Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libxml2-2-2.9.9-1.1 RPM for riscv64

From OpenSuSE Ports Tumbleweed for riscv64

Name: libxml2-2 Distribution: openSUSE Tumbleweed
Version: 2.9.9 Vendor: openSUSE
Release: 1.1 Build date: Mon Feb 4 21:19:36 2019
Group: System/Libraries Build host: build81
Size: 1330535 Source RPM: libxml2-2.9.9-1.1.src.rpm
Packager: http://bugs.opensuse.org
Url: http://xmlsoft.org
Summary: A Library to Manipulate XML Files
The XML C library was initially developed for the GNOME project. It is
now used by many programs to load and save extensible data structures
or manipulate any kind of XML files.

This library implements a number of existing standards related to
markup languages, including the XML standard, name spaces in XML, XML
Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and
XML catalogs. In most cases, libxml tries to implement the
specification in a rather strict way. To some extent, it provides
support for the following specifications, but does not claim to
implement them: DOM, FTP client, HTTP client, and SAX.

The library also supports RelaxNG. Support for W3C XML Schemas is in
progress.

Provides

Requires

License

MIT

Changelog

* Sat Jan 26 2019 mgorse@suse.com
  - Version update to 2.9.9:
    * Security:
      + CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA
      decompression (boo#1088279 boo#1105166).
      + CVE-2018-14404 Fix nullptr deref with XPath logic ops
      (boo#1102046).
    * Bug fixes:
      + Fix building relative URIs
      + Problem with data in interleave in RelaxNG validation
      + Fix memory leak in xmlSwitchInputEncodingInt error path
      + Set doc on element obtained from freeElems
      + Fix HTML serialization with UTF-8 encoding
      + Use actual doc in xmlTextReaderRead*Xml
      + Unlink node before freeing it in xmlSAX2StartElement
      + Check return value of nodePush in xmlSAX2StartElement
      + Free input buffer in xmlHaltParser
      + Reset HTML parser input pointers on encoding failure
      + Fix xmlSchemaValidCtxtPtr reuse memory leak
      + Fix xmlTextReaderNext with preparsed document
      + HTML noscript should not close p
      + Don't change context node in xmlXPathRoot
    * Improvements:
      + Remove redefined starts and defines inside include elements
      + Allow choice within choice in nameClass in RELAX NG
      + Look inside divs for starts and defines inside include
      +  Add newlines to 'xmllint --xpath' output
      + Don't include SAX.h from globals.h
      + Support xmlTextReaderNextSibling w/o preparsed doc
      + Improve restoring of context size and position
      + Simplify and harden nodeset filtering
      + Avoid unnecessary backups of the context node
      + Fix inconsistency in xmlXPathIsInf
* Tue Mar 20 2018 kukuk@suse.de
  - Use %license instead of %doc [bsc#1082318]
* Wed Mar 14 2018 tchvatal@suse.com
  - Version update to 2.9.8:
    * Various -Werror fixes and compilation updates as travis is now
      used by upstream
    * Few additional tests added for ICU operations
* Sat Nov 11 2017 aavindraa@gmail.com
  - Version update to 2.9.7 release:
    * Bug Fixes:
      + xmlcatalog: restore ability to query system catalog easily
      + Fix comparison of nodesets to strings
    * Improvements:
      + Add Makefile rules to rebuild HTML man pages
      + Remove generated file python/setup.py from version control
      + Fix mixed decls and code in timsort.h
      + Rework handling of return values in thread tests
      + Fix unused variable warnings in testrecurse
      + Fix -Wimplicit-fallthrough warnings
      + Upgrade timsort.h to latest revision
      + Fix a couple of warnings in dict.c and threads.c
      + Fix unused variable warnings in nanohttp.c
      + Don't include winsock2.h in xmllint.c
      + Use __linux__ macro in generated code
    * Portability:
      + Add declaration for DllMain
      + Fix preprocessor conditional in threads.h
      + Fix macro redefinition warning
      + many Windows specific improvements
    * Documentation:
      + xmlcatalog: refresh man page wrt. quering system catalog easily
  - Includes bug fixes from 2.9.6:
    * Fix XPath stack frame logic
    * Report undefined XPath variable error message
    * Fix regression with librsvg
    * Handle more invalid entity values in recovery mode
    * Fix structured validation errors
    * Fix memory leak in LZMA decompressor
    * Set memory limit for LZMA decompression
    * Handle illegal entity values in recovery mode
    * Fix debug dump of streaming XPath expressions
    * Fix memory leak in nanoftp
    * Fix memory leaks in SAX1 parser
  - Drop libxml2-bug787941.patch
    * upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8
* Thu Sep 21 2017 jengelh@inai.de
  - Update package summaries and RPM groups. Trim descriptions for
    size on secondary subpackages. Replace install call by a
    commonly-used macro.
* Thu Sep 21 2017 tchvatal@suse.com
  - Add patch to fix TW integration:
    * libxml2-bug787941.patch
* Sun Sep 10 2017 tchvatal@suse.com
  - Version update to 2.9.5 release:
    * Merged all the previous cve fixes that were patched in
    * Few small tweaks
  - Remove merged patches:
    * libxml2-CVE-2016-4658.patch
    * libxml2-CVE-2017-0663.patch
    * libxml2-CVE-2017-5969.patch
    * libxml2-CVE-2017-9047.patch
    * libxml2-CVE-2017-9048.patch
    * libxml2-CVE-2017-9049.patch
    * libxml2-2.9.4-fix_attribute_decoding.patch
* Thu Jun 15 2017 pmonrealgonzalez@suse.com
  - Security fix:
    * libxml2-CVE-2017-0663.patch [bsc#1044337, CVE-2017-0663]
    * Fix Heap buffer overflow in xmlAddID
* Wed Jun 14 2017 pmonrealgonzalez@suse.com
  - Security fix:
    * libxml2-CVE-2017-5969.patch [bsc#1024989, CVE-2017-5969]
    * Fix NULL pointer deref in xmlDumpElementContent
* Mon May 22 2017 pmonrealgonzalez@suse.com
  - Security fixes:
    * libxml2-CVE-2017-9049.patch [bsc#1039066]
    * heap-based buffer overflow (xmlDictComputeFastKey func)
    * libxml2-CVE-2017-9048.patch [bsc#1039063]
    * stack overflow vulnerability (xmlSnprintfElementContent func)
    * libxml2-CVE-2017-9047.patch [bsc#1039064]
    * stack overflow vulnerability (xmlSnprintfElementContent func)
* Tue Mar 07 2017 pmonrealgonzalez@suse.com
  - Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in
    XPointer ranges. Namespace nodes must be copied to avoid
    use-after-free errors. But they don't necessarily have a physical
    representation in a document, so simply disallow them in XPointer
    ranges [bsc#1005544] [CVE-2016-4658]
* Wed Jun 08 2016 kstreitova@suse.com
  - add libxml2-2.9.4-fix_attribute_decoding.patch to fix attribute
    decoding during XML schema validation [bnc#983288]
* Fri May 27 2016 psimons@suse.com
  - Update libxml2 to version libxml2-2.9.4. The new version is
    resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835,
    CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838,
    CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and
    CVE-2016-1762.
  - Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch,
    0001-Add-missing-increments-of-recursion-depth-counter-to.patch,
    and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch.
* Fri May 20 2016 kstreitova@suse.com
  - add libxml2-2.9.3-bogus_UTF-8_encoding_error.patch to fix XML
    push parser that fails with bogus UTF-8 encoding error when
    multi-byte character in large CDATA section is split across
    buffer [bnc#962796]
* Tue May 03 2016 sflees@suse.de
  - Add libxml2-2.9.1-CVE-2016-3627.patch to fix stack exhaustion
    while parsing certain XML files in recovery mode (CVE-2016-3627,
    bnc#972335).
  - Add 0001-Add-missing-increments-of-recursion-depth-counter-to.patch
    to improve protection against Billion Laughs Attack (bnc#975947).
* Tue Nov 24 2015 rpm@fthiessen.de
  - Update to new upstream release 2.9.3 (bsc#954429):
    * Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941,
      CVE-2015-1819, CVE-2015-7497, CVE-2015-7498, CVE-2015-5312,
      CVE-2015-7499, CVE-2015-7500 and CVE-2015-8242
    * And other bugfixes
  - Removed upstream fixed patches:
    * libxml2-dont_initialize_catalog.patch
    * 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
    * 0002-Adding-example-from-bugs-738805-to-regression-tests.patch
* Mon Nov 03 2014 vcizek@suse.com
  - fix a missing entities after CVE-2014-3660 fix
    (https://bugzilla.gnome.org/show_bug.cgi?id=738805)
    * added patches:
      0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
      0002-Adding-example-from-bugs-738805-to-regression-tests.patch
* Mon Nov 03 2014 vcizek@suse.com
  - fix a regression in libxml2 2.9.2
    * https://bugzilla.redhat.com/show_bug.cgi?id=1153753
  - add libxml2-dont_initialize_catalog.patch
* Fri Oct 31 2014 vcizek@suse.com
  - update to 2.9.2
    * drop libxml2-CVE-2014-3660.patch (upstream)
    * add keyring to verify tarball
    Security:
    Fix for CVE-2014-3660 billion laugh variant
    CVE-2014-0191 Do not fetch external parameter entities
    Improvements:
    win32/libxml2.def.src after rebuild in doc
    elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement()
    elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode
    Provide cmake module
    Fix a couple of issues raised by make dist
    Fix and add const qualifiers
    Preparing for upcoming release of 2.9.2
    Fix zlib and lzma libraries check via command line
    wrong error column in structured error when parsing end tag
    doc/news.html: small update to avoid line join while generating NEWS.
    Add methods for python3 iterator
    Support element node traversal in document fragments
    xmlNodeSetName: Allow setting the name to a substring of the currently set name
    Added macros for argument casts
    adding init calls to xml and html Read parsing entry points
    Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c
    Implement choice for name classes on attributes
    Two small namespace tweaks
    xmllint --memory should fail on empty files
    Cast encoding name to char pointer to match arg type
* Fri Oct 17 2014 vcizek@suse.com
  - fix for CVE-2014-3660 (bnc#901546)
    * denial of service via recursive entity expansion
      (related to billion laughs)
    * added libxml2-CVE-2014-3660.patch

Files

/usr/lib64/libxml2.so.2
/usr/lib64/libxml2.so.2.9.9
/usr/share/doc/packages/libxml2
/usr/share/doc/packages/libxml2/AUTHORS
/usr/share/doc/packages/libxml2/Copyright
/usr/share/doc/packages/libxml2/NEWS
/usr/share/doc/packages/libxml2/README
/usr/share/doc/packages/libxml2/TODO
/usr/share/doc/packages/libxml2/TODO_SCHEMAS
/usr/share/licenses/libxml2-2
/usr/share/licenses/libxml2-2/COPYING
/usr/share/licenses/libxml2-2/Copyright


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jun 16 23:45:41 2019