Hello community, here is the log from the commit of package libxml2.13983 for openSUSE:Leap:15.1:Update checked in at 2020-09-14 20:22:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/libxml2.13983 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.libxml2.13983.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2.13983" Mon Sep 14 20:22:56 2020 rev:1 rq:833749 version:2.9.7 Changes: -------- New Changes file: --- /dev/null 2020-09-10 00:27:47.435250138 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.libxml2.13983.new.4249/libxml2.changes 2020-09-14 20:22:56.885604654 +0200 @@ -0,0 +1,1930 @@ +------------------------------------------------------------------- +Mon Sep 7 08:12:29 UTC 2020 - Pedro Monreal <[email protected]> + +- Security fix: [bsc#1176179, CVE-2020-24977] + * xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal +- Add patch libxml2-CVE-2020-24977.patch + +------------------------------------------------------------------- +Wed May 27 12:09:35 UTC 2020 - Pedro Monreal Gonzalez <[email protected]> + +- Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021] +- Remove libxml2-CVE-2019-19956.patch + +------------------------------------------------------------------- +Fri Feb 28 18:36:53 UTC 2020 - Pedro Monreal Gonzalez <[email protected]> + +- Security fix: [bsc#1161521, CVE-2019-20388] + * Memory leak in xmlSchemaPreRun in xmlschemas.c +- Add libxml2-CVE-2019-20388.patch + +------------------------------------------------------------------- +Wed Jan 22 11:16:39 UTC 2020 - Pedro Monreal Gonzalez <[email protected]> + +- Security fix: [bsc#1161517, CVE-2020-7595] + * xmlStringLenDecodeEntities in parser.c has an infinite loop in + a certain end-of-file situation +- Add libxml2-CVE-2020-7595.patch + +------------------------------------------------------------------- +Thu Jan 2 12:01:22 UTC 2020 - Pedro Monreal Gonzalez <[email protected]> + +- Security fix: [bsc#1159928, CVE-2019-19956] + * Memory leak related to newDoc->oldNs in xmlParseBalancedChunkMemoryRecover:parser.c +- Add libxml2-CVE-2019-19956.patch + +------------------------------------------------------------------- +Wed Aug 28 16:44:17 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Synchronize changelog files for libxml2 and python-libxml2-python [bsc#1123919] + +------------------------------------------------------------------- +Thu Jul 4 08:52:14 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH + to avoid nodeset limit when processing large XML files [bsc#1135123] + * Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch + +------------------------------------------------------------------- +Wed Sep 5 15:48:36 UTC 2018 - [email protected] + +- Security fix: + [bsc#1088279, CVE-2018-9251][bsc#1105166, CVE-2018-14567] + * Infinite loop in LZMA decompression + * Fixes CVE-2018-9251 introduced by CVE-2017-18258 + * Added libxml2-CVE-2018-14567.patch + +------------------------------------------------------------------- +Wed Sep 5 13:46:59 UTC 2018 - [email protected] + +- Security fix [bsc#1102046, CVE-2018-14404] + * NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can + allow attackers to cause a denial of service + * Added libxml2-CVE-2018-14404.patch + +------------------------------------------------------------------- +Sat Nov 11 15:31:50 UTC 2017 - [email protected] + +- Version update to 2.9.7 release: + * Bug Fixes: + + xmlcatalog: restore ability to query system catalog easily + + Fix comparison of nodesets to strings + * Improvements: + + Add Makefile rules to rebuild HTML man pages + + Remove generated file python/setup.py from version control + + Fix mixed decls and code in timsort.h + + Rework handling of return values in thread tests + + Fix unused variable warnings in testrecurse + + Fix -Wimplicit-fallthrough warnings + + Upgrade timsort.h to latest revision + + Fix a couple of warnings in dict.c and threads.c + + Fix unused variable warnings in nanohttp.c + + Don't include winsock2.h in xmllint.c + + Use __linux__ macro in generated code + * Portability: + + Add declaration for DllMain + + Fix preprocessor conditional in threads.h + + Fix macro redefinition warning + + many Windows specific improvements + * Documentation: + + xmlcatalog: refresh man page wrt. quering system catalog easily +- Includes bug fixes from 2.9.6: + * Fix XPath stack frame logic + * Report undefined XPath variable error message + * Fix regression with librsvg + * Handle more invalid entity values in recovery mode + * Fix structured validation errors + * Fix memory leak in LZMA decompressor + * Set memory limit for LZMA decompression + * Handle illegal entity values in recovery mode + * Fix debug dump of streaming XPath expressions + * Fix memory leak in nanoftp + * Fix memory leaks in SAX1 parser +- Drop libxml2-bug787941.patch + * upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8 + +------------------------------------------------------------------- +Thu Sep 21 14:19:56 UTC 2017 - [email protected] + +- Update package summaries and RPM groups. Trim descriptions for + size on secondary subpackages. Replace install call by a + commonly-used macro. + +------------------------------------------------------------------- +Thu Sep 21 14:05:29 UTC 2017 - [email protected] + +- Add patch to fix TW integration: + * libxml2-bug787941.patch + +------------------------------------------------------------------- +Sun Sep 10 09:54:07 UTC 2017 - [email protected] + +- Version update to 2.9.5 release: + * Merged all the previous cve fixes that were patched in + * Few small tweaks +- Remove merged patches: + * libxml2-CVE-2016-4658.patch + * libxml2-CVE-2017-0663.patch + * libxml2-CVE-2017-5969.patch + * libxml2-CVE-2017-9047.patch + * libxml2-CVE-2017-9048.patch + * libxml2-CVE-2017-9049.patch + * libxml2-2.9.4-fix_attribute_decoding.patch + +------------------------------------------------------------------- +Thu Jun 15 13:12:25 UTC 2017 - [email protected] + +- Security fix: + * libxml2-CVE-2017-0663.patch [bsc#1044337, CVE-2017-0663] + * Fix Heap buffer overflow in xmlAddID + +------------------------------------------------------------------- +Wed Jun 14 14:15:38 UTC 2017 - [email protected] + +- Security fix: + * libxml2-CVE-2017-5969.patch [bsc#1024989, CVE-2017-5969] + * Fix NULL pointer deref in xmlDumpElementContent + +------------------------------------------------------------------- +Mon May 22 15:42:43 UTC 2017 - [email protected] + +- Security fixes: + * libxml2-CVE-2017-9049.patch [bsc#1039066] + * heap-based buffer overflow (xmlDictComputeFastKey func) + * libxml2-CVE-2017-9048.patch [bsc#1039063] + * stack overflow vulnerability (xmlSnprintfElementContent func) + * libxml2-CVE-2017-9047.patch [bsc#1039064] + * stack overflow vulnerability (xmlSnprintfElementContent func) + +------------------------------------------------------------------- +Tue Mar 7 11:42:23 UTC 2017 - [email protected] + +- Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in + XPointer ranges. Namespace nodes must be copied to avoid + use-after-free errors. But they don't necessarily have a physical + representation in a document, so simply disallow them in XPointer + ranges [bsc#1005544] [CVE-2016-4658] + +------------------------------------------------------------------- +Wed Jun 8 12:20:43 UTC 2016 - [email protected] + +- add libxml2-2.9.4-fix_attribute_decoding.patch to fix attribute + decoding during XML schema validation [bnc#983288] + +------------------------------------------------------------------- +Fri May 27 14:22:55 UTC 2016 - [email protected] + +- Update libxml2 to version libxml2-2.9.4. The new version is + resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835, + CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838, + CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and + CVE-2016-1762. + +- Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch, + 0001-Add-missing-increments-of-recursion-depth-counter-to.patch, + and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch. + +------------------------------------------------------------------- +Fri May 20 14:59:32 UTC 2016 - [email protected] + +- add libxml2-2.9.3-bogus_UTF-8_encoding_error.patch to fix XML + push parser that fails with bogus UTF-8 encoding error when + multi-byte character in large CDATA section is split across + buffer [bnc#962796] + +------------------------------------------------------------------- +Tue May 3 11:40:42 UTC 2016 - [email protected] + ++++ 1733 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.libxml2.13983.new.4249/libxml2.changes New Changes file: --- /dev/null 2020-09-10 00:27:47.435250138 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.libxml2.13983.new.4249/python-libxml2-python.changes 2020-09-14 20:22:56.985604737 +0200 @@ -0,0 +1,1990 @@ +------------------------------------------------------------------- +Mon Sep 7 08:12:29 UTC 2020 - Pedro Monreal <[email protected]> + +- Security fix: [bsc#1176179, CVE-2020-24977] + * xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal +- Add patch libxml2-CVE-2020-24977.patch + +------------------------------------------------------------------- +Wed May 27 12:09:35 UTC 2020 - Pedro Monreal Gonzalez <[email protected]> + +- Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021] +- Remove libxml2-CVE-2019-19956.patch + +------------------------------------------------------------------- +Fri Feb 28 18:36:53 UTC 2020 - Pedro Monreal Gonzalez <[email protected]> + +- Security fix: [bsc#1161521, CVE-2019-20388] + * Memory leak in xmlSchemaPreRun in xmlschemas.c +- Add libxml2-CVE-2019-20388.patch + +------------------------------------------------------------------- +Wed Jan 22 11:16:39 UTC 2020 - Pedro Monreal Gonzalez <[email protected]> + +- Security fix: [bsc#1161517, CVE-2020-7595] + * xmlStringLenDecodeEntities in parser.c has an infinite loop in + a certain end-of-file situation +- Add libxml2-CVE-2020-7595.patch + +------------------------------------------------------------------- +Thu Jan 2 12:01:22 UTC 2020 - Pedro Monreal Gonzalez <[email protected]> + +- Security fix: [bsc#1159928, CVE-2019-19956] + * Memory leak related to newDoc->oldNs in xmlParseBalancedChunkMemoryRecover:parser.c +- Add libxml2-CVE-2019-19956.patch + +------------------------------------------------------------------- +Wed Aug 28 16:44:17 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Synchronize changelog files for libxml2 and python-libxml2-python [bsc#1123919] + +------------------------------------------------------------------- +Thu Jul 4 08:52:14 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH + to avoid nodeset limit when processing large XML files [bsc#1135123] + * Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch + +------------------------------------------------------------------- +Mon Jan 28 02:06:50 UTC 2019 - [email protected] + +- Add libxml2-python3-string-null-check.patch: fix NULL pointer + dereference when parsing invalid data (bsc#1065270 + glgo#libxml2!15).). + +------------------------------------------------------------------- +Wed Sep 5 15:48:36 UTC 2018 - [email protected] + +- Security fix: + [bsc#1088279, CVE-2018-9251][bsc#1105166, CVE-2018-14567] + * Infinite loop in LZMA decompression + * Fixes CVE-2018-9251 introduced by CVE-2017-18258 + * Added libxml2-CVE-2018-14567.patch + +------------------------------------------------------------------- +Wed Sep 5 13:46:59 UTC 2018 - [email protected] + +- Security fix [bsc#1102046, CVE-2018-14404] + * NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can + allow attackers to cause a denial of service + * Added libxml2-CVE-2018-14404.patch + +------------------------------------------------------------------- +Sat Nov 11 15:31:50 UTC 2017 - [email protected] + +- Version update to 2.9.7 release: + * Bug Fixes: + + xmlcatalog: restore ability to query system catalog easily + + Fix comparison of nodesets to strings + * Improvements: + + Add Makefile rules to rebuild HTML man pages + + Remove generated file python/setup.py from version control + + Fix mixed decls and code in timsort.h + + Rework handling of return values in thread tests + + Fix unused variable warnings in testrecurse + + Fix -Wimplicit-fallthrough warnings + + Upgrade timsort.h to latest revision + + Fix a couple of warnings in dict.c and threads.c + + Fix unused variable warnings in nanohttp.c + + Don't include winsock2.h in xmllint.c + + Use __linux__ macro in generated code + * Portability: + + Add declaration for DllMain + + Fix preprocessor conditional in threads.h + + Fix macro redefinition warning + + many Windows specific improvements + * Documentation: + + xmlcatalog: refresh man page wrt. quering system catalog easily +- Includes bug fixes from 2.9.6: + * Fix XPath stack frame logic + * Report undefined XPath variable error message + * Fix regression with librsvg + * Handle more invalid entity values in recovery mode + * Fix structured validation errors + * Fix memory leak in LZMA decompressor + * Set memory limit for LZMA decompression + * Handle illegal entity values in recovery mode + * Fix debug dump of streaming XPath expressions + * Fix memory leak in nanoftp + * Fix memory leaks in SAX1 parser +- Drop libxml2-bug787941.patch + * upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8 + +------------------------------------------------------------------- +Sat Nov 11 15:30:27 UTC 2017 - [email protected] + +- clean with spec-cleaner + +------------------------------------------------------------------- +Thu Oct 26 14:10:55 UTC 2017 - [email protected] + +- libxml2-python3-unicode-errors.patch: work around an issue with + libxml2 supplied error strings being undecodable UTF-8 (bsc#1065270) + +------------------------------------------------------------------- +Mon Oct 2 15:59:57 UTC 2017 - [email protected] + +- convert to singlespec, build a python 3 version +- change build instructions to use setup.py (and %python_build macros) + instead of makefile-based approach +- add python3.6-verify_fd.patch that fixes libxml2 on python 3.6 +- rename to python-libxml2-python to conform to package naming policy + (PyPI name is "libxml2-python") + +------------------------------------------------------------------- +Thu Sep 21 14:19:56 UTC 2017 - [email protected] + +- Update package summaries and RPM groups. Trim descriptions for + size on secondary subpackages. Replace install call by a + commonly-used macro. + +------------------------------------------------------------------- +Thu Sep 21 14:05:29 UTC 2017 - [email protected] + +- Add patch to fix TW integration: + * libxml2-bug787941.patch + +------------------------------------------------------------------- +Sun Sep 10 09:54:07 UTC 2017 - [email protected] + +- Version update to 2.9.5 release: + * Merged all the previous cve fixes that were patched in + * Few small tweaks +- Remove merged patches: + * libxml2-CVE-2016-4658.patch + * libxml2-CVE-2017-0663.patch + * libxml2-CVE-2017-5969.patch + * libxml2-CVE-2017-9047.patch + * libxml2-CVE-2017-9048.patch + * libxml2-CVE-2017-9049.patch + * libxml2-2.9.4-fix_attribute_decoding.patch + +------------------------------------------------------------------- +Thu Jun 15 13:12:25 UTC 2017 - [email protected] + +- Security fix: + * libxml2-CVE-2017-0663.patch [bsc#1044337, CVE-2017-0663] + * Fix Heap buffer overflow in xmlAddID + +------------------------------------------------------------------- +Wed Jun 14 14:15:38 UTC 2017 - [email protected] + +- Security fix: + * libxml2-CVE-2017-5969.patch [bsc#1024989, CVE-2017-5969] + * Fix NULL pointer deref in xmlDumpElementContent + +------------------------------------------------------------------- +Mon May 22 15:42:43 UTC 2017 - [email protected] + +- Security fixes: + * libxml2-CVE-2017-9049.patch [bsc#1039066] + * heap-based buffer overflow (xmlDictComputeFastKey func) + * libxml2-CVE-2017-9048.patch [bsc#1039063] + * stack overflow vulnerability (xmlSnprintfElementContent func) + * libxml2-CVE-2017-9047.patch [bsc#1039064] + * stack overflow vulnerability (xmlSnprintfElementContent func) + +------------------------------------------------------------------- +Tue Mar 7 11:42:23 UTC 2017 - [email protected] + +- Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in + XPointer ranges. Namespace nodes must be copied to avoid + use-after-free errors. But they don't necessarily have a physical + representation in a document, so simply disallow them in XPointer + ranges [bsc#1005544] [CVE-2016-4658] + +------------------------------------------------------------------- +Wed Jun 8 12:20:43 UTC 2016 - [email protected] ++++ 1793 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.libxml2.13983.new.4249/python-libxml2-python.changes New: ---- baselibs.conf fix-perl.diff libxml2-2.9.7.tar.gz libxml2-2.9.7.tar.gz.asc libxml2-CVE-2018-14404.patch libxml2-CVE-2018-14567.patch libxml2-CVE-2019-20388.patch libxml2-CVE-2020-24977.patch libxml2-CVE-2020-7595.patch libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch libxml2-python3-string-null-check.patch libxml2-python3-unicode-errors.patch libxml2.changes libxml2.keyring libxml2.spec python-libxml2-python.changes python-libxml2-python.spec python3.6-verify_fd.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2.spec ++++++ # # spec file for package libxml2 # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define lname libxml2-2 Name: libxml2 Version: 2.9.7 Release: 0 Summary: A Library to Manipulate XML Files License: MIT Group: Development/Libraries/C and C++ Url: http://xmlsoft.org Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source1: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz.asc Source2: baselibs.conf Source3: %{name}.keyring Patch0: fix-perl.diff # PATCH-FIX-UPSTREAM bsc#1102046 CVE-2018-14404 NULL pointer dereference in xpath.c:xmlXPathCompOpEval() Patch1: libxml2-CVE-2018-14404.patch # PATCH-FIX-UPSTREAM bsc#1105166 bsc#1088279 CVE-2018-14567 CVE-2018-9251 Fix infinite loop in LZMA decompression Patch2: libxml2-CVE-2018-14567.patch # PATCH-FIX-SUSE bsc#1135123 Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit Patch3: libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch # PATCH-FIX-UPSTREAM bsc#1161517 CVE-2020-7595 Infinite loop in xmlStringLenDecodeEntities Patch5: libxml2-CVE-2020-7595.patch # PATCH-FIX-UPSTREAM bsc#1161521 CVE-2019-20388 Memory leak in xmlSchemaPreRun Patch6: libxml2-CVE-2019-20388.patch # PATCH-FIX-UPSTREAM bsc#1176179 CVE-2020-24977 xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal Patch7: libxml2-CVE-2020-24977.patch BuildRequires: fdupes BuildRequires: pkgconfig BuildRequires: readline-devel BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(zlib) %description The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. %package -n %{lname} Summary: A Library to Manipulate XML Files Group: System/Libraries %description -n %{lname} The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. This library implements a number of existing standards related to markup languages, including the XML standard, name spaces in XML, XML Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and XML catalogs. In most cases, libxml tries to implement the specification in a rather strict way. To some extent, it provides support for the following specifications, but does not claim to implement them: DOM, FTP client, HTTP client, and SAX. The library also supports RelaxNG. Support for W3C XML Schemas is in progress. %package tools Summary: Tools using libxml Group: Productivity/Text/Utilities Provides: %{name} = %{version}-%{release} Obsoletes: %{name} < %{version}-%{release} %description tools This package contains xmllint, a very useful tool proving libxml's power. %package devel Summary: Development files for libxml2, an XML manipulation library Group: Development/Libraries/C and C++ Requires: %{lname} = %{version} Requires: %{name}-tools = %{version} Requires: glibc-devel Requires: readline-devel Requires: pkgconfig(liblzma) Requires: pkgconfig(zlib) %description devel The XML C library can load and save extensible data structures or manipulate any kind of XML files. This subpackage contains header files for developing applications that want to make use of libxml. %package doc Summary: Documentation for libxml, an XML manipulation library Group: Documentation/HTML Requires: %{lname} = %{version} BuildArch: noarch %description doc The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. %prep %setup -q %patch0 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %build %configure \ --disable-silent-rules \ --disable-static \ --docdir=%{_docdir}/%{name} \ --with-html-dir=%{_docdir}/%{name}/html \ --with-fexceptions \ --with-history \ --without-python \ --enable-ipv6 \ --with-sax1 \ --with-regexps \ --with-threads \ --with-reader \ --with-http make %{?_smp_mflags} BASE_DIR="%{_docdir}" DOC_MODULE="%{name}" %install %make_install BASE_DIR="%{_docdir}" DOC_MODULE="%{name}" mkdir -p "%{buildroot}/%{_docdir}/%{name}" cp -a AUTHORS NEWS README COPYING* Copyright TODO* %{buildroot}%{_docdir}/%{name}/ ln -s libxml2/libxml %{buildroot}%{_includedir}/libxml %fdupes %{buildroot}%{_datadir} %check # qemu-arm can't keep up atm, disabling check for arm %ifnarch %{arm} make %{?_smp_mflags} check %endif %post -n %{lname} -p /sbin/ldconfig %postun -n %{lname} -p /sbin/ldconfig %files -n %{lname} %{_libdir}/lib*.so.* %doc %dir %{_docdir}/%{name} %doc %{_docdir}/%{name}/[ANRCT]* %files tools %{_bindir}/xmllint %{_bindir}/xmlcatalog %{_mandir}/man1/xmllint.1* %{_mandir}/man1/xmlcatalog.1* %files devel %{_bindir}/xml2-config %dir %{_datadir}/aclocal %{_datadir}/aclocal/libxml.m4 %{_includedir}/libxml %{_includedir}/libxml2 %{_libdir}/lib*.so # libxml2.la is needed for the python-libxml2 build. Deleting it breaks build of python-libxml2. %{_libdir}/libxml2.la %{_libdir}/*.sh %{_libdir}/pkgconfig/*.pc %{_libdir}/cmake %{_mandir}/man1/xml2-config.1%{ext_man} %{_mandir}/man3/libxml.3%{ext_man} %files doc %{_datadir}/gtk-doc/html/* %doc %{_docdir}/%{name}/examples %doc %{_docdir}/%{name}/html # owning these directories prevents gtk-doc <-> libxml2 build loop: %dir %{_datadir}/gtk-doc %dir %{_datadir}/gtk-doc/html %changelog ++++++ python-libxml2-python.spec ++++++ # # spec file for package python-libxml2-python # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define oldpython python Name: python-libxml2-python Version: 2.9.7 Release: 0 Summary: Python Bindings for libxml2 License: MIT Group: Development/Libraries/Python Url: http://xmlsoft.org Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz Patch0: python3.6-verify_fd.patch Patch1: libxml2-python3-unicode-errors.patch # PATCH-FIX-UPSTREAM libxml2-python3-string-null-check.patch bsc#1065270 [email protected] -- don't return a NULL string for an invalid UTF-8 conversion. Patch2: libxml2-python3-string-null-check.patch # PATCH-FIX-UPSTREAM bsc#1161517 CVE-2020-7595 Infinite loop in xmlStringLenDecodeEntities Patch4: libxml2-CVE-2020-7595.patch # PATCH-FIX-UPSTREAM bsc#1161521 CVE-2019-20388 Memory leak in xmlSchemaPreRun Patch5: libxml2-CVE-2019-20388.patch # PATCH-FIX-UPSTREAM bsc#1176179 CVE-2020-24977 xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal Patch6: libxml2-CVE-2020-24977.patch BuildRequires: %{python_module devel} BuildRequires: %{python_module xml} BuildRequires: pkgconfig BuildRequires: python-rpm-macros BuildRequires: pkgconfig(libxml-2.0) Requires: libxml2-2 = %{version} %ifpython2 Obsoletes: libxml2-python < %{version} Provides: libxml2-python = %{version} Obsoletes: %{oldpython}-libxml2 < %{version} Provides: %{oldpython}-libxml2 = %{version} %endif %python_subpackages %description The libxml2-python package contains a module that permits applications written in the Python programming language to use the interface supplied by the libxml2 library to manipulate XML files. This library allows manipulation of XML files. It includes support for reading, modifying, and writing XML and HTML files. There is DTD support that includes parsing and validation even with complex DTDs, either at parse time or later once the document has been modified. %prep %setup -q -n libxml2-%{version} %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %build export CFLAGS="%{optflags} -fno-strict-aliasing" %configure \ --with-fexceptions \ --with-history \ --enable-ipv6 \ --with-sax1 \ --with-regexps \ --with-threads \ --with-reader \ --with-http pushd python %python_build popd %install pushd python %python_install popd chmod a-x python/tests/*.py # Unwanted doc stuff rm -fr %{buildroot}%{_datadir}/doc rm -f python/tests/Makefile* %files %{python_files} %doc python/TODO %doc python/libxml2class.txt %doc python/tests %{python_sitearch}/* %changelog ++++++ baselibs.conf ++++++ libxml2-2 obsoletes "libxml2-<targettype> < <version>" provides "libxml2-<targettype> = <version>" libxml2-devel requires -libxml2-<targettype> requires "libxml2-2-<targettype> = <version>" ++++++ fix-perl.diff ++++++ commit 77b77b1301e052d90e6a0967534a698506afcd86 Author: Daniel Veillard <[email protected]> Date: Thu Jan 26 19:11:02 2012 +0800 Fix SAX2 builder in case of undefined element namespaces Work as in XML-1.0 before namespaces, and use prefix:localname as the new element name (and no namespace of course) Also fix 3 cases in the regression tests where the prefix: was erroneously dropped in such case Index: SAX2.c =================================================================== --- SAX2.c.orig 2012-09-11 08:01:01.000000000 +0200 +++ SAX2.c 2012-12-15 16:32:27.353560391 +0100 @@ -2188,7 +2188,6 @@ xmlNodePtr parent; xmlNsPtr last = NULL, ns; const xmlChar *uri, *pref; - xmlChar *lname = NULL; int i, j; if (ctx == NULL) return; @@ -2208,20 +2207,6 @@ } /* - * Take care of the rare case of an undefined namespace prefix - */ - if ((prefix != NULL) && (URI == NULL)) { - if (ctxt->dictNames) { - const xmlChar *fullname; - - fullname = xmlDictQLookup(ctxt->dict, prefix, localname); - if (fullname != NULL) - localname = fullname; - } else { - lname = xmlBuildQName(localname, prefix, NULL, 0); - } - } - /* * allocate the node */ if (ctxt->freeElems != NULL) { @@ -2234,10 +2219,7 @@ if (ctxt->dictNames) ret->name = localname; else { - if (lname == NULL) - ret->name = xmlStrdup(localname); - else - ret->name = lname; + ret->name = xmlStrdup(localname); if (ret->name == NULL) { xmlSAX2ErrMemory(ctxt, "xmlSAX2StartElementNs"); return; @@ -2249,11 +2231,8 @@ if (ctxt->dictNames) ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, (xmlChar *) localname, NULL); - else if (lname == NULL) - ret = xmlNewDocNode(ctxt->myDoc, NULL, localname, NULL); else - ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, - (xmlChar *) lname, NULL); + ret = xmlNewDocNode(ctxt->myDoc, NULL, localname, NULL); if (ret == NULL) { xmlSAX2ErrMemory(ctxt, "xmlSAX2StartElementNs"); return; @@ -2360,31 +2339,6 @@ */ if (nb_attributes > 0) { for (j = 0,i = 0;i < nb_attributes;i++,j+=5) { - /* - * Handle the rare case of an undefined atribute prefix - */ - if ((attributes[j+1] != NULL) && (attributes[j+2] == NULL)) { - if (ctxt->dictNames) { - const xmlChar *fullname; - - fullname = xmlDictQLookup(ctxt->dict, attributes[j+1], - attributes[j]); - if (fullname != NULL) { - xmlSAX2AttributeNs(ctxt, fullname, NULL, - attributes[j+3], attributes[j+4]); - continue; - } - } else { - lname = xmlBuildQName(attributes[j], attributes[j+1], - NULL, 0); - if (lname != NULL) { - xmlSAX2AttributeNs(ctxt, lname, NULL, - attributes[j+3], attributes[j+4]); - xmlFree(lname); - continue; - } - } - } xmlSAX2AttributeNs(ctxt, attributes[j], attributes[j+1], attributes[j+3], attributes[j+4]); } Index: result/namespaces/err_7.xml =================================================================== --- result/namespaces/err_7.xml.orig +++ result/namespaces/err_7.xml @@ -1,2 +1,2 @@ <?xml version="1.0"?> -<f:foo/> +<foo/> Index: result/xmlid/id_tst2.xml =================================================================== --- result/xmlid/id_tst2.xml.orig +++ result/xmlid/id_tst2.xml @@ -1,6 +1,6 @@ Object is a Node Set : Set contains 1 nodes: -1 ELEMENT n:foo +1 ELEMENT foo ATTRIBUTE id TEXT content=bar Index: result/xmlid/id_tst3.xml =================================================================== --- result/xmlid/id_tst3.xml.orig +++ result/xmlid/id_tst3.xml @@ -1,6 +1,6 @@ Object is a Node Set : Set contains 1 nodes: -1 ELEMENT f:o:o +1 ELEMENT o:o ATTRIBUTE id TEXT content=bar ++++++ libxml2-CVE-2018-14404.patch ++++++ >From a436374994c47b12d5de1b8b1d191a098fa23594 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <[email protected]> Date: Mon, 30 Jul 2018 12:54:38 +0200 Subject: [PATCH] Fix nullptr deref with XPath logic ops If the XPath stack is corrupted, for example by a misbehaving extension function, the "and" and "or" XPath operators could dereference NULL pointers. Check that the XPath stack isn't empty and optimize the logic operators slightly. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5 Also see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817 https://bugzilla.redhat.com/show_bug.cgi?id=1595985 This is CVE-2018-14404. Thanks to Guy Inbar for the report. --- xpath.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/xpath.c b/xpath.c index 3fae0bf4..5e3bb9ff 100644 --- a/xpath.c +++ b/xpath.c @@ -13234,9 +13234,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) return(0); } xmlXPathBooleanFunction(ctxt, 1); - arg1 = valuePop(ctxt); - arg1->boolval &= arg2->boolval; - valuePush(ctxt, arg1); + if (ctxt->value != NULL) + ctxt->value->boolval &= arg2->boolval; xmlXPathReleaseObject(ctxt->context, arg2); return (total); case XPATH_OP_OR: @@ -13252,9 +13251,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) return(0); } xmlXPathBooleanFunction(ctxt, 1); - arg1 = valuePop(ctxt); - arg1->boolval |= arg2->boolval; - valuePush(ctxt, arg1); + if (ctxt->value != NULL) + ctxt->value->boolval |= arg2->boolval; xmlXPathReleaseObject(ctxt->context, arg2); return (total); case XPATH_OP_EQUAL: -- 2.18.0 ++++++ libxml2-CVE-2018-14567.patch ++++++ >From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <[email protected]> Date: Mon, 30 Jul 2018 13:14:11 +0200 Subject: [PATCH] Fix infinite loop in LZMA decompression MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Check the liblzma error code more thoroughly to avoid infinite loops. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13 Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914 This is CVE-2018-9251 and CVE-2018-14567. Thanks to Dongliang Mu and Simon Wörner for the reports. --- xzlib.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/xzlib.c b/xzlib.c index a839169e..0ba88cfa 100644 --- a/xzlib.c +++ b/xzlib.c @@ -562,6 +562,10 @@ xz_decomp(xz_statep state) "internal error: inflate stream corrupt"); return -1; } + /* + * FIXME: Remapping a couple of error codes and falling through + * to the LZMA error handling looks fragile. + */ if (ret == Z_MEM_ERROR) ret = LZMA_MEM_ERROR; if (ret == Z_DATA_ERROR) @@ -587,6 +591,11 @@ xz_decomp(xz_statep state) xz_error(state, LZMA_PROG_ERROR, "compression error"); return -1; } + if ((state->how != GZIP) && + (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) { + xz_error(state, ret, "lzma error"); + return -1; + } } while (strm->avail_out && ret != LZMA_STREAM_END); /* update available output and crc check value */ -- 2.18.0 ++++++ libxml2-CVE-2019-20388.patch ++++++ >From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001 From: Zhipeng Xie <[email protected]> Date: Tue, 20 Aug 2019 16:33:06 +0800 Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun alloc a new schema for ctxt->schema and set vctxt->xsiAssemble to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize vctxt->xsiAssemble to 0 again which cause the alloced schema can not be freed anymore. Found with libFuzzer. Signed-off-by: Zhipeng Xie <[email protected]> --- xmlschemas.c | 1 - 1 file changed, 1 deletion(-) diff --git a/xmlschemas.c b/xmlschemas.c index 301c84499..39d92182f 100644 --- a/xmlschemas.c +++ b/xmlschemas.c @@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { vctxt->nberrors = 0; vctxt->depth = -1; vctxt->skipDepth = -1; - vctxt->xsiAssemble = 0; vctxt->hasKeyrefs = 0; #ifdef ENABLE_IDC_NODE_TABLES_TEST vctxt->createIDCNodeTables = 1; ++++++ libxml2-CVE-2020-24977.patch ++++++ >From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <[email protected]> Date: Fri, 7 Aug 2020 21:54:27 +0200 Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout' Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access. Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for the report. Fixes #178. --- xmllint.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/xmllint.c b/xmllint.c index f6a8e4636..c647486f3 100644 --- a/xmllint.c +++ b/xmllint.c @@ -528,6 +528,12 @@ static void xmlHTMLEncodeSend(void) { char *result; + /* + * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might + * end with a truncated UTF-8 sequence. This is a hack to at least avoid + * an out-of-bounds read. + */ + memset(&buffer[sizeof(buffer)-4], 0, 4); result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer); if (result) { xmlGenericError(xmlGenericErrorContext, "%s", result); -- GitLab ++++++ libxml2-CVE-2020-7595.patch ++++++ >From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 From: Zhipeng Xie <[email protected]> Date: Thu, 12 Dec 2019 17:30:55 +0800 Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef return NULL which cause a infinite loop in xmlStringLenDecodeEntities Found with libFuzzer. Signed-off-by: Zhipeng Xie <[email protected]> --- parser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/parser.c b/parser.c index d1c31963..a34bb6cd 100644 --- a/parser.c +++ b/parser.c @@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, else c = 0; while ((c != 0) && (c != end) && /* non input consuming loop */ - (c != end2) && (c != end3)) { + (c != end2) && (c != end3) && + (ctxt->instate != XML_PARSER_EOF)) { if (c == 0) break; if ((c == '&') && (str[1] == '#')) { -- 2.24.1 ++++++ libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch ++++++ --- libxml2-2.9.4/xpath.c +++ libxml2-2.9.4/xpath.c @@ -119,14 +119,32 @@ #define XPATH_MAX_STACK_DEPTH 1000000 /* - * XPATH_MAX_NODESET_LENGTH: + * XPATH_DEFAULT_MAX_NODESET_LENGTH: * when evaluating an XPath expression nodesets are created and we - * arbitrary limit the maximum length of those node set. 10000000 is - * an insanely large value which should never be reached under normal - * circumstances, one would first need to construct an in memory tree + * arbitrary limit the maximum length of those node set. Default value is + * 10000000, an insanely large value which should never be reached under + * normal circumstances, one would first need to construct an in memory tree * with more than 10 millions nodes. + * + * Adjustable via LIBXML_MAX_NODESET_LENGTH env variable. + * Absolute maximum is INT_MAX. */ -#define XPATH_MAX_NODESET_LENGTH 10000000 +#define XPATH_DEFAULT_MAX_NODESET_LENGTH 10000000 + +int +get_max_nodeset_len() { + const char *max_nodeset_len_str = getenv("LIBXML_MAX_NODESET_LENGTH"); + int max_nodeset_len = XPATH_DEFAULT_MAX_NODESET_LENGTH; + + if (max_nodeset_len_str != NULL) { + max_nodeset_len = strtol(max_nodeset_len_str, NULL, 10); + + if (max_nodeset_len <= 0 || max_nodeset_len > INT_MAX) + max_nodeset_len = XPATH_DEFAULT_MAX_NODESET_LENGTH; + } + + return max_nodeset_len; +} /* * TODO: @@ -3672,7 +3690,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; - if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (cur->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); return(-1); } @@ -3727,7 +3745,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; - if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (cur->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); return(-1); } @@ -3781,7 +3799,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; - if (cur->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (cur->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); return(-1); } @@ -3897,7 +3915,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, } else if (val1->nodeNr == val1->nodeMax) { xmlNodePtr *temp; - if (val1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (val1->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); return(NULL); } @@ -4008,7 +4026,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP } else if (set1->nodeNr >= set1->nodeMax) { xmlNodePtr *temp; - if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (set1->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); return(NULL); } @@ -4096,7 +4114,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN } else if (set1->nodeNr >= set1->nodeMax) { xmlNodePtr *temp; - if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (set1->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); return(NULL); } ++++++ libxml2-python3-string-null-check.patch ++++++ >From 07b1c4c8a736a31ac4b8ae13ea25d50793dfea83 Mon Sep 17 00:00:00 2001 From: Mike Gorse <[email protected]> Date: Fri, 25 Jan 2019 12:55:52 -0600 Subject: [PATCH] python: return None if PY_IMPORT_STRING returns NULL PY_IMPORT_STRING might return NULL on python 3 if, ie, a string can't be encoded. We should check for this and return None, rather than returning NULL. Fixes a NULL pointer dereference when reporting an error with an invalid string. --- python/types.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/python/types.c b/python/types.c index 124af565..50951ba3 100644 --- a/python/types.c +++ b/python/types.c @@ -150,6 +150,10 @@ libxml_charPtrConstWrap(const char *str) return (Py_None); } ret = PY_IMPORT_STRING(str); + if (ret == NULL) { + Py_INCREF(Py_None); + return (Py_None); + } return (ret); } -- 2.18.0 ++++++ libxml2-python3-unicode-errors.patch ++++++ Index: libxml2-2.9.5/python/libxml.c =================================================================== --- libxml2-2.9.5.orig/python/libxml.c +++ libxml2-2.9.5/python/libxml.c @@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU PyObject *message; PyObject *result; char str[1000]; + unsigned char *ptr = (unsigned char *)str; #ifdef DEBUG_ERROR printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); @@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU str[999] = 0; va_end(ap); +#if PY_MAJOR_VERSION >= 3 + /* Ensure the error string doesn't start at UTF8 continuation. */ + while (*ptr && (*ptr & 0xc0) == 0x80) + ptr++; +#endif + list = PyTuple_New(2); PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); - message = libxml_charPtrConstWrap(str); + message = libxml_charPtrConstWrap(ptr); PyTuple_SetItem(list, 1, message); result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); + /* Forget any errors caused in the error handler. */ + PyErr_Clear(); Py_XDECREF(list); Py_XDECREF(result); } ++++++ libxml2.keyring ++++++ pub dsa1024 2000-05-31 [SC] C74415BA7C9C7F78F02E1DC34606B8A5DE95BC1F uid [ unknown] Daniel Veillard (Red Hat work email) <[email protected]> uid [ unknown] Daniel Veillard <[email protected]> sub elg1024 2000-05-31 [E] sub rsa2048 2016-12-01 [S] sub rsa2048 2016-12-01 [E] -----BEGIN PGP PUBLIC KEY BLOCK----- mQGiBDk1EfQRBACMYQsU1LMs37qOMMJhTkfyb5aruPapu8ICNR4kNk36jT/ld7oN /0xtqM/e2S9VOzAd165POeEobxTXN234MOhj6PM9uJNOgAq1N1k1eWhGpVw2HIYs b40BHgKVf9mdrv7375L18Sb8qv3CcBhJfK8oW0Zv2oeruWFDpsMr9ULxxwCgmjap uDrJDZN7HEtOCcPF8CoNTG8D+wedGbKLvXg6NE5UyrkV3qfYwrPai84EsPY1VaWe mF+hPch+14r0CUIOVADX87HaIBsTmGZ/u6Ks9ZYALVZbwjQcyNp7MP4ZmvIpfHXd xgLJ+9DbKs6yTlgA1moUSERyfGq/kMC9nq3dVYgmYmxxRuO8/eVKufvStnxhIr/a v3o3A/0T4/hPXT2N4WCpvpCxKDIPy9/pqXcYjSEVbS1lfYP6zfxNDKwuF2j4gRWm unJnPowIGx0+Zhl1dc68B6QOgxqenJNkNbSKUUm23MlzSeT6zyyAJcXW///zxZ7t 7Yq4L9+X6FQtJ8D7kbcB/NQv93UqZKnUplD+35b/xM6zP6UqerQoRGFuaWVsIFZl aWxsYXJkIDxEYW5pZWwuVmVpbGxhcmRAdzMub3JnPoheBBMRAgAWBQI5NRH0BAsK BAMDFQMCAxYCAQIXgAASCRBGBril3pW8HwdlR1BHAAEBKNgAnRuDe5kcD79/3vhC 0jRUT7S4pGkMAJ9ORN7LL3LJHM45LM9yjIu68UOu7rQ6RGFuaWVsIFZlaWxsYXJk IChSZWQgSGF0IHdvcmsgZW1haWwpIDx2ZWlsbGFyZEByZWRoYXQuY29tPoheBBMR AgAeBQJDUpSLAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEEYGuKXelbwfJcAA ni8XquAlSF6z8WnJwQ6I7yrVTA6IAJ9NnwyV+dwE1wkDg1eyogC6lcU8v7kBDQQ5 NRH8EAQA6raUOSvHFNG42i2tV40BREp+exkXNnTXKS6miTUtTNjvu5i0VDDHrkPy vaM8ILRng3jvRdDhhv/tVclHJZ7JylE//45a/1Xa5fl3Jk8vNDW5gy1PEwjAFBQU g375MbgeIpwwER+9c6UtsAMxYv2o03OIDyq7cLpJQo3p2G0OIUcAAwUEAMGyb7gN E1ryao3pM9KgK+/iwsAglaAQm8Wd/AdsAROH6Wy1dwQ2QcecJ4m9ffE1MhCRQo// 8VFGHFHS2C24MDsnOVIgEVnWbEIVMzp5vFfC+kIF7Rr9nq3Bgr4wHo6y+204GF1U c3r3Cb2Fn7YWmk1NnVJ6teellDsxT+7MvfM/iE4EGBECAAYFAjk1EfwAEgkQRga4 pd6VvB8HZUdQRwABATrDAJ48v66qkzGGLR2mH2C7SFw0y4OYSACghuQ7BYTNAlVF M7fTlvOUhgA69SK5AQ0EWECJKgEIANUq8MH5KnfLeZ4foBsJDfczzc3WlG5zIuBf k/ldJ0gztgpDNtb3gPJLU3qug56jRLHz/9MJrjNJahePcCVeTDGifaAnF3Q2CLmg ZU2Ha7zlBO0iQUfA0j00eOJueRAXBvFOJnzqY03+Ea0Kh06O1QjIV2njseFTJcLd olb8Ean50L036lz/hmJPNi0EzU2GX3qKqIBw3DKFdrikfLhmqhq9p33DFwn4eTtm fxUmrDJ73TGjzYw+rqFUVULaEOKXdcJGxEhcO8U7viXBwDYQQkWhmPu2dJvsIB0G ms84hbsEzLEaAHeM8rdoFELPVncmYPL6R5DScL1rmMwtxvW8PUkAEQEAAYkBaAQY EQIACQUCWECJKgIbAgEpCRBGBril3pW8H8BdIAQZAQIABgUCWECJKgAKCRAVWIsm WWvqXUQhCACzE5EQVUrFy/bEc6ehvZzry+duhhP8oJf92zhYkpKrnryBi75VkcGf fdAXI+Ri5XsyCg4RH7VYsgNoX0UPVI249VWgOVbg/ixq0M+zL0QNlPm8jgUW7yG7 9OiBzlUXyYPMQQTTs0Cb3oiwNYLuAzCE1Pyy7YbYeVAznrG1AuhuaYdGkFRNzIx+ ezlIeQN6YItJcibVGp7J5Pf6lE+pCPyFIQInPMozMkiU/CqyNYn7dcTzkwCBW0Nw VqfJ+EUaUUd8IDEf7mdnSCBu6+AgAjGAwTigcqzyLNd5VOTnqSbgiV1KTMJCaCFP QVjvjThkNVw3KL3RfTSRpOpFXlcyqzRX40EAn3X3Y9eBiV1Zly3zLlQpvZpOlWIb AJ0fe9ImtfilywZ8+p06uOhbC6OEnLkBDQRYQIloAQgAu8C+Ur60jrrl3c5aX+qf Ttp0U+vAofCMC2KjptLOW7EawSJcDEms26pyYlC9SPpMFRcoMUMQhuRrUgmIhwEj zqnhMqrunizInnbKPlRYgnDV1grfMbFRKR7EHPTA6XqnBXkhyPmoMcT8t5tJoY3W px88hPe58wH+XrTwczVK+CUFD68CRu6x4+m+1IFjfTMjzj0inL7zPgtxNx0mTdMp vnZCFz4BC31555TM/JSC0TyP6tUC/Swgv8OI+tpZ2s05nAJPK+PnxNR01yq4gpu5 TD6R1ViV0C3cNFKeryiNhtbxqh7R7OmCObbo22MeXtpt0uty3+v4Tc0D8lERUGmM IQARAQABiEkEGBECAAkFAlhAiWgCGwwACgkQRga4pd6VvB/mnACfa4PRGlD3FrvE +vU5gGY1Xge6288An1iP68W1734U1Oo5sWmuqd/ZD6t0 =1FfB -----END PGP PUBLIC KEY BLOCK----- ++++++ python3.6-verify_fd.patch ++++++ _PyVerify_fd is a no-op outside of Windows CRT and was dropped from Python 3.6 Index: libxml2-2.9.5/python/types.c =================================================================== --- libxml2-2.9.5.orig/python/types.c +++ libxml2-2.9.5/python/types.c @@ -31,8 +31,6 @@ libxml_PyFileGet(PyObject *f) { const char *mode; fd = PyObject_AsFileDescriptor(f); - if (!_PyVerify_fd(fd)) - return(NULL); /* * Get the flags on the fd to understand how it was opened */
