From 686be55fb615fb2c0ced2b004b5a839d2dfaa63a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 5 Jan 2024 10:33:42 +0100 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 libxml2 revision b463f39b28e90f5f8572834be5333426 --- .gitattributes | 23 + _multibuild | 3 + baselibs.conf | 6 + libxml2-2.11.6.tar.xz | 3 + libxml2-CVE-2023-39615.patch | 29 + libxml2-CVE-2023-45322.patch | 74 + ...PATH_MAX_NODESET_LENGTH-configurable.patch | 100 + libxml2-python3-string-null-check.patch | 28 + libxml2-python3-unicode-errors.patch | 38 + libxml2.changes | 2734 +++++++++++++++++ libxml2.spec | 271 ++ python312.patch | 54 + xmlts20080827.tar.gz | 3 + 13 files changed, 3366 insertions(+) create mode 100644 .gitattributes create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 libxml2-2.11.6.tar.xz create mode 100644 libxml2-CVE-2023-39615.patch create mode 100644 libxml2-CVE-2023-45322.patch create mode 100644 libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch create mode 100644 libxml2-python3-string-null-check.patch create mode 100644 libxml2-python3-unicode-errors.patch create mode 100644 libxml2.changes create mode 100644 libxml2.spec create mode 100644 python312.patch create mode 100644 xmlts20080827.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..83bac79 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + python + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..5c36362 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,6 @@ +libxml2-2 + obsoletes "libxml2- < " + provides "libxml2- = " +libxml2-devel + requires -libxml2- + requires "libxml2-2- = " diff --git a/libxml2-2.11.6.tar.xz b/libxml2-2.11.6.tar.xz new file mode 100644 index 0000000..8aca4c8 --- /dev/null +++ b/libxml2-2.11.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c90eee7506764abbe07bb616b82da452529609815aefef423d66ef080eb0c300 +size 2628652 diff --git a/libxml2-CVE-2023-39615.patch b/libxml2-CVE-2023-39615.patch new file mode 100644 index 0000000..c483ab4 --- /dev/null +++ b/libxml2-CVE-2023-39615.patch @@ -0,0 +1,29 @@ +From d0c3f01e110d54415611c5fa0040cdf4a56053f9 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sat, 6 May 2023 17:47:37 +0200 +Subject: [PATCH] parser: Fix old SAX1 parser with custom callbacks + +For some reason, xmlCtxtUseOptionsInternal set the start and end element +SAX handlers to the internal DOM builder functions when XML_PARSE_SAX1 +was specified. This means that custom SAX handlers could never work with +that flag because these functions would receive the wrong user data +argument and crash immediately. + +Fixes #535. +--- + parser.c | 2 -- + 1 file changed, 2 deletions(-) + +Index: libxml2-2.10.4/parser.c +=================================================================== +--- libxml2-2.10.4.orig/parser.c ++++ libxml2-2.10.4/parser.c +@@ -15064,8 +15064,6 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtP + } + #ifdef LIBXML_SAX1_ENABLED + if (options & XML_PARSE_SAX1) { +- ctxt->sax->startElement = xmlSAX2StartElement; +- ctxt->sax->endElement = xmlSAX2EndElement; + ctxt->sax->startElementNs = NULL; + ctxt->sax->endElementNs = NULL; + ctxt->sax->initialized = 1; diff --git a/libxml2-CVE-2023-45322.patch b/libxml2-CVE-2023-45322.patch new file mode 100644 index 0000000..ff8eed6 --- /dev/null +++ b/libxml2-CVE-2023-45322.patch @@ -0,0 +1,74 @@ +From d39f78069dff496ec865c73aa44d7110e429bce9 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Wed, 23 Aug 2023 20:24:24 +0200 +Subject: [PATCH] tree: Fix copying of DTDs + +- Don't create multiple DTD nodes. +- Fix UAF if malloc fails. +- Skip DTD nodes if tree module is disabled. + +Fixes #583. +--- + tree.c | 31 ++++++++++++++++--------------- + 1 file changed, 16 insertions(+), 15 deletions(-) + +diff --git a/tree.c b/tree.c +index 6c8a875b9..02c1b5791 100644 +--- a/tree.c ++++ b/tree.c +@@ -4471,29 +4471,28 @@ xmlNodePtr + xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { + xmlNodePtr ret = NULL; + xmlNodePtr p = NULL,q; ++ xmlDtdPtr newSubset = NULL; + + while (node != NULL) { +-#ifdef LIBXML_TREE_ENABLED + if (node->type == XML_DTD_NODE ) { +- if (doc == NULL) { ++#ifdef LIBXML_TREE_ENABLED ++ if ((doc == NULL) || (doc->intSubset != NULL)) { + node = node->next; + continue; + } +- if (doc->intSubset == NULL) { +- q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node ); +- if (q == NULL) goto error; +- q->doc = doc; +- q->parent = parent; +- doc->intSubset = (xmlDtdPtr) q; +- xmlAddChild(parent, q); +- } else { +- q = (xmlNodePtr) doc->intSubset; +- xmlAddChild(parent, q); +- } +- } else ++ q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node ); ++ if (q == NULL) goto error; ++ q->doc = doc; ++ q->parent = parent; ++ newSubset = (xmlDtdPtr) q; ++#else ++ node = node->next; ++ continue; + #endif /* LIBXML_TREE_ENABLED */ ++ } else { + q = xmlStaticCopyNode(node, doc, parent, 1); +- if (q == NULL) goto error; ++ if (q == NULL) goto error; ++ } + if (ret == NULL) { + q->prev = NULL; + ret = p = q; +@@ -4505,6 +4504,8 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { + } + node = node->next; + } ++ if (newSubset != NULL) ++ doc->intSubset = newSubset; + return(ret); + error: + xmlFreeNodeList(ret); +-- +GitLab + diff --git a/libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch b/libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch new file mode 100644 index 0000000..2b34af1 --- /dev/null +++ b/libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch @@ -0,0 +1,100 @@ +--- + xpath.c | 40 +++++++++++++++++++++++++++++----------- + 1 file changed, 29 insertions(+), 11 deletions(-) + +Index: libxml2-2.11.1/xpath.c +=================================================================== +--- libxml2-2.11.1.orig/xpath.c ++++ libxml2-2.11.1/xpath.c +@@ -115,14 +115,32 @@ + #define XPATH_MAX_STACK_DEPTH 1000000 + + /* +- * XPATH_MAX_NODESET_LENGTH: ++ * XPATH_DEFAULT_MAX_NODESET_LENGTH: + * when evaluating an XPath expression nodesets are created and we +- * arbitrary limit the maximum length of those node set. 10000000 is +- * an insanely large value which should never be reached under normal +- * circumstances, one would first need to construct an in memory tree ++ * arbitrary limit the maximum length of those node set. Default value is ++ * 10000000, an insanely large value which should never be reached under ++ * normal circumstances, one would first need to construct an in memory tree + * with more than 10 millions nodes. ++ * ++ * Adjustable via LIBXML_MAX_NODESET_LENGTH env variable. ++ * Absolute maximum is INT_MAX. + */ +-#define XPATH_MAX_NODESET_LENGTH 10000000 ++#define XPATH_DEFAULT_MAX_NODESET_LENGTH 10000000 ++ ++int ++get_max_nodeset_len() { ++ const char *max_nodeset_len_str = getenv("LIBXML_MAX_NODESET_LENGTH"); ++ int max_nodeset_len = XPATH_DEFAULT_MAX_NODESET_LENGTH; ++ ++ if (max_nodeset_len_str != NULL) { ++ max_nodeset_len = strtol(max_nodeset_len_str, NULL, 10); ++ ++ if (max_nodeset_len <= 0 || max_nodeset_len > INT_MAX) ++ max_nodeset_len = XPATH_DEFAULT_MAX_NODESET_LENGTH; ++ } ++ ++ return max_nodeset_len; ++} + + /* + * XPATH_MAX_RECRUSION_DEPTH: +@@ -3655,7 +3673,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, + } else if (cur->nodeNr == cur->nodeMax) { + xmlNodePtr *temp; + +- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { ++ if (cur->nodeMax >= get_max_nodeset_len()) { + xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); + return(-1); + } +@@ -3713,7 +3731,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm + } else if (cur->nodeNr == cur->nodeMax) { + xmlNodePtr *temp; + +- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { ++ if (cur->nodeMax >= get_max_nodeset_len()) { + xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); + return(-1); + } +@@ -3769,7 +3787,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c + } else if (cur->nodeNr == cur->nodeMax) { + xmlNodePtr *temp; + +- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { ++ if (cur->nodeMax >= get_max_nodeset_len()) { + xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); + return(-1); + } +@@ -3862,7 +3880,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, + } else if (val1->nodeNr == val1->nodeMax) { + xmlNodePtr *temp; + +- if (val1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { ++ if (val1->nodeMax >= get_max_nodeset_len()) { + xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); + goto error; + } +@@ -3954,7 +3972,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP + } else if (set1->nodeNr >= set1->nodeMax) { + xmlNodePtr *temp; + +- if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { ++ if (set1->nodeMax >= get_max_nodeset_len()) { + xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); + goto error; + } +@@ -4015,7 +4033,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN + } else if (set1->nodeNr >= set1->nodeMax) { + xmlNodePtr *temp; + +- if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { ++ if (set1->nodeMax >= get_max_nodeset_len()) { + xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); + goto error; + } diff --git a/libxml2-python3-string-null-check.patch b/libxml2-python3-string-null-check.patch new file mode 100644 index 0000000..980c37f --- /dev/null +++ b/libxml2-python3-string-null-check.patch @@ -0,0 +1,28 @@ +From 07b1c4c8a736a31ac4b8ae13ea25d50793dfea83 Mon Sep 17 00:00:00 2001 +From: Mike Gorse +Date: Fri, 25 Jan 2019 12:55:52 -0600 +Subject: [PATCH] python: return None if PY_IMPORT_STRING returns NULL + +PY_IMPORT_STRING might return NULL on python 3 if, ie, a string can't be +encoded. We should check for this and return None, rather than returning +NULL. Fixes a NULL pointer dereference when reporting an error with an +invalid string. +--- + python/types.c | 4 ++++ + 1 file changed, 4 insertions(+) + +Index: libxml2-2.10.3/python/types.c +=================================================================== +--- libxml2-2.10.3.orig/python/types.c ++++ libxml2-2.10.3/python/types.c +@@ -274,6 +274,10 @@ libxml_charPtrConstWrap(const char *str) + return (Py_None); + } + ret = PY_IMPORT_STRING(str); ++ if (ret == NULL) { ++ Py_INCREF(Py_None); ++ return (Py_None); ++ } + return (ret); + } + diff --git a/libxml2-python3-unicode-errors.patch b/libxml2-python3-unicode-errors.patch new file mode 100644 index 0000000..698fc34 --- /dev/null +++ b/libxml2-python3-unicode-errors.patch @@ -0,0 +1,38 @@ +--- + python/libxml.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +Index: libxml2-2.11.1/python/libxml.c +=================================================================== +--- libxml2-2.11.1.orig/python/libxml.c ++++ libxml2-2.11.1/python/libxml.c +@@ -1606,6 +1606,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU + PyObject *message; + PyObject *result; + char str[1000]; ++ unsigned char *ptr = (unsigned char *)str; + + #ifdef DEBUG_ERROR + printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); +@@ -1622,12 +1623,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU + str[999] = 0; + va_end(ap); + ++#if PY_MAJOR_VERSION >= 3 ++ /* Ensure the error string doesn't start at UTF8 continuation. */ ++ while (*ptr && (*ptr & 0xc0) == 0x80) ++ ptr++; ++#endif ++ + list = PyTuple_New(2); + PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); + Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); +- message = libxml_charPtrConstWrap(str); ++ message = libxml_charPtrConstWrap(ptr); + PyTuple_SetItem(list, 1, message); + result = PyObject_CallObject(libxml_xmlPythonErrorFuncHandler, list); ++ /* Forget any errors caused in the error handler. */ ++ PyErr_Clear(); + Py_XDECREF(list); + Py_XDECREF(result); + } diff --git a/libxml2.changes b/libxml2.changes new file mode 100644 index 0000000..9ae35a9 --- /dev/null +++ b/libxml2.changes @@ -0,0 +1,2734 @@ +------------------------------------------------------------------- +Thu Nov 16 12:44:37 UTC 2023 - Bjørn Lie + +- Update to version 2.11.6: + * Regressions: + - threads: Fix --with-thread-alloc + - xinclude: Fix ‘last’ pointer in xmlXIncludeCopyNode + * Bug fixes: parser: Fix potential use-after-free in + xmlParseCharDataInternal + +------------------------------------------------------------------- +Mon Nov 13 15:02:14 UTC 2023 - David Anes + +- Security fix: CVE-2023-45322 (bsc#1216129) + * use-after-free in xmlUnlinkNode() in tree.c + * Added file libxml2-CVE-2023-45322.patch + +------------------------------------------------------------------- +Mon Oct 23 08:26:09 UTC 2023 - Daniel Garcia + +- Add python312.patch to make it compatible with python 3.12 + https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/226 +- Use pyproject_wheel and pyproject_install macros instead of + python_build, python_install + +------------------------------------------------------------------- +Mon Sep 4 10:36:54 UTC 2023 - David Anes + +- Security fix: CVE-2023-39615 (bsc#1214768) + * crafted xml can cause global buffer overflow + * Added file libxml2-CVE-2023-39615.patch + +------------------------------------------------------------------- +Wed Aug 9 15:34:12 UTC 2023 - Bjørn Lie + +- Update to version 2.11.5: + + Regressions: + - parser: Make xmlSwitchEncoding always skip the BOM + - autotools: Improve iconv check + + Bug fixes: + - valid: Fix c1->parent pointer in xmlCopyDocElementContent + - encoding: Always call ucnv_convertEx with flush set to false + + Portability: autotools: fix Python module file ext for + cygwin/msys2 + + Tests: runtest: Fix compilation without LIBXML_HTML_ENABLED + +------------------------------------------------------------------- +Fri May 19 11:51:22 UTC 2023 - Bjørn Lie + +- Update to version 2.11.4: + + Fixes a serious regression: parser: Fix regression when push + parsing UTF-8 sequences. + +------------------------------------------------------------------- +Thu May 11 13:42:48 UTC 2023 - Bjørn Lie + +- Update to version 2.11.3: + + xinclude: Fix false positives in inclusion loop detection. + + autotools: Fix ICU detection. + + parser: Fix "huge input lookup" error with push parser. + + xpath: Fix build without LIBXML_XPATH_ENABLED. + + hash: Fix possible startup crash with old libxslt versions. + + autoconf: fix iconv library paths. + +------------------------------------------------------------------- +Fri May 5 13:55:31 UTC 2023 - Bjørn Lie + +- Update to version 2.11.2: + + Fix regressions: + - threads: Fix startup crash with weak symbol hack + - win32: Don’t depend on removed .def file + - schemas: Fix memory leak in xmlSchemaValidateStream + +------------------------------------------------------------------- +Wed May 3 13:17:35 UTC 2023 - David Anes + +- Rebased patches: + * libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch + * libxml2-python3-unicode-errors.patch + +- Update to 2.11.1: + * Fixes build and ABI issues. + - cmake: Fix va_copy detection (Luca Niccoli) + - libxml.m4: Fix quoting + - Link with --undefined-version + - libxml2.syms: Revert removal of version information + +- Update to 2.11.0: + * Major changes + - Protection against entity expansion attacks, also known as + "billion laughs" has been greatly improved. Malicious files + should be detected reliably now and false positives should be + reduced. It is possible though that large documents which make + heavy use of entities are rejected now. + - This release finally fixes symbol visibility on UNIX systems. + Internal symbols will now be hidden. While these symbols were + never declared in public headers, it was still possible to + declare them manually. Now this won't work. + - All symbol information has been removed from the ELF version + script to fix link errors with --no-undefined-version. The + version nodes are kept so it should still be possible to run + binaries linked against older versions. + - About 90 memory errors in code paths handling malloc failures + have been fixed. While these issues shouldn't impact security, + this improves robustness under memory pressure. + - The XInclude engine has been reworked to properly support + nested includes. + - Several cases of quadratic behavior in the XML push parser + have been fixed. + - Refactoring has begun on some buffering and encoding code with + the goal of simplifying this part of the code base and + improving error reporting. + * Other highlights: + - Consolidated private header files. + - Major rework of the autoconf build. + - Deprecated several outdated and internal functions. + * Security + - Fix use-after-free in xmlParseContentInternal() (David Kilzer) + - xmllint: Fix use-after-free with --maxmem + - parser: Fix OOB read when formatting error message + - entities: Rework entity amplification checks + * See the full changelog at https://discourse.gnome.org/t/libxml2-2-11-0-released/15123 + +------------------------------------------------------------------- +Fri Apr 21 14:50:09 UTC 2023 - David Anes + +- Remove unneeded dependency (bsc#1209918). + +------------------------------------------------------------------- +Tue Apr 11 12:37:32 UTC 2023 - Bjørn Lie + +- Update to version 2.10.4: + + Security: + - [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings + isn’t deterministic + - [CVE-2023-28484, bsc#1210411] Fix null deref in + xmlSchemaFixupComplexType + - schemas: Fix null-pointer-deref in + xmlSchemaCheckCOSSTDerivedOK + + Regressions: + - SAX2: Ignore namespaces in HTML documents + - io: Fix “buffer full” error with certain buffer sizes + +------------------------------------------------------------------- +Wed Feb 1 09:24:55 UTC 2023 - Dirk Müller + +- remove zlib-devel, pkgconfig(zlib) is sufficient + +------------------------------------------------------------------- +Mon Oct 31 18:12:58 UTC 2022 - David Anes + +- Add W3C conformance tests to the testsuite (bsc#1204585): + * Added file xmlts20080827.tar.gz + +------------------------------------------------------------------- +Fri Oct 14 15:04:09 UTC 2022 - Bjørn Lie + +- Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304): + + Security: + - [CVE-2022-40304] Fix dict corruption caused by entity + reference cycles + - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE + - Fix overflow check in SAX2.c + + Build system: cmake: Set SOVERSION +- Rebase patches with quilt. + +------------------------------------------------------------------- +Thu Sep 1 15:13:08 UTC 2022 - Pedro Monreal + +- Build for now with --with-legacy to enable APIs that have been + deprecated recently. (bsc#1202965) + +------------------------------------------------------------------- +Tue Aug 30 14:39:42 UTC 2022 - Bjørn Lie + +- Update to version 2.10.2: + * Improvements: + + Remove set-but-unused variable in xmlXPathScanName + + Silence -Warray-bounds warning + * Build system + + build: require automake-1.16.3 or later + + Remove generated files from distribution + * Test suite: Don't create missing.xml when running testapi +- Add configure --with-python=%{__python3} inbefore python build, + as upstream no longer ships pre-grenerated files. +- Use sed to fix env-script-interpreter in documentation example. +- Pass with-ftp to configure, build ftp support. + +------------------------------------------------------------------- +Thu Aug 25 15:05:51 UTC 2022 - Bjørn Lie + +- Update to version 2.10.1: + * Regressions: Fix xmlCtxtReadDoc with encoding + * Bug fixes: Fix HTML parser with threads and --without-legacy + * Build system: + + Fix build with Python 3.10 + + cmake: Disable version script on macOS + + Remove Makefile rule to build testapi.c + * Documentation: + + Switch back to HTML output for API documentation + + Port doc/examples/index.py to Python 3 + + Fix order of exports in libxml2-api.xml + + Remove libxml2-refs.xml + +------------------------------------------------------------------- +Thu Aug 18 11:10:28 UTC 2022 - David Anes + +- Update to 2.10.0: + * Security + + [CVE-2022-2309] Reset nsNr in xmlCtxtReset + + Reserve byte for NUL terminator and report errors consistently in xmlBuf and + xmlBuffer + + Fix missing NUL terminators in xmlBuf and xmlBuffer functions + + Fix integer overflow in xmlBufferDump() + + xmlBufAvail() should return length without including a byte for NUL + terminator + + Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() + + Use xmlNewDocText in xmlXIncludeCopyRange + + Fix use-after-free bugs when calling xmlTextReaderClose() before + xmlFreeTextReader() on post-validating parser + + Use UPDATE_COMPAT() consistently in buf.c + + fix: xmlXPathParserContext could be double-delete in OOM case. + + * Removals and deprecations + + Disable XPointer location support by default + + Remove outdated xml2Conf.sh + + Deprecate module init and cleanup functions + + Remove obsolete XML Software Autoupdate (XSA) file + + Remove DOCBparser + + Remove obsolete Python test framework + + Remove broken VxWorks support + + Remove broken Mac OS 9 support + + Remove broken bakefile support + + Remove broken Visual Studio 2010 support + + Remove broken Windows CE support + + Deprecate IDREF-related functions in valid.h + + Deprecate legacy functions + + Disable legacy support by default + + Deprecate all functions in nanoftp.h + + Disable FTP support by default + + Add XML_DEPRECATED macro + + Remove elfgcchack.h + + * Regressions + + Skip incorrectly opened HTML comments + + Restore behavior of htmlDocContentDumpFormatOutput() + + * Bug fixes + + Fix memory leak with invalid XSD + + Make XPath depth check work with recursive invocations + + Fix memory leak in xmlLoadEntityContent error path + + Avoid double-free if malloc fails in inputPush + + Properly fold whitespace around the QName value when validating an XSD + schema. + + Add whitespace folding for some atomic data types that it's missing on. + + Don't add IDs containing unexpanded entity references + + * Improvements + + Avoid calling xmlSetTreeDoc + + Simplify xmlFreeNode + + Don't reset nsDef when changing node content + + Fix unintended fall-through in xmlNodeAddContentLen + + Remove unused xmlBuf functions + + Implement xpath1() XPointer scheme + + Add configuration flag for XPointer locations support + + Fix compiler warnings in Python code + + Mark more static data as `const` + + Make xmlStaticCopyNode non-recursive + + Clean up encoding switching code + + Simplify recursive pthread mutex + + Use non-recursive mutex in dict.c + + Fix parser progress checks + + Avoid arithmetic on freed pointers + + Improve buffer allocation scheme + + Remove unneeded #includes + + Add support for some non-standard escapes in regular expressions. + + htmlParseComment: handle abruptly-closed comments + + Add let variable tag support + + Add value-of tag support + + Remove useless call to xmlRelaxNGCleanupTypes + + Don't include ICU headers in public headers + + Update `xmlStrlen()` to use POSIX / ISO C `strlen()` + + Fix unused variable warnings with disabled features + + Only warn on invalid redeclarations of predefined entities + + Remove unneeded code in xmlreader.c + + Rework validation context flags + + * Portability + + Use NAN/INFINITY if available to init XPath NaN/Inf + + Fix Python tests on macOS + + Fix xmlCleanupThreads on Windows + + Fix reinitialization of library on Windows + + Don't mix declarations and code in runtest.c + + Use portable python shebangs + + Use critical sections as mutex on Windows + + Don't set HAVE_WIN32_THREADS in win32config.h + + Use stdint.h with newer MSVC + + Remove cruft from win32config.h + + Remove isinf/isnan emulation in win32config.h + + Always fopen files with "rb" + + Remove __DJGPP__ checks + + Remove useless __CYGWIN__ checks + + * Build system + + Don't autogenerate doc/examples/Makefile.am + + cmake: Install libxml.m4 on UNIX-like platforms + + cmake: Use symbol versioning on UNIX-like platforms + + Port genUnicode.py to Python 3 + + Port gentest.py to Python 3 + + cmake: Fix build without thread support + + cmake: Install documentation in CMAKE_INSTALL_DOCDIR + + cmake: Remove non needed files in docs dir + + configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set + + Move local Autoconf macros into m4 directory + + Use XML_PRIVATE_LIBS in libxml2_la_LIBADD + + Update libxml-2.0-uninstalled.pc.in + + Remove LIBS from XML_PRIVATE_LIBS + + Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS + + Don't overlink executables + + cmake: Adjust paths for UNIX or UNIX-like target systems + + build: Make use of variables in libxml's pkg-config file + + Avoid obsolescent `test -a` constructs + + Move AM_MAINTAINER_MODE to AM section + + configure.ac: make AM_SILENT_RULES([yes]) unconditional + + Streamline documentation installation + + Don't try to recreate COPYING symlink + + Detect libm using libtool's macros + + configure.ac: disable static libraries by default + + python/Makefile.am: nest python docs in $(docdir) + + python/Makefile.am: rely on global AM_INIT_AUTOMAKE + + Makefile.am: install examples more idiomatically + + configure.ac: remove useless AC_SUBST + + Respect `--sysconfdir` in source files + + Ignore configure backup file created by recent autoreconf too + + Only install *.html and *.c example files + + Remove --with-html-dir option + + Rework documentation build system + + Remove old website + + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings + + Update genChRanges.py + + Update build_glob.py + + Remove ICONV_CONST test + + Remove obsolete AC_HEADER checks + + Don't check for standard C89 library functions + + Don't check for standard C89 headers + + Remove special configuration for certain maintainers + + * Test suite, CI + + Disable network in API tests + + testapi: remove leading slash from "/missing.xml" + + Build Autotools CI tests out of source tree (VPATH) + + Add --with-minimum build to CI tests + + Fix warnings when testing --with-minimum build + + cmake: Run all tests when threads are disabled + + Also build CI tests with -Werror + + Move doc/examples tests to new test suite + + Simplify 'make check' targets + + Fix schemas and relaxng tests + + Remove unused result files + + Allow missing result files in runtest + + Move regexp tests to runtest + + Move SVG tests to runtest.c + + Move testModule to new test suite + + Move testThreads to new test suite + + Remove major parts of old test suite + + Make testchar return an error on failure + + Add CI job for static build + + python/tests: open() relative to test scripts + + Port some test scripts to Python 3 + + * Documentation + + Improve documentation of tree manipulation API + + Update xml2-config man page + + Consolidate man pages + + Rename xmlcatalog_man.xml + + Make examples a standalone HTML page + + Fix documentation in entities.c + + Add note about optimization flags + +------------------------------------------------------------------- +Mon May 2 21:03:25 UTC 2022 - David Anes + +- Update to 2.9.14: + * Security: + + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + + Fix potential double-free in xmlXPtrStringRangeFunction + + Fix memory leak in xmlFindCharEncodingHandler + + Normalize XPath strings in-place + + Prevent integer-overflow in htmlSkipBlankChars() and + xmlSkipBlankChars() + + Fix leak of xmlElementContent + + * Bug fixes: + + Fix parsing of subtracted regex character classes + + Fix recursion check in xinclude.c + + Reset last error in xmlCleanupGlobals + + Fix certain combinations of regex range quantifiers + + Fix range quantifier on subregex + + * Improvements: + + Fix recovery from invalid HTML start tags + + * Build system, portability: + + Define LFS macros before including system headers + + Initialize XPath floating-point globals + + configure: check for icu DEFS + + configure.ac: produce tar.xz only (GNOME policy) + + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + + Fix build with older Python versions + + Fix --without-valid build + +------------------------------------------------------------------- +Fri Mar 18 09:46:03 UTC 2022 - Dominique Leuenberger + +- Build python bindings in a 2nd run, using multibuild: otherwise, + libxml2 requires pkgconfig(libxml-2.0) to build, causing issues + to bootstrap. + +------------------------------------------------------------------- +Tue Mar 8 06:32:13 UTC 2022 - Luciano Santos + +- Update to version 2.9.13: + * Security fixes: + + [CVE-2022-23308] Use-after-free of ID and IDREF attributes + (boo#1196490); + + Several memory leaks and another issues. + * Many regressions fixes. + * Numerous bug fixes, including, among many others: + + xmllint's --maxmem option should work as expected now; + + xmllint now returns an error if arguments are missing. + * Numerous tests and code and fuzzing fixes and improvements. + * Updated documentation. +- The full Libxml2 2.9.13 NEWS can be found here: + https://download.gnome.org/sources/libxml2/2.9/\ + libxml2-2.9.13.news. +- Replace version-release macros in all 3 Obsoletes tag with + plain 2.9.13 to avoid unwanted behaviors in the future. +- Remove dropped upstream AUTHORS file from list of files to be + installed in the documentation location with 'cp' command. +- Update http://xmlsoft.org URL tag to Libxml2's new web home: + https://gitlab.gnome.org/GNOME/libxml2. +- Update ftp://xmlsoft.org Source tag to Libxml2's new download + host: https://download.gnome.org. +- Drop deprecated Python-2-related macro definitions/conditional + statement from spec file. +- Drop merged upstream patches: + libxml2-fix-lxml-corrupted-subtree-structures.patch; + libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch. +- Drop libxml2.keyring source file as the new download host doesn't + offer GPG signatures. +- Use ldconfig_scriptlets macro for post(un) handling. + +------------------------------------------------------------------- +Wed Oct 20 17:54:57 UTC 2021 - Matej Cepl + +- Rewrite package to the single-spec %python_subpackage_only style and + eliminate unnecessary multibuild. + +------------------------------------------------------------------- +Tue Jun 1 11:04:14 UTC 2021 - Pedro Monreal + +- Fix python-lxml regression with libxml2 2.9.12: + * Work around lxml API abuse: + gitlab.gnome.org/GNOME/libxml2/issues/255 +- Add upstream patches: + * libxml2-fix-lxml-corrupted-subtree-structures.patch + * libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch + +------------------------------------------------------------------- +Tue Jun 1 03:02:25 UTC 2021 - Ferdinand Thiessen + +- Update to version 2.9.12 + * Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879), + CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, + CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928) + * Fix null deref in legacy SAX1 parser + * Fix handling of unexpected EOF in xmlParseContent + * Fix user-after-free + * Validate UTF8 in xmlEncodeEntities + * Fix memory leak in xmlParseElementMixedContentDecl + * Fix integer overflow in xmlSchemaGetParticleTotalRangeMin + * Fix SEGV in xmlSAXParseFileWithData + * Don't process siblings of root in xmlXIncludeProcess + * Full changes: http://xmlsoft.org/news.html +- Drop upstream fixed + * libxml2-CVE-2021-3541.patch + * libxml2-CVE-2021-3537.patch + * libxml2-CVE-2021-3518.patch + * libxml2-CVE-2021-3517.patch + * libxml2-CVE-2021-3516.patch + * libxml2-CVE-2020-7595.patch + * libxml2-CVE-2019-20388.patch + * libxml2-CVE-2020-24977.patch + * libxml2-CVE-2019-19956.patch + * libxml2-python39.patch + * libxml2-Avoid-quadratic-checking-of-identity-constraints.patch +- Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch +- Drop since 2.8.0 merged fix-perl.diff +- Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch + +------------------------------------------------------------------- +Wed May 19 11:14:13 UTC 2021 - Pedro Monreal + +- Security fix: [bsc#1186015, CVE-2021-3541] + * Exponential entity expansion attack bypasses all existing + protection mechanisms. +- Add libxml2-CVE-2021-3541.patch + +------------------------------------------------------------------- +Mon May 10 11:44:39 UTC 2021 - Pedro Monreal + +- Security fix: [bsc#1185698, CVE-2021-3537] + * NULL pointer dereference in valid.c:xmlValidBuildAContentModel + * Add libxml2-CVE-2021-3537.patch + +------------------------------------------------------------------- +Wed Apr 28 16:24:13 UTC 2021 - Pedro Monreal + +- Security fix: [bsc#1185408, CVE-2021-3518] + * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() + * Add libxml2-CVE-2021-3518.patch + +------------------------------------------------------------------- +Wed Apr 28 16:23:42 UTC 2021 - Pedro Monreal + +- Security fix: [bsc#1185410, CVE-2021-3517] + * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3517.patch + +------------------------------------------------------------------- +Wed Apr 28 15:38:46 UTC 2021 - Pedro Monreal + +- Security fix: [bsc#1185409, CVE-2021-3516] + * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3516.patch + +------------------------------------------------------------------- +Thu Feb 23 11:00:00 UTC 2021 - Teemu Mannermaa + +- Fails to build against Python 3.9: + * Add upstream commit that fixes the issue + https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1 +- Add patch libxml2-python39.patch + +------------------------------------------------------------------- +Thu Dec 17 10:19:33 UTC 2020 - Pedro Monreal + +- Security fix: [bsc#1161521, CVE-2019-20388] + * Memory leak in xmlSchemaPreRun in xmlschemas.c +- Add libxml2-CVE-2019-20388.patch + +------------------------------------------------------------------- +Wed Nov 25 09:07:36 UTC 2020 - Pedro Monreal + +- Avoid quadratic checking of identity-constraints: [bsc#1178823] + * key/unique/keyref schema attributes currently use qudratic loops + to check their various constraints (that keys are unique and that + keyrefs refer to existing keys). + * This fix uses a hash table to avoid the quadratic behaviour. +- Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch + +------------------------------------------------------------------- +Fri Oct 23 19:11:01 UTC 2020 - Benjamin Greiner + +- Make python subpackage ready for multiple python3 flavors + gh#openSUSE/python-rpm-macros#66 + +------------------------------------------------------------------- +Mon Sep 7 08:12:29 UTC 2020 - Pedro Monreal + +- Security fix: [bsc#1176179, CVE-2020-24977] + * xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal +- Add patch libxml2-CVE-2020-24977.patch + +------------------------------------------------------------------- +Wed May 27 12:09:35 UTC 2020 - Pedro Monreal Gonzalez + +- Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021] +- Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549 + * Add patch libxml2-CVE-2019-19956.patch + +------------------------------------------------------------------- +Mon Mar 16 12:02:39 UTC 2020 - Pedro Monreal Gonzalez + +- Security fix: [bsc#1161517, CVE-2020-7595] + * xmlStringLenDecodeEntities in parser.c has an infinite loop in + a certain end-of-file situation +- Add libxml2-CVE-2020-7595.patch + +------------------------------------------------------------------- +Mon Mar 16 10:01:58 UTC 2020 - Tomáš Chvátal + +- Do not pull in the non-python deps on the python build + +------------------------------------------------------------------- +Sat Mar 14 10:56:14 UTC 2020 - Tomáš Chvátal + +- Revert the previous change and use multibuild to determine + supported flavors. + We need to be able to enable/disable pythons in prjconf and + multibuild directly clashes with that. + +------------------------------------------------------------------- +Sun Dec 15 17:56:15 UTC 2019 - Stefan Brüns + +- Build python2 and python3 bindings in separate flavors. As + python3-libxml2 is a dependency of e.g. itstools and thus many + other packages these packages no longer have a build dependency + on python2. Breaks a build loop for python2. + +------------------------------------------------------------------- +Thu Nov 28 15:32:58 UTC 2019 - Pedro Monreal Gonzalez + +- Since libxml2-2.9.10 perl-XML-LibXSLT fails to build: [bsc#1157450] + * Revert upstream commit to make xmlFreeNodeList non-recursive + https://github.com/GNOME/libxml2/commit/0762c9b69ba01628f72eada1c64ff3d361fb5716 +- Add patch libxml2-xmlFreeNodeList-recursive.patch + +------------------------------------------------------------------- +Fri Nov 15 17:59:54 UTC 2019 - Pedro Monreal Gonzalez + +- Version update to 2.9.10: + * Portability: + + Fix exponent digits when running tests under old MSVC + + Work around buggy ceil() function on AIX + + Don't call printf with NULL string in runtest.c + + Switched from unsigned long to ptrdiff_t in parser.c + + timsort.h: support older GCCs + + Make configure.ac work with older pkg-config + * Bug Fixes: + + Fix for conditional sections at end of document + + Make sure that Python tests exit with error code + + Audit memory error handling in xpath.c + + Fix error code in xmlTextWriterStartDocument + + Fix integer overflow when counting written bytes + + Fix uninitialized memory access in HTML parser + + Fix memory leak in xmlSchemaValAtomicType + + Disallow conditional sections in internal subset + + Fix use-after-free in xmlTextReaderFreeNodeList + + Fix Regextests + + Fix empty branch in regex + + Fix integer overflow in entity recursion check + + Don't read external entities or XIncludes from stdin + + Fix Schema determinism check of ##other namespaces + + Fix potential null deref in xmlSchemaIDCFillNodeTables + + Fix potential memory leak in xmlBufBackToBuffer + + Fix error message when processing XIncludes with fallbacks + + Fix memory leak in xmlRegEpxFromParse + + 14:00 is a valid timezone for xs:dateTime + + Fix memory leak in xmlParseBalancedChunkMemoryRecover + + Fix potential null deref in xmlRelaxNGParsePatterns + + Misleading error message with xs:{min|max}Inclusive + + Fix memory leak in xmlXIncludeLoadTxt + + Partial fix for comparison of xs:durations + + Fix null deref in xmlreader buffer + + Fix unability to RelaxNG-validate grammar with choice-based name class + + Fix unability to validate ambiguously constructed interleave for RelaxNG + + Fix possible null dereference in xmlXPathIdFunction + + fix memory leak in xmlAllocOutputBuffer + + Fix unsigned int overflow + + dict.h: gcc 2.95 doesn't allow multiple storage classes + + Fix another code path in xmlParseQName + + Make sure that xmlParseQName returns NULL in error case + + Fix build without reader but with pattern + + Fix memory leak in xmlAllocOutputBufferInternal error path + + Fix unsigned integer overflow + + Fix return value of xmlOutputBufferWrite + + Fix parser termination from "Double hyphen within comment" error + + Fix call stack overflow in xmlFreePattern + + Fix null deref in previous commit + + Fix memory leaks in xmlXPathParseNameComplex error paths + + Check for integer overflow in xmlXPtrEvalChildSeq + + Fix xmllint dump of XPath namespace nodes + + Fix float casts in xmlXPathSubstringFunction + + Fix null deref in xmlregexp error path + + Fix null pointer dereference in xmlTextReaderReadOuterXml + + Fix memory leaks in xmlParseStartTag2 error paths + + Fix memory leak in xmlSAX2StartElement + + Fix commit "Memory leak in xmlFreeID (xmlreader.c)" + + Fix NULL pointer deref in xmlTextReaderValidateEntity + + Memory leak in xmlFreeTextReader + + Memory leak in xmlFreeID (xmlreader.c) + * Improvements: + + Propagate memory errors in valuePush + + Propagate memory errors in xmlXPathCompExprAdd + + Make xmlFreeDocElementContent non-recursive + + Avoid ignored attribute warnings under GCC + + Make xmlDumpElementContent non-recursive + + Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE + + Mark xmlExp* symbols as removed + + Make xmlParseConditionalSections non-recursive + + Adjust expected error in Python tests + + Make xmlTextReaderFreeNodeList non-recursive + + Make xmlFreeNodeList non-recursive + + Make xmlParseContent and xmlParseElement non-recursive + + Remove executable bit from non-executable files + + Fix expected output of test/schemas/any4 + + Optimize build instructions in README + + xml2-config.in: Output CFLAGS and LIBS on the same line + + xml2-config: Add a --dynamic switch to print only shared libraries + + Annotate functions with __attribute__((no_sanitize)) + + Fix warnings when compiling without reader or push parser + + Remove unused member `doc` in xmlSaveCtxt + + Limit recursion depth in xmlXPathCompOpEvalPredicate + + Remove -Wno-array-bounds + + Remove unreachable code in xmlXPathCountFunction + + Improve XPath predicate and filter evaluation + + Limit recursion depth in xmlXPathOptimizeExpression + + Disable hash randomization when fuzzing + + Optional recursion limit when parsing XPath expressions + + Optional recursion limit when evaluating XPath expressions + + Use break statements in xmlXPathCompOpEval + + Optional XPath operation limit + + Fix compilation with --with-minimum + + Check XPath stack after calling functions + + Remove debug printf in xmlreader.c + + Always define LIBXML_THREAD_ENABLED when enabled + + Fix unused function warning in testapi.c + + Remove unneeded function pointer casts + + Fix -Wcast-function-type warnings (GCC 8) + + Fix -Wformat-truncation warnings (GCC 8) + * Cleanups: + + Rebuild docs + + Disable xmlExp regex code + + Remove redundant code in xmlRelaxNGValidateState + + Remove redundant code in xmlXPathCompRelationalExpr +- Rebase patch fix-perl.diff + +------------------------------------------------------------------- +Mon Sep 9 08:24:40 UTC 2019 - Tomáš Chvátal + +- Do not depend on setuptools to keep the depgraph small and + avoid build cycles + +------------------------------------------------------------------- +Fri Aug 2 13:08:40 UTC 2019 - Tomáš Chvátal + +- Use python[23]-libmxl2 as python names not python-libxml2-python + which is kinda confusing + +------------------------------------------------------------------- +Thu Aug 1 10:53:13 UTC 2019 - Tomáš Chvátal + +- Do not ship libtool archive anymore + +------------------------------------------------------------------- +Wed Jul 31 12:27:10 UTC 2019 - Pedro Monreal Gonzalez + +- Enable tests also in the python subpackages + +------------------------------------------------------------------- +Thu Jul 4 08:52:14 UTC 2019 - Pedro Monreal Gonzalez + +- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH + to avoid nodeset limit when processing large XML files [bsc#1135123] + * Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch + +------------------------------------------------------------------- +Mon Feb 25 08:40:16 UTC 2019 - Pedro Monreal Gonzalez + +- Merge python-libxml2-python spec and changes files into the + libxml2 ones using _multibuild [bsc#1126499, bsc#1123919] + +------------------------------------------------------------------- +Sat Jan 26 00:24:23 UTC 2019 - mgorse@suse.com + +- Version update to 2.9.9: + * Security: + + CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA + decompression (boo#1088279 boo#1105166). + + CVE-2018-14404 Fix nullptr deref with XPath logic ops + (boo#1102046). + * Bug fixes: + + Fix building relative URIs + + Problem with data in interleave in RelaxNG validation + + Fix memory leak in xmlSwitchInputEncodingInt error path + + Set doc on element obtained from freeElems + + Fix HTML serialization with UTF-8 encoding + + Use actual doc in xmlTextReaderRead*Xml + + Unlink node before freeing it in xmlSAX2StartElement + + Check return value of nodePush in xmlSAX2StartElement + + Free input buffer in xmlHaltParser + + Reset HTML parser input pointers on encoding failure + + Fix xmlSchemaValidCtxtPtr reuse memory leak + + Fix xmlTextReaderNext with preparsed document + + HTML noscript should not close p + + Don't change context node in xmlXPathRoot + * Improvements: + + Remove redefined starts and defines inside include elements + + Allow choice within choice in nameClass in RELAX NG + + Look inside divs for starts and defines inside include + + Add newlines to 'xmllint --xpath' output + + Don't include SAX.h from globals.h + + Support xmlTextReaderNextSibling w/o preparsed doc + + Improve restoring of context size and position + + Simplify and harden nodeset filtering + + Avoid unnecessary backups of the context node + + Fix inconsistency in xmlXPathIsInf +- Add libxml2-python3-string-null-check.patch: fix NULL pointer + dereference when parsing invalid data (bsc#1065270 + glgo#libxml2!15).). + +------------------------------------------------------------------- +Tue Mar 20 13:15:36 CET 2018 - kukuk@suse.de + +- Use %license instead of %doc [bsc#1082318] + +------------------------------------------------------------------- +Wed Mar 14 13:12:34 UTC 2018 - tchvatal@suse.com + +- Version update to 2.9.8: + * Various -Werror fixes and compilation updates as travis is now + used by upstream + * Few additional tests added for ICU operations +- Drop patch python3.6-verify_fd.patch merged upstream + +------------------------------------------------------------------- +Sat Nov 11 15:31:50 UTC 2017 - aavindraa@gmail.com + +- Version update to 2.9.7 release: + * Bug Fixes: + + xmlcatalog: restore ability to query system catalog easily + + Fix comparison of nodesets to strings + * Improvements: + + Add Makefile rules to rebuild HTML man pages + + Remove generated file python/setup.py from version control + + Fix mixed decls and code in timsort.h + + Rework handling of return values in thread tests + + Fix unused variable warnings in testrecurse + + Fix -Wimplicit-fallthrough warnings + + Upgrade timsort.h to latest revision + + Fix a couple of warnings in dict.c and threads.c + + Fix unused variable warnings in nanohttp.c + + Don't include winsock2.h in xmllint.c + + Use __linux__ macro in generated code + * Portability: + + Add declaration for DllMain + + Fix preprocessor conditional in threads.h + + Fix macro redefinition warning + + many Windows specific improvements + * Documentation: + + xmlcatalog: refresh man page wrt. quering system catalog easily +- Includes bug fixes from 2.9.6: + * Fix XPath stack frame logic + * Report undefined XPath variable error message + * Fix regression with librsvg + * Handle more invalid entity values in recovery mode + * Fix structured validation errors + * Fix memory leak in LZMA decompressor + * Set memory limit for LZMA decompression + * Handle illegal entity values in recovery mode + * Fix debug dump of streaming XPath expressions + * Fix memory leak in nanoftp + * Fix memory leaks in SAX1 parser +- Drop libxml2-bug787941.patch + * upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8 + +------------------------------------------------------------------- +Sat Nov 11 15:30:27 UTC 2017 - aavindraa@gmail.com + +- clean with spec-cleaner + +------------------------------------------------------------------- +Thu Oct 26 14:10:55 UTC 2017 - jmatejek@suse.com + +- libxml2-python3-unicode-errors.patch: work around an issue with + libxml2 supplied error strings being undecodable UTF-8 (bsc#1065270) + +------------------------------------------------------------------- +Mon Oct 2 15:59:57 UTC 2017 - jmatejek@suse.com + +- convert to singlespec, build a python 3 version +- change build instructions to use setup.py (and %python_build macros) + instead of makefile-based approach +- add python3.6-verify_fd.patch that fixes libxml2 on python 3.6 +- rename to python-libxml2-python to conform to package naming policy + (PyPI name is "libxml2-python") + +------------------------------------------------------------------- +Thu Sep 21 14:19:56 UTC 2017 - jengelh@inai.de + +- Update package summaries and RPM groups. Trim descriptions for + size on secondary subpackages. Replace install call by a + commonly-used macro. + +------------------------------------------------------------------- +Thu Sep 21 14:05:29 UTC 2017 - tchvatal@suse.com + +- Add patch to fix TW integration: + * libxml2-bug787941.patch + +------------------------------------------------------------------- +Sun Sep 10 09:54:07 UTC 2017 - tchvatal@suse.com + +- Version update to 2.9.5 release: + * Merged all the previous cve fixes that were patched in + * Few small tweaks +- Remove merged patches: + * libxml2-CVE-2016-4658.patch + * libxml2-CVE-2017-0663.patch + * libxml2-CVE-2017-5969.patch + * libxml2-CVE-2017-9047.patch + * libxml2-CVE-2017-9048.patch + * libxml2-CVE-2017-9049.patch + * libxml2-2.9.4-fix_attribute_decoding.patch + +------------------------------------------------------------------- +Thu Jun 15 13:12:25 UTC 2017 - pmonrealgonzalez@suse.com + +- Security fix: + * libxml2-CVE-2017-0663.patch [bsc#1044337, CVE-2017-0663] + * Fix Heap buffer overflow in xmlAddID + +------------------------------------------------------------------- +Wed Jun 14 14:15:38 UTC 2017 - pmonrealgonzalez@suse.com + +- Security fix: + * libxml2-CVE-2017-5969.patch [bsc#1024989, CVE-2017-5969] + * Fix NULL pointer deref in xmlDumpElementContent + +------------------------------------------------------------------- +Mon May 22 15:42:43 UTC 2017 - pmonrealgonzalez@suse.com + +- Security fixes: + * libxml2-CVE-2017-9049.patch [bsc#1039066] + * heap-based buffer overflow (xmlDictComputeFastKey func) + * libxml2-CVE-2017-9048.patch [bsc#1039063] + * stack overflow vulnerability (xmlSnprintfElementContent func) + * libxml2-CVE-2017-9047.patch [bsc#1039064] + * stack overflow vulnerability (xmlSnprintfElementContent func) + +------------------------------------------------------------------- +Tue Mar 7 11:42:23 UTC 2017 - pmonrealgonzalez@suse.com + +- Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in + XPointer ranges. Namespace nodes must be copied to avoid + use-after-free errors. But they don't necessarily have a physical + representation in a document, so simply disallow them in XPointer + ranges [bsc#1005544] [CVE-2016-4658] + +------------------------------------------------------------------- +Wed Jun 8 12:20:43 UTC 2016 - kstreitova@suse.com + +- add libxml2-2.9.4-fix_attribute_decoding.patch to fix attribute + decoding during XML schema validation [bnc#983288] + +------------------------------------------------------------------- +Fri May 27 14:22:55 UTC 2016 - psimons@suse.com + +- Update libxml2 to version libxml2-2.9.4. The new version is + resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835, + CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838, + CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and + CVE-2016-1762. + +- Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch, + 0001-Add-missing-increments-of-recursion-depth-counter-to.patch, + and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch. + +------------------------------------------------------------------- +Fri May 20 14:59:32 UTC 2016 - kstreitova@suse.com + +- add libxml2-2.9.3-bogus_UTF-8_encoding_error.patch to fix XML + push parser that fails with bogus UTF-8 encoding error when + multi-byte character in large CDATA section is split across + buffer [bnc#962796] + +------------------------------------------------------------------- +Tue May 3 11:40:42 UTC 2016 - sflees@suse.de + +- Add libxml2-2.9.1-CVE-2016-3627.patch to fix stack exhaustion + while parsing certain XML files in recovery mode (CVE-2016-3627, + bnc#972335). + +- Add 0001-Add-missing-increments-of-recursion-depth-counter-to.patch + to improve protection against Billion Laughs Attack (bnc#975947). + +------------------------------------------------------------------- +Tue Nov 24 16:12:35 UTC 2015 - rpm@fthiessen.de + +- Update to new upstream release 2.9.3 (bsc#954429): + * Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, + CVE-2015-1819, CVE-2015-7497, CVE-2015-7498, CVE-2015-5312, + CVE-2015-7499, CVE-2015-7500 and CVE-2015-8242 + * And other bugfixes +- Removed upstream fixed patches: + * libxml2-dont_initialize_catalog.patch + * 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch + * 0002-Adding-example-from-bugs-738805-to-regression-tests.patch + +------------------------------------------------------------------- +Mon Nov 3 17:13:24 UTC 2014 - vcizek@suse.com + +- fix a missing entities after CVE-2014-3660 fix + (https://bugzilla.gnome.org/show_bug.cgi?id=738805) + * added patches: + 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch + 0002-Adding-example-from-bugs-738805-to-regression-tests.patch + +------------------------------------------------------------------- +Mon Nov 3 10:01:23 UTC 2014 - vcizek@suse.com + +- fix a regression in libxml2 2.9.2 + * https://bugzilla.redhat.com/show_bug.cgi?id=1153753 +- add libxml2-dont_initialize_catalog.patch + +------------------------------------------------------------------- +Fri Oct 31 10:55:27 UTC 2014 - vcizek@suse.com + +- update to 2.9.2 + * drop libxml2-CVE-2014-3660.patch (upstream) + * add keyring to verify tarball + Security: + Fix for CVE-2014-3660 billion laugh variant + CVE-2014-0191 Do not fetch external parameter entities + Improvements: + win32/libxml2.def.src after rebuild in doc + elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() + elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode + Provide cmake module + Fix a couple of issues raised by make dist + Fix and add const qualifiers + Preparing for upcoming release of 2.9.2 + Fix zlib and lzma libraries check via command line + wrong error column in structured error when parsing end tag + doc/news.html: small update to avoid line join while generating NEWS. + Add methods for python3 iterator + Support element node traversal in document fragments + xmlNodeSetName: Allow setting the name to a substring of the currently set name + Added macros for argument casts + adding init calls to xml and html Read parsing entry points + Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c + Implement choice for name classes on attributes + Two small namespace tweaks + xmllint --memory should fail on empty files + Cast encoding name to char pointer to match arg type + +------------------------------------------------------------------- +Fri Oct 17 13:58:17 UTC 2014 - vcizek@suse.com + +- fix for CVE-2014-3660 (bnc#901546) + * denial of service via recursive entity expansion + (related to billion laughs) + * added libxml2-CVE-2014-3660.patch + +------------------------------------------------------------------- +Mon Aug 18 15:42:34 UTC 2014 - fcrozat@suse.com + +- Add obsoletes/provides to baselibs.conf. + +------------------------------------------------------------------- +Thu Jun 5 08:30:58 UTC 2014 - vcizek@suse.com + +- temporarily reverting libxml2-CVE-2014-0191.patch until there is a fix + that doesn't break other applications + +------------------------------------------------------------------- +Fri May 23 15:01:54 UTC 2014 - vcizek@suse.com + +- fix for CVE-2014-0191 (bnc#876652) + * libxml2: external parameter entity loaded when entity + substitution is disabled + * added libxml2-CVE-2014-0191.patch + +------------------------------------------------------------------- +Fri Aug 2 12:57:36 UTC 2013 - vcizek@suse.com + +- update to 2.9.1 + dropped patches (in upstream): + * libxml2-2.9.0-CVE-2012-5134.patch + * libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch + * libxml2-CVE-2013-1969.patch + New features: + * Support for Python3 + * Add xmlXPathSetContextNode and xmlXPathNodeEval + +------------------------------------------------------------------- +Sun Jul 7 06:00:42 UTC 2013 - coolo@suse.com + +- buildignore python to avoid build cycle + +------------------------------------------------------------------- +Thu Apr 18 14:07:49 UTC 2013 - vcizek@suse.com + +- fix for CVE-2013-1969 (bnc#815665) + * libxml2-CVE-2013-1969.patch + +------------------------------------------------------------------- +Thu Mar 7 13:28:59 UTC 2013 - vcizek@suse.com + +- fix for CVE-2013-0338 (bnc#805233) + libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch + +------------------------------------------------------------------- +Sat Dec 15 15:55:26 UTC 2012 - p.drouand@gmail.com + +- update to 2.9.0 version: + * please see the Changelog +- Updated patchs to get working with new version: + * libxml2-2.9.0-CVE-2012-5134.patch ( libxml2-CVE-2012-5134.patch ) + * fix-perl.diff + +------------------------------------------------------------------- +Fri Dec 7 10:49:11 UTC 2012 - vcizek@suse.com + +- Add libxml2-CVE-2012-5134.patch to fix CVE-2012-5134 (bnc#793334) + +------------------------------------------------------------------- +Sun Sep 23 19:40:30 UTC 2012 - dimstar@opensuse.org + +- Add a comment next to libxml2.la to make sure that anybody + removing it knows why it's there and reconsiders. + +------------------------------------------------------------------- +Sun Sep 23 19:28:04 UTC 2012 - coolo@suse.com + +- readd .la file, python-libxml2 needs it + +------------------------------------------------------------------- +Fri Sep 21 18:04:16 UTC 2012 - jengelh@inai.de + +- Remove .la files; make sure installation succeeds for + Fedora_17 target + +------------------------------------------------------------------- +Tue Jun 12 18:10:07 UTC 2012 - chris@computersalat.de + +- update to 2.8.0 + * please see ChangeLog for more info +- remove obsolete bigendian64 patch +- rebase fix-perl patch + +------------------------------------------------------------------- +Sun Mar 11 21:00:19 UTC 2012 - jengelh@medozas.de + +- libxml2-2 should not require libxml2-tools. There is no trouble + expected, since attempting to install libxml2 will already pull + in libxml2-tools due to Provides tags. + +------------------------------------------------------------------- +Mon Mar 5 10:18:12 UTC 2012 - coolo@suse.com + +- revert the two commits that broke perl-XML-LibXML's test case, + I hope the two upstreams will figure it out + +------------------------------------------------------------------- +Fri Mar 2 16:47:56 UTC 2012 - coolo@suse.com + +- update to git to fix some issues + * Fix a logic error in Schemas Component ConstraintsHEADmaster + * Fix a wrong enum type use in Schemas Types + +------------------------------------------------------------------- +Thu Mar 1 18:36:33 CET 2012 - meissner@suse.de + +- fixed a 64bit big endian bug in the file reader. + +------------------------------------------------------------------- +Sat Feb 25 13:50:54 UTC 2012 - coolo@suse.com + +- the fallout of requiring libxml2-tools as explicit buildrequire + is just too large, so avoid it for now and create a cycle between + libxml2-2 and libxml2-tools + +------------------------------------------------------------------- +Sat Feb 25 08:47:58 UTC 2012 - coolo@suse.com + +- fix version + +------------------------------------------------------------------- +Sat Feb 25 08:09:00 UTC 2012 - coolo@suse.com + +- add provide for the old name to fix packages with explicit + library dependency + +------------------------------------------------------------------- +Thu Feb 23 11:00:21 UTC 2012 - coolo@suse.com + +- renamed to python-libxml2 to follow python naming expectations +- do not require python but let rpm figure it out + +------------------------------------------------------------------- +Thu Feb 23 10:42:16 UTC 2012 - coolo@suse.com + +- update to today's GIT snapshot: + include XZ support +- split libxml2-2 according to shared library policy + +------------------------------------------------------------------- +Mon Dec 26 17:08:52 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections + +------------------------------------------------------------------- +Wed Dec 21 10:24:19 UTC 2011 - coolo@suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Tue Dec 20 11:05:01 UTC 2011 - coolo@suse.com + +- own aclocal directory, there is no other reason to buildrequire + automake + +------------------------------------------------------------------- +Fri Jul 8 08:52:06 UTC 2011 - saschpe@suse.de + +- update to libxml-2.7.8+git20110708 + - several important bugfixes +- drop upstreamed patches: + * libxml2-CVE-2010-4494.patch + * libxml2-CVE-2011-1944.patch + * noxref.patch + * symbol-versioning.patch + +------------------------------------------------------------------- +Wed Jun 29 09:05:59 UTC 2011 - puzel@novell.com + +- add libxml2-CVE-2011-1944.patch (bnc#697372) + +------------------------------------------------------------------- +Sun Jun 5 21:36:07 UTC 2011 - cshorler@googlemail.com + +- add symbol-versioning.patch to restore 11.3 versioned symbols + +------------------------------------------------------------------- +Mon Jan 3 09:21:20 UTC 2011 - puzel@novell.com + +- add libxml2-CVE-2010-4494.patch (bnc#661471) + +------------------------------------------------------------------- +Mon Dec 6 09:05:53 UTC 2010 - coolo@novell.com + +- buildrequire python-xml to fix build + +------------------------------------------------------------------- +Fri Dec 3 12:09:40 UTC 2010 - puzel@novell.com + +- update to libxml-2.7.8 + - number of bufixes, documentation and portability fixes + - update language ID parser to RFC 5646 + - sort python generated stubs + - add an HTML parser option to avoid a default doctype + - see http://xmlsoft.org/news.html for exact details +- drop libxml2-xpath-ns-attr-axis.patch (in upstream) +- clean up specfile + +------------------------------------------------------------------- +Mon Nov 1 10:00:04 UTC 2010 - puzel@novell.com + +- add libxml2-xpath-ns-attr-axis.patch (bnc#648277) + +------------------------------------------------------------------- +Sat Oct 30 22:45:22 UTC 2010 - cristian.rodriguez@opensuse.org + +- Use --disable-static + +------------------------------------------------------------------- +Mon Sep 20 11:36:31 UTC 2010 - puzel@novell.com + +- drop libxml2-largefile64.patch (revert last change) + - the issue is fixed in zlib + +------------------------------------------------------------------- +Fri Sep 17 16:28:46 UTC 2010 - puzel@novell.com + +- add libxml2-largefile64.patch (fixes build) + - debian bug#439843 + +------------------------------------------------------------------- +Wed Jul 14 20:05:00 UTC 2010 - jw@novell.com + +- added noxref.patch, + this implements a new --noxref option, which turns + validation errors about missing xrefs into warnings. + Upstreamed as https://bugzilla.gnome.org/show_bug.cgi?id=624386 + +------------------------------------------------------------------- +Sat Apr 24 09:50:01 UTC 2010 - coolo@novell.com + +- buildrequire pkg-config to fix provides + +------------------------------------------------------------------- +Wed Apr 7 16:34:29 UTC 2010 - coolo@novell.com + +- fix build + +------------------------------------------------------------------- +Tue Mar 23 23:46:00 CET 2010 - mrdocs@opensuse.org + +- update to 2.7.7 +- add extra options to ./configure for scribus features and avoid a crash +- updates from 2.7.3 > 2.7.7 include a number of portability, correctness + memory leaks and build fixes including some CVE +- see http://xmlsoft.org/news.html for exact details + +------------------------------------------------------------------- +Mon Feb 22 22:11:00 CET 2010 - mrdocs@opensuse.org + +- add sax parser option compiled in + +------------------------------------------------------------------- +Tue Dec 15 12:19:16 CET 2009 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Mon Dec 14 16:14:49 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source +- package documentation as noarch + +------------------------------------------------------------------- +Sun Aug 2 16:58:15 UTC 2009 - jansimon.moeller@opensuse.org + +- Disable the check for ARM as qemu-arm can't keep up atm. + +------------------------------------------------------------------- +Thu Mar 19 10:16:50 CET 2009 - prusnak@suse.cz + +- updated to 2.7.2 + * Portability fix: fix solaris compilation problem, + fix compilation if XPath is not configured in + * Bug fixes: nasty entity bug introduced in 2.7.0, restore old + behaviour when saving an HTML doc with an xml dump function, + HTML UTF-8 parsing bug, fix reader custom error handlers + (Riccardo Scussat) + * Improvement: xmlSave options for more flexibility to save + as XML/HTML/XHTML, handle leading BOM in HTML documents +- updated to 2.7.3 + * Build fix: fix build when HTML support is not included. + * Bug fixes: avoid memory overflow in gigantic text nodes, + indentation problem on the writed (Rob Richards), + xmlAddChildList pointer problem (Rob Richards and Kevin Milburn), + xmlAddChild problem with attribute (Rob Richards and Kris Breuker), + avoid a memory leak in an edge case (Daniel Zimmermann), + deallocate some pthread data (Alex Ott). + * Improvements: configure option to avoid rebuilding docs + (Adrian Bunk), limit text nodes to 10MB max by default, + add element traversal APIs, add a parser option to enable + pre 2.7 SAX behavior (Rob Richards), + add gcc malloc checking (Marcus Meissner), + add gcc printf like functions parameters checking (Marcus Meissner). +- dropped obsoleted patches: + * alloc_size.patch (mainline) + * CVE-2008-4225.patch (mainline) + * CVE-2008-4226.patch (mainline) + * CVE-2008-4409.patch (mainline) + * oldsax.patch (mainline) + * pritnf.patch (mainline) + * xmlsave.patch (mainline) + +------------------------------------------------------------------- +Mon Jan 12 17:21:59 CET 2009 - prusnak@suse.cz + +- added oldsax.patch to enable pre 2.7.0 sax behaviour [bnc#457056] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Tue Nov 25 16:00:27 CET 2008 - prusnak@suse.cz + +- fix broken xmlsave (xmlsave.patch) [bnc#437203] + +------------------------------------------------------------------- +Tue Nov 18 16:24:39 CET 2008 - prusnak@suse.cz + +- fixed CVE-2008-4225 [bnc#445677] + +------------------------------------------------------------------- +Thu Nov 6 12:02:25 CET 2008 - prusnak@suse.cz + +- fixed CVE-2008-4226 [bnc#441368] + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Mon Oct 6 14:50:38 CEST 2008 - prusnak@suse.cz + +- fixed CVE-2008-4409 [bnc#432486] + +------------------------------------------------------------------- +Tue Sep 9 17:01:12 CEST 2008 - meissner@suse.de + +- added GCC attribute alloc_size markup (alloc_size.patch) + +------------------------------------------------------------------- +Wed Sep 3 16:58:23 CEST 2008 - prusnak@suse.cz + +- updated to 2.7.1 + * Portability fix: Borland C fix (Moritz Both) + * Bug fixes: python serialization wrappers, XPath QName corner + case handking and leaks (Martin) + * Improvement: extend the xmlSave to handle HTML documents and trees + * Cleanup: python serialization wrappers + +------------------------------------------------------------------- +Wed Sep 3 16:57:46 CEST 2008 - prusnak@suse.cz + +- updated to 2.7.0 + * Documentation: switch ChangeLog to UTF-8, improve mutithreads and + xmlParserCleanup docs + * Portability fixes: Older Win32 platforms (Rob Richards), MSVC + porting fix (Rob Richards), Mac OS X regression tests (Sven Herzberg), + non GNUCC builds (Rob Richards), compilation on Haiku (Andreas Färber) + * Bug fixes: various realloc problems (Ashwin), potential double-free + (Ashwin), regexp crash, icrash with invalid whitespace facets (Rob + Richards), pattern fix when streaming (William Brack), various XML + parsing and validation fixes based on the W3C regression tests, reader + tree skipping function fix (Ashwin), Schemas regexps escaping fix + (Volker Grabsch), handling of entity push errors (Ashwin), fix a slowdown + when encoder cant serialize characters on output + * Code cleanup: compilation fix without the reader, without the output + (Robert Schwebel), python whitespace (Martin), many space/tabs cleanups, + serious cleanup of the entity handling code + * Improvement: switch parser to XML-1.0 5th edition, add parsing flags + for old versions, switch URI parsing to RFC 3986, + add xmlSchemaValidCtxtGetParserCtxt (Holger Kaelberer), + new hashing functions for dictionnaries (based on Stefan Behnel work), + improve handling of misplaced html/head/body in HTML parser, better + regression test tools and code coverage display, better algorithms + to detect various versions of the billion laughts attacks, make + arbitrary parser limits avoidable as a parser option +- dropped obsoleted patches: + * billion-laughs.patch (included in update) + +------------------------------------------------------------------- +Wed Aug 13 12:05:08 CEST 2008 - prusnak@suse.cz + +- fixed billion laughs vulnerability (billion-laughs.patch) [bnc#415371] + +------------------------------------------------------------------- +Fri Apr 11 14:34:30 CEST 2008 - prusnak@suse.cz + +- updated to 2.6.32 + * Documentation: + - returning heap memory to kernel (Wolfram Sang) + - trying to clarify xmlCleanupParser() use + - xmlXPathContext improvement (Jack Jansen) + - improve the *Recover* functions documentation + - XmlNodeType doc link fix (Martijn Arts) + * Bug fixes: + - internal subset memory leak (Ashwin) + - avoid problem with paths starting with // (Petr Sumbera) + - streaming XSD validation callback patches (Ashwin) + - fix redirection on port other than 80 (William Brack) + - SAX2 leak (Ashwin) + - XInclude fragment of own document (Chris Ryan) + - regexp bug with '.' (Andrew Tosh) + - flush the writer at the end of the document (Alfred Mickautsch) + - output I/O bug fix (William Brack) + - writer CDATA output after a text node (Alex Khesin) + - UTF-16 encoding detection (William Brack) + - fix handling of empty CDATA nodes for Safari team + - python binding problem with namespace nodes + - improve HTML parsing (Arnold Hendriks) + - regexp automata build bug + - memory leak fix (Vasily Chekalkin) + - XSD test crash + - weird system parameter entity parsing problem + - allow save to file:///X/ windows paths + - various attribute normalisation problems + - externalSubsetSplit fix (Ashwin) + - attribute redefinition in the DTD (Ashwin) + - fix in char ref parsing check (Alex Khesin) + - many out of memory handling fixes (Ashwin) + - XPath out of memory handling fixes (Alvaro Herrera) + - various realloc problems (Ashwin) + - UCS4 encoding conversion buffer size (Christian Fruth) + - problems with EatName functions on memory errors + - BOM handling in external parsed entities (Mark Rowe) + * Code cleanup: + - fix build under VS 2008 (David Wimsey) + - remove useless mutex in xmlDict (Florent Guilian) + - Mingw32 compilation fix (Carlo Bramini) + - Win and MacOS EOL cleanups (Florent Guiliani) + - iconv need a const detection (Roumen Petrov) + - simplify xmlSetProp (Julien Charbon) + - cross compilation fixes for Mingw (Roumen Petrov) + - SCO Openserver build fix (Florent Guiliani) + - iconv uses const on Win32 (Rob Richards) + - duplicate code removal (Ashwin) + - missing malloc test and error reports (Ashwin) + - VMS makefile fix (Tycho Hilhorst) + * improvements: + - better plug of schematron in the normal error handling (Tobias Minich) + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Mar 21 15:33:41 CET 2008 - vuntz@suse.de + +- Remove libxml2-2.6.31-gcc4.patch after discussion with upstream. + I compiled the package on all architectures without the patch + without any problem, and upstream doesn't see the point of the + patch. + +------------------------------------------------------------------- +Thu Mar 13 12:44:03 CET 2008 - rodrigo@suse.de + +- Upstream and tag patches + +------------------------------------------------------------------- +Thu Jan 24 11:58:17 CET 2008 - prusnak@suse.cz + +- rename rpmlintrc-libxml2-python to libxml2-python-rpmlintrc :) + +------------------------------------------------------------------- +Tue Jan 22 12:16:33 CET 2008 - prusnak@suse.cz + +- build --without-python to allow compilation from src.rpm + +------------------------------------------------------------------- +Tue Jan 22 12:15:23 CET 2008 - prusnak@suse.cz + +- rename rpmlintrc to rpmlintrc-libxml2-python + +------------------------------------------------------------------- +Tue Jan 15 13:59:58 CET 2008 - prusnak@suse.cz + +- updated to 2.6.31 + o security fix: + * missing of checks in UTF-8 parsing + o bug fixes: + * regexp bug + * dump attribute from XHTML document + * fix xmlFree(NULL) to not crash in debug mode + * Schematron parsing crash + * XSD crash due to double free + * indentation fix in xmlTextWriterFullEndElement + * error in attribute type parsing if attribute redeclared + * avoid crash in hash list scanner if deleting elements, column counter bug fix + * HTML embed element saving fix + * avoid -L/usr/lib output from xml2-config + * avoid an xmllint crash + * don't stop HTML parsing on out of range chars + o code cleanup: + * fix open() call third argument, + * regexp cut'n paste copy error, + * unused variable in __xmlGlobalInitMutexLock + * some make distcheck realted fixes + o improvements: + * HTTP Header: includes port number + * testURI --debug option +- removed obsolete patches: + * CVE-2007-6284.patch (included in update) + * open_create.patch (included in update) + +------------------------------------------------------------------- +Fri Jan 11 16:40:51 CET 2008 - sbrabec@suse.cz + +- Split documentation into a separate packages. +- Install devhelp documentation (#350918). +- Follow upstream documentation structure. +- Build again with strict aliasing. +- Removed s390* work-arounds. New gcc builds it again with -O2. + +------------------------------------------------------------------- +Tue Dec 18 11:16:26 CET 2007 - prusnak@suse.cz + +- fix libxml2 DoS (CVE-2007-6284.patch) [#349151] + +------------------------------------------------------------------- +Tue Dec 4 14:21:09 CET 2007 - prusnak@suse.cz + +- fix call to open() where 3rd parameter is needed (open_create.patch) + +------------------------------------------------------------------- +Tue Sep 18 15:53:03 CEST 2007 - sbrabec@suse.cz + +- Updated to version 2.6.30: + * Portability: Solaris crash on error handling, windows path + fixes, mingw build + * Bugfixes: xmlXPathNodeSetSort problem, leak when reusing a + writer for a new document, Schemas xsi:nil handling patch, + relative URI build problem, crash in xmlDocFormatDump, invalid + char in comment detection bug, fix disparity with + xmlSAXUserParseMemory, automata generation for complex regexp + counts problems, Schemas IDC import problems, xpath predicate + evailation error handling + +------------------------------------------------------------------- +Thu Sep 13 12:27:10 CEST 2007 - dmueller@suse.de + +- build on s390x + +------------------------------------------------------------------- +Tue Aug 28 14:50:50 CEST 2007 - prusnak@suse.cz + +- applied some fixes from 2.6.30 to fix regression that prevents + the documentation from updating to Beta2 [#300675] + (up30.patch) + +------------------------------------------------------------------- +Mon Aug 20 15:55:34 CEST 2007 - sbrabec@suse.cz + +- Commented out NoSource to provide comfortable rebuild. + +------------------------------------------------------------------- +Wed Jun 13 10:10:06 CEST 2007 - prusnak@suse.cz + +- updated to 2.6.29: + o bug fixes: + * fixed xmlBufferAdd problem + * regexp interpretation of '\' + * XPath number serialization + * nanohttp gzipped stream fix + * uri bug + * XPath string value of PI nodes + * XPath node set sorting bugs + * avoid outputting namespace decl dups in the writer + * xmlCtxtReset bug + * UTF-8 encoding error handling + * recustion on next in catalogs + * Relax-NG crash + * invalid character in attribute detection bug + o improved: + * keep URI query parts in raw form + * embed tag support in HTML +- dropped obsolete patches: + * pinode.patch (included in update) + +------------------------------------------------------------------- +Tue Jun 5 18:13:00 CEST 2007 - prusnak@suse.cz + +- suppress spurious-executable-perm for test scripts using rpmlintrc + +------------------------------------------------------------------- +Thu May 31 14:32:29 CEST 2007 - prusnak@suse.cz + +- moved tests to tests subdirectory in docdir +- cleaned spec file + +------------------------------------------------------------------- +Thu May 31 12:20:09 CEST 2007 - prusnak@suse.cz + +- fixed problem with xpath's string-value for a PI node + with no content (pinode.path) [#278173] +- cleaned spec file + +------------------------------------------------------------------- +Tue Apr 24 11:01:57 CEST 2007 - prusnak@suse.cz + +- updated to 2.6.28: + o bug fixes: + * XPath memory leak, node comparison error + * HTML parser autoclose stack usage + * various regexp fixes + * htmlCtxtReset fix + * invalid char in text XInclude + * fix the big string memory leak + * fix whitespace usage + * and many more ... see NEWS +- dropped obsoleted patches: + * null-retval.patch (included in update) + * tabs-spaces.patch (included in update) + +------------------------------------------------------------------- +Mon Apr 2 13:39:10 CEST 2007 - rguenther@suse.de + +- add zlib-devel BuildRequires + +------------------------------------------------------------------- +Thu Feb 22 10:38:52 CET 2007 - prusnak@suse.cz + +- fixed inconsistent use of tabs and spaces in indentation + (tabs-spaces.patch) by Andreas Hanke [#246203] + +------------------------------------------------------------------- +Thu Jan 25 14:06:57 CET 2007 - prusnak@suse.cz + +- fixed crash on ENOMEM (null-retval.patch) [#215223] + +------------------------------------------------------------------- +Tue Jan 9 18:39:48 CET 2007 - sbrabec@suse.cz + +- gnomeprefix changed to /usr. +- Removed obsolete PreReq. + +------------------------------------------------------------------- +Mon Dec 11 14:50:27 CET 2006 - ke@suse.de + +- 2.6.27; many improvements and bug fixes. For details, see the NEWS + file. +- Remove libxml2-xpath-1.318.patch (obsolete). + +------------------------------------------------------------------- +Tue Nov 28 12:20:54 CET 2006 - ke@suse.de + +- Do not install static Python module; reported by Andreas Hanke + [#223696]. + +------------------------------------------------------------------- +Tue Oct 17 16:10:08 CEST 2006 - ke@suse.de + +- Move manpage to devel subpackage; reported by Andreas Hanke [# + 212441]. + +------------------------------------------------------------------- +Tue Aug 15 09:12:27 CEST 2006 - ke@suse.de + +- Remove left-over SuSEconfig traces in %files list. + +------------------------------------------------------------------- +Mon Aug 14 17:03:43 CEST 2006 - ke@suse.de + +- Remove SuSEconfig related files completely. /etc/xml/catalog is now + provided by the sgml-skel package. + +------------------------------------------------------------------- +Wed Jun 28 17:06:32 CEST 2006 - ke@suse.de + +- Once the catalog is initialized, remove the SuSEconfig trigger + file; reported by Stanislav Brabec [# 188885]. + +------------------------------------------------------------------- +Tue Jun 27 11:04:10 CEST 2006 - ke@suse.de + +- Apply libxml2-xpath-1.318.patch from CVS: Do not return too many + nodes. + +------------------------------------------------------------------- +Fri Jun 16 15:04:22 CEST 2006 - ke@suse.de + +- 2.6.26; NEWS extract from http://xmlsoft.org/ : + * Bug fixes: encoding buffer problem, mix of code and data in xmlIO.c, + entities in XSD validation, various XSD validation fixes, memory leak + in pattern, attribute with colon in name, XPath leak inerror + reporting, XInclude text include of selfdocument. + * Xpath optimizations. + +------------------------------------------------------------------- +Tue May 16 14:05:07 CEST 2006 - ke@suse.de + +- 2.6.24; NEWS extract from http://xmlsoft.org/ : + * Improvements: XML catalog debugging; update to Unicode 4.01. + * Bug fixes: xmlParseChunk() problem in 2.6.23, + xmlParseInNodeContext() on HTML docs, comment streaming bug + xmlParseComment, regexp bug fixes, xmlGetNodePath on text/CDATA, one + Relax-NG interleave bug, XSD bugfixes, etc. + * Documentation: man pages updates and cleanups + * New features: + - Relax NG structure error handlers. + - xmlDOMWrapReconcileNamespaces xmlDOMWrapCloneNode. +- libxml2-python-whitespace.diff: Remove it, obsolete. + +------------------------------------------------------------------- +Fri Feb 17 20:08:36 CET 2006 - kukuk@suse.de + +- Don't install binaries in doc [#151897] + +------------------------------------------------------------------- +Wed Jan 25 21:37:49 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Mon Jan 16 17:00:19 CET 2006 - ke@suse.de + +- libxml2-python-whitespace.diff: Fix inconsistent use of tabs and + spaces in indentation in libxml2.py. Reported by Christoph Thiel; + thanks to Jan Matejek [# 143082]. + +------------------------------------------------------------------- +Mon Jan 9 09:40:26 CET 2006 - ke@suse.de + +- Update to version 2.6.23; NEWS extract from http://xmlsoft.org/ : + * Bug fixes (leaks, XPath, validation issue, etc.). + * Improvements (XSD Schemas redefinitions/restrictions, node copy + checks and fix for attribute, handle gzipped HTTP resources, etc.). + * Documentation. + +------------------------------------------------------------------- +Wed Dec 21 07:44:03 CET 2005 - aj@suse.de + +- Package /usr/include/libxml in -devel package. + +------------------------------------------------------------------- +Fri Sep 16 13:15:15 CEST 2005 - ke@suse.de + +- Update to version 2.6.22; NEWS from http://xmlsoft.org/ (extract + since .21): + * Bug fixes (too many to list here). + * Improvements on interfaces for schemas and RNG error reports. + * Optimization of the char data inner loop parsing. + * More lax mode for the HTML parser. + * XML Schemas improvements preparing for derive (Kasimier Buchcik). +- libxml2-printf.patch: Adjust it. +- xml-error-handling.patch: Obsolete. +- Remove misleading link flag statement; thanks for advise to Dirk + Mueller. + +------------------------------------------------------------------- +Tue Aug 9 17:16:32 CEST 2005 - ke@suse.de + +- Add missing require statement; reported by Ludwig Nussel [# 95216]. + +------------------------------------------------------------------- +Thu Jul 28 14:29:02 CEST 2005 - ke@suse.de + +- Fix error handling. Reported by Michael Radziej, apply fix from CVS + as proposed by JP Rosevear [# 98487]. + +------------------------------------------------------------------- +Mon Jul 11 09:22:07 CEST 2005 - ke@suse.de + +- Update to version 2.6.20; NEWS from + http://xmlsoft.org/: + * Major improvement in XSD Schemas. + * XSD Schemas streaming support (SAX and Reader), flagged as somewhat + experimental. + * New DOM importing functions + * Various build and bug fixes, including memory leaks; for details + check the NEWS file. + +------------------------------------------------------------------- +Wed Apr 6 22:11:38 CEST 2005 - meissner@suse.de + +- make build again on gcc >= 4, added parallel make. + +------------------------------------------------------------------- +Mon Apr 4 10:05:48 CEST 2005 - ke@suse.de + +- Update to version 2.6.19; NEWS (extract since .18) from + http://xmlsoft.org/: + * Bugfixes: xmlSchemaElementDump namespace, push and xmlreader + stopping on non-fatal errors, thread support for dictionnaries + reference counting, internal subset and push problem, URL saved in + xmlCopyDoc, various schemas bug fixes, Python paths fixup, + xmlGetNodePath and namespaces, xmlSetNsProp fix, warning should not + count as error, xmlCreatePushParser empty chunk, XInclude parser + flags, xmlTextWriterStartAttributeNS fix, xmlWriter bugs, + xmlSearchNsByHref fix, Python binding leak, aliasing bug exposed by + gcc4 on s390, xmlTextReaderNext bug, Schemas decimal type fixes, + xmlByteConsumed static buffer, schemas type decimal fixups, xmmlint + return code, workaround "DAV:" namespace brokeness in c14n segfault + in Schemas, Schemas attribute validation, Prop related functions and + xmlNewNodeEatName, HTML serialization of name attribute on a + elements, Python error handlers leaks and improvement, Relax-NG + validation bug, xmlSAXParseDoc and xmlParseDoc signatures, switched + back to assuming UTF-8 in case no encoding is given at serialization + time. + * improvement: speedup parsing comments and DTDs, dictionnary support + for hash tables, Schemas Identity constraints, streaming XPath + subset, xmlTextReaderReadString added, Schemas canonical values + handling, add xmlTextReaderByteConsumed, add a --nodict mode to + xsltproc to check problems for documents without dictionnaries. + +------------------------------------------------------------------- +Fri Apr 1 15:57:07 CEST 2005 - meissner@suse.de + +- disable visibility hacks for gcc >= 4 + +------------------------------------------------------------------- +Mon Jan 24 11:11:19 CET 2005 - meissner@suse.de + +- specify printf format attributes to check for bad format string use. + +------------------------------------------------------------------- +Mon Jan 17 14:33:36 CET 2005 - ke@suse.de + +- Update to version 2.6.17; NEWS (extract) from http://xmlsoft.org/: + * Bug fixes: + xmlTextReaderHasAttributes, xmlCtxtReadFile() to use the catalog(s), + loop on output, XPath memory leak, ID deallocation problem, + xmlStopParser bug, UTF-16 with BOM on DTDs, namespace bug on empty + elements in push mode, line and col computations fixups, + xmlURIEscape fix, xmlXPathErr on bad range, patterns with too many + steps, and more. + * Improvements: + XSD Schemas, python generator, xmlUTF8Strpos speedup, Python __str__ + call serialize(), and more. + * New APIs: + Add xmlDictExists(), GetLineNumber and GetColumnNumber for the + xmlReader, Dynamic Shared Libraries APIs, error extraction API from + regexps, and new XMLSave option for format. + * Documentation improvements. + +------------------------------------------------------------------- +Wed Nov 24 15:16:19 CET 2004 - mcihar@suse.cz + +- use rpm macros to build correcly with current python + +------------------------------------------------------------------- +Thu Nov 11 08:30:13 CET 2004 - ke@suse.de + +- Update to version 2.6.16; NEWS (extract) from http://xmlsoft.org/: + * Important bug fix release, it also fixes main bugs raised against + 2.6.15 and memory leaks found by automated testing of the API. + * Documentation update. + * Provide DTD validation APIs at the Python level. + +------------------------------------------------------------------- +Thu Oct 28 08:40:59 CEST 2004 - ke@suse.de + +- Update to version 2.6.15; NEWS (extract) from http://xmlsoft.org/: + * Security fixes on the nanoftp and nanohttp modules: + http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0 + * Bug fixes: HTML parser on broken ASCII chars in names, Python paths, + xmlHasNsProp and default namespace, DTD lookup fix, save back + in catalogs, tree build fixes, Schemas memory bug and + another memory leak, xmlValidateDtd in the presence of an internal + subset, entities and _private problem, xmlBuildRelativeURI error, + and more. + * Improvements: Better XInclude error reports, tree debugging module + and tests, convenience functions at the Reader API, add support for + PI in the HTML parser. + +------------------------------------------------------------------- +Thu Oct 7 16:13:38 CEST 2004 - ke@suse.de + +- Update to version 2.6.14; NEWS since version 2.6.13: + * Fix and cleanup XML schemas, + UTF-8 issues, fix default namespace problem, + encoding error could genrate a + serialization loop, XInclude testing, Notation serialization, and + other bugs. + * Improveme schemas validity, added --path and --load-trace options to + xmllint. + * Enhance Python support. + * Documentation: tutorial update. +- Drop obsolete NS patch. + +------------------------------------------------------------------- +Tue Sep 7 11:50:52 CEST 2004 - ke@suse.de + +- libxml2-default-ns.patch: Fix problem with namespaces; provided by + William M. Brack [# 44214]. + +------------------------------------------------------------------- +Mon Aug 23 07:30:54 CEST 2004 - ke@suse.de + +- Update to version 2.6.12; NEWS (extract) from http://xmlsoft.org/: + * Better XSD Schemas support. + * Python binding improvements + * Enhancement of command line tools. + * Documentation fixes. + * Various bug fixes (RVT, XPath context resets bug, catalog white + space handling, xmlReader state after attribute reading, out of + Memory conditions handling, htmlNewDoc() charset, notation + serialization, etc.). + +------------------------------------------------------------------- +Wed Jul 21 09:06:53 CEST 2004 - bg@suse.de + +- disable elfgcchack for hppa to produce working binaries. + +------------------------------------------------------------------- +Wed Jul 14 13:46:41 CEST 2004 - ke@suse.de + +- Update to version 2.6.11; NEWS (extract) from http://xmlsoft.org/: + * Bugfixes and improvements to XML Schemas support. + * Update to the documentation tutorial and man pages. + * Bugfixes: + C14N bug serializing namespaces, empty node set in XPath, XInclude + xml:base generation, XInclude fallback problem, XPointer and + xml:base problem, Reader and entities, xmllint related fixes, DTD + serialization problem xmlReader fixes, Python bindings improvement, + fix the push parser, URI escaping and filemanes, XHTML1 formatting, + reverse xmlEncodeSpecialChars() behaviour back to escaping '"', etc. + * improvements: + custom per-thread I/O enhancement, dynamically increase the number + of XPath extension functions in Python and fix a memory leak, + make xmlTextReaderMode public, + * Increase performance. + +------------------------------------------------------------------- +Mon Apr 19 17:18:11 CEST 2004 - ke@suse.de + +- Update to version 2.6.9; NEWS (extract) from http://xmlsoft.org/: + * implement xml:id Working Draft, relaxed XPath id() checking. + * bugfixes: xmlCtxtReset, line number and CDATA, Regexp patches, + xmlUriEscape, Relax-NG bugs, XInclude duplicate + fallback, external DTD encoding detection, a DTD + validation bug, xmlReader Close() fix, recusive extention + schemas. + * various improvements an performance patches. + * documentation fixes. +- Remove obsolete patches (libxml2-parser.patch, + libxml2-xpath-memleak.patch, libxml2-nanohttp-fd-close.patch). + +------------------------------------------------------------------- +Wed Mar 24 11:49:19 CET 2004 - ke@suse.de + +- libxml2-nanohttp-fd-close.patch: add a close for the local file + descriptor by William Brack (from libxml2 CVS). +- libxml2-xpath-memleak.patch: fix a memory leak (xmlXPathLangFunction) + by William Brack (from libxml2 CVS); reported by Mike Hommey. + +------------------------------------------------------------------- +Thu Mar 18 10:45:38 CET 2004 - ke@suse.de + +- Do not install pre-compiled examples; reported by Dirk Mueller [# + 36382]. + +------------------------------------------------------------------- +Thu Mar 11 11:47:27 CET 2004 - ke@suse.de + +- Fix memory leak in parser.c. Patch by Daniel Veillard (from libxml2 + CVS), reported by Holger Rauch. + +------------------------------------------------------------------- +Tue Feb 24 10:32:41 CET 2004 - ke@suse.de + +- Update to version 2.6.7; NEWS (extract) from http://xmlsoft.org/: + Mostly small bugfixes and performances improvements: + * Documentation: tutorial updates. + * xmlWriter: updates and fixes. + * XPath optimization. + * DTD ID handling optimization. + * Python: 2.3 compatibility, whitespace fixes. + * Add relaxng option to xmllint --shell . +- Add -fno-strict-aliasing to CFLAGS. + +------------------------------------------------------------------- +Mon Feb 23 13:48:22 CET 2004 - ke@suse.de + +- Support C++ exceptions; reported by Ulrich Heinen [# 34865]. + +------------------------------------------------------------------- +Thu Feb 19 15:06:33 CET 2004 - ke@suse.de + +- libxml2-id-idref-validation.patch: Remove a non-linear behaviour from + ID/IDREF by Daniel Veillard (from libxml2 CVS). + +------------------------------------------------------------------- +Fri Feb 13 10:03:21 CET 2004 - ke@suse.de + +- Update to version 2.6.6; NEWS (extract) from http://xmlsoft.org/: + Mostly a bug fixes including potentially dangerous buffer overflows + discovered in the FTP and HTTP URL parsing code (historical it was + written before the module uri.c, ideally that code should now be + dropped); also a couple of minor API enhancements: + * nanohttp and nanoftp: buffer overflow error on URI parsing. + * bugfixes: make test and path issues, xmlWriter attribute + serialization, xmlWriter indentation , schemas validation, XInclude + dictionnaries issues, XInclude empty fallback, HTML warnings, + XPointer in XInclude, Python namespace serialization, isolat1ToUTF8 + bound error, output of parameter entities in internal subset, + internal subset bug in push mode, fix. + * XInclude: allow the 2001 namespace without warning. + * reader API: structured error reporting + * Parsers: added xmlByteConsumed(ctxt) API to get the byte offest in + input. + +------------------------------------------------------------------- +Mon Jan 26 13:46:38 CET 2004 - ke@suse.de + +- Update to version 2.6.5; NEWS (extract) from http://xmlsoft.org/: + * Bugfixes: dictionnaries for schemas, regexp segfault, xs:all + problem, a number of XPointer bugfixes, xmllint error go to stderr, + DTD validation problem with namespace, memory leak, SAX1 cleanup and + minimal options fixes, parser context reset on error, XPath union + evaluation problem, xmlReallocLoc with NULL, XML Schemas double + free, XInclude with no href, argument callbacks order for XPath + callbacks. + * Documentation enhancements. + * Python bindings: fixes, enum support, structured error reporting, + problem related to dictionnary references, recursion. + * xmlWriter: indentation, memory leaks. + * xmlSchemas: normalizedString datatype. + * Parser optimizations, a few new XPath and dictionnary APIs for + future XSLT optimizations. + +------------------------------------------------------------------- +Sat Jan 10 14:00:30 CET 2004 - adrian@suse.de + +- build as user + +------------------------------------------------------------------- +Fri Jan 9 17:29:03 CET 2004 - adrian@suse.de + +- add %run_ldconfig to %postun + +------------------------------------------------------------------- +Wed Jan 7 15:59:53 CET 2004 - ke@suse.de + +- Update to version 2.6.4; NEWS (extract) from http://xmlsoft.org/: + * Fix serious XInclude problems. + * Documentation improvements. + * example fix (Lucas Brasilino) + * Various bugfixes: xmlTextReaderExpand() with xmlReaderWalker, + XPath handling of NULL strings, API building reader or parser + from filedescriptor should not close it, changed XPath + sorting to be stable again, xmlGetNodePath() generating + '(null)', DTD validation and namespace bug, + XML Schemas double inclusion behaviour. + +------------------------------------------------------------------- +Thu Dec 11 12:17:51 CET 2003 - ke@suse.de + +- Update to version 2.6.3; NEWS (extract) from http://xmlsoft.org/: + Cleanup release (documentation, small bug fixes and enhancements). + Upgrade XInclude support to the latest draft; this includes namespace + changes (in case of XInclude warnings, you must fix your documents). + * Add a repository of examples. + * Unicode range checking. + * UTF-16 cleanup and BOM issues. + * Bug fixes: ID and xmlReader validation, XPath, xmlWriter, hash.h + inclusion problem, HTML parser, attribute defaulting and validation, + some serialization cleanups, XML_GET_LINE macro, memory debug when + using threads, serialization of attributes and entities content, + xmlWriter. + * XInclude bugfix, new APIs and update to the last version including + the namespace change. + * XML Schemas improvements. + * Preliminary pattern support for streaming. +- Drop obsolete patch (libxml2-2.6.2-include.patch). + +------------------------------------------------------------------- +Wed Nov 12 12:38:09 CET 2003 - ke@suse.de + +- For libxml2-devel require zlib-devel and readline-devel; reported by + Tobias Reif. + +------------------------------------------------------------------- +Fri Nov 7 01:10:47 CET 2003 - ro@suse.de + +- change include file hash.h + define types used in parser.h before including + +------------------------------------------------------------------- +Wed Nov 5 12:09:56 CET 2003 - ke@suse.de + +- Update to version 2.6.2; NEWS (extract) from http://xmlsoft.org/: + * API additions (should still be API and ABI compatible) and + performance gains. + * API to screate a W3C Schemas from an existing document. + * Deactivate the broken docBook SGML parser code and plug the XML + parser instead. + * Enable IPv6 support. + * Switch to a SAX2 like parser rewrote most of the XML parser core, + provides namespace resolution and defaulted attributes, minimize memory + allocations and copies, namespace checking and specific error handling, + immutable buffers, make predefined entities static structures, etc... + * Schemas: base64 support. + * Parser<->HTTP integration fix, proper processing of the Mime-Type + and charset informations if available. + * Relax-NG: bug fixes. + * Documentation fixes. + * Bug fixes: xmlCleanupParser, threading uninitialized mutexes, HTML + doctype lowercase, SAX/IO, compression detection and restore, + attribute declaration in DTDs, namespace on attribute in HTML output, + input filename, namespace DTD validation, xmlReplaceNode, I/O + callbacks, CDATA serialization, xmlReader, high codepoint charref + like 􏿿, buffer access in push mode, XPath bug, + xmlCleanupParser, CDATA output, HTTP error handling. + Mandatory encoding in text decl, serializing Document Fragment + nodes, + XPath context unregistration fixes, text node coalescing fixes, + stdin parsing fix, a posteriori DTD validation fixes and other fixes. + * xmllint options: --dtdvalidfpi, --sax1 for compat testing, --nodict + for building without tree dictionnary, --nocdata to replace CDATA by + text, --nsclean to remove surperfluous namespace declarations. + * Always generate line numbers when using the new xmlReadxxx functions + * Add XInclude support to the xmlReader interface. + * Implement XML_PARSE_NONET parser option. + * DocBook XSLT processing bug fixed. + * HTML serialization for

elements. + * XPointer failure in XInclude are now handled as resource errors. + * Fix xmllint --html to use the HTML serializer on output (add --xmlout + to implement the previous behaviour of saving it using the XML + serializer). + +------------------------------------------------------------------- +Tue Oct 7 13:31:57 CEST 2003 - ke@suse.de + +- Update to version 2.5.11: + * Fix bug in Relax-NG. + * Fix crash when using multithreaded programs. + +------------------------------------------------------------------- +Fri Aug 29 17:45:40 CEST 2003 - mcihar@suse.cz + +- require same python version as it was built with + +------------------------------------------------------------------- +Fri Aug 29 14:03:42 CEST 2003 - kukuk@suse.de + +- Add %verify tag to /var/adm/SuSEconfig/run-libxml2 + +------------------------------------------------------------------- +Wed Aug 27 16:48:11 CEST 2003 - ke@suse.de + +- Add readline-devel to neededforbuild and enable history/readline + support for xmllint; proposed by Thomas Schreitle. + +------------------------------------------------------------------- +Fri Aug 15 16:44:47 CEST 2003 - ke@suse.de + +- Update to version 2.5.10; NEWS from http://xmlsoft.org/: + * Bugfixes: UTF-16 support, HTML parser, xmlSAXParseDTD(). + * Improve XInclude performance problem + * Improve XML parser performance. + +------------------------------------------------------------------- +Thu Aug 14 14:52:37 CEST 2003 - ke@suse.de + +- Update to version 2.5.9; NEWS from http://xmlsoft.org/: + * Bugfixes: IPv6 portability, xmlHasNsProp, Schemas, threading, + hexBinary type, UTF-16 BOM, xmlReader, namespace handling, EXSLT, HTML + parsing problem, DTD validation for mixed content + namespaces, + HTML serialization, library initialization, progressive HTML parser. + * Better interfaces for Relax-NG error handling. + * Add xmlXIncludeProcessTree() for XInclud'ing in a subtree. + * Doc fixes and improvements. + * New UTF-8 helper functions. + * General encoding cleanup + ISO-8859-x without iconv. + * xmlTextReader cleanup + enum for node types. + +------------------------------------------------------------------- +Tue Jul 8 18:15:31 CEST 2003 - ke@suse.de + +- Update to version 2.5.8; NEWS from http://xmlsoft.org/: + * Bugfixes: XPath, XInclude, file/URI mapping, UTF-16 save, UTF-8 + checking, URI saving, error printing, PI related memleak, + compilation without schemas or without xpath, xmlUnlinkNode problem + with DTDs, xmlIOParseDTD, and xmlSAXParseDTD. + * Fix multithreading lock problems. + * IPv6 patch for FTP and HTTP accesses. + * A few W3C Schemas Structure improvements. + * W3C Schemas Datatype improvements. + * Python bindings for thread globals, and method/class generator. + * Add --nonet option to xmllint. + * Documentation improvements. +- libxml2-2.5.8-mutex.patch provided by Daniel Veillard. + +------------------------------------------------------------------- +Thu Jun 12 13:29:04 CEST 2003 - kukuk@suse.de + +- Add gnome directories to filelist + +------------------------------------------------------------------- +Mon May 26 12:07:39 CEST 2003 - ke@suse.de + +- Remove unwanted files from $RPM_BUILD_ROOT. + +------------------------------------------------------------------- +Mon Apr 28 12:58:31 CEST 2003 - ke@suse.de + +- Update to version 2.5.7; NEWS from http://xmlsoft.org/: + * Relax-NG: Compiling to regexp and streaming validation on top of + the xmlReader interface, add --stream to xmllint. + * xmlReader: Expand(), Next() and DOM access glue, bug fixes. + * Support for large files: RGN validated a 4.5GB instance. + * Thread support is now configured in by default. + * Fixes: update of the Trio code, WXS Date and Duration fixes, DTD + and namespaces, + HTML push parser and zero bytes handling, behaviour of the parser + and validator in the presence of "out of memory" error conditions. + * Extend the API to be able to plug a garbage collecting memory + allocator, add xmlMallocAtomic() and modified the allocations + accordingly. + * Performances: remove excessive malloc() calls, speedup of the + push and xmlReader interfaces, remove excessive thread locking. + * Documentation: man page, xmlReader documentation + * Python: add binding for xmlCatalogAddLocal. + +------------------------------------------------------------------- +Wed Apr 2 13:12:30 CEST 2003 - ke@suse.de + +- Update to version 2.5.6; NEWS from http://xmlsoft.org/: + * Fix W3C XML Schemas datatype, should be compliant now except + for binHex and base64 which are not supported yet. + * Bug fix: non-ASCII IDs, HTML output, XInclude on large docs and + XInclude entities handling, encoding detection on external subsets, + XML Schemas bugs and memory leaks, HTML parser. + * improved error reporting: xml:space, start/end tag mismatches, Relax + NG errors. +- Frop obsolete trio patch. + +------------------------------------------------------------------- +Wed Mar 26 12:11:02 CET 2003 - ke@suse.de + +- Update to version 2.5.5; NEWS from http://xmlsoft.org/: + * Fixes on the Relax NG implementation. + * Increase support for W3C XML Schemas datatype. + * Bug fixes in the URI handling layer. + * Bug fixes: HTML parser, xmlReader, DTD validation, XPath, encoding + conversion, line counting in the parser. + * Add support for $XMLLINT_INDENT environment variable, FTP delete. +- Apply patch by Albert Chin to enable use of trio libraries in Python. + +------------------------------------------------------------------- +Thu Feb 20 09:27:57 CET 2003 - ke@suse.de + +- Add /usr/bin/install to PreReq; reported by Thorsten Kukuk + [# 23891]. + +------------------------------------------------------------------- +Tue Feb 11 13:44:51 CET 2003 - ke@suse.de + +- Update to version 2.5.3; NEWS from http://xmlsoft.org/: + A bugfix release. Relax-NG and XML Schemas datatypes stabilization: + * RelaxNG and XML Schemas datatypes improvements; first version of + RelaxNG Python bindings. + * Fixes: XLink, XInclude, API fix for serializing namespace nodes, + encoding conversion bug, XHTML1 serialization. + +------------------------------------------------------------------- +Thu Feb 6 16:49:17 CET 2003 - ro@suse.de + +- fix specfile + +------------------------------------------------------------------- +Thu Feb 6 10:23:12 CET 2003 - ke@suse.de + +- Update to version 2.5.2; NEWS from http://xmlsoft.org/: + First release with the RelaxNG validation code. Schemas support is + also configured in by default now. All this code is still of alpha + quality. + This release also includes a number of fixes and some API improvements: + * First implementation of RelaxNG, added --relaxng flag to xmllint. + * Schemas support now compiled in by default. + * Bug fixes: DTD validation, namespace checking, XInclude and entities, + delegateURI in XML Catalogs, HTML parser, XML reader, XPath parser + and evaluation, UTF8ToUTF8 serialization, XML reader memory + consumption, HTML parser, HTML serialization in the presence of + namespaces. + * Add an HTML API to check elements and attributes. + * Documentation improvement. + * Add python bindings for XPointer, contextual error reporting. + * Fix URI/file escaping problems. +- Remove obsolete README.SuSE. + +------------------------------------------------------------------- +Thu Jan 9 12:57:25 CET 2003 - ke@suse.de + +- Update to version 2.5.1; NEWS from http://xmlsoft.org/: + * New XmltextReader interface based on C# API; + cf. http://xmlsoft.org/xmlreader.html . + * XInclude fallback fix. + * Python: bindings for the new API, packaging, drv_libxml2.py Python + xml.sax driver, fixes, speedup and iterators for Python-2.2. + * Tutorial fixes, xmllint man update. + * Fix an XML parser bug. + * Entities handling fixes + * new API to optionally track node creation and deletion. + * Added documentation for the XmltextReader interface and some XML guidelines + +------------------------------------------------------------------- +Thu Dec 12 14:43:02 CET 2002 - ke@suse.de + +- Update to version 2.4.30; NEWS from http://xmlsoft.org/: + * Main changes are the addition of a new API set closely based on + the C#/ECMA-334 XmlTextReader interface, allowing to scan an XML + document in a forward only way but in (near) constant memory size. + * Fix for prev in python bindings. + * Fix for entities handling (Marcus Clarke), replacing patch from + 2002-12-02. + * Refactor the XML and HTML dumps to a single code path, fix XHTML1 + dump. + * Fix for URI parsing when handling URNs with fragment identifiers + * Fix for HTTP URL escaping problem. + * Adde an TextXmlReader (C#) like API (work in progress). + * Rewrote the API in XML generation script, includes a C parser and saves + more informations needed for C# bindings. + +------------------------------------------------------------------- +Mon Dec 2 16:33:51 CET 2002 - ke@suse.de + +- Fix "Entity in Entity processing"; patch provided by DV. + Cf. [# 22208]. + +------------------------------------------------------------------- +Tue Nov 26 16:12:56 CET 2002 - ro@suse.de + +- split libxml2-python to own specfile + (libxml2 is turning more and more into a base package + and python requires a lot of other things to build) + +------------------------------------------------------------------- +Mon Nov 25 14:04:55 CET 2002 - ke@suse.de + +- Update to version 2.4.28; NEWS from http://xmlsoft.org/: + * Fix a couple of python binding bugs. + * Fix 2 bugs in the XML push parser. + * Remove potential memory leak. + * Add encoding support for XInclude parse="text". + * Autodetect XHTML1 and add specific serialization rules. + * Fix threading bug. + +------------------------------------------------------------------- +Mon Nov 18 10:48:18 CET 2002 - ke@suse.de + +- Update to version 2.4.27; NEWS from http://xmlsoft.org/: + * Fix Python bindings. + * A number of bug fixes: SGML catalogs, xmlParseBalancedChunkMemory(), + HTML parser, Schemas, document fragment support, xmlReconciliateNs, + XPointer, xmlFreeNode(), xmlSAXParseMemory, xmlGetNodePath, + entities processing. + * Add grep to xmllint --shell. + * Improvement documentation. +- Don't apply obsolete revert-.25-.26.dif patch. + +------------------------------------------------------------------- +Mon Nov 4 14:48:08 CET 2002 - adrian@suse.de + +- revert catalog separator change, accepting ":" again. + libxml2 is using anyway ":" internal, even when a " " separator + is given + +------------------------------------------------------------------- +Wed Oct 30 23:51:46 CET 2002 - ro@suse.de + +- removed patch call for removed patch + +------------------------------------------------------------------- +Wed Oct 30 13:32:32 CET 2002 - ke@suse.de + +- Drop libxml2-2.4.19-xml2-config.dif to avoid header file conflicts + with C++; reported by Andreas Mueller [# 21427]. + +------------------------------------------------------------------- +Tue Oct 29 15:20:31 CET 2002 - ke@suse.de + +- Update to version 2.4.26; NEWS from http://xmlsoft.org/: + * Fix the validation code (DTD and Schemas), xmlNodeGetPath() , + HTML serialization, Namespace compliance, and a number of small + problems. +- "valid" patches are obsolete with his update. + +------------------------------------------------------------------- +Fri Oct 11 12:03:30 CEST 2002 - ke@suse.de + +- valid.c: Fix uninitialized memory block (patch by Daniel Veillard). + +------------------------------------------------------------------- +Tue Oct 8 15:08:04 CEST 2002 - ke@suse.de + +- Update to version 2.4.25; NEWS from http://xmlsoft.org/: + * A number of bug fixes: XPath, validation, DOM and tree, XML I/O, + HTML. + * Fix and improve Python bindings. + * Fix HTML