditional + Streamline documentation installation + Don\'t try to recreate COPYING symlink + Detect libm using libtool\'s macros + configure.ac: disable static libraries by default + python/Makefile.am: nest python docs in $(docdir) + python/Makefile.am: rely on global AM_INIT_AUTOMAKE + Makefile.am: install examples more idiomatically + configure.ac: remove useless AC_SUBST + Respect `--sysconfdir` in source files + Ignore configure backup file created by recent autoreconf too + Only install
*.html and
*.c example files + Remove --with-html-dir option + Rework documentation build system + Remove old website + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings + Update genChRanges.py + Update build_glob.py + Remove ICONV_CONST test + Remove obsolete AC_HEADER checks + Don\'t check for standard C89 library functions + Don\'t check for standard C89 headers + Remove special configuration for certain maintainers
* Test suite, CI + Disable network in API tests + testapi: remove leading slash from \"/missing.xml\" + Build Autotools CI tests out of source tree (VPATH) + Add --with-minimum build to CI tests + Fix warnings when testing --with-minimum build + cmake: Run all tests when threads are disabled + Also build CI tests with -Werror + Move doc/examples tests to new test suite + Simplify \'make check\' targets + Fix schemas and relaxng tests + Remove unused result files + Allow missing result files in runtest + Move regexp tests to runtest + Move SVG tests to runtest.c + Move testModule to new test suite + Move testThreads to new test suite + Remove major parts of old test suite + Make testchar return an error on failure + Add CI job for static build + python/tests: open() relative to test scripts + Port some test scripts to Python 3
* Documentation + Improve documentation of tree manipulation API + Update xml2-config man page + Consolidate man pages + Rename xmlcatalog_man.xml + Make examples a standalone HTML page + Fix documentation in entities.c + Add note about optimization flags
* Mon May 02 2022 David Anes - Update to 2.9.14:
* Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent
* Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex
* Improvements: + Fix recovery from invalid HTML start tags
* Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build
* Fri Mar 18 2022 Dominique Leuenberger - Build python bindings in a 2nd run, using multibuild: otherwise, libxml2 requires pkgconfig(libxml-2.0) to build, causing issues to bootstrap.
* Tue Mar 08 2022 Luciano Santos - Update to version 2.9.13:
* Security fixes: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes (boo#1196490); + Several memory leaks and another issues.
* Many regressions fixes.
* Numerous bug fixes, including, among many others: + xmllint\'s --maxmem option should work as expected now; + xmllint now returns an error if arguments are missing.
* Numerous tests and code and fuzzing fixes and improvements.
* Updated documentation.- The full Libxml2 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxml2/2.9/\\ libxml2-2.9.13.news.- Replace version-release macros in all 3 Obsoletes tag with plain 2.9.13 to avoid unwanted behaviors in the future.- Remove dropped upstream AUTHORS file from list of files to be installed in the documentation location with \'cp\' command.- Update http://xmlsoft.org URL tag to Libxml2\'s new web home: https://gitlab.gnome.org/GNOME/libxml2.- Update ftp://xmlsoft.org Source tag to Libxml2\'s new download host: https://download.gnome.org.- Drop deprecated Python-2-related macro definitions/conditional statement from spec file.- Drop merged upstream patches: libxml2-fix-lxml-corrupted-subtree-structures.patch; libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch.- Drop libxml2.keyring source file as the new download host doesn\'t offer GPG signatures.- Use ldconfig_scriptlets macro for post(un) handling.
* Wed Oct 20 2021 Matej Cepl - Rewrite package to the single-spec %python_subpackage_only style and eliminate unnecessary multibuild.
* Tue Jun 01 2021 Pedro Monreal - Fix python-lxml regression with libxml2 2.9.12:
* Work around lxml API abuse: gitlab.gnome.org/GNOME/libxml2/issues/255- Add upstream patches:
* libxml2-fix-lxml-corrupted-subtree-structures.patch
* libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch
* Tue Jun 01 2021 Ferdinand Thiessen - Update to version 2.9.12
* Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879), CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928)
* Fix null deref in legacy SAX1 parser
* Fix handling of unexpected EOF in xmlParseContent
* Fix user-after-free
* Validate UTF8 in xmlEncodeEntities
* Fix memory leak in xmlParseElementMixedContentDecl
* Fix integer overflow in xmlSchemaGetParticleTotalRangeMin
* Fix SEGV in xmlSAXParseFileWithData
* Don\'t process siblings of root in xmlXIncludeProcess
* Full changes: http://xmlsoft.org/news.html- Drop upstream fixed
* libxml2-CVE-2021-3541.patch
* libxml2-CVE-2021-3537.patch
* libxml2-CVE-2021-3518.patch
* libxml2-CVE-2021-3517.patch
* libxml2-CVE-2021-3516.patch
* libxml2-CVE-2020-7595.patch
* libxml2-CVE-2019-20388.patch
* libxml2-CVE-2020-24977.patch
* libxml2-CVE-2019-19956.patch
* libxml2-python39.patch
* libxml2-Avoid-quadratic-checking-of-identity-constraints.patch- Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch- Drop since 2.8.0 merged fix-perl.diff- Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Wed May 19 2021 Pedro Monreal - Security fix: [bsc#1186015, CVE-2021-3541]
* Exponential entity expansion attack bypasses all existing protection mechanisms.- Add libxml2-CVE-2021-3541.patch
* Mon May 10 2021 Pedro Monreal - Security fix: [bsc#1185698, CVE-2021-3537]
* NULL pointer dereference in valid.c:xmlValidBuildAContentModel
* Add libxml2-CVE-2021-3537.patch
* Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185408, CVE-2021-3518]
* Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
* Add libxml2-CVE-2021-3518.patch
* Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185410, CVE-2021-3517]
* Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3517.patch
* Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185409, CVE-2021-3516]
* Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3516.patch
* Tue Feb 23 2021 Teemu Mannermaa - Fails to build against Python 3.9:
* Add upstream commit that fixes the issue https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1- Add patch libxml2-python39.patch
* Thu Dec 17 2020 Pedro Monreal - Security fix: [bsc#1161521, CVE-2019-20388]
* Memory leak in xmlSchemaPreRun in xmlschemas.c- Add libxml2-CVE-2019-20388.patch
* Wed Nov 25 2020 Pedro Monreal - Avoid quadratic checking of identity-constraints: [bsc#1178823]
* key/unique/keyref schema attributes currently use qudratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.- Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
* Fri Oct 23 2020 Benjamin Greiner - Make python subpackage ready for multiple python3 flavors gh#openSUSE/python-rpm-macros#66
* Mon Sep 07 2020 Pedro Monreal - Security fix: [bsc#1176179, CVE-2020-24977]
* xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal- Add patch libxml2-CVE-2020-24977.patch
* Wed May 27 2020 Pedro Monreal Gonzalez - Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021]- Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549
* Add patch libxml2-CVE-2019-19956.patch
* Mon Mar 16 2020 Pedro Monreal Gonzalez - Security fix: [bsc#1161517, CVE-2020-7595]
* xmlStringLenDecodeEntities in parser.c has an infinite loop in a certain end-of-file situation- Add libxml2-CVE-2020-7595.patch
* Mon Mar 16 2020 Tomáš Chvátal - Do not pull in the non-python deps on the python build
* Sat Mar 14 2020 Tomáš Chvátal - Revert the previous change and use multibuild to determine supported flavors. We need to be able to enable/disable pythons in prjconf and multibuild directly clashes with that.
* Sun Dec 15 2019 Stefan Brüns - Build python2 and python3 bindings in separate flavors. As python3-libxml2 is a dependency of e.g. itstools and thus many other packages these packages no longer have a build dependency on python2. Breaks a build loop for python2.
* Thu Nov 28 2019 Pedro Monreal Gonzalez - Since libxml2-2.9.10 perl-XML-LibXSLT fails to build: [bsc#1157450]
* Revert upstream commit to make xmlFreeNodeList non-recursive https://github.com/GNOME/libxml2/commit/0762c9b69ba01628f72eada1c64ff3d361fb5716- Add patch libxml2-xmlFreeNodeList-recursive.patch
* Fri Nov 15 2019 Pedro Monreal Gonzalez - Version update to 2.9.10:
* Portability: + Fix exponent digits when running tests under old MSVC + Work around buggy ceil() function on AIX + Don\'t call printf with NULL string in runtest.c + Switched from unsigned long to ptrdiff_t in parser.c + timsort.h: support older GCCs + Make configure.ac work with older pkg-config
* Bug Fixes: + Fix for conditional sections at end of document + Make sure that Python tests exit with error code + Audit memory error handling in xpath.c + Fix error code in xmlTextWriterStartDocument + Fix integer overflow when counting written bytes + Fix uninitialized memory access in HTML parser + Fix memory leak in xmlSchemaValAtomicType + Disallow conditional sections in internal subset + Fix use-after-free in xmlTextReaderFreeNodeList + Fix Regextests + Fix empty branch in regex + Fix integer overflow in entity recursion check + Don\'t read external entities or XIncludes from stdin + Fix Schema determinism check of ##other namespaces + Fix potential null deref in xmlSchemaIDCFillNodeTables + Fix potential memory leak in xmlBufBackToBuffer + Fix error message when processing XIncludes with fallbacks + Fix memory leak in xmlRegEpxFromParse + 14:00 is a valid timezone for xs:dateTime + Fix memory leak in xmlParseBalancedChunkMemoryRecover + Fix potential null deref in xmlRelaxNGParsePatterns + Misleading error message with xs:{min|max}Inclusive + Fix memory leak in xmlXIncludeLoadTxt + Partial fix for comparison of xs:durations + Fix null deref in xmlreader buffer + Fix unability to RelaxNG-validate grammar with choice-based name class + Fix unability to validate ambiguously constructed interleave for RelaxNG + Fix possible null dereference in xmlXPathIdFunction + fix memory leak in xmlAllocOutputBuffer + Fix unsigned int overflow + dict.h: gcc 2.95 doesn\'t allow multiple storage classes + Fix another code path in xmlParseQName + Make sure that xmlParseQName returns NULL in error case + Fix build without reader but with pattern + Fix memory leak in xmlAllocOutputBufferInternal error path + Fix unsigned integer overflow + Fix return value of xmlOutputBufferWrite + Fix parser termination from \"Double hyphen within comment\" error + Fix call stack overflow in xmlFreePattern + Fix null deref in previous commit + Fix memory leaks in xmlXPathParseNameComplex error paths + Check for integer overflow in xmlXPtrEvalChildSeq + Fix xmllint dump of XPath namespace nodes + Fix float casts in xmlXPathSubstringFunction + Fix null deref in xmlregexp error path + Fix null pointer dereference in xmlTextReaderReadOuterXml + Fix memory leaks in xmlParseStartTag2 error paths + Fix memory leak in xmlSAX2StartElement + Fix commit \"Memory leak in xmlFreeID (xmlreader.c)\" + Fix NULL pointer deref in xmlTextReaderValidateEntity + Memory leak in xmlFreeTextReader + Memory leak in xmlFreeID (xmlreader.c)
* Improvements: + Propagate memory errors in valuePush + Propagate memory errors in xmlXPathCompExprAdd + Make xmlFreeDocElementContent non-recursive + Avoid ignored attribute warnings under GCC + Make xmlDumpElementContent non-recursive + Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE + Mark xmlExp
* symbols as removed + Make xmlParseConditionalSections non-recursive + Adjust expected error in Python tests + Make xmlTextReaderFreeNodeList non-recursive + Make xmlFreeNodeList non-recursive + Make xmlParseContent and xmlParseElement non-recursive + Remove executable bit from non-executable files + Fix expected output of test/schemas/any4 + Optimize build instructions in README + xml2-config.in: Output CFLAGS and LIBS on the same line + xml2-config: Add a --dynamic switch to print only shared libraries + Annotate functions with __attribute__((no_sanitize)) + Fix warnings when compiling without reader or push parser + Remove unused member `doc` in xmlSaveCtxt + Limit recursion depth in xmlXPathCompOpEvalPredicate + Remove -Wno-array-bounds + Remove unreachable code in xmlXPathCountFunction + Improve XPath predicate and filter evaluation + Limit recursion depth in xmlXPathOptimizeExpression + Disable hash randomization when fuzzing + Optional recursion limit when parsing XPath expressions + Optional recursion limit when evaluating XPath expressions + Use break statements in xmlXPathCompOpEval + Optional XPath operation limit + Fix compilation with --with-minimum + Check XPath stack after calling functions + Remove debug printf in xmlreader.c + Always define LIBXML_THREAD_ENABLED when enabled + Fix unused function warning in testapi.c + Remove unneeded function pointer casts + Fix -Wcast-function-type warnings (GCC 8) + Fix -Wformat-truncation warnings (GCC 8)
* Cleanups: + Rebuild docs + Disable xmlExp regex code + Remove redundant code in xmlRelaxNGValidateState + Remove redundant code in xmlXPathCompRelationalExpr- Rebase patch fix-perl.diff
* Mon Sep 09 2019 Tomáš Chvátal - Do not depend on setuptools to keep the depgraph small and avoid build cycles
* Fri Aug 02 2019 Tomáš Chvátal - Use python[23]-libmxl2 as python names not python-libxml2-python which is kinda confusing
* Thu Aug 01 2019 Tomáš Chvátal - Do not ship libtool archive anymore
* Wed Jul 31 2019 Pedro Monreal Gonzalez - Enable tests also in the python subpackages
* Thu Jul 04 2019 Pedro Monreal Gonzalez - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files [bsc#1135123]
* Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Mon Feb 25 2019 Pedro Monreal Gonzalez - Merge python-libxml2-python spec and changes files into the libxml2 ones using _multibuild [bsc#1126499, bsc#1123919]
* Sat Jan 26 2019 mgorseAATTsuse.com- Version update to 2.9.9:
* Security: + CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (boo#1088279 boo#1105166). + CVE-2018-14404 Fix nullptr deref with XPath logic ops (boo#1102046).
* Bug fixes: + Fix building relative URIs + Problem with data in interleave in RelaxNG validation + Fix memory leak in xmlSwitchInputEncodingInt error path + Set doc on element obtained from freeElems + Fix HTML serialization with UTF-8 encoding + Use actual doc in xmlTextReaderRead
*Xml + Unlink node before freeing it in xmlSAX2StartElement + Check return value of nodePush in xmlSAX2StartElement + Free input buffer in xmlHaltParser + Reset HTML parser input pointers on encoding failure + Fix xmlSchemaValidCtxtPtr reuse memory leak + Fix xmlTextReaderNext with preparsed document + HTML noscript should not close p + Don\'t change context node in xmlXPathRoot
* Improvements: + Remove redefined starts and defines inside include elements + Allow choice within choice in nameClass in RELAX NG + Look inside divs for starts and defines inside include + Add newlines to \'xmllint --xpath\' output + Don\'t include SAX.h from globals.h + Support xmlTextReaderNextSibling w/o preparsed doc + Improve restoring of context size and position + Simplify and harden nodeset filtering + Avoid unnecessary backups of the context node + Fix inconsistency in xmlXPathIsInf- Add libxml2-python3-string-null-check.patch: fix NULL pointer dereference when parsing invalid data (bsc#1065270 glgo#libxml2!15).).
* Tue Mar 20 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318]
* Wed Mar 14 2018 tchvatalAATTsuse.com- Version update to 2.9.8:
* Various -Werror fixes and compilation updates as travis is now used by upstream
* Few additional tests added for ICU operations- Drop patch python3.6-verify_fd.patch merged upstream
  
ICM