libxml2-2.13.8-160000.2.2

- security update
- added patches
  CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
  + libxml2-CVE-2025-7425.patch

- security update
- added patches
  CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
  CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
  + libxml2-CVE-2025-49794,49796.patch
  CVE-2025-49795 [bsc#1244555], null pointer dereference may lead to Denial of service (DoS)
  + libxml2-CVE-2025-49795.patch

- security update
- added patches
  CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
  CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
  + libxml2-CVE-2025-6170,6021.patch

- Update to version 2.13.8:
  + Security:
  - [CVE-2025-32415] schemas: Fix heap buffer overflow in
    xmlSchemaIDCFillNodeTables.
  - [CVE-2025-32414] python: Read at most len/4 characters.
- bug references: [bsc#1241453], [bsc#1241551]

- Update to version 2.13.7:
  + Regressions:
  - tree: Fix xmlTextMerge with NULL args
  - io: Fix `compressed` flag for uncompressed stdin
  - parser: Fix parsing of DTD content

- Update to version 2.13.6 ([bsc#1237363], [bsc#1237370], [bsc#1237418]):
  + Security:
  - [CVE-2025-24928] Fix stack-buffer-overflow in
    xmlSnprintfElements
  - [CVE-2024-56171] Fix use-after-free after
    xmlSchemaItemListAdd
  - pattern: Fix compilation of explicit child axis
  + Regressions:
  - xmllint: Support compressed input from stdin
  - uri: Fix handling of Windows drive letters
  - reader: Fix return value of xmlTextReaderReadString again
  - SAX2: Fix xmlSAX2ResolveEntity if systemId is NULL
  + Portability:
  - dict: Handle ENOSYS from getentropy gracefully
  - Fix compilation with uclibc (Dario Binacchi)
  - python: Declare init func with PyMODINIT_FUNC
  - tests: Fix sanitizer version check on old Apple clang
  - cmake: Work around broken sys/random.h in old macOS SDKs
  + Build:
  - autotools: Set AC_CONFIG_AUX_DIR
  - cmake: Always build Python module as shared library
  - cmake: add missing `Bcrypt` link on Windows
  - cmake: Fix compatibility in package version file
  - xmlIO: Fix reading from non-regular files like pipes
  - xmlreader: Fix return value of xmlTextReaderReadString
  - parser: Fix loading of parameter entities in external DTDs
  - parser: Fix downstream code that swaps DTDs
  - parser: Fix detection of duplicate attributes
  - string: Fix va_copy fallback
  - xpath: Fix parsing of non-ASCII names
- Drop libxml2-support-compressed-input-from-stdin.patch: Fixed
  upstream.
- Also CVE-2025-27113 was assigned to this release.

- fix decompression from stdin [bsc#1236346]
- added patches
  fix https://gitlab.gnome.org/nwellnhof/libxml2/-/commit/6208f86edd59e31a51a8d9b300d428504adb25a7
  + libxml2-support-compressed-input-from-stdin.patch

- Update to 2.13.5:
  * Regressions:
  - xmlIO: Fix reading from non-regular files like pipes
  - xmlreader: Fix return value of xmlTextReaderReadString
  - parser: Fix loading of parameter entities in external DTDs
  - parser: Fix downstream code that swaps DTDs
  - parser: Fix detection of duplicate attributes
  - string: Fix va_copy fallback
  * Bug fixes:
  - xpath: Fix parsing of non-ASCII names
- Update to 2.13.4:
  * Regressions:
  - parser: Make unsupported encodings an error in declarations
  - io: don't set the executable bit when creating files
  - xmlcatalog: Improved fix for #699
  - Revert "catalog: Fetch XML catalog before dumping"
  - io: Add missing calls to xmlInitParser
  - tree: Restore return value of xmlNodeListGetString with NULL list
  - parser: Fix error handling after reaching limit
  - parser: Make xmlParseChunk return an error if parser was stopped
  * Bug fixes:
  - python: Fix SAX driver with character streams
  * Improvements:
  - xpath: Make recursion check work with xmlXPathCompile
  - parser: Report at least one fatal error
- Update to 2.13.3:
  * Security:
  - [bsc#1234812, CVE-2024-40896] Fix XXE protection in downstream code
  * Regressions:
  - autotools: Use AC_CHECK_DECL to check for getentropy
  - xinclude: Fix fallback for text includes
  - io: Don't call getcwd in xmlParserGetDirectory
  - io: Fix return value of xmlFileRead
  - parser: Fix error return of xmlParseBalancedChunkMemory
  * Improvements:
  - xinclude: Set error handler when parsing text
  - Undeprecate xmlKeepBlanksDefault
- Update to 2.13.2:
  * Regressions:
  - tree: Fix handling of empty strings in xmlNodeParseContent
  - valid: Restore ID lookup
  - parser: Reenable ctxt->directory
  - uri: Handle filesystem paths in xmlBuildRelativeURISafe
  - encoding: Make xmlFindCharEncodingHandler return UTF-8 handler
  - encoding: Fix encoding lookup with xmlOpenCharEncodingHandler
  - include: Define ATTRIBUTE_UNUSED for clang
  - uri: Fix xmlBuildURI with NULL base
  * Regressions:
  - parser: Selectively reenable reading from "-"
  - reader: Fix xmlTextReaderReadString
  - xinclude: Set XPath context doc
  - xinclude: Load included documents with XML_PARSE_DTDLOAD
  - include: Don't redefine ATTRIBUTE_UNUSED
  - include: Readd circular dependency between tree.h and parser.h
  - xinclude: Add missing include
  - xinclude: Don't raise error on empty nodeset
  - parser: Make failure to load main document a warning
  - tree: Fix freeing entities via xmlFreeNode
  - parser: Pass global object to sax->setDocumentLocator
  * Improvements:
  - io: Fix resetting xmlParserInputBufferCreateFilename hook
  * Documentation:
  - Fix typo in NEWS (--with-html -> --with-http)
  - doc: Don't mention xmlNewInputURL

- Update to 2.13.0:
  * Major changes:
  - Most of the core code should now report malloc failures reliably. Some
    API functions were extended with versions that report malloc failures.
  - New API functions for error handling were added:
    + xmlCtxtSetErrorHandler
    + xmlXPathSetErrorHandler
    + xmlXIncludeSetErrorHandler
  - This makes it possible to register per-context error handlers without
    resorting to global handlers.
  - A few error messages were improved and consolidated. Please update
    downstream test suites accordingly.
  - A new parser option XML_PARSE_NO_XXE can be used to disable loading
    of external entities or DTDs. This is most useful in connection with
    XML_PARSE_NOENT.
  - Support for HTTP POST was removed.
  - Support for zlib, liblzma and HTTP is now disabled by default and has
    to be enabled by passing --with-zlib, --with-lzma or --with-http to
    configure. In legacy mode (--with-legacy) these options are enabled
    by default as before.
  - Support for FTP will be removed in the next release.
  - Support for the range and point extensions of the xpointer() scheme
    will be removed in the next release. The rest of the XPointer
    implementation won't be affected. The xpointer() scheme will behave
    like the xpath1() scheme.
  - Several more legacy symbols were deprecated. Users of the old "SAX1"
    API functions are encouraged to upgrade to the new "SAX2" API,
    available since version 2.6.0 from 2003.
  * Some deprecated global variables were made const:
  - htmlDefaultSAXHandler
  - oldXMLWDcompatibility
  - xmlDefaultSAXHandler
  - xmlDefaultSAXLocator
  - xmlParserDebugEntities
  * Deprecations and removals:
  - threads: Deprecate remaining ThrDef functions
  - unicode: Deprecate most xmlUCSIs* functions
  - memory: Remove memory debugging
  - tree: Deprecate xmlRegisterNodeDefault
  - tree: Deprecate xmlSetCompressMode
  - html: Deprecate htmlHandleOmittedElem
  - valid: Deprecate internal validation functions
  - valid: Deprecate old DTD serialization API
  - nanohttp: Deprecate public API
  - Remove VMS support
  - Remove Trio
  * Bug fixes:
  - parser: Fix base URI of internal parameter entities
  - tree: Handle predefined entities in xmlBufGetEntityRefContent
  - schemas: Allow unlimited length decimals, integers etc.
  - reader: Fix preservation of attributes
  - parser: Always decode entities in namespace URIs
  - relaxng: Fix tree corruption in xmlRelaxNGParseNameClass
  - schemas: Fix ADD_ANNOTATION
  - tree: Fix tree iteration in xmlDOMWrapRemoveNode
  - tree: Declare namespace on clone in xmlDOMWrapCloneNode
  - tree: Fix xmlAddSibling with last sibling
  - tree: Fix xmlDocSetRootElement with multiple top-level elements
  - catalog: Fetch XML catalog before dumping
  - html: Don't close fd in htmlCtxtReadFd
  * Improvements:
  - parser: Fix "Truncated multi-byte sequence" error
  - Add missing _cplusplus processing clause
  - parser: Rework handling of undeclared entities
  - SAX2: Warn if URI resolution failed
  - parser: Don't report error on invalid URI
  - xmllint: Clean up option handling
  - xmllint: Rework parsing
  - parser: Don't create undeclared entity refs in substitution mode
  - Make some globals const
  - reader: Make xmlTextReaderReadString non-recursive
  - reader: Rework xmlTextReaderRead{Inner,Outer}Xml
  - Remove redundant size check (Niels Dossche)
  - Remove redundant NULL check on cur
  - Remove always-false check old == cur
  - Remove redundant NULL check on cur
  - tree: Don't return empty localname in xmlSplitQName{2,3}
  - xinclude: Don't try to fix base of non-elements
  - tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling
  - SAX2: Optimize appending children
  - tree: Align xmlAddChild with other node insertion functions
  - html: Use binary search in htmlEntityValueLookup
  - io: Allocate output buffer with XML_BUFFER_ALLOC_IO
  - encoding: Don't shrink input too early in xmlCharEncOutput
  - tree: Tighten source doc check in xmlDOMWrapAdoptNode
  - tree: Check destParent->doc in xmlDOMWrapCloneNode
  - tree: Refactor text node updates
  - tree: Refactor node insertion
  - tree: Refactor element creation and parsing of attribute values
  - tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent
  - buf: Don't use default buffer size for small strings
  - string: Fix xmlStrncatNew(NULL, "")
  - entities: Don't allow null name in xmlNewEntity
  - html: Fix quadratic behavior in htmlNodeDump
  - tree: Rewrite xmlSetTreeDoc
  - valid: Rework xmlAddID
  - tree: Remove unused node types
  - tree: Make namespace comparison more consistent
  - tree: Don't allow NULL name in xmlSetNsProp
  - tree: Rework xmlNodeListGetString
  - tree: Rework xmlTextMerge
  - tree: Rework xmlNodeSetName
  - tree: Simplify xmlAddChild with text parent
  - tree: Disallow setting content of entity reference nodes
  - tree: Rework xmlReconciliateNs
  - schemas: fix spurious warning about truncated snprintf output
  - xmlschemastypes: Remove unreachable if statement
  - relaxng: Remove useless if statement
  - tree: Check for integer overflow in xmlStringGetNodeList
  - http: Improve error message for HTTPS redirects
  - save: Move DTD serialization code to xmlsave.c
  - parser: Report fatal error if document entity couldn't be loaded
  - xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest
  - SAX2: Limit entity URI length to 2000 bytes
  - parser: Account for full size of non-well-formed entities
  - parser: Pop inputs if parsing DTD failed
  - parser: Fix quadratic behavior when copying entities
  - writer: Implement xmlTextWriterClose
  - parser: Avoid duplicate namespace errors
  - parser: Add XML_PARSE_NO_XXE parser option
  - parser: Make xmlParseContent more useful
  - error: Make xmlFormatError public
  - encoding: Check whether encoding handlers support input/output
  - SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE
  - parser: Lower maximum entity nesting depth
  - parser: Set depth limit to 2048 with XML_PARSE_HUGE
  - parser: Implement xmlCtxtSetOptions
  - parser: Always prefer option members over bitmask
  - parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set
  - parser: Rework parsing of attribute and entity values
  - save: Output U+FFFD replacement characters
  - parser: Simplify entity size accounting
  - parser: Avoid unwanted expansion of parameter entities
  - parser: Always copy content from entity to target
  - parser: Simplify control flow in xmlParseReference
  - parser: Remove xmlSetEntityReferenceFunc feature
  - parser: Push general entity input streams on the stack
  - parser: Move progressive flag into input struct
  - parser: Fix in-parameter-entity and in-external-dtd checks
  - xpath: Rewrite substring-before and substring-after
  - xinclude: Only set xml:base if necessary
  - xinclude: Allow empty nodesets
  - parser: Rework general entity parsing
  - io: Fix close error handling
  - io: Fix read/write error handling
  - io: More refactoring and unescaping fixes
  - io: Move some code from xmlIO.c to parserInternals.c
  - uri: Clean up special parsing modes
  - xinclude: Rework xml:base fixup
  - parser: Also set document properties when push parsing
  - include: Move non-generated parts from xmlversion.h.in
  - io: Remove support for HTTP POST
  - dict: Move local RNG state to global state
  - dict: Get random seed from system PRNG
  - io: Don't use "-" to read from stdin
  - io: Rework initialization
  - io: Consolidate error messages
  - xzlib: Fix harmless unsigned integer overflow
  - io: Always use unbuffered input
  - io: Fix detection of compressed streams
  - io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile
  - io: Rework default callbacks
  - error: Stop printing some errors by default
  - xpath: Don't free nodes of XSLT result value trees
  - valid: Fix handling of enumerations
  - parser: Allow recovery in xmlParseInNodeContext
  - encoding: Support ASCII in xmlLookupCharEncodingHandler
  - include: Remove useless 'const' from function arguments
  - Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const'
    conversions (makise-homura)
  - Avoid EDG deprecation warnings for LCC compiler
  - Avoid EDG -Woverflow warnings on truncating conversions by manually
    truncating operand (makise-homura)
  - Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by
    conversion from unsigned int to int (makise-homura)
  - Avoid using no_sanitize attribute on EDG even if compiler shows as GCC
  * Build systems:
  - meson: convert boolean options to feature option
  - meson: Pass LIBXML_STATIC in dependency
  - meson: fix compilation with local binaries
  - meson: don't use dl dependency on old meson
  - meson: fix usage as a subproject
  - build: Remove --with-fexceptions configuration option
  - autotools: Remove --with-coverage configuration option
  - build: Disable HTTP support by default
  - Stop defining _REENTRANT
  - doc: Don't install example code
  - meson: Initial commit
  - build: Disable support for compression libraries by default
  - Set LIBXML2_FOUND if it has been properly configured
  - Makefile.am: omit $(top_builddir) from DEPS and LDADDS
  * Test suite
  - runtest: Work around broken EUC-JP support in musl iconv
  - runtest: Check for IBM-1141 encoding handler
  - fuzz: Add xmllint fuzzer
  - fuzz: Add fuzzer for XML reader API
  - fuzz: New tree API fuzzer
  - tests: Remove testOOM
  - Don't let gentest.py cast types to 'const somethingPtr' to avoid
  - Wignored-qualifiers
  * Rebase libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch

- add %{?sle15allpythons} macro [jsc#PED-68]
- use %python_build and %python_install for 15