- Update to 2.13.5:
* Regressions:
- xmlIO: Fix reading from non-regular files like pipes
- xmlreader: Fix return value of xmlTextReaderReadString
- parser: Fix loading of parameter entities in external DTDs
- parser: Fix downstream code that swaps DTDs
- parser: Fix detection of duplicate attributes
- string: Fix va_copy fallback
* Bug fixes:
- xpath: Fix parsing of non-ASCII names
- Update to 2.13.4:
* Regressions:
- parser: Make unsupported encodings an error in declarations
- io: don't set the executable bit when creating files
- xmlcatalog: Improved fix for #699
- Revert "catalog: Fetch XML catalog before dumping"
- io: Add missing calls to xmlInitParser
- tree: Restore return value of xmlNodeListGetString with NULL list
- parser: Fix error handling after reaching limit
- parser: Make xmlParseChunk return an error if parser was stopped
* Bug fixes:
- python: Fix SAX driver with character streams
* Improvements:
- xpath: Make recursion check work with xmlXPathCompile
- parser: Report at least one fatal error
- Update to 2.13.3:
* Security:
- [bsc#1234812, CVE-2024-40896] Fix XXE protection in downstream code
* Regressions:
- autotools: Use AC_CHECK_DECL to check for getentropy
OBS-URL: https://build.opensuse.org/request/show/1238553
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=230
- Removed patches (already in upstream):
* libxml2-CVE-2023-39615.patch
* libxml2-CVE-2023-45322.patch
* libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* python312.patch
- Update to 2.12.0:
* Major changes:
- Most of the known issues leading to quadratic behavior in the
XML parser were fixed. Internal hash tables were rewritten to
reduce memory consumption.
- Starting with this release, it should be enough to add the
--with-legacy configuration option to provide maximum ABI
compatibility.
- libxml2 will now store global variables in thread-local
storage if supported by the compiler. This avoids allocating
the data lazily which can result in a fatal error condition.
- A new API function xmlCheckThreadLocalStorage was added so the
allocation can be checked earlier if compiler TLS is not
supported.
- To prepare for future improvements, some API functions now
expect or return a const xmlError struct.
- Several cyclic dependencies in public header files were fixed.
- Refactoring of the encoding code has been mostly completed.
Calling xmlSwitchEncoding from client code is now fully
supported, for example to override the encoding for the push
parser.
- When parsing data from memory, libxml2 will now stream data
chunk by chunk instead of copying the whole buffer (possibly
twice with encodings), reducing peak memory consumption
considerably.
OBS-URL: https://build.opensuse.org/request/show/1126893
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=206
- Rebased patches:
* libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
- Update to 2.11.1:
* Fixes build and ABI issues.
- cmake: Fix va_copy detection (Luca Niccoli)
- libxml.m4: Fix quoting
- Link with --undefined-version
- libxml2.syms: Revert removal of version information
- Update to 2.11.0:
* Major changes
- Protection against entity expansion attacks, also known as
"billion laughs" has been greatly improved. Malicious files
should be detected reliably now and false positives should be
reduced. It is possible though that large documents which make
heavy use of entities are rejected now.
- This release finally fixes symbol visibility on UNIX systems.
Internal symbols will now be hidden. While these symbols were
never declared in public headers, it was still possible to
declare them manually. Now this won't work.
- All symbol information has been removed from the ELF version
script to fix link errors with --no-undefined-version. The
version nodes are kept so it should still be possible to run
binaries linked against older versions.
- About 90 memory errors in code paths handling malloc failures
have been fixed. While these issues shouldn't impact security,
this improves robustness under memory pressure.
- The XInclude engine has been reworked to properly support
nested includes.
- Several cases of quadratic behavior in the XML push parser
have been fixed.
OBS-URL: https://build.opensuse.org/request/show/1084343
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=194
- Enable tests also in the python subpackages
- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH
to avoid nodeset limit when processing large XML files [bsc#1135123]
* Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
- Merge python-libxml2-python spec and changes files into the
libxml2 ones using _multibuild [bsc#1126499, bsc#1123919]
- Add libxml2-python3-string-null-check.patch: fix NULL pointer
dereference when parsing invalid data (bsc#1065270
glgo#libxml2!15).).
- Drop patch python3.6-verify_fd.patch merged upstream
- clean with spec-cleaner
- libxml2-python3-unicode-errors.patch: work around an issue with
libxml2 supplied error strings being undecodable UTF-8 (bsc#1065270)
- convert to singlespec, build a python 3 version
- change build instructions to use setup.py (and %python_build macros)
instead of makefile-based approach
- add python3.6-verify_fd.patch that fixes libxml2 on python 3.6
- rename to python-libxml2-python to conform to package naming policy
(PyPI name is "libxml2-python")
- buildignore python to avoid build cycle
* please see ChangeLog for more info
- fix version
OBS-URL: https://build.opensuse.org/request/show/720054
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=134
