Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libxml2-2-2.9.7-lp150.2.3.1 RPM for aarch64

From OpenSuSE Ports Leap 15.0 updates for aarch64

Name: libxml2-2 Distribution: openSUSE Leap 15.0
Version: 2.9.7 Vendor: openSUSE
Release: lp150.2.3.1 Build date: Tue Oct 9 12:18:13 2018
Group: System/Libraries Build host: obs-arm-1
Size: 1726206 Source RPM: libxml2-2.9.7-lp150.2.3.1.src.rpm
Summary: A Library to Manipulate XML Files
The XML C library was initially developed for the GNOME project. It is
now used by many programs to load and save extensible data structures
or manipulate any kind of XML files.

This library implements a number of existing standards related to
markup languages, including the XML standard, name spaces in XML, XML
Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and
XML catalogs. In most cases, libxml tries to implement the
specification in a rather strict way. To some extent, it provides
support for the following specifications, but does not claim to
implement them: DOM, FTP client, HTTP client, and SAX.

The library also supports RelaxNG. Support for W3C XML Schemas is in






* Wed Sep 05 2018
  - Security fix:
    [bsc#1088279, CVE-2018-9251][bsc#1105166, CVE-2018-14567]
    * Infinite loop in LZMA decompression
    * Fixes CVE-2018-9251 introduced by CVE-2017-18258
    * Added libxml2-CVE-2018-14567.patch
* Wed Sep 05 2018
  - Security fix [bsc#1102046, CVE-2018-14404]
    * NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can
      allow attackers to cause a denial of service
    * Added libxml2-CVE-2018-14404.patch
* Sat Nov 11 2017
  - Version update to 2.9.7 release:
    * Bug Fixes:
      + xmlcatalog: restore ability to query system catalog easily
      + Fix comparison of nodesets to strings
    * Improvements:
      + Add Makefile rules to rebuild HTML man pages
      + Remove generated file python/ from version control
      + Fix mixed decls and code in timsort.h
      + Rework handling of return values in thread tests
      + Fix unused variable warnings in testrecurse
      + Fix -Wimplicit-fallthrough warnings
      + Upgrade timsort.h to latest revision
      + Fix a couple of warnings in dict.c and threads.c
      + Fix unused variable warnings in nanohttp.c
      + Don't include winsock2.h in xmllint.c
      + Use __linux__ macro in generated code
    * Portability:
      + Add declaration for DllMain
      + Fix preprocessor conditional in threads.h
      + Fix macro redefinition warning
      + many Windows specific improvements
    * Documentation:
      + xmlcatalog: refresh man page wrt. quering system catalog easily
  - Includes bug fixes from 2.9.6:
    * Fix XPath stack frame logic
    * Report undefined XPath variable error message
    * Fix regression with librsvg
    * Handle more invalid entity values in recovery mode
    * Fix structured validation errors
    * Fix memory leak in LZMA decompressor
    * Set memory limit for LZMA decompression
    * Handle illegal entity values in recovery mode
    * Fix debug dump of streaming XPath expressions
    * Fix memory leak in nanoftp
    * Fix memory leaks in SAX1 parser
  - Drop libxml2-bug787941.patch
    * upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8
* Thu Sep 21 2017
  - Update package summaries and RPM groups. Trim descriptions for
    size on secondary subpackages. Replace install call by a
    commonly-used macro.
* Thu Sep 21 2017
  - Add patch to fix TW integration:
    * libxml2-bug787941.patch
* Sun Sep 10 2017
  - Version update to 2.9.5 release:
    * Merged all the previous cve fixes that were patched in
    * Few small tweaks
  - Remove merged patches:
    * libxml2-CVE-2016-4658.patch
    * libxml2-CVE-2017-0663.patch
    * libxml2-CVE-2017-5969.patch
    * libxml2-CVE-2017-9047.patch
    * libxml2-CVE-2017-9048.patch
    * libxml2-CVE-2017-9049.patch
    * libxml2-2.9.4-fix_attribute_decoding.patch
* Thu Jun 15 2017
  - Security fix:
    * libxml2-CVE-2017-0663.patch [bsc#1044337, CVE-2017-0663]
    * Fix Heap buffer overflow in xmlAddID
* Wed Jun 14 2017
  - Security fix:
    * libxml2-CVE-2017-5969.patch [bsc#1024989, CVE-2017-5969]
    * Fix NULL pointer deref in xmlDumpElementContent
* Mon May 22 2017
  - Security fixes:
    * libxml2-CVE-2017-9049.patch [bsc#1039066]
    * heap-based buffer overflow (xmlDictComputeFastKey func)
    * libxml2-CVE-2017-9048.patch [bsc#1039063]
    * stack overflow vulnerability (xmlSnprintfElementContent func)
    * libxml2-CVE-2017-9047.patch [bsc#1039064]
    * stack overflow vulnerability (xmlSnprintfElementContent func)
* Tue Mar 07 2017
  - Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in
    XPointer ranges. Namespace nodes must be copied to avoid
    use-after-free errors. But they don't necessarily have a physical
    representation in a document, so simply disallow them in XPointer
    ranges [bsc#1005544] [CVE-2016-4658]
* Wed Jun 08 2016
  - add libxml2-2.9.4-fix_attribute_decoding.patch to fix attribute
    decoding during XML schema validation [bnc#983288]
* Fri May 27 2016
  - Update libxml2 to version libxml2-2.9.4. The new version is
    resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835,
    CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838,
    CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and
  - Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch,
    and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch.
* Fri May 20 2016
  - add libxml2-2.9.3-bogus_UTF-8_encoding_error.patch to fix XML
    push parser that fails with bogus UTF-8 encoding error when
    multi-byte character in large CDATA section is split across
    buffer [bnc#962796]
* Tue May 03 2016
  - Add libxml2-2.9.1-CVE-2016-3627.patch to fix stack exhaustion
    while parsing certain XML files in recovery mode (CVE-2016-3627,
  - Add 0001-Add-missing-increments-of-recursion-depth-counter-to.patch
    to improve protection against Billion Laughs Attack (bnc#975947).
* Tue Nov 24 2015
  - Update to new upstream release 2.9.3 (bsc#954429):
    * Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941,
      CVE-2015-1819, CVE-2015-7497, CVE-2015-7498, CVE-2015-5312,
      CVE-2015-7499, CVE-2015-7500 and CVE-2015-8242
    * And other bugfixes
  - Removed upstream fixed patches:
    * libxml2-dont_initialize_catalog.patch
    * 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
    * 0002-Adding-example-from-bugs-738805-to-regression-tests.patch
* Mon Nov 03 2014
  - fix a missing entities after CVE-2014-3660 fix
    * added patches:
* Mon Nov 03 2014
  - fix a regression in libxml2 2.9.2
  - add libxml2-dont_initialize_catalog.patch
* Fri Oct 31 2014
  - update to 2.9.2
    * drop libxml2-CVE-2014-3660.patch (upstream)
    * add keyring to verify tarball
    Fix for CVE-2014-3660 billion laugh variant
    CVE-2014-0191 Do not fetch external parameter entities
    win32/libxml2.def.src after rebuild in doc
    elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement()
    elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode
    Provide cmake module
    Fix a couple of issues raised by make dist
    Fix and add const qualifiers
    Preparing for upcoming release of 2.9.2
    Fix zlib and lzma libraries check via command line
    wrong error column in structured error when parsing end tag
    doc/news.html: small update to avoid line join while generating NEWS.
    Add methods for python3 iterator
    Support element node traversal in document fragments
    xmlNodeSetName: Allow setting the name to a substring of the currently set name
    Added macros for argument casts
    adding init calls to xml and html Read parsing entry points
    Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c
    Implement choice for name classes on attributes
    Two small namespace tweaks
    xmllint --memory should fail on empty files
    Cast encoding name to char pointer to match arg type
* Fri Oct 17 2014
  - fix for CVE-2014-3660 (bnc#901546)
    * denial of service via recursive entity expansion
      (related to billion laughs)
    * added libxml2-CVE-2014-3660.patch
* Mon Aug 18 2014
  - Add obsoletes/provides to baselibs.conf.
* Thu Jun 05 2014
  - temporarily reverting libxml2-CVE-2014-0191.patch until there is a fix
    that doesn't break other applications
* Fri May 23 2014
  - fix for CVE-2014-0191 (bnc#876652)
    * libxml2: external parameter entity loaded when entity
      substitution is disabled
    * added libxml2-CVE-2014-0191.patch
* Fri Aug 02 2013
  - update to 2.9.1
    dropped patches (in upstream):
    * libxml2-2.9.0-CVE-2012-5134.patch
    * libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch
    * libxml2-CVE-2013-1969.patch
    New features:
    * Support for Python3
    * Add xmlXPathSetContextNode and xmlXPathNodeEval
* Thu Apr 18 2013
  - fix for CVE-2013-1969 (bnc#815665)
    * libxml2-CVE-2013-1969.patch
* Thu Mar 07 2013
  - fix for CVE-2013-0338 (bnc#805233)
* Sat Dec 15 2012
  - update to 2.9.0 version:
    * please see the Changelog
  - Updated patchs to get working with new version:
    * libxml2-2.9.0-CVE-2012-5134.patch ( libxml2-CVE-2012-5134.patch )
    * fix-perl.diff
* Fri Dec 07 2012
  - Add libxml2-CVE-2012-5134.patch to fix CVE-2012-5134 (bnc#793334)
* Sun Sep 23 2012
  - Add a comment next to to make sure that anybody
    removing it knows why it's there and reconsiders.
* Sun Sep 23 2012
  - readd .la file, python-libxml2 needs it
* Fri Sep 21 2012
  - Remove .la files; make sure installation succeeds for
    Fedora_17 target
* Tue Jun 12 2012
  - update to 2.8.0
    * please se ChangeLog for more info
  - remove obsolete bigendian64 patch
  - rebase fix-perl patch
* Sun Mar 11 2012
  - libxml2-2 should not require libxml2-tools. There is no trouble
    expected, since attempting to install libxml2 will already pull
    in libxml2-tools due to Provides tags.
* Mon Mar 05 2012
  - revert the two commits that broke perl-XML-LibXML's test case,
    I hope the two upstreams will figure it out
* Fri Mar 02 2012
  - update to git to fix some issues
    * Fix a logic error in Schemas Component ConstraintsHEADmaster
    * Fix a wrong enum type use in Schemas Types
* Thu Mar 01 2012
  - fixed a 64bit big endian bug in the file reader.
* Sat Feb 25 2012
  - the fallout of requiring libxml2-tools as explicit buildrequire
    is just too large, so avoid it for now and create a cycle between
    libxml2-2 and libxml2-tools
* Sat Feb 25 2012
  - add provide for the old name to fix packages with explicit
    library dependency
* Thu Feb 23 2012
  - update to today's GIT snapshot:
      include XZ support
  - split libxml2-2 according to shared library policy
* Mon Dec 26 2011
  - Remove redundant tags/sections
* Wed Dec 21 2011
  - add autoconf as buildrequire to avoid implicit dependency
* Tue Dec 20 2011
  - own aclocal directory, there is no other reason to buildrequire
* Fri Jul 08 2011
  - update to libxml-2.7.8+git20110708
    - several important bugfixes
  - drop upstreamed patches:
    * libxml2-CVE-2010-4494.patch
    * libxml2-CVE-2011-1944.patch
    * noxref.patch
    * symbol-versioning.patch
* Wed Jun 29 2011
  - add libxml2-CVE-2011-1944.patch (bnc#697372)
* Sun Jun 05 2011
  - add symbol-versioning.patch to restore 11.3 versioned symbols
* Mon Jan 03 2011
  - add libxml2-CVE-2010-4494.patch (bnc#661471)
* Fri Dec 03 2010
  - update to libxml-2.7.8
    - number of bufixes, documentation and portability fixes
    - update language ID parser to RFC 5646
    - sort python generated stubs
    - add an HTML parser option to avoid a default doctype
    - see for exact details
  - drop libxml2-xpath-ns-attr-axis.patch (in upstream)
  - clean up specfile
* Mon Nov 01 2010
  - add libxml2-xpath-ns-attr-axis.patch (bnc#648277)
* Sat Oct 30 2010
  - Use --disable-static
* Mon Sep 20 2010
  - drop libxml2-largefile64.patch (revert last change)
    - the issue is fixed in zlib
* Fri Sep 17 2010
  - add libxml2-largefile64.patch (fixes build)
    - debian bug#439843
* Wed Jul 14 2010
  - added noxref.patch,
    this implements a new --noxref option, which turns
    validation errors about missing xrefs into warnings.
    Upstreamed as
* Sat Apr 24 2010
  - buildrequire pkg-config to fix provides
* Tue Mar 23 2010
  - update to 2.7.7
  - add extra options to ./configure for scribus features and avoid a crash
  - updates from 2.7.3 > 2.7.7 include a number of portability, correctness
    memory leaks and build fixes including some CVE
  - see for exact details
* Mon Feb 22 2010
  - add sax parser option compiled in
* Mon Dec 14 2009
  - add baselibs.conf as a source
  - package documentation as noarch
* Sun Aug 02 2009
  - Disable the check for ARM as qemu-arm can't keep up atm.
* Thu Mar 19 2009
  - updated to 2.7.2
    * Portability fix: fix solaris compilation problem,
      fix compilation if XPath is not configured in
    * Bug fixes: nasty entity bug introduced in 2.7.0, restore old
      behaviour when saving an HTML doc with an xml dump function,
      HTML UTF-8 parsing bug, fix reader custom error handlers
      (Riccardo Scussat)
    * Improvement: xmlSave options for more flexibility to save
      as XML/HTML/XHTML, handle leading BOM in HTML documents
  - updated to 2.7.3
    * Build fix: fix build when HTML support is not included.
    * Bug fixes: avoid memory overflow in gigantic text nodes,
      indentation problem on the writed (Rob Richards),
      xmlAddChildList pointer problem (Rob Richards and Kevin Milburn),
      xmlAddChild problem with attribute (Rob Richards and Kris Breuker),
      avoid a memory leak in an edge case (Daniel Zimmermann),
      deallocate some pthread data (Alex Ott).
    * Improvements: configure option to avoid rebuilding docs
      (Adrian Bunk), limit text nodes to 10MB max by default,
      add element traversal APIs, add a parser option to enable
      pre 2.7 SAX behavior (Rob Richards),
      add gcc malloc checking (Marcus Meissner),
      add gcc printf like functions parameters checking (Marcus Meissner).
  - dropped obsoleted patches:
    * alloc_size.patch (mainline)
    * CVE-2008-4225.patch (mainline)
    * CVE-2008-4226.patch (mainline)
    * CVE-2008-4409.patch (mainline)
    * oldsax.patch (mainline)
    * pritnf.patch (mainline)
    * xmlsave.patch (mainline)



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 9 12:29:26 2021