- version update to 2.14.5
2.14.0
** Major changes **
o The HTML tokenizer now conforms fully to HTML5.
o Binary compatibility is restricted to versions 2.14 or newer.
The soname was bumped from libxml2.so.2 to libxml2.so.16.
o The serialization API will now take user-provided or default
encodings into account when serializing attribute values.
o The XML parser won't try to merge consecutive CDATA sections
as before to align with web standards.
o Support for RELAX NG can now be disabled with a new configuration
option independently of XML Schemas support.
o The "legacy" configuration option won't enable support for HTTP
and LZMA anymore.
o Parts of the xmllint executable were refactored, allowing the
combination of more options.
o Meson is fully supported now.
o Parts of the buffering code were reworked and simplified.
o Overflow checks before reallocations were hardenend.
o Some unprefixed symbols were renamed to avoid namespace pollution.
** New features **
o Input callbacks can now be set on a parser context and an improved
API to create parser input is available.
o The following new functions, taking a parser input object, were added:
. xmlCtxtParseDocument
. xmlCtxtParseContent
. xmlCtxtParseDtd
o The xmlSave API now has additional options to replace global settings.
o Parser options XML_PARSE_UNZIP, XML_PARSE_NO_SYS_CATALOG and
XML_PARSE_CATALOG_PI were added.
OBS-URL: https://build.opensuse.org/request/show/1302350
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=252
- Update to 2.13.5:
* Regressions:
- xmlIO: Fix reading from non-regular files like pipes
- xmlreader: Fix return value of xmlTextReaderReadString
- parser: Fix loading of parameter entities in external DTDs
- parser: Fix downstream code that swaps DTDs
- parser: Fix detection of duplicate attributes
- string: Fix va_copy fallback
* Bug fixes:
- xpath: Fix parsing of non-ASCII names
- Update to 2.13.4:
* Regressions:
- parser: Make unsupported encodings an error in declarations
- io: don't set the executable bit when creating files
- xmlcatalog: Improved fix for #699
- Revert "catalog: Fetch XML catalog before dumping"
- io: Add missing calls to xmlInitParser
- tree: Restore return value of xmlNodeListGetString with NULL list
- parser: Fix error handling after reaching limit
- parser: Make xmlParseChunk return an error if parser was stopped
* Bug fixes:
- python: Fix SAX driver with character streams
* Improvements:
- xpath: Make recursion check work with xmlXPathCompile
- parser: Report at least one fatal error
- Update to 2.13.3:
* Security:
- [bsc#1234812, CVE-2024-40896] Fix XXE protection in downstream code
* Regressions:
- autotools: Use AC_CHECK_DECL to check for getentropy
OBS-URL: https://build.opensuse.org/request/show/1238553
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=230
- Removed patches (already in upstream):
* libxml2-CVE-2023-39615.patch
* libxml2-CVE-2023-45322.patch
* libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* python312.patch
- Update to 2.12.0:
* Major changes:
- Most of the known issues leading to quadratic behavior in the
XML parser were fixed. Internal hash tables were rewritten to
reduce memory consumption.
- Starting with this release, it should be enough to add the
--with-legacy configuration option to provide maximum ABI
compatibility.
- libxml2 will now store global variables in thread-local
storage if supported by the compiler. This avoids allocating
the data lazily which can result in a fatal error condition.
- A new API function xmlCheckThreadLocalStorage was added so the
allocation can be checked earlier if compiler TLS is not
supported.
- To prepare for future improvements, some API functions now
expect or return a const xmlError struct.
- Several cyclic dependencies in public header files were fixed.
- Refactoring of the encoding code has been mostly completed.
Calling xmlSwitchEncoding from client code is now fully
supported, for example to override the encoding for the push
parser.
- When parsing data from memory, libxml2 will now stream data
chunk by chunk instead of copying the whole buffer (possibly
twice with encodings), reducing peak memory consumption
considerably.
OBS-URL: https://build.opensuse.org/request/show/1126893
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=206
- Rebased patches:
* libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
- Update to 2.11.1:
* Fixes build and ABI issues.
- cmake: Fix va_copy detection (Luca Niccoli)
- libxml.m4: Fix quoting
- Link with --undefined-version
- libxml2.syms: Revert removal of version information
- Update to 2.11.0:
* Major changes
- Protection against entity expansion attacks, also known as
"billion laughs" has been greatly improved. Malicious files
should be detected reliably now and false positives should be
reduced. It is possible though that large documents which make
heavy use of entities are rejected now.
- This release finally fixes symbol visibility on UNIX systems.
Internal symbols will now be hidden. While these symbols were
never declared in public headers, it was still possible to
declare them manually. Now this won't work.
- All symbol information has been removed from the ELF version
script to fix link errors with --no-undefined-version. The
version nodes are kept so it should still be possible to run
binaries linked against older versions.
- About 90 memory errors in code paths handling malloc failures
have been fixed. While these issues shouldn't impact security,
this improves robustness under memory pressure.
- The XInclude engine has been reworked to properly support
nested includes.
- Several cases of quadratic behavior in the XML push parser
have been fixed.
OBS-URL: https://build.opensuse.org/request/show/1084343
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=194
