Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2017-09-29 11:48:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2" Fri Sep 29 11:48:40 2017 rev:87 rq:528090 version:2.9.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2017-06-20 11:00:55.163117626 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2017-09-29 11:48:43.163210936 +0200 @@ -1,0 +2,28 @@ +Thu Sep 21 14:19:56 UTC 2017 - jeng...@inai.de + +- Update package summaries and RPM groups. Trim descriptions for + size on secondary subpackages. Replace install call by a + commonly-used macro. + +------------------------------------------------------------------- +Thu Sep 21 14:05:29 UTC 2017 - tchva...@suse.com + +- Add patch to fix TW integration: + * libxml2-bug787941.patch + +------------------------------------------------------------------- +Sun Sep 10 09:54:07 UTC 2017 - tchva...@suse.com + +- Version update to 2.9.5 release: + * Merged all the previous cve fixes that were patched in + * Few small tweaks +- Remove merged patches: + * libxml2-CVE-2016-4658.patch + * libxml2-CVE-2017-0663.patch + * libxml2-CVE-2017-5969.patch + * libxml2-CVE-2017-9047.patch + * libxml2-CVE-2017-9048.patch + * libxml2-CVE-2017-9049.patch + * libxml2-2.9.4-fix_attribute_decoding.patch + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2.changes 2016-06-12 18:51:33.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2.changes 2017-09-29 11:48:43.211204168 +0200 @@ -1,0 +2,22 @@ +Thu Sep 21 14:19:56 UTC 2017 - jeng...@inai.de + +- Update package summaries and RPM groups. Trim descriptions for + size on secondary subpackages. Replace install call by a + commonly-used macro. + +------------------------------------------------------------------- +Sun Sep 10 09:54:07 UTC 2017 - tchva...@suse.com + +- Version update to 2.9.5 release: + * Merged all the previous cve fixes that were patched in + * Few small tweaks +- Remove merged patches: + * libxml2-CVE-2016-4658.patch + * libxml2-CVE-2017-0663.patch + * libxml2-CVE-2017-5969.patch + * libxml2-CVE-2017-9047.patch + * libxml2-CVE-2017-9048.patch + * libxml2-CVE-2017-9049.patch + * libxml2-2.9.4-fix_attribute_decoding.patch + +------------------------------------------------------------------- Old: ---- libxml2-2.9.4-fix_attribute_decoding.patch libxml2-2.9.4.tar.gz libxml2-2.9.4.tar.gz.asc libxml2-CVE-2016-4658.patch libxml2-CVE-2017-0663.patch libxml2-CVE-2017-5969.patch libxml2-CVE-2017-9047.patch libxml2-CVE-2017-9048.patch libxml2-CVE-2017-9049.patch New: ---- libxml2-2.9.5.tar.gz libxml2-2.9.5.tar.gz.asc libxml2-bug787941.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.0WWeFS/_old 2017-09-29 11:48:44.075082344 +0200 +++ /var/tmp/diff_new_pack.0WWeFS/_new 2017-09-29 11:48:44.075082344 +0200 @@ -18,55 +18,29 @@ %define lname libxml2-2 Name: libxml2 -Version: 2.9.4 +Version: 2.9.5 Release: 0 Summary: A Library to Manipulate XML Files License: MIT -Group: System/Libraries +Group: Development/Libraries/C and C++ Url: http://xmlsoft.org Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source1: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz.asc Source2: baselibs.conf Source3: %{name}.keyring Patch0: fix-perl.diff -# PATCH-FIX-UPSTREAM bnc#983288 kstreit...@suse.com -- fix attribute decoding during XML schema validation -Patch1: libxml2-2.9.4-fix_attribute_decoding.patch -# PATCH-FIX-UPSTREAM bsc#1005544 pmonrealgonza...@suse.com -- Disallow namespace nodes in XPointer ranges -Patch2: libxml2-CVE-2016-4658.patch -# PATCH-FIX-UPSTREAM bsc#1039063 -- pmonrealgonza...@suse.com -- stack overflow vulnerability -Patch3: libxml2-CVE-2017-9047.patch -# PATCH-FIX-UPSTREAM bsc#1039064 -- pmonrealgonza...@suse.com -- stack overflow vulnerability -Patch4: libxml2-CVE-2017-9048.patch -# PATCH-FIX-UPSTREAM bsc#1039066 -- pmonrealgonza...@suse.com -- heap-based buffer overflow -Patch5: libxml2-CVE-2017-9049.patch -# PATCH-FIX-UPSTREAM bnc#1024989 pmonrealgonza...@suse.com -- CVE-2017-5969 NULL pointer derefence parsing xml file -Patch6: libxml2-CVE-2017-5969.patch -# PATCH-FIX-UPSTREAM bnc#1044337 pmonrealgonza...@suse.com -- CVE-2017-0663: libxml2: Heap buffer overflow in xmlAddID -Patch7: libxml2-CVE-2017-0663.patch - +Patch1: libxml2-bug787941.patch BuildRequires: fdupes -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: readline-devel -BuildRequires: xz-devel -BuildRequires: zlib-devel -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: pkgconfig(liblzma) +BuildRequires: pkgconfig(zlib) %description The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. -This library implements a number of existing standards related to -markup languages, including the XML standard, name spaces in XML, XML -Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and -XML catalogs. In most cases, libxml tries to implement the -specification in a rather strict way. To some extent, it provides -support for the following specifications, but does not claim to -implement them: DOM, FTP client, HTTP client, and SAX. - -The library also supports RelaxNG. Support for W3C XML Schemas is in -progress. - %package -n %{lname} Summary: A Library to Manipulate XML Files Group: System/Libraries @@ -89,7 +63,7 @@ %package tools Summary: Tools using libxml -Group: System/Libraries +Group: Productivity/Text/Utilities Provides: %{name} = %{version}-%{release} Obsoletes: %{name} < %{version}-%{release} @@ -97,26 +71,25 @@ This package contains xmllint, a very useful tool proving libxml's power. %package devel -Summary: Include Files and Libraries mandatory for Development +Summary: Development files for libxml2, an XML manipulation library Group: Development/Libraries/C and C++ Requires: %{lname} = %{version} Requires: %{name}-tools = %{version} Requires: glibc-devel Requires: readline-devel -Requires: xz-devel -Requires: zlib-devel -# bug437293 -%ifarch ppc64 -Obsoletes: libxml2-devel-64bit -%endif +Requires: pkgconfig(liblzma) +Requires: pkgconfig(zlib) %description devel -This package contains all necessary include files and libraries needed -to develop applications that require these. +The XML C library can load and save extensible data structures +or manipulate any kind of XML files. + +This subpackage contains header files for developing +applications that want to make use of libxml. %package doc -Summary: A Library to Manipulate XML Files -Group: System/Libraries +Summary: Documentation for libxml, an XML manipulation library +Group: Documentation/HTML Requires: %{lname} = %{version} BuildArch: noarch @@ -125,30 +98,15 @@ now used by many programs to load and save extensible data structures or manipulate any kind of XML files. -This library implements a number of existing standards related to -markup languages, including the XML standard, name spaces in XML, XML -Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and -XML catalogs. In most cases, libxml tries to implement the -specification in a rather strict way. To some extent, it provides -support for the following specifications, but does not claim to -implement them: DOM, FTP client, HTTP client, and SAX. - -The library also supports RelaxNG. Support for W3C XML Schemas is in -progress. - %prep %setup -q %patch0 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 %build -%configure --disable-static \ +%configure \ + --disable-silent-rules \ + --disable-static \ --docdir=%{_docdir}/%{name} \ --with-html-dir=%{_docdir}/%{name}/html \ --with-fexceptions \ @@ -164,7 +122,7 @@ make %{?_smp_mflags} BASE_DIR="%{_docdir}" DOC_MODULE="%{name}" %install -make install DESTDIR=%{buildroot} BASE_DIR="%{_docdir}" DOC_MODULE="%{name}" +%make_install BASE_DIR="%{_docdir}" DOC_MODULE="%{name}" mkdir -p "%{buildroot}/%{_docdir}/%{name}" cp -a AUTHORS NEWS README COPYING* Copyright TODO* %{buildroot}%{_docdir}/%{name}/ ln -s libxml2/libxml %{buildroot}%{_includedir}/libxml @@ -172,29 +130,25 @@ %check # qemu-arm can't keep up atm, disabling check for arm -%ifnarch %arm +%ifnarch %{arm} make %{?_smp_mflags} check %endif %post -n %{lname} -p /sbin/ldconfig - %postun -n %{lname} -p /sbin/ldconfig %files -n %{lname} -%defattr(-, root, root) %{_libdir}/lib*.so.* %doc %dir %{_docdir}/%{name} %doc %{_docdir}/%{name}/[ANRCT]* %files tools -%defattr(-, root, root) %{_bindir}/xmllint %{_bindir}/xmlcatalog %{_mandir}/man1/xmllint.1* %{_mandir}/man1/xmlcatalog.1* %files devel -%defattr(-, root, root) %{_bindir}/xml2-config %dir %{_datadir}/aclocal %{_datadir}/aclocal/libxml.m4 @@ -206,11 +160,10 @@ %{_libdir}/*.sh %{_libdir}/pkgconfig/*.pc %{_libdir}/cmake -%{_mandir}/man1/xml2-config.1* -%{_mandir}/man3/libxml.3* +%{_mandir}/man1/xml2-config.1%{ext_man} +%{_mandir}/man3/libxml.3%{ext_man} %files doc -%defattr(-, root, root) %{_datadir}/gtk-doc/html/* %doc %{_docdir}/%{name}/examples %doc %{_docdir}/%{name}/html ++++++ python-libxml2.spec ++++++ --- /var/tmp/diff_new_pack.0WWeFS/_old 2017-09-29 11:48:44.103078395 +0200 +++ /var/tmp/diff_new_pack.0WWeFS/_new 2017-09-29 11:48:44.107077832 +0200 @@ -17,18 +17,18 @@ Name: python-libxml2 -Version: 2.9.4 +Version: 2.9.5 Release: 0 Summary: Python Bindings for libxml2 License: MIT Group: Development/Libraries/Python Url: http://xmlsoft.org Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: libxml2-devel -BuildRequires: python-devel -#!BuildIgnore: python +BuildRequires: pkgconfig BuildRequires: python-xml +BuildRequires: pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(python) +#!BuildIgnore: python Requires: libxml2-2 = %{version} # Uncomment to save space: #NoSource: 0 @@ -49,10 +49,6 @@ %setup -q -n libxml2-%{version} %build -# workaround for bnc#310196 -%ifarch s390 s390x -export RPM_OPT_FLAGS=${RPM_OPT_FLAGS/-O2/-O1} -%endif export CFLAGS="%{optflags} -fno-strict-aliasing" %configure \ --with-fexceptions \ @@ -70,8 +66,7 @@ make -C python %{?_smp_mflags} %install -make -C python install \ - DESTDIR=%{buildroot} \ +%make_install -C python \ pythondir=%{py_sitedir} \ PYTHON_SITE_PACKAGES=%{py_sitedir} chmod a-x python/tests/*.py @@ -82,7 +77,6 @@ rm -f %{buildroot}%{py_sitedir}/*.{la,a} %files -%defattr(-, root, root) %doc python/TODO %doc python/libxml2class.txt %doc python/tests ++++++ libxml2-2.9.4.tar.gz -> libxml2-2.9.5.tar.gz ++++++ ++++ 59848 lines of diff (skipped) ++++++ libxml2-bug787941.patch ++++++ >From 3157cf4e53c03bc3da604472c015c63141907db8 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <wellnho...@aevum.de> Date: Wed, 20 Sep 2017 16:13:29 +0200 Subject: Report undefined XPath variable error message Commit c851970 removed a redundant error message if XPath evaluation failed. This uncovered a case where an undefined XPath variable error wasn't reported correctly. Thanks to Petr Pisar for the report. Fixes bug 787941. --- xpath.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/xpath.c b/xpath.c index 2c1b268..9481507 100644 --- a/xpath.c +++ b/xpath.c @@ -13531,10 +13531,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]); if (op->value5 == NULL) { val = xmlXPathVariableLookup(ctxt->context, op->value4); - if (val == NULL) { - ctxt->error = XPATH_UNDEF_VARIABLE_ERROR; - return(0); - } + if (val == NULL) + XP_ERROR0(XPATH_UNDEF_VARIABLE_ERROR); valuePush(ctxt, val); } else { const xmlChar *URI; @@ -13549,10 +13547,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) } val = xmlXPathVariableLookupNS(ctxt->context, op->value4, URI); - if (val == NULL) { - ctxt->error = XPATH_UNDEF_VARIABLE_ERROR; - return(0); - } + if (val == NULL) + XP_ERROR0(XPATH_UNDEF_VARIABLE_ERROR); valuePush(ctxt, val); } return (total); -- cgit v0.12 ++++++ libxml2.keyring ++++++ --- /var/tmp/diff_new_pack.0WWeFS/_old 2017-09-29 11:48:45.790840388 +0200 +++ /var/tmp/diff_new_pack.0WWeFS/_new 2017-09-29 11:48:45.790840388 +0200 @@ -1,10 +1,12 @@ -pub 1024D/DE95BC1F 2000-05-31 -uid [ unknown] Daniel Veillard (Red Hat work email) <veill...@redhat.com> -uid [ unknown] Daniel Veillard <daniel.veill...@w3.org> -sub 1024g/8B494005 2000-05-31 +pub dsa1024 2000-05-31 [SC] + C74415BA7C9C7F78F02E1DC34606B8A5DE95BC1F +uid [ unknown] Daniel Veillard (Red Hat work email) <veill...@redhat.com> +uid [ unknown] Daniel Veillard <daniel.veill...@w3.org> +sub elg1024 2000-05-31 [E] +sub rsa2048 2016-12-01 [S] +sub rsa2048 2016-12-01 [E] -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 mQGiBDk1EfQRBACMYQsU1LMs37qOMMJhTkfyb5aruPapu8ICNR4kNk36jT/ld7oN /0xtqM/e2S9VOzAd165POeEobxTXN234MOhj6PM9uJNOgAq1N1k1eWhGpVw2HIYs @@ -28,6 +30,26 @@ 8VFGHFHS2C24MDsnOVIgEVnWbEIVMzp5vFfC+kIF7Rr9nq3Bgr4wHo6y+204GF1U c3r3Cb2Fn7YWmk1NnVJ6teellDsxT+7MvfM/iE4EGBECAAYFAjk1EfwAEgkQRga4 pd6VvB8HZUdQRwABATrDAJ48v66qkzGGLR2mH2C7SFw0y4OYSACghuQ7BYTNAlVF -M7fTlvOUhgA69SI= -=ao2X +M7fTlvOUhgA69SK5AQ0EWECJKgEIANUq8MH5KnfLeZ4foBsJDfczzc3WlG5zIuBf +k/ldJ0gztgpDNtb3gPJLU3qug56jRLHz/9MJrjNJahePcCVeTDGifaAnF3Q2CLmg +ZU2Ha7zlBO0iQUfA0j00eOJueRAXBvFOJnzqY03+Ea0Kh06O1QjIV2njseFTJcLd +olb8Ean50L036lz/hmJPNi0EzU2GX3qKqIBw3DKFdrikfLhmqhq9p33DFwn4eTtm +fxUmrDJ73TGjzYw+rqFUVULaEOKXdcJGxEhcO8U7viXBwDYQQkWhmPu2dJvsIB0G +ms84hbsEzLEaAHeM8rdoFELPVncmYPL6R5DScL1rmMwtxvW8PUkAEQEAAYkBaAQY +EQIACQUCWECJKgIbAgEpCRBGBril3pW8H8BdIAQZAQIABgUCWECJKgAKCRAVWIsm +WWvqXUQhCACzE5EQVUrFy/bEc6ehvZzry+duhhP8oJf92zhYkpKrnryBi75VkcGf +fdAXI+Ri5XsyCg4RH7VYsgNoX0UPVI249VWgOVbg/ixq0M+zL0QNlPm8jgUW7yG7 +9OiBzlUXyYPMQQTTs0Cb3oiwNYLuAzCE1Pyy7YbYeVAznrG1AuhuaYdGkFRNzIx+ +ezlIeQN6YItJcibVGp7J5Pf6lE+pCPyFIQInPMozMkiU/CqyNYn7dcTzkwCBW0Nw +VqfJ+EUaUUd8IDEf7mdnSCBu6+AgAjGAwTigcqzyLNd5VOTnqSbgiV1KTMJCaCFP +QVjvjThkNVw3KL3RfTSRpOpFXlcyqzRX40EAn3X3Y9eBiV1Zly3zLlQpvZpOlWIb +AJ0fe9ImtfilywZ8+p06uOhbC6OEnLkBDQRYQIloAQgAu8C+Ur60jrrl3c5aX+qf +Ttp0U+vAofCMC2KjptLOW7EawSJcDEms26pyYlC9SPpMFRcoMUMQhuRrUgmIhwEj +zqnhMqrunizInnbKPlRYgnDV1grfMbFRKR7EHPTA6XqnBXkhyPmoMcT8t5tJoY3W +px88hPe58wH+XrTwczVK+CUFD68CRu6x4+m+1IFjfTMjzj0inL7zPgtxNx0mTdMp +vnZCFz4BC31555TM/JSC0TyP6tUC/Swgv8OI+tpZ2s05nAJPK+PnxNR01yq4gpu5 +TD6R1ViV0C3cNFKeryiNhtbxqh7R7OmCObbo22MeXtpt0uty3+v4Tc0D8lERUGmM +IQARAQABiEkEGBECAAkFAlhAiWgCGwwACgkQRga4pd6VvB/mnACfa4PRGlD3FrvE ++vU5gGY1Xge6288An1iP68W1734U1Oo5sWmuqd/ZD6t0 +=1FfB -----END PGP PUBLIC KEY BLOCK-----