# # spec file for package libxml2 # # Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define base_name libxml2 %define libname libxml2-2 %define flavor %nil %if "%{flavor}" == "python" %define dash - %define buildpython 1 %endif %{?sle15allpythons} Name: libxml2%{?dash}%{flavor} Version: 2.13.7 Release: 1.1 License: MIT Summary: A Library to Manipulate XML Files URL: https://gitlab.gnome.org/GNOME/libxml2 Source0: https://download.gnome.org/sources/%{name}/2.13/libxml2-%{version}.tar.xz Source1: baselibs.conf # W3C Conformance tests Source2: https://www.w3.org/XML/Test/xmlts20080827.tar.gz ### -- Upstream patches range from 0 to 999 -- ### # PATCH-FIX-UPSTREAM libxml2-python3-unicode-errors.patch bsc#1064286 mcepl@suse.com # remove segfault after doc.freeDoc() Patch0: libxml2-python3-unicode-errors.patch # PATCH-FIX-UPSTREAM libxml2-python3-string-null-check.patch bsc#1065270 mgorse@suse.com # https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/15 Patch1: libxml2-python3-string-null-check.patch # ### -- openSUSE patches range from 1000 to 1999 -- ### # PATCH-FIX-OPENSUSE #Patch1000: # ### -- SUSE patches starts from 2000 -- ### ## TODO -- Is libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch really ## SUSE-specific? If so, shouldn't it be applied only for SLE distributions? # PATCH-FIX-SUSE bsc#1135123 Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit Patch2000: libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch # BuildRequires: fdupes BuildRequires: pkgconfig BuildRequires: readline-devel BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(zlib) %if 0%{?buildpython} BuildRequires: %{python_module devel} BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} BuildRequires: %{python_module xml} BuildRequires: python-rpm-macros BuildRequires: pkgconfig(libxml-2.0) # TW: generate subpackages for every python3 flavor %define python_subpackage_only 1 %python_subpackages %endif %description The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. %package -n %{libname} Summary: A Library to Manipulate XML Files %description -n %{libname} The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. This library implements a number of existing standards related to markup languages, including the XML standard, name spaces in XML, XML Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and XML catalogs. In most cases, libxml tries to implement the specification in a rather strict way. To some extent, it provides support for the following specifications, but does not claim to implement them: DOM, FTP client, HTTP client, and SAX. The library also supports RelaxNG. Support for W3C XML Schemas is in progress. %package tools Summary: Tools using libxml Provides: %{base_name} = %{version}-%{release} # Use hardcoded version to avoid unwanted behavior in the future. Obsoletes: %{base_name} < 2.9.13 %description tools This package contains xmllint, a very useful tool proving libxml's power. %package devel Summary: Development files for libxml2, an XML manipulation library Requires: %{base_name} = %{version} Requires: %{base_name}-tools = %{version} Requires: %{libname} = %{version} Requires: glibc-devel Requires: libxml2 = %{version} Requires: readline-devel Requires: xz-devel Requires: pkgconfig(liblzma) Requires: pkgconfig(zlib) %description devel The XML C library can load and save extensible data structures or manipulate any kind of XML files. This subpackage contains header files for developing applications that want to make use of libxml. %package doc Summary: Documentation for libxml, an XML manipulation library Requires: %{libname} = %{version} BuildArch: noarch %description doc The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. %package -n python-libxml2 Summary: Python Bindings for %{name} Requires: %{libname} = %{version} Requires: python-extras Provides: %{base_name}-python = %{version}-%{release} Provides: python-libxml2-python = %{version}-%{release} # Use hardcoded version to avoid unwanted behavior in the future. Obsoletes: %{base_name}-python < 2.9.13 Obsoletes: python-libxml2-python < 2.9.13 %description -n python-libxml2 This package contains a module that permits applications written in the Python programming language to use the interface supplied by the libxml2 library to manipulate XML files. This library allows manipulation of XML files. It includes support for reading, modifying, and writing XML and HTML files. There is DTD support that includes parsing and validation even with complex DTDs, either at parse time or later once the document has been modified. %prep %autosetup -p1 -n libxml2-%{version} sed -i '1 s|/usr/bin/env python|/usr/bin/python3|' doc/apibuild.py %build %if ! 0%{?buildpython} # TODO -- Document why are we using the -fno-strict-aliasing extra flag. export CFLAGS="%{optflags} -fno-strict-aliasing" %configure \ --disable-silent-rules \ --disable-static \ --docdir=%{_docdir}/%{base_name} \ --without-python \ --with-history \ --enable-ipv6 \ --with-sax1 \ --with-regexps \ --with-threads \ --with-reader \ --with-ftp \ --with-http \ --with-legacy %make_build BASE_DIR="%{_docdir}" DOC_MODULE="%{base_name}" %else %configure --with-python=%{__python3} pushd python %if 0%{suse_version} > 1500 export PYTHONPATH="." %pyproject_wheel %else %python_build %endif popd %endif %install %if ! 0%{?buildpython} %make_install BASE_DIR="%{_docdir}" DOC_MODULE="%{base_name}" find %{buildroot} -type f -name "*.la" -delete -print mkdir -p "%{buildroot}/%{_docdir}/%{base_name}" cp -a NEWS README.md %{buildroot}%{_docdir}/%{base_name}/ ln -s libxml2/libxml %{buildroot}%{_includedir}/libxml # Remove duplicated file Copyright as not found by fdupes rm -fr %{buildroot}%{_docdir}/%{base_name}/Copyright %fdupes %{buildroot}%{_datadir} %else pushd python %if 0%{suse_version} > 1500 %pyproject_install %else %python_install %endif popd chmod a-x python/tests/*.py %python_expand %fdupes %{buildroot}%{$python_sitearch} %endif %if ! 0%{?buildpython} %check # qemu-arm can't keep up atm, disabling check for arm %ifnarch %{arm} tar xzvf %{SOURCE2} # add conformance tests where they are expected %make_build check rm -rf xmlconf/ # remove the conformance tests afterwards %endif %ldconfig_scriptlets -n %{libname} %files -n %{libname} %{_libdir}/lib*.so.* %license Copyright %doc %dir %{_docdir}/%{base_name} %doc %{_docdir}/%{base_name}/[ANRCT]* # the -n %%base_name tag is necessary so that python_subpackages does not interfere %files -n %{base_name}-tools %{_bindir}/xmllint %{_bindir}/xmlcatalog %{_mandir}/man1/xmllint.1%{?ext_man} %{_mandir}/man1/xmlcatalog.1%{?ext_man} %files -n %{base_name}-devel %{_bindir}/xml2-config %dir %{_datadir}/aclocal %{_datadir}/aclocal/libxml.m4 %{_includedir}/libxml %{_includedir}/libxml2 %{_libdir}/lib*.so %{_libdir}/pkgconfig/*.pc %{_libdir}/cmake %{_mandir}/man1/xml2-config.1%{?ext_man} %files -n %{base_name}-doc %{_datadir}/gtk-doc/html/* %doc %{_docdir}/%{base_name}/*.html # owning these directories prevents gtk-doc <-> libxml2 build loop: %dir %{_datadir}/gtk-doc %dir %{_datadir}/gtk-doc/html %else %files %{python_files libxml2} %doc python/libxml2class.txt %doc doc/*.py %doc python/README %pycache_only %{python_sitearch}/__pycache__/*libxml2* %{python_sitearch}/*libxml2* %endif %changelog * Fri Mar 28 2025 Bjørn Lie - Update to version 2.13.7: + Regressions: - tree: Fix xmlTextMerge with NULL args - io: Fix `compressed` flag for uncompressed stdin - parser: Fix parsing of DTD content * Tue Feb 18 2025 Bjørn Lie - Update to version 2.13.6 ([bsc#1237363], [bsc#1237370], [bsc#1237418]): + Security: - [CVE-2025-24928] Fix stack-buffer-overflow in xmlSnprintfElements - [CVE-2024-56171] Fix use-after-free after xmlSchemaItemListAdd - pattern: Fix compilation of explicit child axis + Regressions: - xmllint: Support compressed input from stdin - uri: Fix handling of Windows drive letters - reader: Fix return value of xmlTextReaderReadString again - SAX2: Fix xmlSAX2ResolveEntity if systemId is NULL + Portability: - dict: Handle ENOSYS from getentropy gracefully - Fix compilation with uclibc (Dario Binacchi) - python: Declare init func with PyMODINIT_FUNC - tests: Fix sanitizer version check on old Apple clang - cmake: Work around broken sys/random.h in old macOS SDKs + Build: - autotools: Set AC_CONFIG_AUX_DIR - cmake: Always build Python module as shared library - cmake: add missing `Bcrypt` link on Windows - cmake: Fix compatibility in package version file - xmlIO: Fix reading from non-regular files like pipes - xmlreader: Fix return value of xmlTextReaderReadString - parser: Fix loading of parameter entities in external DTDs - parser: Fix downstream code that swaps DTDs - parser: Fix detection of duplicate attributes - string: Fix va_copy fallback - xpath: Fix parsing of non-ASCII names - Drop libxml2-support-compressed-input-from-stdin.patch: Fixed upstream. - Also CVE-2025-27113 was assigned to this release. * Wed Jan 29 2025 pgajdos@suse.com - fix decompression from stdin [bsc#1236346] - added patches fix https://gitlab.gnome.org/nwellnhof/libxml2/-/commit/6208f86edd59e31a51a8d9b300d428504adb25a7 + libxml2-support-compressed-input-from-stdin.patch * Fri Jan 17 2025 Pedro Monreal - Update to 2.13.5: * Regressions: - xmlIO: Fix reading from non-regular files like pipes - xmlreader: Fix return value of xmlTextReaderReadString - parser: Fix loading of parameter entities in external DTDs - parser: Fix downstream code that swaps DTDs - parser: Fix detection of duplicate attributes - string: Fix va_copy fallback * Bug fixes: - xpath: Fix parsing of non-ASCII names - Update to 2.13.4: * Regressions: - parser: Make unsupported encodings an error in declarations - io: don't set the executable bit when creating files - xmlcatalog: Improved fix for #699 - Revert "catalog: Fetch XML catalog before dumping" - io: Add missing calls to xmlInitParser - tree: Restore return value of xmlNodeListGetString with NULL list - parser: Fix error handling after reaching limit - parser: Make xmlParseChunk return an error if parser was stopped * Bug fixes: - python: Fix SAX driver with character streams * Improvements: - xpath: Make recursion check work with xmlXPathCompile - parser: Report at least one fatal error - Update to 2.13.3: * Security: - [bsc#1234812, CVE-2024-40896] Fix XXE protection in downstream code * Regressions: - autotools: Use AC_CHECK_DECL to check for getentropy - xinclude: Fix fallback for text includes - io: Don't call getcwd in xmlParserGetDirectory - io: Fix return value of xmlFileRead - parser: Fix error return of xmlParseBalancedChunkMemory * Improvements: - xinclude: Set error handler when parsing text - Undeprecate xmlKeepBlanksDefault - Update to 2.13.2: * Regressions: - tree: Fix handling of empty strings in xmlNodeParseContent - valid: Restore ID lookup - parser: Reenable ctxt->directory - uri: Handle filesystem paths in xmlBuildRelativeURISafe - encoding: Make xmlFindCharEncodingHandler return UTF-8 handler - encoding: Fix encoding lookup with xmlOpenCharEncodingHandler - include: Define ATTRIBUTE_UNUSED for clang - uri: Fix xmlBuildURI with NULL base * Regressions: - parser: Selectively reenable reading from "-" - reader: Fix xmlTextReaderReadString - xinclude: Set XPath context doc - xinclude: Load included documents with XML_PARSE_DTDLOAD - include: Don't redefine ATTRIBUTE_UNUSED - include: Readd circular dependency between tree.h and parser.h - xinclude: Add missing include - xinclude: Don't raise error on empty nodeset - parser: Make failure to load main document a warning - tree: Fix freeing entities via xmlFreeNode - parser: Pass global object to sax->setDocumentLocator * Improvements: - io: Fix resetting xmlParserInputBufferCreateFilename hook * Documentation: - Fix typo in NEWS (--with-html -> --with-http) - doc: Don't mention xmlNewInputURL * Fri Nov 15 2024 Pedro Monreal - Update to 2.13.0: * Major changes: - Most of the core code should now report malloc failures reliably. Some API functions were extended with versions that report malloc failures. - New API functions for error handling were added: + xmlCtxtSetErrorHandler + xmlXPathSetErrorHandler + xmlXIncludeSetErrorHandler - This makes it possible to register per-context error handlers without resorting to global handlers. - A few error messages were improved and consolidated. Please update downstream test suites accordingly. - A new parser option XML_PARSE_NO_XXE can be used to disable loading of external entities or DTDs. This is most useful in connection with XML_PARSE_NOENT. - Support for HTTP POST was removed. - Support for zlib, liblzma and HTTP is now disabled by default and has to be enabled by passing --with-zlib, --with-lzma or --with-http to configure. In legacy mode (--with-legacy) these options are enabled by default as before. - Support for FTP will be removed in the next release. - Support for the range and point extensions of the xpointer() scheme will be removed in the next release. The rest of the XPointer implementation won't be affected. The xpointer() scheme will behave like the xpath1() scheme. - Several more legacy symbols were deprecated. Users of the old "SAX1" API functions are encouraged to upgrade to the new "SAX2" API, available since version 2.6.0 from 2003. * Some deprecated global variables were made const: - htmlDefaultSAXHandler - oldXMLWDcompatibility - xmlDefaultSAXHandler - xmlDefaultSAXLocator - xmlParserDebugEntities * Deprecations and removals: - threads: Deprecate remaining ThrDef functions - unicode: Deprecate most xmlUCSIs* functions - memory: Remove memory debugging - tree: Deprecate xmlRegisterNodeDefault - tree: Deprecate xmlSetCompressMode - html: Deprecate htmlHandleOmittedElem - valid: Deprecate internal validation functions - valid: Deprecate old DTD serialization API - nanohttp: Deprecate public API - Remove VMS support - Remove Trio * Bug fixes: - parser: Fix base URI of internal parameter entities - tree: Handle predefined entities in xmlBufGetEntityRefContent - schemas: Allow unlimited length decimals, integers etc. - reader: Fix preservation of attributes - parser: Always decode entities in namespace URIs - relaxng: Fix tree corruption in xmlRelaxNGParseNameClass - schemas: Fix ADD_ANNOTATION - tree: Fix tree iteration in xmlDOMWrapRemoveNode - tree: Declare namespace on clone in xmlDOMWrapCloneNode - tree: Fix xmlAddSibling with last sibling - tree: Fix xmlDocSetRootElement with multiple top-level elements - catalog: Fetch XML catalog before dumping - html: Don't close fd in htmlCtxtReadFd * Improvements: - parser: Fix "Truncated multi-byte sequence" error - Add missing _cplusplus processing clause - parser: Rework handling of undeclared entities - SAX2: Warn if URI resolution failed - parser: Don't report error on invalid URI - xmllint: Clean up option handling - xmllint: Rework parsing - parser: Don't create undeclared entity refs in substitution mode - Make some globals const - reader: Make xmlTextReaderReadString non-recursive - reader: Rework xmlTextReaderRead{Inner,Outer}Xml - Remove redundant size check (Niels Dossche) - Remove redundant NULL check on cur - Remove always-false check old == cur - Remove redundant NULL check on cur - tree: Don't return empty localname in xmlSplitQName{2,3} - xinclude: Don't try to fix base of non-elements - tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling - SAX2: Optimize appending children - tree: Align xmlAddChild with other node insertion functions - html: Use binary search in htmlEntityValueLookup - io: Allocate output buffer with XML_BUFFER_ALLOC_IO - encoding: Don't shrink input too early in xmlCharEncOutput - tree: Tighten source doc check in xmlDOMWrapAdoptNode - tree: Check destParent->doc in xmlDOMWrapCloneNode - tree: Refactor text node updates - tree: Refactor node insertion - tree: Refactor element creation and parsing of attribute values - tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent - buf: Don't use default buffer size for small strings - string: Fix xmlStrncatNew(NULL, "") - entities: Don't allow null name in xmlNewEntity - html: Fix quadratic behavior in htmlNodeDump - tree: Rewrite xmlSetTreeDoc - valid: Rework xmlAddID - tree: Remove unused node types - tree: Make namespace comparison more consistent - tree: Don't allow NULL name in xmlSetNsProp - tree: Rework xmlNodeListGetString - tree: Rework xmlTextMerge - tree: Rework xmlNodeSetName - tree: Simplify xmlAddChild with text parent - tree: Disallow setting content of entity reference nodes - tree: Rework xmlReconciliateNs - schemas: fix spurious warning about truncated snprintf output - xmlschemastypes: Remove unreachable if statement - relaxng: Remove useless if statement - tree: Check for integer overflow in xmlStringGetNodeList - http: Improve error message for HTTPS redirects - save: Move DTD serialization code to xmlsave.c - parser: Report fatal error if document entity couldn't be loaded - xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest - SAX2: Limit entity URI length to 2000 bytes - parser: Account for full size of non-well-formed entities - parser: Pop inputs if parsing DTD failed - parser: Fix quadratic behavior when copying entities - writer: Implement xmlTextWriterClose - parser: Avoid duplicate namespace errors - parser: Add XML_PARSE_NO_XXE parser option - parser: Make xmlParseContent more useful - error: Make xmlFormatError public - encoding: Check whether encoding handlers support input/output - SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE - parser: Lower maximum entity nesting depth - parser: Set depth limit to 2048 with XML_PARSE_HUGE - parser: Implement xmlCtxtSetOptions - parser: Always prefer option members over bitmask - parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set - parser: Rework parsing of attribute and entity values - save: Output U+FFFD replacement characters - parser: Simplify entity size accounting - parser: Avoid unwanted expansion of parameter entities - parser: Always copy content from entity to target - parser: Simplify control flow in xmlParseReference - parser: Remove xmlSetEntityReferenceFunc feature - parser: Push general entity input streams on the stack - parser: Move progressive flag into input struct - parser: Fix in-parameter-entity and in-external-dtd checks - xpath: Rewrite substring-before and substring-after - xinclude: Only set xml:base if necessary - xinclude: Allow empty nodesets - parser: Rework general entity parsing - io: Fix close error handling - io: Fix read/write error handling - io: More refactoring and unescaping fixes - io: Move some code from xmlIO.c to parserInternals.c - uri: Clean up special parsing modes - xinclude: Rework xml:base fixup - parser: Also set document properties when push parsing - include: Move non-generated parts from xmlversion.h.in - io: Remove support for HTTP POST - dict: Move local RNG state to global state - dict: Get random seed from system PRNG - io: Don't use "-" to read from stdin - io: Rework initialization - io: Consolidate error messages - xzlib: Fix harmless unsigned integer overflow - io: Always use unbuffered input - io: Fix detection of compressed streams - io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile - io: Rework default callbacks - error: Stop printing some errors by default - xpath: Don't free nodes of XSLT result value trees - valid: Fix handling of enumerations - parser: Allow recovery in xmlParseInNodeContext - encoding: Support ASCII in xmlLookupCharEncodingHandler - include: Remove useless 'const' from function arguments - Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const' conversions (makise-homura) - Avoid EDG deprecation warnings for LCC compiler - Avoid EDG -Woverflow warnings on truncating conversions by manually truncating operand (makise-homura) - Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by conversion from unsigned int to int (makise-homura) - Avoid using no_sanitize attribute on EDG even if compiler shows as GCC * Build systems: - meson: convert boolean options to feature option - meson: Pass LIBXML_STATIC in dependency - meson: fix compilation with local binaries - meson: don't use dl dependency on old meson - meson: fix usage as a subproject - build: Remove --with-fexceptions configuration option - autotools: Remove --with-coverage configuration option - build: Disable HTTP support by default - Stop defining _REENTRANT - doc: Don't install example code - meson: Initial commit - build: Disable support for compression libraries by default - Set LIBXML2_FOUND if it has been properly configured - Makefile.am: omit $(top_builddir) from DEPS and LDADDS * Test suite - runtest: Work around broken EUC-JP support in musl iconv - runtest: Check for IBM-1141 encoding handler - fuzz: Add xmllint fuzzer - fuzz: Add fuzzer for XML reader API - fuzz: New tree API fuzzer - tests: Remove testOOM - Don't let gentest.py cast types to 'const somethingPtr' to avoid - Wignored-qualifiers * Rebase libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch * Wed Nov 13 2024 pgajdos@suse.com - add %%{?sle15allpythons} macro [jsc#PED-68] - use %%python_build and %%python_install for 15 * Thu Jul 25 2024 Bjørn Lie - Update to version 2.12.9: + Security: (CVE-2024-40896) Fix XXE protection in downstream code. + Improvements: Undeprecate xmlKeepBlanksDefault. * Wed Jun 12 2024 Dominique Leuenberger - Update to version 2.12.8: + parser: Fix performance regression when parsing namespaces. * Tue May 14 2024 Dominique Leuenberger - Update to version 2.12.7: + Fix buffer overread with `xmllint --htmlout` (CVE-2024-34459, bsc#1224282). + xmllint: Fix --pedantic option. + save: Handle invalid parent pointers in xhtmlNodeDumpOutput. * Wed Apr 17 2024 Christoph G - Update to version 2.12.6 * Regressions - parser: Fix detection of duplicate attributes in XML namespace - xmlreader: Fix xmlTextReaderConstEncoding - html: Fix htmlCreatePushParserCtxt with encoding - xmllint: Return error code if XPath returns empty nodeset - Update to version 2.12.5 * Security - [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking * Regressions - parser: Fix crash in xmlParseInNodeContext with HTML documents - Update to version 2.12.4 * Regressions - parser: Fix regression parsing standalone declarations - autotools: Readd --with-xptr-locs configuration option - parser: Fix build --without-output - parser: Don't grow or shrink pull parser memory buffers - io: Fix memory lifetime issue with input buffers - Update to version 2.12.3 * Regressions - parser: Fix namespaces redefined from default attributes * Build fixes - include: Rename XML_EMPTY helper macro - include: Move declaration of xmlInitGlobals - include: Add missing includes - include: Move globals from xmlsave.h to parser.h - include: Readd circular dependency between tree.h and parser.h - Drop libxml2-CVE-2024-25062.patch as it is part of upstream * Sat Feb 10 2024 David Anes - Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader * Added libxml2-CVE-2024-25062.patch * Tue Dec 5 2023 Bjørn Lie - Update to version 2.12.2: * Regressions: - parser: . Fix invalid free in xmlParseBalancedChunkMemoryRecover . Make CRLF increment line number - globals: Disable TLS in static Windows builds - html: Reenable buggy detection of XML declarations - tree: Fix regression when copying DTDs * Build fixes - build: Disable compiler TLS by default - cmake: Update config.h.cmake.in - tests: Fix tests --with-valid --without-xinclude * Fri Nov 24 2023 Bjørn Lie - Update to verson 2.12.1: * Regressions: - hash: Fix deletion of entries during scan - parser: Only enable SAX2 if there are SAX2 element handlers * Build fixes: - autotools: Stop checking for snprintf - dict: Fix '__thread' before 'static' - fix: pthread weak references in globals.c - tests: Fix build with older MSVC * Fri Nov 17 2023 David Anes - Bring back a patch that was mistakenly removed in the last update. * Readded libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch * Thu Nov 16 2023 David Anes - Removed patches (already in upstream): * libxml2-CVE-2023-39615.patch * libxml2-CVE-2023-45322.patch * libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch * python312.patch - Update to 2.12.0: * Major changes: - Most of the known issues leading to quadratic behavior in the XML parser were fixed. Internal hash tables were rewritten to reduce memory consumption. - Starting with this release, it should be enough to add the - -with-legacy configuration option to provide maximum ABI compatibility. - libxml2 will now store global variables in thread-local storage if supported by the compiler. This avoids allocating the data lazily which can result in a fatal error condition. - A new API function xmlCheckThreadLocalStorage was added so the allocation can be checked earlier if compiler TLS is not supported. - To prepare for future improvements, some API functions now expect or return a const xmlError struct. - Several cyclic dependencies in public header files were fixed. - Refactoring of the encoding code has been mostly completed. Calling xmlSwitchEncoding from client code is now fully supported, for example to override the encoding for the push parser. - When parsing data from memory, libxml2 will now stream data chunk by chunk instead of copying the whole buffer (possibly twice with encodings), reducing peak memory consumption considerably. - A new API function xmlCtxtSetMaxAmplification was added to allow parsing of files that would otherwise trigger the billion laughs protection. - Several bugs in the regex determinism checks were fixed. Invalid XML Schemas which previous versions erroneously accepted will now be rejected. * Deprecations - globals: Deprecate xmlLastError - parser: Deprecate global parser options - win32: Deprecate old Windows build system * Bug fixes - parser: Stop switching to ISO-8859-1 on encoding errors - parser: Support encoded external PEs in entity values - string: Fix UTF-8 validation in xmlGetUTF8Char - SAX2: Allow multiple top-level elements - parser: Update line number after coalescing text nodes - parser: Check for truncated multi-byte sequences * See the full changelog here: - https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.0 * Thu Nov 16 2023 Bjørn Lie - Update to version 2.11.6: * Regressions: - threads: Fix --with-thread-alloc - xinclude: Fix ‘last’ pointer in xmlXIncludeCopyNode * Bug fixes: parser: Fix potential use-after-free in xmlParseCharDataInternal * Mon Nov 13 2023 David Anes - Security fix: CVE-2023-45322 (bsc#1216129) * use-after-free in xmlUnlinkNode() in tree.c * Added file libxml2-CVE-2023-45322.patch * Mon Oct 23 2023 Daniel Garcia - Add python312.patch to make it compatible with python 3.12 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/226 - Use pyproject_wheel and pyproject_install macros instead of python_build, python_install * Mon Sep 4 2023 David Anes - Security fix: CVE-2023-39615 (bsc#1214768) * crafted xml can cause global buffer overflow * Added file libxml2-CVE-2023-39615.patch * Wed Aug 9 2023 Bjørn Lie - Update to version 2.11.5: + Regressions: - parser: Make xmlSwitchEncoding always skip the BOM - autotools: Improve iconv check + Bug fixes: - valid: Fix c1->parent pointer in xmlCopyDocElementContent - encoding: Always call ucnv_convertEx with flush set to false + Portability: autotools: fix Python module file ext for cygwin/msys2 + Tests: runtest: Fix compilation without LIBXML_HTML_ENABLED * Fri May 19 2023 Bjørn Lie - Update to version 2.11.4: + Fixes a serious regression: parser: Fix regression when push parsing UTF-8 sequences. * Thu May 11 2023 Bjørn Lie - Update to version 2.11.3: + xinclude: Fix false positives in inclusion loop detection. + autotools: Fix ICU detection. + parser: Fix "huge input lookup" error with push parser. + xpath: Fix build without LIBXML_XPATH_ENABLED. + hash: Fix possible startup crash with old libxslt versions. + autoconf: fix iconv library paths. * Fri May 5 2023 Bjørn Lie - Update to version 2.11.2: + Fix regressions: - threads: Fix startup crash with weak symbol hack - win32: Don’t depend on removed .def file - schemas: Fix memory leak in xmlSchemaValidateStream * Wed May 3 2023 David Anes - Rebased patches: * libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch * libxml2-python3-unicode-errors.patch - Update to 2.11.1: * Fixes build and ABI issues. - cmake: Fix va_copy detection (Luca Niccoli) - libxml.m4: Fix quoting - Link with --undefined-version - libxml2.syms: Revert removal of version information - Update to 2.11.0: * Major changes - Protection against entity expansion attacks, also known as "billion laughs" has been greatly improved. Malicious files should be detected reliably now and false positives should be reduced. It is possible though that large documents which make heavy use of entities are rejected now. - This release finally fixes symbol visibility on UNIX systems. Internal symbols will now be hidden. While these symbols were never declared in public headers, it was still possible to declare them manually. Now this won't work. - All symbol information has been removed from the ELF version script to fix link errors with --no-undefined-version. The version nodes are kept so it should still be possible to run binaries linked against older versions. - About 90 memory errors in code paths handling malloc failures have been fixed. While these issues shouldn't impact security, this improves robustness under memory pressure. - The XInclude engine has been reworked to properly support nested includes. - Several cases of quadratic behavior in the XML push parser have been fixed. - Refactoring has begun on some buffering and encoding code with the goal of simplifying this part of the code base and improving error reporting. * Other highlights: - Consolidated private header files. - Major rework of the autoconf build. - Deprecated several outdated and internal functions. * Security - Fix use-after-free in xmlParseContentInternal() (David Kilzer) - xmllint: Fix use-after-free with --maxmem - parser: Fix OOB read when formatting error message - entities: Rework entity amplification checks * See the full changelog at https://discourse.gnome.org/t/libxml2-2-11-0-released/15123 * Fri Apr 21 2023 David Anes - Remove unneeded dependency (bsc#1209918). * Tue Apr 11 2023 Bjørn Lie - Update to version 2.10.4: + Security: - [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings isn’t deterministic - [CVE-2023-28484, bsc#1210411] Fix null deref in xmlSchemaFixupComplexType - schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK + Regressions: - SAX2: Ignore namespaces in HTML documents - io: Fix “buffer full” error with certain buffer sizes * Wed Feb 1 2023 Dirk Müller - remove zlib-devel, pkgconfig(zlib) is sufficient * Mon Oct 31 2022 David Anes - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz * Fri Oct 14 2022 Bjørn Lie - Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304): + Security: - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE - Fix overflow check in SAX2.c + Build system: cmake: Set SOVERSION - Rebase patches with quilt. * Thu Sep 1 2022 Pedro Monreal - Build for now with --with-legacy to enable APIs that have been deprecated recently. (bsc#1202965) * Tue Aug 30 2022 Bjørn Lie - Update to version 2.10.2: * Improvements: + Remove set-but-unused variable in xmlXPathScanName + Silence -Warray-bounds warning * Build system + build: require automake-1.16.3 or later + Remove generated files from distribution * Test suite: Don't create missing.xml when running testapi - Add configure --with-python=%%{__python3} inbefore python build, as upstream no longer ships pre-grenerated files. - Use sed to fix env-script-interpreter in documentation example. - Pass with-ftp to configure, build ftp support. * Thu Aug 25 2022 Bjørn Lie - Update to version 2.10.1: * Regressions: Fix xmlCtxtReadDoc with encoding * Bug fixes: Fix HTML parser with threads and --without-legacy * Build system: + Fix build with Python 3.10 + cmake: Disable version script on macOS + Remove Makefile rule to build testapi.c * Documentation: + Switch back to HTML output for API documentation + Port doc/examples/index.py to Python 3 + Fix order of exports in libxml2-api.xml + Remove libxml2-refs.xml * Thu Aug 18 2022 David Anes - Update to 2.10.0: * Security + [CVE-2022-2309] Reset nsNr in xmlCtxtReset + Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer + Fix missing NUL terminators in xmlBuf and xmlBuffer functions + Fix integer overflow in xmlBufferDump() + xmlBufAvail() should return length without including a byte for NUL terminator + Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() + Use xmlNewDocText in xmlXIncludeCopyRange + Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser + Use UPDATE_COMPAT() consistently in buf.c + fix: xmlXPathParserContext could be double-delete in OOM case. * Removals and deprecations + Disable XPointer location support by default + Remove outdated xml2Conf.sh + Deprecate module init and cleanup functions + Remove obsolete XML Software Autoupdate (XSA) file + Remove DOCBparser + Remove obsolete Python test framework + Remove broken VxWorks support + Remove broken Mac OS 9 support + Remove broken bakefile support + Remove broken Visual Studio 2010 support + Remove broken Windows CE support + Deprecate IDREF-related functions in valid.h + Deprecate legacy functions + Disable legacy support by default + Deprecate all functions in nanoftp.h + Disable FTP support by default + Add XML_DEPRECATED macro + Remove elfgcchack.h * Regressions + Skip incorrectly opened HTML comments + Restore behavior of htmlDocContentDumpFormatOutput() * Bug fixes + Fix memory leak with invalid XSD + Make XPath depth check work with recursive invocations + Fix memory leak in xmlLoadEntityContent error path + Avoid double-free if malloc fails in inputPush + Properly fold whitespace around the QName value when validating an XSD schema. + Add whitespace folding for some atomic data types that it's missing on. + Don't add IDs containing unexpanded entity references * Improvements + Avoid calling xmlSetTreeDoc + Simplify xmlFreeNode + Don't reset nsDef when changing node content + Fix unintended fall-through in xmlNodeAddContentLen + Remove unused xmlBuf functions + Implement xpath1() XPointer scheme + Add configuration flag for XPointer locations support + Fix compiler warnings in Python code + Mark more static data as `const` + Make xmlStaticCopyNode non-recursive + Clean up encoding switching code + Simplify recursive pthread mutex + Use non-recursive mutex in dict.c + Fix parser progress checks + Avoid arithmetic on freed pointers + Improve buffer allocation scheme + Remove unneeded #includes + Add support for some non-standard escapes in regular expressions. + htmlParseComment: handle abruptly-closed comments + Add let variable tag support + Add value-of tag support + Remove useless call to xmlRelaxNGCleanupTypes + Don't include ICU headers in public headers + Update `xmlStrlen()` to use POSIX / ISO C `strlen()` + Fix unused variable warnings with disabled features + Only warn on invalid redeclarations of predefined entities + Remove unneeded code in xmlreader.c + Rework validation context flags * Portability + Use NAN/INFINITY if available to init XPath NaN/Inf + Fix Python tests on macOS + Fix xmlCleanupThreads on Windows + Fix reinitialization of library on Windows + Don't mix declarations and code in runtest.c + Use portable python shebangs + Use critical sections as mutex on Windows + Don't set HAVE_WIN32_THREADS in win32config.h + Use stdint.h with newer MSVC + Remove cruft from win32config.h + Remove isinf/isnan emulation in win32config.h + Always fopen files with "rb" + Remove __DJGPP__ checks + Remove useless __CYGWIN__ checks * Build system + Don't autogenerate doc/examples/Makefile.am + cmake: Install libxml.m4 on UNIX-like platforms + cmake: Use symbol versioning on UNIX-like platforms + Port genUnicode.py to Python 3 + Port gentest.py to Python 3 + cmake: Fix build without thread support + cmake: Install documentation in CMAKE_INSTALL_DOCDIR + cmake: Remove non needed files in docs dir + configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set + Move local Autoconf macros into m4 directory + Use XML_PRIVATE_LIBS in libxml2_la_LIBADD + Update libxml-2.0-uninstalled.pc.in + Remove LIBS from XML_PRIVATE_LIBS + Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS + Don't overlink executables + cmake: Adjust paths for UNIX or UNIX-like target systems + build: Make use of variables in libxml's pkg-config file + Avoid obsolescent `test -a` constructs + Move AM_MAINTAINER_MODE to AM section + configure.ac: make AM_SILENT_RULES([yes]) unconditional + Streamline documentation installation + Don't try to recreate COPYING symlink + Detect libm using libtool's macros + configure.ac: disable static libraries by default + python/Makefile.am: nest python docs in $(docdir) + python/Makefile.am: rely on global AM_INIT_AUTOMAKE + Makefile.am: install examples more idiomatically + configure.ac: remove useless AC_SUBST + Respect `--sysconfdir` in source files + Ignore configure backup file created by recent autoreconf too + Only install *.html and *.c example files + Remove --with-html-dir option + Rework documentation build system + Remove old website + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings + Update genChRanges.py + Update build_glob.py + Remove ICONV_CONST test + Remove obsolete AC_HEADER checks + Don't check for standard C89 library functions + Don't check for standard C89 headers + Remove special configuration for certain maintainers * Test suite, CI + Disable network in API tests + testapi: remove leading slash from "/missing.xml" + Build Autotools CI tests out of source tree (VPATH) + Add --with-minimum build to CI tests + Fix warnings when testing --with-minimum build + cmake: Run all tests when threads are disabled + Also build CI tests with -Werror + Move doc/examples tests to new test suite + Simplify 'make check' targets + Fix schemas and relaxng tests + Remove unused result files + Allow missing result files in runtest + Move regexp tests to runtest + Move SVG tests to runtest.c + Move testModule to new test suite + Move testThreads to new test suite + Remove major parts of old test suite + Make testchar return an error on failure + Add CI job for static build + python/tests: open() relative to test scripts + Port some test scripts to Python 3 * Documentation + Improve documentation of tree manipulation API + Update xml2-config man page + Consolidate man pages + Rename xmlcatalog_man.xml + Make examples a standalone HTML page + Fix documentation in entities.c + Add note about optimization flags * Mon May 2 2022 David Anes - Update to 2.9.14: * Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent * Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex * Improvements: + Fix recovery from invalid HTML start tags * Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build * Fri Mar 18 2022 Dominique Leuenberger - Build python bindings in a 2nd run, using multibuild: otherwise, libxml2 requires pkgconfig(libxml-2.0) to build, causing issues to bootstrap. * Tue Mar 8 2022 Luciano Santos - Update to version 2.9.13: * Security fixes: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes (boo#1196490); + Several memory leaks and another issues. * Many regressions fixes. * Numerous bug fixes, including, among many others: + xmllint's --maxmem option should work as expected now; + xmllint now returns an error if arguments are missing. * Numerous tests and code and fuzzing fixes and improvements. * Updated documentation. - The full Libxml2 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxml2/2.9/\ libxml2-2.9.13.news. - Replace version-release macros in all 3 Obsoletes tag with plain 2.9.13 to avoid unwanted behaviors in the future. - Remove dropped upstream AUTHORS file from list of files to be installed in the documentation location with 'cp' command. - Update http://xmlsoft.org URL tag to Libxml2's new web home: https://gitlab.gnome.org/GNOME/libxml2. - Update ftp://xmlsoft.org Source tag to Libxml2's new download host: https://download.gnome.org. - Drop deprecated Python-2-related macro definitions/conditional statement from spec file. - Drop merged upstream patches: libxml2-fix-lxml-corrupted-subtree-structures.patch; libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch. - Drop libxml2.keyring source file as the new download host doesn't offer GPG signatures. - Use ldconfig_scriptlets macro for post(un) handling. * Wed Oct 20 2021 Matej Cepl - Rewrite package to the single-spec %%python_subpackage_only style and eliminate unnecessary multibuild. * Tue Jun 1 2021 Pedro Monreal - Fix python-lxml regression with libxml2 2.9.12: * Work around lxml API abuse: gitlab.gnome.org/GNOME/libxml2/issues/255 - Add upstream patches: * libxml2-fix-lxml-corrupted-subtree-structures.patch * libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch * Tue Jun 1 2021 Ferdinand Thiessen - Update to version 2.9.12 * Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879), CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928) * Fix null deref in legacy SAX1 parser * Fix handling of unexpected EOF in xmlParseContent * Fix user-after-free * Validate UTF8 in xmlEncodeEntities * Fix memory leak in xmlParseElementMixedContentDecl * Fix integer overflow in xmlSchemaGetParticleTotalRangeMin * Fix SEGV in xmlSAXParseFileWithData * Don't process siblings of root in xmlXIncludeProcess * Full changes: http://xmlsoft.org/news.html - Drop upstream fixed * libxml2-CVE-2021-3541.patch * libxml2-CVE-2021-3537.patch * libxml2-CVE-2021-3518.patch * libxml2-CVE-2021-3517.patch * libxml2-CVE-2021-3516.patch * libxml2-CVE-2020-7595.patch * libxml2-CVE-2019-20388.patch * libxml2-CVE-2020-24977.patch * libxml2-CVE-2019-19956.patch * libxml2-python39.patch * libxml2-Avoid-quadratic-checking-of-identity-constraints.patch - Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch - Drop since 2.8.0 merged fix-perl.diff - Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch * Wed May 19 2021 Pedro Monreal - Security fix: [bsc#1186015, CVE-2021-3541] * Exponential entity expansion attack bypasses all existing protection mechanisms. - Add libxml2-CVE-2021-3541.patch * Mon May 10 2021 Pedro Monreal - Security fix: [bsc#1185698, CVE-2021-3537] * NULL pointer dereference in valid.c:xmlValidBuildAContentModel * Add libxml2-CVE-2021-3537.patch * Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185408, CVE-2021-3518] * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() * Add libxml2-CVE-2021-3518.patch * Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185410, CVE-2021-3517] * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3517.patch * Wed Apr 28 2021 Pedro Monreal - Security fix: [bsc#1185409, CVE-2021-3516] * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3516.patch * Tue Feb 23 2021 Teemu Mannermaa - Fails to build against Python 3.9: * Add upstream commit that fixes the issue https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1 - Add patch libxml2-python39.patch * Thu Dec 17 2020 Pedro Monreal - Security fix: [bsc#1161521, CVE-2019-20388] * Memory leak in xmlSchemaPreRun in xmlschemas.c - Add libxml2-CVE-2019-20388.patch * Wed Nov 25 2020 Pedro Monreal - Avoid quadratic checking of identity-constraints: [bsc#1178823] * key/unique/keyref schema attributes currently use qudratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. - Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch * Fri Oct 23 2020 Benjamin Greiner - Make python subpackage ready for multiple python3 flavors gh#openSUSE/python-rpm-macros#66 * Mon Sep 7 2020 Pedro Monreal - Security fix: [bsc#1176179, CVE-2020-24977] * xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal - Add patch libxml2-CVE-2020-24977.patch * Wed May 27 2020 Pedro Monreal Gonzalez - Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021] - Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549 * Add patch libxml2-CVE-2019-19956.patch * Mon Mar 16 2020 Pedro Monreal Gonzalez - Security fix: [bsc#1161517, CVE-2020-7595] * xmlStringLenDecodeEntities in parser.c has an infinite loop in a certain end-of-file situation - Add libxml2-CVE-2020-7595.patch * Mon Mar 16 2020 Tomáš Chvátal - Do not pull in the non-python deps on the python build * Sat Mar 14 2020 Tomáš Chvátal - Revert the previous change and use multibuild to determine supported flavors. We need to be able to enable/disable pythons in prjconf and multibuild directly clashes with that. * Sun Dec 15 2019 Stefan Brüns - Build python2 and python3 bindings in separate flavors. As python3-libxml2 is a dependency of e.g. itstools and thus many other packages these packages no longer have a build dependency on python2. Breaks a build loop for python2. * Thu Nov 28 2019 Pedro Monreal Gonzalez - Since libxml2-2.9.10 perl-XML-LibXSLT fails to build: [bsc#1157450] * Revert upstream commit to make xmlFreeNodeList non-recursive https://github.com/GNOME/libxml2/commit/0762c9b69ba01628f72eada1c64ff3d361fb5716 - Add patch libxml2-xmlFreeNodeList-recursive.patch * Fri Nov 15 2019 Pedro Monreal Gonzalez - Version update to 2.9.10: * Portability: + Fix exponent digits when running tests under old MSVC + Work around buggy ceil() function on AIX + Don't call printf with NULL string in runtest.c + Switched from unsigned long to ptrdiff_t in parser.c + timsort.h: support older GCCs + Make configure.ac work with older pkg-config * Bug Fixes: + Fix for conditional sections at end of document + Make sure that Python tests exit with error code + Audit memory error handling in xpath.c + Fix error code in xmlTextWriterStartDocument + Fix integer overflow when counting written bytes + Fix uninitialized memory access in HTML parser + Fix memory leak in xmlSchemaValAtomicType + Disallow conditional sections in internal subset + Fix use-after-free in xmlTextReaderFreeNodeList + Fix Regextests + Fix empty branch in regex + Fix integer overflow in entity recursion check + Don't read external entities or XIncludes from stdin + Fix Schema determinism check of ##other namespaces + Fix potential null deref in xmlSchemaIDCFillNodeTables + Fix potential memory leak in xmlBufBackToBuffer + Fix error message when processing XIncludes with fallbacks + Fix memory leak in xmlRegEpxFromParse + 14:00 is a valid timezone for xs:dateTime + Fix memory leak in xmlParseBalancedChunkMemoryRecover + Fix potential null deref in xmlRelaxNGParsePatterns + Misleading error message with xs:{min|max}Inclusive + Fix memory leak in xmlXIncludeLoadTxt + Partial fix for comparison of xs:durations + Fix null deref in xmlreader buffer + Fix unability to RelaxNG-validate grammar with choice-based name class + Fix unability to validate ambiguously constructed interleave for RelaxNG + Fix possible null dereference in xmlXPathIdFunction + fix memory leak in xmlAllocOutputBuffer + Fix unsigned int overflow + dict.h: gcc 2.95 doesn't allow multiple storage classes + Fix another code path in xmlParseQName + Make sure that xmlParseQName returns NULL in error case + Fix build without reader but with pattern + Fix memory leak in xmlAllocOutputBufferInternal error path + Fix unsigned integer overflow + Fix return value of xmlOutputBufferWrite + Fix parser termination from "Double hyphen within comment" error + Fix call stack overflow in xmlFreePattern + Fix null deref in previous commit + Fix memory leaks in xmlXPathParseNameComplex error paths + Check for integer overflow in xmlXPtrEvalChildSeq + Fix xmllint dump of XPath namespace nodes + Fix float casts in xmlXPathSubstringFunction + Fix null deref in xmlregexp error path + Fix null pointer dereference in xmlTextReaderReadOuterXml + Fix memory leaks in xmlParseStartTag2 error paths + Fix memory leak in xmlSAX2StartElement + Fix commit "Memory leak in xmlFreeID (xmlreader.c)" + Fix NULL pointer deref in xmlTextReaderValidateEntity + Memory leak in xmlFreeTextReader + Memory leak in xmlFreeID (xmlreader.c) * Improvements: + Propagate memory errors in valuePush + Propagate memory errors in xmlXPathCompExprAdd + Make xmlFreeDocElementContent non-recursive + Avoid ignored attribute warnings under GCC + Make xmlDumpElementContent non-recursive + Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE + Mark xmlExp* symbols as removed + Make xmlParseConditionalSections non-recursive + Adjust expected error in Python tests + Make xmlTextReaderFreeNodeList non-recursive + Make xmlFreeNodeList non-recursive + Make xmlParseContent and xmlParseElement non-recursive + Remove executable bit from non-executable files + Fix expected output of test/schemas/any4 + Optimize build instructions in README + xml2-config.in: Output CFLAGS and LIBS on the same line + xml2-config: Add a --dynamic switch to print only shared libraries + Annotate functions with __attribute__((no_sanitize)) + Fix warnings when compiling without reader or push parser + Remove unused member `doc` in xmlSaveCtxt + Limit recursion depth in xmlXPathCompOpEvalPredicate + Remove -Wno-array-bounds + Remove unreachable code in xmlXPathCountFunction + Improve XPath predicate and filter evaluation + Limit recursion depth in xmlXPathOptimizeExpression + Disable hash randomization when fuzzing + Optional recursion limit when parsing XPath expressions + Optional recursion limit when evaluating XPath expressions + Use break statements in xmlXPathCompOpEval + Optional XPath operation limit + Fix compilation with --with-minimum + Check XPath stack after calling functions + Remove debug printf in xmlreader.c + Always define LIBXML_THREAD_ENABLED when enabled + Fix unused function warning in testapi.c + Remove unneeded function pointer casts + Fix -Wcast-function-type warnings (GCC 8) + Fix -Wformat-truncation warnings (GCC 8) * Cleanups: + Rebuild docs + Disable xmlExp regex code + Remove redundant code in xmlRelaxNGValidateState + Remove redundant code in xmlXPathCompRelationalExpr - Rebase patch fix-perl.diff * Mon Sep 9 2019 Tomáš Chvátal - Do not depend on setuptools to keep the depgraph small and avoid build cycles * Fri Aug 2 2019 Tomáš Chvátal - Use python[23]-libmxl2 as python names not python-libxml2-python which is kinda confusing * Thu Aug 1 2019 Tomáš Chvátal - Do not ship libtool archive anymore * Wed Jul 31 2019 Pedro Monreal Gonzalez - Enable tests also in the python subpackages * Thu Jul 4 2019 Pedro Monreal Gonzalez - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files [bsc#1135123] * Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch * Mon Feb 25 2019 Pedro Monreal Gonzalez - Merge python-libxml2-python spec and changes files into the libxml2 ones using _multibuild [bsc#1126499, bsc#1123919] * Sat Jan 26 2019 mgorse@suse.com - Version update to 2.9.9: * Security: + CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (boo#1088279 boo#1105166). + CVE-2018-14404 Fix nullptr deref with XPath logic ops (boo#1102046). * Bug fixes: + Fix building relative URIs + Problem with data in interleave in RelaxNG validation + Fix memory leak in xmlSwitchInputEncodingInt error path + Set doc on element obtained from freeElems + Fix HTML serialization with UTF-8 encoding + Use actual doc in xmlTextReaderRead*Xml + Unlink node before freeing it in xmlSAX2StartElement + Check return value of nodePush in xmlSAX2StartElement + Free input buffer in xmlHaltParser + Reset HTML parser input pointers on encoding failure + Fix xmlSchemaValidCtxtPtr reuse memory leak + Fix xmlTextReaderNext with preparsed document + HTML noscript should not close p + Don't change context node in xmlXPathRoot * Improvements: + Remove redefined starts and defines inside include elements + Allow choice within choice in nameClass in RELAX NG + Look inside divs for starts and defines inside include + Add newlines to 'xmllint --xpath' output + Don't include SAX.h from globals.h + Support xmlTextReaderNextSibling w/o preparsed doc + Improve restoring of context size and position + Simplify and harden nodeset filtering + Avoid unnecessary backups of the context node + Fix inconsistency in xmlXPathIsInf - Add libxml2-python3-string-null-check.patch: fix NULL pointer dereference when parsing invalid data (bsc#1065270 glgo#libxml2!15).). * Tue Mar 20 2018 kukuk@suse.de - Use %%license instead of %%doc [bsc#1082318] * Wed Mar 14 2018 tchvatal@suse.com - Version update to 2.9.8: * Various -Werror fixes and compilation updates as travis is now used by upstream * Few additional tests added for ICU operations - Drop patch python3.6-verify_fd.patch merged upstream * Sat Nov 11 2017 aavindraa@gmail.com - Version update to 2.9.7 release: * Bug Fixes: + xmlcatalog: restore ability to query system catalog easily + Fix comparison of nodesets to strings * Improvements: + Add Makefile rules to rebuild HTML man pages + Remove generated file python/setup.py from version control + Fix mixed decls and code in timsort.h + Rework handling of return values in thread tests + Fix unused variable warnings in testrecurse + Fix -Wimplicit-fallthrough warnings + Upgrade timsort.h to latest revision + Fix a couple of warnings in dict.c and threads.c + Fix unused variable warnings in nanohttp.c + Don't include winsock2.h in xmllint.c + Use __linux__ macro in generated code * Portability: + Add declaration for DllMain + Fix preprocessor conditional in threads.h + Fix macro redefinition warning + many Windows specific improvements * Documentation: + xmlcatalog: refresh man page wrt. quering system catalog easily - Includes bug fixes from 2.9.6: * Fix XPath stack frame logic * Report undefined XPath variable error message * Fix regression with librsvg * Handle more invalid entity values in recovery mode * Fix structured validation errors * Fix memory leak in LZMA decompressor * Set memory limit for LZMA decompression * Handle illegal entity values in recovery mode * Fix debug dump of streaming XPath expressions * Fix memory leak in nanoftp * Fix memory leaks in SAX1 parser - Drop libxml2-bug787941.patch * upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8 * Sat Nov 11 2017 aavindraa@gmail.com - clean with spec-cleaner * Thu Oct 26 2017 jmatejek@suse.com - libxml2-python3-unicode-errors.patch: work around an issue with libxml2 supplied error strings being undecodable UTF-8 (bsc#1065270) * Mon Oct 2 2017 jmatejek@suse.com - convert to singlespec, build a python 3 version - change build instructions to use setup.py (and %%python_build macros) instead of makefile-based approach - add python3.6-verify_fd.patch that fixes libxml2 on python 3.6 - rename to python-libxml2-python to conform to package naming policy (PyPI name is "libxml2-python") * Thu Sep 21 2017 jengelh@inai.de - Update package summaries and RPM groups. Trim descriptions for size on secondary subpackages. Replace install call by a commonly-used macro. * Thu Sep 21 2017 tchvatal@suse.com - Add patch to fix TW integration: * libxml2-bug787941.patch * Sun Sep 10 2017 tchvatal@suse.com - Version update to 2.9.5 release: * Merged all the previous cve fixes that were patched in * Few small tweaks - Remove merged patches: * libxml2-CVE-2016-4658.patch * libxml2-CVE-2017-0663.patch * libxml2-CVE-2017-5969.patch * libxml2-CVE-2017-9047.patch * libxml2-CVE-2017-9048.patch * libxml2-CVE-2017-9049.patch * libxml2-2.9.4-fix_attribute_decoding.patch * Thu Jun 15 2017 pmonrealgonzalez@suse.com - Security fix: * libxml2-CVE-2017-0663.patch [bsc#1044337, CVE-2017-0663] * Fix Heap buffer overflow in xmlAddID * Wed Jun 14 2017 pmonrealgonzalez@suse.com - Security fix: * libxml2-CVE-2017-5969.patch [bsc#1024989, CVE-2017-5969] * Fix NULL pointer deref in xmlDumpElementContent * Mon May 22 2017 pmonrealgonzalez@suse.com - Security fixes: * libxml2-CVE-2017-9049.patch [bsc#1039066] * heap-based buffer overflow (xmlDictComputeFastKey func) * libxml2-CVE-2017-9048.patch [bsc#1039063] * stack overflow vulnerability (xmlSnprintfElementContent func) * libxml2-CVE-2017-9047.patch [bsc#1039064] * stack overflow vulnerability (xmlSnprintfElementContent func) * Tue Mar 7 2017 pmonrealgonzalez@suse.com - Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in XPointer ranges. Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges [bsc#1005544] [CVE-2016-4658] * Wed Jun 8 2016 kstreitova@suse.com - add libxml2-2.9.4-fix_attribute_decoding.patch to fix attribute decoding during XML schema validation [bnc#983288] * Fri May 27 2016 psimons@suse.com - Update libxml2 to version libxml2-2.9.4. The new version is resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835, CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838, CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and CVE-2016-1762. - Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch, 0001-Add-missing-increments-of-recursion-depth-counter-to.patch, and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch. * Fri May 20 2016 kstreitova@suse.com - add libxml2-2.9.3-bogus_UTF-8_encoding_error.patch to fix XML push parser that fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer [bnc#962796] * Tue May 3 2016 sflees@suse.de - Add libxml2-2.9.1-CVE-2016-3627.patch to fix stack exhaustion while parsing certain XML files in recovery mode (CVE-2016-3627, bnc#972335). - Add 0001-Add-missing-increments-of-recursion-depth-counter-to.patch to improve protection against Billion Laughs Attack (bnc#975947). * Tue Nov 24 2015 rpm@fthiessen.de - Update to new upstream release 2.9.3 (bsc#954429): * Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, CVE-2015-1819, CVE-2015-7497, CVE-2015-7498, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500 and CVE-2015-8242 * And other bugfixes - Removed upstream fixed patches: * libxml2-dont_initialize_catalog.patch * 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch * 0002-Adding-example-from-bugs-738805-to-regression-tests.patch * Mon Nov 3 2014 vcizek@suse.com - fix a missing entities after CVE-2014-3660 fix (https://bugzilla.gnome.org/show_bug.cgi?id=738805) * added patches: 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch 0002-Adding-example-from-bugs-738805-to-regression-tests.patch * Mon Nov 3 2014 vcizek@suse.com - fix a regression in libxml2 2.9.2 * https://bugzilla.redhat.com/show_bug.cgi?id=1153753 - add libxml2-dont_initialize_catalog.patch * Fri Oct 31 2014 vcizek@suse.com - update to 2.9.2 * drop libxml2-CVE-2014-3660.patch (upstream) * add keyring to verify tarball Security: Fix for CVE-2014-3660 billion laugh variant CVE-2014-0191 Do not fetch external parameter entities Improvements: win32/libxml2.def.src after rebuild in doc elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode Provide cmake module Fix a couple of issues raised by make dist Fix and add const qualifiers Preparing for upcoming release of 2.9.2 Fix zlib and lzma libraries check via command line wrong error column in structured error when parsing end tag doc/news.html: small update to avoid line join while generating NEWS. Add methods for python3 iterator Support element node traversal in document fragments xmlNodeSetName: Allow setting the name to a substring of the currently set name Added macros for argument casts adding init calls to xml and html Read parsing entry points Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c Implement choice for name classes on attributes Two small namespace tweaks xmllint --memory should fail on empty files Cast encoding name to char pointer to match arg type * Fri Oct 17 2014 vcizek@suse.com - fix for CVE-2014-3660 (bnc#901546) * denial of service via recursive entity expansion (related to billion laughs) * added libxml2-CVE-2014-3660.patch * Mon Aug 18 2014 fcrozat@suse.com - Add obsoletes/provides to baselibs.conf. * Thu Jun 5 2014 vcizek@suse.com - temporarily reverting libxml2-CVE-2014-0191.patch until there is a fix that doesn't break other applications * Fri May 23 2014 vcizek@suse.com - fix for CVE-2014-0191 (bnc#876652) * libxml2: external parameter entity loaded when entity substitution is disabled * added libxml2-CVE-2014-0191.patch * Fri Aug 2 2013 vcizek@suse.com - update to 2.9.1 dropped patches (in upstream): * libxml2-2.9.0-CVE-2012-5134.patch * libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch * libxml2-CVE-2013-1969.patch New features: * Support for Python3 * Add xmlXPathSetContextNode and xmlXPathNodeEval * Sun Jul 7 2013 coolo@suse.com - buildignore python to avoid build cycle * Thu Apr 18 2013 vcizek@suse.com - fix for CVE-2013-1969 (bnc#815665) * libxml2-CVE-2013-1969.patch * Thu Mar 7 2013 vcizek@suse.com - fix for CVE-2013-0338 (bnc#805233) libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch * Sat Dec 15 2012 p.drouand@gmail.com - update to 2.9.0 version: * please see the Changelog - Updated patchs to get working with new version: * libxml2-2.9.0-CVE-2012-5134.patch ( libxml2-CVE-2012-5134.patch ) * fix-perl.diff * Fri Dec 7 2012 vcizek@suse.com - Add libxml2-CVE-2012-5134.patch to fix CVE-2012-5134 (bnc#793334) * Sun Sep 23 2012 dimstar@opensuse.org - Add a comment next to libxml2.la to make sure that anybody removing it knows why it's there and reconsiders. * Sun Sep 23 2012 coolo@suse.com - readd .la file, python-libxml2 needs it * Fri Sep 21 2012 jengelh@inai.de - Remove .la files; make sure installation succeeds for Fedora_17 target * Tue Jun 12 2012 chris@computersalat.de - update to 2.8.0 * please see ChangeLog for more info - remove obsolete bigendian64 patch - rebase fix-perl patch * Sun Mar 11 2012 jengelh@medozas.de - libxml2-2 should not require libxml2-tools. There is no trouble expected, since attempting to install libxml2 will already pull in libxml2-tools due to Provides tags. * Mon Mar 5 2012 coolo@suse.com - revert the two commits that broke perl-XML-LibXML's test case, I hope the two upstreams will figure it out * Fri Mar 2 2012 coolo@suse.com - update to git to fix some issues * Fix a logic error in Schemas Component ConstraintsHEADmaster * Fix a wrong enum type use in Schemas Types * Thu Mar 1 2012 meissner@suse.de - fixed a 64bit big endian bug in the file reader. * Sat Feb 25 2012 coolo@suse.com - the fallout of requiring libxml2-tools as explicit buildrequire is just too large, so avoid it for now and create a cycle between libxml2-2 and libxml2-tools * Sat Feb 25 2012 coolo@suse.com - fix version * Sat Feb 25 2012 coolo@suse.com - add provide for the old name to fix packages with explicit library dependency * Thu Feb 23 2012 coolo@suse.com - renamed to python-libxml2 to follow python naming expectations - do not require python but let rpm figure it out * Thu Feb 23 2012 coolo@suse.com - update to today's GIT snapshot: include XZ support - split libxml2-2 according to shared library policy * Mon Dec 26 2011 jengelh@medozas.de - Remove redundant tags/sections * Wed Dec 21 2011 coolo@suse.com - add autoconf as buildrequire to avoid implicit dependency * Tue Dec 20 2011 coolo@suse.com - own aclocal directory, there is no other reason to buildrequire automake * Fri Jul 8 2011 saschpe@suse.de - update to libxml-2.7.8+git20110708 - several important bugfixes - drop upstreamed patches: * libxml2-CVE-2010-4494.patch * libxml2-CVE-2011-1944.patch * noxref.patch * symbol-versioning.patch * Wed Jun 29 2011 puzel@novell.com - add libxml2-CVE-2011-1944.patch (bnc#697372) * Sun Jun 5 2011 cshorler@googlemail.com - add symbol-versioning.patch to restore 11.3 versioned symbols * Mon Jan 3 2011 puzel@novell.com - add libxml2-CVE-2010-4494.patch (bnc#661471) * Mon Dec 6 2010 coolo@novell.com - buildrequire python-xml to fix build * Fri Dec 3 2010 puzel@novell.com - update to libxml-2.7.8 - number of bufixes, documentation and portability fixes - update language ID parser to RFC 5646 - sort python generated stubs - add an HTML parser option to avoid a default doctype - see http://xmlsoft.org/news.html for exact details - drop libxml2-xpath-ns-attr-axis.patch (in upstream) - clean up specfile * Mon Nov 1 2010 puzel@novell.com - add libxml2-xpath-ns-attr-axis.patch (bnc#648277) * Sat Oct 30 2010 cristian.rodriguez@opensuse.org - Use --disable-static * Mon Sep 20 2010 puzel@novell.com - drop libxml2-largefile64.patch (revert last change) - the issue is fixed in zlib * Fri Sep 17 2010 puzel@novell.com - add libxml2-largefile64.patch (fixes build) - debian bug#439843 * Wed Jul 14 2010 jw@novell.com - added noxref.patch, this implements a new --noxref option, which turns validation errors about missing xrefs into warnings. Upstreamed as https://bugzilla.gnome.org/show_bug.cgi?id=624386 * Sat Apr 24 2010 coolo@novell.com - buildrequire pkg-config to fix provides * Wed Apr 7 2010 coolo@novell.com - fix build * Tue Mar 23 2010 mrdocs@opensuse.org - update to 2.7.7 - add extra options to ./configure for scribus features and avoid a crash - updates from 2.7.3 > 2.7.7 include a number of portability, correctness memory leaks and build fixes including some CVE - see http://xmlsoft.org/news.html for exact details * Mon Feb 22 2010 mrdocs@opensuse.org - add sax parser option compiled in * Tue Dec 15 2009 jengelh@medozas.de - enable parallel building * Mon Dec 14 2009 jengelh@medozas.de - add baselibs.conf as a source - package documentation as noarch * Sun Aug 2 2009 jansimon.moeller@opensuse.org - Disable the check for ARM as qemu-arm can't keep up atm. * Thu Mar 19 2009 prusnak@suse.cz - updated to 2.7.2 * Portability fix: fix solaris compilation problem, fix compilation if XPath is not configured in * Bug fixes: nasty entity bug introduced in 2.7.0, restore old behaviour when saving an HTML doc with an xml dump function, HTML UTF-8 parsing bug, fix reader custom error handlers (Riccardo Scussat) * Improvement: xmlSave options for more flexibility to save as XML/HTML/XHTML, handle leading BOM in HTML documents - updated to 2.7.3 * Build fix: fix build when HTML support is not included. * Bug fixes: avoid memory overflow in gigantic text nodes, indentation problem on the writed (Rob Richards), xmlAddChildList pointer problem (Rob Richards and Kevin Milburn), xmlAddChild problem with attribute (Rob Richards and Kris Breuker), avoid a memory leak in an edge case (Daniel Zimmermann), deallocate some pthread data (Alex Ott). * Improvements: configure option to avoid rebuilding docs (Adrian Bunk), limit text nodes to 10MB max by default, add element traversal APIs, add a parser option to enable pre 2.7 SAX behavior (Rob Richards), add gcc malloc checking (Marcus Meissner), add gcc printf like functions parameters checking (Marcus Meissner). - dropped obsoleted patches: * alloc_size.patch (mainline) * CVE-2008-4225.patch (mainline) * CVE-2008-4226.patch (mainline) * CVE-2008-4409.patch (mainline) * oldsax.patch (mainline) * pritnf.patch (mainline) * xmlsave.patch (mainline) * Mon Jan 12 2009 prusnak@suse.cz - added oldsax.patch to enable pre 2.7.0 sax behaviour [bnc#457056] * Wed Dec 10 2008 olh@suse.de - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293) * Tue Nov 25 2008 prusnak@suse.cz - fix broken xmlsave (xmlsave.patch) [bnc#437203] * Tue Nov 18 2008 prusnak@suse.cz - fixed CVE-2008-4225 [bnc#445677] * Thu Nov 6 2008 prusnak@suse.cz - fixed CVE-2008-4226 [bnc#441368] * Thu Oct 30 2008 olh@suse.de - obsolete old -XXbit packages (bnc#437293) * Mon Oct 6 2008 prusnak@suse.cz - fixed CVE-2008-4409 [bnc#432486] * Tue Sep 9 2008 meissner@suse.de - added GCC attribute alloc_size markup (alloc_size.patch) * Wed Sep 3 2008 prusnak@suse.cz - updated to 2.7.1 * Portability fix: Borland C fix (Moritz Both) * Bug fixes: python serialization wrappers, XPath QName corner case handking and leaks (Martin) * Improvement: extend the xmlSave to handle HTML documents and trees * Cleanup: python serialization wrappers * Wed Sep 3 2008 prusnak@suse.cz - updated to 2.7.0 * Documentation: switch ChangeLog to UTF-8, improve mutithreads and xmlParserCleanup docs * Portability fixes: Older Win32 platforms (Rob Richards), MSVC porting fix (Rob Richards), Mac OS X regression tests (Sven Herzberg), non GNUCC builds (Rob Richards), compilation on Haiku (Andreas Färber) * Bug fixes: various realloc problems (Ashwin), potential double-free (Ashwin), regexp crash, icrash with invalid whitespace facets (Rob Richards), pattern fix when streaming (William Brack), various XML parsing and validation fixes based on the W3C regression tests, reader tree skipping function fix (Ashwin), Schemas regexps escaping fix (Volker Grabsch), handling of entity push errors (Ashwin), fix a slowdown when encoder cant serialize characters on output * Code cleanup: compilation fix without the reader, without the output (Robert Schwebel), python whitespace (Martin), many space/tabs cleanups, serious cleanup of the entity handling code * Improvement: switch parser to XML-1.0 5th edition, add parsing flags for old versions, switch URI parsing to RFC 3986, add xmlSchemaValidCtxtGetParserCtxt (Holger Kaelberer), new hashing functions for dictionnaries (based on Stefan Behnel work), improve handling of misplaced html/head/body in HTML parser, better regression test tools and code coverage display, better algorithms to detect various versions of the billion laughts attacks, make arbitrary parser limits avoidable as a parser option - dropped obsoleted patches: * billion-laughs.patch (included in update) * Wed Aug 13 2008 prusnak@suse.cz - fixed billion laughs vulnerability (billion-laughs.patch) [bnc#415371] * Fri Apr 11 2008 prusnak@suse.cz - updated to 2.6.32 * Documentation: - returning heap memory to kernel (Wolfram Sang) - trying to clarify xmlCleanupParser() use - xmlXPathContext improvement (Jack Jansen) - improve the *Recover* functions documentation - XmlNodeType doc link fix (Martijn Arts) * Bug fixes: - internal subset memory leak (Ashwin) - avoid problem with paths starting with // (Petr Sumbera) - streaming XSD validation callback patches (Ashwin) - fix redirection on port other than 80 (William Brack) - SAX2 leak (Ashwin) - XInclude fragment of own document (Chris Ryan) - regexp bug with '.' (Andrew Tosh) - flush the writer at the end of the document (Alfred Mickautsch) - output I/O bug fix (William Brack) - writer CDATA output after a text node (Alex Khesin) - UTF-16 encoding detection (William Brack) - fix handling of empty CDATA nodes for Safari team - python binding problem with namespace nodes - improve HTML parsing (Arnold Hendriks) - regexp automata build bug - memory leak fix (Vasily Chekalkin) - XSD test crash - weird system parameter entity parsing problem - allow save to file:///X/ windows paths - various attribute normalisation problems - externalSubsetSplit fix (Ashwin) - attribute redefinition in the DTD (Ashwin) - fix in char ref parsing check (Alex Khesin) - many out of memory handling fixes (Ashwin) - XPath out of memory handling fixes (Alvaro Herrera) - various realloc problems (Ashwin) - UCS4 encoding conversion buffer size (Christian Fruth) - problems with EatName functions on memory errors - BOM handling in external parsed entities (Mark Rowe) * Code cleanup: - fix build under VS 2008 (David Wimsey) - remove useless mutex in xmlDict (Florent Guilian) - Mingw32 compilation fix (Carlo Bramini) - Win and MacOS EOL cleanups (Florent Guiliani) - iconv need a const detection (Roumen Petrov) - simplify xmlSetProp (Julien Charbon) - cross compilation fixes for Mingw (Roumen Petrov) - SCO Openserver build fix (Florent Guiliani) - iconv uses const on Win32 (Rob Richards) - duplicate code removal (Ashwin) - missing malloc test and error reports (Ashwin) - VMS makefile fix (Tycho Hilhorst) * improvements: - better plug of schematron in the normal error handling (Tobias Minich) * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support * Fri Mar 21 2008 vuntz@suse.de - Remove libxml2-2.6.31-gcc4.patch after discussion with upstream. I compiled the package on all architectures without the patch without any problem, and upstream doesn't see the point of the patch. * Thu Mar 13 2008 rodrigo@suse.de - Upstream and tag patches * Thu Jan 24 2008 prusnak@suse.cz - rename rpmlintrc-libxml2-python to libxml2-python-rpmlintrc :) * Tue Jan 22 2008 prusnak@suse.cz - build --without-python to allow compilation from src.rpm * Tue Jan 22 2008 prusnak@suse.cz - rename rpmlintrc to rpmlintrc-libxml2-python * Tue Jan 15 2008 prusnak@suse.cz - updated to 2.6.31 o security fix: * missing of checks in UTF-8 parsing o bug fixes: * regexp bug * dump attribute from XHTML document * fix xmlFree(NULL) to not crash in debug mode * Schematron parsing crash * XSD crash due to double free * indentation fix in xmlTextWriterFullEndElement * error in attribute type parsing if attribute redeclared * avoid crash in hash list scanner if deleting elements, column counter bug fix * HTML embed element saving fix * avoid -L/usr/lib output from xml2-config * avoid an xmllint crash * don't stop HTML parsing on out of range chars o code cleanup: * fix open() call third argument, * regexp cut'n paste copy error, * unused variable in __xmlGlobalInitMutexLock * some make distcheck realted fixes o improvements: * HTTP Header: includes port number * testURI --debug option - removed obsolete patches: * CVE-2007-6284.patch (included in update) * open_create.patch (included in update) * Fri Jan 11 2008 sbrabec@suse.cz - Split documentation into a separate packages. - Install devhelp documentation (#350918). - Follow upstream documentation structure. - Build again with strict aliasing. - Removed s390* work-arounds. New gcc builds it again with -O2. * Tue Dec 18 2007 prusnak@suse.cz - fix libxml2 DoS (CVE-2007-6284.patch) [#349151] * Tue Dec 4 2007 prusnak@suse.cz - fix call to open() where 3rd parameter is needed (open_create.patch) * Tue Sep 18 2007 sbrabec@suse.cz - Updated to version 2.6.30: * Portability: Solaris crash on error handling, windows path fixes, mingw build * Bugfixes: xmlXPathNodeSetSort problem, leak when reusing a writer for a new document, Schemas xsi:nil handling patch, relative URI build problem, crash in xmlDocFormatDump, invalid char in comment detection bug, fix disparity with xmlSAXUserParseMemory, automata generation for complex regexp counts problems, Schemas IDC import problems, xpath predicate evailation error handling * Thu Sep 13 2007 dmueller@suse.de - build on s390x * Tue Aug 28 2007 prusnak@suse.cz - applied some fixes from 2.6.30 to fix regression that prevents the documentation from updating to Beta2 [#300675] (up30.patch) * Mon Aug 20 2007 sbrabec@suse.cz - Commented out NoSource to provide comfortable rebuild. * Wed Jun 13 2007 prusnak@suse.cz - updated to 2.6.29: o bug fixes: * fixed xmlBufferAdd problem * regexp interpretation of '\' * XPath number serialization * nanohttp gzipped stream fix * uri bug * XPath string value of PI nodes * XPath node set sorting bugs * avoid outputting namespace decl dups in the writer * xmlCtxtReset bug * UTF-8 encoding error handling * recustion on next in catalogs * Relax-NG crash * invalid character in attribute detection bug o improved: * keep URI query parts in raw form * embed tag support in HTML - dropped obsolete patches: * pinode.patch (included in update) * Tue Jun 5 2007 prusnak@suse.cz - suppress spurious-executable-perm for test scripts using rpmlintrc * Thu May 31 2007 prusnak@suse.cz - moved tests to tests subdirectory in docdir - cleaned spec file * Thu May 31 2007 prusnak@suse.cz - fixed problem with xpath's string-value for a PI node with no content (pinode.path) [#278173] - cleaned spec file * Tue Apr 24 2007 prusnak@suse.cz - updated to 2.6.28: o bug fixes: * XPath memory leak, node comparison error * HTML parser autoclose stack usage * various regexp fixes * htmlCtxtReset fix * invalid char in text XInclude * fix the big string memory leak * fix whitespace usage * and many more ... see NEWS - dropped obsoleted patches: * null-retval.patch (included in update) * tabs-spaces.patch (included in update) * Mon Apr 2 2007 rguenther@suse.de - add zlib-devel BuildRequires * Thu Feb 22 2007 prusnak@suse.cz - fixed inconsistent use of tabs and spaces in indentation (tabs-spaces.patch) by Andreas Hanke [#246203] * Thu Jan 25 2007 prusnak@suse.cz - fixed crash on ENOMEM (null-retval.patch) [#215223] * Tue Jan 9 2007 sbrabec@suse.cz - gnomeprefix changed to /usr. - Removed obsolete PreReq. * Mon Dec 11 2006 ke@suse.de - 2.6.27; many improvements and bug fixes. For details, see the NEWS file. - Remove libxml2-xpath-1.318.patch (obsolete). * Tue Nov 28 2006 ke@suse.de - Do not install static Python module; reported by Andreas Hanke [#223696]. * Tue Oct 17 2006 ke@suse.de - Move manpage to devel subpackage; reported by Andreas Hanke [# 212441]. * Tue Aug 15 2006 ke@suse.de - Remove left-over SuSEconfig traces in %%files list. * Mon Aug 14 2006 ke@suse.de - Remove SuSEconfig related files completely. /etc/xml/catalog is now provided by the sgml-skel package. * Wed Jun 28 2006 ke@suse.de - Once the catalog is initialized, remove the SuSEconfig trigger file; reported by Stanislav Brabec [# 188885]. * Tue Jun 27 2006 ke@suse.de - Apply libxml2-xpath-1.318.patch from CVS: Do not return too many nodes. * Fri Jun 16 2006 ke@suse.de - 2.6.26; NEWS extract from http://xmlsoft.org/ : * Bug fixes: encoding buffer problem, mix of code and data in xmlIO.c, entities in XSD validation, various XSD validation fixes, memory leak in pattern, attribute with colon in name, XPath leak inerror reporting, XInclude text include of selfdocument. * Xpath optimizations. * Tue May 16 2006 ke@suse.de - 2.6.24; NEWS extract from http://xmlsoft.org/ : * Improvements: XML catalog debugging; update to Unicode 4.01. * Bug fixes: xmlParseChunk() problem in 2.6.23, xmlParseInNodeContext() on HTML docs, comment streaming bug xmlParseComment, regexp bug fixes, xmlGetNodePath on text/CDATA, one Relax-NG interleave bug, XSD bugfixes, etc. * Documentation: man pages updates and cleanups * New features: - Relax NG structure error handlers. - xmlDOMWrapReconcileNamespaces xmlDOMWrapCloneNode. - libxml2-python-whitespace.diff: Remove it, obsolete. * Fri Feb 17 2006 kukuk@suse.de - Don't install binaries in doc [#151897] * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Mon Jan 16 2006 ke@suse.de - libxml2-python-whitespace.diff: Fix inconsistent use of tabs and spaces in indentation in libxml2.py. Reported by Christoph Thiel; thanks to Jan Matejek [# 143082]. * Mon Jan 9 2006 ke@suse.de - Update to version 2.6.23; NEWS extract from http://xmlsoft.org/ : * Bug fixes (leaks, XPath, validation issue, etc.). * Improvements (XSD Schemas redefinitions/restrictions, node copy checks and fix for attribute, handle gzipped HTTP resources, etc.). * Documentation. * Wed Dec 21 2005 aj@suse.de - Package /usr/include/libxml in -devel package. * Fri Sep 16 2005 ke@suse.de - Update to version 2.6.22; NEWS from http://xmlsoft.org/ (extract since .21): * Bug fixes (too many to list here). * Improvements on interfaces for schemas and RNG error reports. * Optimization of the char data inner loop parsing. * More lax mode for the HTML parser. * XML Schemas improvements preparing for derive (Kasimier Buchcik). - libxml2-printf.patch: Adjust it. - xml-error-handling.patch: Obsolete. - Remove misleading link flag statement; thanks for advise to Dirk Mueller. * Tue Aug 9 2005 ke@suse.de - Add missing require statement; reported by Ludwig Nussel [# 95216]. * Thu Jul 28 2005 ke@suse.de - Fix error handling. Reported by Michael Radziej, apply fix from CVS as proposed by JP Rosevear [# 98487]. * Mon Jul 11 2005 ke@suse.de - Update to version 2.6.20; NEWS from http://xmlsoft.org/: * Major improvement in XSD Schemas. * XSD Schemas streaming support (SAX and Reader), flagged as somewhat experimental. * New DOM importing functions * Various build and bug fixes, including memory leaks; for details check the NEWS file. * Wed Apr 6 2005 meissner@suse.de - make build again on gcc >= 4, added parallel make. * Mon Apr 4 2005 ke@suse.de - Update to version 2.6.19; NEWS (extract since .18) from http://xmlsoft.org/: * Bugfixes: xmlSchemaElementDump namespace, push and xmlreader stopping on non-fatal errors, thread support for dictionnaries reference counting, internal subset and push problem, URL saved in xmlCopyDoc, various schemas bug fixes, Python paths fixup, xmlGetNodePath and namespaces, xmlSetNsProp fix, warning should not count as error, xmlCreatePushParser empty chunk, XInclude parser flags, xmlTextWriterStartAttributeNS fix, xmlWriter bugs, xmlSearchNsByHref fix, Python binding leak, aliasing bug exposed by gcc4 on s390, xmlTextReaderNext bug, Schemas decimal type fixes, xmlByteConsumed static buffer, schemas type decimal fixups, xmmlint return code, workaround "DAV:" namespace brokeness in c14n segfault in Schemas, Schemas attribute validation, Prop related functions and xmlNewNodeEatName, HTML serialization of name attribute on a elements, Python error handlers leaks and improvement, Relax-NG validation bug, xmlSAXParseDoc and xmlParseDoc signatures, switched back to assuming UTF-8 in case no encoding is given at serialization time. * improvement: speedup parsing comments and DTDs, dictionnary support for hash tables, Schemas Identity constraints, streaming XPath subset, xmlTextReaderReadString added, Schemas canonical values handling, add xmlTextReaderByteConsumed, add a --nodict mode to xsltproc to check problems for documents without dictionnaries. * Fri Apr 1 2005 meissner@suse.de - disable visibility hacks for gcc >= 4 * Mon Jan 24 2005 meissner@suse.de - specify printf format attributes to check for bad format string use. * Mon Jan 17 2005 ke@suse.de - Update to version 2.6.17; NEWS (extract) from http://xmlsoft.org/: * Bug fixes: xmlTextReaderHasAttributes, xmlCtxtReadFile() to use the catalog(s), loop on output, XPath memory leak, ID deallocation problem, xmlStopParser bug, UTF-16 with BOM on DTDs, namespace bug on empty elements in push mode, line and col computations fixups, xmlURIEscape fix, xmlXPathErr on bad range, patterns with too many steps, and more. * Improvements: XSD Schemas, python generator, xmlUTF8Strpos speedup, Python __str__ call serialize(), and more. * New APIs: Add xmlDictExists(), GetLineNumber and GetColumnNumber for the xmlReader, Dynamic Shared Libraries APIs, error extraction API from regexps, and new XMLSave option for format. * Documentation improvements. * Wed Nov 24 2004 mcihar@suse.cz - use rpm macros to build correcly with current python * Thu Nov 11 2004 ke@suse.de - Update to version 2.6.16; NEWS (extract) from http://xmlsoft.org/: * Important bug fix release, it also fixes main bugs raised against 2.6.15 and memory leaks found by automated testing of the API. * Documentation update. * Provide DTD validation APIs at the Python level. * Thu Oct 28 2004 ke@suse.de - Update to version 2.6.15; NEWS (extract) from http://xmlsoft.org/: * Security fixes on the nanoftp and nanohttp modules: http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0 * Bug fixes: HTML parser on broken ASCII chars in names, Python paths, xmlHasNsProp and default namespace, DTD lookup fix, save back in catalogs, tree build fixes, Schemas memory bug and another memory leak, xmlValidateDtd in the presence of an internal subset, entities and _private problem, xmlBuildRelativeURI error, and more. * Improvements: Better XInclude error reports, tree debugging module and tests, convenience functions at the Reader API, add support for PI in the HTML parser. * Thu Oct 7 2004 ke@suse.de - Update to version 2.6.14; NEWS since version 2.6.13: * Fix and cleanup XML schemas, UTF-8 issues, fix default namespace problem, encoding error could genrate a serialization loop, XInclude testing, Notation serialization, and other bugs. * Improveme schemas validity, added --path and --load-trace options to xmllint. * Enhance Python support. * Documentation: tutorial update. - Drop obsolete NS patch. * Tue Sep 7 2004 ke@suse.de - libxml2-default-ns.patch: Fix problem with namespaces; provided by William M. Brack [# 44214]. * Mon Aug 23 2004 ke@suse.de - Update to version 2.6.12; NEWS (extract) from http://xmlsoft.org/: * Better XSD Schemas support. * Python binding improvements * Enhancement of command line tools. * Documentation fixes. * Various bug fixes (RVT, XPath context resets bug, catalog white space handling, xmlReader state after attribute reading, out of Memory conditions handling, htmlNewDoc() charset, notation serialization, etc.). * Wed Jul 21 2004 bg@suse.de - disable elfgcchack for hppa to produce working binaries. * Wed Jul 14 2004 ke@suse.de - Update to version 2.6.11; NEWS (extract) from http://xmlsoft.org/: * Bugfixes and improvements to XML Schemas support. * Update to the documentation tutorial and man pages. * Bugfixes: C14N bug serializing namespaces, empty node set in XPath, XInclude xml:base generation, XInclude fallback problem, XPointer and xml:base problem, Reader and entities, xmllint related fixes, DTD serialization problem xmlReader fixes, Python bindings improvement, fix the push parser, URI escaping and filemanes, XHTML1 formatting, reverse xmlEncodeSpecialChars() behaviour back to escaping '"', etc. * improvements: custom per-thread I/O enhancement, dynamically increase the number of XPath extension functions in Python and fix a memory leak, make xmlTextReaderMode public, * Increase performance. * Mon Apr 19 2004 ke@suse.de - Update to version 2.6.9; NEWS (extract) from http://xmlsoft.org/: * implement xml:id Working Draft, relaxed XPath id() checking. * bugfixes: xmlCtxtReset, line number and CDATA, Regexp patches, xmlUriEscape, Relax-NG bugs, XInclude duplicate fallback, external DTD encoding detection, a DTD validation bug, xmlReader Close() fix, recusive extention schemas. * various improvements an performance patches. * documentation fixes. - Remove obsolete patches (libxml2-parser.patch, libxml2-xpath-memleak.patch, libxml2-nanohttp-fd-close.patch). * Wed Mar 24 2004 ke@suse.de - libxml2-nanohttp-fd-close.patch: add a close for the local file descriptor by William Brack (from libxml2 CVS). - libxml2-xpath-memleak.patch: fix a memory leak (xmlXPathLangFunction) by William Brack (from libxml2 CVS); reported by Mike Hommey. * Thu Mar 18 2004 ke@suse.de - Do not install pre-compiled examples; reported by Dirk Mueller [# 36382]. * Thu Mar 11 2004 ke@suse.de - Fix memory leak in parser.c. Patch by Daniel Veillard (from libxml2 CVS), reported by Holger Rauch. * Tue Feb 24 2004 ke@suse.de - Update to version 2.6.7; NEWS (extract) from http://xmlsoft.org/: Mostly small bugfixes and performances improvements: * Documentation: tutorial updates. * xmlWriter: updates and fixes. * XPath optimization. * DTD ID handling optimization. * Python: 2.3 compatibility, whitespace fixes. * Add relaxng option to xmllint --shell . - Add -fno-strict-aliasing to CFLAGS. * Mon Feb 23 2004 ke@suse.de - Support C++ exceptions; reported by Ulrich Heinen [# 34865]. * Thu Feb 19 2004 ke@suse.de - libxml2-id-idref-validation.patch: Remove a non-linear behaviour from ID/IDREF by Daniel Veillard (from libxml2 CVS). * Fri Feb 13 2004 ke@suse.de - Update to version 2.6.6; NEWS (extract) from http://xmlsoft.org/: Mostly a bug fixes including potentially dangerous buffer overflows discovered in the FTP and HTTP URL parsing code (historical it was written before the module uri.c, ideally that code should now be dropped); also a couple of minor API enhancements: * nanohttp and nanoftp: buffer overflow error on URI parsing. * bugfixes: make test and path issues, xmlWriter attribute serialization, xmlWriter indentation , schemas validation, XInclude dictionnaries issues, XInclude empty fallback, HTML warnings, XPointer in XInclude, Python namespace serialization, isolat1ToUTF8 bound error, output of parameter entities in internal subset, internal subset bug in push mode, fix. * XInclude: allow the 2001 namespace without warning. * reader API: structured error reporting * Parsers: added xmlByteConsumed(ctxt) API to get the byte offest in input. * Mon Jan 26 2004 ke@suse.de - Update to version 2.6.5; NEWS (extract) from http://xmlsoft.org/: * Bugfixes: dictionnaries for schemas, regexp segfault, xs:all problem, a number of XPointer bugfixes, xmllint error go to stderr, DTD validation problem with namespace, memory leak, SAX1 cleanup and minimal options fixes, parser context reset on error, XPath union evaluation problem, xmlReallocLoc with NULL, XML Schemas double free, XInclude with no href, argument callbacks order for XPath callbacks. * Documentation enhancements. * Python bindings: fixes, enum support, structured error reporting, problem related to dictionnary references, recursion. * xmlWriter: indentation, memory leaks. * xmlSchemas: normalizedString datatype. * Parser optimizations, a few new XPath and dictionnary APIs for future XSLT optimizations. * Sat Jan 10 2004 adrian@suse.de - build as user * Fri Jan 9 2004 adrian@suse.de - add %%run_ldconfig to %%postun * Wed Jan 7 2004 ke@suse.de - Update to version 2.6.4; NEWS (extract) from http://xmlsoft.org/: * Fix serious XInclude problems. * Documentation improvements. * example fix (Lucas Brasilino) * Various bugfixes: xmlTextReaderExpand() with xmlReaderWalker, XPath handling of NULL strings, API building reader or parser from filedescriptor should not close it, changed XPath sorting to be stable again, xmlGetNodePath() generating '(null)', DTD validation and namespace bug, XML Schemas double inclusion behaviour. * Thu Dec 11 2003 ke@suse.de - Update to version 2.6.3; NEWS (extract) from http://xmlsoft.org/: Cleanup release (documentation, small bug fixes and enhancements). Upgrade XInclude support to the latest draft; this includes namespace changes (in case of XInclude warnings, you must fix your documents). * Add a repository of examples. * Unicode range checking. * UTF-16 cleanup and BOM issues. * Bug fixes: ID and xmlReader validation, XPath, xmlWriter, hash.h inclusion problem, HTML parser, attribute defaulting and validation, some serialization cleanups, XML_GET_LINE macro, memory debug when using threads, serialization of attributes and entities content, xmlWriter. * XInclude bugfix, new APIs and update to the last version including the namespace change. * XML Schemas improvements. * Preliminary pattern support for streaming. - Drop obsolete patch (libxml2-2.6.2-include.patch). * Wed Nov 12 2003 ke@suse.de - For libxml2-devel require zlib-devel and readline-devel; reported by Tobias Reif. * Fri Nov 7 2003 ro@suse.de - change include file hash.h define types used in parser.h before including * Wed Nov 5 2003 ke@suse.de - Update to version 2.6.2; NEWS (extract) from http://xmlsoft.org/: * API additions (should still be API and ABI compatible) and performance gains. * API to screate a W3C Schemas from an existing document. * Deactivate the broken docBook SGML parser code and plug the XML parser instead. * Enable IPv6 support. * Switch to a SAX2 like parser rewrote most of the XML parser core, provides namespace resolution and defaulted attributes, minimize memory allocations and copies, namespace checking and specific error handling, immutable buffers, make predefined entities static structures, etc... * Schemas: base64 support. * Parser<->HTTP integration fix, proper processing of the Mime-Type and charset informations if available. * Relax-NG: bug fixes. * Documentation fixes. * Bug fixes: xmlCleanupParser, threading uninitialized mutexes, HTML doctype lowercase, SAX/IO, compression detection and restore, attribute declaration in DTDs, namespace on attribute in HTML output, input filename, namespace DTD validation, xmlReplaceNode, I/O callbacks, CDATA serialization, xmlReader, high codepoint charref like 􏿿, buffer access in push mode, XPath bug, xmlCleanupParser, CDATA output, HTTP error handling. Mandatory encoding in text decl, serializing Document Fragment nodes, XPath context unregistration fixes, text node coalescing fixes, stdin parsing fix, a posteriori DTD validation fixes and other fixes. * xmllint options: --dtdvalidfpi, --sax1 for compat testing, --nodict for building without tree dictionnary, --nocdata to replace CDATA by text, --nsclean to remove surperfluous namespace declarations. * Always generate line numbers when using the new xmlReadxxx functions * Add XInclude support to the xmlReader interface. * Implement XML_PARSE_NONET parser option. * DocBook XSLT processing bug fixed. * HTML serialization for

elements. * XPointer failure in XInclude are now handled as resource errors. * Fix xmllint --html to use the HTML serializer on output (add --xmlout to implement the previous behaviour of saving it using the XML serializer). * Tue Oct 7 2003 ke@suse.de - Update to version 2.5.11: * Fix bug in Relax-NG. * Fix crash when using multithreaded programs. * Fri Aug 29 2003 mcihar@suse.cz - require same python version as it was built with * Fri Aug 29 2003 kukuk@suse.de - Add %%verify tag to /var/adm/SuSEconfig/run-libxml2 * Wed Aug 27 2003 ke@suse.de - Add readline-devel to neededforbuild and enable history/readline support for xmllint; proposed by Thomas Schreitle. * Fri Aug 15 2003 ke@suse.de - Update to version 2.5.10; NEWS from http://xmlsoft.org/: * Bugfixes: UTF-16 support, HTML parser, xmlSAXParseDTD(). * Improve XInclude performance problem * Improve XML parser performance. * Thu Aug 14 2003 ke@suse.de - Update to version 2.5.9; NEWS from http://xmlsoft.org/: * Bugfixes: IPv6 portability, xmlHasNsProp, Schemas, threading, hexBinary type, UTF-16 BOM, xmlReader, namespace handling, EXSLT, HTML parsing problem, DTD validation for mixed content + namespaces, HTML serialization, library initialization, progressive HTML parser. * Better interfaces for Relax-NG error handling. * Add xmlXIncludeProcessTree() for XInclud'ing in a subtree. * Doc fixes and improvements. * New UTF-8 helper functions. * General encoding cleanup + ISO-8859-x without iconv. * xmlTextReader cleanup + enum for node types. * Tue Jul 8 2003 ke@suse.de - Update to version 2.5.8; NEWS from http://xmlsoft.org/: * Bugfixes: XPath, XInclude, file/URI mapping, UTF-16 save, UTF-8 checking, URI saving, error printing, PI related memleak, compilation without schemas or without xpath, xmlUnlinkNode problem with DTDs, xmlIOParseDTD, and xmlSAXParseDTD. * Fix multithreading lock problems. * IPv6 patch for FTP and HTTP accesses. * A few W3C Schemas Structure improvements. * W3C Schemas Datatype improvements. * Python bindings for thread globals, and method/class generator. * Add --nonet option to xmllint. * Documentation improvements. - libxml2-2.5.8-mutex.patch provided by Daniel Veillard. * Thu Jun 12 2003 kukuk@suse.de - Add gnome directories to filelist * Mon May 26 2003 ke@suse.de - Remove unwanted files from $RPM_BUILD_ROOT. * Mon Apr 28 2003 ke@suse.de - Update to version 2.5.7; NEWS from http://xmlsoft.org/: * Relax-NG: Compiling to regexp and streaming validation on top of the xmlReader interface, add --stream to xmllint. * xmlReader: Expand(), Next() and DOM access glue, bug fixes. * Support for large files: RGN validated a 4.5GB instance. * Thread support is now configured in by default. * Fixes: update of the Trio code, WXS Date and Duration fixes, DTD and namespaces, HTML push parser and zero bytes handling, behaviour of the parser and validator in the presence of "out of memory" error conditions. * Extend the API to be able to plug a garbage collecting memory allocator, add xmlMallocAtomic() and modified the allocations accordingly. * Performances: remove excessive malloc() calls, speedup of the push and xmlReader interfaces, remove excessive thread locking. * Documentation: man page, xmlReader documentation * Python: add binding for xmlCatalogAddLocal. * Wed Apr 2 2003 ke@suse.de - Update to version 2.5.6; NEWS from http://xmlsoft.org/: * Fix W3C XML Schemas datatype, should be compliant now except for binHex and base64 which are not supported yet. * Bug fix: non-ASCII IDs, HTML output, XInclude on large docs and XInclude entities handling, encoding detection on external subsets, XML Schemas bugs and memory leaks, HTML parser. * improved error reporting: xml:space, start/end tag mismatches, Relax NG errors. - Frop obsolete trio patch. * Wed Mar 26 2003 ke@suse.de - Update to version 2.5.5; NEWS from http://xmlsoft.org/: * Fixes on the Relax NG implementation. * Increase support for W3C XML Schemas datatype. * Bug fixes in the URI handling layer. * Bug fixes: HTML parser, xmlReader, DTD validation, XPath, encoding conversion, line counting in the parser. * Add support for $XMLLINT_INDENT environment variable, FTP delete. - Apply patch by Albert Chin to enable use of trio libraries in Python. * Thu Feb 20 2003 ke@suse.de - Add /usr/bin/install to PreReq; reported by Thorsten Kukuk [# 23891]. * Tue Feb 11 2003 ke@suse.de - Update to version 2.5.3; NEWS from http://xmlsoft.org/: A bugfix release. Relax-NG and XML Schemas datatypes stabilization: * RelaxNG and XML Schemas datatypes improvements; first version of RelaxNG Python bindings. * Fixes: XLink, XInclude, API fix for serializing namespace nodes, encoding conversion bug, XHTML1 serialization. * Thu Feb 6 2003 ro@suse.de - fix specfile * Thu Feb 6 2003 ke@suse.de - Update to version 2.5.2; NEWS from http://xmlsoft.org/: First release with the RelaxNG validation code. Schemas support is also configured in by default now. All this code is still of alpha quality. This release also includes a number of fixes and some API improvements: * First implementation of RelaxNG, added --relaxng flag to xmllint. * Schemas support now compiled in by default. * Bug fixes: DTD validation, namespace checking, XInclude and entities, delegateURI in XML Catalogs, HTML parser, XML reader, XPath parser and evaluation, UTF8ToUTF8 serialization, XML reader memory consumption, HTML parser, HTML serialization in the presence of namespaces. * Add an HTML API to check elements and attributes. * Documentation improvement. * Add python bindings for XPointer, contextual error reporting. * Fix URI/file escaping problems. - Remove obsolete README.SuSE. * Thu Jan 9 2003 ke@suse.de - Update to version 2.5.1; NEWS from http://xmlsoft.org/: * New XmltextReader interface based on C# API; cf. http://xmlsoft.org/xmlreader.html . * XInclude fallback fix. * Python: bindings for the new API, packaging, drv_libxml2.py Python xml.sax driver, fixes, speedup and iterators for Python-2.2. * Tutorial fixes, xmllint man update. * Fix an XML parser bug. * Entities handling fixes * new API to optionally track node creation and deletion. * Added documentation for the XmltextReader interface and some XML guidelines * Thu Dec 12 2002 ke@suse.de - Update to version 2.4.30; NEWS from http://xmlsoft.org/: * Main changes are the addition of a new API set closely based on the C#/ECMA-334 XmlTextReader interface, allowing to scan an XML document in a forward only way but in (near) constant memory size. * Fix for prev in python bindings. * Fix for entities handling (Marcus Clarke), replacing patch from 2002-12-02. * Refactor the XML and HTML dumps to a single code path, fix XHTML1 dump. * Fix for URI parsing when handling URNs with fragment identifiers * Fix for HTTP URL escaping problem. * Adde an TextXmlReader (C#) like API (work in progress). * Rewrote the API in XML generation script, includes a C parser and saves more informations needed for C# bindings. * Mon Dec 2 2002 ke@suse.de - Fix "Entity in Entity processing"; patch provided by DV. Cf. [# 22208]. * Tue Nov 26 2002 ro@suse.de - split libxml2-python to own specfile (libxml2 is turning more and more into a base package and python requires a lot of other things to build) * Mon Nov 25 2002 ke@suse.de - Update to version 2.4.28; NEWS from http://xmlsoft.org/: * Fix a couple of python binding bugs. * Fix 2 bugs in the XML push parser. * Remove potential memory leak. * Add encoding support for XInclude parse="text". * Autodetect XHTML1 and add specific serialization rules. * Fix threading bug. * Mon Nov 18 2002 ke@suse.de - Update to version 2.4.27; NEWS from http://xmlsoft.org/: * Fix Python bindings. * A number of bug fixes: SGML catalogs, xmlParseBalancedChunkMemory(), HTML parser, Schemas, document fragment support, xmlReconciliateNs, XPointer, xmlFreeNode(), xmlSAXParseMemory, xmlGetNodePath, entities processing. * Add grep to xmllint --shell. * Improvement documentation. - Don't apply obsolete revert-.25-.26.dif patch. * Mon Nov 4 2002 adrian@suse.de - revert catalog separator change, accepting ":" again. libxml2 is using anyway ":" internal, even when a " " separator is given * Wed Oct 30 2002 ro@suse.de - removed patch call for removed patch * Wed Oct 30 2002 ke@suse.de - Drop libxml2-2.4.19-xml2-config.dif to avoid header file conflicts with C++; reported by Andreas Mueller [# 21427]. * Tue Oct 29 2002 ke@suse.de - Update to version 2.4.26; NEWS from http://xmlsoft.org/: * Fix the validation code (DTD and Schemas), xmlNodeGetPath() , HTML serialization, Namespace compliance, and a number of small problems. - "valid" patches are obsolete with his update. * Fri Oct 11 2002 ke@suse.de - valid.c: Fix uninitialized memory block (patch by Daniel Veillard). * Tue Oct 8 2002 ke@suse.de - Update to version 2.4.25; NEWS from http://xmlsoft.org/: * A number of bug fixes: XPath, validation, DOM and tree, XML I/O, HTML. * Fix and improve Python bindings. * Fix HTML