Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

python313-libxml2-2.14.5-1.1 RPM for armv7hl

From OpenSuSE Ports Tumbleweed for armv7hl

Name: python313-libxml2 Distribution: openSUSE Tumbleweed
Version: 2.14.5 Vendor: openSUSE
Release: 1.1 Build date: Wed Aug 27 15:33:48 2025
Group: Unspecified Build host: reproducible
Size: 1191736 Source RPM: libxml2-python-2.14.5-1.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://gitlab.gnome.org/GNOME/libxml2
Summary: Python Bindings for libxml2-python
This package contains a module that permits
applications written in the Python programming language to use the
interface supplied by the libxml2 library to manipulate XML files.

This library allows manipulation of XML files. It includes support for
reading, modifying, and writing XML and HTML files. There is DTD
support that includes parsing and validation even with complex DTDs,
either at parse time or later once the document has been modified.

Provides

Requires

License

MIT

Changelog

* Wed Aug 27 2025 pgajdos@suse.com
  - version update to 2.14.5
    * * Regressions **
    * html: Don't abort on encoding errors
    * parser: Fix handling of invalid char refs in recovery mode
    * xmllint: Print document even in case of XInclude errors
    * xmllint: Fix --xinclude --path
    * * Security **
    * schematron: Fix memory safety issues in xmlSchematronReportOutput
    * Schematron: Fix null pointer dereference leading to DoS (Michael Mann)
    * Fix potential buffer overflows of interactive shell (Michael Mann)
    * * Improvements **
    * parser: Fix xmlCtxtIsStopped
  - version update to 2.14.4
    * * Regressions **
    * parser: Fix parsing of PublicIds and VersionNums
    * parser: Fix custom SAX parsers without cdataBlock handler
    * error: Fix initGenericErrorDefaultFunc compatibility macro again
    * io: Make xmlOutputBufferCreate* not free encoder on error
    * reader: Fix null deref on malloc failure
    * Revert "meson: Install libxml2.py"
    * * Security **
    * tree: Fix integer overflow in xmlBuildQName
    * * Improvements **
    * parser: Use parser context as default in resource loader
    * parser: Only validate EnumerationTypes when requested
    * parser: Undeprecate some parser context members
  - version update to 2.14.3
    * * Regressions **
    * reader: Fix reading compressed data
    * parser: Make undeclared entities in XML content fatal
    * save: Fix XML escape table
    * save: Fix xmlSave with NULL encoding
    * Revert "valid: Remove duplicate error messages when streaming"
    * * Bug fixes **
    * save: Fix serialization of attribute defaults containing <
    * io: Fix linkage of __xml*BufferCreateFilename functions
  - version update to 2.14.2
    * * Security **
    * [CVE-2025-32415] schemas: Fix heap buffer overflow in xmlSchemaIDCFillNodeTables
    * [CVE-2025-32414] python: Read at most len/4 characters. (Maks Verver)
  - version update to 2.14.1
    * * Regressions **
    * parser: Fix XML_PARSE_NOBLANKS dropping non-whitespace text
  - version update to 2.14.0
    * * Major changes **
    * The HTML tokenizer now conforms fully to HTML5.
    * Binary compatibility is restricted to versions 2.14 or newer.
      The soname was bumped from libxml2.so.2 to libxml2.so.16.
    * The serialization API will now take user-provided or default
      encodings into account when serializing attribute values.
    * The XML parser won't try to merge consecutive CDATA sections
      as before to align with web standards.
    * Support for RELAX NG can now be disabled with a new configuration
      option independently of XML Schemas support.
    * The "legacy" configuration option won't enable support for HTTP
      and LZMA anymore.
    * Parts of the xmllint executable were refactored, allowing the
      combination of more options.
    * Meson is fully supported now.
    * Parts of the buffering code were reworked and simplified.
    * Overflow checks before reallocations were hardenend.
    * Some unprefixed symbols were renamed to avoid namespace pollution.
    * * New features **
    * Input callbacks can now be set on a parser context and an improved
      API to create parser input is available.
    * The following new functions, taking a parser input object, were added:
      . xmlCtxtParseDocument
      . xmlCtxtParseContent
      . xmlCtxtParseDtd
    * The xmlSave API now has additional options to replace global settings.
    * Parser options XML_PARSE_UNZIP, XML_PARSE_NO_SYS_CATALOG and
      XML_PARSE_CATALOG_PI were added.
    * An API function to install a custom character encoding converter is
      now available.
    * * Deprecations **
    * Access to many public struct members is now deprecated.
    * More internal functions were deprecated
    * * Removals **
    * Metadata about the HTML4 content model was removed from the
      htmlElemDesc struct
    * The FTP module and related functions were removed.
    * Support for the range and point extensions of the xpointer() scheme
      was removed.
    * Several legacy symbols and the functions in xmlunicode.h were removed.
    * ELF version information was removed.
    * The shell was moved from libxml2 to xmllint. Several related functions
      are no longer available.
    * The libxml.m4 file containing autoconf macros was removed.
    * The --with-tree configuration option was removed.
    * The hack to detect single-threaded programs under glibc was removed.
  - modified patches
    * libxml2-CVE-2025-7425.patch (refreshed)
    * libxml2-python3-string-null-check.patch (refreshed)
    * libxml2-python3-unicode-errors.patch (refreshed)
  - modified sources
    * baselibs.conf
  - deleted patches
    * libxml2-CVE-2025-49794,49796.patch (upstreamed)
    * libxml2-CVE-2025-49795.patch (upstreamed)
    * libxml2-CVE-2025-6170,6021.patch (upstreamed)
    * libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch (upstreamed)
* Fri Jul 18 2025 pgajdos@suse.com
  - security update
  - added patches
    CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
    + libxml2-CVE-2025-7425.patch
* Mon Jul 07 2025 pgajdos@suse.com
  - security update
  - added patches
    CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
    CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
    + libxml2-CVE-2025-49794,49796.patch
    CVE-2025-49795 [bsc#1244555], null pointer dereference may lead to Denial of service (DoS)
    + libxml2-CVE-2025-49795.patch
* Tue Jul 01 2025 pgajdos@suse.com
  - security update
    fix CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
    fix CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
    + libxml2-CVE-2025-6170,6021.patch
* Thu Apr 17 2025 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.13.8:
    + Security:
    - [CVE-2025-32415] schemas: Fix heap buffer overflow in
      xmlSchemaIDCFillNodeTables.
    - [CVE-2025-32414] python: Read at most len/4 characters.
  - bug references: [bsc#1241453], [bsc#1241551]
* Fri Mar 28 2025 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.13.7:
    + Regressions:
    - tree: Fix xmlTextMerge with NULL args
    - io: Fix `compressed` flag for uncompressed stdin
    - parser: Fix parsing of DTD content
* Tue Feb 18 2025 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.13.6 ([bsc#1237363], [bsc#1237370], [bsc#1237418]):
    + Security:
    - [CVE-2025-24928] Fix stack-buffer-overflow in
      xmlSnprintfElements
    - [CVE-2024-56171] Fix use-after-free after
      xmlSchemaItemListAdd
    - pattern: Fix compilation of explicit child axis
    + Regressions:
    - xmllint: Support compressed input from stdin
    - uri: Fix handling of Windows drive letters
    - reader: Fix return value of xmlTextReaderReadString again
    - SAX2: Fix xmlSAX2ResolveEntity if systemId is NULL
    + Portability:
    - dict: Handle ENOSYS from getentropy gracefully
    - Fix compilation with uclibc (Dario Binacchi)
    - python: Declare init func with PyMODINIT_FUNC
    - tests: Fix sanitizer version check on old Apple clang
    - cmake: Work around broken sys/random.h in old macOS SDKs
    + Build:
    - autotools: Set AC_CONFIG_AUX_DIR
    - cmake: Always build Python module as shared library
    - cmake: add missing `Bcrypt` link on Windows
    - cmake: Fix compatibility in package version file
    - xmlIO: Fix reading from non-regular files like pipes
    - xmlreader: Fix return value of xmlTextReaderReadString
    - parser: Fix loading of parameter entities in external DTDs
    - parser: Fix downstream code that swaps DTDs
    - parser: Fix detection of duplicate attributes
    - string: Fix va_copy fallback
    - xpath: Fix parsing of non-ASCII names
  - Drop libxml2-support-compressed-input-from-stdin.patch: Fixed
    upstream.
  - Also CVE-2025-27113 was assigned to this release.
* Wed Jan 29 2025 pgajdos@suse.com
  - fix decompression from stdin [bsc#1236346]
  - added patches
    fix https://gitlab.gnome.org/nwellnhof/libxml2/-/commit/6208f86edd59e31a51a8d9b300d428504adb25a7
    + libxml2-support-compressed-input-from-stdin.patch
* Fri Jan 17 2025 Pedro Monreal <pmonreal@suse.com>
  - Update to 2.13.5:
    * Regressions:
    - xmlIO: Fix reading from non-regular files like pipes
    - xmlreader: Fix return value of xmlTextReaderReadString
    - parser: Fix loading of parameter entities in external DTDs
    - parser: Fix downstream code that swaps DTDs
    - parser: Fix detection of duplicate attributes
    - string: Fix va_copy fallback
    * Bug fixes:
    - xpath: Fix parsing of non-ASCII names
  - Update to 2.13.4:
    * Regressions:
    - parser: Make unsupported encodings an error in declarations
    - io: don't set the executable bit when creating files
    - xmlcatalog: Improved fix for #699
    - Revert "catalog: Fetch XML catalog before dumping"
    - io: Add missing calls to xmlInitParser
    - tree: Restore return value of xmlNodeListGetString with NULL list
    - parser: Fix error handling after reaching limit
    - parser: Make xmlParseChunk return an error if parser was stopped
    * Bug fixes:
    - python: Fix SAX driver with character streams
    * Improvements:
    - xpath: Make recursion check work with xmlXPathCompile
    - parser: Report at least one fatal error
  - Update to 2.13.3:
    * Security:
    - [bsc#1234812, CVE-2024-40896] Fix XXE protection in downstream code
    * Regressions:
    - autotools: Use AC_CHECK_DECL to check for getentropy
    - xinclude: Fix fallback for text includes
    - io: Don't call getcwd in xmlParserGetDirectory
    - io: Fix return value of xmlFileRead
    - parser: Fix error return of xmlParseBalancedChunkMemory
    * Improvements:
    - xinclude: Set error handler when parsing text
    - Undeprecate xmlKeepBlanksDefault
  - Update to 2.13.2:
    * Regressions:
    - tree: Fix handling of empty strings in xmlNodeParseContent
    - valid: Restore ID lookup
    - parser: Reenable ctxt->directory
    - uri: Handle filesystem paths in xmlBuildRelativeURISafe
    - encoding: Make xmlFindCharEncodingHandler return UTF-8 handler
    - encoding: Fix encoding lookup with xmlOpenCharEncodingHandler
    - include: Define ATTRIBUTE_UNUSED for clang
    - uri: Fix xmlBuildURI with NULL base
    * Regressions:
    - parser: Selectively reenable reading from "-"
    - reader: Fix xmlTextReaderReadString
    - xinclude: Set XPath context doc
    - xinclude: Load included documents with XML_PARSE_DTDLOAD
    - include: Don't redefine ATTRIBUTE_UNUSED
    - include: Readd circular dependency between tree.h and parser.h
    - xinclude: Add missing include
    - xinclude: Don't raise error on empty nodeset
    - parser: Make failure to load main document a warning
    - tree: Fix freeing entities via xmlFreeNode
    - parser: Pass global object to sax->setDocumentLocator
    * Improvements:
    - io: Fix resetting xmlParserInputBufferCreateFilename hook
    * Documentation:
    - Fix typo in NEWS (--with-html -> --with-http)
    - doc: Don't mention xmlNewInputURL
* Fri Nov 15 2024 Pedro Monreal <pmonreal@suse.com>
  - Update to 2.13.0:
    * Major changes:
    - Most of the core code should now report malloc failures reliably. Some
      API functions were extended with versions that report malloc failures.
    - New API functions for error handling were added:
      + xmlCtxtSetErrorHandler
      + xmlXPathSetErrorHandler
      + xmlXIncludeSetErrorHandler
    - This makes it possible to register per-context error handlers without
      resorting to global handlers.
    - A few error messages were improved and consolidated. Please update
      downstream test suites accordingly.
    - A new parser option XML_PARSE_NO_XXE can be used to disable loading
      of external entities or DTDs. This is most useful in connection with
      XML_PARSE_NOENT.
    - Support for HTTP POST was removed.
    - Support for zlib, liblzma and HTTP is now disabled by default and has
      to be enabled by passing --with-zlib, --with-lzma or --with-http to
      configure. In legacy mode (--with-legacy) these options are enabled
      by default as before.
    - Support for FTP will be removed in the next release.
    - Support for the range and point extensions of the xpointer() scheme
      will be removed in the next release. The rest of the XPointer
      implementation won't be affected. The xpointer() scheme will behave
      like the xpath1() scheme.
    - Several more legacy symbols were deprecated. Users of the old "SAX1"
      API functions are encouraged to upgrade to the new "SAX2" API,
      available since version 2.6.0 from 2003.
    * Some deprecated global variables were made const:
    - htmlDefaultSAXHandler
    - oldXMLWDcompatibility
    - xmlDefaultSAXHandler
    - xmlDefaultSAXLocator
    - xmlParserDebugEntities
    * Deprecations and removals:
    - threads: Deprecate remaining ThrDef functions
    - unicode: Deprecate most xmlUCSIs* functions
    - memory: Remove memory debugging
    - tree: Deprecate xmlRegisterNodeDefault
    - tree: Deprecate xmlSetCompressMode
    - html: Deprecate htmlHandleOmittedElem
    - valid: Deprecate internal validation functions
    - valid: Deprecate old DTD serialization API
    - nanohttp: Deprecate public API
    - Remove VMS support
    - Remove Trio
    * Bug fixes:
    - parser: Fix base URI of internal parameter entities
    - tree: Handle predefined entities in xmlBufGetEntityRefContent
    - schemas: Allow unlimited length decimals, integers etc.
    - reader: Fix preservation of attributes
    - parser: Always decode entities in namespace URIs
    - relaxng: Fix tree corruption in xmlRelaxNGParseNameClass
    - schemas: Fix ADD_ANNOTATION
    - tree: Fix tree iteration in xmlDOMWrapRemoveNode
    - tree: Declare namespace on clone in xmlDOMWrapCloneNode
    - tree: Fix xmlAddSibling with last sibling
    - tree: Fix xmlDocSetRootElement with multiple top-level elements
    - catalog: Fetch XML catalog before dumping
    - html: Don't close fd in htmlCtxtReadFd
    * Improvements:
    - parser: Fix "Truncated multi-byte sequence" error
    - Add missing _cplusplus processing clause
    - parser: Rework handling of undeclared entities
    - SAX2: Warn if URI resolution failed
    - parser: Don't report error on invalid URI
    - xmllint: Clean up option handling
    - xmllint: Rework parsing
    - parser: Don't create undeclared entity refs in substitution mode
    - Make some globals const
    - reader: Make xmlTextReaderReadString non-recursive
    - reader: Rework xmlTextReaderRead{Inner,Outer}Xml
    - Remove redundant size check (Niels Dossche)
    - Remove redundant NULL check on cur
    - Remove always-false check old == cur
    - Remove redundant NULL check on cur
    - tree: Don't return empty localname in xmlSplitQName{2,3}
    - xinclude: Don't try to fix base of non-elements
    - tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling
    - SAX2: Optimize appending children
    - tree: Align xmlAddChild with other node insertion functions
    - html: Use binary search in htmlEntityValueLookup
    - io: Allocate output buffer with XML_BUFFER_ALLOC_IO
    - encoding: Don't shrink input too early in xmlCharEncOutput
    - tree: Tighten source doc check in xmlDOMWrapAdoptNode
    - tree: Check destParent->doc in xmlDOMWrapCloneNode
    - tree: Refactor text node updates
    - tree: Refactor node insertion
    - tree: Refactor element creation and parsing of attribute values
    - tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent
    - buf: Don't use default buffer size for small strings
    - string: Fix xmlStrncatNew(NULL, "")
    - entities: Don't allow null name in xmlNewEntity
    - html: Fix quadratic behavior in htmlNodeDump
    - tree: Rewrite xmlSetTreeDoc
    - valid: Rework xmlAddID
    - tree: Remove unused node types
    - tree: Make namespace comparison more consistent
    - tree: Don't allow NULL name in xmlSetNsProp
    - tree: Rework xmlNodeListGetString
    - tree: Rework xmlTextMerge
    - tree: Rework xmlNodeSetName
    - tree: Simplify xmlAddChild with text parent
    - tree: Disallow setting content of entity reference nodes
    - tree: Rework xmlReconciliateNs
    - schemas: fix spurious warning about truncated snprintf output
    - xmlschemastypes: Remove unreachable if statement
    - relaxng: Remove useless if statement
    - tree: Check for integer overflow in xmlStringGetNodeList
    - http: Improve error message for HTTPS redirects
    - save: Move DTD serialization code to xmlsave.c
    - parser: Report fatal error if document entity couldn't be loaded
    - xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest
    - SAX2: Limit entity URI length to 2000 bytes
    - parser: Account for full size of non-well-formed entities
    - parser: Pop inputs if parsing DTD failed
    - parser: Fix quadratic behavior when copying entities
    - writer: Implement xmlTextWriterClose
    - parser: Avoid duplicate namespace errors
    - parser: Add XML_PARSE_NO_XXE parser option
    - parser: Make xmlParseContent more useful
    - error: Make xmlFormatError public
    - encoding: Check whether encoding handlers support input/output
    - SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE
    - parser: Lower maximum entity nesting depth
    - parser: Set depth limit to 2048 with XML_PARSE_HUGE
    - parser: Implement xmlCtxtSetOptions
    - parser: Always prefer option members over bitmask
    - parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set
    - parser: Rework parsing of attribute and entity values
    - save: Output U+FFFD replacement characters
    - parser: Simplify entity size accounting
    - parser: Avoid unwanted expansion of parameter entities
    - parser: Always copy content from entity to target
    - parser: Simplify control flow in xmlParseReference
    - parser: Remove xmlSetEntityReferenceFunc feature
    - parser: Push general entity input streams on the stack
    - parser: Move progressive flag into input struct
    - parser: Fix in-parameter-entity and in-external-dtd checks
    - xpath: Rewrite substring-before and substring-after
    - xinclude: Only set xml:base if necessary
    - xinclude: Allow empty nodesets
    - parser: Rework general entity parsing
    - io: Fix close error handling
    - io: Fix read/write error handling
    - io: More refactoring and unescaping fixes
    - io: Move some code from xmlIO.c to parserInternals.c
    - uri: Clean up special parsing modes
    - xinclude: Rework xml:base fixup
    - parser: Also set document properties when push parsing
    - include: Move non-generated parts from xmlversion.h.in
    - io: Remove support for HTTP POST
    - dict: Move local RNG state to global state
    - dict: Get random seed from system PRNG
    - io: Don't use "-" to read from stdin
    - io: Rework initialization
    - io: Consolidate error messages
    - xzlib: Fix harmless unsigned integer overflow
    - io: Always use unbuffered input
    - io: Fix detection of compressed streams
    - io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile
    - io: Rework default callbacks
    - error: Stop printing some errors by default
    - xpath: Don't free nodes of XSLT result value trees
    - valid: Fix handling of enumerations
    - parser: Allow recovery in xmlParseInNodeContext
    - encoding: Support ASCII in xmlLookupCharEncodingHandler
    - include: Remove useless 'const' from function arguments
    - Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const'
      conversions (makise-homura)
    - Avoid EDG deprecation warnings for LCC compiler
    - Avoid EDG -Woverflow warnings on truncating conversions by manually
      truncating operand (makise-homura)
    - Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by
      conversion from unsigned int to int (makise-homura)
    - Avoid using no_sanitize attribute on EDG even if compiler shows as GCC
    * Build systems:
    - meson: convert boolean options to feature option
    - meson: Pass LIBXML_STATIC in dependency
    - meson: fix compilation with local binaries
    - meson: don't use dl dependency on old meson
    - meson: fix usage as a subproject
    - build: Remove --with-fexceptions configuration option
    - autotools: Remove --with-coverage configuration option
    - build: Disable HTTP support by default
    - Stop defining _REENTRANT
    - doc: Don't install example code
    - meson: Initial commit
    - build: Disable support for compression libraries by default
    - Set LIBXML2_FOUND if it has been properly configured
    - Makefile.am: omit $(top_builddir) from DEPS and LDADDS
    * Test suite
    - runtest: Work around broken EUC-JP support in musl iconv
    - runtest: Check for IBM-1141 encoding handler
    - fuzz: Add xmllint fuzzer
    - fuzz: Add fuzzer for XML reader API
    - fuzz: New tree API fuzzer
    - tests: Remove testOOM
    - Don't let gentest.py cast types to 'const somethingPtr' to avoid
    - Wignored-qualifiers
    * Rebase libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Wed Nov 13 2024 pgajdos@suse.com
  - add %{?sle15allpythons} macro [jsc#PED-68]
  - use %python_build and %python_install for 15
* Thu Jul 25 2024 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.12.9:
    + Security: (CVE-2024-40896) Fix XXE protection in downstream
      code.
    + Improvements: Undeprecate xmlKeepBlanksDefault.
* Wed Jun 12 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Update to version 2.12.8:
    + parser: Fix performance regression when parsing namespaces.
* Tue May 14 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Update to version 2.12.7:
    + Fix buffer overread with `xmllint --htmlout` (CVE-2024-34459, bsc#1224282).
    + xmllint: Fix --pedantic option.
    + save: Handle invalid parent pointers in xhtmlNodeDumpOutput.
* Wed Apr 17 2024 Christoph G <foss@grueninger.de>
  - Update to version 2.12.6
    * Regressions
    - parser: Fix detection of duplicate attributes in XML namespace
    - xmlreader: Fix xmlTextReaderConstEncoding
    - html: Fix htmlCreatePushParserCtxt with encoding
    - xmllint: Return error code if XPath returns empty nodeset
  - Update to version 2.12.5
    * Security
    - [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
    * Regressions
    - parser: Fix crash in xmlParseInNodeContext with HTML documents
  - Update to version 2.12.4
    * Regressions
    - parser: Fix regression parsing standalone declarations
    - autotools: Readd --with-xptr-locs configuration option
    - parser: Fix build --without-output
    - parser: Don't grow or shrink pull parser memory buffers
    - io: Fix memory lifetime issue with input buffers
  - Update to version 2.12.3
    * Regressions
    - parser: Fix namespaces redefined from default attributes
    * Build fixes
    - include: Rename XML_EMPTY helper macro
    - include: Move declaration of xmlInitGlobals
    - include: Add missing includes
    - include: Move globals from xmlsave.h to parser.h
    - include: Readd circular dependency between tree.h and parser.h
  - Drop libxml2-CVE-2024-25062.patch as it is part of upstream
* Sat Feb 10 2024 David Anes <david.anes@suse.com>
  - Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader
    * Added libxml2-CVE-2024-25062.patch
* Tue Dec 05 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.12.2:
    * Regressions:
    - parser:
      . Fix invalid free in xmlParseBalancedChunkMemoryRecover
      . Make CRLF increment line number
    - globals: Disable TLS in static Windows builds
    - html: Reenable buggy detection of XML declarations
    - tree: Fix regression when copying DTDs
    * Build fixes
    - build: Disable compiler TLS by default
    - cmake: Update config.h.cmake.in
    - tests: Fix tests --with-valid --without-xinclude
* Fri Nov 24 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to verson 2.12.1:
    * Regressions:
    - hash: Fix deletion of entries during scan
    - parser: Only enable SAX2 if there are SAX2 element handlers
    * Build fixes:
    - autotools: Stop checking for snprintf
    - dict: Fix '__thread' before 'static'
    - fix: pthread weak references in globals.c
    - tests: Fix build with older MSVC
* Fri Nov 17 2023 David Anes <david.anes@suse.com>
  - Bring back a patch that was mistakenly removed in the last update.
    * Readded libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Thu Nov 16 2023 David Anes <david.anes@suse.com>
  - Removed patches (already in upstream):
    * libxml2-CVE-2023-39615.patch
    * libxml2-CVE-2023-45322.patch
    * libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
    * python312.patch
  - Update to 2.12.0:
    * Major changes:
    - Most of the known issues leading to quadratic behavior in the
      XML parser were fixed. Internal hash tables were rewritten to
      reduce memory consumption.
    - Starting with this release, it should be enough to add the
    - -with-legacy configuration option to provide maximum ABI
      compatibility.
    - libxml2 will now store global variables in thread-local
      storage if supported by the compiler. This avoids allocating
      the data lazily which can result in a fatal error condition.
    - A new API function xmlCheckThreadLocalStorage was added so the
      allocation can be checked earlier if compiler TLS is not
      supported.
    - To prepare for future improvements, some API functions now
      expect or return a const xmlError struct.
    - Several cyclic dependencies in public header files were fixed.
    - Refactoring of the encoding code has been mostly completed.
      Calling xmlSwitchEncoding from client code is now fully
      supported, for example to override the encoding for the push
      parser.
    - When parsing data from memory, libxml2 will now stream data
      chunk by chunk instead of copying the whole buffer (possibly
      twice with encodings), reducing peak memory consumption
      considerably.
    - A new API function xmlCtxtSetMaxAmplification was added to
      allow parsing of files that would otherwise trigger the
      billion laughs protection.
    - Several bugs in the regex determinism checks were fixed.
      Invalid XML Schemas which previous versions erroneously
      accepted will now be rejected.
    * Deprecations
    - globals: Deprecate xmlLastError
    - parser: Deprecate global parser options
    - win32: Deprecate old Windows build system
    * Bug fixes
    - parser: Stop switching to ISO-8859-1 on encoding errors
    - parser: Support encoded external PEs in entity values
    - string: Fix UTF-8 validation in xmlGetUTF8Char
    - SAX2: Allow multiple top-level elements
    - parser: Update line number after coalescing text nodes
    - parser: Check for truncated multi-byte sequences
    * See the full changelog here:
    - https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.0
* Thu Nov 16 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.11.6:
    * Regressions:
    - threads: Fix --with-thread-alloc
    - xinclude: Fix ‘last’ pointer in xmlXIncludeCopyNode
    * Bug fixes: parser: Fix potential use-after-free in
      xmlParseCharDataInternal
* Mon Nov 13 2023 David Anes <david.anes@suse.com>
  - Security fix: CVE-2023-45322 (bsc#1216129)
    * use-after-free in xmlUnlinkNode() in tree.c
    * Added file libxml2-CVE-2023-45322.patch
* Mon Oct 23 2023 Daniel Garcia <daniel.garcia@suse.com>
  - Add python312.patch to make it compatible with python 3.12
    https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/226
  - Use pyproject_wheel and pyproject_install macros instead of
    python_build, python_install
* Mon Sep 04 2023 David Anes <david.anes@suse.com>
  - Security fix: CVE-2023-39615 (bsc#1214768)
    * crafted xml can cause global buffer overflow
    * Added file libxml2-CVE-2023-39615.patch
* Wed Aug 09 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.11.5:
    + Regressions:
    - parser: Make xmlSwitchEncoding always skip the BOM
    - autotools: Improve iconv check
    + Bug fixes:
    - valid: Fix c1->parent pointer in xmlCopyDocElementContent
    - encoding: Always call ucnv_convertEx with flush set to false
    + Portability: autotools: fix Python module file ext for
      cygwin/msys2
    + Tests: runtest: Fix compilation without LIBXML_HTML_ENABLED
* Fri May 19 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.11.4:
    + Fixes a serious regression: parser: Fix regression when push
      parsing UTF-8 sequences.
* Thu May 11 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.11.3:
    + xinclude: Fix false positives in inclusion loop detection.
    + autotools: Fix ICU detection.
    + parser: Fix "huge input lookup" error with push parser.
    + xpath: Fix build without LIBXML_XPATH_ENABLED.
    + hash: Fix possible startup crash with old libxslt versions.
    + autoconf: fix iconv library paths.
* Fri May 05 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.11.2:
    + Fix regressions:
    - threads: Fix startup crash with weak symbol hack
    - win32: Don’t depend on removed .def file
    - schemas: Fix memory leak in xmlSchemaValidateStream
* Wed May 03 2023 David Anes <david.anes@suse.com>
  - Rebased patches:
    * libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
    * libxml2-python3-unicode-errors.patch
  - Update to 2.11.1:
    * Fixes build and ABI issues.
    - cmake: Fix va_copy detection (Luca Niccoli)
    - libxml.m4: Fix quoting
    - Link with --undefined-version
    - libxml2.syms: Revert removal of version information
  - Update to 2.11.0:
    * Major changes
    - Protection against entity expansion attacks, also known as
      "billion laughs" has been greatly improved. Malicious files
      should be detected reliably now and false positives should be
      reduced. It is possible though that large documents which make
      heavy use of entities are rejected now.
    - This release finally fixes symbol visibility on UNIX systems.
      Internal symbols will now be hidden. While these symbols were
      never declared in public headers, it was still possible to
      declare them manually. Now this won't work.
    - All symbol information has been removed from the ELF version
      script to fix link errors with --no-undefined-version. The
      version nodes are kept so it should still be possible to run
      binaries linked against older versions.
    - About 90 memory errors in code paths handling malloc failures
      have been fixed. While these issues shouldn't impact security,
      this improves robustness under memory pressure.
    - The XInclude engine has been reworked to properly support
      nested includes.
    - Several cases of quadratic behavior in the XML push parser
      have been fixed.
    - Refactoring has begun on some buffering and encoding code with
      the goal of simplifying this part of the code base and
      improving error reporting.
    * Other highlights:
    - Consolidated private header files.
    - Major rework of the autoconf build.
    - Deprecated several outdated and internal functions.
    * Security
    - Fix use-after-free in xmlParseContentInternal() (David Kilzer)
    - xmllint: Fix use-after-free with --maxmem
    - parser: Fix OOB read when formatting error message
    - entities: Rework entity amplification checks
    * See the full changelog at https://discourse.gnome.org/t/libxml2-2-11-0-released/15123
* Fri Apr 21 2023 David Anes <david.anes@suse.com>
  - Remove unneeded dependency (bsc#1209918).
* Tue Apr 11 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.10.4:
    + Security:
    - [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
      isn’t deterministic
    - [CVE-2023-28484, bsc#1210411] Fix null deref in
      xmlSchemaFixupComplexType
    - schemas: Fix null-pointer-deref in
      xmlSchemaCheckCOSSTDerivedOK
    + Regressions:
    - SAX2: Ignore namespaces in HTML documents
    - io: Fix “buffer full” error with certain buffer sizes
* Wed Feb 01 2023 Dirk Müller <dmueller@suse.com>
  - remove zlib-devel, pkgconfig(zlib) is sufficient
* Mon Oct 31 2022 David Anes <david.anes@suse.com>
  - Add W3C conformance tests to the testsuite (bsc#1204585):
    * Added file xmlts20080827.tar.gz
* Fri Oct 14 2022 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304):
    + Security:
    - [CVE-2022-40304] Fix dict corruption caused by entity
      reference cycles
    - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
    - Fix overflow check in SAX2.c
    + Build system: cmake: Set SOVERSION
  - Rebase patches with quilt.
* Thu Sep 01 2022 Pedro Monreal <pmonreal@suse.com>
  - Build for now with --with-legacy to enable APIs that have been
    deprecated recently. (bsc#1202965)
* Tue Aug 30 2022 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.10.2:
    * Improvements:
      + Remove set-but-unused variable in xmlXPathScanName
      + Silence -Warray-bounds warning
    * Build system
      + build: require automake-1.16.3 or later
      + Remove generated files from distribution
    * Test suite: Don't create missing.xml when running testapi
  - Add configure --with-python=%{__python3} inbefore python build,
    as upstream no longer ships pre-grenerated files.
  - Use sed to fix env-script-interpreter in documentation example.
  - Pass with-ftp to configure, build ftp support.
* Thu Aug 25 2022 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 2.10.1:
    * Regressions: Fix xmlCtxtReadDoc with encoding
    * Bug fixes: Fix HTML parser with threads and --without-legacy
    * Build system:
      + Fix build with Python 3.10
      + cmake: Disable version script on macOS
      + Remove Makefile rule to build testapi.c
    * Documentation:
      + Switch back to HTML output for API documentation
      + Port doc/examples/index.py to Python 3
      + Fix order of exports in libxml2-api.xml
      + Remove libxml2-refs.xml
* Thu Aug 18 2022 David Anes <david.anes@suse.com>
  - Update to 2.10.0:
    * Security
      + [CVE-2022-2309] Reset nsNr in xmlCtxtReset
      + Reserve byte for NUL terminator and report errors consistently in xmlBuf and
      xmlBuffer
      + Fix missing NUL terminators in xmlBuf and xmlBuffer functions
      + Fix integer overflow in xmlBufferDump()
      + xmlBufAvail() should return length without including a byte for NUL
      terminator
      + Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc()
      + Use xmlNewDocText in xmlXIncludeCopyRange
      + Fix use-after-free bugs when calling xmlTextReaderClose() before
      xmlFreeTextReader() on post-validating parser
      + Use UPDATE_COMPAT() consistently in buf.c
      + fix: xmlXPathParserContext could be double-delete in  OOM case.
    * Removals and deprecations
      + Disable XPointer location support by default
      + Remove outdated xml2Conf.sh
      + Deprecate module init and cleanup functions
      + Remove obsolete XML Software Autoupdate (XSA) file
      + Remove DOCBparser
      + Remove obsolete Python test framework
      + Remove broken VxWorks support
      + Remove broken Mac OS 9 support
      + Remove broken bakefile support
      + Remove broken Visual Studio 2010 support
      + Remove broken Windows CE support
      + Deprecate IDREF-related functions in valid.h
      + Deprecate legacy functions
      + Disable legacy support by default
      + Deprecate all functions in nanoftp.h
      + Disable FTP support by default
      + Add XML_DEPRECATED macro
      + Remove elfgcchack.h
    * Regressions
      + Skip incorrectly opened HTML comments
      + Restore behavior of htmlDocContentDumpFormatOutput()
    * Bug fixes
      + Fix memory leak with invalid XSD
      + Make XPath depth check work with recursive invocations
      + Fix memory leak in xmlLoadEntityContent error path
      + Avoid double-free if malloc fails in inputPush
      + Properly fold whitespace around the QName value when validating an XSD
      schema.
      + Add whitespace folding for some atomic data types that it's missing on.
      + Don't add IDs containing unexpanded entity references
    * Improvements
      + Avoid calling xmlSetTreeDoc
      + Simplify xmlFreeNode
      + Don't reset nsDef when changing node content
      + Fix unintended fall-through in xmlNodeAddContentLen
      + Remove unused xmlBuf functions
      + Implement xpath1() XPointer scheme
      + Add configuration flag for XPointer locations support
      + Fix compiler warnings in Python code
      + Mark more static data as `const`
      + Make xmlStaticCopyNode non-recursive
      + Clean up encoding switching code
      + Simplify recursive pthread mutex
      + Use non-recursive mutex in dict.c
      + Fix parser progress checks
      + Avoid arithmetic on freed pointers
      + Improve buffer allocation scheme
      + Remove unneeded #includes
      + Add support for some non-standard escapes in regular expressions.
      + htmlParseComment: handle abruptly-closed comments
      + Add let variable tag support
      + Add value-of tag support
      + Remove useless call to xmlRelaxNGCleanupTypes
      + Don't include ICU headers in public headers
      + Update `xmlStrlen()` to use POSIX / ISO C `strlen()`
      + Fix unused variable warnings with disabled features
      + Only warn on invalid redeclarations of predefined entities
      + Remove unneeded code in xmlreader.c
      + Rework validation context flags
    * Portability
      + Use NAN/INFINITY if available to init XPath NaN/Inf
      + Fix Python tests on macOS
      + Fix xmlCleanupThreads on Windows
      + Fix reinitialization of library on Windows
      + Don't mix declarations and code in runtest.c
      + Use portable python shebangs
      + Use critical sections as mutex on Windows
      + Don't set HAVE_WIN32_THREADS in win32config.h
      + Use stdint.h with newer MSVC
      + Remove cruft from win32config.h
      + Remove isinf/isnan emulation in win32config.h
      + Always fopen files with "rb"
      + Remove __DJGPP__ checks
      + Remove useless __CYGWIN__ checks
    * Build system
      + Don't autogenerate doc/examples/Makefile.am
      + cmake: Install libxml.m4 on UNIX-like platforms
      + cmake: Use symbol versioning on UNIX-like platforms
      + Port genUnicode.py to Python 3
      + Port gentest.py to Python 3
      + cmake: Fix build without thread support
      + cmake: Install documentation in CMAKE_INSTALL_DOCDIR
      + cmake: Remove non needed files in docs dir
      + configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
      + Move local Autoconf macros into m4 directory
      + Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
      + Update libxml-2.0-uninstalled.pc.in
      + Remove LIBS from XML_PRIVATE_LIBS
      + Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
      + Don't overlink executables
      + cmake: Adjust paths for UNIX or UNIX-like target systems
      + build: Make use of variables in libxml's pkg-config file
      + Avoid obsolescent `test -a` constructs
      + Move AM_MAINTAINER_MODE to AM section
      + configure.ac: make AM_SILENT_RULES([yes]) unconditional
      + Streamline documentation installation
      + Don't try to recreate COPYING symlink
      + Detect libm using libtool's macros
      + configure.ac: disable static libraries by default
      + python/Makefile.am: nest python docs in $(docdir)
      + python/Makefile.am: rely on global AM_INIT_AUTOMAKE
      + Makefile.am: install examples more idiomatically
      + configure.ac: remove useless AC_SUBST
      + Respect `--sysconfdir` in source files
      + Ignore configure backup file created by recent autoreconf too
      + Only install *.html and *.c example files
      + Remove --with-html-dir option
      + Rework documentation build system
      + Remove old website
      + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings
      + Update genChRanges.py
      + Update build_glob.py
      + Remove ICONV_CONST test
      + Remove obsolete AC_HEADER checks
      + Don't check for standard C89 library functions
      + Don't check for standard C89 headers
      + Remove special configuration for certain maintainers
    * Test suite, CI
      + Disable network in API tests
      + testapi: remove leading slash from "/missing.xml"
      + Build Autotools CI tests out of source tree (VPATH)
      + Add --with-minimum build to CI tests
      + Fix warnings when testing --with-minimum build
      + cmake: Run all tests when threads are disabled
      + Also build CI tests with -Werror
      + Move doc/examples tests to new test suite
      + Simplify 'make check' targets
      + Fix schemas and relaxng tests
      + Remove unused result files
      + Allow missing result files in runtest
      + Move regexp tests to runtest
      + Move SVG tests to runtest.c
      + Move testModule to new test suite
      + Move testThreads to new test suite
      + Remove major parts of old test suite
      + Make testchar return an error on failure
      + Add CI job for static build
      + python/tests: open() relative to test scripts
      + Port some test scripts to Python 3
    * Documentation
      + Improve documentation of tree manipulation API
      + Update xml2-config man page
      + Consolidate man pages
      + Rename xmlcatalog_man.xml
      + Make examples a standalone HTML page
      + Fix documentation in entities.c
      + Add note about optimization flags
* Mon May 02 2022 David Anes <david.anes@suse.com>
  - Update to 2.9.14:
    * Security:
      + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
      + Fix potential double-free in xmlXPtrStringRangeFunction
      + Fix memory leak in xmlFindCharEncodingHandler
      + Normalize XPath strings in-place
      + Prevent integer-overflow in htmlSkipBlankChars() and
      xmlSkipBlankChars()
      + Fix leak of xmlElementContent
    * Bug fixes:
      + Fix parsing of subtracted regex character classes
      + Fix recursion check in xinclude.c
      + Reset last error in xmlCleanupGlobals
      + Fix certain combinations of regex range quantifiers
      + Fix range quantifier on subregex
    * Improvements:
      + Fix recovery from invalid HTML start tags
    * Build system, portability:
      + Define LFS macros before including system headers
      + Initialize XPath floating-point globals
      + configure: check for icu DEFS
      + configure.ac: produce tar.xz only (GNOME policy)
      + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
      + Fix build with older Python versions
      + Fix --without-valid build
* Fri Mar 18 2022 Dominique Leuenberger <dimstar@opensuse.org>
  - Build python bindings in a 2nd run, using multibuild: otherwise,
    libxml2 requires pkgconfig(libxml-2.0) to build, causing issues
    to bootstrap.
* Tue Mar 08 2022 Luciano Santos <luc14n0@opensuse.org>
  - Update to version 2.9.13:
    * Security fixes:
      + [CVE-2022-23308] Use-after-free of ID and IDREF attributes
      (boo#1196490);
      + Several memory leaks and another issues.
    * Many regressions fixes.
    * Numerous bug fixes, including, among many others:
      + xmllint's --maxmem option should work as expected now;
      + xmllint now returns an error if arguments are missing.
    * Numerous tests and code and fuzzing fixes and improvements.
    * Updated documentation.
  - The full Libxml2 2.9.13 NEWS can be found here:
    https://download.gnome.org/sources/libxml2/2.9/\
    libxml2-2.9.13.news.
  - Replace version-release macros in all 3 Obsoletes tag with
    plain 2.9.13 to avoid unwanted behaviors in the future.
  - Remove dropped upstream AUTHORS file from list of files to be
    installed in the documentation location with 'cp' command.
  - Update http://xmlsoft.org URL tag to Libxml2's new web home:
    https://gitlab.gnome.org/GNOME/libxml2.
  - Update ftp://xmlsoft.org Source tag to Libxml2's new download
    host: https://download.gnome.org.
  - Drop deprecated Python-2-related macro definitions/conditional
    statement from spec file.
  - Drop merged upstream patches:
    libxml2-fix-lxml-corrupted-subtree-structures.patch;
    libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch.
  - Drop libxml2.keyring source file as the new download host doesn't
    offer GPG signatures.
  - Use ldconfig_scriptlets macro for post(un) handling.

Files

/usr/lib/python3.13/site-packages/__pycache__/drv_libxml2.cpython-313.opt-1.pyc
/usr/lib/python3.13/site-packages/__pycache__/drv_libxml2.cpython-313.pyc
/usr/lib/python3.13/site-packages/__pycache__/libxml2.cpython-313.opt-1.pyc
/usr/lib/python3.13/site-packages/__pycache__/libxml2.cpython-313.pyc
/usr/lib/python3.13/site-packages/drv_libxml2.py
/usr/lib/python3.13/site-packages/libxml2.py
/usr/lib/python3.13/site-packages/libxml2_python-2.14.5.dist-info
/usr/lib/python3.13/site-packages/libxml2_python-2.14.5.dist-info/INSTALLER
/usr/lib/python3.13/site-packages/libxml2_python-2.14.5.dist-info/METADATA
/usr/lib/python3.13/site-packages/libxml2_python-2.14.5.dist-info/RECORD
/usr/lib/python3.13/site-packages/libxml2_python-2.14.5.dist-info/REQUESTED
/usr/lib/python3.13/site-packages/libxml2_python-2.14.5.dist-info/WHEEL
/usr/lib/python3.13/site-packages/libxml2_python-2.14.5.dist-info/top_level.txt
/usr/lib/python3.13/site-packages/libxml2mod.cpython-313-arm-linux-gnueabihf.so
/usr/share/doc/packages/python313-libxml2
/usr/share/doc/packages/python313-libxml2/README
/usr/share/doc/packages/python313-libxml2/apibuild.py
/usr/share/doc/packages/python313-libxml2/libxml2class.txt


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Oct 24 23:22:36 2025