From 65567fea549416484d22ced56e305c1c3299fc69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0abata?= Date: Thu, 15 Oct 2020 18:10:15 +0200 Subject: [PATCH] RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/libxml2#80f8374a0fb119668afc63e16d1de3a636f05b40 --- .gitignore | 41 ++ ...relaxed-approach-to-nested-documents.patch | 33 ++ libxml2-2.9.10-CVE-2019-20388.patch | 33 ++ libxml2-2.9.10-CVE-2020-24977.patch | 41 ++ libxml2-2.9.10-CVE-2020-7595.patch | 32 ++ libxml2-2.9.10-parenthesize-type-checks.patch | 92 ++++ libxml2-2.9.8-python3-unicode-errors.patch | 34 ++ libxml2-multilib.patch | 24 + libxml2.spec | 509 ++++++++++++++++++ sources | 1 + 10 files changed, 840 insertions(+) create mode 100644 fix-relaxed-approach-to-nested-documents.patch create mode 100644 libxml2-2.9.10-CVE-2019-20388.patch create mode 100644 libxml2-2.9.10-CVE-2020-24977.patch create mode 100644 libxml2-2.9.10-CVE-2020-7595.patch create mode 100644 libxml2-2.9.10-parenthesize-type-checks.patch create mode 100644 libxml2-2.9.8-python3-unicode-errors.patch create mode 100644 libxml2-multilib.patch create mode 100644 libxml2.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..c500f1d 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,41 @@ +libxml2-2.6.13.tar.gz +libxml2-2.6.14.tar.gz +libxml2-2.6.15.tar.gz +libxml2-2.6.16.tar.gz +libxml2-2.6.17.tar.gz +libxml2-2.6.18.tar.gz +libxml2-2.6.19.tar.gz +libxml2-2.6.20.tar.gz +libxml2-2.6.21.tar.gz +libxml2-2.6.22.tar.gz +libxml2-2.6.23.tar.gz +libxml2-2.6.24.tar.gz +libxml2-2.6.25.tar.gz +libxml2-2.6.26.tar.gz +libxml2-2.6.27.tar.gz +libxml2-2.6.28.tar.gz +libxml2-2.6.29.tar.gz +libxml2-2.6.30.tar.gz +libxml2-2.6.31.tar.gz +libxml2-2.6.32.tar.gz +libxml2-2.7.0.tar.gz +libxml2-2.7.1.tar.gz +libxml2-2.7.2.tar.gz +libxml2-2.7.3.tar.gz +libxml2-2.7.4.tar.gz +libxml2-2.7.5.tar.gz +libxml2-2.7.6.tar.gz +libxml2-2.7.7.tar.gz +/libxml2-2.7.8.tar.gz +/libxml2-2.8.0.tar.gz +/libxml2-2.9.0-rc1.tar.gz +/libxml2-2.9.0.tar.gz +/libxml2-2.9.1.tar.gz +/libxml2-2.9.2.tar.gz +/libxml2-2.9.3.tar.gz +/libxml2-2.9.4.tar.gz +/libxml2-2.9.5.tar.gz +/libxml2-2.9.7.tar.gz +/libxml2-2.9.8.tar.gz +/libxml2-2.9.9.tar.gz +/libxml2-2.9.10.tar.gz diff --git a/fix-relaxed-approach-to-nested-documents.patch b/fix-relaxed-approach-to-nested-documents.patch new file mode 100644 index 0000000..0a63636 --- /dev/null +++ b/fix-relaxed-approach-to-nested-documents.patch @@ -0,0 +1,33 @@ +From 0815302dee2b78139832c2080348086a0564836b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Fri, 6 Dec 2019 12:27:29 +0100 +Subject: [PATCH] Fix freeing of nested documents + +Apparently, some libxslt RVTs can contain nested document nodes, see +issue #132. I'm not sure how this happens exactly but it can cause a +segfault in xmlFreeNodeList after the changes in commit 0762c9b6. + +Make sure not to touch the (nonexistent) `content` member of xmlDocs. +--- + tree.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/tree.c b/tree.c +index 070670f1..0d7fc98c 100644 +--- a/tree.c ++++ b/tree.c +@@ -3708,6 +3708,11 @@ xmlFreeNodeList(xmlNodePtr cur) { + (cur->type != XML_XINCLUDE_START) && + (cur->type != XML_XINCLUDE_END) && + (cur->type != XML_ENTITY_REF_NODE) && ++ (cur->type != XML_DOCUMENT_NODE) && ++#ifdef LIBXML_DOCB_ENABLED ++ (cur->type != XML_DOCB_DOCUMENT_NODE) && ++#endif ++ (cur->type != XML_HTML_DOCUMENT_NODE) && + (cur->content != (xmlChar *) &(cur->properties))) { + DICT_FREE(cur->content) + } +-- +2.22.0 + diff --git a/libxml2-2.9.10-CVE-2019-20388.patch b/libxml2-2.9.10-CVE-2019-20388.patch new file mode 100644 index 0000000..3763354 --- /dev/null +++ b/libxml2-2.9.10-CVE-2019-20388.patch @@ -0,0 +1,33 @@ +From 6088a74bcf7d0c42e24cff4594d804e1d3c9fbca Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie +Date: Tue, 20 Aug 2019 16:33:06 +0800 +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream + +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize +vctxt->xsiAssemble to 0 again which cause the alloced schema +can not be freed anymore. + +Found with libFuzzer. + +Signed-off-by: Zhipeng Xie +--- + xmlschemas.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/xmlschemas.c b/xmlschemas.c +index 301c8449..39d92182 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { + vctxt->nberrors = 0; + vctxt->depth = -1; + vctxt->skipDepth = -1; +- vctxt->xsiAssemble = 0; + vctxt->hasKeyrefs = 0; + #ifdef ENABLE_IDC_NODE_TABLES_TEST + vctxt->createIDCNodeTables = 1; +-- +2.24.1 + diff --git a/libxml2-2.9.10-CVE-2020-24977.patch b/libxml2-2.9.10-CVE-2020-24977.patch new file mode 100644 index 0000000..b5a7bec --- /dev/null +++ b/libxml2-2.9.10-CVE-2020-24977.patch @@ -0,0 +1,41 @@ +From 8e7c20a1af8776677d7890f30b7a180567701a49 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Mon, 3 Aug 2020 17:30:41 +0200 +Subject: [PATCH] Fix integer overflow when comparing schema dates + +Found by OSS-Fuzz. +--- + xmlschemastypes.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/xmlschemastypes.c b/xmlschemastypes.c +index 4249d700..d6b9f924 100644 +--- a/xmlschemastypes.c ++++ b/xmlschemastypes.c +@@ -3691,6 +3691,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y) + minday = 0; + maxday = 0; + } else { ++ if (myear > LONG_MAX / 366) ++ return -2; + /* FIXME: This doesn't take leap year exceptions every 100/400 years + into account. */ + maxday = 365 * myear + (myear + 3) / 4; +@@ -4079,6 +4081,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y) + if ((x == NULL) || (y == NULL)) + return -2; + ++ if ((x->value.date.year > LONG_MAX / 366) || ++ (x->value.date.year < LONG_MIN / 366) || ++ (y->value.date.year > LONG_MAX / 366) || ++ (y->value.date.year < LONG_MIN / 366)) { ++ /* Possible overflow when converting to days. */ ++ return -2; ++ } ++ + if (x->value.date.tz_flag) { + + if (!y->value.date.tz_flag) { +-- +2.28.0.rc2 + diff --git a/libxml2-2.9.10-CVE-2020-7595.patch b/libxml2-2.9.10-CVE-2020-7595.patch new file mode 100644 index 0000000..3dd6774 --- /dev/null +++ b/libxml2-2.9.10-CVE-2020-7595.patch @@ -0,0 +1,32 @@ +From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie +Date: Thu, 12 Dec 2019 17:30:55 +0800 +Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities + +When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef +return NULL which cause a infinite loop in xmlStringLenDecodeEntities + +Found with libFuzzer. + +Signed-off-by: Zhipeng Xie +--- + parser.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index d1c31963..a34bb6cd 100644 +--- a/parser.c ++++ b/parser.c +@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + else + c = 0; + while ((c != 0) && (c != end) && /* non input consuming loop */ +- (c != end2) && (c != end3)) { ++ (c != end2) && (c != end3) && ++ (ctxt->instate != XML_PARSER_EOF)) { + + if (c == 0) break; + if ((c == '&') && (str[1] == '#')) { +-- +2.24.1 + diff --git a/libxml2-2.9.10-parenthesize-type-checks.patch b/libxml2-2.9.10-parenthesize-type-checks.patch new file mode 100644 index 0000000..14f5332 --- /dev/null +++ b/libxml2-2.9.10-parenthesize-type-checks.patch @@ -0,0 +1,92 @@ +From edc7b6abb0c125eeb888748c334897f60aab0854 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Fri, 28 Feb 2020 12:48:14 +0100 +Subject: [PATCH] Parenthesize Py_Check() in ifs + +In C, if expressions should be parenthesized. +PyLong_Check, PyUnicode_Check etc. happened to expand to a parenthesized +expression before, but that's not API to rely on. + +Since Python 3.9.0a4 it needs to be parenthesized explicitly. + +Fixes https://gitlab.gnome.org/GNOME/libxml2/issues/149 +--- + python/libxml.c | 4 ++-- + python/types.c | 12 ++++++------ + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/python/libxml.c b/python/libxml.c +index bc676c4e..81e709f3 100644 +--- a/python/libxml.c ++++ b/python/libxml.c +@@ -294,7 +294,7 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) { + lenread = PyBytes_Size(ret); + data = PyBytes_AsString(ret); + #ifdef PyUnicode_Check +- } else if PyUnicode_Check (ret) { ++ } else if (PyUnicode_Check (ret)) { + #if PY_VERSION_HEX >= 0x03030000 + Py_ssize_t size; + const char *tmp; +@@ -359,7 +359,7 @@ xmlPythonFileRead (void * context, char * buffer, int len) { + lenread = PyBytes_Size(ret); + data = PyBytes_AsString(ret); + #ifdef PyUnicode_Check +- } else if PyUnicode_Check (ret) { ++ } else if (PyUnicode_Check (ret)) { + #if PY_VERSION_HEX >= 0x03030000 + Py_ssize_t size; + const char *tmp; +diff --git a/python/types.c b/python/types.c +index c2bafeb1..ed284ec7 100644 +--- a/python/types.c ++++ b/python/types.c +@@ -602,16 +602,16 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj) + if (obj == NULL) { + return (NULL); + } +- if PyFloat_Check (obj) { ++ if (PyFloat_Check (obj)) { + ret = xmlXPathNewFloat((double) PyFloat_AS_DOUBLE(obj)); +- } else if PyLong_Check(obj) { ++ } else if (PyLong_Check(obj)) { + #ifdef PyLong_AS_LONG + ret = xmlXPathNewFloat((double) PyLong_AS_LONG(obj)); + #else + ret = xmlXPathNewFloat((double) PyInt_AS_LONG(obj)); + #endif + #ifdef PyBool_Check +- } else if PyBool_Check (obj) { ++ } else if (PyBool_Check (obj)) { + + if (obj == Py_True) { + ret = xmlXPathNewBoolean(1); +@@ -620,14 +620,14 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj) + ret = xmlXPathNewBoolean(0); + } + #endif +- } else if PyBytes_Check (obj) { ++ } else if (PyBytes_Check (obj)) { + xmlChar *str; + + str = xmlStrndup((const xmlChar *) PyBytes_AS_STRING(obj), + PyBytes_GET_SIZE(obj)); + ret = xmlXPathWrapString(str); + #ifdef PyUnicode_Check +- } else if PyUnicode_Check (obj) { ++ } else if (PyUnicode_Check (obj)) { + #if PY_VERSION_HEX >= 0x03030000 + xmlChar *str; + const char *tmp; +@@ -650,7 +650,7 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj) + ret = xmlXPathWrapString(str); + #endif + #endif +- } else if PyList_Check (obj) { ++ } else if (PyList_Check (obj)) { + int i; + PyObject *node; + xmlNodePtr cur; +-- +2.24.1 + diff --git a/libxml2-2.9.8-python3-unicode-errors.patch b/libxml2-2.9.8-python3-unicode-errors.patch new file mode 100644 index 0000000..e87dcde --- /dev/null +++ b/libxml2-2.9.8-python3-unicode-errors.patch @@ -0,0 +1,34 @@ +Index: libxml2-2.9.5/python/libxml.c +=================================================================== +--- libxml2-2.9.5.orig/python/libxml.c ++++ libxml2-2.9.5/python/libxml.c +@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU + PyObject *message; + PyObject *result; + char str[1000]; ++ unsigned char *ptr = (unsigned char *)str; + + #ifdef DEBUG_ERROR + printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); +@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU + str[999] = 0; + va_end(ap); + ++#if PY_MAJOR_VERSION >= 3 ++ /* Ensure the error string doesn't start at UTF8 continuation. */ ++ while (*ptr && (*ptr & 0xc0) == 0x80) ++ ptr++; ++#endif ++ + list = PyTuple_New(2); + PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); + Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); +- message = libxml_charPtrConstWrap(str); ++ message = libxml_charPtrConstWrap(ptr); + PyTuple_SetItem(list, 1, message); + result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); ++ /* Forget any errors caused in the error handler. */ ++ PyErr_Clear(); + Py_XDECREF(list); + Py_XDECREF(result); + } diff --git a/libxml2-multilib.patch b/libxml2-multilib.patch new file mode 100644 index 0000000..138d38f --- /dev/null +++ b/libxml2-multilib.patch @@ -0,0 +1,24 @@ +*** XML/xml2-config.in.orig 2006-06-06 16:35:56.000000000 +0200 +--- XML/xml2-config.in 2006-06-06 16:36:24.000000000 +0200 +*************** +*** 3,9 **** + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +! libdir=@libdir@ + + usage() + { +--- 3,14 ---- + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +! if [ "`ldd /bin/sh | grep lib64`" = "" ] +! then +! libdir=${exec_prefix}/lib +! else +! libdir=${exec_prefix}/lib64 +! fi + + usage() + { diff --git a/libxml2.spec b/libxml2.spec new file mode 100644 index 0000000..d893cf5 --- /dev/null +++ b/libxml2.spec @@ -0,0 +1,509 @@ +Name: libxml2 +Version: 2.9.10 +Release: 7%{?dist} +Summary: Library providing XML and HTML support + +License: MIT +URL: http://xmlsoft.org/ +Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz +Patch0: libxml2-multilib.patch +# Patch from openSUSE. +# See: https://bugzilla.gnome.org/show_bug.cgi?id=789714 +Patch1: libxml2-2.9.8-python3-unicode-errors.patch +Patch2: https://gitlab.gnome.org/GNOME/libxml2/commit/0815302dee2b78139832c2080348086a0564836b.patch#/fix-relaxed-approach-to-nested-documents.patch +# https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 +Patch3: libxml2-2.9.10-CVE-2019-20388.patch +# https://gitlab.gnome.org/GNOME/libxml2/merge_requests/63 +Patch4: libxml2-2.9.10-CVE-2020-7595.patch +# https://gitlab.gnome.org/GNOME/libxml2/merge_requests/71 +Patch5: libxml2-2.9.10-parenthesize-type-checks.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1877788 +Patch6: libxml2-2.9.10-CVE-2020-24977.patch + +BuildRequires: gcc +BuildRequires: make +BuildRequires: cmake-rpm-macros +BuildRequires: pkgconfig(zlib) +BuildRequires: pkgconfig(liblzma) + +%description +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DtDs, either +at parse time or later once the document has been modified. The output +can be a simple SAX stream or and in-memory DOM like representations. +In this case one can use the built-in XPath and XPointer implementation +to select sub nodes or ranges. A flexible Input/Output mechanism is +available, with existing HTTP and FTP modules and combined to an +URI library. + +%package devel +Summary: Libraries, includes, etc. to develop XML and HTML applications +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: zlib-devel%{?_isa} +Requires: xz-devel%{?_isa} + +%description devel +Libraries, include files, etc you can use to develop XML applications. +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DtDs, either +at parse time or later once the document has been modified. The output +can be a simple SAX stream or and in-memory DOM like representations. +In this case one can use the built-in XPath and XPointer implementation +to select sub nodes or ranges. A flexible Input/Output mechanism is +available, with existing HTTP and FTP modules and combined to an +URI library. + +%package static +Summary: Static library for libxml2 + +%description static +Static library for libxml2 provided for specific uses or shaving a few +microseconds when parsing, do not link to them for generic purpose packages. + +%package -n python3-%{name} +Summary: Python 3 bindings for the libxml2 library +BuildRequires: python3-devel +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-python3 < %{version}-%{release} +Provides: %{name}-python3 = %{version}-%{release} + +%description -n python3-%{name} +The libxml2-python3 package contains a Python 3 module that permits +applications written in the Python programming language, version 3, to use the +interface supplied by the libxml2 library to manipulate XML files. + +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DTDs, either +at parse time or later once the document has been modified. + +%prep +%autosetup -p1 +find doc -type f -executable -print -exec chmod 0644 {} ';' + +%build +mkdir py3 +%global _configure ../configure +%global _configure_disable_silent_rules 1 +( cd py3 && %configure --cache-file=../config.cache --with-python=%{__python3} ) +%make_build -C py3 + +%install +%make_install -C py3 + +# multiarch crazyness on timestamp differences or Makefile/binaries for examples +touch -m --reference=%{buildroot}%{_includedir}/libxml2/libxml/parser.h %{buildroot}%{_bindir}/xml2-config + +find %{buildroot} -type f -name '*.la' -print -delete +rm -vf %{buildroot}{%{python2_sitearch},%{python3_sitearch}}/*.a +rm -vrf %{buildroot}%{_datadir}/doc/ +#(cd doc/examples ; make clean ; rm -rf .deps Makefile) +gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz + +%check +%make_build runtests -C py3 + +%ldconfig_scriptlets + +%files +%license Copyright +%doc AUTHORS NEWS README TODO +%{_libdir}/libxml2.so.2* +%{_mandir}/man3/libxml.3* +%{_bindir}/xmllint +%{_mandir}/man1/xmllint.1* +%{_bindir}/xmlcatalog +%{_mandir}/man1/xmlcatalog.1* + +%files devel +%doc doc/*.html doc/html doc/*.gif doc/*.png +%doc doc/tutorial doc/libxml2-api.xml.gz +%doc doc/examples +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%{_datadir}/gtk-doc/html/libxml2/ +%{_libdir}/libxml2.so +%{_libdir}/xml2Conf.sh +%{_includedir}/libxml2/ +%{_bindir}/xml2-config +%{_mandir}/man1/xml2-config.1* +%{_datadir}/aclocal/libxml.m4 +%{_libdir}/pkgconfig/libxml-2.0.pc +%{_libdir}/cmake/libxml2/ + +%files static +%license Copyright +%{_libdir}/libxml2.a + +%files -n python3-%{name} +%doc python/TODO python/libxml2class.txt +%doc doc/*.py doc/python.html +%{python3_sitearch}/libxml2.py +%{python3_sitearch}/__pycache__/libxml2.* +%{python3_sitearch}/drv_libxml2.py +%{python3_sitearch}/__pycache__/drv_libxml2.* +%{python3_sitearch}/libxml2mod.so + +%changelog +* Fri Sep 11 2020 Richard W.M. Jones - 2.9.10-7 +- Add fix for CVE-2020-24977 (RHBZ#1877788). + +* Tue Jul 28 2020 Fedora Release Engineering - 2.9.10-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sat May 23 2020 Miro Hrončok - 2.9.10-5 +- Rebuilt for Python 3.9 + +* Mon Feb 10 2020 David King - 2.9.10-4 +- Fix CVE-2019-20388 (#1799736) +- Fix CVE-2020-7595 (#1799786) + +* Wed Jan 29 2020 Fedora Release Engineering - 2.9.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jan 03 2020 Jan Pokorny - 2.9.10-2 +- Fix relaxed approach to nested documents on object disposal (#1780573) + +* Fri Nov 01 2019 David King - 2.9.10-1 +- Update to 2.9.10 (#1767151) + +* Thu Oct 31 2019 Miro Hrončok - 2.9.9-7 +- Subpackage python2-libxml2 has been removed + See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal + +* Thu Oct 03 2019 Miro Hrončok - 2.9.9-6 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Fri Aug 23 2019 Florian Weimer - 2.9.9-5 +- Rebuild to fix corrupted libxml2-static package on aarch64 (#1745020) + +* Fri Aug 16 2019 Miro Hrončok - 2.9.9-4 +- Rebuilt for Python 3.8 + +* Thu Jul 25 2019 Fedora Release Engineering - 2.9.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 2.9.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jan 25 2019 David King - 2.9.9-1 +- Update to 2.9.9 + +* Sun Jan 06 2019 Björn Esser - 2.9.8-5 +- Add patch to fix crash: xmlParserPrintFileContextInternal mangles utf8 + +* Thu Aug 02 2018 Igor Gnatenko - 2.9.8-4 +- Backport patches from upstream + +* Fri Jul 13 2018 Fedora Release Engineering - 2.9.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 2.9.8-2 +- Rebuilt for Python 3.7 + +* Tue Apr 03 2018 Igor Gnatenko - 2.9.8-1 +- Update to 2.9.8 + +* Sat Feb 24 2018 Florian Weimer - 2.9.7-4 +- Rebuild with new LDFLAGS from redhat-rpm-config + +* Wed Feb 07 2018 Fedora Release Engineering - 2.9.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 30 2018 Igor Gnatenko - 2.9.7-2 +- Switch to %%ldconfig_scriptlets + +* Wed Jan 24 2018 Igor Gnatenko - 2.9.7-1 +- Update to 2.9.7 +- Cleanups in packaging + +* Tue Jan 09 2018 Iryna Shcherbina - 2.9.5-3 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Sep 22 2017 Petr Pisar - 2.9.5-2 +- Fix reporting error about undefined XPath variables (bug #1493613) + +* Mon Sep 4 2017 Daniel Veillard - 2.9.5-1 +- update to 2.9.5 + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 2.9.4-5 +- Python 2 binary package renamed to python2-libxml2 + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + +* Thu Aug 03 2017 Fedora Release Engineering - 2.9.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.9.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 2.9.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Dec 21 2016 Kevin Fenzi - 2.9.4-1 +- Update to 2.9.4. +- Apply very hacky patch that removes the no longer in python-3.6 PyVerify_fd symbol. + +* Mon Dec 12 2016 Charalampos Stratakis - 2.9.3-5 +- Rebuild for Python 3.6 + +* Tue Jul 19 2016 Fedora Release Engineering - 2.9.3-4 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Thu Feb 04 2016 Fedora Release Engineering - 2.9.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Dec 02 2015 Kalev Lember - 2.9.3-2 +- Fix obsoletes versions now that F22 has libxml2 2.9.3 (#1287262) + +* Fri Nov 20 2015 Daniel Veillard - 2.9.2-1 +- upstream release of 2.9.3 +- Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, CVE-2015-1819 + CVE-2015-7497, CVE-2015-7498, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500 + and CVE-2015-8242 +- many other bug fixes + +* Fri Nov 06 2015 Robert Kuska - 2.9.2-9 +- Rebuilt for Python3.5 rebuild +- Python3.5 has new naming convention for byte compiled files + +* Tue Nov 3 2015 Toshio Kuratomi - 2.9.2-8 +- Remove executable permissions from documentation. Complies with packaging + guidelines and solves issue of libxml2-python3 package depending on python2 + +* Thu Aug 27 2015 Miro Hrončok - 2.9.2-7 +- Remove dependency on python2 from python3 subpackage, rhbz#1250940 + +* Sat Aug 22 2015 Kalev Lember - 2.9.2-6 +- Rename the Python 3 subpackage to python3-libxml2 as per guidelines + +* Wed Jun 17 2015 Fedora Release Engineering - 2.9.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Feb 21 2015 Till Maas - 2.9.2-4 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Wed Jan 21 2015 Tomas Radej - 2.9.2-3 +- Added Python 3 subpackage + +* Thu Oct 16 2014 Lubomir Rintel - 2.9.2-2 +- Avoid corrupting the xml catalogs + +* Thu Oct 16 2014 Daniel Veillard - 2.9.2-1 +- upstream release of 2.9.2 +- Fix for CVE-214-3660 billion laugh DOS +- many other bug fixes + +* Sun Aug 17 2014 Fedora Release Engineering - 2.9.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jul 18 2014 Tom Callaway - 2.9.1-4 +- fix license handling + +* Sat Jun 07 2014 Fedora Release Engineering - 2.9.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 2.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri Apr 19 2013 Daniel Veillard - 2.9.1-1 +- upstream release of 2.9.1 +- a couple more API entry point +- compatibility with python3 +- a lot of bug fixes + +* Mon Feb 11 2013 Daniel Veillard - 2.9.0-4 +- fix --nocheck build which I broke in october rhbz#909767 + +* Mon Nov 19 2012 Jaroslav Reznik - 2.9.0-3 +- workaround for crc/len check failure, rhbz#877567 + +* Thu Oct 11 2012 Daniel Veillard - 2.9.0-2 +- remaining cleanups from merge bug rhbz#226079 +- do not put the docs in the main package, only in -devel rhbz#864731 + +* Tue Sep 11 2012 Daniel Veillard - 2.9.0-1 +- upstream release of 2.9.0 +- A few new API entry points +- More resilient push parser mode +- A lot of portability improvement +- Faster XPath evaluation +- a lot of bug fixes and smaller improvement + +* Fri Aug 10 2012 Daniel Veillard - 2.9.0-0rc1 +- upstream release candidate 1 of 2.9.0 +- introduce a small API change, but ABI compatible, see + https://mail.gnome.org/archives/xml/2012-August/msg00005.html + patches for php, gcc/libjava and evolution-data-connector are upstream + Grab me in cases of problems veillard@redhat.com +- many bug fixes including security aspects and small improvements + +* Thu Jul 19 2012 Fedora Release Engineering - 2.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed May 23 2012 Daniel Veillard - 2.8.0-1 +- upstream release of 2.8.0 +- add lzma compression support +- many bug fixes and small improvements + +* Fri Jan 13 2012 Fedora Release Engineering - 2.7.8-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Mar 4 2011 Daniel Veillard - 2.7.8-6 +- fix a double free in XPath CVE-2010-4494 bug 665965 + +* Tue Feb 08 2011 Fedora Release Engineering - 2.7.8-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Nov 5 2010 Daniel Veillard - 2.7.8-4 +- reactivate shared libs versionning script + +* Thu Nov 4 2010 Daniel Veillard - 2.7.8-1 +- Upstream release of 2.7.8 +- various bug fixes, including potential crashes +- new non-destructive formatting option +- date parsing updated to RFC 5646 + +* Wed Jul 21 2010 David Malcolm - 2.7.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Mon Mar 15 2010 Daniel Veillard - 2.7.7-1 +- Upstream release of 2.7.7 +- fix serious trouble with zlib >= 1.2.4 +- xmllint new option --xpath +- various HTML parser improvements +- includes a number of nug fixes + +* Tue Oct 6 2009 Daniel Veillard - 2.7.6-1 +- Upstream release of 2.7.6 +- restore thread support off by default in 2.7.5 + +* Thu Sep 24 2009 Daniel Veillard - 2.7.5-1 +- Upstream release of 2.7.5 +- fix a couple of Relax-NG validation problems +- couple more fixes + +* Tue Sep 15 2009 Daniel Veillard - 2.7.4-2 +- fix a problem with little data at startup affecting inkscape #523002 + +* Thu Sep 10 2009 Daniel Veillard - 2.7.4-1 +- upstream release 2.7.4 +- symbol versioning of libxml2 shared libs +- very large number of bug fixes + +* Mon Aug 10 2009 Daniel Veillard - 2.7.3-4 +- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416 + +* Sat Jul 25 2009 Fedora Release Engineering - 2.7.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 2.7.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sun Jan 18 2009 Daniel Veillard - 2.7.3-1 +- new release 2.7.3 +- limit default max size of text nodes +- special parser mode for PHP +- bug fixes and more compiler checks + +* Wed Dec 3 2008 Ignacio Vazquez-Abrams - 2.7.2-7 +- Pull back into Python 2.6 + +* Wed Dec 3 2008 Caolán McNamara - 2.7.2-6 +- AutoProvides requires BuildRequires pkgconfig + +* Wed Dec 3 2008 Caolán McNamara - 2.7.2-5 +- rebuild to get provides(libxml-2.0) into HEAD rawhide + +* Mon Dec 1 2008 Ignacio Vazquez-Abrams - 2.7.2-4 +- Rebuild for pkgconfig logic + +* Fri Nov 28 2008 Ignacio Vazquez-Abrams - 2.7.2-3 +- Rebuild for Python 2.6 + +* Wed Nov 12 2008 Daniel Veillard - 2.7.2-2.fc11 +- two patches for size overflows problems CVE-2008-4225 and CVE-2008-4226 + +* Fri Oct 3 2008 Daniel Veillard 2.7.2-1.fc10 +- new release 2.7.2 +- Fixes the known problems in 2.7.1 +- increase the set of options when saving documents + +* Thu Oct 2 2008 Daniel Veillard 2.7.1-2.fc10 +- fix a nasty bug in 2.7.x, http://bugzilla.gnome.org/show_bug.cgi?id=554660 + +* Mon Sep 1 2008 Daniel Veillard 2.7.1-1.fc10 +- fix python serialization which was broken in 2.7.0 +- Resolve: rhbz#460774 + +* Sat Aug 30 2008 Daniel Veillard 2.7.0-1.fc10 +- upstream release of 2.7.0 +- switch to XML 1.0 5th edition +- switch to RFC 3986 for URI parsing +- better entity handling +- option to remove hardcoded limitations in the parser +- more testing +- a new API to allocate entity nodes +- and lot of fixes and clanups + +* Mon Aug 25 2008 Daniel Veillard 2.6.32-4.fc10 +- fix for entities recursion problem +- Resolve: rhbz#459714 + +* Fri May 30 2008 Daniel Veillard 2.6.32-3.fc10 +- cleanup based on Fedora packaging guidelines, should fix #226079 +- separate a -static package + +* Thu May 15 2008 Daniel Veillard 2.6.32-2.fc10 +- try to fix multiarch problems like #440206 + +* Tue Apr 8 2008 Daniel Veillard 2.6.32-1.fc9 +- upstream release 2.6.32 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Wed Feb 20 2008 Fedora Release Engineering - 2.6.31-2 +- Autorebuild for GCC 4.3 + +* Fri Jan 11 2008 Daniel Veillard 2.6.31-1.fc9 +- upstream release 2.6.31 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Thu Aug 23 2007 Daniel Veillard 2.6.30-1 +- upstream release 2.6.30 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Tue Jun 12 2007 Daniel Veillard 2.6.29-1 +- upstream release 2.6.29 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Wed May 16 2007 Matthias Clasen 2.6.28-2 +- Bump revision to fix N-V-R problem + +* Tue Apr 17 2007 Daniel Veillard 2.6.28-1 +- upstream release 2.6.28 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Thu Dec 7 2006 Jeremy Katz - 2.6.27-2 +- rebuild against python 2.5 + +* Wed Oct 25 2006 Daniel Veillard 2.6.27-1 +- upstream release 2.6.27 see http://xmlsoft.org/news.html +- very large amount of bug fixes reported upstream + +* Wed Jul 12 2006 Jesse Keating - 2.6.26-2.1.1 +- rebuild + +* Wed Jul 12 2006 Jesse Keating - 2.6.26-2.1 +- rebuild + +* Wed Jun 7 2006 Daniel Veillard 2.6.26-2 +- fix bug #192873 +* Tue Jun 6 2006 Daniel Veillard 2.6.26-1 +- upstream release 2.6.26 see http://xmlsoft.org/news.html + +* Tue Jun 6 2006 Daniel Veillard +- upstream release 2.6.25 broken, do not ship ! + diff --git a/sources b/sources new file mode 100644 index 0000000..9aa6848 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (libxml2-2.9.10.tar.gz) = 0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed