Hello community, here is the log from the commit of package libxml2 for openSUSE:Leap:15.2 checked in at 2020-06-08 13:44:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/libxml2 (Old) and /work/SRC/openSUSE:Leap:15.2/.libxml2.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2" Mon Jun 8 13:44:40 2020 rev:37 rq:811679 version:2.9.7 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/libxml2/libxml2.changes 2020-05-26 18:32:27.813586696 +0200 +++ /work/SRC/openSUSE:Leap:15.2/.libxml2.new.3606/libxml2.changes 2020-06-08 13:44:43.087082771 +0200 @@ -1,0 +2,6 @@ +Wed May 27 12:09:35 UTC 2020 - Pedro Monreal Gonzalez <[email protected]> + +- Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021] +- Remove libxml2-CVE-2019-19956.patch + +------------------------------------------------------------------- python-libxml2-python.changes: same change Old: ---- libxml2-CVE-2019-19956.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.OVmqPy/_old 2020-06-08 13:44:43.631084150 +0200 +++ /var/tmp/diff_new_pack.OVmqPy/_new 2020-06-08 13:44:43.635084160 +0200 @@ -35,8 +35,6 @@ Patch2: libxml2-CVE-2018-14567.patch # PATCH-FIX-SUSE bsc#1135123 Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit Patch3: libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch -# PATCH-FIX-UPSTREAM bsc#1159928 CVE-2019-19956 Fix memory leak in xmlParseBalancedChunkMemoryRecover -Patch4: libxml2-CVE-2019-19956.patch # PATCH-FIX-UPSTREAM bsc#1161517 CVE-2020-7595 Infinite loop in xmlStringLenDecodeEntities Patch5: libxml2-CVE-2020-7595.patch # PATCH-FIX-UPSTREAM bsc#1161521 CVE-2019-20388 Memory leak in xmlSchemaPreRun @@ -115,7 +113,6 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 %patch5 -p1 %patch6 -p1 @@ -134,7 +131,6 @@ --with-threads \ --with-reader \ --with-http - make %{?_smp_mflags} BASE_DIR="%{_docdir}" DOC_MODULE="%{name}" %install ++++++ python-libxml2-python.spec ++++++ --- /var/tmp/diff_new_pack.OVmqPy/_old 2020-06-08 13:44:43.655084211 +0200 +++ /var/tmp/diff_new_pack.OVmqPy/_new 2020-06-08 13:44:43.659084221 +0200 @@ -30,8 +30,6 @@ Patch1: libxml2-python3-unicode-errors.patch # PATCH-FIX-UPSTREAM libxml2-python3-string-null-check.patch bsc#1065270 [email protected] -- don't return a NULL string for an invalid UTF-8 conversion. Patch2: libxml2-python3-string-null-check.patch -# PATCH-FIX-UPSTREAM bsc#1159928 CVE-2019-19956 Fix memory leak in xmlParseBalancedChunkMemoryRecover -Patch3: libxml2-CVE-2019-19956.patch # PATCH-FIX-UPSTREAM bsc#1161517 CVE-2020-7595 Infinite loop in xmlStringLenDecodeEntities Patch4: libxml2-CVE-2020-7595.patch # PATCH-FIX-UPSTREAM bsc#1161521 CVE-2019-20388 Memory leak in xmlSchemaPreRun @@ -65,7 +63,6 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 %patch4 -p1 %patch5 -p1
