From c36c441721a9560afc74e05b781fd26ea72d3051 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 07 2019 10:23:29 +0000 Subject: import libxml2-2.9.7-5.el8 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..511619f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libxml2-2.9.7.tar.gz diff --git a/.libxml2.metadata b/.libxml2.metadata new file mode 100644 index 0000000..30c379d --- /dev/null +++ b/.libxml2.metadata @@ -0,0 +1 @@ +ab3325e6cdda50ab2382fdfe0bdb6f7d1b9224a6 SOURCES/libxml2-2.9.7.tar.gz diff --git a/SOURCES/libxml2-2.9.0-do-not-check-crc.patch b/SOURCES/libxml2-2.9.0-do-not-check-crc.patch new file mode 100644 index 0000000..3e65077 --- /dev/null +++ b/SOURCES/libxml2-2.9.0-do-not-check-crc.patch @@ -0,0 +1,35 @@ +diff -up libxml2-2.9.0/xzlib.c.do-not-check-crc libxml2-2.9.0/xzlib.c +--- libxml2-2.9.0/xzlib.c.do-not-check-crc 2012-09-11 05:52:46.000000000 +0200 ++++ libxml2-2.9.0/xzlib.c 2012-11-19 19:28:42.431700534 +0100 +@@ -552,17 +552,20 @@ xz_decomp(xz_statep state) + #ifdef HAVE_ZLIB_H + if (state->how == GZIP) { + if (gz_next4(state, &crc) == -1 || gz_next4(state, &len) == -1) { +- xz_error(state, LZMA_DATA_ERROR, "unexpected end of file"); +- return -1; +- } +- if (crc != state->zstrm.adler) { +- xz_error(state, LZMA_DATA_ERROR, "incorrect data check"); +- return -1; +- } +- if (len != (state->zstrm.total_out & 0xffffffffL)) { +- xz_error(state, LZMA_DATA_ERROR, "incorrect length check"); +- return -1; +- } ++ /* ++ xz_error(state, LZMA_DATA_ERROR, "unexpected end of file"); ++ return -1; ++ */ ++ } else { ++ if (crc != state->zstrm.adler) { ++ xz_error(state, LZMA_DATA_ERROR, "incorrect data check"); ++ return -1; ++ } ++ if (len != (state->zstrm.total_out & 0xffffffffL)) { ++ xz_error(state, LZMA_DATA_ERROR, "incorrect length check"); ++ return -1; ++ } ++ } + state->strm.avail_in = 0; + state->strm.next_in = NULL; + state->strm.avail_out = 0; diff --git a/SOURCES/libxml2-2.9.4-remove-pyverify_fd.patch b/SOURCES/libxml2-2.9.4-remove-pyverify_fd.patch new file mode 100644 index 0000000..d05d4cb --- /dev/null +++ b/SOURCES/libxml2-2.9.4-remove-pyverify_fd.patch @@ -0,0 +1,12 @@ +diff -Nur libxml2-2.9.4.orig/python/types.c libxml2-2.9.4/python/types.c +--- libxml2-2.9.4.orig/python/types.c 2016-02-09 03:17:33.000000000 -0700 ++++ libxml2-2.9.4/python/types.c 2016-12-21 12:34:06.755650986 -0700 +@@ -31,8 +31,6 @@ + const char *mode; + + fd = PyObject_AsFileDescriptor(f); +- if (!_PyVerify_fd(fd)) +- return(NULL); + /* + * Get the flags on the fd to understand how it was opened + */ diff --git a/SOURCES/libxml2-CVE-2016-9597.patch b/SOURCES/libxml2-CVE-2016-9597.patch new file mode 100644 index 0000000..43f0243 --- /dev/null +++ b/SOURCES/libxml2-CVE-2016-9597.patch @@ -0,0 +1,191 @@ +Make the XML entity recursion check more precise. + +libxml doesn't detect entity recursion specifically but has a variety +of related checks, such as entities not expanding too deeply or +producing exponential blow-ups in content. + +Because entity declarations are parsed in a separate context with +their own element recursion budget, a recursive entity can overflow +the stack using a lot of open elements (but within the per-context +limit) as it slowly consumes (but does not exhaust) the entity depth +budget. + +This adds a specific, precise check for recursive entities that +detects entity recursion specifically and fails immediately. + +The existing entity expansion depth checks are still relevant for long +chains of different entities. + +BUG=628581 + +Review-Url: https://codereview.chromium.org/2539003002 +Cr-Commit-Position: refs/heads/master@{#436899} + + +Index: libxml2-2.9.4/entities.c +=================================================================== +--- libxml2-2.9.4.orig/entities.c ++++ libxml2-2.9.4/entities.c +@@ -159,6 +159,7 @@ xmlCreateEntity(xmlDictPtr dict, const x + memset(ret, 0, sizeof(xmlEntity)); + ret->type = XML_ENTITY_DECL; + ret->checked = 0; ++ ret->guard = XML_ENTITY_NOT_BEING_CHECKED; + + /* + * fill the structure. +@@ -931,6 +932,7 @@ xmlCopyEntity(xmlEntityPtr ent) { + cur->orig = xmlStrdup(ent->orig); + if (ent->URI != NULL) + cur->URI = xmlStrdup(ent->URI); ++ cur->guard = 0; + return(cur); + } + +Index: libxml2-2.9.4/include/libxml/entities.h +=================================================================== +--- libxml2-2.9.4.orig/include/libxml/entities.h ++++ libxml2-2.9.4/include/libxml/entities.h +@@ -30,6 +30,11 @@ typedef enum { + XML_INTERNAL_PREDEFINED_ENTITY = 6 + } xmlEntityType; + ++typedef enum { ++ XML_ENTITY_NOT_BEING_CHECKED, ++ XML_ENTITY_BEING_CHECKED /* entity check is in progress */ ++} xmlEntityRecursionGuard; ++ + /* + * An unit of storage for an entity, contains the string, the value + * and the linkind data needed for the linking in the hash table. +@@ -60,6 +65,7 @@ struct _xmlEntity { + /* this is also used to count entities + * references done from that entity + * and if it contains '<' */ ++ xmlEntityRecursionGuard guard; + }; + + /* +Index: libxml2-2.9.4/parser.c +=================================================================== +--- libxml2-2.9.4.orig/parser.c ++++ libxml2-2.9.4/parser.c +@@ -133,6 +133,10 @@ xmlParserEntityCheck(xmlParserCtxtPtr ct + if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) + return (1); + ++ if ((ent != NULL) && (ent->guard == XML_ENTITY_BEING_CHECKED)) { ++ xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); ++ return (1); ++ } + /* + * This may look absurd but is needed to detect + * entities problems +@@ -143,12 +147,14 @@ xmlParserEntityCheck(xmlParserCtxtPtr ct + unsigned long oldnbent = ctxt->nbentities; + xmlChar *rep; + ++ ent->guard = XML_ENTITY_BEING_CHECKED; + ent->checked = 1; + + ++ctxt->depth; + rep = xmlStringDecodeEntities(ctxt, ent->content, + XML_SUBSTITUTE_REF, 0, 0, 0); + --ctxt->depth; ++ ent->guard = XML_ENTITY_NOT_BEING_CHECKED; + if (ctxt->errNo == XML_ERR_ENTITY_LOOP) { + ent->content[0] = 0; + } +@@ -7337,23 +7343,28 @@ xmlParseReference(xmlParserCtxtPtr ctxt) + * if its replacement text matches the production labeled + * content. + */ +- if (ent->etype == XML_INTERNAL_GENERAL_ENTITY) { +- ctxt->depth++; +- ret = xmlParseBalancedChunkMemoryInternal(ctxt, ent->content, +- user_data, &list); +- ctxt->depth--; +- +- } else if (ent->etype == XML_EXTERNAL_GENERAL_PARSED_ENTITY) { +- ctxt->depth++; +- ret = xmlParseExternalEntityPrivate(ctxt->myDoc, ctxt, ctxt->sax, +- user_data, ctxt->depth, ent->URI, +- ent->ExternalID, &list); +- ctxt->depth--; +- } else { +- ret = XML_ERR_ENTITY_PE_INTERNAL; +- xmlErrMsgStr(ctxt, XML_ERR_INTERNAL_ERROR, +- "invalid entity type found\n", NULL); +- } ++ if (ent->guard == XML_ENTITY_BEING_CHECKED) { ++ ret = XML_ERR_ENTITY_LOOP; ++ } else { ++ ent->guard = XML_ENTITY_BEING_CHECKED; ++ if (ent->etype == XML_INTERNAL_GENERAL_ENTITY) { ++ ctxt->depth++; ++ ret = xmlParseBalancedChunkMemoryInternal(ctxt, ent->content, ++ user_data, &list); ++ ctxt->depth--; ++ } else if (ent->etype == XML_EXTERNAL_GENERAL_PARSED_ENTITY) { ++ ctxt->depth++; ++ ret = xmlParseExternalEntityPrivate(ctxt->myDoc, ctxt, ctxt->sax, ++ user_data, ctxt->depth, ent->URI, ++ ent->ExternalID, &list); ++ ctxt->depth--; ++ } else { ++ ret = XML_ERR_ENTITY_PE_INTERNAL; ++ xmlErrMsgStr(ctxt, XML_ERR_INTERNAL_ERROR, ++ "invalid entity type found\n", NULL); ++ } ++ ent->guard = XML_ENTITY_NOT_BEING_CHECKED; ++ } + + /* + * Store the number of entities needing parsing for this entity +@@ -7456,23 +7467,29 @@ xmlParseReference(xmlParserCtxtPtr ctxt) + else + user_data = ctxt->userData; + +- if (ent->etype == XML_INTERNAL_GENERAL_ENTITY) { +- ctxt->depth++; +- ret = xmlParseBalancedChunkMemoryInternal(ctxt, +- ent->content, user_data, NULL); +- ctxt->depth--; +- } else if (ent->etype == +- XML_EXTERNAL_GENERAL_PARSED_ENTITY) { +- ctxt->depth++; +- ret = xmlParseExternalEntityPrivate(ctxt->myDoc, ctxt, +- ctxt->sax, user_data, ctxt->depth, +- ent->URI, ent->ExternalID, NULL); +- ctxt->depth--; +- } else { +- ret = XML_ERR_ENTITY_PE_INTERNAL; +- xmlErrMsgStr(ctxt, XML_ERR_INTERNAL_ERROR, +- "invalid entity type found\n", NULL); +- } ++ if (ent->guard == XML_ENTITY_BEING_CHECKED) { ++ ret = XML_ERR_ENTITY_LOOP; ++ } else { ++ ent->guard = XML_ENTITY_BEING_CHECKED; ++ if (ent->etype == XML_INTERNAL_GENERAL_ENTITY) { ++ ctxt->depth++; ++ ret = xmlParseBalancedChunkMemoryInternal(ctxt, ++ ent->content, user_data, NULL); ++ ctxt->depth--; ++ } else if (ent->etype == ++ XML_EXTERNAL_GENERAL_PARSED_ENTITY) { ++ ctxt->depth++; ++ ret = xmlParseExternalEntityPrivate(ctxt->myDoc, ctxt, ++ ctxt->sax, user_data, ctxt->depth, ++ ent->URI, ent->ExternalID, NULL); ++ ctxt->depth--; ++ } else { ++ ret = XML_ERR_ENTITY_PE_INTERNAL; ++ xmlErrMsgStr(ctxt, XML_ERR_INTERNAL_ERROR, ++ "invalid entity type found\n", NULL); ++ } ++ ent->guard = XML_ENTITY_NOT_BEING_CHECKED; ++ } + if (ret == XML_ERR_ENTITY_LOOP) { + xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); + return; diff --git a/SOURCES/libxml2-multilib.patch b/SOURCES/libxml2-multilib.patch new file mode 100644 index 0000000..138d38f --- /dev/null +++ b/SOURCES/libxml2-multilib.patch @@ -0,0 +1,24 @@ +*** XML/xml2-config.in.orig 2006-06-06 16:35:56.000000000 +0200 +--- XML/xml2-config.in 2006-06-06 16:36:24.000000000 +0200 +*************** +*** 3,9 **** + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +! libdir=@libdir@ + + usage() + { +--- 3,14 ---- + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +! if [ "`ldd /bin/sh | grep lib64`" = "" ] +! then +! libdir=${exec_prefix}/lib +! else +! libdir=${exec_prefix}/lib64 +! fi + + usage() + { diff --git a/SOURCES/libxml2-python3-unicode-errors.patch b/SOURCES/libxml2-python3-unicode-errors.patch new file mode 100644 index 0000000..e87dcde --- /dev/null +++ b/SOURCES/libxml2-python3-unicode-errors.patch @@ -0,0 +1,34 @@ +Index: libxml2-2.9.5/python/libxml.c +=================================================================== +--- libxml2-2.9.5.orig/python/libxml.c ++++ libxml2-2.9.5/python/libxml.c +@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU + PyObject *message; + PyObject *result; + char str[1000]; ++ unsigned char *ptr = (unsigned char *)str; + + #ifdef DEBUG_ERROR + printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); +@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU + str[999] = 0; + va_end(ap); + ++#if PY_MAJOR_VERSION >= 3 ++ /* Ensure the error string doesn't start at UTF8 continuation. */ ++ while (*ptr && (*ptr & 0xc0) == 0x80) ++ ptr++; ++#endif ++ + list = PyTuple_New(2); + PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); + Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); +- message = libxml_charPtrConstWrap(str); ++ message = libxml_charPtrConstWrap(ptr); + PyTuple_SetItem(list, 1, message); + result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); ++ /* Forget any errors caused in the error handler. */ ++ PyErr_Clear(); + Py_XDECREF(list); + Py_XDECREF(result); + } diff --git a/SPECS/libxml2.spec b/SPECS/libxml2.spec new file mode 100644 index 0000000..0fefbe4 --- /dev/null +++ b/SPECS/libxml2.spec @@ -0,0 +1,502 @@ +%if 0%{?rhel} > 7 +# Disable python2 build by default +%bcond_with python2 +%else +%bcond_without python2 +%endif + +Name: libxml2 +Version: 2.9.7 +Release: 5%{?dist} +Summary: Library providing XML and HTML support + +License: MIT +URL: http://xmlsoft.org/ +Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz +Patch0: libxml2-multilib.patch +# workaround for #877567 - Very weird bug gzip decompression bug in "recent" libxml2 versions +Patch1: libxml2-2.9.0-do-not-check-crc.patch +# In python3.6 _PyVerify_fd is no more +# http://bugs.python.org/issue23524 +Patch2: libxml2-2.9.4-remove-pyverify_fd.patch +# https://codereview.chromium.org/2539003002 +Patch3: libxml2-CVE-2016-9597.patch +# Fix some crashes under Python 3 +# https://bugzilla.gnome.org/show_bug.cgi?id=789714 +Patch4: libxml2-python3-unicode-errors.patch + +BuildRequires: gcc +BuildRequires: cmake-rpm-macros +BuildRequires: pkgconfig(zlib) +BuildRequires: pkgconfig(liblzma) + +%description +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DtDs, either +at parse time or later once the document has been modified. The output +can be a simple SAX stream or and in-memory DOM like representations. +In this case one can use the built-in XPath and XPointer implementation +to select sub nodes or ranges. A flexible Input/Output mechanism is +available, with existing HTTP and FTP modules and combined to an +URI library. + +%package devel +Summary: Libraries, includes, etc. to develop XML and HTML applications +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: zlib-devel%{?_isa} +Requires: xz-devel%{?_isa} + +%description devel +Libraries, include files, etc you can use to develop XML applications. +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DtDs, either +at parse time or later once the document has been modified. The output +can be a simple SAX stream or and in-memory DOM like representations. +In this case one can use the built-in XPath and XPointer implementation +to select sub nodes or ranges. A flexible Input/Output mechanism is +available, with existing HTTP and FTP modules and combined to an +URI library. + +%package static +Summary: Static library for libxml2 + +%description static +Static library for libxml2 provided for specific uses or shaving a few +microseconds when parsing, do not link to them for generic purpose packages. + +%if %{with python2} +%package -n python2-%{name} +%{?python_provide:%python_provide python2-%{name}} +Summary: Python bindings for the libxml2 library +BuildRequires: python2-devel +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-python < %{version}-%{release} +Provides: %{name}-python = %{version}-%{release} + +%description -n python2-%{name} +The libxml2-python package contains a Python 2 module that permits applications +written in the Python programming language, version 2, to use the interface +supplied by the libxml2 library to manipulate XML files. + +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DTDs, either +at parse time or later once the document has been modified. +%endif # with python2 + +%package -n python3-%{name} +Summary: Python 3 bindings for the libxml2 library +BuildRequires: python3-devel +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-python3 < %{version}-%{release} +Provides: %{name}-python3 = %{version}-%{release} + +%description -n python3-%{name} +The libxml2-python3 package contains a Python 3 module that permits +applications written in the Python programming language, version 3, to use the +interface supplied by the libxml2 library to manipulate XML files. + +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DTDs, either +at parse time or later once the document has been modified. + +%prep +%autosetup -p1 +find doc -type f -executable -print -exec chmod 0644 {} ';' + +%build +%if %{with python2} +mkdir py2 +%endif # with python2 +mkdir py3 +%global _configure ../configure +%global _configure_disable_silent_rules 1 +%if %{with python2} +( cd py2 && %configure --cache-file=../config.cache --with-python=%{__python2} ) +%endif # with python2 +( cd py3 && %configure --cache-file=../config.cache --with-python=%{__python3} ) +%if %{with python2} +%make_build -C py2 +%endif # with python2 +%make_build -C py3 + +%install +%if %{with python2} +%make_install -C py2 +%endif # with python2 +%make_install -C py3 + +# multiarch crazyness on timestamp differences or Makefile/binaries for examples +touch -m --reference=%{buildroot}%{_includedir}/libxml2/libxml/parser.h %{buildroot}%{_bindir}/xml2-config + +find %{buildroot} -type f -name '*.la' -print -delete +rm -vf %{buildroot}{%{python2_sitearch},%{python3_sitearch}}/*.a +rm -vrf %{buildroot}%{_datadir}/doc/ +#(cd doc/examples ; make clean ; rm -rf .deps Makefile) +gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz + +%check +%if %{with python2} +%make_build runtests -C py2 +%endif # with python2 +%make_build runtests -C py3 + +%ldconfig_scriptlets + +%files +%license Copyright +%doc AUTHORS NEWS README TODO +%{_libdir}/libxml2.so.2* +%{_mandir}/man3/libxml.3* +%{_bindir}/xmllint +%{_mandir}/man1/xmllint.1* +%{_bindir}/xmlcatalog +%{_mandir}/man1/xmlcatalog.1* + +%files devel +%doc doc/*.html doc/html doc/*.gif doc/*.png +%doc doc/tutorial doc/libxml2-api.xml.gz +%doc doc/examples +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%{_datadir}/gtk-doc/html/libxml2/ +%{_libdir}/libxml2.so +%{_libdir}/xml2Conf.sh +%{_includedir}/libxml2/ +%{_bindir}/xml2-config +%{_mandir}/man1/xml2-config.1* +%{_datadir}/aclocal/libxml.m4 +%{_libdir}/pkgconfig/libxml-2.0.pc +%{_libdir}/cmake/libxml2/ + +%files static +%license Copyright +%{_libdir}/libxml2.a + +%if %{with python2} +%files -n python2-%{name} +%doc python/TODO python/libxml2class.txt +%doc doc/*.py doc/python.html +%{python2_sitearch}/libxml2.py* +%{python2_sitearch}/drv_libxml2.py* +%{python2_sitearch}/libxml2mod.so +%endif # with python2 + +%files -n python3-%{name} +%doc python/TODO python/libxml2class.txt +%doc doc/*.py doc/python.html +%{python3_sitearch}/libxml2.py +%{python3_sitearch}/__pycache__/libxml2.* +%{python3_sitearch}/drv_libxml2.py +%{python3_sitearch}/__pycache__/drv_libxml2.* +%{python3_sitearch}/libxml2mod.so + +%changelog +* Fri Aug 03 2018 Charalampos Stratakis - 2.9.7-5 +- Fix some crashes under Python 3 +- Conditionalize the python2 subpackage + +* Sat Feb 24 2018 Florian Weimer - 2.9.7-4 +- Rebuild with new LDFLAGS from redhat-rpm-config + +* Wed Feb 07 2018 Fedora Release Engineering - 2.9.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 30 2018 Igor Gnatenko - 2.9.7-2 +- Switch to %%ldconfig_scriptlets + +* Wed Jan 24 2018 Igor Gnatenko - 2.9.7-1 +- Update to 2.9.7 +- Cleanups in packaging + +* Tue Jan 09 2018 Iryna Shcherbina - 2.9.5-3 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Sep 22 2017 Petr Pisar - 2.9.5-2 +- Fix reporting error about undefined XPath variables (bug #1493613) + +* Mon Sep 4 2017 Daniel Veillard - 2.9.5-1 +- update to 2.9.5 + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 2.9.4-5 +- Python 2 binary package renamed to python2-libxml2 + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + +* Thu Aug 03 2017 Fedora Release Engineering - 2.9.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.9.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 2.9.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Dec 21 2016 Kevin Fenzi - 2.9.4-1 +- Update to 2.9.4. +- Apply very hacky patch that removes the no longer in python-3.6 PyVerify_fd symbol. + +* Mon Dec 12 2016 Charalampos Stratakis - 2.9.3-5 +- Rebuild for Python 3.6 + +* Tue Jul 19 2016 Fedora Release Engineering - 2.9.3-4 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Thu Feb 04 2016 Fedora Release Engineering - 2.9.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Dec 02 2015 Kalev Lember - 2.9.3-2 +- Fix obsoletes versions now that F22 has libxml2 2.9.3 (#1287262) + +* Fri Nov 20 2015 Daniel Veillard - 2.9.2-1 +- upstream release of 2.9.3 +- Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, CVE-2015-1819 + CVE-2015-7497, CVE-2015-7498, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500 + and CVE-2015-8242 +- many other bug fixes + +* Fri Nov 06 2015 Robert Kuska - 2.9.2-9 +- Rebuilt for Python3.5 rebuild +- Python3.5 has new naming convention for byte compiled files + +* Tue Nov 3 2015 Toshio Kuratomi - 2.9.2-8 +- Remove executable permissions from documentation. Complies with packaging + guidelines and solves issue of libxml2-python3 package depending on python2 + +* Thu Aug 27 2015 Miro Hrončok - 2.9.2-7 +- Remove dependency on python2 from python3 subpackage, rhbz#1250940 + +* Sat Aug 22 2015 Kalev Lember - 2.9.2-6 +- Rename the Python 3 subpackage to python3-libxml2 as per guidelines + +* Wed Jun 17 2015 Fedora Release Engineering - 2.9.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Feb 21 2015 Till Maas - 2.9.2-4 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Wed Jan 21 2015 Tomas Radej - 2.9.2-3 +- Added Python 3 subpackage + +* Thu Oct 16 2014 Lubomir Rintel - 2.9.2-2 +- Avoid corrupting the xml catalogs + +* Thu Oct 16 2014 Daniel Veillard - 2.9.2-1 +- upstream release of 2.9.2 +- Fix for CVE-214-3660 billion laugh DOS +- many other bug fixes + +* Sun Aug 17 2014 Fedora Release Engineering - 2.9.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jul 18 2014 Tom Callaway - 2.9.1-4 +- fix license handling + +* Sat Jun 07 2014 Fedora Release Engineering - 2.9.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 2.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri Apr 19 2013 Daniel Veillard - 2.9.1-1 +- upstream release of 2.9.1 +- a couple more API entry point +- compatibility with python3 +- a lot of bug fixes + +* Mon Feb 11 2013 Daniel Veillard - 2.9.0-4 +- fix --nocheck build which I broke in october rhbz#909767 + +* Mon Nov 19 2012 Jaroslav Reznik - 2.9.0-3 +- workaround for crc/len check failure, rhbz#877567 + +* Thu Oct 11 2012 Daniel Veillard - 2.9.0-2 +- remaining cleanups from merge bug rhbz#226079 +- do not put the docs in the main package, only in -devel rhbz#864731 + +* Tue Sep 11 2012 Daniel Veillard - 2.9.0-1 +- upstream release of 2.9.0 +- A few new API entry points +- More resilient push parser mode +- A lot of portability improvement +- Faster XPath evaluation +- a lot of bug fixes and smaller improvement + +* Fri Aug 10 2012 Daniel Veillard - 2.9.0-0rc1 +- upstream release candidate 1 of 2.9.0 +- introduce a small API change, but ABI compatible, see + https://mail.gnome.org/archives/xml/2012-August/msg00005.html + patches for php, gcc/libjava and evolution-data-connector are upstream + Grab me in cases of problems veillard@redhat.com +- many bug fixes including security aspects and small improvements + +* Thu Jul 19 2012 Fedora Release Engineering - 2.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed May 23 2012 Daniel Veillard - 2.8.0-1 +- upstream release of 2.8.0 +- add lzma compression support +- many bug fixes and small improvements + +* Fri Jan 13 2012 Fedora Release Engineering - 2.7.8-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Mar 4 2011 Daniel Veillard - 2.7.8-6 +- fix a double free in XPath CVE-2010-4494 bug 665965 + +* Tue Feb 08 2011 Fedora Release Engineering - 2.7.8-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Nov 5 2010 Daniel Veillard - 2.7.8-4 +- reactivate shared libs versionning script + +* Thu Nov 4 2010 Daniel Veillard - 2.7.8-1 +- Upstream release of 2.7.8 +- various bug fixes, including potential crashes +- new non-destructive formatting option +- date parsing updated to RFC 5646 + +* Wed Jul 21 2010 David Malcolm - 2.7.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Mon Mar 15 2010 Daniel Veillard - 2.7.7-1 +- Upstream release of 2.7.7 +- fix serious trouble with zlib >= 1.2.4 +- xmllint new option --xpath +- various HTML parser improvements +- includes a number of nug fixes + +* Tue Oct 6 2009 Daniel Veillard - 2.7.6-1 +- Upstream release of 2.7.6 +- restore thread support off by default in 2.7.5 + +* Thu Sep 24 2009 Daniel Veillard - 2.7.5-1 +- Upstream release of 2.7.5 +- fix a couple of Relax-NG validation problems +- couple more fixes + +* Tue Sep 15 2009 Daniel Veillard - 2.7.4-2 +- fix a problem with little data at startup affecting inkscape #523002 + +* Thu Sep 10 2009 Daniel Veillard - 2.7.4-1 +- upstream release 2.7.4 +- symbol versioning of libxml2 shared libs +- very large number of bug fixes + +* Mon Aug 10 2009 Daniel Veillard - 2.7.3-4 +- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416 + +* Sat Jul 25 2009 Fedora Release Engineering - 2.7.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 2.7.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sun Jan 18 2009 Daniel Veillard - 2.7.3-1 +- new release 2.7.3 +- limit default max size of text nodes +- special parser mode for PHP +- bug fixes and more compiler checks + +* Wed Dec 3 2008 Ignacio Vazquez-Abrams - 2.7.2-7 +- Pull back into Python 2.6 + +* Wed Dec 3 2008 Caolán McNamara - 2.7.2-6 +- AutoProvides requires BuildRequires pkgconfig + +* Wed Dec 3 2008 Caolán McNamara - 2.7.2-5 +- rebuild to get provides(libxml-2.0) into HEAD rawhide + +* Mon Dec 1 2008 Ignacio Vazquez-Abrams - 2.7.2-4 +- Rebuild for pkgconfig logic + +* Fri Nov 28 2008 Ignacio Vazquez-Abrams - 2.7.2-3 +- Rebuild for Python 2.6 + +* Wed Nov 12 2008 Daniel Veillard - 2.7.2-2.fc11 +- two patches for size overflows problems CVE-2008-4225 and CVE-2008-4226 + +* Fri Oct 3 2008 Daniel Veillard 2.7.2-1.fc10 +- new release 2.7.2 +- Fixes the known problems in 2.7.1 +- increase the set of options when saving documents + +* Thu Oct 2 2008 Daniel Veillard 2.7.1-2.fc10 +- fix a nasty bug in 2.7.x, http://bugzilla.gnome.org/show_bug.cgi?id=554660 + +* Mon Sep 1 2008 Daniel Veillard 2.7.1-1.fc10 +- fix python serialization which was broken in 2.7.0 +- Resolve: rhbz#460774 + +* Sat Aug 30 2008 Daniel Veillard 2.7.0-1.fc10 +- upstream release of 2.7.0 +- switch to XML 1.0 5th edition +- switch to RFC 3986 for URI parsing +- better entity handling +- option to remove hardcoded limitations in the parser +- more testing +- a new API to allocate entity nodes +- and lot of fixes and clanups + +* Mon Aug 25 2008 Daniel Veillard 2.6.32-4.fc10 +- fix for entities recursion problem +- Resolve: rhbz#459714 + +* Fri May 30 2008 Daniel Veillard 2.6.32-3.fc10 +- cleanup based on Fedora packaging guidelines, should fix #226079 +- separate a -static package + +* Thu May 15 2008 Daniel Veillard 2.6.32-2.fc10 +- try to fix multiarch problems like #440206 + +* Tue Apr 8 2008 Daniel Veillard 2.6.32-1.fc9 +- upstream release 2.6.32 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Wed Feb 20 2008 Fedora Release Engineering - 2.6.31-2 +- Autorebuild for GCC 4.3 + +* Fri Jan 11 2008 Daniel Veillard 2.6.31-1.fc9 +- upstream release 2.6.31 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Thu Aug 23 2007 Daniel Veillard 2.6.30-1 +- upstream release 2.6.30 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Tue Jun 12 2007 Daniel Veillard 2.6.29-1 +- upstream release 2.6.29 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Wed May 16 2007 Matthias Clasen 2.6.28-2 +- Bump revision to fix N-V-R problem + +* Tue Apr 17 2007 Daniel Veillard 2.6.28-1 +- upstream release 2.6.28 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Thu Dec 7 2006 Jeremy Katz - 2.6.27-2 +- rebuild against python 2.5 + +* Wed Oct 25 2006 Daniel Veillard 2.6.27-1 +- upstream release 2.6.27 see http://xmlsoft.org/news.html +- very large amount of bug fixes reported upstream + +* Wed Jul 12 2006 Jesse Keating - 2.6.26-2.1.1 +- rebuild + +* Wed Jul 12 2006 Jesse Keating - 2.6.26-2.1 +- rebuild + +* Wed Jun 7 2006 Daniel Veillard 2.6.26-2 +- fix bug #192873 +* Tue Jun 6 2006 Daniel Veillard 2.6.26-1 +- upstream release 2.6.26 see http://xmlsoft.org/news.html + +* Tue Jun 6 2006 Daniel Veillard +- upstream release 2.6.25 broken, do not ship ! +