Accepting request 1238553 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to 2.13.5:
  * Regressions:
    - xmlIO: Fix reading from non-regular files like pipes
    - xmlreader: Fix return value of xmlTextReaderReadString
    - parser: Fix loading of parameter entities in external DTDs
    - parser: Fix downstream code that swaps DTDs
    - parser: Fix detection of duplicate attributes
    - string: Fix va_copy fallback
  * Bug fixes:
    - xpath: Fix parsing of non-ASCII names
- Update to 2.13.4:
  * Regressions:
    - parser: Make unsupported encodings an error in declarations
    - io: don't set the executable bit when creating files
    - xmlcatalog: Improved fix for #699
    - Revert "catalog: Fetch XML catalog before dumping"
    - io: Add missing calls to xmlInitParser
    - tree: Restore return value of xmlNodeListGetString with NULL list
    - parser: Fix error handling after reaching limit
    - parser: Make xmlParseChunk return an error if parser was stopped
  * Bug fixes:
    - python: Fix SAX driver with character streams
  * Improvements:
    - xpath: Make recursion check work with xmlXPathCompile
    - parser: Report at least one fatal error
- Update to 2.13.3:
  * Security:
    - [bsc#1234812, CVE-2024-40896] Fix XXE protection in downstream code
  * Regressions:
    - autotools: Use AC_CHECK_DECL to check for getentropy

OBS-URL: https://build.opensuse.org/request/show/1238553
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=230

libxml2-2.12.9.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:59912db536ab56a3996489ea0299768c7bcffe57169f0235e7f962a91f483590
-size 2643456

libxml2-2.13.5.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:74fc163217a3964257d3be39af943e08861263c4231f9ef5b496b6f6d4c7b2b6
+size 2586872

libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch

@@ -2,10 +2,10 @@
  xpath.c |   40 +++++++++++++++++++++++++++++-----------
  1 file changed, 29 insertions(+), 11 deletions(-)
 
-Index: libxml2-2.12.0/xpath.c
+Index: libxml2-2.13.5/xpath.c
 ===================================================================
---- libxml2-2.12.0.orig/xpath.c
-+++ libxml2-2.12.0/xpath.c
+--- libxml2-2.13.5.orig/xpath.c
++++ libxml2-2.13.5/xpath.c
 @@ -25,6 +25,7 @@
  #include <limits.h>
  #include <string.h>
@@ -14,7 +14,7 @@ Index: libxml2-2.12.0/xpath.c
  #include <math.h>
  #include <float.h>
  #include <ctype.h>
-@@ -106,14 +107,32 @@
+@@ -104,14 +105,32 @@
  #define XPATH_MAX_STACK_DEPTH 1000000
  
  /*
@@ -52,57 +52,57 @@ Index: libxml2-2.12.0/xpath.c
  
  /*
   * XPATH_MAX_RECRUSION_DEPTH:
-@@ -3095,7 +3114,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur,
+@@ -2881,7 +2900,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur,
      } else if (cur->nodeNr == cur->nodeMax) {
          xmlNodePtr *temp;
  
--        if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) {
-+        if (cur->nodeMax >= get_max_nodeset_len()) {
-             xmlXPathErrMemory(NULL, "growing nodeset hit limit\n");
+-        if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH)
++        if (cur->nodeMax >= get_max_nodeset_len())
              return(-1);
-         }
-@@ -3153,7 +3172,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm
+ 	temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 *
+ 				      sizeof(xmlNodePtr));
+@@ -2933,7 +2952,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm
      } else if (cur->nodeNr == cur->nodeMax) {
          xmlNodePtr *temp;
  
--        if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) {
-+        if (cur->nodeMax >= get_max_nodeset_len()) {
-             xmlXPathErrMemory(NULL, "growing nodeset hit limit\n");
+-        if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH)
++        if (cur->nodeMax >= get_max_nodeset_len())
              return(-1);
-         }
-@@ -3209,7 +3228,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c
+ 	temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 *
+ 				      sizeof(xmlNodePtr));
+@@ -2983,7 +3002,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c
      } else if (cur->nodeNr == cur->nodeMax) {
          xmlNodePtr *temp;
  
--        if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) {
-+        if (cur->nodeMax >= get_max_nodeset_len()) {
-             xmlXPathErrMemory(NULL, "growing nodeset hit limit\n");
+-        if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH)
++        if (cur->nodeMax >= get_max_nodeset_len())
              return(-1);
-         }
-@@ -3302,7 +3321,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1,
+ 	temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 *
+ 				      sizeof(xmlNodePtr));
+@@ -3071,7 +3090,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1,
  	} else if (val1->nodeNr == val1->nodeMax) {
  	    xmlNodePtr *temp;
  
--            if (val1->nodeMax >= XPATH_MAX_NODESET_LENGTH) {
-+            if (val1->nodeMax >= get_max_nodeset_len()) {
-                 xmlXPathErrMemory(NULL, "merging nodeset hit limit\n");
+-            if (val1->nodeMax >= XPATH_MAX_NODESET_LENGTH)
++            if (val1->nodeMax >= get_max_nodeset_len())
                  goto error;
-             }
-@@ -3394,7 +3413,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP
+ 	    temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * 2 *
+ 					     sizeof(xmlNodePtr));
+@@ -3157,7 +3176,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP
  	    } else if (set1->nodeNr >= set1->nodeMax) {
  		xmlNodePtr *temp;
  
--                if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) {
-+                if (set1->nodeMax >= get_max_nodeset_len()) {
-                     xmlXPathErrMemory(NULL, "merging nodeset hit limit\n");
+-                if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH)
++                if (set1->nodeMax >= get_max_nodeset_len())
                      goto error;
-                 }
-@@ -3455,7 +3474,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN
+ 		temp = (xmlNodePtr *) xmlRealloc(
+ 		    set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr));
+@@ -3212,7 +3231,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN
  	    } else if (set1->nodeNr >= set1->nodeMax) {
  		xmlNodePtr *temp;
  
--                if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) {
-+                if (set1->nodeMax >= get_max_nodeset_len()) {
-                     xmlXPathErrMemory(NULL, "merging nodeset hit limit\n");
+-                if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH)
++                if (set1->nodeMax >= get_max_nodeset_len())
                      goto error;
-                 }
+ 		temp = (xmlNodePtr *) xmlRealloc(
+ 		    set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr));

libxml2.changes

@@ -1,3 +1,279 @@
+-------------------------------------------------------------------
+Fri Jan 17 16:07:06 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 2.13.5:
+  * Regressions:
+    - xmlIO: Fix reading from non-regular files like pipes
+    - xmlreader: Fix return value of xmlTextReaderReadString
+    - parser: Fix loading of parameter entities in external DTDs
+    - parser: Fix downstream code that swaps DTDs
+    - parser: Fix detection of duplicate attributes
+    - string: Fix va_copy fallback
+  * Bug fixes:
+    - xpath: Fix parsing of non-ASCII names
+
+- Update to 2.13.4:
+  * Regressions:
+    - parser: Make unsupported encodings an error in declarations
+    - io: don't set the executable bit when creating files
+    - xmlcatalog: Improved fix for #699
+    - Revert "catalog: Fetch XML catalog before dumping"
+    - io: Add missing calls to xmlInitParser
+    - tree: Restore return value of xmlNodeListGetString with NULL list
+    - parser: Fix error handling after reaching limit
+    - parser: Make xmlParseChunk return an error if parser was stopped
+  * Bug fixes:
+    - python: Fix SAX driver with character streams
+  * Improvements:
+    - xpath: Make recursion check work with xmlXPathCompile
+    - parser: Report at least one fatal error
+
+- Update to 2.13.3:
+  * Security:
+    - [bsc#1234812, CVE-2024-40896] Fix XXE protection in downstream code
+  * Regressions:
+    - autotools: Use AC_CHECK_DECL to check for getentropy
+    - xinclude: Fix fallback for text includes
+    - io: Don't call getcwd in xmlParserGetDirectory
+    - io: Fix return value of xmlFileRead
+    - parser: Fix error return of xmlParseBalancedChunkMemory
+  * Improvements:
+    - xinclude: Set error handler when parsing text
+    - Undeprecate xmlKeepBlanksDefault
+
+- Update to 2.13.2:
+  * Regressions:
+    - tree: Fix handling of empty strings in xmlNodeParseContent
+    - valid: Restore ID lookup
+    - parser: Reenable ctxt->directory
+    - uri: Handle filesystem paths in xmlBuildRelativeURISafe
+    - encoding: Make xmlFindCharEncodingHandler return UTF-8 handler
+    - encoding: Fix encoding lookup with xmlOpenCharEncodingHandler
+    - include: Define ATTRIBUTE_UNUSED for clang
+    - uri: Fix xmlBuildURI with NULL base
+  * Regressions:
+    - parser: Selectively reenable reading from "-"
+    - reader: Fix xmlTextReaderReadString
+    - xinclude: Set XPath context doc
+    - xinclude: Load included documents with XML_PARSE_DTDLOAD
+    - include: Don't redefine ATTRIBUTE_UNUSED
+    - include: Readd circular dependency between tree.h and parser.h
+    - xinclude: Add missing include
+    - xinclude: Don't raise error on empty nodeset
+    - parser: Make failure to load main document a warning
+    - tree: Fix freeing entities via xmlFreeNode
+    - parser: Pass global object to sax->setDocumentLocator
+  * Improvements:
+    - io: Fix resetting xmlParserInputBufferCreateFilename hook
+  * Documentation:
+    - Fix typo in NEWS (--with-html -> --with-http)
+    - doc: Don't mention xmlNewInputURL
+
+-------------------------------------------------------------------
+Fri Nov 15 13:17:34 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 2.13.0:
+  * Major changes:
+    - Most of the core code should now report malloc failures reliably. Some
+      API functions were extended with versions that report malloc failures.
+    - New API functions for error handling were added:
+      + xmlCtxtSetErrorHandler
+      + xmlXPathSetErrorHandler
+      + xmlXIncludeSetErrorHandler
+    - This makes it possible to register per-context error handlers without
+      resorting to global handlers.
+    - A few error messages were improved and consolidated. Please update
+      downstream test suites accordingly.
+    - A new parser option XML_PARSE_NO_XXE can be used to disable loading
+      of external entities or DTDs. This is most useful in connection with
+      XML_PARSE_NOENT.
+    - Support for HTTP POST was removed.
+    - Support for zlib, liblzma and HTTP is now disabled by default and has
+      to be enabled by passing --with-zlib, --with-lzma or --with-http to
+      configure. In legacy mode (--with-legacy) these options are enabled
+      by default as before.
+    - Support for FTP will be removed in the next release.
+    - Support for the range and point extensions of the xpointer() scheme
+      will be removed in the next release. The rest of the XPointer
+      implementation won't be affected. The xpointer() scheme will behave
+      like the xpath1() scheme.
+    - Several more legacy symbols were deprecated. Users of the old "SAX1"
+      API functions are encouraged to upgrade to the new "SAX2" API,
+      available since version 2.6.0 from 2003.
+  * Some deprecated global variables were made const:
+    - htmlDefaultSAXHandler
+    - oldXMLWDcompatibility
+    - xmlDefaultSAXHandler
+    - xmlDefaultSAXLocator
+    - xmlParserDebugEntities
+  * Deprecations and removals:
+    - threads: Deprecate remaining ThrDef functions
+    - unicode: Deprecate most xmlUCSIs* functions
+    - memory: Remove memory debugging
+    - tree: Deprecate xmlRegisterNodeDefault
+    - tree: Deprecate xmlSetCompressMode
+    - html: Deprecate htmlHandleOmittedElem
+    - valid: Deprecate internal validation functions
+    - valid: Deprecate old DTD serialization API
+    - nanohttp: Deprecate public API
+    - Remove VMS support
+    - Remove Trio
+  * Bug fixes:
+    - parser: Fix base URI of internal parameter entities
+    - tree: Handle predefined entities in xmlBufGetEntityRefContent
+    - schemas: Allow unlimited length decimals, integers etc.
+    - reader: Fix preservation of attributes
+    - parser: Always decode entities in namespace URIs
+    - relaxng: Fix tree corruption in xmlRelaxNGParseNameClass
+    - schemas: Fix ADD_ANNOTATION
+    - tree: Fix tree iteration in xmlDOMWrapRemoveNode
+    - tree: Declare namespace on clone in xmlDOMWrapCloneNode
+    - tree: Fix xmlAddSibling with last sibling
+    - tree: Fix xmlDocSetRootElement with multiple top-level elements
+    - catalog: Fetch XML catalog before dumping
+    - html: Don't close fd in htmlCtxtReadFd
+  * Improvements:
+    - parser: Fix "Truncated multi-byte sequence" error
+    - Add missing _cplusplus processing clause
+    - parser: Rework handling of undeclared entities
+    - SAX2: Warn if URI resolution failed
+    - parser: Don't report error on invalid URI
+    - xmllint: Clean up option handling
+    - xmllint: Rework parsing
+    - parser: Don't create undeclared entity refs in substitution mode
+    - Make some globals const
+    - reader: Make xmlTextReaderReadString non-recursive
+    - reader: Rework xmlTextReaderRead{Inner,Outer}Xml
+    - Remove redundant size check (Niels Dossche)
+    - Remove redundant NULL check on cur
+    - Remove always-false check old == cur
+    - Remove redundant NULL check on cur
+    - tree: Don't return empty localname in xmlSplitQName{2,3}
+    - xinclude: Don't try to fix base of non-elements
+    - tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling
+    - SAX2: Optimize appending children
+    - tree: Align xmlAddChild with other node insertion functions
+    - html: Use binary search in htmlEntityValueLookup
+    - io: Allocate output buffer with XML_BUFFER_ALLOC_IO
+    - encoding: Don't shrink input too early in xmlCharEncOutput
+    - tree: Tighten source doc check in xmlDOMWrapAdoptNode
+    - tree: Check destParent->doc in xmlDOMWrapCloneNode
+    - tree: Refactor text node updates
+    - tree: Refactor node insertion
+    - tree: Refactor element creation and parsing of attribute values
+    - tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent
+    - buf: Don't use default buffer size for small strings
+    - string: Fix xmlStrncatNew(NULL, "")
+    - entities: Don't allow null name in xmlNewEntity
+    - html: Fix quadratic behavior in htmlNodeDump
+    - tree: Rewrite xmlSetTreeDoc
+    - valid: Rework xmlAddID
+    - tree: Remove unused node types
+    - tree: Make namespace comparison more consistent
+    - tree: Don't allow NULL name in xmlSetNsProp
+    - tree: Rework xmlNodeListGetString
+    - tree: Rework xmlTextMerge
+    - tree: Rework xmlNodeSetName
+    - tree: Simplify xmlAddChild with text parent
+    - tree: Disallow setting content of entity reference nodes
+    - tree: Rework xmlReconciliateNs
+    - schemas: fix spurious warning about truncated snprintf output
+    - xmlschemastypes: Remove unreachable if statement
+    - relaxng: Remove useless if statement
+    - tree: Check for integer overflow in xmlStringGetNodeList
+    - http: Improve error message for HTTPS redirects
+    - save: Move DTD serialization code to xmlsave.c
+    - parser: Report fatal error if document entity couldn't be loaded
+    - xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest
+    - SAX2: Limit entity URI length to 2000 bytes
+    - parser: Account for full size of non-well-formed entities
+    - parser: Pop inputs if parsing DTD failed
+    - parser: Fix quadratic behavior when copying entities
+    - writer: Implement xmlTextWriterClose
+    - parser: Avoid duplicate namespace errors
+    - parser: Add XML_PARSE_NO_XXE parser option
+    - parser: Make xmlParseContent more useful
+    - error: Make xmlFormatError public
+    - encoding: Check whether encoding handlers support input/output
+    - SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE
+    - parser: Lower maximum entity nesting depth
+    - parser: Set depth limit to 2048 with XML_PARSE_HUGE
+    - parser: Implement xmlCtxtSetOptions
+    - parser: Always prefer option members over bitmask
+    - parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set
+    - parser: Rework parsing of attribute and entity values
+    - save: Output U+FFFD replacement characters
+    - parser: Simplify entity size accounting
+    - parser: Avoid unwanted expansion of parameter entities
+    - parser: Always copy content from entity to target
+    - parser: Simplify control flow in xmlParseReference
+    - parser: Remove xmlSetEntityReferenceFunc feature
+    - parser: Push general entity input streams on the stack
+    - parser: Move progressive flag into input struct
+    - parser: Fix in-parameter-entity and in-external-dtd checks
+    - xpath: Rewrite substring-before and substring-after
+    - xinclude: Only set xml:base if necessary
+    - xinclude: Allow empty nodesets
+    - parser: Rework general entity parsing
+    - io: Fix close error handling
+    - io: Fix read/write error handling
+    - io: More refactoring and unescaping fixes
+    - io: Move some code from xmlIO.c to parserInternals.c
+    - uri: Clean up special parsing modes
+    - xinclude: Rework xml:base fixup
+    - parser: Also set document properties when push parsing
+    - include: Move non-generated parts from xmlversion.h.in
+    - io: Remove support for HTTP POST
+    - dict: Move local RNG state to global state
+    - dict: Get random seed from system PRNG
+    - io: Don't use "-" to read from stdin
+    - io: Rework initialization
+    - io: Consolidate error messages
+    - xzlib: Fix harmless unsigned integer overflow
+    - io: Always use unbuffered input
+    - io: Fix detection of compressed streams
+    - io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile
+    - io: Rework default callbacks
+    - error: Stop printing some errors by default
+    - xpath: Don't free nodes of XSLT result value trees
+    - valid: Fix handling of enumerations
+    - parser: Allow recovery in xmlParseInNodeContext
+    - encoding: Support ASCII in xmlLookupCharEncodingHandler
+    - include: Remove useless 'const' from function arguments
+    - Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const'
+      conversions (makise-homura)
+    - Avoid EDG deprecation warnings for LCC compiler
+    - Avoid EDG -Woverflow warnings on truncating conversions by manually
+      truncating operand (makise-homura)
+    - Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by
+      conversion from unsigned int to int (makise-homura)
+    - Avoid using no_sanitize attribute on EDG even if compiler shows as GCC
+  * Build systems:
+    - meson: convert boolean options to feature option
+    - meson: Pass LIBXML_STATIC in dependency
+    - meson: fix compilation with local binaries
+    - meson: don't use dl dependency on old meson
+    - meson: fix usage as a subproject
+    - build: Remove --with-fexceptions configuration option
+    - autotools: Remove --with-coverage configuration option
+    - build: Disable HTTP support by default
+    - Stop defining _REENTRANT
+    - doc: Don't install example code
+    - meson: Initial commit
+    - build: Disable support for compression libraries by default
+    - Set LIBXML2_FOUND if it has been properly configured
+    - Makefile.am: omit $(top_builddir) from DEPS and LDADDS
+  * Test suite
+    - runtest: Work around broken EUC-JP support in musl iconv
+    - runtest: Check for IBM-1141 encoding handler
+    - fuzz: Add xmllint fuzzer
+    - fuzz: Add fuzzer for XML reader API
+    - fuzz: New tree API fuzzer
+    - tests: Remove testOOM
+    - Don't let gentest.py cast types to 'const somethingPtr' to avoid
+      -Wignored-qualifiers
+  * Rebase libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
+
 -------------------------------------------------------------------
 Wed Nov 13 09:47:49 UTC 2024 - pgajdos@suse.com
 

libxml2.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libxml2
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,12 +26,12 @@
 
 %{?sle15allpythons}
 Name:           libxml2%{?dash}%{flavor}
-Version:        2.12.9
+Version:        2.13.5
 Release:        0
 License:        MIT
 Summary:        A Library to Manipulate XML Files
 URL:            https://gitlab.gnome.org/GNOME/libxml2
-Source0:        https://download.gnome.org/sources/%{name}/2.12/libxml2-%{version}.tar.xz
+Source0:        https://download.gnome.org/sources/%{name}/2.13/libxml2-%{version}.tar.xz
 Source1:        baselibs.conf
 # W3C Conformance tests
 Source2:        https://www.w3.org/XML/Test/xmlts20080827.tar.gz
@@ -167,9 +167,7 @@ export CFLAGS="%{optflags} -fno-strict-aliasing"
     --disable-silent-rules \
     --disable-static \
     --docdir=%{_docdir}/%{base_name} \
-    --with-html-dir=%{_docdir}/%{base_name}/html \
     --without-python \
-    --with-fexceptions \
     --with-history \
     --enable-ipv6 \
     --with-sax1 \
@@ -252,8 +250,6 @@ rm -rf xmlconf/ # remove the conformance tests afterwards
 
 %files -n %{base_name}-doc
 %{_datadir}/gtk-doc/html/*
-%doc %{_docdir}/%{base_name}/examples
-%doc %{_docdir}/%{base_name}/tutorial
 %doc %{_docdir}/%{base_name}/*.html
 # owning these directories prevents gtk-doc <-> libxml2 build loop:
 %dir %{_datadir}/gtk-doc