commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2020-11-02 09:40:31 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.3463 (New) Package is "libxml2" Mon Nov 2 09:40:31 2020 rev:100 rq:844894 version:2.9.10 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2020-09-10 22:45:34.363687118 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new.3463/libxml2.changes 2020-11-02 09:40:36.669622463 +0100 @@ -1,0 +2,6 @@ +Fri Oct 23 19:11:01 UTC 2020 - Benjamin Greiner + +- Make python subpackage ready for multiple python3 flavors + gh#openSUSE/python-rpm-macros#66 + +--- Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.dnu739/_old 2020-11-02 09:40:38.221623952 +0100 +++ /var/tmp/diff_new_pack.dnu739/_new 2020-11-02 09:40:38.225623956 +0100 @@ -20,21 +20,26 @@ # Define "python" as a package in _multibuild file %global flavor @BUILD_FLAVOR@%{nil} %if "%{flavor}" == "python" -%define psuffix -python +%global pprefix python- %define oldpython python %bcond_without python %bcond_without python2 %else -%define psuffix %{nil} +%global pprefix %{nil} %bcond_with python %endif %define bname libxml2 %define lname libxml2-2 -Name: %{bname}%{psuffix} +Name: %{pprefix}%{bname} Version:2.9.10 Release:0 +%if !%{with python} Summary:A Library to Manipulate XML Files License:MIT +%else +Summary:Python Bindings for libxml2 +License:MIT +%endif URL:http://xmlsoft.org Source: ftp://xmlsoft.org/libxml2/%{bname}-%{version}.tar.gz Source1:ftp://xmlsoft.org/libxml2/%{bname}-%{version}.tar.gz.asc @@ -57,29 +62,41 @@ Patch7: libxml2-CVE-2020-24977.patch BuildRequires: fdupes BuildRequires: pkgconfig +BuildRequires: python-rpm-macros %if !%{with python} BuildRequires: readline-devel BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(zlib) -%endif -%if %{with python} +%else BuildRequires: %{python_module devel} BuildRequires: %{python_module xml} -BuildRequires: python-rpm-macros BuildRequires: pkgconfig(libxml-2.0) -Requires: libxml2-2 = %{version} +Requires: %{lname} = %{version} +Provides: python-libxml2-python = %{version}-%{release} +Obsoletes: %{bname}-python < %{version}-%{release} +Obsoletes: python-libxml2-python < %{version}-%{release} %if "%{python_flavor}" == "python2" -Obsoletes: %{bname}-python < %{version} -Provides: %{bname}-python = %{version} -Obsoletes: %{oldpython}-libxml2 < %{version} -Provides: %{oldpython}-libxml2 = %{version} +Provides: %{bname}-python = %{version}-%{release} +Provides: %{oldpython}-libxml2 = %{version}-%{release} +Obsoletes: %{oldpython}-libxml2 < %{version}-%{release} %endif %endif +%python_subpackages %description The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. +%if %{with python} +This package contains a module that permits +applications written in the Python programming language to use the +interface supplied by the libxml2 library to manipulate XML files. + +This library allows manipulation of XML files. It includes support for +reading, modifying, and writing XML and HTML files. There is DTD +support that includes parsing and validation even with complex DTDs, +either at parse time or later once the document has been modified. +%endif %package -n %{lname} Summary:A Library to Manipulate XML Files @@ -136,38 +153,6 @@ now used by many programs to load and save extensible data structures or manipulate any kind of XML files. -%package -n python2-libxml2 -Summary:Python 2 Bindings for libxml2 -Obsoletes: libxml2-python -Provides: python2-libxml2-python -Obsoletes: python2-libxml2-python - -%description -n python2-libxml2 -The python2-libxml2 package contains a module that permits -applications written in the Python programming language to use the -interface supplied by the libxml2 library to manipulate XML files. - -This library allows manipulation of XML files. It includes support for -reading, modifying, and writing XML and HTML files. There is DTD -support that includes parsing and validation even with complex DTDs, -either at parse time or later once the document has been modified. - -%package -n python3-libxml2 -Summary:Python 3 Bindings for libxml2 -Obsoletes: libxml2-python -Provides: python3-libxml2-python -Obsoletes:
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2020-09-10 22:45:28 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.4249 (New) Package is "libxml2" Thu Sep 10 22:45:28 2020 rev:99 rq:832832 version:2.9.10 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2020-06-11 14:38:27.400219318 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new.4249/libxml2.changes 2020-09-10 22:45:34.363687118 +0200 @@ -1,0 +2,7 @@ +Mon Sep 7 08:12:29 UTC 2020 - Pedro Monreal + +- Security fix: [bsc#1176179, CVE-2020-24977] + * xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal +- Add patch libxml2-CVE-2020-24977.patch + +--- New: libxml2-CVE-2020-24977.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.YckBWg/_old 2020-09-10 22:45:35.399688073 +0200 +++ /var/tmp/diff_new_pack.YckBWg/_new 2020-09-10 22:45:35.403688076 +0200 @@ -53,6 +53,8 @@ Patch5: libxml2-CVE-2020-7595.patch # PATCH-FIX-UPSTREAM bsc#1159928 CVE-2019-19956 Revert usptream commit Patch6: libxml2-CVE-2019-19956.patch +# PATCH-FIX-UPSTREAM bsc#1176179 CVE-2020-24977 xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal +Patch7: libxml2-CVE-2020-24977.patch BuildRequires: fdupes BuildRequires: pkgconfig %if !%{with python} @@ -175,6 +177,7 @@ %patch4 -p1 -R %patch5 -p1 %patch6 -p1 -R +%patch7 -p1 %build %if !%{with python} ++ libxml2-CVE-2020-24977.patch ++ >From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer Date: Fri, 7 Aug 2020 21:54:27 +0200 Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout' Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access. Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for the report. Fixes #178. --- xmllint.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/xmllint.c b/xmllint.c index f6a8e4636..c647486f3 100644 --- a/xmllint.c +++ b/xmllint.c @@ -528,6 +528,12 @@ static void xmlHTMLEncodeSend(void) { char *result; +/* + * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might + * end with a truncated UTF-8 sequence. This is a hack to at least avoid + * an out-of-bounds read. + */ +memset(&buffer[sizeof(buffer)-4], 0, 4); result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer); if (result) { xmlGenericError(xmlGenericErrorContext, "%s", result); -- GitLab
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2020-06-11 14:38:13 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.3606 (New) Package is "libxml2" Thu Jun 11 14:38:13 2020 rev:98 rq:810571 version:2.9.10 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2020-04-19 21:41:16.451094155 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new.3606/libxml2.changes 2020-06-11 14:38:27.400219318 +0200 @@ -1,0 +2,15 @@ +Wed May 27 12:09:35 UTC 2020 - Pedro Monreal Gonzalez + +- Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021] +- Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549 + * Add patch libxml2-CVE-2019-19956.patch + +--- +Mon Mar 16 12:02:39 UTC 2020 - Pedro Monreal Gonzalez + +- Security fix: [bsc#1161517, CVE-2020-7595] + * xmlStringLenDecodeEntities in parser.c has an infinite loop in +a certain end-of-file situation +- Add libxml2-CVE-2020-7595.patch + +--- New: libxml2-CVE-2019-19956.patch libxml2-CVE-2020-7595.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.Qq3Ajj/_old 2020-06-11 14:38:28.300221892 +0200 +++ /var/tmp/diff_new_pack.Qq3Ajj/_new 2020-06-11 14:38:28.304221903 +0200 @@ -49,6 +49,10 @@ Patch3: libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch # PATCH-FIX-UPSTREAM bsc#1157450 This commit breaks perl-XML-LibXSLT Patch4: libxml2-xmlFreeNodeList-recursive.patch +# PATCH-FIX-UPSTREAM bsc#1161517 CVE-2020-7595 Infinite loop in xmlStringLenDecodeEntities +Patch5: libxml2-CVE-2020-7595.patch +# PATCH-FIX-UPSTREAM bsc#1159928 CVE-2019-19956 Revert usptream commit +Patch6: libxml2-CVE-2019-19956.patch BuildRequires: fdupes BuildRequires: pkgconfig %if !%{with python} @@ -169,6 +173,8 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 -R +%patch5 -p1 +%patch6 -p1 -R %build %if !%{with python} ++ libxml2-CVE-2019-19956.patch ++ >From 5a02583c7e683896d84878bd90641d8d9b0d0549 Mon Sep 17 00:00:00 2001 From: Zhipeng Xie Date: Wed, 7 Aug 2019 17:39:17 +0800 Subject: [PATCH] Fix memory leak in xmlParseBalancedChunkMemoryRecover When doc is NULL, namespace created in xmlTreeEnsureXMLDecl is bind to newDoc->oldNs, in this case, set newDoc->oldNs to NULL and free newDoc will cause a memory leak. Found with libFuzzer. Closes #82. --- parser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/parser.c b/parser.c index 1ce1ccf14..26d9f4e3b 100644 --- a/parser.c +++ b/parser.c @@ -13894,7 +13894,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax, xmlFreeParserCtxt(ctxt); newDoc->intSubset = NULL; newDoc->extSubset = NULL; -newDoc->oldNs = NULL; +if(doc != NULL) + newDoc->oldNs = NULL; xmlFreeDoc(newDoc); return(ret); ++ libxml2-CVE-2020-7595.patch ++ >From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 From: Zhipeng Xie Date: Thu, 12 Dec 2019 17:30:55 +0800 Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef return NULL which cause a infinite loop in xmlStringLenDecodeEntities Found with libFuzzer. Signed-off-by: Zhipeng Xie --- parser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/parser.c b/parser.c index d1c31963..a34bb6cd 100644 --- a/parser.c +++ b/parser.c @@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, else c = 0; while ((c != 0) && (c != end) && /* non input consuming loop */ - (c != end2) && (c != end3)) { + (c != end2) && (c != end3) && + (ctxt->instate != XML_PARSER_EOF)) { if (c == 0) break; if ((c == '&') && (str[1] == '#')) { -- 2.24.1
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2020-04-19 21:41:03 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.2738 (New) Package is "libxml2" Sun Apr 19 21:41:03 2020 rev:97 rq:785542 version:2.9.10 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2019-12-24 14:28:59.054547325 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new.2738/libxml2.changes 2020-04-19 21:41:16.451094155 +0200 @@ -1,0 +2,13 @@ +Mon Mar 16 10:01:58 UTC 2020 - Tomáš Chvátal + +- Do not pull in the non-python deps on the python build + +--- +Sat Mar 14 10:56:14 UTC 2020 - Tomáš Chvátal + +- Revert the previous change and use multibuild to determine + supported flavors. + We need to be able to enable/disable pythons in prjconf and + multibuild directly clashes with that. + +--- Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.7cvA0R/_old 2020-04-19 21:41:17.499096257 +0200 +++ /var/tmp/diff_new_pack.7cvA0R/_new 2020-04-19 21:41:17.503096265 +0200 @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,33 +20,21 @@ # Define "python" as a package in _multibuild file %global flavor @BUILD_FLAVOR@%{nil} %if "%{flavor}" == "python" -%bcond_without python -%define skip_python3 1 %define psuffix -python %define oldpython python -%define python_pname python2-libxml2 -%endif - -%if "%{flavor}" == "python3" %bcond_without python -%define skip_python2 1 -%define psuffix -python3 -%define python_pname python3-libxml2 -%endif - -%if "%{flavor}" == "" +%bcond_without python2 +%else +%define psuffix %{nil} %bcond_with python -%define python_pname void %endif - %define bname libxml2 %define lname libxml2-2 -Name: %{bname}%{?psuffix} +Name: %{bname}%{psuffix} Version:2.9.10 Release:0 Summary:A Library to Manipulate XML Files License:MIT -Group: Development/Libraries/C and C++ URL:http://xmlsoft.org Source: ftp://xmlsoft.org/libxml2/%{bname}-%{version}.tar.gz Source1:ftp://xmlsoft.org/libxml2/%{bname}-%{version}.tar.gz.asc @@ -63,11 +51,11 @@ Patch4: libxml2-xmlFreeNodeList-recursive.patch BuildRequires: fdupes BuildRequires: pkgconfig +%if !%{with python} BuildRequires: readline-devel -BuildRequires: xz-devel -BuildRequires: zlib-devel BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(zlib) +%endif %if %{with python} BuildRequires: %{python_module devel} BuildRequires: %{python_module xml} @@ -89,7 +77,6 @@ %package -n %{lname} Summary:A Library to Manipulate XML Files -Group: System/Libraries %description -n %{lname} The XML C library was initially developed for the GNOME project. It is @@ -109,7 +96,6 @@ %package tools Summary:Tools using libxml -Group: Productivity/Text/Utilities Provides: %{bname} = %{version}-%{release} Obsoletes: %{bname} < %{version}-%{release} @@ -118,7 +104,6 @@ %package devel Summary:Development files for libxml2, an XML manipulation library -Group: Development/Libraries/C and C++ Requires: %{bname}-tools = %{version} Requires: %{lname} = %{version} Requires: glibc-devel @@ -137,7 +122,6 @@ %package doc Summary:Documentation for libxml, an XML manipulation library -Group: Documentation/HTML Requires: %{lname} = %{version} BuildArch: noarch @@ -146,15 +130,30 @@ now used by many programs to load and save extensible data structures or manipulate any kind of XML files. -%package -n %{python_pname} +%package -n python2-libxml2 Summary:Python 2 Bindings for libxml2 -Group: Development/Libraries/Python Obsoletes: libxml2-python -Provides: %{python_pname}-python -Obsoletes: %{python_pname}-python +Provides: python2-libxml2-python +Obsoletes: python2-libxml2-python + +%description -n python2-libxml2 +The python2-libxml2 package contains a module that permits +applications written in the Python programming language to use the +interface supplied by the libxml2 library to manipulate XML files. + +This library allows manipulation of XML files. It includes support for +reading, modifying, and writing XML and HTML files. There is DTD +support that includes par
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2019-12-24 14:28:53 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.6675 (New) Package is "libxml2" Tue Dec 24 14:28:53 2019 rev:96 rq:757499 version:2.9.10 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2019-12-07 15:23:22.439728931 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new.6675/libxml2.changes 2019-12-24 14:28:59.054547325 +0100 @@ -1,0 +2,8 @@ +Sun Dec 15 17:56:15 UTC 2019 - Stefan Brüns + +- Build python2 and python3 bindings in separate flavors. As + python3-libxml2 is a dependency of e.g. itstools and thus many + other packages these packages no longer have a build dependency + on python2. Breaks a build loop for python2. + +--- Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.4y6XG5/_old 2019-12-24 14:29:00.102547832 +0100 +++ /var/tmp/diff_new_pack.4y6XG5/_new 2019-12-24 14:29:00.106547834 +0100 @@ -20,16 +20,28 @@ # Define "python" as a package in _multibuild file %global flavor @BUILD_FLAVOR@%{nil} %if "%{flavor}" == "python" -%define pysuffix -python +%bcond_without python +%define skip_python3 1 +%define psuffix -python %define oldpython python +%define python_pname python2-libxml2 +%endif + +%if "%{flavor}" == "python3" %bcond_without python -%else -%define pysuffix %{nil} +%define skip_python2 1 +%define psuffix -python3 +%define python_pname python3-libxml2 +%endif + +%if "%{flavor}" == "" %bcond_with python +%define python_pname void %endif + %define bname libxml2 %define lname libxml2-2 -Name: %{bname}%{pysuffix} +Name: %{bname}%{?psuffix} Version:2.9.10 Release:0 Summary:A Library to Manipulate XML Files @@ -134,32 +146,15 @@ now used by many programs to load and save extensible data structures or manipulate any kind of XML files. -%package -n python2-libxml2 +%package -n %{python_pname} Summary:Python 2 Bindings for libxml2 Group: Development/Libraries/Python Obsoletes: libxml2-python -Provides: python2-libxml2-python -Obsoletes: python2-libxml2-python - -%description -n python2-libxml2 -The python2-libxml2 package contains a module that permits -applications written in the Python programming language to use the -interface supplied by the libxml2 library to manipulate XML files. - -This library allows manipulation of XML files. It includes support for -reading, modifying, and writing XML and HTML files. There is DTD -support that includes parsing and validation even with complex DTDs, -either at parse time or later once the document has been modified. - -%package -n python3-libxml2 -Summary:Python 3 Bindings for libxml2 -Group: Development/Libraries/Python -Obsoletes: libxml2-python -Provides: python3-libxml2-python -Obsoletes: python3-libxml2-python +Provides: %{python_pname}-python +Obsoletes: %{python_pname}-python -%description -n python3-libxml2 -The python3-libxml2 package contains a module that permits +%description -n %{python_pname} +The %{python_pname} package contains a module that permits applications written in the Python programming language to use the interface supplied by the libxml2 library to manipulate XML files. @@ -262,27 +257,24 @@ %dir %{_datadir}/gtk-doc/html %else -%files -n python2-libxml2 +%files -n %{python_pname} %doc python/TODO %doc python/libxml2class.txt %doc doc/*.py %doc doc/python.html +%if "%{python_flavor}" == "python2" %{python2_sitearch}/libxml2.py* %{python2_sitearch}/drv_libxml2.py* %{python2_sitearch}/libxml2mod*.so %{python2_sitearch}/*.egg-info - -%files -n python3-libxml2 -%doc python/TODO -%doc python/libxml2class.txt -%doc doc/*.py -%doc doc/python.html +%else %{python3_sitearch}/libxml2.py %{python3_sitearch}/__pycache__/libxml2.* %{python3_sitearch}/drv_libxml2.py %{python3_sitearch}/__pycache__/drv_libxml2.* %{python3_sitearch}/libxml2mod*.so %{python3_sitearch}/*.egg-info +%endif %endif ++ _multibuild ++ --- /var/tmp/diff_new_pack.4y6XG5/_old 2019-12-24 14:29:00.126547844 +0100 +++ /var/tmp/diff_new_pack.4y6XG5/_new 2019-12-24 14:29:00.126547844 +0100 @@ -1,3 +1,4 @@ python + python3
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2019-12-07 15:22:20 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.4691 (New) Package is "libxml2" Sat Dec 7 15:22:20 2019 rev:95 rq:751668 version:2.9.10 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2019-09-13 14:56:55.481273692 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new.4691/libxml2.changes 2019-12-07 15:23:22.439728931 +0100 @@ -1,0 +2,118 @@ +Thu Nov 28 15:32:58 UTC 2019 - Pedro Monreal Gonzalez + +- Since libxml2-2.9.10 perl-XML-LibXSLT fails to build: [bsc#1157450] + * Revert upstream commit to make xmlFreeNodeList non-recursive + https://github.com/GNOME/libxml2/commit/0762c9b69ba01628f72eada1c64ff3d361fb5716 +- Add patch libxml2-xmlFreeNodeList-recursive.patch + +--- +Fri Nov 15 17:59:54 UTC 2019 - Pedro Monreal Gonzalez + +- Version update to 2.9.10: + * Portability: ++ Fix exponent digits when running tests under old MSVC ++ Work around buggy ceil() function on AIX ++ Don't call printf with NULL string in runtest.c ++ Switched from unsigned long to ptrdiff_t in parser.c ++ timsort.h: support older GCCs ++ Make configure.ac work with older pkg-config + * Bug Fixes: ++ Fix for conditional sections at end of document ++ Make sure that Python tests exit with error code ++ Audit memory error handling in xpath.c ++ Fix error code in xmlTextWriterStartDocument ++ Fix integer overflow when counting written bytes ++ Fix uninitialized memory access in HTML parser ++ Fix memory leak in xmlSchemaValAtomicType ++ Disallow conditional sections in internal subset ++ Fix use-after-free in xmlTextReaderFreeNodeList ++ Fix Regextests ++ Fix empty branch in regex ++ Fix integer overflow in entity recursion check ++ Don't read external entities or XIncludes from stdin ++ Fix Schema determinism check of ##other namespaces ++ Fix potential null deref in xmlSchemaIDCFillNodeTables ++ Fix potential memory leak in xmlBufBackToBuffer ++ Fix error message when processing XIncludes with fallbacks ++ Fix memory leak in xmlRegEpxFromParse ++ 14:00 is a valid timezone for xs:dateTime ++ Fix memory leak in xmlParseBalancedChunkMemoryRecover ++ Fix potential null deref in xmlRelaxNGParsePatterns ++ Misleading error message with xs:{min|max}Inclusive ++ Fix memory leak in xmlXIncludeLoadTxt ++ Partial fix for comparison of xs:durations ++ Fix null deref in xmlreader buffer ++ Fix unability to RelaxNG-validate grammar with choice-based name class ++ Fix unability to validate ambiguously constructed interleave for RelaxNG ++ Fix possible null dereference in xmlXPathIdFunction ++ fix memory leak in xmlAllocOutputBuffer ++ Fix unsigned int overflow ++ dict.h: gcc 2.95 doesn't allow multiple storage classes ++ Fix another code path in xmlParseQName ++ Make sure that xmlParseQName returns NULL in error case ++ Fix build without reader but with pattern ++ Fix memory leak in xmlAllocOutputBufferInternal error path ++ Fix unsigned integer overflow ++ Fix return value of xmlOutputBufferWrite ++ Fix parser termination from "Double hyphen within comment" error ++ Fix call stack overflow in xmlFreePattern ++ Fix null deref in previous commit ++ Fix memory leaks in xmlXPathParseNameComplex error paths ++ Check for integer overflow in xmlXPtrEvalChildSeq ++ Fix xmllint dump of XPath namespace nodes ++ Fix float casts in xmlXPathSubstringFunction ++ Fix null deref in xmlregexp error path ++ Fix null pointer dereference in xmlTextReaderReadOuterXml ++ Fix memory leaks in xmlParseStartTag2 error paths ++ Fix memory leak in xmlSAX2StartElement ++ Fix commit "Memory leak in xmlFreeID (xmlreader.c)" ++ Fix NULL pointer deref in xmlTextReaderValidateEntity ++ Memory leak in xmlFreeTextReader ++ Memory leak in xmlFreeID (xmlreader.c) + * Improvements: ++ Propagate memory errors in valuePush ++ Propagate memory errors in xmlXPathCompExprAdd ++ Make xmlFreeDocElementContent non-recursive ++ Avoid ignored attribute warnings under GCC ++ Make xmlDumpElementContent non-recursive ++ Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE ++ Mark xmlExp* symbols as removed ++ Make xmlParseConditionalSections non-recursive ++ Adjust expected error in Python tests ++ Make xmlTextReaderFreeNodeList non-recursive ++ Make xmlFreeNodeList non-recursive ++ Make xmlParseContent and xmlParseElement non-recursive ++ Remove executable bit from non-executable files ++ Fix expe
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2019-09-13 14:56:54 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.7948 (New) Package is "libxml2" Fri Sep 13 14:56:54 2019 rev:94 rq:729358 version:2.9.9 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2019-02-04 21:10:14.511894228 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new.7948/libxml2.changes 2019-09-13 14:56:55.481273692 +0200 @@ -1,0 +2,35 @@ +Mon Sep 9 08:24:40 UTC 2019 - Tomáš Chvátal + +- Do not depend on setuptools to keep the depgraph small and + avoid build cycles + +--- +Fri Aug 2 13:08:40 UTC 2019 - Tomáš Chvátal + +- Use python[23]-libmxl2 as python names not python-libxml2-python + which is kinda confusing + +--- +Thu Aug 1 10:53:13 UTC 2019 - Tomáš Chvátal + +- Do not ship libtool archive anymore + +--- +Wed Jul 31 12:27:10 UTC 2019 - Pedro Monreal Gonzalez + +- Enable tests also in the python subpackages + +--- +Thu Jul 4 08:52:14 UTC 2019 - Pedro Monreal Gonzalez + +- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH + to avoid nodeset limit when processing large XML files [bsc#1135123] + * Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch + +--- +Mon Feb 25 08:40:16 UTC 2019 - Pedro Monreal Gonzalez + +- Merge python-libxml2-python spec and changes files into the + libxml2 ones using _multibuild [bsc#1126499, bsc#1123919] + +--- @@ -35,0 +71,3 @@ +- Add libxml2-python3-string-null-check.patch: fix NULL pointer +dereference when parsing invalid data (bsc#1065270 +glgo#libxml2!15).). @@ -48,0 +87 @@ +- Drop patch python3.6-verify_fd.patch merged upstream @@ -91,0 +131,21 @@ +Sat Nov 11 15:30:27 UTC 2017 - aavind...@gmail.com + +- clean with spec-cleaner + +--- +Thu Oct 26 14:10:55 UTC 2017 - jmate...@suse.com + +- libxml2-python3-unicode-errors.patch: work around an issue with + libxml2 supplied error strings being undecodable UTF-8 (bsc#1065270) + +--- +Mon Oct 2 15:59:57 UTC 2017 - jmate...@suse.com + +- convert to singlespec, build a python 3 version +- change build instructions to use setup.py (and %python_build macros) + instead of makefile-based approach +- add python3.6-verify_fd.patch that fixes libxml2 on python 3.6 +- rename to python-libxml2-python to conform to package naming policy + (PyPI name is "libxml2-python") + +--- @@ -289,0 +350,5 @@ +Sun Jul 7 06:00:42 UTC 2013 - co...@suse.com + +- buildignore python to avoid build cycle + +--- @@ -336 +401 @@ - * please se ChangeLog for more info + * please see ChangeLog for more info @@ -372,0 +438,5 @@ +Sat Feb 25 08:47:58 UTC 2012 - co...@suse.com + +- fix version + +--- @@ -378,0 +449,6 @@ +Thu Feb 23 11:00:21 UTC 2012 - co...@suse.com + +- renamed to python-libxml2 to follow python naming expectations +- do not require python but let rpm figure it out + +--- @@ -427,0 +504,5 @@ +Mon Dec 6 09:05:53 UTC 2010 - co...@novell.com + +- buildrequire python-xml to fix build + +--- @@ -474,0 +556,5 @@ +Wed Apr 7 16:34:29 UTC 2010 - co...@novell.com + +- fix build + +--- @@ -486,0 +573,5 @@ + +--- +Tue Dec 15 12:19:16 CET 2009 - jeng...@medozas.de + +- enable parallel building Old: python-libxml2-python.changes python-libxml2-python.spec New: _multibuild libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.3q3GMs/_old 2019-09-13 14:56:56.241273725 +0200 +++ /var/tmp/diff_new_pack.3q3GMs/_new 2019-09-13 14:56:56.245273725 +0200 @@ -16,24 +16,57 @@ # +%{?!python_module:%define python_module() python-%{**} python3-%{**}} +# Define "python" as a package in _multibuild file +%global flavor @BUILD_FLA
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2019-02-04 21:10:12 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.28833 (New) Package is "libxml2" Mon Feb 4 21:10:12 2019 rev:93 rq:668978 version:2.9.9 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2018-03-26 12:05:24.153792873 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new.28833/libxml2.changes 2019-02-04 21:10:14.511894228 +0100 @@ -1,0 +2,36 @@ +Sat Jan 26 00:24:23 UTC 2019 - mgo...@suse.com + +- Version update to 2.9.9: + * Security: ++ CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA + decompression (boo#1088279 boo#1105166). ++ CVE-2018-14404 Fix nullptr deref with XPath logic ops + (boo#1102046). + * Bug fixes: ++ Fix building relative URIs ++ Problem with data in interleave in RelaxNG validation ++ Fix memory leak in xmlSwitchInputEncodingInt error path ++ Set doc on element obtained from freeElems ++ Fix HTML serialization with UTF-8 encoding ++ Use actual doc in xmlTextReaderRead*Xml ++ Unlink node before freeing it in xmlSAX2StartElement ++ Check return value of nodePush in xmlSAX2StartElement ++ Free input buffer in xmlHaltParser ++ Reset HTML parser input pointers on encoding failure ++ Fix xmlSchemaValidCtxtPtr reuse memory leak ++ Fix xmlTextReaderNext with preparsed document ++ HTML noscript should not close p ++ Don't change context node in xmlXPathRoot + * Improvements: ++ Remove redefined starts and defines inside include elements ++ Allow choice within choice in nameClass in RELAX NG ++ Look inside divs for starts and defines inside include ++ Add newlines to 'xmllint --xpath' output ++ Don't include SAX.h from globals.h ++ Support xmlTextReaderNextSibling w/o preparsed doc ++ Improve restoring of context size and position ++ Simplify and harden nodeset filtering ++ Avoid unnecessary backups of the context node ++ Fix inconsistency in xmlXPathIsInf + +--- --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2-python.changes 2018-03-19 23:31:26.916352270 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new.28833/python-libxml2-python.changes 2019-02-04 21:10:14.631894185 +0100 @@ -1,0 +2,38 @@ +Sat Jan 26 00:25:51 UTC 2019 - mgo...@suse.com + +- Version update to 2.9.9: + * Security: ++ CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA + decompression. ++ CVE-2018-14404 Fix nullptr deref with XPath logic ops. + * Bug fixes: ++ Fix building relative URIs ++ Problem with data in interleave in RelaxNG validation ++ Fix memory leak in xmlSwitchInputEncodingInt error path ++ Set doc on element obtained from freeElems ++ Fix HTML serialization with UTF-8 encoding ++ Use actual doc in xmlTextReaderRead*Xml ++ Unlink node before freeing it in xmlSAX2StartElement ++ Check return value of nodePush in xmlSAX2StartElement ++ Free input buffer in xmlHaltParser ++ Reset HTML parser input pointers on encoding failure ++ Fix xmlSchemaValidCtxtPtr reuse memory leak ++ Fix xmlTextReaderNext with preparsed document ++ HTML noscript should not close p ++ Don't change context node in xmlXPathRoot + * Improvements: ++ Remove redefined starts and defines inside include elements ++ Allow choice within choice in nameClass in RELAX NG ++ Look inside divs for starts and defines inside include ++ Add newlines to 'xmllint --xpath' output ++ Don't include SAX.h from globals.h ++ Support xmlTextReaderNextSibling w/o preparsed doc ++ Improve restoring of context size and position ++ Simplify and harden nodeset filtering ++ Avoid unnecessary backups of the context node ++ Fix inconsistency in xmlXPathIsInf +- Add libxml2-python3-string-null-check.patch: fix NULL pointer +dereference when parsing invalid data (bsc#1065270 +glgo#libxml2!15).). + +--- Old: libxml2-2.9.8.tar.gz libxml2-2.9.8.tar.gz.asc New: libxml2-2.9.9.tar.gz libxml2-2.9.9.tar.gz.asc libxml2-python3-string-null-check.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.DKgD09/_old 2019-02-04 21:10:15.419893904 +0100 +++ /var/tmp/diff_new_pack.DKgD09/_new 2019-02-04 21:10:15.423893902 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2018-03-26 12:05:14 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Mon Mar 26 12:05:14 2018 rev:92 rq:589171 version:2.9.8 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2018-03-19 23:31:26.468368431 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2018-03-26 12:05:24.153792873 +0200 @@ -1,0 +2,5 @@ +Tue Mar 20 13:15:36 CET 2018 - ku...@suse.de + +- Use %license instead of %doc [bsc#1082318] + +--- Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.rSlYjc/_old 2018-03-26 12:05:27.201683711 +0200 +++ /var/tmp/diff_new_pack.rSlYjc/_new 2018-03-26 12:05:27.209683424 +0200 @@ -122,7 +122,7 @@ %install %make_install BASE_DIR="%{_docdir}" DOC_MODULE="%{name}" mkdir -p "%{buildroot}/%{_docdir}/%{name}" -cp -a AUTHORS NEWS README COPYING* Copyright TODO* %{buildroot}%{_docdir}/%{name}/ +cp -a AUTHORS NEWS README TODO* %{buildroot}%{_docdir}/%{name}/ ln -s libxml2/libxml %{buildroot}%{_includedir}/libxml %fdupes %{buildroot}%{_datadir} @@ -137,14 +137,15 @@ %files -n %{lname} %{_libdir}/lib*.so.* +%license COPYING* Copyright %doc %dir %{_docdir}/%{name} %doc %{_docdir}/%{name}/[ANRCT]* %files tools %{_bindir}/xmllint %{_bindir}/xmlcatalog -%{_mandir}/man1/xmllint.1* -%{_mandir}/man1/xmlcatalog.1* +%{_mandir}/man1/xmllint.1%{?ext_man} +%{_mandir}/man1/xmlcatalog.1%{?ext_man} %files devel %{_bindir}/xml2-config @@ -158,8 +159,8 @@ %{_libdir}/*.sh %{_libdir}/pkgconfig/*.pc %{_libdir}/cmake -%{_mandir}/man1/xml2-config.1%{ext_man} -%{_mandir}/man3/libxml.3%{ext_man} +%{_mandir}/man1/xml2-config.1%{?ext_man} +%{_mandir}/man3/libxml.3%{?ext_man} %files doc %{_datadir}/gtk-doc/html/*
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2018-03-19 23:31:23 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Mon Mar 19 23:31:23 2018 rev:91 rq:586779 version:2.9.8 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2017-11-14 14:45:25.153957124 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2018-03-19 23:31:26.468368431 +0100 @@ -1,0 +2,8 @@ +Wed Mar 14 13:12:34 UTC 2018 - tchva...@suse.com + +- Version update to 2.9.8: + * Various -Werror fixes and compilation updates as travis is now +used by upstream + * Few additional tests added for ICU operations + +--- --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2-python.changes 2017-11-14 14:45:25.905929797 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2-python.changes 2018-03-19 23:31:26.916352270 +0100 @@ -1,0 +2,9 @@ +Wed Mar 14 13:12:34 UTC 2018 - tchva...@suse.com + +- Version update to 2.9.8: + * Various -Werror fixes and compilation updates as travis is now +used by upstream + * Few additional tests added for ICU operations +- Drop patch python3.6-verify_fd.patch merged upstream + +--- Old: libxml2-2.9.7.tar.gz libxml2-2.9.7.tar.gz.asc python3.6-verify_fd.patch New: libxml2-2.9.8.tar.gz libxml2-2.9.8.tar.gz.asc Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.wikdsm/_old 2018-03-19 23:31:28.312301911 +0100 +++ /var/tmp/diff_new_pack.wikdsm/_new 2018-03-19 23:31:28.316301766 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define lname libxml2-2 Name: libxml2 -Version:2.9.7 +Version:2.9.8 Release:0 Summary:A Library to Manipulate XML Files License:MIT ++ python-libxml2-python.spec ++ --- /var/tmp/diff_new_pack.wikdsm/_old 2018-03-19 23:31:28.352300468 +0100 +++ /var/tmp/diff_new_pack.wikdsm/_new 2018-03-19 23:31:28.356300323 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-libxml2-python # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,14 +19,13 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define oldpython python Name: python-libxml2-python -Version:2.9.7 +Version:2.9.8 Release:0 Summary:Python Bindings for libxml2 License:MIT Group: Development/Libraries/Python Url:http://xmlsoft.org Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz -Patch0: python3.6-verify_fd.patch Patch1: libxml2-python3-unicode-errors.patch BuildRequires: %{python_module devel} BuildRequires: %{python_module xml} @@ -54,7 +53,6 @@ %prep %setup -q -n libxml2-%{version} -%patch0 -p1 %patch1 -p1 %build ++ libxml2-2.9.7.tar.gz -> libxml2-2.9.8.tar.gz ++ 5604 lines of diff (skipped)
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2017-11-14 14:45:24 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Tue Nov 14 14:45:24 2017 rev:90 rq:541036 version:2.9.7 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2017-09-29 11:48:43.163210936 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2017-11-14 14:45:25.153957124 +0100 @@ -1,0 +2,41 @@ +Sat Nov 11 15:31:50 UTC 2017 - aavind...@gmail.com + +- Version update to 2.9.7 release: + * Bug Fixes: ++ xmlcatalog: restore ability to query system catalog easily ++ Fix comparison of nodesets to strings + * Improvements: ++ Add Makefile rules to rebuild HTML man pages ++ Remove generated file python/setup.py from version control ++ Fix mixed decls and code in timsort.h ++ Rework handling of return values in thread tests ++ Fix unused variable warnings in testrecurse ++ Fix -Wimplicit-fallthrough warnings ++ Upgrade timsort.h to latest revision ++ Fix a couple of warnings in dict.c and threads.c ++ Fix unused variable warnings in nanohttp.c ++ Don't include winsock2.h in xmllint.c ++ Use __linux__ macro in generated code + * Portability: ++ Add declaration for DllMain ++ Fix preprocessor conditional in threads.h ++ Fix macro redefinition warning ++ many Windows specific improvements + * Documentation: ++ xmlcatalog: refresh man page wrt. quering system catalog easily +- Includes bug fixes from 2.9.6: + * Fix XPath stack frame logic + * Report undefined XPath variable error message + * Fix regression with librsvg + * Handle more invalid entity values in recovery mode + * Fix structured validation errors + * Fix memory leak in LZMA decompressor + * Set memory limit for LZMA decompression + * Handle illegal entity values in recovery mode + * Fix debug dump of streaming XPath expressions + * Fix memory leak in nanoftp + * Fix memory leaks in SAX1 parser +- Drop libxml2-bug787941.patch + * upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8 + +--- --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2-python.changes 2017-11-03 16:31:47.069067677 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2-python.changes 2017-11-14 14:45:25.905929797 +0100 @@ -1,0 +2,5 @@ +Sat Nov 11 15:30:27 UTC 2017 - aavind...@gmail.com + +- clean with spec-cleaner + +--- Old: libxml2-2.9.5.tar.gz libxml2-2.9.5.tar.gz.asc libxml2-bug787941.patch New: libxml2-2.9.7.tar.gz libxml2-2.9.7.tar.gz.asc Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.lFvY5n/_old 2017-11-14 14:45:27.133885172 +0100 +++ /var/tmp/diff_new_pack.lFvY5n/_new 2017-11-14 14:45:27.137885027 +0100 @@ -18,7 +18,7 @@ %define lname libxml2-2 Name: libxml2 -Version:2.9.5 +Version:2.9.7 Release:0 Summary:A Library to Manipulate XML Files License:MIT @@ -29,7 +29,6 @@ Source2:baselibs.conf Source3:%{name}.keyring Patch0: fix-perl.diff -Patch1: libxml2-bug787941.patch BuildRequires: fdupes BuildRequires: pkgconfig BuildRequires: readline-devel @@ -101,7 +100,6 @@ %prep %setup -q %patch0 -%patch1 -p1 %build %configure \ ++ python-libxml2-python.spec ++ --- /var/tmp/diff_new_pack.lFvY5n/_old 2017-11-14 14:45:27.165884009 +0100 +++ /var/tmp/diff_new_pack.lFvY5n/_new 2017-11-14 14:45:27.169883864 +0100 @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define oldpython python Name: python-libxml2-python -Version:2.9.5 +Version:2.9.7 Release:0 Summary:Python Bindings for libxml2 License:MIT @@ -34,7 +34,6 @@ BuildRequires: python-rpm-macros BuildRequires: pkgconfig(libxml-2.0) Requires: libxml2-2 = %{version} -BuildRoot: %{_tmppath}/%{name}-%{version}-build %ifpython2 Obsoletes: libxml2-python < %{version} Provides: libxml2-python = %{version} @@ -84,7 +83,6 @@ rm -f python/tests/Makefile* %files %{python_files} -%defattr(-, root, root) %doc python/TODO %doc python/libxml2class.txt %doc python/tests ++ libxml2-2.9.5.tar.gz -> libxml2-2.9.7.tar.gz ++ 4917 lines of diff (skipped)
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2017-11-03 16:31:32 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Fri Nov 3 16:31:32 2017 rev:89 rq:536925 version:2.9.5 Changes: --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2-python.changes 2017-10-05 11:54:47.130364991 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2-python.changes 2017-11-03 16:31:47.069067677 +0100 @@ -1,0 +2,6 @@ +Thu Oct 26 14:10:55 UTC 2017 - jmate...@suse.com + +- libxml2-python3-unicode-errors.patch: work around an issue with + libxml2 supplied error strings being undecodable UTF-8 (bsc#1065270) + +--- New: libxml2-python3-unicode-errors.patch Other differences: -- ++ python-libxml2-python.spec ++ --- /var/tmp/diff_new_pack.Xongfg/_old 2017-11-03 16:31:47.825040162 +0100 +++ /var/tmp/diff_new_pack.Xongfg/_new 2017-11-03 16:31:47.825040162 +0100 @@ -27,6 +27,7 @@ Url:http://xmlsoft.org Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz Patch0: python3.6-verify_fd.patch +Patch1: libxml2-python3-unicode-errors.patch BuildRequires: %{python_module devel} BuildRequires: %{python_module xml} BuildRequires: pkgconfig @@ -55,6 +56,7 @@ %prep %setup -q -n libxml2-%{version} %patch0 -p1 +%patch1 -p1 %build export CFLAGS="%{optflags} -fno-strict-aliasing" ++ libxml2-python3-unicode-errors.patch ++ Index: libxml2-2.9.5/python/libxml.c === --- libxml2-2.9.5.orig/python/libxml.c +++ libxml2-2.9.5/python/libxml.c @@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU PyObject *message; PyObject *result; char str[1000]; +unsigned char *ptr = (unsigned char *)str; #ifdef DEBUG_ERROR printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); @@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU str[999] = 0; va_end(ap); +#if PY_MAJOR_VERSION >= 3 +/* Ensure the error string doesn't start at UTF8 continuation. */ +while (*ptr && (*ptr & 0xc0) == 0x80) +ptr++; +#endif + list = PyTuple_New(2); PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); -message = libxml_charPtrConstWrap(str); +message = libxml_charPtrConstWrap(ptr); PyTuple_SetItem(list, 1, message); result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); +/* Forget any errors caused in the error handler. */ +PyErr_Clear(); Py_XDECREF(list); Py_XDECREF(result); }
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2017-10-05 11:54:42 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Thu Oct 5 11:54:42 2017 rev:88 rq:530521 version:2.9.5 Changes: New Changes file: --- /dev/null 2017-10-05 07:47:18.104773531 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2-python.changes 2017-10-05 11:54:47.130364991 +0200 @@ -0,0 +1,1541 @@ +--- +Mon Oct 2 15:59:57 UTC 2017 - jmate...@suse.com + +- convert to singlespec, build a python 3 version +- change build instructions to use setup.py (and %python_build macros) + instead of makefile-based approach +- add python3.6-verify_fd.patch that fixes libxml2 on python 3.6 +- rename to python-libxml2-python to conform to package naming policy + (PyPI name is "libxml2-python") + +--- +Thu Sep 21 14:19:56 UTC 2017 - jeng...@inai.de + +- Update package summaries and RPM groups. Trim descriptions for + size on secondary subpackages. Replace install call by a + commonly-used macro. + +--- +Sun Sep 10 09:54:07 UTC 2017 - tchva...@suse.com + +- Version update to 2.9.5 release: + * Merged all the previous cve fixes that were patched in + * Few small tweaks +- Remove merged patches: + * libxml2-CVE-2016-4658.patch + * libxml2-CVE-2017-0663.patch + * libxml2-CVE-2017-5969.patch + * libxml2-CVE-2017-9047.patch + * libxml2-CVE-2017-9048.patch + * libxml2-CVE-2017-9049.patch + * libxml2-2.9.4-fix_attribute_decoding.patch + +--- +Fri May 27 14:22:55 UTC 2016 - psim...@suse.com + +- Update python-libxml2 to version libxml2-2.9.4. The new version + is resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835, + CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838, + CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and + CVE-2016-1762. + +--- +Fri Oct 31 10:55:27 UTC 2014 - vci...@suse.com + +- Update to 2.9.2 version + +--- +Sun Jul 7 06:00:42 UTC 2013 - co...@suse.com + +- buildignore python to avoid build cycle + +--- +Sat Dec 15 15:55:26 UTC 2012 - p.drou...@gmail.com + +- update to 2.9.0 version: + * please see the Changelog +- Updated patchs to get working with new version: + * libxml2-2.9.0-CVE-2012-5134.patch ( libxml2-CVE-2012-5134.patch ) + * fix-perl.diff + +--- +Tue Jun 12 18:10:07 UTC 2012 - ch...@computersalat.de + +- update to 2.8.0 + * please see ChangeLog for more info + +--- +Sat Feb 25 08:47:58 UTC 2012 - co...@suse.com + +- fix version + +--- +Thu Feb 23 11:00:21 UTC 2012 - co...@suse.com + +- renamed to python-libxml2 to follow python naming expectations +- do not require python but let rpm figure it out + +--- +Mon Dec 26 17:08:59 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections + +--- +Fri Jul 8 08:52:06 UTC 2011 - sasc...@suse.de + +- update to libxml-2.7.8+git20110708 + - several important bugfixes + +--- +Mon Dec 6 09:05:53 UTC 2010 - co...@novell.com + +- buildrequire python-xml to fix build + +--- +Fri Dec 3 12:24:42 UTC 2010 - pu...@novell.com + +- update to libxml-2.7.8 + - number of bufixes, documentation and portability fixes + - update language ID parser to RFC 5646 + - sort python generated stubs + - add an HTML parser option to avoid a default doctype + - see http://xmlsoft.org/news.html for exact details +- clean up specfile + +--- +Wed Apr 7 16:34:29 UTC 2010 - co...@novell.com + +- fix build + +--- +Tue Mar 23 23:46:00 CET 2010 - mrd...@opensuse.org + +- update to 2.7.7 +- add extra options to ./configure for scribus features and avoid a crash +- updates from 2.7.3 > 2.7.7 include a number of portability, correctness + memory leaks and build fixes including some CVE +- see http://xmlsoft.org/news.html for exact details + +---
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2017-09-29 11:48:40 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Fri Sep 29 11:48:40 2017 rev:87 rq:528090 version:2.9.5 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2017-06-20 11:00:55.163117626 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2017-09-29 11:48:43.163210936 +0200 @@ -1,0 +2,28 @@ +Thu Sep 21 14:19:56 UTC 2017 - jeng...@inai.de + +- Update package summaries and RPM groups. Trim descriptions for + size on secondary subpackages. Replace install call by a + commonly-used macro. + +--- +Thu Sep 21 14:05:29 UTC 2017 - tchva...@suse.com + +- Add patch to fix TW integration: + * libxml2-bug787941.patch + +--- +Sun Sep 10 09:54:07 UTC 2017 - tchva...@suse.com + +- Version update to 2.9.5 release: + * Merged all the previous cve fixes that were patched in + * Few small tweaks +- Remove merged patches: + * libxml2-CVE-2016-4658.patch + * libxml2-CVE-2017-0663.patch + * libxml2-CVE-2017-5969.patch + * libxml2-CVE-2017-9047.patch + * libxml2-CVE-2017-9048.patch + * libxml2-CVE-2017-9049.patch + * libxml2-2.9.4-fix_attribute_decoding.patch + +--- --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2.changes 2016-06-12 18:51:33.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2.changes 2017-09-29 11:48:43.211204168 +0200 @@ -1,0 +2,22 @@ +Thu Sep 21 14:19:56 UTC 2017 - jeng...@inai.de + +- Update package summaries and RPM groups. Trim descriptions for + size on secondary subpackages. Replace install call by a + commonly-used macro. + +--- +Sun Sep 10 09:54:07 UTC 2017 - tchva...@suse.com + +- Version update to 2.9.5 release: + * Merged all the previous cve fixes that were patched in + * Few small tweaks +- Remove merged patches: + * libxml2-CVE-2016-4658.patch + * libxml2-CVE-2017-0663.patch + * libxml2-CVE-2017-5969.patch + * libxml2-CVE-2017-9047.patch + * libxml2-CVE-2017-9048.patch + * libxml2-CVE-2017-9049.patch + * libxml2-2.9.4-fix_attribute_decoding.patch + +--- Old: libxml2-2.9.4-fix_attribute_decoding.patch libxml2-2.9.4.tar.gz libxml2-2.9.4.tar.gz.asc libxml2-CVE-2016-4658.patch libxml2-CVE-2017-0663.patch libxml2-CVE-2017-5969.patch libxml2-CVE-2017-9047.patch libxml2-CVE-2017-9048.patch libxml2-CVE-2017-9049.patch New: libxml2-2.9.5.tar.gz libxml2-2.9.5.tar.gz.asc libxml2-bug787941.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.0WWeFS/_old 2017-09-29 11:48:44.075082344 +0200 +++ /var/tmp/diff_new_pack.0WWeFS/_new 2017-09-29 11:48:44.075082344 +0200 @@ -18,55 +18,29 @@ %define lname libxml2-2 Name: libxml2 -Version:2.9.4 +Version:2.9.5 Release:0 Summary:A Library to Manipulate XML Files License:MIT -Group: System/Libraries +Group: Development/Libraries/C and C++ Url:http://xmlsoft.org Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source1:ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz.asc Source2:baselibs.conf Source3:%{name}.keyring Patch0: fix-perl.diff -# PATCH-FIX-UPSTREAM bnc#983288 kstreit...@suse.com -- fix attribute decoding during XML schema validation -Patch1: libxml2-2.9.4-fix_attribute_decoding.patch -# PATCH-FIX-UPSTREAM bsc#1005544 pmonrealgonza...@suse.com -- Disallow namespace nodes in XPointer ranges -Patch2: libxml2-CVE-2016-4658.patch -# PATCH-FIX-UPSTREAM bsc#1039063 -- pmonrealgonza...@suse.com -- stack overflow vulnerability -Patch3: libxml2-CVE-2017-9047.patch -# PATCH-FIX-UPSTREAM bsc#1039064 -- pmonrealgonza...@suse.com -- stack overflow vulnerability -Patch4: libxml2-CVE-2017-9048.patch -# PATCH-FIX-UPSTREAM bsc#1039066 -- pmonrealgonza...@suse.com -- heap-based buffer overflow -Patch5: libxml2-CVE-2017-9049.patch -# PATCH-FIX-UPSTREAM bnc#1024989 pmonrealgonza...@suse.com -- CVE-2017-5969 NULL pointer derefence parsing xml file -Patch6: libxml2-CVE-2017-5969.patch -# PATCH-FIX-UPSTREAM bnc#1044337 pmonrealgonza...@suse.com -- CVE-2017-0663: libxml2: Heap buffer overflow in xmlAddID -Patch7: libxml2-CVE-2017-0663.patch - +Patch1: libxml2-
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2017-06-20 11:00:00 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Tue Jun 20 11:00:00 2017 rev:86 rq:504140 version:2.9.4 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2017-06-02 10:29:23.385329513 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2017-06-20 11:00:55.163117626 +0200 @@ -1,0 +2,14 @@ +Thu Jun 15 13:12:25 UTC 2017 - pmonrealgonza...@suse.com + +- Security fix: + * libxml2-CVE-2017-0663.patch [bsc#1044337, CVE-2017-0663] +* Fix Heap buffer overflow in xmlAddID + +--- +Wed Jun 14 14:15:38 UTC 2017 - pmonrealgonza...@suse.com + +- Security fix: + * libxml2-CVE-2017-5969.patch [bsc#1024989, CVE-2017-5969] +* Fix NULL pointer deref in xmlDumpElementContent + +--- New: libxml2-CVE-2017-0663.patch libxml2-CVE-2017-5969.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.2YQhpV/_old 2017-06-20 11:00:56.722897764 +0200 +++ /var/tmp/diff_new_pack.2YQhpV/_new 2017-06-20 11:00:56.722897764 +0200 @@ -39,6 +39,10 @@ Patch4: libxml2-CVE-2017-9048.patch # PATCH-FIX-UPSTREAM bsc#1039066 -- pmonrealgonza...@suse.com -- heap-based buffer overflow Patch5: libxml2-CVE-2017-9049.patch +# PATCH-FIX-UPSTREAM bnc#1024989 pmonrealgonza...@suse.com -- CVE-2017-5969 NULL pointer derefence parsing xml file +Patch6: libxml2-CVE-2017-5969.patch +# PATCH-FIX-UPSTREAM bnc#1044337 pmonrealgonza...@suse.com -- CVE-2017-0663: libxml2: Heap buffer overflow in xmlAddID +Patch7: libxml2-CVE-2017-0663.patch BuildRequires: fdupes BuildRequires: pkg-config @@ -140,6 +144,8 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 +%patch7 -p1 %build %configure --disable-static \ ++ libxml2-CVE-2017-0663.patch ++ >From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer Date: Tue, 6 Jun 2017 12:56:28 +0200 Subject: Fix type confusion in xmlValidateOneNamespace Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on namespace declarations make no practical sense anyway. Fixes bug 780228. Found with libFuzzer and ASan. --- valid.c | 7 +++ 1 file changed, 7 insertions(+) Index: libxml2-2.9.4/valid.c === --- libxml2-2.9.4.orig/valid.c +++ libxml2-2.9.4/valid.c @@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, } } +/* + * Casting ns to xmlAttrPtr is wrong. We'd need separate functions + * xmlAddID and xmlAddRef for namespace declarations, but it makes + * no practical sense to use ID types anyway. + */ +#if 0 /* Validity Constraint: ID uniqueness */ if (attrDecl->atype == XML_ATTRIBUTE_ID) { if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) @@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) ret = 0; } +#endif /* Validity Constraint: Notation Attributes */ if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { ++ libxml2-CVE-2017-5969.patch ++ >From 94691dc884d1a8ada39f073408b4bb92fe7fe882 Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Wed, 7 Jun 2017 16:47:36 +0200 Subject: Fix NULL pointer deref in xmlDumpElementContent Can only be triggered in recovery mode. Fixes bug 758422 (CVE-2017-5969). --- valid.c | 24 ++-- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/valid.c b/valid.c index 9b2df56..8075d3a 100644 --- a/valid.c +++ b/valid.c @@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob) xmlBufferWriteCHAR(buf, content->name); break; case XML_ELEMENT_CONTENT_SEQ: - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) + if ((content->c1 != NULL) && + ((content->c1->type == XML_ELEMENT_CONTENT_OR) || +(content->c1->type == XML_ELEMENT_CONTENT_SEQ))) xmlDumpElementContent(buf, content->c1, 1); else xmlDumpElementContent(buf, content->c1, 0); xmlBufferWriteChar(buf, " , "); - if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || - ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && -(content->c2->ocur != XML_ELEME
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2017-06-02 10:29:22 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Fri Jun 2 10:29:22 2017 rev:85 rq:497430 version:2.9.4 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2017-03-10 21:44:25.306481823 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2017-06-02 10:29:23.385329513 +0200 @@ -1,0 +2,11 @@ +Mon May 22 15:42:43 UTC 2017 - pmonrealgonza...@suse.com + +- Security fixes: + * libxml2-CVE-2017-9049.patch [bsc#1039066] +* heap-based buffer overflow (xmlDictComputeFastKey func) + * libxml2-CVE-2017-9048.patch [bsc#1039063] +* stack overflow vulnerability (xmlSnprintfElementContent func) + * libxml2-CVE-2017-9047.patch [bsc#1039064] +* stack overflow vulnerability (xmlSnprintfElementContent func) + +--- New: libxml2-CVE-2017-9047.patch libxml2-CVE-2017-9048.patch libxml2-CVE-2017-9049.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.29r4Ny/_old 2017-06-02 10:29:24.101228357 +0200 +++ /var/tmp/diff_new_pack.29r4Ny/_new 2017-06-02 10:29:24.105227792 +0200 @@ -33,6 +33,13 @@ Patch1: libxml2-2.9.4-fix_attribute_decoding.patch # PATCH-FIX-UPSTREAM bsc#1005544 pmonrealgonza...@suse.com -- Disallow namespace nodes in XPointer ranges Patch2: libxml2-CVE-2016-4658.patch +# PATCH-FIX-UPSTREAM bsc#1039063 -- pmonrealgonza...@suse.com -- stack overflow vulnerability +Patch3: libxml2-CVE-2017-9047.patch +# PATCH-FIX-UPSTREAM bsc#1039064 -- pmonrealgonza...@suse.com -- stack overflow vulnerability +Patch4: libxml2-CVE-2017-9048.patch +# PATCH-FIX-UPSTREAM bsc#1039066 -- pmonrealgonza...@suse.com -- heap-based buffer overflow +Patch5: libxml2-CVE-2017-9049.patch + BuildRequires: fdupes BuildRequires: pkg-config BuildRequires: readline-devel @@ -130,6 +137,9 @@ %patch0 %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 %build %configure --disable-static \ ++ libxml2-CVE-2017-9047.patch ++ Index: libxml2-2.9.4/valid.c === --- libxml2-2.9.4.orig/valid.c +++ libxml2-2.9.4/valid.c @@ -1270,6 +1270,7 @@ xmlSnprintfElementContent(char *buf, int } strcat(buf, (char *) content->prefix); strcat(buf, ":"); + len += xmlStrlen(content->prefix); } if (size - len < xmlStrlen(content->name) + 10) { strcat(buf, " ..."); ++ libxml2-CVE-2017-9048.patch ++ Index: libxml2-2.9.4/valid.c === --- libxml2-2.9.4.orig/valid.c +++ libxml2-2.9.4/valid.c @@ -1320,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int xmlSnprintfElementContent(buf, size, content->c2, 0); break; } +if (size - strlen(buf) <= 2) return; if (englob) strcat(buf, ")"); switch (content->ocur) { ++ libxml2-CVE-2017-9049.patch ++ --- a/parser.c +++ a/parser.c @@ -3312,6 +3312,7 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { int len = 0, l; int c; int count = 0; +size_t startPosition = 0; #ifdef DEBUG nbParseNameComplex++; @@ -3323,6 +3324,7 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { GROW; if (ctxt->instate == XML_PARSER_EOF) return(NULL); +startPosition = CUR_PTR - BASE_PTR; c = CUR_CHAR(l); if ((ctxt->options & XML_PARSE_OLD10) == 0) { /* @@ -3420,9 +3422,11 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); return(NULL); } -if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) -return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); -return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); + +if (BASE_PTR + startPosition + len > ctxt->input->end) + return(NULL); + +return(xmlDictLookup(ctxt->dict, BASE_PTR + startPosition, len)); } /**
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2017-03-10 21:44:24 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Fri Mar 10 21:44:24 2017 rev:84 rq:477481 version:2.9.4 Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2016-06-12 18:51:33.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2017-03-10 21:44:25.306481823 +0100 @@ -1,0 +2,9 @@ +Tue Mar 7 11:42:23 UTC 2017 - pmonrealgonza...@suse.com + +- Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in + XPointer ranges. Namespace nodes must be copied to avoid + use-after-free errors. But they don't necessarily have a physical + representation in a document, so simply disallow them in XPointer + ranges [bsc#1005544] [CVE-2016-4658] + +--- New: libxml2-CVE-2016-4658.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.fbCywQ/_old 2017-03-10 21:44:26.126365534 +0100 +++ /var/tmp/diff_new_pack.fbCywQ/_new 2017-03-10 21:44:26.126365534 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,6 +31,8 @@ Patch0: fix-perl.diff # PATCH-FIX-UPSTREAM bnc#983288 kstreit...@suse.com -- fix attribute decoding during XML schema validation Patch1: libxml2-2.9.4-fix_attribute_decoding.patch +# PATCH-FIX-UPSTREAM bsc#1005544 pmonrealgonza...@suse.com -- Disallow namespace nodes in XPointer ranges +Patch2: libxml2-CVE-2016-4658.patch BuildRequires: fdupes BuildRequires: pkg-config BuildRequires: readline-devel @@ -127,6 +129,7 @@ %setup -q %patch0 %patch1 -p1 +%patch2 -p1 %build %configure --disable-static \ ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.fbCywQ/_old 2017-03-10 21:44:26.162360429 +0100 +++ /var/tmp/diff_new_pack.fbCywQ/_new 2017-03-10 21:44:26.166359861 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-libxml2 # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ libxml2-CVE-2016-4658.patch ++ >From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer Date: Tue, 28 Jun 2016 18:34:52 +0200 Subject: Disallow namespace nodes in XPointer ranges Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. Found with afl-fuzz. Fixes CVE-2016-4658. --- xpointer.c | 149 +++-- 1 file changed, 56 insertions(+), 93 deletions(-) diff --git a/xpointer.c b/xpointer.c index a7b03fb..694d120 100644 --- a/xpointer.c +++ b/xpointer.c @@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) { } /** + * xmlXPtrNewRangeInternal: + * @start: the starting node + * @startindex: the start index + * @end: the ending point + * @endindex: the ending index + * + * Internal function to create a new xmlXPathObjectPtr of type range + * + * Returns the newly created object. + */ +static xmlXPathObjectPtr +xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, +xmlNodePtr end, int endindex) { +xmlXPathObjectPtr ret; + +/* + * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). + * Disallow them for now. + */ +if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) + return(NULL); +if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) + return(NULL); + +ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +if (ret == NULL) { +xmlXPtrErrMemory("allocating range"); + return(NULL); +} +memset(ret, 0, sizeof(xmlXPathObject)); +ret->type = XPATH_RANGE; +ret->user = start; +ret->index = startindex; +ret->user2 = end; +ret->index2 = endindex; +return(ret); +} + +/** * xmlXPtrNewRange: * @start: the starting node * @startindex: the start index @@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, if (endindex < 0) return(NULL); -ret = (xmlXPathObj
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2016-06-12 18:51:32 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2016-05-25 21:21:24.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2016-06-12 18:51:33.0 +0200 @@ -1,0 +2,19 @@ +Wed Jun 8 12:20:43 UTC 2016 - kstreit...@suse.com + +- add libxml2-2.9.4-fix_attribute_decoding.patch to fix attribute + decoding during XML schema validation [bnc#983288] + +--- +Fri May 27 14:22:55 UTC 2016 - psim...@suse.com + +- Update libxml2 to version libxml2-2.9.4. The new version is + resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835, + CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838, + CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and + CVE-2016-1762. + +- Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch, + 0001-Add-missing-increments-of-recursion-depth-counter-to.patch, + and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch. + +--- --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2.changes 2014-11-06 16:49:40.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2.changes 2016-06-12 18:51:33.0 +0200 @@ -1,0 +2,9 @@ +Fri May 27 14:22:55 UTC 2016 - psim...@suse.com + +- Update python-libxml2 to version libxml2-2.9.4. The new version + is resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835, + CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838, + CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and + CVE-2016-1762. + +--- Old: 0001-Add-missing-increments-of-recursion-depth-counter-to.patch libxml2-2.9.1-CVE-2016-3627.patch libxml2-2.9.3-bogus_UTF-8_encoding_error.patch libxml2-2.9.3.tar.gz libxml2-2.9.3.tar.gz.asc New: libxml2-2.9.4-fix_attribute_decoding.patch libxml2-2.9.4.tar.gz libxml2-2.9.4.tar.gz.asc Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.cVKM0d/_old 2016-06-12 18:51:34.0 +0200 +++ /var/tmp/diff_new_pack.cVKM0d/_new 2016-06-12 18:51:34.0 +0200 @@ -18,7 +18,7 @@ %define lname libxml2-2 Name: libxml2 -Version:2.9.3 +Version:2.9.4 Release:0 Summary:A Library to Manipulate XML Files License:MIT @@ -29,12 +29,8 @@ Source2:baselibs.conf Source3:%{name}.keyring Patch0: fix-perl.diff -# PATCH-FIX-SUSE bnc#972335 psim...@suse.com -- CVE-2016-3627 - stack exhaustion while parsing xml files in recovery mode -Patch1: libxml2-2.9.1-CVE-2016-3627.patch -# PATCH-FIX-SUSE bnc#975947 psim...@suse.com -- crash in xml validator -Patch2: 0001-Add-missing-increments-of-recursion-depth-counter-to.patch -# PATCH-FIX-UPSTREAM bnc#962796 kstreit...@suse.com -- parser fails with bogus UTF-8 encoding error -Patch3: libxml2-2.9.3-bogus_UTF-8_encoding_error.patch +# PATCH-FIX-UPSTREAM bnc#983288 kstreit...@suse.com -- fix attribute decoding during XML schema validation +Patch1: libxml2-2.9.4-fix_attribute_decoding.patch BuildRequires: fdupes BuildRequires: pkg-config BuildRequires: readline-devel @@ -131,8 +127,6 @@ %setup -q %patch0 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 %build %configure --disable-static \ ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.cVKM0d/_old 2016-06-12 18:51:34.0 +0200 +++ /var/tmp/diff_new_pack.cVKM0d/_new 2016-06-12 18:51:34.0 +0200 @@ -17,7 +17,7 @@ Name: python-libxml2 -Version:2.9.3 +Version:2.9.4 Release:0 Summary:Python Bindings for libxml2 License:MIT ++ libxml2-2.9.4-fix_attribute_decoding.patch ++ >From 256366ed60f8795279b25f7b7b55e8089b4c6ff4 Mon Sep 17 00:00:00 2001 From: Alex Henrie Date: Thu, 26 May 2016 17:38:35 -0600 Subject: [PATCH] Fix attribute decoding during XML schema validation For https://bugzilla.gnome.org/show_bug.cgi?id=766834 vctxt->parserCtxt is always NULL in xmlSchemaSAXHandleStartElementNs, so this function can't call xmlStringLenDecodeEntities to decode the entities. --- xmlschemas.c | 30 +- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/xmlschemas.c b/xmlschemas.c index e1b3a4f..59535e5 100644 --- a/xmlschemas.c +++ b/xmlschemas.c @@ -27391,6 +27391,7 @@ xmlSchemaSAXHandleStartElementNs(voi
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2016-05-25 21:21:23 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2016-05-08 10:38:37.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2016-05-25 21:21:24.0 +0200 @@ -1,0 +2,8 @@ +Fri May 20 14:59:32 UTC 2016 - kstreit...@suse.com + +- add libxml2-2.9.3-bogus_UTF-8_encoding_error.patch to fix XML + push parser that fails with bogus UTF-8 encoding error when + multi-byte character in large CDATA section is split across + buffer [bnc#962796] + +--- New: libxml2-2.9.3-bogus_UTF-8_encoding_error.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.KWq30B/_old 2016-05-25 21:21:25.0 +0200 +++ /var/tmp/diff_new_pack.KWq30B/_new 2016-05-25 21:21:25.0 +0200 @@ -33,6 +33,8 @@ Patch1: libxml2-2.9.1-CVE-2016-3627.patch # PATCH-FIX-SUSE bnc#975947 psim...@suse.com -- crash in xml validator Patch2: 0001-Add-missing-increments-of-recursion-depth-counter-to.patch +# PATCH-FIX-UPSTREAM bnc#962796 kstreit...@suse.com -- parser fails with bogus UTF-8 encoding error +Patch3: libxml2-2.9.3-bogus_UTF-8_encoding_error.patch BuildRequires: fdupes BuildRequires: pkg-config BuildRequires: readline-devel @@ -130,6 +132,7 @@ %patch0 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build %configure --disable-static \ ++ libxml2-2.9.3-bogus_UTF-8_encoding_error.patch ++ 604 lines (skipped)
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2016-05-08 10:38:36 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2016-03-26 15:20:25.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2016-05-08 10:38:37.0 +0200 @@ -1,0 +2,10 @@ +Tue May 3 11:40:42 UTC 2016 - sfl...@suse.de + +- Add libxml2-2.9.1-CVE-2016-3627.patch to fix stack exhaustion + while parsing certain XML files in recovery mode (CVE-2016-3627, + bnc#972335). + +- Add 0001-Add-missing-increments-of-recursion-depth-counter-to.patch + to improve protection against Billion Laughs Attack (bnc#975947). + +--- New: 0001-Add-missing-increments-of-recursion-depth-counter-to.patch libxml2-2.9.1-CVE-2016-3627.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.3PvXb1/_old 2016-05-08 10:38:38.0 +0200 +++ /var/tmp/diff_new_pack.3PvXb1/_new 2016-05-08 10:38:38.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,10 @@ Source2:baselibs.conf Source3:%{name}.keyring Patch0: fix-perl.diff +# PATCH-FIX-SUSE bnc#972335 psim...@suse.com -- CVE-2016-3627 - stack exhaustion while parsing xml files in recovery mode +Patch1: libxml2-2.9.1-CVE-2016-3627.patch +# PATCH-FIX-SUSE bnc#975947 psim...@suse.com -- crash in xml validator +Patch2: 0001-Add-missing-increments-of-recursion-depth-counter-to.patch BuildRequires: fdupes BuildRequires: pkg-config BuildRequires: readline-devel @@ -124,6 +128,8 @@ %prep %setup -q %patch0 +%patch1 -p1 +%patch2 -p1 %build %configure --disable-static \ ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.3PvXb1/_old 2016-05-08 10:38:38.0 +0200 +++ /var/tmp/diff_new_pack.3PvXb1/_new 2016-05-08 10:38:38.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-libxml2 # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ 0001-Add-missing-increments-of-recursion-depth-counter-to.patch ++ >From 6f0af3f6b9b1c5f82a2bb5ded65923437fee5d21 Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Fri, 15 Apr 2016 11:56:55 +0200 Subject: [PATCH 2/2] Add missing increments of recursion depth counter to XML parser. The functions xmlParserEntityCheck() and xmlParseAttValueComplex() used to call xmlStringDecodeEntities() in a recursive context without incrementing the 'depth' counter in the parser context. Because of that omission, the parser failed to detect attribute recursions in certain documents before running out of stack space. --- parser.c | 8 1 file changed, 8 insertions(+) diff --git a/parser.c b/parser.c index 9604a72..4da151f 100644 --- a/parser.c +++ b/parser.c @@ -144,8 +144,10 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, ent->checked = 1; +++ctxt->depth; rep = xmlStringDecodeEntities(ctxt, ent->content, XML_SUBSTITUTE_REF, 0, 0, 0); +--ctxt->depth; ent->checked = (ctxt->nbentities - oldnbent + 1) * 2; if (rep != NULL) { @@ -3966,8 +3968,10 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) { * an entity declaration, it is bypassed and left as is. * so XML_SUBSTITUTE_REF is not set here. */ +++ctxt->depth; ret = xmlStringDecodeEntities(ctxt, buf, XML_SUBSTITUTE_PEREF, 0, 0, 0); +--ctxt->depth; if (orig != NULL) *orig = buf; else @@ -4092,9 +4096,11 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { } else if ((ent != NULL) && (ctxt->replaceEntities != 0)) { if (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) { + ++ctxt->depth; rep = xmlStringDecodeEntities(ctxt, ent->content, XML_SUBSTITUTE_REF,
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2016-03-26 15:20:24 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2014-11-06 16:49:40.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2016-03-26 15:20:25.0 +0100 @@ -1,0 +2,13 @@ +Tue Nov 24 16:12:35 UTC 2015 - r...@fthiessen.de + +- Update to new upstream release 2.9.3 (bsc#954429): + * Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, +CVE-2015-1819, CVE-2015-7497, CVE-2015-7498, CVE-2015-5312, +CVE-2015-7499, CVE-2015-7500 and CVE-2015-8242 + * And other bugfixes +- Removed upstream fixed patches: + * libxml2-dont_initialize_catalog.patch + * 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch + * 0002-Adding-example-from-bugs-738805-to-regression-tests.patch + +--- Old: 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch 0002-Adding-example-from-bugs-738805-to-regression-tests.patch libxml2-2.9.2.tar.gz libxml2-2.9.2.tar.gz.asc libxml2-dont_initialize_catalog.patch New: libxml2-2.9.3.tar.gz libxml2-2.9.3.tar.gz.asc Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.fMPyRm/_old 2016-03-26 15:20:26.0 +0100 +++ /var/tmp/diff_new_pack.fMPyRm/_new 2016-03-26 15:20:26.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,28 +17,24 @@ %define lname libxml2-2 - Name: libxml2 -Version:2.9.2 +Version:2.9.3 Release:0 Summary:A Library to Manipulate XML Files License:MIT Group: System/Libraries Url:http://xmlsoft.org -# Source ftp://xmlsoft.org/libxml2/libxml2-git-snapshot.tar.gz changes every day Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source1:ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz.asc Source2:baselibs.conf Source3:%{name}.keyring Patch0: fix-perl.diff -Patch1: libxml2-dont_initialize_catalog.patch -Patch2: 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch -Patch3: 0002-Adding-example-from-bugs-738805-to-regression-tests.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: fdupes BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: xz-devel BuildRequires: zlib-devel +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The XML C library was initially developed for the GNOME project. It is @@ -56,11 +52,11 @@ The library also supports RelaxNG. Support for W3C XML Schemas is in progress. -%package -n %lname +%package -n %{lname} Summary:A Library to Manipulate XML Files Group: System/Libraries -%description -n %lname +%description -n %{lname} The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. @@ -128,14 +124,11 @@ %prep %setup -q %patch0 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 %build %configure --disable-static \ ---docdir=%_docdir/%name \ ---with-html-dir=%_docdir/%name/html \ +--docdir=%{_docdir}/%{name} \ +--with-html-dir=%{_docdir}/%{name}/html \ --with-fexceptions \ --with-history \ --without-python \ @@ -146,25 +139,26 @@ --with-reader \ --with-http -make %{?_smp_mflags} BASE_DIR="%_docdir" DOC_MODULE="%name" +make %{?_smp_mflags} BASE_DIR="%{_docdir}" DOC_MODULE="%{name}" %install -make install DESTDIR="%buildroot" BASE_DIR="%_docdir" DOC_MODULE="%name" -mkdir -p "%buildroot/%_docdir/%name" +make install DESTDIR=%{buildroot} BASE_DIR="%{_docdir}" DOC_MODULE="%{name}" +mkdir -p "%{buildroot}/%{_docdir}/%{name}" cp -a AUTHORS NEWS README COPYING* Copyright TODO* %{buildroot}%{_docdir}/%{name}/ ln -s libxml2/libxml %{buildroot}%{_includedir}/libxml +%fdupes %{buildroot}%{_datadir} %check # qemu-arm can't keep up atm, disabling check for arm %ifnarch %arm -make check +make %{?_smp_mflags} check %endif -%post -n %lname -p /sbin/ldconfig +%post -n %{lname} -p /sbin/ldconfig -%postun -n %lname -p /sbin/ldconfig +%postun -n %{lname} -p /sbin/ldconfig -%files -n %lname
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2014-11-06 16:49:37 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2014-10-19 19:27:55.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2014-11-06 16:49:40.0 +0100 @@ -1,0 +2,47 @@ +Mon Nov 3 17:13:24 UTC 2014 - vci...@suse.com + +- fix a missing entities after CVE-2014-3660 fix + (https://bugzilla.gnome.org/show_bug.cgi?id=738805) + * added patches: +0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch +0002-Adding-example-from-bugs-738805-to-regression-tests.patch + +--- +Mon Nov 3 10:01:23 UTC 2014 - vci...@suse.com + +- fix a regression in libxml2 2.9.2 + * https://bugzilla.redhat.com/show_bug.cgi?id=1153753 +- add libxml2-dont_initialize_catalog.patch + +--- +Fri Oct 31 10:55:27 UTC 2014 - vci...@suse.com + +- update to 2.9.2 + * drop libxml2-CVE-2014-3660.patch (upstream) + * add keyring to verify tarball + Security: + Fix for CVE-2014-3660 billion laugh variant + CVE-2014-0191 Do not fetch external parameter entities + Improvements: + win32/libxml2.def.src after rebuild in doc + elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() + elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode + Provide cmake module + Fix a couple of issues raised by make dist + Fix and add const qualifiers + Preparing for upcoming release of 2.9.2 + Fix zlib and lzma libraries check via command line + wrong error column in structured error when parsing end tag + doc/news.html: small update to avoid line join while generating NEWS. + Add methods for python3 iterator + Support element node traversal in document fragments + xmlNodeSetName: Allow setting the name to a substring of the currently set name + Added macros for argument casts + adding init calls to xml and html Read parsing entry points + Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c + Implement choice for name classes on attributes + Two small namespace tweaks + xmllint --memory should fail on empty files + Cast encoding name to char pointer to match arg type + +--- --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2.changes 2013-07-08 07:14:41.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2.changes 2014-11-06 16:49:40.0 +0100 @@ -1,0 +2,5 @@ +Fri Oct 31 10:55:27 UTC 2014 - vci...@suse.com + +- Update to 2.9.2 version + +--- Old: libxml2-2.9.1.tar.gz libxml2-CVE-2014-3660.patch New: 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch 0002-Adding-example-from-bugs-738805-to-regression-tests.patch libxml2-2.9.2.tar.gz libxml2-2.9.2.tar.gz.asc libxml2-dont_initialize_catalog.patch libxml2.keyring Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.fHeuZt/_old 2014-11-06 16:49:41.0 +0100 +++ /var/tmp/diff_new_pack.fHeuZt/_new 2014-11-06 16:49:41.0 +0100 @@ -19,7 +19,7 @@ %define lname libxml2-2 Name: libxml2 -Version:2.9.1 +Version:2.9.2 Release:0 Summary:A Library to Manipulate XML Files License:MIT @@ -27,9 +27,13 @@ Url:http://xmlsoft.org # Source ftp://xmlsoft.org/libxml2/libxml2-git-snapshot.tar.gz changes every day Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz +Source1:ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz.asc Source2:baselibs.conf +Source3:%{name}.keyring Patch0: fix-perl.diff -Patch1: libxml2-CVE-2014-3660.patch +Patch1: libxml2-dont_initialize_catalog.patch +Patch2: 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch +Patch3: 0002-Adding-example-from-bugs-738805-to-regression-tests.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -125,6 +129,8 @@ %setup -q %patch0 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build %configure --disable-static \ @@ -183,6 +189,7 @@ %{_libdir}/libxml2.la %{_libdir}/*.sh %{_libdir}/pkgconfig/*.pc +%{_libdir}/cmake %doc %{_mandir}/man1/xml2-config.1* %doc %{_mandir}/man3/libxml.3* ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.fHeuZt/_old 2014-11-06 16:49:41.0
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2014-10-19 19:27:51 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2014-08-25 11:03:13.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2014-10-19 19:27:55.0 +0200 @@ -1,0 +2,8 @@ +Fri Oct 17 13:58:17 UTC 2014 - vci...@suse.com + +- fix for CVE-2014-3660 (bnc#901546) + * denial of service via recursive entity expansion +(related to billion laughs) + * added libxml2-CVE-2014-3660.patch + +--- New: libxml2-CVE-2014-3660.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.OCM0A4/_old 2014-10-19 19:27:55.0 +0200 +++ /var/tmp/diff_new_pack.OCM0A4/_new 2014-10-19 19:27:55.0 +0200 @@ -29,6 +29,7 @@ Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source2:baselibs.conf Patch0: fix-perl.diff +Patch1: libxml2-CVE-2014-3660.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -123,6 +124,7 @@ %prep %setup -q %patch0 +%patch1 -p1 %build %configure --disable-static \ ++ libxml2-CVE-2014-3660.patch ++ >From be2a7edaf289c5da74a4f9ed3a0b6c733e775230 Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Thu, 16 Oct 2014 13:59:47 +0800 Subject: Fix for CVE-2014-3660 Issues related to the billion laugh entity expansion which happened to escape the initial set of fixes diff --git a/parser.c b/parser.c index f51e8d2..1d93967 100644 --- a/parser.c +++ b/parser.c @@ -130,6 +130,29 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, return (0); if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) return (1); + +/* + * This may look absurd but is needed to detect + * entities problems + */ +if ((ent != NULL) && (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) && + (ent->content != NULL) && (ent->checked == 0)) { + unsigned long oldnbent = ctxt->nbentities; + xmlChar *rep; + + ent->checked = 1; + + rep = xmlStringDecodeEntities(ctxt, ent->content, + XML_SUBSTITUTE_REF, 0, 0, 0); + + ent->checked = (ctxt->nbentities - oldnbent + 1) * 2; + if (rep != NULL) { + if (xmlStrchr(rep, '<')) + ent->checked |= 1; + xmlFree(rep); + rep = NULL; + } +} if (replacement != 0) { if (replacement < XML_MAX_TEXT_LENGTH) return(0); @@ -189,9 +212,12 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, return (0); } else { /* - * strange we got no data for checking just return + * strange we got no data for checking */ -return (0); + if (((ctxt->lastError.code != XML_ERR_UNDECLARED_ENTITY) && +(ctxt->lastError.code != XML_WAR_UNDECLARED_ENTITY)) || + (ctxt->nbentities <= 1)) + return (0); } xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); return (1); @@ -2589,6 +2615,7 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) { name, NULL); ctxt->valid = 0; } + xmlParserEntityCheck(ctxt, 0, NULL, 0); } else if (ctxt->input->free != deallocblankswrapper) { input = xmlNewBlanksWrapperInputStream(ctxt, entity); if (xmlPushInput(ctxt, input) < 0) @@ -2759,6 +2786,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, if ((ctxt->lastError.code == XML_ERR_ENTITY_LOOP) || (ctxt->lastError.code == XML_ERR_INTERNAL_ERROR)) goto int_error; + xmlParserEntityCheck(ctxt, 0, ent, 0); if (ent != NULL) ctxt->nbentities += ent->checked / 2; if ((ent != NULL) && @@ -2810,6 +2838,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, ent = xmlParseStringPEReference(ctxt, &str); if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) goto int_error; + xmlParserEntityCheck(ctxt, 0, ent, 0); if (ent != NULL) ctxt->nbentities += ent->checked / 2; if (ent != NULL) { @@ -7312,6 +7341,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { (ret != XML_WAR_UNDECLARED_ENTITY)) { xmlFatalErrMsgS
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2014-08-25 11:02:51 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2014-06-18 22:04:36.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2014-08-25 11:03:13.0 +0200 @@ -1,0 +2,5 @@ +Mon Aug 18 15:42:34 UTC 2014 - fcro...@suse.com + +- Add obsoletes/provides to baselibs.conf. + +--- Other differences: -- python-libxml2.spec: same change ++ baselibs.conf ++ --- /var/tmp/diff_new_pack.giO7ml/_old 2014-08-25 11:03:14.0 +0200 +++ /var/tmp/diff_new_pack.giO7ml/_new 2014-08-25 11:03:14.0 +0200 @@ -1,4 +1,6 @@ libxml2-2 +obsoletes "libxml2- < " +provides "libxml2- = " libxml2-devel requires -libxml2- requires "libxml2-2- = " -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2014-06-18 22:04:33 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2014-05-26 10:28:13.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2014-06-18 22:04:36.0 +0200 @@ -1,0 +2,6 @@ +Thu Jun 5 08:30:58 UTC 2014 - vci...@suse.com + +- temporarily reverting libxml2-CVE-2014-0191.patch until there is a fix + that doesn't break other applications + +--- Old: libxml2-CVE-2014-0191.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.af0Z2y/_old 2014-06-18 22:04:36.0 +0200 +++ /var/tmp/diff_new_pack.af0Z2y/_new 2014-06-18 22:04:36.0 +0200 @@ -29,7 +29,6 @@ Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source2:baselibs.conf Patch0: fix-perl.diff -Patch1: libxml2-CVE-2014-0191.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -124,7 +123,6 @@ %prep %setup -q %patch0 -%patch1 -p1 %build %configure --disable-static \ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2014-05-26 10:28:11 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2013-08-04 16:55:48.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2014-05-26 10:28:13.0 +0200 @@ -1,0 +2,8 @@ +Fri May 23 15:01:54 UTC 2014 - vci...@suse.com + +- fix for CVE-2014-0191 (bnc#876652) + * libxml2: external parameter entity loaded when entity +substitution is disabled + * added libxml2-CVE-2014-0191.patch + +--- New: libxml2-CVE-2014-0191.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.QXKXtu/_old 2014-05-26 10:28:15.0 +0200 +++ /var/tmp/diff_new_pack.QXKXtu/_new 2014-05-26 10:28:15.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,7 @@ Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source2:baselibs.conf Patch0: fix-perl.diff +Patch1: libxml2-CVE-2014-0191.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -123,6 +124,7 @@ %prep %setup -q %patch0 +%patch1 -p1 %build %configure --disable-static \ ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.QXKXtu/_old 2014-05-26 10:28:15.0 +0200 +++ /var/tmp/diff_new_pack.QXKXtu/_new 2014-05-26 10:28:15.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-libxml2 # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ libxml2-CVE-2014-0191.patch ++ >From 9cd1c3cfbd32655d60572c0a413e017260c854df Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Tue, 22 Apr 2014 15:30:56 +0800 Subject: Do not fetch external parameter entities Unless explicitely asked for when validating or replacing entities with their value. Problem pointed out by Daniel Berrange >From 7c3c663e4f844aaecbb0cfc29567fe2ee9506fc4 Mon Sep 17 00:00:00 2001 From: Alexandre Rostovtsev Date: Fri, 16 May 2014 22:46:00 -0400 Subject: [PATCH] xmllint: a posteriori validation needs to load exernal entities For https://bugzilla.gnome.org/show_bug.cgi?id=730290 Index: libxml2-2.9.1/parser.c === --- libxml2-2.9.1.orig/parser.c 2013-04-16 15:39:18.0 +0200 +++ libxml2-2.9.1/parser.c 2014-05-23 11:26:43.344897186 +0200 @@ -2595,6 +2595,20 @@ xmlParserHandlePEReference(xmlParserCtxt xmlCharEncoding enc; /* +* Note: external parsed entities will not be loaded, it is +* not required for a non-validating parser, unless the +* option of validating, or substituting entities were +* given. Doing so is far more secure as the parser will +* only process data coming from the document entity by +* default. +*/ +if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && + ((ctxt->options & XML_PARSE_NOENT) == 0) && + ((ctxt->options & XML_PARSE_DTDVALID) == 0) && + (ctxt->validate == 0)) + return; + + /* * handle the extra spaces added before and after * c.f. http://www.w3.org/TR/REC-xml#as-PE * this is done independently. Index: libxml2-2.9.1/xmllint.c === --- libxml2-2.9.1.orig/xmllint.c2013-03-27 04:31:47.0 +0100 +++ libxml2-2.9.1/xmllint.c 2014-05-23 11:26:43.344897186 +0200 @@ -3505,7 +3505,12 @@ main(int argc, char **argv) { xmlLoadExtDtdDefaultValue |= XML_COMPLETE_ATTRS; if (noent != 0) xmlSubstituteEntitiesDefault(1); #ifdef LIBXML_VALID_ENABLED -if (valid != 0) xmlDoValidityCheckingDefaultValue = 1; +/* If we will validat
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2013-08-04 16:55:46 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2013-04-20 17:49:24.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2013-08-04 16:55:48.0 +0200 @@ -1,0 +2,12 @@ +Fri Aug 2 12:57:36 UTC 2013 - vci...@suse.com + +- update to 2.9.1 + dropped patches (in upstream): + * libxml2-2.9.0-CVE-2012-5134.patch + * libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch + * libxml2-CVE-2013-1969.patch + New features: + * Support for Python3 + * Add xmlXPathSetContextNode and xmlXPathNodeEval + +--- Old: libxml2-2.9.0-CVE-2012-5134.patch libxml2-2.9.0.tar.gz libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch libxml2-CVE-2013-1969.patch New: libxml2-2.9.1.tar.gz Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.J9UxYr/_old 2013-08-04 16:55:49.0 +0200 +++ /var/tmp/diff_new_pack.J9UxYr/_new 2013-08-04 16:55:49.0 +0200 @@ -19,7 +19,7 @@ %define lname libxml2-2 Name: libxml2 -Version:2.9.0 +Version:2.9.1 Release:0 Summary:A Library to Manipulate XML Files License:MIT @@ -29,10 +29,6 @@ Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source2:baselibs.conf Patch0: fix-perl.diff -# PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334) -Patch1: libxml2-2.9.0-CVE-2012-5134.patch -Patch4: libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch -Patch5: libxml2-CVE-2013-1969.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -127,9 +123,6 @@ %prep %setup -q %patch0 -%patch1 -p1 -%patch4 -p1 -%patch5 -p1 %build %configure --disable-static \ ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.J9UxYr/_old 2013-08-04 16:55:49.0 +0200 +++ /var/tmp/diff_new_pack.J9UxYr/_new 2013-08-04 16:55:49.0 +0200 @@ -17,7 +17,7 @@ Name: python-libxml2 -Version:2.9.0 +Version:2.9.1 Release:0 Summary:Python Bindings for libxml2 License:MIT ++ libxml2-2.9.0.tar.gz -> libxml2-2.9.1.tar.gz ++ 17241 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2013-07-08 07:14:40 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2" Changes: --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2.changes 2012-12-19 11:14:13.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2.changes 2013-07-08 07:14:41.0 +0200 @@ -1,0 +2,5 @@ +Sun Jul 7 06:00:42 UTC 2013 - co...@suse.com + +- buildignore python to avoid build cycle + +--- Other differences: -- ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.k2syoV/_old 2013-07-08 07:14:42.0 +0200 +++ /var/tmp/diff_new_pack.k2syoV/_new 2013-07-08 07:14:42.0 +0200 @@ -27,6 +27,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libxml2-devel BuildRequires: python-devel +#!BuildIgnore: python BuildRequires: python-xml Requires: libxml2-2 = %{version} # Uncomment to save space: -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2013-04-20 17:49:22 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2013-03-22 11:56:16.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2013-04-20 17:49:24.0 +0200 @@ -1,0 +2,6 @@ +Thu Apr 18 14:07:49 UTC 2013 - vci...@suse.com + +- fix for CVE-2013-1969 (bnc#815665) + * libxml2-CVE-2013-1969.patch + +--- New: libxml2-CVE-2013-1969.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.8fzHuX/_old 2013-04-20 17:49:26.0 +0200 +++ /var/tmp/diff_new_pack.8fzHuX/_new 2013-04-20 17:49:26.0 +0200 @@ -32,6 +32,7 @@ # PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334) Patch1: libxml2-2.9.0-CVE-2012-5134.patch Patch4: libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch +Patch5: libxml2-CVE-2013-1969.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -128,6 +129,7 @@ %patch0 %patch1 -p1 %patch4 -p1 +%patch5 -p1 %build %configure --disable-static \ ++ libxml2-CVE-2013-1969.patch ++ >From de0cc20c29cb3f056062925395e0f68d2250a46f Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Tue, 12 Feb 2013 08:55:34 + Subject: Fix some buffer conversion issues https://bugzilla.gnome.org/show_bug.cgi?id=690202 Buffer overflow errors originating from xmlBufGetInputBase in 2.9.0 The pointers from the context input were not properly reset after that call which can do reallocations. --- diff --git a/HTMLparser.c b/HTMLparser.c index a533f37..6b83654 100644 --- a/HTMLparser.c +++ b/HTMLparser.c @@ -6054,6 +6054,8 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk, int size, if ((in->encoder != NULL) && (in->buffer != NULL) && (in->raw != NULL)) { int nbchars; + size_t base = xmlBufGetInputBase(in->buffer, ctxt->input); + size_t current = ctxt->input->cur - ctxt->input->base; nbchars = xmlCharEncInput(in); if (nbchars < 0) { @@ -6061,6 +6063,7 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk, int size, "encoder error\n", NULL, NULL); return(XML_ERR_INVALID_ENCODING); } + xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current); } } } diff --git a/parser.c b/parser.c index 31f90d6..1c99051 100644 --- a/parser.c +++ b/parser.c @@ -12126,7 +12126,7 @@ xmldecl_done: remain = 0; } } - res =xmlParserInputBufferPush(ctxt->input->buf, size, chunk); + res = xmlParserInputBufferPush(ctxt->input->buf, size, chunk); if (res < 0) { ctxt->errNo = XML_PARSER_EOF; ctxt->disableSAX = 1; @@ -12143,6 +12143,8 @@ xmldecl_done: if ((in->encoder != NULL) && (in->buffer != NULL) && (in->raw != NULL)) { int nbchars; + size_t base = xmlBufGetInputBase(in->buffer, ctxt->input); + size_t current = ctxt->input->cur - ctxt->input->base; nbchars = xmlCharEncInput(in); if (nbchars < 0) { @@ -12151,6 +12153,7 @@ xmldecl_done: "xmlParseChunk: encoder error\n"); return(XML_ERR_INVALID_ENCODING); } + xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current); } } } @@ -12190,7 +12193,14 @@ xmldecl_done: } if ((end_in_lf == 1) && (ctxt->input != NULL) && (ctxt->input->buf != NULL)) { + size_t base = xmlBufGetInputBase(ctxt->input->buf->buffer, +ctxt->input); + size_t current = ctxt->input->cur - ctxt->input->base; + xmlParserInputBufferPush(ctxt->input->buf, 1, "\r"); + + xmlBufSetInputBaseCur(ctxt->input->buf->buffer, ctxt->input, + base, current); } if (terminate) { /* -- cgit v0.9.1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2013-03-22 11:56:15 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-12-19 11:14:13.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2013-03-22 11:56:16.0 +0100 @@ -1,0 +2,6 @@ +Thu Mar 7 13:28:59 UTC 2013 - vci...@suse.com + +- fix for CVE-2013-0338 (bnc#805233) + libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch + +--- New: libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.Oz8PoD/_old 2013-03-22 11:56:18.0 +0100 +++ /var/tmp/diff_new_pack.Oz8PoD/_new 2013-03-22 11:56:18.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,6 +31,7 @@ Patch0: fix-perl.diff # PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334) Patch1: libxml2-2.9.0-CVE-2012-5134.patch +Patch4: libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -126,6 +127,7 @@ %setup -q %patch0 %patch1 -p1 +%patch4 -p1 %build %configure --disable-static \ ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.Oz8PoD/_old 2013-03-22 11:56:18.0 +0100 +++ /var/tmp/diff_new_pack.Oz8PoD/_new 2013-03-22 11:56:18.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-libxml2 # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch ++ >From 23f05e0c33987d6605387b300c4be5da2120a7ab Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Tue, 19 Feb 2013 10:21:49 +0800 Subject: [PATCH] Detect excessive entities expansion upon replacement If entities expansion in the XML parser is asked for, it is possble to craft relatively small input document leading to excessive on-the-fly content generation. This patch accounts for those replacement and stop parsing after a given threshold. it can be bypassed as usual with the HUGE parser option. --- include/libxml/parser.h |1 + parser.c| 44 ++-- parserInternals.c |2 ++ 3 files changed, 41 insertions(+), 6 deletions(-) diff --git a/include/libxml/parser.h b/include/libxml/parser.h index e1346e4..3f5730d 100644 --- a/include/libxml/parser.h +++ b/include/libxml/parser.h @@ -310,6 +310,7 @@ struct _xmlParserCtxt { xmlParserNodeInfo *nodeInfoTab; /* array of nodeInfos */ intinput_id; /* we need to label inputs */ +unsigned long sizeentcopy; /* volume of entity copy */ }; /** diff --git a/parser.c b/parser.c index 91f8c90..ddf3b5b 100644 --- a/parser.c +++ b/parser.c @@ -122,7 +122,7 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID, */ static int xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, - xmlEntityPtr ent) + xmlEntityPtr ent, size_t replacement) { size_t consumed = 0; @@ -130,7 +130,24 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, return (0); if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) return (1); -if (size != 0) { +if (replacement != 0) { + if (replacement < XML_MAX_TEXT_LENGTH) + return(0); + +/* +* If the volume of entity copy reaches 10 times the +* amount of parsed data and over the large text threshold +* then that's very likely to be an abuse. +*/ +if (ctxt->input != NULL) { + consumed = ctxt->input->consumed + + (ctxt->input->cur - ctxt->input->base); + } +consumed += ctxt->sizeentities; + +if (replacement < XML_PARSER_NON_LINEA
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-12-19 11:14:09 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-12-10 17:16:53.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-12-19 11:14:13.0 +0100 @@ -1,0 +2,9 @@ +Sat Dec 15 15:55:26 UTC 2012 - p.drou...@gmail.com + +- update to 2.9.0 version: + * please see the Changelog +- Updated patchs to get working with new version: + * libxml2-2.9.0-CVE-2012-5134.patch ( libxml2-CVE-2012-5134.patch ) + * fix-perl.diff + +--- --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2.changes 2012-09-23 08:30:39.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2.changes 2012-12-19 11:14:13.0 +0100 @@ -1,0 +2,9 @@ +Sat Dec 15 15:55:26 UTC 2012 - p.drou...@gmail.com + +- update to 2.9.0 version: + * please see the Changelog +- Updated patchs to get working with new version: + * libxml2-2.9.0-CVE-2012-5134.patch ( libxml2-CVE-2012-5134.patch ) + * fix-perl.diff + +--- @@ -5 +14 @@ - * please se ChangeLog for more info + * please see ChangeLog for more info Old: libxml2-2.8.0.tar.gz libxml2-CVE-2012-5134.patch New: libxml2-2.9.0-CVE-2012-5134.patch libxml2-2.9.0.tar.gz Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.jH9nI9/_old 2012-12-19 11:14:16.0 +0100 +++ /var/tmp/diff_new_pack.jH9nI9/_new 2012-12-19 11:14:16.0 +0100 @@ -19,7 +19,7 @@ %define lname libxml2-2 Name: libxml2 -Version:2.8.0 +Version:2.9.0 Release:0 Summary:A Library to Manipulate XML Files License:MIT @@ -30,7 +30,7 @@ Source2:baselibs.conf Patch0: fix-perl.diff # PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334) -Patch1: libxml2-CVE-2012-5134.patch +Patch1: libxml2-2.9.0-CVE-2012-5134.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -104,9 +104,7 @@ Summary:A Library to Manipulate XML Files Group: System/Libraries Requires: %{lname} = %{version} -%if 0%{?suse_version} >= 1120 BuildArch: noarch -%endif %description doc The XML C library was initially developed for the GNOME project. It is ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.jH9nI9/_old 2012-12-19 11:14:16.0 +0100 +++ /var/tmp/diff_new_pack.jH9nI9/_new 2012-12-19 11:14:16.0 +0100 @@ -17,7 +17,7 @@ Name: python-libxml2 -Version:2.8.0 +Version:2.9.0 Release:0 Summary:Python Bindings for libxml2 License:MIT ++ fix-perl.diff ++ --- /var/tmp/diff_new_pack.jH9nI9/_old 2012-12-19 11:14:16.0 +0100 +++ /var/tmp/diff_new_pack.jH9nI9/_new 2012-12-19 11:14:16.0 +0100 @@ -11,9 +11,9 @@ Index: SAX2.c === SAX2.c.orig -+++ SAX2.c -@@ -2162,7 +2162,6 @@ xmlSAX2StartElementNs(void *ctx, +--- SAX2.c.orig2012-09-11 08:01:01.0 +0200 SAX2.c 2012-12-15 16:32:27.353560391 +0100 +@@ -2188,7 +2188,6 @@ xmlNodePtr parent; xmlNsPtr last = NULL, ns; const xmlChar *uri, *pref; @@ -21,7 +21,7 @@ int i, j; if (ctx == NULL) return; -@@ -2182,20 +2181,6 @@ xmlSAX2StartElementNs(void *ctx, +@@ -2208,20 +2207,6 @@ } /* @@ -42,7 +42,7 @@ * allocate the node */ if (ctxt->freeElems != NULL) { -@@ -2208,10 +2193,7 @@ xmlSAX2StartElementNs(void *ctx, +@@ -2234,10 +2219,7 @@ if (ctxt->dictNames) ret->name = localname; else { @@ -54,20 +54,20 @@ if (ret->name == NULL) { xmlSAX2ErrMemory(ctxt, "xmlSAX2StartElementNs"); return; -@@ -2223,11 +2205,8 @@ xmlSAX2StartElementNs(void *ctx, +@@ -2249,11 +2231,8 @@ if (ctxt->dictNames) - ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, + ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, (xmlChar *) localname, NULL); - else if (lname == NULL) - ret = xmlNewDocNode(ctxt->myDoc, NULL, localname, NULL); else -- ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, +- ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, -
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-12-10 17:16:52 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-09-26 16:21:27.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-12-10 17:16:53.0 +0100 @@ -1,0 +2,5 @@ +Fri Dec 7 10:49:11 UTC 2012 - vci...@suse.com + +- Add libxml2-CVE-2012-5134.patch to fix CVE-2012-5134 (bnc#793334) + +--- New: libxml2-CVE-2012-5134.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.EgdYt5/_old 2012-12-10 17:16:55.0 +0100 +++ /var/tmp/diff_new_pack.EgdYt5/_new 2012-12-10 17:16:55.0 +0100 @@ -29,6 +29,8 @@ Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source2:baselibs.conf Patch0: fix-perl.diff +# PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334) +Patch1: libxml2-CVE-2012-5134.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -125,6 +127,7 @@ %prep %setup -q %patch0 +%patch1 -p1 %build %configure --disable-static \ ++ libxml2-CVE-2012-5134.patch ++ >From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Mon, 29 Oct 2012 02:39:55 + Subject: Fix potential out of bound access --- Index: libxml2-2.8.0/parser.c === --- libxml2-2.8.0.orig/parser.c 2012-05-18 09:30:30.0 +0200 +++ libxml2-2.8.0/parser.c 2012-12-07 12:00:57.111732279 +0100 @@ -3931,7 +3931,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr c = CUR_CHAR(l); } if ((in_space) && (normalize)) { -while (buf[len - 1] == 0x20) len--; +while ((len > 0) && (buf[len - 1] == 0x20)) len--; } buf[len] = 0; if (RAW == '<') { -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-09-26 16:21:26 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-09-23 21:28:40.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-09-26 16:21:27.0 +0200 @@ -1,0 +2,6 @@ +Sun Sep 23 19:40:30 UTC 2012 - dims...@opensuse.org + +- Add a comment next to libxml2.la to make sure that anybody + removing it knows why it's there and reconsiders. + +--- Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.eYmxwh/_old 2012-09-26 16:21:28.0 +0200 +++ /var/tmp/diff_new_pack.eYmxwh/_new 2012-09-26 16:21:28.0 +0200 @@ -179,6 +179,7 @@ %{_includedir}/libxml %{_includedir}/libxml2 %{_libdir}/lib*.so +# libxml2.la is needed for the python-libxml2 build. Deleting it breaks build of python-libxml2. %{_libdir}/libxml2.la %{_libdir}/*.sh %{_libdir}/pkgconfig/*.pc -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-09-23 21:28:39 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-09-23 08:30:39.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-09-23 21:28:40.0 +0200 @@ -1,0 +2,5 @@ +Sun Sep 23 19:28:04 UTC 2012 - co...@suse.com + +- readd .la file, python-libxml2 needs it + +--- Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.g7sCK7/_old 2012-09-23 21:28:41.0 +0200 +++ /var/tmp/diff_new_pack.g7sCK7/_new 2012-09-23 21:28:41.0 +0200 @@ -144,7 +144,6 @@ %install make install DESTDIR="%buildroot" BASE_DIR="%_docdir" DOC_MODULE="%name" -rm -f "%buildroot/%_libdir"/*.la mkdir -p "%buildroot/%_docdir/%name" cp -a AUTHORS NEWS README COPYING* Copyright TODO* %{buildroot}%{_docdir}/%{name}/ ln -s libxml2/libxml %{buildroot}%{_includedir}/libxml @@ -180,6 +179,7 @@ %{_includedir}/libxml %{_includedir}/libxml2 %{_libdir}/lib*.so +%{_libdir}/libxml2.la %{_libdir}/*.sh %{_libdir}/pkgconfig/*.pc %doc %{_mandir}/man1/xml2-config.1* -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-09-23 08:30:37 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-03-12 20:15:25.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-09-23 08:30:39.0 +0200 @@ -1,0 +2,14 @@ +Fri Sep 21 18:04:16 UTC 2012 - jeng...@inai.de + +- Remove .la files; make sure installation succeeds for + Fedora_17 target + +--- +Tue Jun 12 18:10:07 UTC 2012 - ch...@computersalat.de + +- update to 2.8.0 + * please se ChangeLog for more info +- remove obsolete bigendian64 patch +- rebase fix-perl patch + +--- --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2.changes 2012-02-25 09:49:12.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2.changes 2012-09-23 08:30:39.0 +0200 @@ -1,0 +2,6 @@ +Tue Jun 12 18:10:07 UTC 2012 - ch...@computersalat.de + +- update to 2.8.0 + * please se ChangeLog for more info + +--- Old: bigendian64.patch libxml2-git-snapshot.tar.gz New: libxml2-2.8.0.tar.gz Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.9HuE9y/_old 2012-09-23 08:30:43.0 +0200 +++ /var/tmp/diff_new_pack.9HuE9y/_new 2012-09-23 08:30:43.0 +0200 @@ -15,25 +15,25 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + %define lname libxml2-2 Name: libxml2 -Version:2.7.8+git20120223 +Version:2.8.0 Release:0 Summary:A Library to Manipulate XML Files License:MIT Group: System/Libraries Url:http://xmlsoft.org # Source ftp://xmlsoft.org/libxml2/libxml2-git-snapshot.tar.gz changes every day -Source: libxml2-git-snapshot.tar.gz +Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source2:baselibs.conf -Patch0: bigendian64.patch -Patch1: fix-perl.diff +Patch0: fix-perl.diff +BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: xz-devel BuildRequires: zlib-devel -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The XML C library was initially developed for the GNOME project. It is @@ -74,8 +74,8 @@ %package tools Summary:Tools using libxml Group: System/Libraries -Provides: %name = %version-%release -Obsoletes: %name < 2.7.8+git20120223 +Provides: %{name} = %{version}-%{release} +Obsoletes: %{name} < %{version}-%{release} %description tools This package contains xmllint, a very useful tool proving libxml's power. @@ -83,8 +83,8 @@ %package devel Summary:Include Files and Libraries mandatory for Development Group: Development/Libraries/C and C++ -Requires: %name-tools = %{version} Requires: %{lname} = %{version} +Requires: %{name}-tools = %{version} Requires: glibc-devel Requires: readline-devel Requires: xz-devel @@ -123,13 +123,13 @@ progress. %prep -%setup -q -n %{name}-2.7.8 -%patch0 -p0 -%patch1 -p1 -R +%setup -q +%patch0 %build %configure --disable-static \ ---with-html-subdir=packages/%{name}/html \ +--docdir=%_docdir/%name \ +--with-html-dir=%_docdir/%name/html \ --with-fexceptions \ --with-history \ --without-python \ @@ -140,10 +140,12 @@ --with-reader \ --with-http -make %{?_smp_mflags} DOC_MODULE=packages/%{name} +make %{?_smp_mflags} BASE_DIR="%_docdir" DOC_MODULE="%name" %install -%makeinstall DOC_MODULE=packages/%{name} +make install DESTDIR="%buildroot" BASE_DIR="%_docdir" DOC_MODULE="%name" +rm -f "%buildroot/%_libdir"/*.la +mkdir -p "%buildroot/%_docdir/%name" cp -a AUTHORS NEWS README COPYING* Copyright TODO* %{buildroot}%{_docdir}/%{name}/ ln -s libxml2/libxml %{buildroot}%{_includedir}/libxml @@ -178,7 +180,6 @@ %{_includedir}/libxml %{_includedir}/libxml2 %{_libdir}/lib*.so -%{_libdir}/libxml2.la %{_libdir}/*.sh %{_libdir}/pkgconfig/*.pc %doc %{_mandir}/man1/xml2-config.1* ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.9HuE9y/_old 2012-09-23 08:30:43.0 +0200 +++ /var/tmp/diff_new_pack.9HuE9y/_new 2012-09-23 08:30:43.0 +0200 @@ -15,23 +15,24 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ #
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-03-12 20:15:24 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-03-07 20:09:40.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-03-12 20:15:25.0 +0100 @@ -1,0 +2,7 @@ +Sun Mar 11 21:00:19 UTC 2012 - jeng...@medozas.de + +- libxml2-2 should not require libxml2-tools. There is no trouble + expected, since attempting to install libxml2 will already pull + in libxml2-tools due to Provides tags. + +--- Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.JfFwzw/_old 2012-03-12 20:15:27.0 +0100 +++ /var/tmp/diff_new_pack.JfFwzw/_new 2012-03-12 20:15:27.0 +0100 @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - %define lname libxml2-2 Name: libxml2 @@ -55,10 +54,6 @@ %package -n %lname Summary:A Library to Manipulate XML Files Group: System/Libraries -# this is technically not true, but all other suse versions and fedora -# have the tools in "libxml2", so avoid too much trouble and always install -# them for now -Requires: %name-tools %description -n %lname The XML C library was initially developed for the GNOME project. It is @@ -79,7 +74,7 @@ %package tools Summary:Tools using libxml Group: System/Libraries -Provides: %name = %version +Provides: %name = %version-%release Obsoletes: %name < 2.7.8+git20120223 %description tools ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.JfFwzw/_old 2012-03-12 20:15:27.0 +0100 +++ /var/tmp/diff_new_pack.JfFwzw/_new 2012-03-12 20:15:27.0 +0100 @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - Name: python-libxml2 Version:2.7.8+git20120223 Release:0 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-03-07 20:09:37 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-03-02 13:49:15.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-03-07 20:09:40.0 +0100 @@ -1,0 +2,13 @@ +Mon Mar 5 10:18:12 UTC 2012 - co...@suse.com + +- revert the two commits that broke perl-XML-LibXML's test case, + I hope the two upstreams will figure it out + +--- +Fri Mar 2 16:47:56 UTC 2012 - co...@suse.com + +- update to git to fix some issues + * Fix a logic error in Schemas Component ConstraintsHEADmaster + * Fix a wrong enum type use in Schemas Types + +--- New: fix-perl.diff Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.HsTZMk/_old 2012-03-07 20:09:41.0 +0100 +++ /var/tmp/diff_new_pack.HsTZMk/_new 2012-03-07 20:09:41.0 +0100 @@ -29,6 +29,7 @@ Source: libxml2-git-snapshot.tar.gz Source2:baselibs.conf Patch0: bigendian64.patch +Patch1: fix-perl.diff BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: xz-devel @@ -129,6 +130,7 @@ %prep %setup -q -n %{name}-2.7.8 %patch0 -p0 +%patch1 -p1 -R %build %configure --disable-static \ ++ fix-perl.diff ++ commit 77b77b1301e052d90e6a0967534a698506afcd86 Author: Daniel Veillard Date: Thu Jan 26 19:11:02 2012 +0800 Fix SAX2 builder in case of undefined element namespaces Work as in XML-1.0 before namespaces, and use prefix:localname as the new element name (and no namespace of course) Also fix 3 cases in the regression tests where the prefix: was erroneously dropped in such case diff --git a/SAX2.c b/SAX2.c index c0482c0..0c48d65 100644 --- a/SAX2.c +++ b/SAX2.c @@ -2163,6 +2163,7 @@ xmlSAX2StartElementNs(void *ctx, xmlNodePtr parent; xmlNsPtr last = NULL, ns; const xmlChar *uri, *pref; +xmlChar *lname = NULL; int i, j; if (ctx == NULL) return; @@ -2182,6 +2183,20 @@ xmlSAX2StartElementNs(void *ctx, } /* + * Take care of the rare case of an undefined namespace prefix + */ +if ((prefix != NULL) && (URI == NULL)) { +if (ctxt->dictNames) { + const xmlChar *fullname; + + fullname = xmlDictQLookup(ctxt->dict, prefix, localname); + if (fullname != NULL) + localname = fullname; + } else { + lname = xmlBuildQName(localname, prefix, NULL, 0); + } +} +/* * allocate the node */ if (ctxt->freeElems != NULL) { @@ -2194,7 +2209,10 @@ xmlSAX2StartElementNs(void *ctx, if (ctxt->dictNames) ret->name = localname; else { - ret->name = xmlStrdup(localname); + if (lname == NULL) + ret->name = xmlStrdup(localname); + else + ret->name = lname; if (ret->name == NULL) { xmlSAX2ErrMemory(ctxt, "xmlSAX2StartElementNs"); return; @@ -2206,8 +2224,11 @@ xmlSAX2StartElementNs(void *ctx, if (ctxt->dictNames) ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, (xmlChar *) localname, NULL); - else + else if (lname == NULL) ret = xmlNewDocNode(ctxt->myDoc, NULL, localname, NULL); + else + ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, + (xmlChar *) lname, NULL); if (ret == NULL) { xmlSAX2ErrMemory(ctxt, "xmlSAX2StartElementNs"); return; diff --git a/result/namespaces/err_7.xml b/result/namespaces/err_7.xml index f4e5164..4b4c662 100644 --- a/result/namespaces/err_7.xml +++ b/result/namespaces/err_7.xml @@ -1,2 +1,2 @@ - + diff --git a/result/xmlid/id_tst2.xml b/result/xmlid/id_tst2.xml index 33ee896..856a320 100644 --- a/result/xmlid/id_tst2.xml +++ b/result/xmlid/id_tst2.xml @@ -1,6 +1,6 @@ Object is a Node Set : Set contains 1 nodes: -1 ELEMENT foo +1 ELEMENT n:foo ATTRIBUTE id TEXT content=bar diff --git a/result/xmlid/id_tst3.xml b/result/xmlid/id_tst3.xml index e2f8228..6d8865c 100644 --- a/result/xmlid/id_tst3.xml +++ b/result/xmlid/id_tst3.xml @@ -1,6 +1,6 @@ Object is a Node Set : Set contains 1 nodes: -1 ELEMENT o:o +1 ELEMENT f:o:o ATTRIBUTE id TEXT content=bar commit
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-03-02 13:49:01 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-02-26 10:14:24.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-03-02 13:49:15.0 +0100 @@ -1,0 +2,5 @@ +Thu Mar 1 18:36:33 CET 2012 - meiss...@suse.de + +- fixed a 64bit big endian bug in the file reader. + +--- New: bigendian64.patch Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.jUyqPd/_old 2012-03-02 13:49:18.0 +0100 +++ /var/tmp/diff_new_pack.jUyqPd/_new 2012-03-02 13:49:18.0 +0100 @@ -28,6 +28,7 @@ # Source ftp://xmlsoft.org/libxml2/libxml2-git-snapshot.tar.gz changes every day Source: libxml2-git-snapshot.tar.gz Source2:baselibs.conf +Patch0: bigendian64.patch BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: xz-devel @@ -127,6 +128,7 @@ %prep %setup -q -n %{name}-2.7.8 +%patch0 -p0 %build %configure --disable-static \ ++ bigendian64.patch ++ --- xzlib.c.xx 2012-03-01 17:23:54.0 + +++ xzlib.c 2012-03-01 17:24:48.0 + @@ -228,9 +228,14 @@ if (state->err != LZMA_OK) return -1; if (state->eof == 0) { +/* avail_in is size_t, which is not necessary sizeof(unsigned) */ +unsigned tmp = strm->avail_in; if (xz_load(state, state->in, state->size, -(unsigned *) &(strm->avail_in)) == -1) +&tmp) == -1) { +strm->avail_in = tmp; return -1; +} +strm->avail_in = tmp; strm->next_in = state->in; } return 0; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-02-26 10:14:22 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-02-25 09:09:52.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-02-26 10:14:24.0 +0100 @@ -1,0 +2,7 @@ +Sat Feb 25 13:50:54 UTC 2012 - co...@suse.com + +- the fallout of requiring libxml2-tools as explicit buildrequire + is just too large, so avoid it for now and create a cycle between + libxml2-2 and libxml2-tools + +--- Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.jg1G1V/_old 2012-02-26 10:14:26.0 +0100 +++ /var/tmp/diff_new_pack.jg1G1V/_new 2012-02-26 10:14:26.0 +0100 @@ -53,8 +53,10 @@ %package -n %lname Summary:A Library to Manipulate XML Files Group: System/Libraries -Provides: %name = %version -Obsoletes: %name < 2.7.8+git20120223 +# this is technically not true, but all other suse versions and fedora +# have the tools in "libxml2", so avoid too much trouble and always install +# them for now +Requires: %name-tools %description -n %lname The XML C library was initially developed for the GNOME project. It is @@ -75,7 +77,8 @@ %package tools Summary:Tools using libxml Group: System/Libraries -Provides: %name:/usr/bin/xmllint +Provides: %name = %version +Obsoletes: %name < 2.7.8+git20120223 %description tools This package contains xmllint, a very useful tool proving libxml's power. @@ -83,6 +86,7 @@ %package devel Summary:Include Files and Libraries mandatory for Development Group: Development/Libraries/C and C++ +Requires: %name-tools = %{version} Requires: %{lname} = %{version} Requires: glibc-devel Requires: readline-devel -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-02-25 09:49:11 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/python-libxml2.changes 2012-02-25 07:30:30.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2.changes 2012-02-25 09:49:12.0 +0100 @@ -1,0 +2,5 @@ +Sat Feb 25 08:47:58 UTC 2012 - co...@suse.com + +- fix version + +--- Other differences: -- ++ python-libxml2.spec ++ --- /var/tmp/diff_new_pack.NvzEgR/_old 2012-02-25 09:49:13.0 +0100 +++ /var/tmp/diff_new_pack.NvzEgR/_new 2012-02-25 09:49:13.0 +0100 @@ -17,7 +17,7 @@ Name: python-libxml2 -Version:2.7.8+git20110223 +Version:2.7.8+git20120223 Release:0 Summary:Python Bindings for libxml2 License:MIT -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-02-25 09:09:51 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-02-25 07:30:30.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-02-25 09:09:52.0 +0100 @@ -1,0 +2,6 @@ +Sat Feb 25 08:09:00 UTC 2012 - co...@suse.com + +- add provide for the old name to fix packages with explicit + library dependency + +--- Other differences: -- ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.LTk8SO/_old 2012-02-25 09:09:54.0 +0100 +++ /var/tmp/diff_new_pack.LTk8SO/_new 2012-02-25 09:09:54.0 +0100 @@ -53,6 +53,8 @@ %package -n %lname Summary:A Library to Manipulate XML Files Group: System/Libraries +Provides: %name = %version +Obsoletes: %name < 2.7.8+git20120223 %description -n %lname The XML C library was initially developed for the GNOME project. It is @@ -84,8 +86,8 @@ Requires: %{lname} = %{version} Requires: glibc-devel Requires: readline-devel -Requires: zlib-devel Requires: xz-devel +Requires: zlib-devel # bug437293 %ifarch ppc64 Obsoletes: libxml2-devel-64bit -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-02-25 07:30:28 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-02-15 16:16:54.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-02-25 07:30:30.0 +0100 @@ -1,0 +2,7 @@ +Thu Feb 23 10:42:16 UTC 2012 - co...@suse.com + +- update to today's GIT snapshot: +include XZ support +- split libxml2-2 according to shared library policy + +--- New Changes file: --- /dev/null 2010-08-26 16:28:41.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/python-libxml2.changes 2012-02-25 07:30:30.0 +0100 @@ -0,0 +1,1469 @@ +--- +Thu Feb 23 11:00:21 UTC 2012 - co...@suse.com + +- renamed to python-libxml2 to follow python naming expectations +- do not require python but let rpm figure it out + +--- +Mon Dec 26 17:08:59 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections + +--- +Fri Jul 8 08:52:06 UTC 2011 - sasc...@suse.de + +- update to libxml-2.7.8+git20110708 + - several important bugfixes + +--- +Mon Dec 6 09:05:53 UTC 2010 - co...@novell.com + +- buildrequire python-xml to fix build + +--- +Fri Dec 3 12:24:42 UTC 2010 - pu...@novell.com + +- update to libxml-2.7.8 + - number of bufixes, documentation and portability fixes + - update language ID parser to RFC 5646 + - sort python generated stubs + - add an HTML parser option to avoid a default doctype + - see http://xmlsoft.org/news.html for exact details +- clean up specfile + +--- +Wed Apr 7 16:34:29 UTC 2010 - co...@novell.com + +- fix build + +--- +Tue Mar 23 23:46:00 CET 2010 - mrd...@opensuse.org + +- update to 2.7.7 +- add extra options to ./configure for scribus features and avoid a crash +- updates from 2.7.3 > 2.7.7 include a number of portability, correctness + memory leaks and build fixes including some CVE +- see http://xmlsoft.org/news.html for exact details + +--- +Tue Dec 15 12:19:16 CET 2009 - jeng...@medozas.de + +- enable parallel building + +--- +Thu Mar 19 10:16:50 CET 2009 - prus...@suse.cz + +- updated to 2.7.2 + * Portability fix: fix solaris compilation problem, +fix compilation if XPath is not configured in + * Bug fixes: nasty entity bug introduced in 2.7.0, restore old +behaviour when saving an HTML doc with an xml dump function, +HTML UTF-8 parsing bug, fix reader custom error handlers +(Riccardo Scussat) + * Improvement: xmlSave options for more flexibility to save +as XML/HTML/XHTML, handle leading BOM in HTML documents +- updated to 2.7.3 + * Build fix: fix build when HTML support is not included. + * Bug fixes: avoid memory overflow in gigantic text nodes, +indentation problem on the writed (Rob Richards), +xmlAddChildList pointer problem (Rob Richards and Kevin Milburn), +xmlAddChild problem with attribute (Rob Richards and Kris Breuker), +avoid a memory leak in an edge case (Daniel Zimmermann), +deallocate some pthread data (Alex Ott). + * Improvements: configure option to avoid rebuilding docs +(Adrian Bunk), limit text nodes to 10MB max by default, +add element traversal APIs, add a parser option to enable +pre 2.7 SAX behavior (Rob Richards), +add gcc malloc checking (Marcus Meissner), +add gcc printf like functions parameters checking (Marcus Meissner). +- dropped obsoleted patches: + * alloc_size.patch (mainline) + * CVE-2008-4225.patch (mainline) + * CVE-2008-4226.patch (mainline) + * CVE-2008-4409.patch (mainline) + * oldsax.patch (mainline) + * pritnf.patch (mainline) + * xmlsave.patch (mainline) + +--- +Mon Jan 12 17:21:59 CET 2009 - prus...@suse.cz + +- added oldsax.patch to enable pre 2.7.0 sax behaviour [bnc#457056] + +--- +Wed Dec 10 12:34:56 CET 2008 - o...@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +--
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-02-15 16:16:36 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2-python.changes 2011-09-23 02:11:16.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2-python.changes 2012-02-15 16:16:54.0 +0100 @@ -1,0 +2,5 @@ +Mon Dec 26 17:08:59 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections + +--- --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2011-12-27 18:37:51.0 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-02-15 16:16:54.0 +0100 @@ -1,0 +2,5 @@ +Mon Dec 26 17:08:52 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections + +--- Other differences: -- ++ libxml2-python.spec ++ --- /var/tmp/diff_new_pack.Cbokbo/_old 2012-02-15 16:16:55.0 +0100 +++ /var/tmp/diff_new_pack.Cbokbo/_new 2012-02-15 16:16:55.0 +0100 @@ -16,13 +16,14 @@ # + Name: libxml2-python Version:2.7.8+git20110708 Release:0 Summary:Python Bindings for libxml2 License:MIT Group: Development/Libraries/Python -Url:http://xmlsoft.org +URL:http://xmlsoft.org Source: libxml2-%{version}.tar.bz2 Source1:libxml2-python-rpmlintrc BuildRequires: libxml2-devel @@ -79,9 +80,6 @@ # #223696 rm -f %{buildroot}%{py_sitedir}/*.{la,a} -%clean -rm -rf %{buildroot} - %files %defattr(-, root, root) %doc python/TODO ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.Cbokbo/_old 2012-02-15 16:16:55.0 +0100 +++ /var/tmp/diff_new_pack.Cbokbo/_new 2012-02-15 16:16:55.0 +0100 @@ -16,13 +16,14 @@ # + Name: libxml2 Version:2.7.8+git20110708 Release:0 Summary:A Library to Manipulate XML Files License:MIT Group: System/Libraries -Url:http://xmlsoft.org +URL:http://xmlsoft.org Source: %{name}-%{version}.tar.bz2 Source2:baselibs.conf BuildRequires: autoconf @@ -127,9 +128,6 @@ %postun -p /sbin/ldconfig -%clean -rm -rf %{buildroot} - %files %defattr(-, root, root) %doc %dir %{_docdir}/%{name} -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2011-12-27 18:37:09 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2011-09-23 02:11:16.0 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2011-12-27 18:37:51.0 +0100 @@ -1,0 +2,11 @@ +Wed Dec 21 10:24:19 UTC 2011 - co...@suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +--- +Tue Dec 20 11:05:01 UTC 2011 - co...@suse.com + +- own aclocal directory, there is no other reason to buildrequire + automake + +--- Other differences: -- ++ libxml2-python.spec ++ --- /var/tmp/diff_new_pack.GfH3Mk/_old 2011-12-27 18:37:52.0 +0100 +++ /var/tmp/diff_new_pack.GfH3Mk/_new 2011-12-27 18:37:52.0 +0100 @@ -16,18 +16,18 @@ # - Name: libxml2-python Version:2.7.8+git20110708 -Release:1 -License:MIT +Release:0 Summary:Python Bindings for libxml2 -Url:http://xmlsoft.org +License:MIT Group: Development/Libraries/Python +Url:http://xmlsoft.org Source: libxml2-%{version}.tar.bz2 Source1:libxml2-python-rpmlintrc BuildRequires: libxml2-devel -BuildRequires: python-devel python-xml +BuildRequires: python-devel +BuildRequires: python-xml %py_requires Requires: libxml2 = %{version} # Uncomment to save space: ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.GfH3Mk/_old 2011-12-27 18:37:52.0 +0100 +++ /var/tmp/diff_new_pack.GfH3Mk/_new 2011-12-27 18:37:52.0 +0100 @@ -16,16 +16,16 @@ # - Name: libxml2 Version:2.7.8+git20110708 -Release:1 -License:MIT +Release:0 Summary:A Library to Manipulate XML Files -Url:http://xmlsoft.org +License:MIT Group: System/Libraries +Url:http://xmlsoft.org Source: %{name}-%{version}.tar.bz2 Source2:baselibs.conf +BuildRequires: autoconf BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: zlib-devel @@ -52,7 +52,6 @@ progress. %package devel -License:MIT Summary:Include Files and Libraries mandatory for Development Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -69,7 +68,6 @@ to develop applications that require these. %package doc -License:MIT Summary:A Library to Manipulate XML Files Group: System/Libraries Requires: %{name} = %{version} @@ -145,6 +143,7 @@ %files devel %defattr(-, root, root) %{_bindir}/xml2-config +%dir %{_datadir}/aclocal %{_datadir}/aclocal/libxml.m4 %{_includedir}/libxml %{_includedir}/libxml2 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2011-12-06 18:26:27 Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) Package is "libxml2", Maintainer is "vci...@suse.com" Changes: libxml2.changes: same change Other differences: -- ++ libxml2-python.spec ++ --- /var/tmp/diff_new_pack.CeETVW/_old 2011-12-06 18:48:01.0 +0100 +++ /var/tmp/diff_new_pack.CeETVW/_new 2011-12-06 18:48:01.0 +0100 @@ -20,7 +20,7 @@ Name: libxml2-python Version:2.7.8+git20110708 Release:1 -License:MIT License (or similar) +License:MIT Summary:Python Bindings for libxml2 Url:http://xmlsoft.org Group: Development/Libraries/Python ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.CeETVW/_old 2011-12-06 18:48:01.0 +0100 +++ /var/tmp/diff_new_pack.CeETVW/_new 2011-12-06 18:48:01.0 +0100 @@ -20,7 +20,7 @@ Name: libxml2 Version:2.7.8+git20110708 Release:1 -License:MIT License (or similar) +License:MIT Summary:A Library to Manipulate XML Files Url:http://xmlsoft.org Group: System/Libraries @@ -52,7 +52,7 @@ progress. %package devel -License:MIT License (or similar) +License:MIT Summary:Include Files and Libraries mandatory for Development Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -69,7 +69,7 @@ to develop applications that require these. %package doc -License:MIT License (or similar) +License:MIT Summary:A Library to Manipulate XML Files Group: System/Libraries Requires: %{name} = %{version} -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at Mon Jul 11 12:30:03 CEST 2011. --- libxml2/libxml2-python.changes 2010-12-06 10:06:08.0 +0100 +++ /mounts/work_src_done/STABLE/libxml2/libxml2-python.changes 2011-07-11 11:00:19.0 +0200 @@ -1,0 +2,6 @@ +Fri Jul 8 08:52:06 UTC 2011 - sasc...@suse.de + +- update to libxml-2.7.8+git20110708 + - several important bugfixes + +--- --- libxml2/libxml2.changes 2011-06-29 14:11:23.0 +0200 +++ /mounts/work_src_done/STABLE/libxml2/libxml2.changes2011-07-08 11:01:40.0 +0200 @@ -1,0 +2,11 @@ +Fri Jul 8 08:52:06 UTC 2011 - sasc...@suse.de + +- update to libxml-2.7.8+git20110708 + - several important bugfixes +- drop upstreamed patches: + * libxml2-CVE-2010-4494.patch + * libxml2-CVE-2011-1944.patch + * noxref.patch + * symbol-versioning.patch + +--- calling whatdependson for head-i586 Old: libxml2-2.7.8.tar.bz2 libxml2-CVE-2010-4494.patch libxml2-CVE-2011-1944.patch noxref.patch symbol-versioning.patch New: libxml2-2.7.8+git20110708.tar.bz2 Other differences: -- ++ libxml2-python.spec ++ --- /var/tmp/diff_new_pack.flqead/_old 2011-07-11 12:29:28.0 +0200 +++ /var/tmp/diff_new_pack.flqead/_new 2011-07-11 12:29:28.0 +0200 @@ -18,8 +18,8 @@ Name: libxml2-python -Version:2.7.8 -Release:5 +Version:2.7.8+git20110708 +Release:1 License:MIT License (or similar) Summary:Python Bindings for libxml2 Url:http://xmlsoft.org @@ -45,7 +45,7 @@ either at parse time or later once the document has been modified. %prep -%setup -q -n libxml2-%{version} +%setup -q -n libxml2-2.7.8 %build # workaround for bnc#310196 ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.flqead/_old 2011-07-11 12:29:28.0 +0200 +++ /var/tmp/diff_new_pack.flqead/_new 2011-07-11 12:29:28.0 +0200 @@ -18,18 +18,14 @@ Name: libxml2 -Version:2.7.8 -Release:20 +Version:2.7.8+git20110708 +Release:1 License:MIT License (or similar) Summary:A Library to Manipulate XML Files Url:http://xmlsoft.org Group: System/Libraries Source: %{name}-%{version}.tar.bz2 Source2:baselibs.conf -Patch1: noxref.patch -Patch2: libxml2-CVE-2010-4494.patch -Patch3: symbol-versioning.patch -Patch4: libxml2-CVE-2011-1944.patch BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: zlib-devel @@ -98,11 +94,7 @@ progress. %prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 +%setup -q -n %{name}-2.7.8 %build # needed with patch3 - until it is no longer required Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at Wed Jun 29 15:18:04 CEST 2011. mismatched tag at line 109, column 4, byte 3108: ===^ at /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/XML/Parser.pm line 187 xargs: /work/src/bin/tools/get_bugzilla: exited with status 255; aborting --- libxml2/libxml2.changes 2011-06-05 23:38:32.0 +0200 +++ /mounts/work_src_done/STABLE/libxml2/libxml2.changes2011-06-29 14:11:23.0 +0200 @@ -1,0 +2,5 @@ +Wed Jun 29 09:05:59 UTC 2011 - pu...@novell.com + +- add libxml2-CVE-2011-1944.patch (bnc#697372) + +--- calling whatdependson for head-i586 New: libxml2-CVE-2011-1944.patch Other differences: -- ++ libxml2-python.spec ++ --- /var/tmp/diff_new_pack.zfgljP/_old 2011-06-29 15:17:28.0 +0200 +++ /var/tmp/diff_new_pack.zfgljP/_new 2011-06-29 15:17:28.0 +0200 @@ -19,7 +19,7 @@ Name: libxml2-python Version:2.7.8 -Release:4 +Release:5 License:MIT License (or similar) Summary:Python Bindings for libxml2 Url:http://xmlsoft.org ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.zfgljP/_old 2011-06-29 15:17:28.0 +0200 +++ /var/tmp/diff_new_pack.zfgljP/_new 2011-06-29 15:17:28.0 +0200 @@ -19,7 +19,7 @@ Name: libxml2 Version:2.7.8 -Release:18 +Release:20 License:MIT License (or similar) Summary:A Library to Manipulate XML Files Url:http://xmlsoft.org @@ -29,6 +29,7 @@ Patch1: noxref.patch Patch2: libxml2-CVE-2010-4494.patch Patch3: symbol-versioning.patch +Patch4: libxml2-CVE-2011-1944.patch BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: zlib-devel @@ -101,6 +102,7 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build # needed with patch3 - until it is no longer required ++ libxml2-CVE-2011-1944.patch ++ >From d7958b21e7f8c447a26bb2436f08402b2c308be4 Mon Sep 17 00:00:00 2001 From: Chris Evans Date: Wed, 23 Mar 2011 08:13:06 +0800 Subject: [PATCH] Fix some potential problems on reallocation failures The count was incremented before the allocation and not fixed in case of failure * xpath.c: corrects a few instances where the available count of some structure is updated before we know the allocation actually succeeds Signed-off-by: Petr Uzel --- xpath.c | 20 ++-- 1 files changed, 10 insertions(+), 10 deletions(-) Index: libxml2-2.7.8/xpath.c === --- libxml2-2.7.8.orig/xpath.c +++ libxml2-2.7.8/xpath.c @@ -3522,13 +3522,13 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; -cur->nodeMax *= 2; - temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * + temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * sizeof(xmlNodePtr)); if (temp == NULL) { xmlXPathErrMemory(NULL, "growing nodeset\n"); return; } +cur->nodeMax *= 2; cur->nodeTab = temp; } cur->nodeTab[cur->nodeNr++] = xmlXPathNodeSetDupNs(node, ns); @@ -3575,13 +3575,13 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; -cur->nodeMax *= 2; - temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * + temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * sizeof(xmlNodePtr)); if (temp == NULL) { xmlXPathErrMemory(NULL, "growing nodeset\n"); return; } +cur->nodeMax *= 2; cur->nodeTab = temp; } if (val->type == XML_NAMESPACE_DECL) { @@ -3627,14 +3627,14 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; -cur->nodeMax *= 2; - temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * + temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * sizeof(xmlNodePtr)); if (temp == NULL) { xmlXPathErrMemory(NULL, "growing nodeset\n"); return; } cur->nodeTab = temp; +cur->nodeMax *= 2; } if (val->type == XML_NAMESPACE_DECL) { xmlNsPtr ns = (xmlNsPtr) val; @@ -3738,14 +3738,14 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, } else if (val1->nodeNr == val1->nodeMax) { xmlNodePtr *temp; - val1->nodeMax *= 2; - temp = (xmlNodePtr *) xmlRealloc(v
commit libxml2 for openSUSE:Factory
Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at Tue Jun 7 09:00:02 CEST 2011. --- libxml2/libxml2.changes 2011-01-03 10:44:12.0 +0100 +++ /mounts/work_src_done/STABLE/libxml2/libxml2.changes2011-06-05 23:38:32.0 +0200 @@ -1,0 +2,5 @@ +Sun Jun 5 21:36:07 UTC 2011 - cshor...@googlemail.com + +- add symbol-versioning.patch to restore 11.3 versioned symbols + +--- calling whatdependson for head-i586 New: symbol-versioning.patch Other differences: -- ++ libxml2-python.spec ++ --- /var/tmp/diff_new_pack.b9L0dF/_old 2011-06-07 08:57:14.0 +0200 +++ /var/tmp/diff_new_pack.b9L0dF/_new 2011-06-07 08:57:14.0 +0200 @@ -1,5 +1,5 @@ # -# spec file for package libxml2-python (Version 2.7.8) +# spec file for package libxml2-python # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,7 +19,7 @@ Name: libxml2-python Version:2.7.8 -Release:3 +Release:4 License:MIT License (or similar) Summary:Python Bindings for libxml2 Url:http://xmlsoft.org ++ libxml2.spec ++ --- /var/tmp/diff_new_pack.b9L0dF/_old 2011-06-07 08:57:14.0 +0200 +++ /var/tmp/diff_new_pack.b9L0dF/_new 2011-06-07 08:57:14.0 +0200 @@ -1,5 +1,5 @@ # -# spec file for package libxml2 (Version 2.7.8) +# spec file for package libxml2 # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,7 +19,7 @@ Name: libxml2 Version:2.7.8 -Release:3 +Release:18 License:MIT License (or similar) Summary:A Library to Manipulate XML Files Url:http://xmlsoft.org @@ -28,6 +28,7 @@ Source2:baselibs.conf Patch1: noxref.patch Patch2: libxml2-CVE-2010-4494.patch +Patch3: symbol-versioning.patch BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: zlib-devel @@ -99,8 +100,12 @@ %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build +# needed with patch3 - until it is no longer required +%__autoconf + %configure --disable-static \ --with-html-subdir=packages/%{name}/html \ --with-fexceptions \ ++ symbol-versioning.patch ++ --- libxml2-2.7.8.orig/configure.in 2010-11-04 17:01:19.0 + +++ libxml2-2.7.8/configure.in 2011-06-05 20:56:21.505617000 + @@ -84,7 +84,7 @@ esac fi AC_SUBST(VERSION_SCRIPT_FLAGS) -AM_CONDITIONAL([USE_VERSION_SCRIPT], [test -z "$VERSION_SCRIPT_FLAGS"]) +AM_CONDITIONAL([USE_VERSION_SCRIPT], [test -n "$VERSION_SCRIPT_FLAGS"]) dnl dnl We process the AC_ARG_WITH first so that later we can modify Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org