Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2017-10-05 11:54:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2" Thu Oct 5 11:54:42 2017 rev:88 rq:530521 version:2.9.5 Changes: -------- New Changes file: --- /dev/null 2017-10-05 07:47:18.104773531 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2-python.changes 2017-10-05 11:54:47.130364991 +0200 @@ -0,0 +1,1541 @@ +------------------------------------------------------------------- +Mon Oct 2 15:59:57 UTC 2017 - jmate...@suse.com + +- convert to singlespec, build a python 3 version +- change build instructions to use setup.py (and %python_build macros) + instead of makefile-based approach +- add python3.6-verify_fd.patch that fixes libxml2 on python 3.6 +- rename to python-libxml2-python to conform to package naming policy + (PyPI name is "libxml2-python") + +------------------------------------------------------------------- +Thu Sep 21 14:19:56 UTC 2017 - jeng...@inai.de + +- Update package summaries and RPM groups. Trim descriptions for + size on secondary subpackages. Replace install call by a + commonly-used macro. + +------------------------------------------------------------------- +Sun Sep 10 09:54:07 UTC 2017 - tchva...@suse.com + +- Version update to 2.9.5 release: + * Merged all the previous cve fixes that were patched in + * Few small tweaks +- Remove merged patches: + * libxml2-CVE-2016-4658.patch + * libxml2-CVE-2017-0663.patch + * libxml2-CVE-2017-5969.patch + * libxml2-CVE-2017-9047.patch + * libxml2-CVE-2017-9048.patch + * libxml2-CVE-2017-9049.patch + * libxml2-2.9.4-fix_attribute_decoding.patch + +------------------------------------------------------------------- +Fri May 27 14:22:55 UTC 2016 - psim...@suse.com + +- Update python-libxml2 to version libxml2-2.9.4. The new version + is resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835, + CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838, + CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and + CVE-2016-1762. + +------------------------------------------------------------------- +Fri Oct 31 10:55:27 UTC 2014 - vci...@suse.com + +- Update to 2.9.2 version + +------------------------------------------------------------------- +Sun Jul 7 06:00:42 UTC 2013 - co...@suse.com + +- buildignore python to avoid build cycle + +------------------------------------------------------------------- +Sat Dec 15 15:55:26 UTC 2012 - p.drou...@gmail.com + +- update to 2.9.0 version: + * please see the Changelog +- Updated patchs to get working with new version: + * libxml2-2.9.0-CVE-2012-5134.patch ( libxml2-CVE-2012-5134.patch ) + * fix-perl.diff + +------------------------------------------------------------------- +Tue Jun 12 18:10:07 UTC 2012 - ch...@computersalat.de + +- update to 2.8.0 + * please see ChangeLog for more info + +------------------------------------------------------------------- +Sat Feb 25 08:47:58 UTC 2012 - co...@suse.com + +- fix version + +------------------------------------------------------------------- +Thu Feb 23 11:00:21 UTC 2012 - co...@suse.com + +- renamed to python-libxml2 to follow python naming expectations +- do not require python but let rpm figure it out + +------------------------------------------------------------------- +Mon Dec 26 17:08:59 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections + +------------------------------------------------------------------- +Fri Jul 8 08:52:06 UTC 2011 - sasc...@suse.de + +- update to libxml-2.7.8+git20110708 + - several important bugfixes + +------------------------------------------------------------------- +Mon Dec 6 09:05:53 UTC 2010 - co...@novell.com + +- buildrequire python-xml to fix build + +------------------------------------------------------------------- +Fri Dec 3 12:24:42 UTC 2010 - pu...@novell.com + +- update to libxml-2.7.8 + - number of bufixes, documentation and portability fixes + - update language ID parser to RFC 5646 + - sort python generated stubs + - add an HTML parser option to avoid a default doctype + - see http://xmlsoft.org/news.html for exact details +- clean up specfile + +------------------------------------------------------------------- +Wed Apr 7 16:34:29 UTC 2010 - co...@novell.com + +- fix build + +------------------------------------------------------------------- +Tue Mar 23 23:46:00 CET 2010 - mrd...@opensuse.org + +- update to 2.7.7 +- add extra options to ./configure for scribus features and avoid a crash +- updates from 2.7.3 > 2.7.7 include a number of portability, correctness + memory leaks and build fixes including some CVE +- see http://xmlsoft.org/news.html for exact details + +------------------------------------------------------------------- +Tue Dec 15 12:19:16 CET 2009 - jeng...@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Thu Mar 19 10:16:50 CET 2009 - prus...@suse.cz + +- updated to 2.7.2 + * Portability fix: fix solaris compilation problem, + fix compilation if XPath is not configured in + * Bug fixes: nasty entity bug introduced in 2.7.0, restore old + behaviour when saving an HTML doc with an xml dump function, + HTML UTF-8 parsing bug, fix reader custom error handlers + (Riccardo Scussat) + * Improvement: xmlSave options for more flexibility to save + as XML/HTML/XHTML, handle leading BOM in HTML documents +- updated to 2.7.3 + * Build fix: fix build when HTML support is not included. + * Bug fixes: avoid memory overflow in gigantic text nodes, + indentation problem on the writed (Rob Richards), + xmlAddChildList pointer problem (Rob Richards and Kevin Milburn), + xmlAddChild problem with attribute (Rob Richards and Kris Breuker), + avoid a memory leak in an edge case (Daniel Zimmermann), + deallocate some pthread data (Alex Ott). + * Improvements: configure option to avoid rebuilding docs + (Adrian Bunk), limit text nodes to 10MB max by default, + add element traversal APIs, add a parser option to enable + pre 2.7 SAX behavior (Rob Richards), + add gcc malloc checking (Marcus Meissner), + add gcc printf like functions parameters checking (Marcus Meissner). +- dropped obsoleted patches: + * alloc_size.patch (mainline) + * CVE-2008-4225.patch (mainline) + * CVE-2008-4226.patch (mainline) + * CVE-2008-4409.patch (mainline) + * oldsax.patch (mainline) + * pritnf.patch (mainline) + * xmlsave.patch (mainline) + +------------------------------------------------------------------- +Mon Jan 12 17:21:59 CET 2009 - prus...@suse.cz + +- added oldsax.patch to enable pre 2.7.0 sax behaviour [bnc#457056] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - o...@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Tue Nov 25 16:00:27 CET 2008 - prus...@suse.cz + +- fix broken xmlsave (xmlsave.patch) [bnc#437203] + +------------------------------------------------------------------- +Tue Nov 18 16:24:39 CET 2008 - prus...@suse.cz + +- fixed CVE-2008-4225 [bnc#445677] + +------------------------------------------------------------------- +Thu Nov 6 12:02:25 CET 2008 - prus...@suse.cz + +- fixed CVE-2008-4226 [bnc#441368] + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - o...@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Mon Oct 6 14:50:38 CEST 2008 - prus...@suse.cz + +- fixed CVE-2008-4409 [bnc#432486] + +------------------------------------------------------------------- +Tue Sep 9 17:01:12 CEST 2008 - meiss...@suse.de + ++++ 1344 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2-python.changes Old: ---- python-libxml2.changes python-libxml2.spec New: ---- python-libxml2-python.changes python-libxml2-python.spec python3.6-verify_fd.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-libxml2-python.spec ++++++ # # spec file for package python-libxml2-python # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define oldpython python Name: python-libxml2-python Version: 2.9.5 Release: 0 Summary: Python Bindings for libxml2 License: MIT Group: Development/Libraries/Python Url: http://xmlsoft.org Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz Patch0: python3.6-verify_fd.patch BuildRequires: %{python_module devel} BuildRequires: %{python_module xml} BuildRequires: pkgconfig BuildRequires: python-rpm-macros BuildRequires: pkgconfig(libxml-2.0) Requires: libxml2-2 = %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %ifpython2 Obsoletes: libxml2-python < %{version} Provides: libxml2-python = %{version} Obsoletes: %{oldpython}-libxml2 < %{version} Provides: %{oldpython}-libxml2 = %{version} %endif %python_subpackages %description The libxml2-python package contains a module that permits applications written in the Python programming language to use the interface supplied by the libxml2 library to manipulate XML files. This library allows manipulation of XML files. It includes support for reading, modifying, and writing XML and HTML files. There is DTD support that includes parsing and validation even with complex DTDs, either at parse time or later once the document has been modified. %prep %setup -q -n libxml2-%{version} %patch0 -p1 %build export CFLAGS="%{optflags} -fno-strict-aliasing" %configure \ --with-fexceptions \ --with-history \ --enable-ipv6 \ --with-sax1 \ --with-regexps \ --with-threads \ --with-reader \ --with-http pushd python %python_build popd %install pushd python %python_install popd chmod a-x python/tests/*.py # Unwanted doc stuff rm -fr %{buildroot}%{_datadir}/doc rm -f python/tests/Makefile* %files %{python_files} %defattr(-, root, root) %doc python/TODO %doc python/libxml2class.txt %doc python/tests %{python_sitearch}/* %changelog ++++++ python3.6-verify_fd.patch ++++++ _PyVerify_fd is a no-op outside of Windows CRT and was dropped from Python 3.6 Index: libxml2-2.9.5/python/types.c =================================================================== --- libxml2-2.9.5.orig/python/types.c +++ libxml2-2.9.5/python/types.c @@ -31,8 +31,6 @@ libxml_PyFileGet(PyObject *f) { const char *mode; fd = PyObject_AsFileDescriptor(f); - if (!_PyVerify_fd(fd)) - return(NULL); /* * Get the flags on the fd to understand how it was opened */
