openSUSE Build Service

David Anes (david.anes) accepted request 1085154 from

Bjørn Lie (iznogood) about 1 year ago (revision 197)

- Update to version 2.11.2:
  + Fix regressions:
    - threads: Fix startup crash with weak symbol hack
    - win32: Don’t depend on removed .def file
    - schemas: Fix memory leak in xmlSchemaValidateStream

David Anes (david.anes) accepted request 1084549 from

David Anes (david.anes) about 1 year ago (revision 196)

  * See the full changelog at https://discourse.gnome.org/t/libxml2-2-11-0-released/15123

Dirk Mueller (dirkmueller) committed about 1 year ago (revision 195)

  * libxml2-python3-unicode-errors.patch

Dirk Mueller (dirkmueller) accepted request 1084343 from

David Anes (david.anes) about 1 year ago (revision 194)

- Rebased patches:
  * libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
- Update to 2.11.1:
  * Fixes build and ABI issues.
    - cmake: Fix va_copy detection (Luca Niccoli)
    - libxml.m4: Fix quoting
    - Link with --undefined-version
    - libxml2.syms: Revert removal of version information
- Update to 2.11.0: 
  * Major changes
    - Protection against entity expansion attacks, also known as 
      "billion laughs" has been greatly improved. Malicious files 
      should be detected reliably now and false positives should be
      reduced. It is possible though that large documents which make
      heavy use of entities are rejected now.
    - This release finally fixes symbol visibility on UNIX systems. 
      Internal symbols will now be hidden. While these symbols were
      never declared in public headers, it was still possible to
      declare them manually. Now this won't work.
    - All symbol information has been removed from the ELF version
      script to fix link errors with --no-undefined-version. The
      version nodes are kept so it should still be possible to run
      binaries linked against older versions.
    - About 90 memory errors in code paths handling malloc failures
      have been fixed. While these issues shouldn't impact security,
      this improves robustness under memory pressure.
    - The XInclude engine has been reworked to properly support 
      nested includes.
    - Several cases of quadratic behavior in the XML push parser
      have been fixed.

buildservice-autocommit accepted request 1082712 from

David Anes (david.anes) about 1 year ago (revision 193)

baserev update by copy to link target

David Anes (david.anes) accepted request 1082112 from

David Anes (david.anes) about 1 year ago (revision 192)

- Remove unneeded dependency (bsc#1209918).

buildservice-autocommit accepted request 1079409 from

David Anes (david.anes) about 1 year ago (revision 191)

baserev update by copy to link target

David Anes (david.anes) accepted request 1079408 from

David Anes (david.anes) about 1 year ago (revision 190)

- Update to version 2.10.4:
  + Security:
    - [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings 
      isn’t deterministic
    - [CVE-2023-28484, bsc#1210411] Fix null deref in 
      xmlSchemaFixupComplexType
    - schemas: Fix null-pointer-deref in
      xmlSchemaCheckCOSSTDerivedOK
  + Regressions:
    - SAX2: Ignore namespaces in HTML documents
    - io: Fix “buffer full” error with certain buffer sizes

buildservice-autocommit accepted request 1063336 from

David Anes (david.anes) over 1 year ago (revision 189)

baserev update by copy to link target

David Anes (david.anes) accepted request 1062410 from

Dirk Mueller (dirkmueller) over 1 year ago (revision 188)

- remove zlib-devel, pkgconfig(zlib) is sufficient

buildservice-autocommit accepted request 1032567 from

David Anes (david.anes) over 1 year ago (revision 187)

baserev update by copy to link target

David Anes (david.anes) accepted request 1032566 from

David Anes (david.anes) over 1 year ago (revision 186)

- Add W3C conformance tests to the testsuite (bsc#1204585):
  * Added file xmlts20080827.tar.gz

buildservice-autocommit accepted request 1014116 from

Dirk Mueller (dirkmueller) over 1 year ago (revision 185)

baserev update by copy to link target

Dirk Mueller (dirkmueller) committed over 1 year ago (revision 184)

- Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304):

Dirk Mueller (dirkmueller) accepted request 1010960 from

Bjørn Lie (iznogood) over 1 year ago (revision 183)

- Update to version 2.10.3:
  + Security:
    - [CVE-2022-40304] Fix dict corruption caused by entity
      reference cycles
    - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
    - Fix overflow check in SAX2.c
  + Build system: cmake: Set SOVERSION
- Rebase patches with quilt.

buildservice-autocommit accepted request 1003583 from

David Anes (david.anes) over 1 year ago (revision 182)

baserev update by copy to link target

David Anes (david.anes) accepted request 1003582 from

David Anes (david.anes) over 1 year ago (revision 181)

Add missing bug number to latest change in changelog

buildservice-autocommit accepted request 1000724 from

Pedro Monreal Gonzalez (pmonrealgonzalez) over 1 year ago (revision 180)

baserev update by copy to link target

Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1000723 from

Pedro Monreal Gonzalez (pmonrealgonzalez) over 1 year ago (revision 179)

- Build for now with --with-legacy to enable APIs that have been
  deprecated recently.

Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1000642 from

Bjørn Lie (iznogood) over 1 year ago (revision 178)

- Update to version 2.10.2:
  * Improvements:
    + Remove set-but-unused variable in xmlXPathScanName
    + Silence -Warray-bounds warning
  * Build system
    + build: require automake-1.16.3 or later
    + Remove generated files from distribution
  * Test suite: Don't create missing.xml when running testapi
- Add configure --with-python=%{__python3} inbefore python build,
  as upstream no longer ships pre-grenerated files.
- Use sed to fix env-script-interpreter in documentation example.
- Pass with-ftp to configure, build ftp support.

Places

Revisions of libxml2

Places