- Update to 2.13.5:
* Regressions:
- xmlIO: Fix reading from non-regular files like pipes
- xmlreader: Fix return value of xmlTextReaderReadString
- parser: Fix loading of parameter entities in external DTDs
- parser: Fix downstream code that swaps DTDs
- parser: Fix detection of duplicate attributes
- string: Fix va_copy fallback
* Bug fixes:
- xpath: Fix parsing of non-ASCII names
- Update to 2.13.4:
* Regressions:
- parser: Make unsupported encodings an error in declarations
- io: don't set the executable bit when creating files
- xmlcatalog: Improved fix for #699
- Revert "catalog: Fetch XML catalog before dumping"
- io: Add missing calls to xmlInitParser
- tree: Restore return value of xmlNodeListGetString with NULL list
- parser: Fix error handling after reaching limit
- parser: Make xmlParseChunk return an error if parser was stopped
* Bug fixes:
- python: Fix SAX driver with character streams
* Improvements:
- xpath: Make recursion check work with xmlXPathCompile
- parser: Report at least one fatal error
- Update to 2.13.3:
* Security:
- [bsc#1234812, CVE-2024-40896] Fix XXE protection in downstream code
* Regressions:
- autotools: Use AC_CHECK_DECL to check for getentropy
OBS-URL: https://build.opensuse.org/request/show/1238553
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=230
- Removed patches (already in upstream):
* libxml2-CVE-2023-39615.patch
* libxml2-CVE-2023-45322.patch
* libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* python312.patch
- Update to 2.12.0:
* Major changes:
- Most of the known issues leading to quadratic behavior in the
XML parser were fixed. Internal hash tables were rewritten to
reduce memory consumption.
- Starting with this release, it should be enough to add the
--with-legacy configuration option to provide maximum ABI
compatibility.
- libxml2 will now store global variables in thread-local
storage if supported by the compiler. This avoids allocating
the data lazily which can result in a fatal error condition.
- A new API function xmlCheckThreadLocalStorage was added so the
allocation can be checked earlier if compiler TLS is not
supported.
- To prepare for future improvements, some API functions now
expect or return a const xmlError struct.
- Several cyclic dependencies in public header files were fixed.
- Refactoring of the encoding code has been mostly completed.
Calling xmlSwitchEncoding from client code is now fully
supported, for example to override the encoding for the push
parser.
- When parsing data from memory, libxml2 will now stream data
chunk by chunk instead of copying the whole buffer (possibly
twice with encodings), reducing peak memory consumption
considerably.
OBS-URL: https://build.opensuse.org/request/show/1126893
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=206
- Rebased patches:
* libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
- Update to 2.11.1:
* Fixes build and ABI issues.
- cmake: Fix va_copy detection (Luca Niccoli)
- libxml.m4: Fix quoting
- Link with --undefined-version
- libxml2.syms: Revert removal of version information
- Update to 2.11.0:
* Major changes
- Protection against entity expansion attacks, also known as
"billion laughs" has been greatly improved. Malicious files
should be detected reliably now and false positives should be
reduced. It is possible though that large documents which make
heavy use of entities are rejected now.
- This release finally fixes symbol visibility on UNIX systems.
Internal symbols will now be hidden. While these symbols were
never declared in public headers, it was still possible to
declare them manually. Now this won't work.
- All symbol information has been removed from the ELF version
script to fix link errors with --no-undefined-version. The
version nodes are kept so it should still be possible to run
binaries linked against older versions.
- About 90 memory errors in code paths handling malloc failures
have been fixed. While these issues shouldn't impact security,
this improves robustness under memory pressure.
- The XInclude engine has been reworked to properly support
nested includes.
- Several cases of quadratic behavior in the XML push parser
have been fixed.
OBS-URL: https://build.opensuse.org/request/show/1084343
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=194
- Update to version 2.10.2:
* Improvements:
+ Remove set-but-unused variable in xmlXPathScanName
+ Silence -Warray-bounds warning
* Build system
+ build: require automake-1.16.3 or later
+ Remove generated files from distribution
* Test suite: Don't create missing.xml when running testapi
- Add configure --with-python=%{__python3} inbefore python build,
as upstream no longer ships pre-grenerated files.
- Use sed to fix env-script-interpreter in documentation example.
- Pass with-ftp to configure, build ftp support.
OBS-URL: https://build.opensuse.org/request/show/1000642
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=178
- Update to version 2.10.1:
* Regressions: Fix xmlCtxtReadDoc with encoding
* Bug fixes: Fix HTML parser with threads and --without-legacy
* Build system:
+ Fix build with Python 3.10
+ cmake: Disable version script on macOS
+ Remove Makefile rule to build testapi.c
* Documentation:
+ Switch back to HTML output for API documentation
+ Port doc/examples/index.py to Python 3
+ Fix order of exports in libxml2-api.xml
+ Remove libxml2-refs.xml
OBS-URL: https://build.opensuse.org/request/show/999277
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=176
- Update to 2.10.0:
* Security
+ [CVE-2022-2309] Reset nsNr in xmlCtxtReset
+ Reserve byte for NUL terminator and report errors consistently in xmlBuf and
xmlBuffer
+ Fix missing NUL terminators in xmlBuf and xmlBuffer functions
+ Fix integer overflow in xmlBufferDump()
+ xmlBufAvail() should return length without including a byte for NUL
terminator
+ Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc()
+ Use xmlNewDocText in xmlXIncludeCopyRange
+ Fix use-after-free bugs when calling xmlTextReaderClose() before
xmlFreeTextReader() on post-validating parser
+ Use UPDATE_COMPAT() consistently in buf.c
+ fix: xmlXPathParserContext could be double-delete in OOM case.
* Removals and deprecations
+ Disable XPointer location support by default
+ Remove outdated xml2Conf.sh
+ Deprecate module init and cleanup functions
+ Remove obsolete XML Software Autoupdate (XSA) file
+ Remove DOCBparser
+ Remove obsolete Python test framework
+ Remove broken VxWorks support
+ Remove broken Mac OS 9 support
+ Remove broken bakefile support
+ Remove broken Visual Studio 2010 support
+ Remove broken Windows CE support
+ Deprecate IDREF-related functions in valid.h
+ Deprecate legacy functions
+ Disable legacy support by default
OBS-URL: https://build.opensuse.org/request/show/997729
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=175
