Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libxml2-2-2.10.4-2.1 RPM for i586

From OpenSuSE Ports Tumbleweed for i586

Name: libxml2-2 Distribution: openSUSE Tumbleweed
Version: 2.10.4 Vendor: openSUSE
Release: 2.1 Build date: Wed Apr 26 17:29:23 2023
Group: Unspecified Build host: lamb16
Size: 1808231 Source RPM: libxml2-2.10.4-2.1.src.rpm
Summary: A Library to Manipulate XML Files
The XML C library was initially developed for the GNOME project. It is
now used by many programs to load and save extensible data structures
or manipulate any kind of XML files.

This library implements a number of existing standards related to
markup languages, including the XML standard, name spaces in XML, XML
Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and
XML catalogs. In most cases, libxml tries to implement the
specification in a rather strict way. To some extent, it provides
support for the following specifications, but does not claim to
implement them: DOM, FTP client, HTTP client, and SAX.

The library also supports RelaxNG. Support for W3C XML Schemas is in






* Fri Apr 21 2023 David Anes <>
  - Remove unneeded dependency (bsc#1209918).
* Tue Apr 11 2023 Bjørn Lie <>
  - Update to version 2.10.4:
    + Security:
    - [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
      isn’t deterministic
    - [CVE-2023-28484, bsc#1210411] Fix null deref in
    - schemas: Fix null-pointer-deref in
    + Regressions:
    - SAX2: Ignore namespaces in HTML documents
    - io: Fix “buffer full” error with certain buffer sizes
* Wed Feb 01 2023 Dirk Müller <>
  - remove zlib-devel, pkgconfig(zlib) is sufficient
* Mon Oct 31 2022 David Anes <>
  - Add W3C conformance tests to the testsuite (bsc#1204585):
    * Added file xmlts20080827.tar.gz
* Fri Oct 14 2022 Bjørn Lie <>
  - Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304):
    + Security:
    - [CVE-2022-40304] Fix dict corruption caused by entity
      reference cycles
    - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
    - Fix overflow check in SAX2.c
    + Build system: cmake: Set SOVERSION
  - Rebase patches with quilt.
* Thu Sep 01 2022 Pedro Monreal <>
  - Build for now with --with-legacy to enable APIs that have been
    deprecated recently. (bsc#1202965)
* Tue Aug 30 2022 Bjørn Lie <>
  - Update to version 2.10.2:
    * Improvements:
      + Remove set-but-unused variable in xmlXPathScanName
      + Silence -Warray-bounds warning
    * Build system
      + build: require automake-1.16.3 or later
      + Remove generated files from distribution
    * Test suite: Don't create missing.xml when running testapi
  - Add configure --with-python=%{__python3} inbefore python build,
    as upstream no longer ships pre-grenerated files.
  - Use sed to fix env-script-interpreter in documentation example.
  - Pass with-ftp to configure, build ftp support.
* Thu Aug 25 2022 Bjørn Lie <>
  - Update to version 2.10.1:
    * Regressions: Fix xmlCtxtReadDoc with encoding
    * Bug fixes: Fix HTML parser with threads and --without-legacy
    * Build system:
      + Fix build with Python 3.10
      + cmake: Disable version script on macOS
      + Remove Makefile rule to build testapi.c
    * Documentation:
      + Switch back to HTML output for API documentation
      + Port doc/examples/ to Python 3
      + Fix order of exports in libxml2-api.xml
      + Remove libxml2-refs.xml
* Thu Aug 18 2022 David Anes <>
  - Update to 2.10.0:
    * Security
      + [CVE-2022-2309] Reset nsNr in xmlCtxtReset
      + Reserve byte for NUL terminator and report errors consistently in xmlBuf and
      + Fix missing NUL terminators in xmlBuf and xmlBuffer functions
      + Fix integer overflow in xmlBufferDump()
      + xmlBufAvail() should return length without including a byte for NUL
      + Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc()
      + Use xmlNewDocText in xmlXIncludeCopyRange
      + Fix use-after-free bugs when calling xmlTextReaderClose() before
      xmlFreeTextReader() on post-validating parser
      + Use UPDATE_COMPAT() consistently in buf.c
      + fix: xmlXPathParserContext could be double-delete in  OOM case.
    * Removals and deprecations
      + Disable XPointer location support by default
      + Remove outdated
      + Deprecate module init and cleanup functions
      + Remove obsolete XML Software Autoupdate (XSA) file
      + Remove DOCBparser
      + Remove obsolete Python test framework
      + Remove broken VxWorks support
      + Remove broken Mac OS 9 support
      + Remove broken bakefile support
      + Remove broken Visual Studio 2010 support
      + Remove broken Windows CE support
      + Deprecate IDREF-related functions in valid.h
      + Deprecate legacy functions
      + Disable legacy support by default
      + Deprecate all functions in nanoftp.h
      + Disable FTP support by default
      + Add XML_DEPRECATED macro
      + Remove elfgcchack.h
    * Regressions
      + Skip incorrectly opened HTML comments
      + Restore behavior of htmlDocContentDumpFormatOutput()
    * Bug fixes
      + Fix memory leak with invalid XSD
      + Make XPath depth check work with recursive invocations
      + Fix memory leak in xmlLoadEntityContent error path
      + Avoid double-free if malloc fails in inputPush
      + Properly fold whitespace around the QName value when validating an XSD
      + Add whitespace folding for some atomic data types that it's missing on.
      + Don't add IDs containing unexpanded entity references
    * Improvements
      + Avoid calling xmlSetTreeDoc
      + Simplify xmlFreeNode
      + Don't reset nsDef when changing node content
      + Fix unintended fall-through in xmlNodeAddContentLen
      + Remove unused xmlBuf functions
      + Implement xpath1() XPointer scheme
      + Add configuration flag for XPointer locations support
      + Fix compiler warnings in Python code
      + Mark more static data as `const`
      + Make xmlStaticCopyNode non-recursive
      + Clean up encoding switching code
      + Simplify recursive pthread mutex
      + Use non-recursive mutex in dict.c
      + Fix parser progress checks
      + Avoid arithmetic on freed pointers
      + Improve buffer allocation scheme
      + Remove unneeded #includes
      + Add support for some non-standard escapes in regular expressions.
      + htmlParseComment: handle abruptly-closed comments
      + Add let variable tag support
      + Add value-of tag support
      + Remove useless call to xmlRelaxNGCleanupTypes
      + Don't include ICU headers in public headers
      + Update `xmlStrlen()` to use POSIX / ISO C `strlen()`
      + Fix unused variable warnings with disabled features
      + Only warn on invalid redeclarations of predefined entities
      + Remove unneeded code in xmlreader.c
      + Rework validation context flags
    * Portability
      + Use NAN/INFINITY if available to init XPath NaN/Inf
      + Fix Python tests on macOS
      + Fix xmlCleanupThreads on Windows
      + Fix reinitialization of library on Windows
      + Don't mix declarations and code in runtest.c
      + Use portable python shebangs
      + Use critical sections as mutex on Windows
      + Don't set HAVE_WIN32_THREADS in win32config.h
      + Use stdint.h with newer MSVC
      + Remove cruft from win32config.h
      + Remove isinf/isnan emulation in win32config.h
      + Always fopen files with "rb"
      + Remove __DJGPP__ checks
      + Remove useless __CYGWIN__ checks
    * Build system
      + Don't autogenerate doc/examples/
      + cmake: Install libxml.m4 on UNIX-like platforms
      + cmake: Use symbol versioning on UNIX-like platforms
      + Port to Python 3
      + Port to Python 3
      + cmake: Fix build without thread support
      + cmake: Install documentation in CMAKE_INSTALL_DOCDIR
      + cmake: Remove non needed files in docs dir
      + configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
      + Move local Autoconf macros into m4 directory
      + Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
      + Update
      + Remove LIBS from XML_PRIVATE_LIBS
      + Don't overlink executables
      + cmake: Adjust paths for UNIX or UNIX-like target systems
      + build: Make use of variables in libxml's pkg-config file
      + Avoid obsolescent `test -a` constructs
      + Move AM_MAINTAINER_MODE to AM section
      + make AM_SILENT_RULES([yes]) unconditional
      + Streamline documentation installation
      + Don't try to recreate COPYING symlink
      + Detect libm using libtool's macros
      + disable static libraries by default
      + python/ nest python docs in $(docdir)
      + python/ rely on global AM_INIT_AUTOMAKE
      + install examples more idiomatically
      + remove useless AC_SUBST
      + Respect `--sysconfdir` in source files
      + Ignore configure backup file created by recent autoreconf too
      + Only install *.html and *.c example files
      + Remove --with-html-dir option
      + Rework documentation build system
      + Remove old website
      + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings
      + Update
      + Update
      + Remove ICONV_CONST test
      + Remove obsolete AC_HEADER checks
      + Don't check for standard C89 library functions
      + Don't check for standard C89 headers
      + Remove special configuration for certain maintainers
    * Test suite, CI
      + Disable network in API tests
      + testapi: remove leading slash from "/missing.xml"
      + Build Autotools CI tests out of source tree (VPATH)
      + Add --with-minimum build to CI tests
      + Fix warnings when testing --with-minimum build
      + cmake: Run all tests when threads are disabled
      + Also build CI tests with -Werror
      + Move doc/examples tests to new test suite
      + Simplify 'make check' targets
      + Fix schemas and relaxng tests
      + Remove unused result files
      + Allow missing result files in runtest
      + Move regexp tests to runtest
      + Move SVG tests to runtest.c
      + Move testModule to new test suite
      + Move testThreads to new test suite
      + Remove major parts of old test suite
      + Make testchar return an error on failure
      + Add CI job for static build
      + python/tests: open() relative to test scripts
      + Port some test scripts to Python 3
    * Documentation
      + Improve documentation of tree manipulation API
      + Update xml2-config man page
      + Consolidate man pages
      + Rename xmlcatalog_man.xml
      + Make examples a standalone HTML page
      + Fix documentation in entities.c
      + Add note about optimization flags
* Mon May 02 2022 David Anes <>
  - Update to 2.9.14:
    * Security:
      + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
      + Fix potential double-free in xmlXPtrStringRangeFunction
      + Fix memory leak in xmlFindCharEncodingHandler
      + Normalize XPath strings in-place
      + Prevent integer-overflow in htmlSkipBlankChars() and
      + Fix leak of xmlElementContent
    * Bug fixes:
      + Fix parsing of subtracted regex character classes
      + Fix recursion check in xinclude.c
      + Reset last error in xmlCleanupGlobals
      + Fix certain combinations of regex range quantifiers
      + Fix range quantifier on subregex
    * Improvements:
      + Fix recovery from invalid HTML start tags
    * Build system, portability:
      + Define LFS macros before including system headers
      + Initialize XPath floating-point globals
      + configure: check for icu DEFS
      + produce tar.xz only (GNOME policy)
      + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
      + Fix build with older Python versions
      + Fix --without-valid build
* Fri Mar 18 2022 Dominique Leuenberger <>
  - Build python bindings in a 2nd run, using multibuild: otherwise,
    libxml2 requires pkgconfig(libxml-2.0) to build, causing issues
    to bootstrap.
* Tue Mar 08 2022 Luciano Santos <>
  - Update to version 2.9.13:
    * Security fixes:
      + [CVE-2022-23308] Use-after-free of ID and IDREF attributes
      + Several memory leaks and another issues.
    * Many regressions fixes.
    * Numerous bug fixes, including, among many others:
      + xmllint's --maxmem option should work as expected now;
      + xmllint now returns an error if arguments are missing.
    * Numerous tests and code and fuzzing fixes and improvements.
    * Updated documentation.
  - The full Libxml2 2.9.13 NEWS can be found here:\
  - Replace version-release macros in all 3 Obsoletes tag with
    plain 2.9.13 to avoid unwanted behaviors in the future.
  - Remove dropped upstream AUTHORS file from list of files to be
    installed in the documentation location with 'cp' command.
  - Update URL tag to Libxml2's new web home:
  - Update Source tag to Libxml2's new download
  - Drop deprecated Python-2-related macro definitions/conditional
    statement from spec file.
  - Drop merged upstream patches:
  - Drop libxml2.keyring source file as the new download host doesn't
    offer GPG signatures.
  - Use ldconfig_scriptlets macro for post(un) handling.
* Wed Oct 20 2021 Matej Cepl <>
  - Rewrite package to the single-spec %python_subpackage_only style and
    eliminate unnecessary multibuild.
* Tue Jun 01 2021 Pedro Monreal <>
  - Fix python-lxml regression with libxml2 2.9.12:
    * Work around lxml API abuse:
  - Add upstream patches:
    * libxml2-fix-lxml-corrupted-subtree-structures.patch
    * libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch
* Tue Jun 01 2021 Ferdinand Thiessen <>
  - Update to version 2.9.12
    * Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879),
      CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595,
      CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928)
    * Fix null deref in legacy SAX1 parser
    * Fix handling of unexpected EOF in xmlParseContent
    * Fix user-after-free
    * Validate UTF8 in xmlEncodeEntities
    * Fix memory leak in xmlParseElementMixedContentDecl
    * Fix integer overflow in xmlSchemaGetParticleTotalRangeMin
    * Fix SEGV in xmlSAXParseFileWithData
    * Don't process siblings of root in xmlXIncludeProcess
    * Full changes:
  - Drop upstream fixed
    * libxml2-CVE-2021-3541.patch
    * libxml2-CVE-2021-3537.patch
    * libxml2-CVE-2021-3518.patch
    * libxml2-CVE-2021-3517.patch
    * libxml2-CVE-2021-3516.patch
    * libxml2-CVE-2020-7595.patch
    * libxml2-CVE-2019-20388.patch
    * libxml2-CVE-2020-24977.patch
    * libxml2-CVE-2019-19956.patch
    * libxml2-python39.patch
    * libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
  - Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch
  - Drop since 2.8.0 merged fix-perl.diff
  - Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Wed May 19 2021 Pedro Monreal <>
  - Security fix: [bsc#1186015, CVE-2021-3541]
    * Exponential entity expansion attack bypasses all existing
      protection mechanisms.
  - Add libxml2-CVE-2021-3541.patch
* Mon May 10 2021 Pedro Monreal <>
  - Security fix: [bsc#1185698, CVE-2021-3537]
    * NULL pointer dereference in valid.c:xmlValidBuildAContentModel
    * Add libxml2-CVE-2021-3537.patch
* Wed Apr 28 2021 Pedro Monreal <>
  - Security fix: [bsc#1185408, CVE-2021-3518]
    * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
    * Add libxml2-CVE-2021-3518.patch
* Wed Apr 28 2021 Pedro Monreal <>
  - Security fix: [bsc#1185410, CVE-2021-3517]
    * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
    * Add libxml2-CVE-2021-3517.patch
* Wed Apr 28 2021 Pedro Monreal <>
  - Security fix: [bsc#1185409, CVE-2021-3516]
    * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
    * Add libxml2-CVE-2021-3516.patch
* Tue Feb 23 2021 Teemu Mannermaa <>
  - Fails to build against Python 3.9:
    * Add upstream commit that fixes the issue
  - Add patch libxml2-python39.patch
* Thu Dec 17 2020 Pedro Monreal <>
  - Security fix: [bsc#1161521, CVE-2019-20388]
    * Memory leak in xmlSchemaPreRun in xmlschemas.c
  - Add libxml2-CVE-2019-20388.patch
* Wed Nov 25 2020 Pedro Monreal <>
  - Avoid quadratic checking of identity-constraints: [bsc#1178823]
    * key/unique/keyref schema attributes currently use qudratic loops
      to check their various constraints (that keys are unique and that
      keyrefs refer to existing keys).
    * This fix uses a hash table to avoid the quadratic behaviour.
  - Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
* Fri Oct 23 2020 Benjamin Greiner <>
  - Make python subpackage ready for multiple python3 flavors
* Mon Sep 07 2020 Pedro Monreal <>
  - Security fix: [bsc#1176179, CVE-2020-24977]
    * xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal
  - Add patch libxml2-CVE-2020-24977.patch
* Wed May 27 2020 Pedro Monreal Gonzalez <>
  - Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021]
  - Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549
    * Add patch libxml2-CVE-2019-19956.patch
* Mon Mar 16 2020 Pedro Monreal Gonzalez <>
  - Security fix: [bsc#1161517, CVE-2020-7595]
    * xmlStringLenDecodeEntities in parser.c has an infinite loop in
      a certain end-of-file situation
  - Add libxml2-CVE-2020-7595.patch
* Mon Mar 16 2020 Tomáš Chvátal <>
  - Do not pull in the non-python deps on the python build
* Sat Mar 14 2020 Tomáš Chvátal <>
  - Revert the previous change and use multibuild to determine
    supported flavors.
    We need to be able to enable/disable pythons in prjconf and
    multibuild directly clashes with that.



Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Sep 3 23:22:50 2023