From f3a675da7bd5bf050e143e583cb650b14694bd9f Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Fri, 20 Nov 2015 20:37:13 +0800 Subject: [PATCH] Release libxml2-2.9.3, fixes 10 CVEs --- .gitignore | 1 + libxml2-2.9.2-catalog-revert.patch | 31 ------------------------------ libxml2.spec | 13 +++++++++---- sources | 2 +- 4 files changed, 11 insertions(+), 36 deletions(-) delete mode 100644 libxml2-2.9.2-catalog-revert.patch diff --git a/.gitignore b/.gitignore index 4ed89a0..e378759 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,4 @@ libxml2-2.7.7.tar.gz /libxml2-2.9.0.tar.gz /libxml2-2.9.1.tar.gz /libxml2-2.9.2.tar.gz +/libxml2-2.9.3.tar.gz diff --git a/libxml2-2.9.2-catalog-revert.patch b/libxml2-2.9.2-catalog-revert.patch deleted file mode 100644 index b3de004..0000000 --- a/libxml2-2.9.2-catalog-revert.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 0e6659ec960734b0b01aad196d4bdb4a3800b493 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Thu, 16 Oct 2014 19:10:59 +0200 -Subject: [PATCH] Revert "Missing initialization for the catalog module" - -It's not correct to always load the default catalog. -https://bugzilla.redhat.com/show_bug.cgi?id=1153753 - -This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7. - ---- - parser.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/parser.c b/parser.c -index 1d93967..67c9dfd 100644 ---- a/parser.c -+++ b/parser.c -@@ -14830,9 +14830,6 @@ xmlInitParser(void) { - #ifdef LIBXML_XPATH_ENABLED - xmlXPathInit(); - #endif --#ifdef LIBXML_CATALOG_ENABLED -- xmlInitializeCatalog(); --#endif - xmlParserInitialized = 1; - #ifdef LIBXML_THREAD_ENABLED - } --- -1.9.3 - diff --git a/libxml2.spec b/libxml2.spec index a217bfd..b961135 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -2,8 +2,8 @@ Summary: Library providing XML and HTML support Name: libxml2 -Version: 2.9.2 -Release: 9%{?dist}%{?extra_release} +Version: 2.9.3 +Release: 1%{?dist}%{?extra_release} License: MIT Group: Development/Libraries Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz @@ -18,7 +18,6 @@ BuildRequires: xz-devel URL: http://xmlsoft.org/ Patch0: libxml2-multilib.patch Patch1: libxml2-2.9.0-do-not-check-crc.patch -Patch2: libxml2-2.9.2-catalog-revert.patch %description This library allows to manipulate XML files. It includes support @@ -101,7 +100,6 @@ at parse time or later once the document has been modified. %patch0 -p1 # workaround for #877567 - Very weird bug gzip decompression bug in "recent" libxml2 versions %patch1 -p1 -b .do-not-check-crc -%patch2 -p1 -b .catalog-revert mkdir py3doc cp doc/*.py py3doc @@ -213,6 +211,13 @@ rm -fr %{buildroot} %changelog +* Fri Nov 20 2015 Daniel Veillard - 2.9.2-1 +- upstream release of 2.9.3 +- Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, CVE-2015-1819 + CVE-2015-7497, CVE-2015-7498, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500 + and CVE-2015-8242 +- many other bug fixes + * Fri Nov 06 2015 Robert Kuska - 2.9.2-9 - Rebuilt for Python3.5 rebuild - Python3.5 has new naming convention for byte compiled files diff --git a/sources b/sources index d562ac4..8ad103b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9e6a9aca9d155737868b3dc5fd82f788 libxml2-2.9.2.tar.gz +daece17e045f1c107610e137ab50c179 libxml2-2.9.3.tar.gz