SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python310-libxml2-2.9.14-qubes.9.2.x86_64.rpm :

* Mon May 02 2022 David Anes - Update to 2.9.14:
* Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent
* Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex
* Improvements: + Fix recovery from invalid HTML start tags
* Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build
* Fri Mar 18 2022 Dominique Leuenberger - Build python bindings in a 2nd run, using multibuild: otherwise, libxml2 requires pkgconfig(libxml-2.0) to build, causing issues to bootstrap.
* Tue Mar 08 2022 Luciano Santos - Update to version 2.9.13:
* Security fixes: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes (boo#1196490); + Several memory leaks and another issues.
* Many regressions fixes.
* Numerous bug fixes, including, among many others: + xmllint\'s --maxmem option should work as expected now; + xmllint now returns an error if arguments are missing.
* Numerous tests and code and fuzzing fixes and improvements.
* Updated documentation.- The full Libxml2 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxml2/2.9/\\ libxml2-2.9.13.news.- Replace version-release macros in all 3 Obsoletes tag with plain 2.9.13 to avoid unwanted behaviors in the future.- Remove dropped upstream AUTHORS file from list of files to be installed in the documentation location with \'cp\' command.- Update http://xmlsoft.org URL tag to Libxml2\'s new web home: https://gitlab.gnome.org/GNOME/libxml2.- Update ftp://xmlsoft.org Source tag to Libxml2\'s new download host: https://download.gnome.org.- Drop deprecated Python-2-related macro definitions/conditional statement from spec file.- Drop merged upstream patches: libxml2-fix-lxml-corrupted-subtree-structures.patch; libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch.- Drop libxml2.keyring source file as the new download host doesn\'t offer GPG signatures.- Use ldconfig_scriptlets macro for post(un) handling.
* Wed Oct 20 2021 Matej Cepl - Rewrite package to the single-spec %python_subpackage_only style and eliminate unnecessary multibuild.
* Tue Jun 01 2021 Pedro Monreal - Fix python-lxml regression with libxml2 2.9.12:
* Work around lxml API abuse: gitlab.gnome.org/GNOME/libxml2/issues/255- Add upstream patches:
* libxml2-fix-lxml-corrupted-subtree-structures.patch
* libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch
* Tue Jun 01 2021 Ferdinand Thiessen - Update to version 2.9.12
* Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879), CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928)
* Fix null deref in legacy SAX1 parser
* Fix handling of unexpected EOF in xmlParseContent
* Fix user-after-free
* Validate UTF8 in xmlEncodeEntities
* Fix memory leak in xmlParseElementMixedContentDecl
* Fix integer overflow in xmlSchemaGetParticleTotalRangeMin
* Fix SEGV in xmlSAXParseFileWithData
* Don\'t process siblings of root in xmlXIncludeProcess
* Full changes: http://xmlsoft.org/news.html- Drop upstream fixed
* libxml2-CVE-2021-3541.patch
* libxml2-CVE-2021-3537.patch
* libxml2-CVE-2021-3518.patch
* libxml2-CVE-2021-3517.patch
* libxml2-CVE-2021-3516.patch
* libxml2-CVE-2020-7595.patch
* libxml2-CVE-2019-20388.patch
* libxml2-CVE-2020-24977.patch
* libxml2-CVE-2019-19956.patch
* libxml2-python39.patch
* libxml2-Avoid-quadratic-checking-of-identity-constraints.patch- Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch- Drop since 2.8.0 merged fix-perl.diff- Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Wed May 19 2021 Pedro Monreal - Security fix: [bsc#1186015, CVE-2021-3541]
* Exponential entity expansion attack bypasses all existing protection mechanisms.- Add libxml2-CVE-2021-3541.patch
* Mon May 10 2021 Pedro Monreal - Security fix: [bsc#1185698, CVE-2021-3537]
* NULL pointer dereference in valid.c:xmlValidBuildAContentModel
* Add libxml2-CVE-2021-3537.patch
* Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185408, CVE-2021-3518]
* Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
* Add libxml2-CVE-2021-3518.patch
* Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185410, CVE-2021-3517]
* Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3517.patch
* Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185409, CVE-2021-3516]
* Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3516.patch
* Tue Feb 23 2021 Teemu Mannermaa - Fails to build against Python 3.9:
* Add upstream commit that fixes the issue https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1- Add patch libxml2-python39.patch
* Thu Dec 17 2020 Pedro Monreal - Security fix: [bsc#1161521, CVE-2019-20388]
* Memory leak in xmlSchemaPreRun in xmlschemas.c- Add libxml2-CVE-2019-20388.patch
* Wed Nov 25 2020 Pedro Monreal - Avoid quadratic checking of identity-constraints: [bsc#1178823]
* key/unique/keyref schema attributes currently use qudratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.- Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
* Fri Oct 23 2020 Benjamin Greiner - Make python subpackage ready for multiple python3 flavors gh#openSUSE/python-rpm-macros#66
* Mon Sep 07 2020 Pedro Monreal - Security fix: [bsc#1176179, CVE-2020-24977]
* xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal- Add patch libxml2-CVE-2020-24977.patch
* Wed May 27 2020 Pedro Monreal Gonzalez - Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021]- Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549
* Add patch libxml2-CVE-2019-19956.patch
* Mon Mar 16 2020 Pedro Monreal Gonzalez - Security fix: [bsc#1161517, CVE-2020-7595]
* xmlStringLenDecodeEntities in parser.c has an infinite loop in a certain end-of-file situation- Add libxml2-CVE-2020-7595.patch
* Mon Mar 16 2020 Tomáš Chvátal - Do not pull in the non-python deps on the python build
* Sat Mar 14 2020 Tomáš Chvátal - Revert the previous change and use multibuild to determine supported flavors. We need to be able to enable/disable pythons in prjconf and multibuild directly clashes with that.
* Sun Dec 15 2019 Stefan Brüns - Build python2 and python3 bindings in separate flavors. As python3-libxml2 is a dependency of e.g. itstools and thus many other packages these packages no longer have a build dependency on python2. Breaks a build loop for python2.
* Thu Nov 28 2019 Pedro Monreal Gonzalez - Since libxml2-2.9.10 perl-XML-LibXSLT fails to build: [bsc#1157450]
* Revert upstream commit to make xmlFreeNodeList non-recursive https://github.com/GNOME/libxml2/commit/0762c9b69ba01628f72eada1c64ff3d361fb5716- Add patch libxml2-xmlFreeNodeList-recursive.patch
* Fri Nov 15 2019 Pedro Monreal Gonzalez - Version update to 2.9.10:
* Portability: + Fix exponent digits when running tests under old MSVC + Work around buggy ceil() function on AIX + Don\'t call printf with NULL string in runtest.c + Switched from unsigned long to ptrdiff_t in parser.c + timsort.h: support older GCCs + Make configure.ac work with older pkg-config
* Bug Fixes: + Fix for conditional sections at end of document + Make sure that Python tests exit with error code + Audit memory error handling in xpath.c + Fix error code in xmlTextWriterStartDocument + Fix integer overflow when counting written bytes + Fix uninitialized memory access in HTML parser + Fix memory leak in xmlSchemaValAtomicType + Disallow conditional sections in internal subset + Fix use-after-free in xmlTextReaderFreeNodeList + Fix Regextests + Fix empty branch in regex + Fix integer overflow in entity recursion check + Don\'t read external entities or XIncludes from stdin + Fix Schema determinism check of ##other namespaces + Fix potential null deref in xmlSchemaIDCFillNodeTables + Fix potential memory leak in xmlBufBackToBuffer + Fix error message when processing XIncludes with fallbacks + Fix memory leak in xmlRegEpxFromParse + 14:00 is a valid timezone for xs:dateTime + Fix memory leak in xmlParseBalancedChunkMemoryRecover + Fix potential null deref in xmlRelaxNGParsePatterns + Misleading error message with xs:{min|max}Inclusive + Fix memory leak in xmlXIncludeLoadTxt + Partial fix for comparison of xs:durations + Fix null deref in xmlreader buffer + Fix unability to RelaxNG-validate grammar with choice-based name class + Fix unability to validate ambiguously constructed interleave for RelaxNG + Fix possible null dereference in xmlXPathIdFunction + fix memory leak in xmlAllocOutputBuffer + Fix unsigned int overflow + dict.h: gcc 2.95 doesn\'t allow multiple storage classes + Fix another code path in xmlParseQName + Make sure that xmlParseQName returns NULL in error case + Fix build without reader but with pattern + Fix memory leak in xmlAllocOutputBufferInternal error path + Fix unsigned integer overflow + Fix return value of xmlOutputBufferWrite + Fix parser termination from \"Double hyphen within comment\" error + Fix call stack overflow in xmlFreePattern + Fix null deref in previous commit + Fix memory leaks in xmlXPathParseNameComplex error paths + Check for integer overflow in xmlXPtrEvalChildSeq + Fix xmllint dump of XPath namespace nodes + Fix float casts in xmlXPathSubstringFunction + Fix null deref in xmlregexp error path + Fix null pointer dereference in xmlTextReaderReadOuterXml + Fix memory leaks in xmlParseStartTag2 error paths + Fix memory leak in xmlSAX2StartElement + Fix commit \"Memory leak in xmlFreeID (xmlreader.c)\" + Fix NULL pointer deref in xmlTextReaderValidateEntity + Memory leak in xmlFreeTextReader + Memory leak in xmlFreeID (xmlreader.c)
* Improvements: + Propagate memory errors in valuePush + Propagate memory errors in xmlXPathCompExprAdd + Make xmlFreeDocElementContent non-recursive + Avoid ignored attribute warnings under GCC + Make xmlDumpElementContent non-recursive + Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE + Mark xmlExp
* symbols as removed + Make xmlParseConditionalSections non-recursive + Adjust expected error in Python tests + Make xmlTextReaderFreeNodeList non-recursive + Make xmlFreeNodeList non-recursive + Make xmlParseContent and xmlParseElement non-recursive + Remove executable bit from non-executable files + Fix expected output of test/schemas/any4 + Optimize build instructions in README + xml2-config.in: Output CFLAGS and LIBS on the same line + xml2-config: Add a --dynamic switch to print only shared libraries + Annotate functions with __attribute__((no_sanitize)) + Fix warnings when compiling without reader or push parser + Remove unused member `doc` in xmlSaveCtxt + Limit recursion depth in xmlXPathCompOpEvalPredicate + Remove -Wno-array-bounds + Remove unreachable code in xmlXPathCountFunction + Improve XPath predicate and filter evaluation + Limit recursion depth in xmlXPathOptimizeExpression + Disable hash randomization when fuzzing + Optional recursion limit when parsing XPath expressions + Optional recursion limit when evaluating XPath expressions + Use break statements in xmlXPathCompOpEval + Optional XPath operation limit + Fix compilation with --with-minimum + Check XPath stack after calling functions + Remove debug printf in xmlreader.c + Always define LIBXML_THREAD_ENABLED when enabled + Fix unused function warning in testapi.c + Remove unneeded function pointer casts + Fix -Wcast-function-type warnings (GCC 8) + Fix -Wformat-truncation warnings (GCC 8)
* Cleanups: + Rebuild docs + Disable xmlExp regex code + Remove redundant code in xmlRelaxNGValidateState + Remove redundant code in xmlXPathCompRelationalExpr- Rebase patch fix-perl.diff
* Mon Sep 09 2019 Tomáš Chvátal - Do not depend on setuptools to keep the depgraph small and avoid build cycles
* Fri Aug 02 2019 Tomáš Chvátal - Use python[23]-libmxl2 as python names not python-libxml2-python which is kinda confusing
* Thu Aug 01 2019 Tomáš Chvátal - Do not ship libtool archive anymore
* Wed Jul 31 2019 Pedro Monreal Gonzalez - Enable tests also in the python subpackages
* Thu Jul 04 2019 Pedro Monreal Gonzalez - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files [bsc#1135123]
* Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Mon Feb 25 2019 Pedro Monreal Gonzalez - Merge python-libxml2-python spec and changes files into the libxml2 ones using _multibuild [bsc#1126499, bsc#1123919]
* Sat Jan 26 2019 mgorseAATTsuse.com- Version update to 2.9.9:
* Security: + CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (boo#1088279 boo#1105166). + CVE-2018-14404 Fix nullptr deref with XPath logic ops (boo#1102046).
* Bug fixes: + Fix building relative URIs + Problem with data in interleave in RelaxNG validation + Fix memory leak in xmlSwitchInputEncodingInt error path + Set doc on element obtained from freeElems + Fix HTML serialization with UTF-8 encoding + Use actual doc in xmlTextReaderRead
*Xml + Unlink node before freeing it in xmlSAX2StartElement + Check return value of nodePush in xmlSAX2StartElement + Free input buffer in xmlHaltParser + Reset HTML parser input pointers on encoding failure + Fix xmlSchemaValidCtxtPtr reuse memory leak + Fix xmlTextReaderNext with preparsed document + HTML noscript should not close p + Don\'t change context node in xmlXPathRoot
* Improvements: + Remove redefined starts and defines inside include elements + Allow choice within choice in nameClass in RELAX NG + Look inside divs for starts and defines inside include + Add newlines to \'xmllint --xpath\' output + Don\'t include SAX.h from globals.h + Support xmlTextReaderNextSibling w/o preparsed doc + Improve restoring of context size and position + Simplify and harden nodeset filtering + Avoid unnecessary backups of the context node + Fix inconsistency in xmlXPathIsInf- Add libxml2-python3-string-null-check.patch: fix NULL pointer dereference when parsing invalid data (bsc#1065270 glgo#libxml2!15).).
  
ICM