Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libxml2-2-2.9.14-2.1 RPM for i586

From OpenSuSE Tumbleweed for i586

Name: libxml2-2 Distribution: openSUSE Tumbleweed
Version: 2.9.14 Vendor: openSUSE
Release: 2.1 Build date: Wed Jun 29 16:23:20 2022
Group: Unspecified Build host: sheep85
Size: 1892793 Source RPM: libxml2-2.9.14-2.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://gitlab.gnome.org/GNOME/libxml2
Summary: A Library to Manipulate XML Files
The XML C library was initially developed for the GNOME project. It is
now used by many programs to load and save extensible data structures
or manipulate any kind of XML files.

This library implements a number of existing standards related to
markup languages, including the XML standard, name spaces in XML, XML
Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and
XML catalogs. In most cases, libxml tries to implement the
specification in a rather strict way. To some extent, it provides
support for the following specifications, but does not claim to
implement them: DOM, FTP client, HTTP client, and SAX.

The library also supports RelaxNG. Support for W3C XML Schemas is in
progress.

Provides

Requires

License

MIT

Changelog

* Mon May 02 2022 David Anes <david.anes@suse.com>
  - Update to 2.9.14:
    * Security:
      + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
      + Fix potential double-free in xmlXPtrStringRangeFunction
      + Fix memory leak in xmlFindCharEncodingHandler
      + Normalize XPath strings in-place
      + Prevent integer-overflow in htmlSkipBlankChars() and
      xmlSkipBlankChars()
      + Fix leak of xmlElementContent
    * Bug fixes:
      + Fix parsing of subtracted regex character classes
      + Fix recursion check in xinclude.c
      + Reset last error in xmlCleanupGlobals
      + Fix certain combinations of regex range quantifiers
      + Fix range quantifier on subregex
    * Improvements:
      + Fix recovery from invalid HTML start tags
    * Build system, portability:
      + Define LFS macros before including system headers
      + Initialize XPath floating-point globals
      + configure: check for icu DEFS
      + configure.ac: produce tar.xz only (GNOME policy)
      + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
      + Fix build with older Python versions
      + Fix --without-valid build
* Fri Mar 18 2022 Dominique Leuenberger <dimstar@opensuse.org>
  - Build python bindings in a 2nd run, using multibuild: otherwise,
    libxml2 requires pkgconfig(libxml-2.0) to build, causing issues
    to bootstrap.
* Tue Mar 08 2022 Luciano Santos <luc14n0@opensuse.org>
  - Update to version 2.9.13:
    * Security fixes:
      + [CVE-2022-23308] Use-after-free of ID and IDREF attributes
      (boo#1196490);
      + Several memory leaks and another issues.
    * Many regressions fixes.
    * Numerous bug fixes, including, among many others:
      + xmllint's --maxmem option should work as expected now;
      + xmllint now returns an error if arguments are missing.
    * Numerous tests and code and fuzzing fixes and improvements.
    * Updated documentation.
  - The full Libxml2 2.9.13 NEWS can be found here:
    https://download.gnome.org/sources/libxml2/2.9/\
    libxml2-2.9.13.news.
  - Replace version-release macros in all 3 Obsoletes tag with
    plain 2.9.13 to avoid unwanted behaviors in the future.
  - Remove dropped upstream AUTHORS file from list of files to be
    installed in the documentation location with 'cp' command.
  - Update http://xmlsoft.org URL tag to Libxml2's new web home:
    https://gitlab.gnome.org/GNOME/libxml2.
  - Update ftp://xmlsoft.org Source tag to Libxml2's new download
    host: https://download.gnome.org.
  - Drop deprecated Python-2-related macro definitions/conditional
    statement from spec file.
  - Drop merged upstream patches:
    libxml2-fix-lxml-corrupted-subtree-structures.patch;
    libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch.
  - Drop libxml2.keyring source file as the new download host doesn't
    offer GPG signatures.
  - Use ldconfig_scriptlets macro for post(un) handling.
* Wed Oct 20 2021 Matej Cepl <mcepl@suse.com>
  - Rewrite package to the single-spec %python_subpackage_only style and
    eliminate unnecessary multibuild.
* Tue Jun 01 2021 Pedro Monreal <pmonreal@suse.com>
  - Fix python-lxml regression with libxml2 2.9.12:
    * Work around lxml API abuse:
      gitlab.gnome.org/GNOME/libxml2/issues/255
  - Add upstream patches:
    * libxml2-fix-lxml-corrupted-subtree-structures.patch
    * libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch
* Tue Jun 01 2021 Ferdinand Thiessen <rpm@fthiessen.de>
  - Update to version 2.9.12
    * Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879),
      CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595,
      CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928)
    * Fix null deref in legacy SAX1 parser
    * Fix handling of unexpected EOF in xmlParseContent
    * Fix user-after-free
    * Validate UTF8 in xmlEncodeEntities
    * Fix memory leak in xmlParseElementMixedContentDecl
    * Fix integer overflow in xmlSchemaGetParticleTotalRangeMin
    * Fix SEGV in xmlSAXParseFileWithData
    * Don't process siblings of root in xmlXIncludeProcess
    * Full changes: http://xmlsoft.org/news.html
  - Drop upstream fixed
    * libxml2-CVE-2021-3541.patch
    * libxml2-CVE-2021-3537.patch
    * libxml2-CVE-2021-3518.patch
    * libxml2-CVE-2021-3517.patch
    * libxml2-CVE-2021-3516.patch
    * libxml2-CVE-2020-7595.patch
    * libxml2-CVE-2019-20388.patch
    * libxml2-CVE-2020-24977.patch
    * libxml2-CVE-2019-19956.patch
    * libxml2-python39.patch
    * libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
  - Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch
  - Drop since 2.8.0 merged fix-perl.diff
  - Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Wed May 19 2021 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1186015, CVE-2021-3541]
    * Exponential entity expansion attack bypasses all existing
      protection mechanisms.
  - Add libxml2-CVE-2021-3541.patch
* Mon May 10 2021 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1185698, CVE-2021-3537]
    * NULL pointer dereference in valid.c:xmlValidBuildAContentModel
    * Add libxml2-CVE-2021-3537.patch
* Wed Apr 28 2021 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1185408, CVE-2021-3518]
    * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
    * Add libxml2-CVE-2021-3518.patch
* Wed Apr 28 2021 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1185410, CVE-2021-3517]
    * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
    * Add libxml2-CVE-2021-3517.patch
* Wed Apr 28 2021 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1185409, CVE-2021-3516]
    * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
    * Add libxml2-CVE-2021-3516.patch
* Tue Feb 23 2021 Teemu Mannermaa <wicked@iki.fi>
  - Fails to build against Python 3.9:
    * Add upstream commit that fixes the issue
      https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1
  - Add patch libxml2-python39.patch
* Thu Dec 17 2020 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1161521, CVE-2019-20388]
    * Memory leak in xmlSchemaPreRun in xmlschemas.c
  - Add libxml2-CVE-2019-20388.patch
* Wed Nov 25 2020 Pedro Monreal <pmonreal@suse.com>
  - Avoid quadratic checking of identity-constraints: [bsc#1178823]
    * key/unique/keyref schema attributes currently use qudratic loops
      to check their various constraints (that keys are unique and that
      keyrefs refer to existing keys).
    * This fix uses a hash table to avoid the quadratic behaviour.
  - Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
* Fri Oct 23 2020 Benjamin Greiner <code@bnavigator.de>
  - Make python subpackage ready for multiple python3 flavors
    gh#openSUSE/python-rpm-macros#66
* Mon Sep 07 2020 Pedro Monreal <pmonreal@suse.com>
  - Security fix: [bsc#1176179, CVE-2020-24977]
    * xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal
  - Add patch libxml2-CVE-2020-24977.patch
* Wed May 27 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021]
  - Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549
    * Add patch libxml2-CVE-2019-19956.patch
* Mon Mar 16 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Security fix: [bsc#1161517, CVE-2020-7595]
    * xmlStringLenDecodeEntities in parser.c has an infinite loop in
      a certain end-of-file situation
  - Add libxml2-CVE-2020-7595.patch
* Mon Mar 16 2020 Tomáš Chvátal <tchvatal@suse.com>
  - Do not pull in the non-python deps on the python build
* Sat Mar 14 2020 Tomáš Chvátal <tchvatal@suse.com>
  - Revert the previous change and use multibuild to determine
    supported flavors.
    We need to be able to enable/disable pythons in prjconf and
    multibuild directly clashes with that.
* Sun Dec 15 2019 Stefan Brüns <stefan.bruens@rwth-aachen.de>
  - Build python2 and python3 bindings in separate flavors. As
    python3-libxml2 is a dependency of e.g. itstools and thus many
    other packages these packages no longer have a build dependency
    on python2. Breaks a build loop for python2.
* Thu Nov 28 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Since libxml2-2.9.10 perl-XML-LibXSLT fails to build: [bsc#1157450]
    * Revert upstream commit to make xmlFreeNodeList non-recursive
      https://github.com/GNOME/libxml2/commit/0762c9b69ba01628f72eada1c64ff3d361fb5716
  - Add patch libxml2-xmlFreeNodeList-recursive.patch
* Fri Nov 15 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Version update to 2.9.10:
    * Portability:
      + Fix exponent digits when running tests under old MSVC
      + Work around buggy ceil() function on AIX
      + Don't call printf with NULL string in runtest.c
      + Switched from unsigned long to ptrdiff_t in parser.c
      + timsort.h: support older GCCs
      + Make configure.ac work with older pkg-config
    * Bug Fixes:
      + Fix for conditional sections at end of document
      + Make sure that Python tests exit with error code
      + Audit memory error handling in xpath.c
      + Fix error code in xmlTextWriterStartDocument
      + Fix integer overflow when counting written bytes
      + Fix uninitialized memory access in HTML parser
      + Fix memory leak in xmlSchemaValAtomicType
      + Disallow conditional sections in internal subset
      + Fix use-after-free in xmlTextReaderFreeNodeList
      + Fix Regextests
      + Fix empty branch in regex
      + Fix integer overflow in entity recursion check
      + Don't read external entities or XIncludes from stdin
      + Fix Schema determinism check of ##other namespaces
      + Fix potential null deref in xmlSchemaIDCFillNodeTables
      + Fix potential memory leak in xmlBufBackToBuffer
      + Fix error message when processing XIncludes with fallbacks
      + Fix memory leak in xmlRegEpxFromParse
      + 14:00 is a valid timezone for xs:dateTime
      + Fix memory leak in xmlParseBalancedChunkMemoryRecover
      + Fix potential null deref in xmlRelaxNGParsePatterns
      + Misleading error message with xs:{min|max}Inclusive
      + Fix memory leak in xmlXIncludeLoadTxt
      + Partial fix for comparison of xs:durations
      + Fix null deref in xmlreader buffer
      + Fix unability to RelaxNG-validate grammar with choice-based name class
      + Fix unability to validate ambiguously constructed interleave for RelaxNG
      + Fix possible null dereference in xmlXPathIdFunction
      + fix memory leak in xmlAllocOutputBuffer
      + Fix unsigned int overflow
      + dict.h: gcc 2.95 doesn't allow multiple storage classes
      + Fix another code path in xmlParseQName
      + Make sure that xmlParseQName returns NULL in error case
      + Fix build without reader but with pattern
      + Fix memory leak in xmlAllocOutputBufferInternal error path
      + Fix unsigned integer overflow
      + Fix return value of xmlOutputBufferWrite
      + Fix parser termination from "Double hyphen within comment" error
      + Fix call stack overflow in xmlFreePattern
      + Fix null deref in previous commit
      + Fix memory leaks in xmlXPathParseNameComplex error paths
      + Check for integer overflow in xmlXPtrEvalChildSeq
      + Fix xmllint dump of XPath namespace nodes
      + Fix float casts in xmlXPathSubstringFunction
      + Fix null deref in xmlregexp error path
      + Fix null pointer dereference in xmlTextReaderReadOuterXml
      + Fix memory leaks in xmlParseStartTag2 error paths
      + Fix memory leak in xmlSAX2StartElement
      + Fix commit "Memory leak in xmlFreeID (xmlreader.c)"
      + Fix NULL pointer deref in xmlTextReaderValidateEntity
      + Memory leak in xmlFreeTextReader
      + Memory leak in xmlFreeID (xmlreader.c)
    * Improvements:
      + Propagate memory errors in valuePush
      + Propagate memory errors in xmlXPathCompExprAdd
      + Make xmlFreeDocElementContent non-recursive
      + Avoid ignored attribute warnings under GCC
      + Make xmlDumpElementContent non-recursive
      + Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE
      + Mark xmlExp* symbols as removed
      + Make xmlParseConditionalSections non-recursive
      + Adjust expected error in Python tests
      + Make xmlTextReaderFreeNodeList non-recursive
      + Make xmlFreeNodeList non-recursive
      + Make xmlParseContent and xmlParseElement non-recursive
      + Remove executable bit from non-executable files
      + Fix expected output of test/schemas/any4
      + Optimize build instructions in README
      + xml2-config.in: Output CFLAGS and LIBS on the same line
      + xml2-config: Add a --dynamic switch to print only shared libraries
      + Annotate functions with __attribute__((no_sanitize))
      + Fix warnings when compiling without reader or push parser
      + Remove unused member `doc` in xmlSaveCtxt
      + Limit recursion depth in xmlXPathCompOpEvalPredicate
      + Remove -Wno-array-bounds
      + Remove unreachable code in xmlXPathCountFunction
      + Improve XPath predicate and filter evaluation
      + Limit recursion depth in xmlXPathOptimizeExpression
      + Disable hash randomization when fuzzing
      + Optional recursion limit when parsing XPath expressions
      + Optional recursion limit when evaluating XPath expressions
      + Use break statements in xmlXPathCompOpEval
      + Optional XPath operation limit
      + Fix compilation with --with-minimum
      + Check XPath stack after calling functions
      + Remove debug printf in xmlreader.c
      + Always define LIBXML_THREAD_ENABLED when enabled
      + Fix unused function warning in testapi.c
      + Remove unneeded function pointer casts
      + Fix -Wcast-function-type warnings (GCC 8)
      + Fix -Wformat-truncation warnings (GCC 8)
    * Cleanups:
      + Rebuild docs
      + Disable xmlExp regex code
      + Remove redundant code in xmlRelaxNGValidateState
      + Remove redundant code in xmlXPathCompRelationalExpr
  - Rebase patch fix-perl.diff
* Mon Sep 09 2019 Tomáš Chvátal <tchvatal@suse.com>
  - Do not depend on setuptools to keep the depgraph small and
    avoid build cycles
* Fri Aug 02 2019 Tomáš Chvátal <tchvatal@suse.com>
  - Use python[23]-libmxl2 as python names not python-libxml2-python
    which is kinda confusing
* Thu Aug 01 2019 Tomáš Chvátal <tchvatal@suse.com>
  - Do not ship libtool archive anymore
* Wed Jul 31 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Enable tests also in the python subpackages
* Thu Jul 04 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH
    to avoid nodeset limit when processing large XML files [bsc#1135123]
    * Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Mon Feb 25 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Merge python-libxml2-python spec and changes files into the
    libxml2 ones using _multibuild [bsc#1126499, bsc#1123919]
* Sat Jan 26 2019 mgorse@suse.com
  - Version update to 2.9.9:
    * Security:
      + CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA
      decompression (boo#1088279 boo#1105166).
      + CVE-2018-14404 Fix nullptr deref with XPath logic ops
      (boo#1102046).
    * Bug fixes:
      + Fix building relative URIs
      + Problem with data in interleave in RelaxNG validation
      + Fix memory leak in xmlSwitchInputEncodingInt error path
      + Set doc on element obtained from freeElems
      + Fix HTML serialization with UTF-8 encoding
      + Use actual doc in xmlTextReaderRead*Xml
      + Unlink node before freeing it in xmlSAX2StartElement
      + Check return value of nodePush in xmlSAX2StartElement
      + Free input buffer in xmlHaltParser
      + Reset HTML parser input pointers on encoding failure
      + Fix xmlSchemaValidCtxtPtr reuse memory leak
      + Fix xmlTextReaderNext with preparsed document
      + HTML noscript should not close p
      + Don't change context node in xmlXPathRoot
    * Improvements:
      + Remove redefined starts and defines inside include elements
      + Allow choice within choice in nameClass in RELAX NG
      + Look inside divs for starts and defines inside include
      +  Add newlines to 'xmllint --xpath' output
      + Don't include SAX.h from globals.h
      + Support xmlTextReaderNextSibling w/o preparsed doc
      + Improve restoring of context size and position
      + Simplify and harden nodeset filtering
      + Avoid unnecessary backups of the context node
      + Fix inconsistency in xmlXPathIsInf
  - Add libxml2-python3-string-null-check.patch: fix NULL pointer
      dereference when parsing invalid data (bsc#1065270
      glgo#libxml2!15).).

Files

/usr/lib/libxml2.so.2
/usr/lib/libxml2.so.2.9.14
/usr/share/doc/packages/libxml2
/usr/share/doc/packages/libxml2/NEWS
/usr/share/doc/packages/libxml2/README.md
/usr/share/doc/packages/libxml2/TODO
/usr/share/doc/packages/libxml2/TODO_SCHEMAS
/usr/share/licenses/libxml2-2
/usr/share/licenses/libxml2-2/COPYING
/usr/share/licenses/libxml2-2/Copyright


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Aug 14 23:24:33 2022