From 8bf87048c6455eba2ec6078d94a3270d7bed105e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 04 2021 02:41:15 +0000 Subject: import libxml2-2.9.12-4.el9 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..accefa8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/gpgkey-DB46681BB91ADCEA170FA2D415588B26596BEA5D.gpg +SOURCES/libxml2-2.9.12.tar.gz diff --git a/.libxml2.metadata b/.libxml2.metadata new file mode 100644 index 0000000..51d335a --- /dev/null +++ b/.libxml2.metadata @@ -0,0 +1,2 @@ +c8dafee380d47ecc0387a231e603fa9e5541ed88 SOURCES/gpgkey-DB46681BB91ADCEA170FA2D415588B26596BEA5D.gpg +339fe5bb2a7d0c13f068c26d8f7cd194c13f9a2a SOURCES/libxml2-2.9.12.tar.gz diff --git a/SOURCES/libxml2-2.9.12-fix-formatting-regression.patch b/SOURCES/libxml2-2.9.12-fix-formatting-regression.patch new file mode 100644 index 0000000..ffbc850 --- /dev/null +++ b/SOURCES/libxml2-2.9.12-fix-formatting-regression.patch @@ -0,0 +1,46 @@ +From 13ad8736d294536da4cbcd70a96b0a2fbf47070c Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 25 May 2021 10:55:25 +0200 +Subject: [PATCH] Fix regression in xmlNodeDumpOutputInternal + +Commit 85b1792e could cause additional whitespace if xmlNodeDump was +called with a non-zero starting level. +--- + xmlsave.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/xmlsave.c b/xmlsave.c +index aedbd5e7..489505f4 100644 +--- a/xmlsave.c ++++ b/xmlsave.c +@@ -890,6 +890,13 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { + break; + + case XML_ELEMENT_NODE: ++ if ((cur != root) && (ctxt->format == 1) && ++ (xmlIndentTreeOutput)) ++ xmlOutputBufferWrite(buf, ctxt->indent_size * ++ (ctxt->level > ctxt->indent_nr ? ++ ctxt->indent_nr : ctxt->level), ++ ctxt->indent); ++ + /* + * Some users like lxml are known to pass nodes with a corrupted + * tree structure. Fall back to a recursive call to handle this +@@ -900,13 +907,6 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { + break; + } + +- if ((ctxt->level > 0) && (ctxt->format == 1) && +- (xmlIndentTreeOutput)) +- xmlOutputBufferWrite(buf, ctxt->indent_size * +- (ctxt->level > ctxt->indent_nr ? +- ctxt->indent_nr : ctxt->level), +- ctxt->indent); +- + xmlOutputBufferWrite(buf, 1, "<"); + if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) { + xmlOutputBufferWriteString(buf, (const char *)cur->ns->prefix); +-- +GitLab + diff --git a/SOURCES/libxml2-2.9.12-fix-lxml-corrupted-tree.patch b/SOURCES/libxml2-2.9.12-fix-lxml-corrupted-tree.patch new file mode 100644 index 0000000..482b9f0 --- /dev/null +++ b/SOURCES/libxml2-2.9.12-fix-lxml-corrupted-tree.patch @@ -0,0 +1,211 @@ +From 85b1792e37b131e7a51af98a37f92472e8de5f3f Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 18 May 2021 20:08:28 +0200 +Subject: [PATCH] Work around lxml API abuse + +Make xmlNodeDumpOutput and htmlNodeDumpFormatOutput work with corrupted +parent pointers. This used to work with the old recursive code but the +non-recursive rewrite required parent pointers to be set correctly. + +Unfortunately, lxml relies on the old behavior and passes subtrees with +a corrupted structure. Fall back to a recursive function call if an +invalid parent pointer is detected. + +Fixes #255. +--- + HTMLtree.c | 46 ++++++++++++++++++++++++++++------------------ + xmlsave.c | 31 +++++++++++++++++++++---------- + 2 files changed, 49 insertions(+), 28 deletions(-) + +diff --git a/HTMLtree.c b/HTMLtree.c +index 24434d45..bdd639c7 100644 +--- a/HTMLtree.c ++++ b/HTMLtree.c +@@ -744,7 +744,7 @@ void + htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, + xmlNodePtr cur, const char *encoding ATTRIBUTE_UNUSED, + int format) { +- xmlNodePtr root; ++ xmlNodePtr root, parent; + xmlAttrPtr attr; + const htmlElemDesc * info; + +@@ -755,6 +755,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, + } + + root = cur; ++ parent = cur->parent; + while (1) { + switch (cur->type) { + case XML_HTML_DOCUMENT_NODE: +@@ -762,13 +763,25 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, + if (((xmlDocPtr) cur)->intSubset != NULL) { + htmlDtdDumpOutput(buf, (xmlDocPtr) cur, NULL); + } +- if (cur->children != NULL) { ++ /* Always validate cur->parent when descending. */ ++ if ((cur->parent == parent) && (cur->children != NULL)) { ++ parent = cur; + cur = cur->children; + continue; + } + break; + + case XML_ELEMENT_NODE: ++ /* ++ * Some users like lxml are known to pass nodes with a corrupted ++ * tree structure. Fall back to a recursive call to handle this ++ * case. ++ */ ++ if ((cur->parent != parent) && (cur->children != NULL)) { ++ htmlNodeDumpFormatOutput(buf, doc, cur, encoding, format); ++ break; ++ } ++ + /* + * Get specific HTML info for that node. + */ +@@ -817,6 +830,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, + (cur->name != NULL) && + (cur->name[0] != 'p')) /* p, pre, param */ + xmlOutputBufferWriteString(buf, "\n"); ++ parent = cur; + cur = cur->children; + continue; + } +@@ -825,9 +839,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, + (info != NULL) && (!info->isinline)) { + if ((cur->next->type != HTML_TEXT_NODE) && + (cur->next->type != HTML_ENTITY_REF_NODE) && +- (cur->parent != NULL) && +- (cur->parent->name != NULL) && +- (cur->parent->name[0] != 'p')) /* p, pre, param */ ++ (parent != NULL) && ++ (parent->name != NULL) && ++ (parent->name[0] != 'p')) /* p, pre, param */ + xmlOutputBufferWriteString(buf, "\n"); + } + +@@ -842,9 +856,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, + break; + if (((cur->name == (const xmlChar *)xmlStringText) || + (cur->name != (const xmlChar *)xmlStringTextNoenc)) && +- ((cur->parent == NULL) || +- ((xmlStrcasecmp(cur->parent->name, BAD_CAST "script")) && +- (xmlStrcasecmp(cur->parent->name, BAD_CAST "style"))))) { ++ ((parent == NULL) || ++ ((xmlStrcasecmp(parent->name, BAD_CAST "script")) && ++ (xmlStrcasecmp(parent->name, BAD_CAST "style"))))) { + xmlChar *buffer; + + buffer = xmlEncodeEntitiesReentrant(doc, cur->content); +@@ -902,13 +916,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, + break; + } + +- /* +- * The parent should never be NULL here but we want to handle +- * corrupted documents gracefully. +- */ +- if (cur->parent == NULL) +- return; +- cur = cur->parent; ++ cur = parent; ++ /* cur->parent was validated when descending. */ ++ parent = cur->parent; + + if ((cur->type == XML_HTML_DOCUMENT_NODE) || + (cur->type == XML_DOCUMENT_NODE)) { +@@ -939,9 +949,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, + (cur->next != NULL)) { + if ((cur->next->type != HTML_TEXT_NODE) && + (cur->next->type != HTML_ENTITY_REF_NODE) && +- (cur->parent != NULL) && +- (cur->parent->name != NULL) && +- (cur->parent->name[0] != 'p')) /* p, pre, param */ ++ (parent != NULL) && ++ (parent->name != NULL) && ++ (parent->name[0] != 'p')) /* p, pre, param */ + xmlOutputBufferWriteString(buf, "\n"); + } + } +diff --git a/xmlsave.c b/xmlsave.c +index 61a40459..aedbd5e7 100644 +--- a/xmlsave.c ++++ b/xmlsave.c +@@ -847,7 +847,7 @@ htmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { + static void + xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { + int format = ctxt->format; +- xmlNodePtr tmp, root, unformattedNode = NULL; ++ xmlNodePtr tmp, root, unformattedNode = NULL, parent; + xmlAttrPtr attr; + xmlChar *start, *end; + xmlOutputBufferPtr buf; +@@ -856,6 +856,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { + buf = ctxt->buf; + + root = cur; ++ parent = cur->parent; + while (1) { + switch (cur->type) { + case XML_DOCUMENT_NODE: +@@ -868,7 +869,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { + break; + + case XML_DOCUMENT_FRAG_NODE: +- if (cur->children != NULL) { ++ /* Always validate cur->parent when descending. */ ++ if ((cur->parent == parent) && (cur->children != NULL)) { ++ parent = cur; + cur = cur->children; + continue; + } +@@ -887,7 +890,18 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { + break; + + case XML_ELEMENT_NODE: +- if ((cur != root) && (ctxt->format == 1) && (xmlIndentTreeOutput)) ++ /* ++ * Some users like lxml are known to pass nodes with a corrupted ++ * tree structure. Fall back to a recursive call to handle this ++ * case. ++ */ ++ if ((cur->parent != parent) && (cur->children != NULL)) { ++ xmlNodeDumpOutputInternal(ctxt, cur); ++ break; ++ } ++ ++ if ((ctxt->level > 0) && (ctxt->format == 1) && ++ (xmlIndentTreeOutput)) + xmlOutputBufferWrite(buf, ctxt->indent_size * + (ctxt->level > ctxt->indent_nr ? + ctxt->indent_nr : ctxt->level), +@@ -942,6 +956,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { + xmlOutputBufferWrite(buf, 1, ">"); + if (ctxt->format == 1) xmlOutputBufferWrite(buf, 1, "\n"); + if (ctxt->level >= 0) ctxt->level++; ++ parent = cur; + cur = cur->children; + continue; + } +@@ -1058,13 +1073,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { + break; + } + +- /* +- * The parent should never be NULL here but we want to handle +- * corrupted documents gracefully. +- */ +- if (cur->parent == NULL) +- return; +- cur = cur->parent; ++ cur = parent; ++ /* cur->parent was validated when descending. */ ++ parent = cur->parent; + + if (cur->type == XML_ELEMENT_NODE) { + if (ctxt->level > 0) ctxt->level--; +-- +GitLab + diff --git a/SOURCES/libxml2-2.9.12.tar.gz.asc b/SOURCES/libxml2-2.9.12.tar.gz.asc new file mode 100644 index 0000000..0bebb52 --- /dev/null +++ b/SOURCES/libxml2-2.9.12.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEE20ZoG7ka3OoXD6LUFViLJllr6l0FAmCddwQACgkQFViLJllr +6l11LQgAioRTdfmcC+uK/7+6HPtF/3c5zkX6j8VGYuvFBwZ0jayqMRBAl++fcpjE +JUU/JKebSZ/KCYjzyeOWK/i3Gq77iqm3UbZFB85rqu4a5P3gmj/4STWVyAx0KU3z +G3jKqDhJOt7c0acXb5lh2DngfDa1dn/VGcQcIXsqplNxNr4ET7MnSJjZ3nlxYfW2 +E5vWBdPCMUeXDBl6MjYvw9XnGGBLUAaEJWoFToG6jKmVf4GAd9nza20jj5dtbcJq +QEOaSDKDr+f9h2NS8haOhJ9vOpy52PdeGzaFlbRkXarGXuAr8kITgATVs8FAqcgv +MoVhmrO5r2hJf0dCM9fZoYqzpMfmNA== +=KfJ9 +-----END PGP SIGNATURE----- diff --git a/SOURCES/libxml2-2.9.8-python3-unicode-errors.patch b/SOURCES/libxml2-2.9.8-python3-unicode-errors.patch new file mode 100644 index 0000000..e87dcde --- /dev/null +++ b/SOURCES/libxml2-2.9.8-python3-unicode-errors.patch @@ -0,0 +1,34 @@ +Index: libxml2-2.9.5/python/libxml.c +=================================================================== +--- libxml2-2.9.5.orig/python/libxml.c ++++ libxml2-2.9.5/python/libxml.c +@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU + PyObject *message; + PyObject *result; + char str[1000]; ++ unsigned char *ptr = (unsigned char *)str; + + #ifdef DEBUG_ERROR + printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); +@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU + str[999] = 0; + va_end(ap); + ++#if PY_MAJOR_VERSION >= 3 ++ /* Ensure the error string doesn't start at UTF8 continuation. */ ++ while (*ptr && (*ptr & 0xc0) == 0x80) ++ ptr++; ++#endif ++ + list = PyTuple_New(2); + PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); + Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); +- message = libxml_charPtrConstWrap(str); ++ message = libxml_charPtrConstWrap(ptr); + PyTuple_SetItem(list, 1, message); + result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); ++ /* Forget any errors caused in the error handler. */ ++ PyErr_Clear(); + Py_XDECREF(list); + Py_XDECREF(result); + } diff --git a/SOURCES/libxml2-multilib.patch b/SOURCES/libxml2-multilib.patch new file mode 100644 index 0000000..dee1383 --- /dev/null +++ b/SOURCES/libxml2-multilib.patch @@ -0,0 +1,24 @@ +*** XML/xml2-config.in.orig 2006-06-06 16:35:56.000000000 +0200 +--- XML/xml2-config.in 2006-06-06 16:36:24.000000000 +0200 +*************** +*** 3,9 **** + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +! libdir=@libdir@ + cflags= + libs= + +--- 3,14 ---- + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +! if [ "`ldd /bin/sh | grep lib64`" = "" ] +! then +! libdir=${exec_prefix}/lib +! else +! libdir=${exec_prefix}/lib64 +! fi + cflags= + libs= + diff --git a/SPECS/libxml2.spec b/SPECS/libxml2.spec new file mode 100644 index 0000000..9be65e4 --- /dev/null +++ b/SPECS/libxml2.spec @@ -0,0 +1,543 @@ +Name: libxml2 +Version: 2.9.12 +Release: 4%{?dist} +Summary: Library providing XML and HTML support + +License: MIT +URL: http://xmlsoft.org/ +Source0: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz +Source1: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz.asc +# gpg --keyserver keys.gnupg.net --recv-keys DB46681BB91ADCEA170FA2D415588B26596BEA5D +# gpg2 --export --export-options export-minimal DB46681BB91ADCEA170FA2D415588B26596BEA5D > gpgkey-DB46681BB91ADCEA170FA2D415588B26596BEA5D.gpg +Source2: gpgkey-DB46681BB91ADCEA170FA2D415588B26596BEA5D.gpg +Patch0: libxml2-multilib.patch +# Patch from openSUSE. +# See: https://bugzilla.gnome.org/show_bug.cgi?id=789714 +Patch1: libxml2-2.9.8-python3-unicode-errors.patch +# https://gitlab.gnome.org/GNOME/libxml2/-/issues/255 +Patch2: libxml2-2.9.12-fix-lxml-corrupted-tree.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1969892 +Patch3: libxml2-2.9.12-fix-formatting-regression.patch + +BuildRequires: cmake-rpm-macros +BuildRequires: gcc +BuildRequires: gnupg2 +BuildRequires: make +BuildRequires: pkgconfig(zlib) +BuildRequires: pkgconfig(liblzma) + +%description +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DtDs, either +at parse time or later once the document has been modified. The output +can be a simple SAX stream or and in-memory DOM like representations. +In this case one can use the built-in XPath and XPointer implementation +to select sub nodes or ranges. A flexible Input/Output mechanism is +available, with existing HTTP and FTP modules and combined to an +URI library. + +%package devel +Summary: Libraries, includes, etc. to develop XML and HTML applications +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: zlib-devel%{?_isa} +Requires: xz-devel%{?_isa} + +%description devel +Libraries, include files, etc you can use to develop XML applications. +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DtDs, either +at parse time or later once the document has been modified. The output +can be a simple SAX stream or and in-memory DOM like representations. +In this case one can use the built-in XPath and XPointer implementation +to select sub nodes or ranges. A flexible Input/Output mechanism is +available, with existing HTTP and FTP modules and combined to an +URI library. + +%package static +Summary: Static library for libxml2 + +%description static +Static library for libxml2 provided for specific uses or shaving a few +microseconds when parsing, do not link to them for generic purpose packages. + +%package -n python3-%{name} +Summary: Python 3 bindings for the libxml2 library +BuildRequires: python3-devel +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-python3 < %{version}-%{release} +Provides: %{name}-python3 = %{version}-%{release} + +%description -n python3-%{name} +The libxml2-python3 package contains a Python 3 module that permits +applications written in the Python programming language, version 3, to use the +interface supplied by the libxml2 library to manipulate XML files. + +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DTDs, either +at parse time or later once the document has been modified. + +%prep +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' +%autosetup -p1 +find doc -type f -executable -print -exec chmod 0644 {} ';' + +# Remove files generated by python/generator.py to force regenerating them +rm python/{libxml2-py.c,libxml2-py.h,libxml2-export.c} + +%build +%configure --with-python=%{__python3} +%make_build + +%install +%make_install + +# multiarch crazyness on timestamp differences or Makefile/binaries for examples +touch -m --reference=%{buildroot}%{_includedir}/libxml2/libxml/parser.h %{buildroot}%{_bindir}/xml2-config + +find %{buildroot} -type f -name '*.la' -print -delete +rm -vf %{buildroot}{%{python2_sitearch},%{python3_sitearch}}/*.a +rm -vrf %{buildroot}%{_datadir}/doc/ +(cd doc/examples ; make clean ; rm -rf .deps Makefile) +gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz + +%check +%make_build runtests + +%ldconfig_scriptlets + +%files +%license Copyright +%doc AUTHORS NEWS README TODO +%{_libdir}/libxml2.so.2* +%{_mandir}/man3/libxml.3* +%{_bindir}/xmllint +%{_mandir}/man1/xmllint.1* +%{_bindir}/xmlcatalog +%{_mandir}/man1/xmlcatalog.1* + +%files devel +%doc doc/*.html doc/html doc/*.gif doc/*.png +%doc doc/tutorial doc/libxml2-api.xml.gz +%doc doc/examples +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%{_datadir}/gtk-doc/html/libxml2/ +%{_libdir}/libxml2.so +%{_libdir}/xml2Conf.sh +%{_includedir}/libxml2/ +%{_bindir}/xml2-config +%{_mandir}/man1/xml2-config.1* +%{_datadir}/aclocal/libxml.m4 +%{_libdir}/pkgconfig/libxml-2.0.pc +%{_libdir}/cmake/libxml2/ + +%files static +%license Copyright +%{_libdir}/libxml2.a + +%files -n python3-%{name} +%doc python/TODO python/libxml2class.txt +%doc doc/*.py doc/python.html +%{python3_sitearch}/libxml2.py +%{python3_sitearch}/__pycache__/libxml2.* +%{python3_sitearch}/drv_libxml2.py +%{python3_sitearch}/__pycache__/drv_libxml2.* +%{python3_sitearch}/libxml2mod.so + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 2.9.12-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jun 09 2021 David King - 2.9.12-3 +- Fix xmlNodeDumpOutputInternal regression (#1969892) + +* Tue May 25 2021 David King - 2.9.12-2 +- Fix multiarch conflict in devel subpackage (#1964346) + +* Fri May 14 2021 David King - 2.9.12-1 +- Rebase to 2.9.12 (#1960623) + +* Thu May 13 2021 David King - 2.9.10-12 +- Fix CVE-2021-3516 (#1956969) +- Fix CVE-2021-3517 (#1957002) +- Fix CVE-2021-3518 (#1957029) +- Fix CVE-2021-3537 (#1957285) + +* Fri Apr 16 2021 Mohan Boddu - 2.9.10-11 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.9.10-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Nov 12 11:57:41 CET 2020 Victor Stinner - 2.9.10-9 +- Build the Python extension with the PY_SSIZE_T_CLEAN macro to make it + compatible with Python 3.10. +- Fixes: rhbz#1890878. + +* Wed Nov 11 2020 Richard W.M. Jones - 2.9.10-8 +- Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot. + +* Fri Sep 11 2020 Richard W.M. Jones - 2.9.10-7 +- Add fix for CVE-2020-24977 (RHBZ#1877788). + +* Tue Jul 28 2020 Fedora Release Engineering - 2.9.10-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sat May 23 2020 Miro Hrončok - 2.9.10-5 +- Rebuilt for Python 3.9 + +* Mon Feb 10 2020 David King - 2.9.10-4 +- Fix CVE-2019-20388 (#1799736) +- Fix CVE-2020-7595 (#1799786) + +* Wed Jan 29 2020 Fedora Release Engineering - 2.9.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jan 03 2020 Jan Pokorny - 2.9.10-2 +- Fix relaxed approach to nested documents on object disposal (#1780573) + +* Fri Nov 01 2019 David King - 2.9.10-1 +- Update to 2.9.10 (#1767151) + +* Thu Oct 31 2019 Miro Hrončok - 2.9.9-7 +- Subpackage python2-libxml2 has been removed + See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal + +* Thu Oct 03 2019 Miro Hrončok - 2.9.9-6 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Fri Aug 23 2019 Florian Weimer - 2.9.9-5 +- Rebuild to fix corrupted libxml2-static package on aarch64 (#1745020) + +* Fri Aug 16 2019 Miro Hrončok - 2.9.9-4 +- Rebuilt for Python 3.8 + +* Thu Jul 25 2019 Fedora Release Engineering - 2.9.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 2.9.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jan 25 2019 David King - 2.9.9-1 +- Update to 2.9.9 + +* Sun Jan 06 2019 Björn Esser - 2.9.8-5 +- Add patch to fix crash: xmlParserPrintFileContextInternal mangles utf8 + +* Thu Aug 02 2018 Igor Gnatenko - 2.9.8-4 +- Backport patches from upstream + +* Fri Jul 13 2018 Fedora Release Engineering - 2.9.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 2.9.8-2 +- Rebuilt for Python 3.7 + +* Tue Apr 03 2018 Igor Gnatenko - 2.9.8-1 +- Update to 2.9.8 + +* Sat Feb 24 2018 Florian Weimer - 2.9.7-4 +- Rebuild with new LDFLAGS from redhat-rpm-config + +* Wed Feb 07 2018 Fedora Release Engineering - 2.9.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 30 2018 Igor Gnatenko - 2.9.7-2 +- Switch to %%ldconfig_scriptlets + +* Wed Jan 24 2018 Igor Gnatenko - 2.9.7-1 +- Update to 2.9.7 +- Cleanups in packaging + +* Tue Jan 09 2018 Iryna Shcherbina - 2.9.5-3 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Sep 22 2017 Petr Pisar - 2.9.5-2 +- Fix reporting error about undefined XPath variables (bug #1493613) + +* Mon Sep 4 2017 Daniel Veillard - 2.9.5-1 +- update to 2.9.5 + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 2.9.4-5 +- Python 2 binary package renamed to python2-libxml2 + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + +* Thu Aug 03 2017 Fedora Release Engineering - 2.9.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.9.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 2.9.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Dec 21 2016 Kevin Fenzi - 2.9.4-1 +- Update to 2.9.4. +- Apply very hacky patch that removes the no longer in python-3.6 PyVerify_fd symbol. + +* Mon Dec 12 2016 Charalampos Stratakis - 2.9.3-5 +- Rebuild for Python 3.6 + +* Tue Jul 19 2016 Fedora Release Engineering - 2.9.3-4 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Thu Feb 04 2016 Fedora Release Engineering - 2.9.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Dec 02 2015 Kalev Lember - 2.9.3-2 +- Fix obsoletes versions now that F22 has libxml2 2.9.3 (#1287262) + +* Fri Nov 20 2015 Daniel Veillard - 2.9.2-1 +- upstream release of 2.9.3 +- Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, CVE-2015-1819 + CVE-2015-7497, CVE-2015-7498, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500 + and CVE-2015-8242 +- many other bug fixes + +* Fri Nov 06 2015 Robert Kuska - 2.9.2-9 +- Rebuilt for Python3.5 rebuild +- Python3.5 has new naming convention for byte compiled files + +* Tue Nov 3 2015 Toshio Kuratomi - 2.9.2-8 +- Remove executable permissions from documentation. Complies with packaging + guidelines and solves issue of libxml2-python3 package depending on python2 + +* Thu Aug 27 2015 Miro Hrončok - 2.9.2-7 +- Remove dependency on python2 from python3 subpackage, rhbz#1250940 + +* Sat Aug 22 2015 Kalev Lember - 2.9.2-6 +- Rename the Python 3 subpackage to python3-libxml2 as per guidelines + +* Wed Jun 17 2015 Fedora Release Engineering - 2.9.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Feb 21 2015 Till Maas - 2.9.2-4 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Wed Jan 21 2015 Tomas Radej - 2.9.2-3 +- Added Python 3 subpackage + +* Thu Oct 16 2014 Lubomir Rintel - 2.9.2-2 +- Avoid corrupting the xml catalogs + +* Thu Oct 16 2014 Daniel Veillard - 2.9.2-1 +- upstream release of 2.9.2 +- Fix for CVE-214-3660 billion laugh DOS +- many other bug fixes + +* Sun Aug 17 2014 Fedora Release Engineering - 2.9.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jul 18 2014 Tom Callaway - 2.9.1-4 +- fix license handling + +* Sat Jun 07 2014 Fedora Release Engineering - 2.9.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 2.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri Apr 19 2013 Daniel Veillard - 2.9.1-1 +- upstream release of 2.9.1 +- a couple more API entry point +- compatibility with python3 +- a lot of bug fixes + +* Mon Feb 11 2013 Daniel Veillard - 2.9.0-4 +- fix --nocheck build which I broke in october rhbz#909767 + +* Mon Nov 19 2012 Jaroslav Reznik - 2.9.0-3 +- workaround for crc/len check failure, rhbz#877567 + +* Thu Oct 11 2012 Daniel Veillard - 2.9.0-2 +- remaining cleanups from merge bug rhbz#226079 +- do not put the docs in the main package, only in -devel rhbz#864731 + +* Tue Sep 11 2012 Daniel Veillard - 2.9.0-1 +- upstream release of 2.9.0 +- A few new API entry points +- More resilient push parser mode +- A lot of portability improvement +- Faster XPath evaluation +- a lot of bug fixes and smaller improvement + +* Fri Aug 10 2012 Daniel Veillard - 2.9.0-0rc1 +- upstream release candidate 1 of 2.9.0 +- introduce a small API change, but ABI compatible, see + https://mail.gnome.org/archives/xml/2012-August/msg00005.html + patches for php, gcc/libjava and evolution-data-connector are upstream + Grab me in cases of problems veillard@redhat.com +- many bug fixes including security aspects and small improvements + +* Thu Jul 19 2012 Fedora Release Engineering - 2.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed May 23 2012 Daniel Veillard - 2.8.0-1 +- upstream release of 2.8.0 +- add lzma compression support +- many bug fixes and small improvements + +* Fri Jan 13 2012 Fedora Release Engineering - 2.7.8-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Mar 4 2011 Daniel Veillard - 2.7.8-6 +- fix a double free in XPath CVE-2010-4494 bug 665965 + +* Tue Feb 08 2011 Fedora Release Engineering - 2.7.8-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Nov 5 2010 Daniel Veillard - 2.7.8-4 +- reactivate shared libs versionning script + +* Thu Nov 4 2010 Daniel Veillard - 2.7.8-1 +- Upstream release of 2.7.8 +- various bug fixes, including potential crashes +- new non-destructive formatting option +- date parsing updated to RFC 5646 + +* Wed Jul 21 2010 David Malcolm - 2.7.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Mon Mar 15 2010 Daniel Veillard - 2.7.7-1 +- Upstream release of 2.7.7 +- fix serious trouble with zlib >= 1.2.4 +- xmllint new option --xpath +- various HTML parser improvements +- includes a number of nug fixes + +* Tue Oct 6 2009 Daniel Veillard - 2.7.6-1 +- Upstream release of 2.7.6 +- restore thread support off by default in 2.7.5 + +* Thu Sep 24 2009 Daniel Veillard - 2.7.5-1 +- Upstream release of 2.7.5 +- fix a couple of Relax-NG validation problems +- couple more fixes + +* Tue Sep 15 2009 Daniel Veillard - 2.7.4-2 +- fix a problem with little data at startup affecting inkscape #523002 + +* Thu Sep 10 2009 Daniel Veillard - 2.7.4-1 +- upstream release 2.7.4 +- symbol versioning of libxml2 shared libs +- very large number of bug fixes + +* Mon Aug 10 2009 Daniel Veillard - 2.7.3-4 +- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416 + +* Sat Jul 25 2009 Fedora Release Engineering - 2.7.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 2.7.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sun Jan 18 2009 Daniel Veillard - 2.7.3-1 +- new release 2.7.3 +- limit default max size of text nodes +- special parser mode for PHP +- bug fixes and more compiler checks + +* Wed Dec 3 2008 Ignacio Vazquez-Abrams - 2.7.2-7 +- Pull back into Python 2.6 + +* Wed Dec 3 2008 Caolán McNamara - 2.7.2-6 +- AutoProvides requires BuildRequires pkgconfig + +* Wed Dec 3 2008 Caolán McNamara - 2.7.2-5 +- rebuild to get provides(libxml-2.0) into HEAD rawhide + +* Mon Dec 1 2008 Ignacio Vazquez-Abrams - 2.7.2-4 +- Rebuild for pkgconfig logic + +* Fri Nov 28 2008 Ignacio Vazquez-Abrams - 2.7.2-3 +- Rebuild for Python 2.6 + +* Wed Nov 12 2008 Daniel Veillard - 2.7.2-2.fc11 +- two patches for size overflows problems CVE-2008-4225 and CVE-2008-4226 + +* Fri Oct 3 2008 Daniel Veillard 2.7.2-1.fc10 +- new release 2.7.2 +- Fixes the known problems in 2.7.1 +- increase the set of options when saving documents + +* Thu Oct 2 2008 Daniel Veillard 2.7.1-2.fc10 +- fix a nasty bug in 2.7.x, http://bugzilla.gnome.org/show_bug.cgi?id=554660 + +* Mon Sep 1 2008 Daniel Veillard 2.7.1-1.fc10 +- fix python serialization which was broken in 2.7.0 +- Resolve: rhbz#460774 + +* Sat Aug 30 2008 Daniel Veillard 2.7.0-1.fc10 +- upstream release of 2.7.0 +- switch to XML 1.0 5th edition +- switch to RFC 3986 for URI parsing +- better entity handling +- option to remove hardcoded limitations in the parser +- more testing +- a new API to allocate entity nodes +- and lot of fixes and clanups + +* Mon Aug 25 2008 Daniel Veillard 2.6.32-4.fc10 +- fix for entities recursion problem +- Resolve: rhbz#459714 + +* Fri May 30 2008 Daniel Veillard 2.6.32-3.fc10 +- cleanup based on Fedora packaging guidelines, should fix #226079 +- separate a -static package + +* Thu May 15 2008 Daniel Veillard 2.6.32-2.fc10 +- try to fix multiarch problems like #440206 + +* Tue Apr 8 2008 Daniel Veillard 2.6.32-1.fc9 +- upstream release 2.6.32 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Wed Feb 20 2008 Fedora Release Engineering - 2.6.31-2 +- Autorebuild for GCC 4.3 + +* Fri Jan 11 2008 Daniel Veillard 2.6.31-1.fc9 +- upstream release 2.6.31 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Thu Aug 23 2007 Daniel Veillard 2.6.30-1 +- upstream release 2.6.30 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Tue Jun 12 2007 Daniel Veillard 2.6.29-1 +- upstream release 2.6.29 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Wed May 16 2007 Matthias Clasen 2.6.28-2 +- Bump revision to fix N-V-R problem + +* Tue Apr 17 2007 Daniel Veillard 2.6.28-1 +- upstream release 2.6.28 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Thu Dec 7 2006 Jeremy Katz - 2.6.27-2 +- rebuild against python 2.5 + +* Wed Oct 25 2006 Daniel Veillard 2.6.27-1 +- upstream release 2.6.27 see http://xmlsoft.org/news.html +- very large amount of bug fixes reported upstream + +* Wed Jul 12 2006 Jesse Keating - 2.6.26-2.1.1 +- rebuild + +* Wed Jul 12 2006 Jesse Keating - 2.6.26-2.1 +- rebuild + +* Wed Jun 7 2006 Daniel Veillard 2.6.26-2 +- fix bug #192873 +* Tue Jun 6 2006 Daniel Veillard 2.6.26-1 +- upstream release 2.6.26 see http://xmlsoft.org/news.html + +* Tue Jun 6 2006 Daniel Veillard +- upstream release 2.6.25 broken, do not ship ! +