Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2025-01-21 21:09:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.5589 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2" Tue Jan 21 21:09:52 2025 rev:130 rq:1238933 version:2.13.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2024-11-15 15:38:49.247315853 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new.5589/libxml2.changes 2025-01-21 21:10:12.302309267 +0100 @@ -1,0 +2,276 @@ +Fri Jan 17 16:07:06 UTC 2025 - Pedro Monreal <[email protected]> + +- Update to 2.13.5: + * Regressions: + - xmlIO: Fix reading from non-regular files like pipes + - xmlreader: Fix return value of xmlTextReaderReadString + - parser: Fix loading of parameter entities in external DTDs + - parser: Fix downstream code that swaps DTDs + - parser: Fix detection of duplicate attributes + - string: Fix va_copy fallback + * Bug fixes: + - xpath: Fix parsing of non-ASCII names + +- Update to 2.13.4: + * Regressions: + - parser: Make unsupported encodings an error in declarations + - io: don't set the executable bit when creating files + - xmlcatalog: Improved fix for #699 + - Revert "catalog: Fetch XML catalog before dumping" + - io: Add missing calls to xmlInitParser + - tree: Restore return value of xmlNodeListGetString with NULL list + - parser: Fix error handling after reaching limit + - parser: Make xmlParseChunk return an error if parser was stopped + * Bug fixes: + - python: Fix SAX driver with character streams + * Improvements: + - xpath: Make recursion check work with xmlXPathCompile + - parser: Report at least one fatal error + +- Update to 2.13.3: + * Security: + - [bsc#1234812, CVE-2024-40896] Fix XXE protection in downstream code + * Regressions: + - autotools: Use AC_CHECK_DECL to check for getentropy + - xinclude: Fix fallback for text includes + - io: Don't call getcwd in xmlParserGetDirectory + - io: Fix return value of xmlFileRead + - parser: Fix error return of xmlParseBalancedChunkMemory + * Improvements: + - xinclude: Set error handler when parsing text + - Undeprecate xmlKeepBlanksDefault + +- Update to 2.13.2: + * Regressions: + - tree: Fix handling of empty strings in xmlNodeParseContent + - valid: Restore ID lookup + - parser: Reenable ctxt->directory + - uri: Handle filesystem paths in xmlBuildRelativeURISafe + - encoding: Make xmlFindCharEncodingHandler return UTF-8 handler + - encoding: Fix encoding lookup with xmlOpenCharEncodingHandler + - include: Define ATTRIBUTE_UNUSED for clang + - uri: Fix xmlBuildURI with NULL base + * Regressions: + - parser: Selectively reenable reading from "-" + - reader: Fix xmlTextReaderReadString + - xinclude: Set XPath context doc + - xinclude: Load included documents with XML_PARSE_DTDLOAD + - include: Don't redefine ATTRIBUTE_UNUSED + - include: Readd circular dependency between tree.h and parser.h + - xinclude: Add missing include + - xinclude: Don't raise error on empty nodeset + - parser: Make failure to load main document a warning + - tree: Fix freeing entities via xmlFreeNode + - parser: Pass global object to sax->setDocumentLocator + * Improvements: + - io: Fix resetting xmlParserInputBufferCreateFilename hook + * Documentation: + - Fix typo in NEWS (--with-html -> --with-http) + - doc: Don't mention xmlNewInputURL + +------------------------------------------------------------------- +Fri Nov 15 13:17:34 UTC 2024 - Pedro Monreal <[email protected]> + +- Update to 2.13.0: + * Major changes: + - Most of the core code should now report malloc failures reliably. Some + API functions were extended with versions that report malloc failures. + - New API functions for error handling were added: + + xmlCtxtSetErrorHandler + + xmlXPathSetErrorHandler + + xmlXIncludeSetErrorHandler + - This makes it possible to register per-context error handlers without + resorting to global handlers. + - A few error messages were improved and consolidated. Please update + downstream test suites accordingly. + - A new parser option XML_PARSE_NO_XXE can be used to disable loading + of external entities or DTDs. This is most useful in connection with + XML_PARSE_NOENT. + - Support for HTTP POST was removed. + - Support for zlib, liblzma and HTTP is now disabled by default and has + to be enabled by passing --with-zlib, --with-lzma or --with-http to + configure. In legacy mode (--with-legacy) these options are enabled + by default as before. + - Support for FTP will be removed in the next release. + - Support for the range and point extensions of the xpointer() scheme + will be removed in the next release. The rest of the XPointer + implementation won't be affected. The xpointer() scheme will behave + like the xpath1() scheme. + - Several more legacy symbols were deprecated. Users of the old "SAX1" + API functions are encouraged to upgrade to the new "SAX2" API, + available since version 2.6.0 from 2003. + * Some deprecated global variables were made const: + - htmlDefaultSAXHandler + - oldXMLWDcompatibility + - xmlDefaultSAXHandler + - xmlDefaultSAXLocator + - xmlParserDebugEntities + * Deprecations and removals: + - threads: Deprecate remaining ThrDef functions + - unicode: Deprecate most xmlUCSIs* functions + - memory: Remove memory debugging + - tree: Deprecate xmlRegisterNodeDefault + - tree: Deprecate xmlSetCompressMode + - html: Deprecate htmlHandleOmittedElem + - valid: Deprecate internal validation functions + - valid: Deprecate old DTD serialization API + - nanohttp: Deprecate public API + - Remove VMS support + - Remove Trio + * Bug fixes: + - parser: Fix base URI of internal parameter entities + - tree: Handle predefined entities in xmlBufGetEntityRefContent + - schemas: Allow unlimited length decimals, integers etc. + - reader: Fix preservation of attributes + - parser: Always decode entities in namespace URIs + - relaxng: Fix tree corruption in xmlRelaxNGParseNameClass + - schemas: Fix ADD_ANNOTATION + - tree: Fix tree iteration in xmlDOMWrapRemoveNode + - tree: Declare namespace on clone in xmlDOMWrapCloneNode + - tree: Fix xmlAddSibling with last sibling + - tree: Fix xmlDocSetRootElement with multiple top-level elements + - catalog: Fetch XML catalog before dumping + - html: Don't close fd in htmlCtxtReadFd + * Improvements: + - parser: Fix "Truncated multi-byte sequence" error + - Add missing _cplusplus processing clause + - parser: Rework handling of undeclared entities + - SAX2: Warn if URI resolution failed + - parser: Don't report error on invalid URI + - xmllint: Clean up option handling + - xmllint: Rework parsing + - parser: Don't create undeclared entity refs in substitution mode + - Make some globals const + - reader: Make xmlTextReaderReadString non-recursive + - reader: Rework xmlTextReaderRead{Inner,Outer}Xml + - Remove redundant size check (Niels Dossche) + - Remove redundant NULL check on cur + - Remove always-false check old == cur + - Remove redundant NULL check on cur + - tree: Don't return empty localname in xmlSplitQName{2,3} + - xinclude: Don't try to fix base of non-elements + - tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling + - SAX2: Optimize appending children + - tree: Align xmlAddChild with other node insertion functions + - html: Use binary search in htmlEntityValueLookup + - io: Allocate output buffer with XML_BUFFER_ALLOC_IO + - encoding: Don't shrink input too early in xmlCharEncOutput + - tree: Tighten source doc check in xmlDOMWrapAdoptNode + - tree: Check destParent->doc in xmlDOMWrapCloneNode + - tree: Refactor text node updates + - tree: Refactor node insertion + - tree: Refactor element creation and parsing of attribute values + - tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent + - buf: Don't use default buffer size for small strings + - string: Fix xmlStrncatNew(NULL, "") + - entities: Don't allow null name in xmlNewEntity + - html: Fix quadratic behavior in htmlNodeDump + - tree: Rewrite xmlSetTreeDoc + - valid: Rework xmlAddID + - tree: Remove unused node types + - tree: Make namespace comparison more consistent + - tree: Don't allow NULL name in xmlSetNsProp + - tree: Rework xmlNodeListGetString + - tree: Rework xmlTextMerge + - tree: Rework xmlNodeSetName + - tree: Simplify xmlAddChild with text parent + - tree: Disallow setting content of entity reference nodes + - tree: Rework xmlReconciliateNs + - schemas: fix spurious warning about truncated snprintf output + - xmlschemastypes: Remove unreachable if statement + - relaxng: Remove useless if statement + - tree: Check for integer overflow in xmlStringGetNodeList + - http: Improve error message for HTTPS redirects + - save: Move DTD serialization code to xmlsave.c + - parser: Report fatal error if document entity couldn't be loaded + - xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest + - SAX2: Limit entity URI length to 2000 bytes + - parser: Account for full size of non-well-formed entities + - parser: Pop inputs if parsing DTD failed + - parser: Fix quadratic behavior when copying entities + - writer: Implement xmlTextWriterClose + - parser: Avoid duplicate namespace errors + - parser: Add XML_PARSE_NO_XXE parser option + - parser: Make xmlParseContent more useful + - error: Make xmlFormatError public + - encoding: Check whether encoding handlers support input/output + - SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE + - parser: Lower maximum entity nesting depth + - parser: Set depth limit to 2048 with XML_PARSE_HUGE + - parser: Implement xmlCtxtSetOptions + - parser: Always prefer option members over bitmask + - parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set + - parser: Rework parsing of attribute and entity values + - save: Output U+FFFD replacement characters + - parser: Simplify entity size accounting + - parser: Avoid unwanted expansion of parameter entities + - parser: Always copy content from entity to target + - parser: Simplify control flow in xmlParseReference + - parser: Remove xmlSetEntityReferenceFunc feature + - parser: Push general entity input streams on the stack + - parser: Move progressive flag into input struct + - parser: Fix in-parameter-entity and in-external-dtd checks + - xpath: Rewrite substring-before and substring-after + - xinclude: Only set xml:base if necessary + - xinclude: Allow empty nodesets + - parser: Rework general entity parsing + - io: Fix close error handling + - io: Fix read/write error handling + - io: More refactoring and unescaping fixes + - io: Move some code from xmlIO.c to parserInternals.c + - uri: Clean up special parsing modes + - xinclude: Rework xml:base fixup + - parser: Also set document properties when push parsing + - include: Move non-generated parts from xmlversion.h.in + - io: Remove support for HTTP POST + - dict: Move local RNG state to global state + - dict: Get random seed from system PRNG + - io: Don't use "-" to read from stdin + - io: Rework initialization + - io: Consolidate error messages + - xzlib: Fix harmless unsigned integer overflow + - io: Always use unbuffered input + - io: Fix detection of compressed streams + - io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile + - io: Rework default callbacks + - error: Stop printing some errors by default + - xpath: Don't free nodes of XSLT result value trees + - valid: Fix handling of enumerations + - parser: Allow recovery in xmlParseInNodeContext + - encoding: Support ASCII in xmlLookupCharEncodingHandler + - include: Remove useless 'const' from function arguments + - Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const' + conversions (makise-homura) + - Avoid EDG deprecation warnings for LCC compiler + - Avoid EDG -Woverflow warnings on truncating conversions by manually + truncating operand (makise-homura) + - Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by + conversion from unsigned int to int (makise-homura) + - Avoid using no_sanitize attribute on EDG even if compiler shows as GCC + * Build systems: + - meson: convert boolean options to feature option + - meson: Pass LIBXML_STATIC in dependency + - meson: fix compilation with local binaries + - meson: don't use dl dependency on old meson + - meson: fix usage as a subproject + - build: Remove --with-fexceptions configuration option + - autotools: Remove --with-coverage configuration option + - build: Disable HTTP support by default + - Stop defining _REENTRANT + - doc: Don't install example code + - meson: Initial commit + - build: Disable support for compression libraries by default + - Set LIBXML2_FOUND if it has been properly configured + - Makefile.am: omit $(top_builddir) from DEPS and LDADDS + * Test suite + - runtest: Work around broken EUC-JP support in musl iconv + - runtest: Check for IBM-1141 encoding handler + - fuzz: Add xmllint fuzzer + - fuzz: Add fuzzer for XML reader API + - fuzz: New tree API fuzzer + - tests: Remove testOOM + - Don't let gentest.py cast types to 'const somethingPtr' to avoid + -Wignored-qualifiers + * Rebase libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch + +------------------------------------------------------------------- Old: ---- libxml2-2.12.9.tar.xz New: ---- libxml2-2.13.5.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.VgW7D7/_old 2025-01-21 21:10:12.862332384 +0100 +++ /var/tmp/diff_new_pack.VgW7D7/_new 2025-01-21 21:10:12.866332549 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,12 +26,12 @@ %{?sle15allpythons} Name: libxml2%{?dash}%{flavor} -Version: 2.12.9 +Version: 2.13.5 Release: 0 License: MIT Summary: A Library to Manipulate XML Files URL: https://gitlab.gnome.org/GNOME/libxml2 -Source0: https://download.gnome.org/sources/%{name}/2.12/libxml2-%{version}.tar.xz +Source0: https://download.gnome.org/sources/%{name}/2.13/libxml2-%{version}.tar.xz Source1: baselibs.conf # W3C Conformance tests Source2: https://www.w3.org/XML/Test/xmlts20080827.tar.gz @@ -167,9 +167,7 @@ --disable-silent-rules \ --disable-static \ --docdir=%{_docdir}/%{base_name} \ - --with-html-dir=%{_docdir}/%{base_name}/html \ --without-python \ - --with-fexceptions \ --with-history \ --enable-ipv6 \ --with-sax1 \ @@ -252,8 +250,6 @@ %files -n %{base_name}-doc %{_datadir}/gtk-doc/html/* -%doc %{_docdir}/%{base_name}/examples -%doc %{_docdir}/%{base_name}/tutorial %doc %{_docdir}/%{base_name}/*.html # owning these directories prevents gtk-doc <-> libxml2 build loop: %dir %{_datadir}/gtk-doc ++++++ libxml2-2.12.9.tar.xz -> libxml2-2.13.5.tar.xz ++++++ ++++ 127990 lines of diff (skipped) ++++++ libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch ++++++ --- /var/tmp/diff_new_pack.VgW7D7/_old 2025-01-21 21:10:14.122384395 +0100 +++ /var/tmp/diff_new_pack.VgW7D7/_new 2025-01-21 21:10:14.126384561 +0100 @@ -2,10 +2,10 @@ xpath.c | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) -Index: libxml2-2.12.0/xpath.c +Index: libxml2-2.13.5/xpath.c =================================================================== ---- libxml2-2.12.0.orig/xpath.c -+++ libxml2-2.12.0/xpath.c +--- libxml2-2.13.5.orig/xpath.c ++++ libxml2-2.13.5/xpath.c @@ -25,6 +25,7 @@ #include <limits.h> #include <string.h> @@ -14,7 +14,7 @@ #include <math.h> #include <float.h> #include <ctype.h> -@@ -106,14 +107,32 @@ +@@ -104,14 +105,32 @@ #define XPATH_MAX_STACK_DEPTH 1000000 /* @@ -52,58 +52,58 @@ /* * XPATH_MAX_RECRUSION_DEPTH: -@@ -3095,7 +3114,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, +@@ -2881,7 +2900,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; -- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (cur->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); +- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (cur->nodeMax >= get_max_nodeset_len()) return(-1); - } -@@ -3153,7 +3172,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm + temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); +@@ -2933,7 +2952,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; -- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (cur->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); +- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (cur->nodeMax >= get_max_nodeset_len()) return(-1); - } -@@ -3209,7 +3228,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c + temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); +@@ -2983,7 +3002,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; -- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (cur->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); +- if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (cur->nodeMax >= get_max_nodeset_len()) return(-1); - } -@@ -3302,7 +3321,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, + temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); +@@ -3071,7 +3090,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, } else if (val1->nodeNr == val1->nodeMax) { xmlNodePtr *temp; -- if (val1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (val1->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); +- if (val1->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (val1->nodeMax >= get_max_nodeset_len()) goto error; - } -@@ -3394,7 +3413,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP + temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * 2 * + sizeof(xmlNodePtr)); +@@ -3157,7 +3176,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP } else if (set1->nodeNr >= set1->nodeMax) { xmlNodePtr *temp; -- if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (set1->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); +- if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (set1->nodeMax >= get_max_nodeset_len()) goto error; - } -@@ -3455,7 +3474,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN + temp = (xmlNodePtr *) xmlRealloc( + set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr)); +@@ -3212,7 +3231,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN } else if (set1->nodeNr >= set1->nodeMax) { xmlNodePtr *temp; -- if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { -+ if (set1->nodeMax >= get_max_nodeset_len()) { - xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); +- if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) ++ if (set1->nodeMax >= get_max_nodeset_len()) goto error; - } + temp = (xmlNodePtr *) xmlRealloc( + set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr));
