diff --git a/libxml2-2.12.9.tar.xz b/libxml2-2.12.9.tar.xz deleted file mode 100644 index d82cf49..0000000 --- a/libxml2-2.12.9.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:59912db536ab56a3996489ea0299768c7bcffe57169f0235e7f962a91f483590 -size 2643456 diff --git a/libxml2-2.13.5.tar.xz b/libxml2-2.13.5.tar.xz new file mode 100644 index 0000000..b5e5e8f --- /dev/null +++ b/libxml2-2.13.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:74fc163217a3964257d3be39af943e08861263c4231f9ef5b496b6f6d4c7b2b6 +size 2586872 diff --git a/libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch b/libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch index 98cf465..62c7ebc 100644 --- a/libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch +++ b/libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch @@ -2,10 +2,10 @@ xpath.c | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) -Index: libxml2-2.12.0/xpath.c +Index: libxml2-2.13.5/xpath.c =================================================================== ---- libxml2-2.12.0.orig/xpath.c -+++ libxml2-2.12.0/xpath.c +--- libxml2-2.13.5.orig/xpath.c ++++ libxml2-2.13.5/xpath.c @@ -25,6 +25,7 @@ #include #include @@ -14,7 +14,7 @@ Index: libxml2-2.12.0/xpath.c #include #include #include -@@ -106,14 +107,32 @@ +@@ -104,14 +105,32 @@ #define XPATH_MAX_STACK_DEPTH 1000000 /* @@ -52,57 +52,57 @@ Index: libxml2-2.12.0/xpath.c /* * XPATH_MAX_RECRUSION_DEPTH: -@@ -3095,7 +3114,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, +@@ -2881,7 +2900,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; -- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (cur->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); +- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (cur->nodeMax >= get_max_nodeset_len()) return(-1); - } -@@ -3153,7 +3172,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm + temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); +@@ -2933,7 +2952,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; -- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (cur->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); +- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (cur->nodeMax >= get_max_nodeset_len()) return(-1); - } -@@ -3209,7 +3228,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c + temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); +@@ -2983,7 +3002,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; -- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (cur->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); +- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (cur->nodeMax >= get_max_nodeset_len()) return(-1); - } -@@ -3302,7 +3321,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, + temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); +@@ -3071,7 +3090,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, } else if (val1->nodeNr == val1->nodeMax) { xmlNodePtr *temp; -- if (val1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (val1->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); +- if (val1->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (val1->nodeMax >= get_max_nodeset_len()) goto error; - } -@@ -3394,7 +3413,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP + temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * 2 * + sizeof(xmlNodePtr)); +@@ -3157,7 +3176,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP } else if (set1->nodeNr >= set1->nodeMax) { xmlNodePtr *temp; -- if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (set1->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); +- if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (set1->nodeMax >= get_max_nodeset_len()) goto error; - } -@@ -3455,7 +3474,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN + temp = (xmlNodePtr *) xmlRealloc( + set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr)); +@@ -3212,7 +3231,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN } else if (set1->nodeNr >= set1->nodeMax) { xmlNodePtr *temp; -- if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (set1->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); +- if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (set1->nodeMax >= get_max_nodeset_len()) goto error; - } + temp = (xmlNodePtr *) xmlRealloc( + set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr)); diff --git a/libxml2.changes b/libxml2.changes index 830e082..6fb78b8 100644 --- a/libxml2.changes +++ b/libxml2.changes @@ -1,3 +1,279 @@ +------------------------------------------------------------------- +Fri Jan 17 16:07:06 UTC 2025 - Pedro Monreal + +- Update to 2.13.5: + * Regressions: + - xmlIO: Fix reading from non-regular files like pipes + - xmlreader: Fix return value of xmlTextReaderReadString + - parser: Fix loading of parameter entities in external DTDs + - parser: Fix downstream code that swaps DTDs + - parser: Fix detection of duplicate attributes + - string: Fix va_copy fallback + * Bug fixes: + - xpath: Fix parsing of non-ASCII names + +- Update to 2.13.4: + * Regressions: + - parser: Make unsupported encodings an error in declarations + - io: don't set the executable bit when creating files + - xmlcatalog: Improved fix for #699 + - Revert "catalog: Fetch XML catalog before dumping" + - io: Add missing calls to xmlInitParser + - tree: Restore return value of xmlNodeListGetString with NULL list + - parser: Fix error handling after reaching limit + - parser: Make xmlParseChunk return an error if parser was stopped + * Bug fixes: + - python: Fix SAX driver with character streams + * Improvements: + - xpath: Make recursion check work with xmlXPathCompile + - parser: Report at least one fatal error + +- Update to 2.13.3: + * Security: + - [bsc#1234812, CVE-2024-40896] Fix XXE protection in downstream code + * Regressions: + - autotools: Use AC_CHECK_DECL to check for getentropy + - xinclude: Fix fallback for text includes + - io: Don't call getcwd in xmlParserGetDirectory + - io: Fix return value of xmlFileRead + - parser: Fix error return of xmlParseBalancedChunkMemory + * Improvements: + - xinclude: Set error handler when parsing text + - Undeprecate xmlKeepBlanksDefault + +- Update to 2.13.2: + * Regressions: + - tree: Fix handling of empty strings in xmlNodeParseContent + - valid: Restore ID lookup + - parser: Reenable ctxt->directory + - uri: Handle filesystem paths in xmlBuildRelativeURISafe + - encoding: Make xmlFindCharEncodingHandler return UTF-8 handler + - encoding: Fix encoding lookup with xmlOpenCharEncodingHandler + - include: Define ATTRIBUTE_UNUSED for clang + - uri: Fix xmlBuildURI with NULL base + * Regressions: + - parser: Selectively reenable reading from "-" + - reader: Fix xmlTextReaderReadString + - xinclude: Set XPath context doc + - xinclude: Load included documents with XML_PARSE_DTDLOAD + - include: Don't redefine ATTRIBUTE_UNUSED + - include: Readd circular dependency between tree.h and parser.h + - xinclude: Add missing include + - xinclude: Don't raise error on empty nodeset + - parser: Make failure to load main document a warning + - tree: Fix freeing entities via xmlFreeNode + - parser: Pass global object to sax->setDocumentLocator + * Improvements: + - io: Fix resetting xmlParserInputBufferCreateFilename hook + * Documentation: + - Fix typo in NEWS (--with-html -> --with-http) + - doc: Don't mention xmlNewInputURL + +------------------------------------------------------------------- +Fri Nov 15 13:17:34 UTC 2024 - Pedro Monreal + +- Update to 2.13.0: + * Major changes: + - Most of the core code should now report malloc failures reliably. Some + API functions were extended with versions that report malloc failures. + - New API functions for error handling were added: + + xmlCtxtSetErrorHandler + + xmlXPathSetErrorHandler + + xmlXIncludeSetErrorHandler + - This makes it possible to register per-context error handlers without + resorting to global handlers. + - A few error messages were improved and consolidated. Please update + downstream test suites accordingly. + - A new parser option XML_PARSE_NO_XXE can be used to disable loading + of external entities or DTDs. This is most useful in connection with + XML_PARSE_NOENT. + - Support for HTTP POST was removed. + - Support for zlib, liblzma and HTTP is now disabled by default and has + to be enabled by passing --with-zlib, --with-lzma or --with-http to + configure. In legacy mode (--with-legacy) these options are enabled + by default as before. + - Support for FTP will be removed in the next release. + - Support for the range and point extensions of the xpointer() scheme + will be removed in the next release. The rest of the XPointer + implementation won't be affected. The xpointer() scheme will behave + like the xpath1() scheme. + - Several more legacy symbols were deprecated. Users of the old "SAX1" + API functions are encouraged to upgrade to the new "SAX2" API, + available since version 2.6.0 from 2003. + * Some deprecated global variables were made const: + - htmlDefaultSAXHandler + - oldXMLWDcompatibility + - xmlDefaultSAXHandler + - xmlDefaultSAXLocator + - xmlParserDebugEntities + * Deprecations and removals: + - threads: Deprecate remaining ThrDef functions + - unicode: Deprecate most xmlUCSIs* functions + - memory: Remove memory debugging + - tree: Deprecate xmlRegisterNodeDefault + - tree: Deprecate xmlSetCompressMode + - html: Deprecate htmlHandleOmittedElem + - valid: Deprecate internal validation functions + - valid: Deprecate old DTD serialization API + - nanohttp: Deprecate public API + - Remove VMS support + - Remove Trio + * Bug fixes: + - parser: Fix base URI of internal parameter entities + - tree: Handle predefined entities in xmlBufGetEntityRefContent + - schemas: Allow unlimited length decimals, integers etc. + - reader: Fix preservation of attributes + - parser: Always decode entities in namespace URIs + - relaxng: Fix tree corruption in xmlRelaxNGParseNameClass + - schemas: Fix ADD_ANNOTATION + - tree: Fix tree iteration in xmlDOMWrapRemoveNode + - tree: Declare namespace on clone in xmlDOMWrapCloneNode + - tree: Fix xmlAddSibling with last sibling + - tree: Fix xmlDocSetRootElement with multiple top-level elements + - catalog: Fetch XML catalog before dumping + - html: Don't close fd in htmlCtxtReadFd + * Improvements: + - parser: Fix "Truncated multi-byte sequence" error + - Add missing _cplusplus processing clause + - parser: Rework handling of undeclared entities + - SAX2: Warn if URI resolution failed + - parser: Don't report error on invalid URI + - xmllint: Clean up option handling + - xmllint: Rework parsing + - parser: Don't create undeclared entity refs in substitution mode + - Make some globals const + - reader: Make xmlTextReaderReadString non-recursive + - reader: Rework xmlTextReaderRead{Inner,Outer}Xml + - Remove redundant size check (Niels Dossche) + - Remove redundant NULL check on cur + - Remove always-false check old == cur + - Remove redundant NULL check on cur + - tree: Don't return empty localname in xmlSplitQName{2,3} + - xinclude: Don't try to fix base of non-elements + - tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling + - SAX2: Optimize appending children + - tree: Align xmlAddChild with other node insertion functions + - html: Use binary search in htmlEntityValueLookup + - io: Allocate output buffer with XML_BUFFER_ALLOC_IO + - encoding: Don't shrink input too early in xmlCharEncOutput + - tree: Tighten source doc check in xmlDOMWrapAdoptNode + - tree: Check destParent->doc in xmlDOMWrapCloneNode + - tree: Refactor text node updates + - tree: Refactor node insertion + - tree: Refactor element creation and parsing of attribute values + - tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent + - buf: Don't use default buffer size for small strings + - string: Fix xmlStrncatNew(NULL, "") + - entities: Don't allow null name in xmlNewEntity + - html: Fix quadratic behavior in htmlNodeDump + - tree: Rewrite xmlSetTreeDoc + - valid: Rework xmlAddID + - tree: Remove unused node types + - tree: Make namespace comparison more consistent + - tree: Don't allow NULL name in xmlSetNsProp + - tree: Rework xmlNodeListGetString + - tree: Rework xmlTextMerge + - tree: Rework xmlNodeSetName + - tree: Simplify xmlAddChild with text parent + - tree: Disallow setting content of entity reference nodes + - tree: Rework xmlReconciliateNs + - schemas: fix spurious warning about truncated snprintf output + - xmlschemastypes: Remove unreachable if statement + - relaxng: Remove useless if statement + - tree: Check for integer overflow in xmlStringGetNodeList + - http: Improve error message for HTTPS redirects + - save: Move DTD serialization code to xmlsave.c + - parser: Report fatal error if document entity couldn't be loaded + - xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest + - SAX2: Limit entity URI length to 2000 bytes + - parser: Account for full size of non-well-formed entities + - parser: Pop inputs if parsing DTD failed + - parser: Fix quadratic behavior when copying entities + - writer: Implement xmlTextWriterClose + - parser: Avoid duplicate namespace errors + - parser: Add XML_PARSE_NO_XXE parser option + - parser: Make xmlParseContent more useful + - error: Make xmlFormatError public + - encoding: Check whether encoding handlers support input/output + - SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE + - parser: Lower maximum entity nesting depth + - parser: Set depth limit to 2048 with XML_PARSE_HUGE + - parser: Implement xmlCtxtSetOptions + - parser: Always prefer option members over bitmask + - parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set + - parser: Rework parsing of attribute and entity values + - save: Output U+FFFD replacement characters + - parser: Simplify entity size accounting + - parser: Avoid unwanted expansion of parameter entities + - parser: Always copy content from entity to target + - parser: Simplify control flow in xmlParseReference + - parser: Remove xmlSetEntityReferenceFunc feature + - parser: Push general entity input streams on the stack + - parser: Move progressive flag into input struct + - parser: Fix in-parameter-entity and in-external-dtd checks + - xpath: Rewrite substring-before and substring-after + - xinclude: Only set xml:base if necessary + - xinclude: Allow empty nodesets + - parser: Rework general entity parsing + - io: Fix close error handling + - io: Fix read/write error handling + - io: More refactoring and unescaping fixes + - io: Move some code from xmlIO.c to parserInternals.c + - uri: Clean up special parsing modes + - xinclude: Rework xml:base fixup + - parser: Also set document properties when push parsing + - include: Move non-generated parts from xmlversion.h.in + - io: Remove support for HTTP POST + - dict: Move local RNG state to global state + - dict: Get random seed from system PRNG + - io: Don't use "-" to read from stdin + - io: Rework initialization + - io: Consolidate error messages + - xzlib: Fix harmless unsigned integer overflow + - io: Always use unbuffered input + - io: Fix detection of compressed streams + - io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile + - io: Rework default callbacks + - error: Stop printing some errors by default + - xpath: Don't free nodes of XSLT result value trees + - valid: Fix handling of enumerations + - parser: Allow recovery in xmlParseInNodeContext + - encoding: Support ASCII in xmlLookupCharEncodingHandler + - include: Remove useless 'const' from function arguments + - Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const' + conversions (makise-homura) + - Avoid EDG deprecation warnings for LCC compiler + - Avoid EDG -Woverflow warnings on truncating conversions by manually + truncating operand (makise-homura) + - Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by + conversion from unsigned int to int (makise-homura) + - Avoid using no_sanitize attribute on EDG even if compiler shows as GCC + * Build systems: + - meson: convert boolean options to feature option + - meson: Pass LIBXML_STATIC in dependency + - meson: fix compilation with local binaries + - meson: don't use dl dependency on old meson + - meson: fix usage as a subproject + - build: Remove --with-fexceptions configuration option + - autotools: Remove --with-coverage configuration option + - build: Disable HTTP support by default + - Stop defining _REENTRANT + - doc: Don't install example code + - meson: Initial commit + - build: Disable support for compression libraries by default + - Set LIBXML2_FOUND if it has been properly configured + - Makefile.am: omit $(top_builddir) from DEPS and LDADDS + * Test suite + - runtest: Work around broken EUC-JP support in musl iconv + - runtest: Check for IBM-1141 encoding handler + - fuzz: Add xmllint fuzzer + - fuzz: Add fuzzer for XML reader API + - fuzz: New tree API fuzzer + - tests: Remove testOOM + - Don't let gentest.py cast types to 'const somethingPtr' to avoid + -Wignored-qualifiers + * Rebase libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch + ------------------------------------------------------------------- Wed Nov 13 09:47:49 UTC 2024 - pgajdos@suse.com diff --git a/libxml2.spec b/libxml2.spec index de94b45..d4cdf28 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,12 +26,12 @@ %{?sle15allpythons} Name: libxml2%{?dash}%{flavor} -Version: 2.12.9 +Version: 2.13.5 Release: 0 License: MIT Summary: A Library to Manipulate XML Files URL: https://gitlab.gnome.org/GNOME/libxml2 -Source0: https://download.gnome.org/sources/%{name}/2.12/libxml2-%{version}.tar.xz +Source0: https://download.gnome.org/sources/%{name}/2.13/libxml2-%{version}.tar.xz Source1: baselibs.conf # W3C Conformance tests Source2: https://www.w3.org/XML/Test/xmlts20080827.tar.gz @@ -167,9 +167,7 @@ export CFLAGS="%{optflags} -fno-strict-aliasing" --disable-silent-rules \ --disable-static \ --docdir=%{_docdir}/%{base_name} \ - --with-html-dir=%{_docdir}/%{base_name}/html \ --without-python \ - --with-fexceptions \ --with-history \ --enable-ipv6 \ --with-sax1 \ @@ -252,8 +250,6 @@ rm -rf xmlconf/ # remove the conformance tests afterwards %files -n %{base_name}-doc %{_datadir}/gtk-doc/html/* -%doc %{_docdir}/%{base_name}/examples -%doc %{_docdir}/%{base_name}/tutorial %doc %{_docdir}/%{base_name}/*.html # owning these directories prevents gtk-doc <-> libxml2 build loop: %dir %{_datadir}/gtk-doc