* Wed May 27 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021]
- Remove libxml2-CVE-2019-19956.patch
* Fri Feb 28 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Security fix: [bsc#1161521, CVE-2019-20388]
* Memory leak in xmlSchemaPreRun in xmlschemas.c
- Add libxml2-CVE-2019-20388.patch
* Wed Jan 22 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Security fix: [bsc#1161517, CVE-2020-7595]
* xmlStringLenDecodeEntities in parser.c has an infinite loop in
a certain end-of-file situation
- Add libxml2-CVE-2020-7595.patch
* Thu Jan 02 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Security fix: [bsc#1159928, CVE-2019-19956]
* Memory leak related to newDoc->oldNs in xmlParseBalancedChunkMemoryRecover:parser.c
- Add libxml2-CVE-2019-19956.patch
* Wed Aug 28 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Synchronize changelog files for libxml2 and python-libxml2-python [bsc#1123919]
* Thu Jul 04 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH
to avoid nodeset limit when processing large XML files [bsc#1135123]
* Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Mon Jan 28 2019 mgorse@suse.com
- Add libxml2-python3-string-null-check.patch: fix NULL pointer
dereference when parsing invalid data (bsc#1065270
glgo#libxml2!15).).
* Wed Sep 05 2018 pmonrealgonzalez@suse.com
- Security fix:
[bsc#1088279, CVE-2018-9251][bsc#1105166, CVE-2018-14567]
* Infinite loop in LZMA decompression
* Fixes CVE-2018-9251 introduced by CVE-2017-18258
* Added libxml2-CVE-2018-14567.patch
* Wed Sep 05 2018 pmonrealgonzalez@suse.com
- Security fix [bsc#1102046, CVE-2018-14404]
* NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can
allow attackers to cause a denial of service
* Added libxml2-CVE-2018-14404.patch
* Sat Nov 11 2017 aavindraa@gmail.com
- Version update to 2.9.7 release:
* Bug Fixes:
+ xmlcatalog: restore ability to query system catalog easily
+ Fix comparison of nodesets to strings
* Improvements:
+ Add Makefile rules to rebuild HTML man pages
+ Remove generated file python/setup.py from version control
+ Fix mixed decls and code in timsort.h
+ Rework handling of return values in thread tests
+ Fix unused variable warnings in testrecurse
+ Fix -Wimplicit-fallthrough warnings
+ Upgrade timsort.h to latest revision
+ Fix a couple of warnings in dict.c and threads.c
+ Fix unused variable warnings in nanohttp.c
+ Don't include winsock2.h in xmllint.c
+ Use __linux__ macro in generated code
* Portability:
+ Add declaration for DllMain
+ Fix preprocessor conditional in threads.h
+ Fix macro redefinition warning
+ many Windows specific improvements
* Documentation:
+ xmlcatalog: refresh man page wrt. quering system catalog easily
- Includes bug fixes from 2.9.6:
* Fix XPath stack frame logic
* Report undefined XPath variable error message
* Fix regression with librsvg
* Handle more invalid entity values in recovery mode
* Fix structured validation errors
* Fix memory leak in LZMA decompressor
* Set memory limit for LZMA decompression
* Handle illegal entity values in recovery mode
* Fix debug dump of streaming XPath expressions
* Fix memory leak in nanoftp
* Fix memory leaks in SAX1 parser
- Drop libxml2-bug787941.patch
* upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8
* Sat Nov 11 2017 aavindraa@gmail.com
- clean with spec-cleaner
* Thu Oct 26 2017 jmatejek@suse.com
- libxml2-python3-unicode-errors.patch: work around an issue with
libxml2 supplied error strings being undecodable UTF-8 (bsc#1065270)
* Mon Oct 02 2017 jmatejek@suse.com
- convert to singlespec, build a python 3 version
- change build instructions to use setup.py (and %python_build macros)
instead of makefile-based approach
- add python3.6-verify_fd.patch that fixes libxml2 on python 3.6
- rename to python-libxml2-python to conform to package naming policy
(PyPI name is "libxml2-python")
* Thu Sep 21 2017 jengelh@inai.de
- Update package summaries and RPM groups. Trim descriptions for
size on secondary subpackages. Replace install call by a
commonly-used macro.
* Thu Sep 21 2017 tchvatal@suse.com
- Add patch to fix TW integration:
* libxml2-bug787941.patch
* Sun Sep 10 2017 tchvatal@suse.com
- Version update to 2.9.5 release:
* Merged all the previous cve fixes that were patched in
* Few small tweaks
- Remove merged patches:
* libxml2-CVE-2016-4658.patch
* libxml2-CVE-2017-0663.patch
* libxml2-CVE-2017-5969.patch
* libxml2-CVE-2017-9047.patch
* libxml2-CVE-2017-9048.patch
* libxml2-CVE-2017-9049.patch
* libxml2-2.9.4-fix_attribute_decoding.patch
* Thu Jun 15 2017 pmonrealgonzalez@suse.com
- Security fix:
* libxml2-CVE-2017-0663.patch [bsc#1044337, CVE-2017-0663]
* Fix Heap buffer overflow in xmlAddID
* Wed Jun 14 2017 pmonrealgonzalez@suse.com
- Security fix:
* libxml2-CVE-2017-5969.patch [bsc#1024989, CVE-2017-5969]
* Fix NULL pointer deref in xmlDumpElementContent
* Mon May 22 2017 pmonrealgonzalez@suse.com
- Security fixes:
* libxml2-CVE-2017-9049.patch [bsc#1039066]
* heap-based buffer overflow (xmlDictComputeFastKey func)
* libxml2-CVE-2017-9048.patch [bsc#1039063]
* stack overflow vulnerability (xmlSnprintfElementContent func)
* libxml2-CVE-2017-9047.patch [bsc#1039064]
* stack overflow vulnerability (xmlSnprintfElementContent func)
* Tue Mar 07 2017 pmonrealgonzalez@suse.com
- Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in
XPointer ranges. Namespace nodes must be copied to avoid
use-after-free errors. But they don't necessarily have a physical
representation in a document, so simply disallow them in XPointer
ranges [bsc#1005544] [CVE-2016-4658]