diff --git a/libxml2-2.10.4.tar.xz b/libxml2-2.10.4.tar.xz deleted file mode 100644 index 719dab5..0000000 --- a/libxml2-2.10.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ed0c91c5845008f1936739e4eee2035531c1c94742c6541f44ee66d885948d45 -size 2643600 diff --git a/libxml2-2.11.1.tar.xz b/libxml2-2.11.1.tar.xz new file mode 100644 index 0000000..db3e966 --- /dev/null +++ b/libxml2-2.11.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3d39b294b856bfe3bafd5fb126e1f8487004261e78eabb8df9513e927915a995 +size 2627948 diff --git a/libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch b/libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch index 8d04bc8..2d673df 100644 --- a/libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch +++ b/libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch @@ -2,11 +2,11 @@ xpath.c | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) -Index: libxml2-2.10.3/xpath.c +Index: libxml2-2.11.1/xpath.c =================================================================== ---- libxml2-2.10.3.orig/xpath.c -+++ libxml2-2.10.3/xpath.c -@@ -113,14 +113,32 @@ +--- libxml2-2.11.1.orig/xpath.c ++++ libxml2-2.11.1/xpath.c +@@ -115,14 +115,32 @@ #define XPATH_MAX_STACK_DEPTH 1000000 /* @@ -44,7 +44,7 @@ Index: libxml2-2.10.3/xpath.c /* * XPATH_MAX_RECRUSION_DEPTH: -@@ -3689,7 +3707,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, +@@ -3655,7 +3673,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; @@ -53,7 +53,7 @@ Index: libxml2-2.10.3/xpath.c xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); return(-1); } -@@ -3745,7 +3763,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm +@@ -3713,7 +3731,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; @@ -62,7 +62,7 @@ Index: libxml2-2.10.3/xpath.c xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); return(-1); } -@@ -3800,7 +3818,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c +@@ -3769,7 +3787,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; @@ -71,30 +71,30 @@ Index: libxml2-2.10.3/xpath.c xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); return(-1); } -@@ -3917,7 +3935,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, +@@ -3862,7 +3880,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, } else if (val1->nodeNr == val1->nodeMax) { xmlNodePtr *temp; - if (val1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (val1->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); - return(NULL); + goto error; } -@@ -4003,7 +4021,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP +@@ -3954,7 +3972,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP } else if (set1->nodeNr >= set1->nodeMax) { xmlNodePtr *temp; - if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (set1->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); - return(NULL); + goto error; } -@@ -4057,7 +4075,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN +@@ -4015,7 +4033,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN } else if (set1->nodeNr >= set1->nodeMax) { xmlNodePtr *temp; - if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (set1->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); - return(NULL); + goto error; } diff --git a/libxml2-python3-unicode-errors.patch b/libxml2-python3-unicode-errors.patch index 12d312b..baf45e3 100644 --- a/libxml2-python3-unicode-errors.patch +++ b/libxml2-python3-unicode-errors.patch @@ -2,9 +2,11 @@ python/libxml.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) ---- a/python/libxml.c -+++ b/python/libxml.c -@@ -1621,6 +1621,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU +Index: libxml2-2.11.1/python/libxml.c +=================================================================== +--- libxml2-2.11.1.orig/python/libxml.c ++++ libxml2-2.11.1/python/libxml.c +@@ -1606,6 +1606,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU PyObject *message; PyObject *result; char str[1000]; @@ -12,7 +14,7 @@ #ifdef DEBUG_ERROR printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); -@@ -1637,12 +1638,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU +@@ -1622,12 +1623,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU str[999] = 0; va_end(ap); @@ -28,7 +30,7 @@ - message = libxml_charPtrConstWrap(str); + message = libxml_charPtrConstWrap(ptr); PyTuple_SetItem(list, 1, message); - result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); + result = PyObject_CallObject(libxml_xmlPythonErrorFuncHandler, list); + /* Forget any errors caused in the error handler. */ + PyErr_Clear(); Py_XDECREF(list); diff --git a/libxml2.changes b/libxml2.changes index 300faba..e807fce 100644 --- a/libxml2.changes +++ b/libxml2.changes @@ -1,3 +1,332 @@ +------------------------------------------------------------------- +Wed May 3 13:17:35 UTC 2023 - David Anes + +- Rebased patches: + * libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch + +- Update to 2.11.1: + * Fixes build and ABI issues. + - cmake: Fix va_copy detection (Luca Niccoli) + - libxml.m4: Fix quoting + - Link with --undefined-version + - libxml2.syms: Revert removal of version information + +- Update to 2.11.0: + * Major changes + - Protection against entity expansion attacks, also known as + "billion laughs" has been greatly improved. Malicious files + should be detected reliably now and false positives should be + reduced. It is possible though that large documents which make + heavy use of entities are rejected now. + - This release finally fixes symbol visibility on UNIX systems. + Internal symbols will now be hidden. While these symbols were + never declared in public headers, it was still possible to + declare them manually. Now this won't work. + - All symbol information has been removed from the ELF version + script to fix link errors with --no-undefined-version. The + version nodes are kept so it should still be possible to run + binaries linked against older versions. + - About 90 memory errors in code paths handling malloc failures + have been fixed. While these issues shouldn't impact security, + this improves robustness under memory pressure. + - The XInclude engine has been reworked to properly support + nested includes. + - Several cases of quadratic behavior in the XML push parser + have been fixed. + - Refactoring has begun on some buffering and encoding code with + the goal of simplifying this part of the code base and + improving error reporting. + * Other highlights: + - Consolidated private header files. + - Major rework of the autoconf build. + - Deprecated several outdated and internal functions. + * Security + - Fix use-after-free in xmlParseContentInternal() (David Kilzer) + - xmllint: Fix use-after-free with --maxmem + - parser: Fix OOB read when formatting error message + - entities: Rework entity amplification checks + * Regressions + - parser: Fix regression in xmlParserNodeInfo accounting + * Bug fixes + - Fix memory errors in code handling malloc failures + - encoding: Fix error code in asciiToUTF8 + - xpath: number('-') should return NaN + - xmlParseStartTag2() contains typo when checking for default + definitions for an attribute in a namespace (David Kilzer) + - uri: Fix handling of port numbers + - error: Make sure that error messages are valid UTF-8 + - xinclude: Fix nested includes + * Improvements + - xmllint: Validate --maxmem integer option + - xmlValidatePopElement() can return invalid value (-1) (David Kilzer) + - parser: Rework EBCDIC code page detection + - parser: Limit name length in xmlParseEncName + - parser: Rework shrinking of input buffers + - html: Rely on CUR_CHAR to grow the input buffer + - parser: Rely on CUR_CHAR/NEXT to grow the input buffer + - valid: Make xmlValidateElement non-recursive + - html: Fix quadratic behavior in htmlParseTryOrFinish + - xmllint: Fix memory leak with --pattern --stream + - parser: Stop calling xmlParserInputShrink + - html: Impose some length limits + - valid: Allow xmlFreeValidCtxt(NULL) + - parser: Stop calling xmlParserInputGrow + - xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt + - xinclude: Abort immediately if max depth was exceeded + - xpath: Only report the first error + - error: Don't move past current position + - error: Limit number of parser errors + - parser: Lower entity nesting limit with XML_PARSE_HUGE + - parser: Don't increase depth twice when parsing internal entities + - parser: Improve detection of entity loops + - parser: Only report a single entity error + - libxml.h: Remove dubious definition of LIBXML_STATIC + - html: Improve parsing of nested lists + - memory: Don't use locks in xmlMemUsed + - encoding: Remove unused variable xmlDefaultCharEncodingHandler + - Rework initialization code + - Add .editorconfig + - parser: Merge misc, prolog and epilog cases in push parser + - parser: Fix 'consumed' accounting when switching encodings + - html: Fix check for end of comment in push parser + - parser: Fix push parser with 1-3 byte initial chunk + - parser: Rewrite push parser boundary checks + - reader: Switch to xmlParserInputBufferCreateMem + - html: Don't escape ASCII chars in href attributes + - io: Don't shrink memory input buffers + - parser: Don't call xmlSHRINK from push parser + - parser: Ignore cdata argument in xmlParseCharData + - parser: Rework push parser parser progress checks + - io: Fix a few integer overflows in I/O statistics + - io: Rework xmlParserInputBufferGrow with encodings + - io: Remove xmlInputReadCallbackNop + - io: Check for memory buffer early in xmlParserInputGrow + - parser: Fix error message in xmlParseCommentComplex + - Bypass proxy in nanoHTTP for hosts in "no_proxy" (Markus Jörg) + - schemas: Fix infinite loop in xmlSchemaCheckElemSubstGroup + - threads: Remove check for pthread_equal + - xinclude: Rework XInclude cache + - xinclude: Remove inefficient refcounting scheme + - xmllint: Improve handling of empty XPath node sets + - parser: Fix potential memory leak in xmlParseAttValueInternal + - error: Don't use initGenericErrorDefaultFunc + - xpath: Lower XPath recursion limit on Windows + - Stop including sys/types.h + - Don't define WIN32 macro + - Make xmlNewSAXParserCtx take a const sax handler + - Consolidate private header files + - Remove internal macros from parserInternals.h + - Move some HTML functions to correct header file + - xmllint: Stop calling xmlSAXDefaultVersion + - Introduce xmlNewSAXParserCtxt and htmlNewSAXParserCtxt + - Don't mess with parser options in htmlParseDocument + - Remove useless call to htmlDefaultSAXHandlerInit + - Remove htmlDefaultSAXHandler from non-SAX1 build + - Don't initialize SAX handler in htmlReadMemory + - Fix htmlReadMemory mixing up XML and HTML functions + - Don't use default SAX handler to report unrelated errors + - Create stream with buffer in xmlNewStringInputStream + - xmlcatalog: Fix memory leaks + * Code quality + - xzlib: Fix implicit sign change in xz_open + - parser: Simplify calculation of available buffer space + - parser: Use size_t when subtracting input buffer pointers + - parser: Check for integer overflow when updating checkIndex + - xpath: Fix harmless integer overflow in xmlXPathTranslateFunction + - schematron: Use logical and + - relaxng: Remove useless if statement + - schemas: Remove useless if statement + - pattern: Merge identical branches + - regexp: Add sanity check in xmlRegCalloc2 + - regexp: Simplify xmlRegAtomPush + - encoding: Cast toupper argument to unsigned char + - uri: Add explicit cast in xmlSaveUri + - buf: Fix return value of xmlBufGetInputBase + - parser: Fix integer overflow of input ID + - parser: Remove useless ent->etype test in xmlParseReference + - parser: Remove useless ent->children tests in xmlParseReference + - xmlmemory.c: Remove xmlMemContentShow + - libxml.h: Add comments and indentation + - libxml.h: Don't include stdio.h + - xmlexports.h: Disable docs for internal macro XMLPUBLIC + - parser: Simplify xmlParseConditionalSections + - io: Rearrange code in xmlSwitchInputEncodingInt + - warnings: Fix -Wstrict-prototypes warning + - warnings: Remove set-but-unused variables + - Fix compiler warnings in SAX2.c + - Fix unused variable warning in python/types.c + - Fix compiler warning in examples + - Fix compiler warnings in fuzzing code + - Remove unused code in nanohttp.c + - Remove or annotate char casts + - Don't use sizeof(xmlChar) or sizeof(char) + - Remove explicit integer casts + * Deprecations + - parser: Deprecate more internal functions + - parser: Deprecate some parser input functions + - parser: Deprecate xmlString*DecodeEntities + - threads: Deprecate some internal functions + - buf: Deprecate static/immutable buffers + - Deprecate internal parser functions + - Deprecate old HTML SAX API + - Generate deprecation warnings for old SAX API + - Mark more functions setting globals as deprecated + - Mark more parser functions as deprecated + - Mark most SAX1 functions as deprecated + - Deprecate some global variables +* Portability + - autoconf: Warn about outdated C compilers + - win32: Remove broken libxml2.def.src + - Remove symbols from version script + - catalog.c: Silence a cast warning on VS 2022 (Lukáš Tyrychtr) + - libxml.h: Remove ancient LynxOS setup + - Use python3 not python (Ross Burton) + - xstc/fixup-tests.py: port to Python 3 (Ross Burton) + - xstc/fixup-tests.py: unify whitespace (Ross Burton) + - Remove hacky heuristic from b2dc5675 (Alex Richardson) + - Avoid creating an out-of-bounds pointer by rewriting a check + (Alex Richardson) + - Hide internal functions + - Correctly relocate internal pointers after realloc() (Alex Richardson) + - Visual Studio builds: Allow silencing deprecation warnings (Chun-wei Fan) + - Visual Studio: Define XML_DEPRECATED (Chun-wei Fan) + - xmllint: Include on Windows + - warnings: Work around MSVC bug + - sources: Silence C4013 warnings on Visual Studio (Chun-wei Fan) + - python/setup.py.in: Improve Windows import patching (Chun-wei Fan) + - python: Create .pyd on Windows + - Fix Python build on Windows + - Fix Windows compiler warnings in python/types.c + - Fix libxml_PyFileGet + - Remove BeOS support + - Fix libxml_PyFileGet with stdout on macOS + - Migrate from PyEval_ to PyObject_ + - Port build_glob.py to Python 3 + - Port genChRanges.py to Python 3 + - xmlexports.h: Remove LIBXML_FASTCALL optimization + - Remove XMLCALL and XMLCDECL macros from public headers + - Remove XMLDECL macro from .c files + * Build systems + - cmake: Link against `dl` and `dld` only when `LIBXML2_WITH_MODULES` is + enabled (Alexander Kutelev) + - autotools: Fix make distcheck + - Remove RPM build, Makefile.tests, README.tests + - libxml.m4: deprecate AM_PATH_XML2, wrap PKG_CHECK_MODULES instead + (Ross Burton) + - libxml.m4: fix -Wstrict-prototypes (Sam James) + - cmake: Build static library with -DLIBXML_STATIC + - autotools: Don't use version script on Windows + - autotools: Fix winsock detection + - autotools: Only add network libraries if HTTP/FTP enabled + - autotools: Disable parallel Python build + - python: Don't output missing generators during build + - build: Remove check for broken ss_family + - http: Simplify IPv6 checks + - autotools: Fix network checks on Windows + - Fix detection of GNU libiconv + - cmake: Fix Python installation + - cmake: Don't check for Python 2 + - configure.ac: Also check for MSYS host + - Improve network library detection + - Detect ws2_32 with AC_SEARCH_LIBS + - Rework network configure checks + - Remove arg cast configure checks + - Fix dlopen check + - Remove HAVE_WIN32_THREADS configuration flag + - Rework dlopen and pthread detection + - Fix test in configure.ac + - cmake: Enable GCC compiler warnings + - Always link with -no-undefined + - Use AM_CFLAGS and AM_LDFLAGS consistently + - Remove -Wredundant-decls + - Call AC_CHECK_* with multiple arguments + - configure.ac: Remove checks for unused programs + - Rework library detection in configure.ac + - Rearrange configure.ac + - Consolidate zlib and lzma detection + - Remove "runtime debugging" + - Consolidate simple API modules in configure.ac + - Fix dependency resolution in configure.ac + - Fix --with-valid --without-regexps build + - Fix --with-schemas --without-xpath build + - Don't build unneeded .c source files + - Move xmlIsXHTML to tree.c + - Cleanup distribution settings in Makefile.am + - Also clean *.pyc files for Python 2 + - Don't distribute libxml2.spec + * Tests + - testchar: Add test for memory pull parser with encoding + - fuzz: Also test init function of URI fuzzer + - fuzz: Separate fuzzer for DTD validation + - gitlab-ci: Enable all "integer" sanitizers + - fuzz: Inject random malloc failures + - fuzz: Support variable integer sizes in fuzz data + - fuzz: Fix duplicate detection in fuzzEntityRecorder + - fuzz: Set filename in xmlFuzzEntityLoader + - fuzz: Allow xmlFuzzReadString(NULL) + - fuzz: Fix Makefile dependencies + - fuzz: Add test/recurse to seed corpus + - fuzz: Add separate XInclude fuzzer + - runsuite: Some errors are expected + - testrecurse: Test entity expansion stats + - testapi.c: Initialize catalog early + - gentest.py: Fix memory leak in API tests + - tests: Enable "runsuite" test + - python/tests/reader2: use absolute paths everywhere (Ross Burton) + - python/tests/reader2: always exit(1) if a test fails (Ross Burton) + - testModule: exit if the module can't be opened (Ross Burton) + - CI: disable modules in gcc:static build (Ross Burton) + - CI: fix CI on MinGW builds (Ross Burton) + - python: Fix memory leak checks + - tests: Check that xmlInitParser doesn't allocate memory + - tests: Fix use-after-free in Python tests + - tests: Remove unneeded #includes + - gitlab-ci: Make Test-Msvc exit if ctest fails + - gitlab-ci: Treat compiler warnings as errors on MSVC + - test: Add test for push parser boundaries + - gitlab-ci: Upgrade image to Ubuntu 22.10, reenable MSan + - gitlab-ci: Reenable LeakSanitizer + - gitlab-ci: Fix llvm-symbolizer + - xinclude: Don't create result doc for test with errors + - xinclude: Also test error messages + - gitlab-ci: Allow cast-align warnings from clang + - gitlab-ci: Fix tar invocation + - gitlab-ci: Move MSVC test to separate script + - gitlab-ci: Fix SUFFIX, remove MINGW_PATH + - gitlab-ci: Consolidate CMake test scripts + - gitlab-ci: Only install MinGW autotools if needed + - gitlab-ci: Only install cmake MinGW package if needed + - gitlab-ci: Install 7-Zip using the .msi + - Use $MSYSTEM and 'bash -lc' in MinGW CI + - Add CI job for MinGW/Autotools + - Consolidate CI scripts + - Allow empty MINGW_PACKAGE_PREFIX + - Move Dockerfile to .gitlab-ci directory + - testapi: Disable on Windows for now + - Disable fuzzer tests if glob.h wasn't found + - Move automata test to runtest.c + - Fix testapi when building --without-sax1 + * Documentation + - doc: Remove ancient files + - Remove ancient TODOs + - html: Fix htmlInitAutoClose documentation + - doc: Mention new location of XML catalog as breaking change + - doc: Mention potentially breaking changes in NEWS + - doc: Remove xmlDllMain from documentation and version script + - doc: Mention ${sysconfdir} in man pages + - doc: Document xmlcatalog --convert + - doc: Document xmllint --nodict and --pedantic + - doc: Fix indentation in source XML files + - xmllint: Document --quiet option + - Improve cross-references in API docs + - Improve documentation of globals + - Fix documentation parser + - Support comments for global variables in documentation + - Fix update call in apibuild.py + - Don't index anything in DOC_DISABLE sections + - Fix warnings from apibuild.py + - Start with documentation for maintainers + ------------------------------------------------------------------- Fri Apr 21 14:50:09 UTC 2023 - David Anes diff --git a/libxml2.spec b/libxml2.spec index 54eacac..990100c 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -25,12 +25,12 @@ %endif Name: libxml2%{?dash}%{flavor} -Version: 2.10.4 +Version: 2.11.1 Release: 0 License: MIT Summary: A Library to Manipulate XML Files URL: https://gitlab.gnome.org/GNOME/libxml2 -Source0: https://download.gnome.org/sources/%{name}/2.10/libxml2-%{version}.tar.xz +Source0: https://download.gnome.org/sources/%{name}/2.11/libxml2-%{version}.tar.xz Source1: baselibs.conf # W3C Conformance tests Source2: https://www.w3.org/XML/Test/xmlts20080827.tar.gz @@ -188,7 +188,7 @@ popd %make_install BASE_DIR="%{_docdir}" DOC_MODULE="%{base_name}" find %{buildroot} -type f -name "*.la" -delete -print mkdir -p "%{buildroot}/%{_docdir}/%{base_name}" -cp -a NEWS README.md TODO* %{buildroot}%{_docdir}/%{base_name}/ +cp -a NEWS README.md %{buildroot}%{_docdir}/%{base_name}/ ln -s libxml2/libxml %{buildroot}%{_includedir}/libxml # Remove duplicated file Copyright as not found by fdupes rm -fr %{buildroot}%{_docdir}/%{base_name}/Copyright @@ -248,7 +248,6 @@ rm -rf xmlconf/ # remove the conformance tests afterwards %else %files %{python_files libxml2} -%doc python/TODO %doc python/libxml2class.txt %doc doc/*.py %doc python/README