libxml2-devel-2.10.3-150500.5.17.1<>,fp9|LMcOfjL4C$*K@bs}y%nlKţOV"uM̞KLHfuÞ+3`Xў(f3ƠN-pq =)XS4uN6Z"<5r":5ESX5͞'p$|[U|;|FWcN+ YLOTGSd3 o/mͲA;δJF޹4>>4?$d % `(,8<Uvz :: ,: : : : :::0:T(8A9A:AFAGX:H@:I(:XdYp\:]:^ bcwdeflu:vw:x:yz Clibxml2-devel2.10.3150500.5.17.1Development files for libxml2, an XML manipulation libraryThe XML C library can load and save extensible data structures or manipulate any kind of XML files. This subpackage contains header files for developing applications that want to make use of libxml.fh01-ch3cSUSE Linux Enterprise 15SUSE LLC MIThttps://www.suse.com/Unspecifiedhttps://gitlab.gnome.org/GNOME/libxml2linuxx86_64$> -*' 4n8[ ,CD {fp h5M )t*;W1?R !' SA{KoAA큤AA큤A큤ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeb1fcace40465c83446a8e2a698b4a5ad22c063315e247f2df1338a3af954512dcb63d3115ece5908c6c5f75813428977ddc791a5a99b59563472210fbbaa2d2fa2dfbf88a92fcb53d8de8bff72522e85b3cd1912b96b086656c1a4c7220f69f440534fc4d3e41f32347a610050d3d027839dc36aff6687db607dfa1db2347a8ecde80ab7bfd3ea67e4a38399d7be94f83cdef32138cec8ad6da1d09c45bcc6e33369486eaf76ec6aa0521cf32648493ed5e7f8289609cc6b2562adafb87cfddf97637b7664ad2b889009107c2a141a381da983d081f4e0ceceab894da9dd06b1fdfcd21e2f20e174a0d983d7ae2bfe5be5099e5d658dab829310d16471452d079ab5f96bc907dc9ae0209b2cff7f72684a94e6bc3036ea6adc52377bbf048b6378ca2f8bf9ac6e5835c911ae8640fce6b36ddba34f2da882afa72a0b6e06ff73c330a139c16a2fa81c8324e33b3b78ef87972c3a34d0387daaa32b80d410a25667bc8a311dd39dd4438a8fb40dcafb5b28e97c7d0894e228833e316bc059c02cef8fc9fb5f5f85f2bf3c0ca061530aab6f72353c26d60791ab1e846c18adac5ad7834001c04ca81a19874f74e85bd67ea7e187d96fd43f53fb55aaea5228c216fb878db01ac0d04d5597b11bad8cd7b59f4d3fcd77c3217afe881387bd24e1835c0fa395900a9f140dc2ec89066fa5562f7ff131d708b8a90ed627e72e0ee5c2cb80dfc972ea553b6e3f3a48bcf79c952ac27315ee66705daf1fc124ca6abf28c4bd2cb0885e7c752aeee2b0f493fdb5844e48896f3a9d32bba3ca9390668e477d8185f5c42a189354db293d492d1483a5fb818d1d326a4f4140d2f64dbdb4714af39bf18e46b69334cf65e09ea79ec731aeea73e238e961f77ce91460eb167555d33ed4f396917ddd7330ba52863312db5fe0fc70422666cc36048a66fc39fba91462b95a82d58e52046afcaa68f127d1cdb381be885d9283352a65976e6bbb522bd267227a0238d03ae3bf580ee6cfc98d62d1709c7ac739785be13807f1a58482561af7bc85b457589ddf114211c7c7d38ea9a761b34c3205b50e1a13118fe9e2622c2759ec2a77a36ebfbbe852bacda1ea88e50eb84c0ce5c6639afc7949c65353157b6cebedede345e0d828230f4244e441137e88d94b7b09293fd70ba6d989d11f8cacca444fa61a5a18a8182295734012a2772b30ddd4fd96776122088bfeca9f6962214e185e1d605b11442de7dfec77e8e7131871698797c489ea9b88cb344fbbabaccef193a29b9fe697b127ffce23ed25e043c1678be16ec31a3824c0c4f69226674c6d7e033464692657fb8fc1424cc0a2b6151a5b32c940cfcac82712d604666b7e41580d7749641a00872829f77bc504efd623a9d40b104de108ede2c1a6641787e565d6f96c4b1aab1b026580030f08aab022c3ddd9faa72dd35dc5489c6c2b73ba85743732f47b0fe9a7cc8f5e5352202becdbdca9a0a48a050a0723aea84bc7c0c754085da0f93fb0972e0deee740b3aa9fc18db817155739bd7bac663e3a16c33d50f1c6b7c83d81d3e14d5387d6b24415fda927c2b87980015cfe658aceb79e9fccb76cfb2b6eb16ed4a84192e4bf411a2e64ce94efe5076d90c3dc26559f834389a1c1eb801afbdd29c734ac7289ccaa7782a756437f10941282eadb99ee5150aff2890d3031a788265ed65683e28698b3240fb4c2ceaff644b642dcb5d1161644225846819bc11e038dc1145e20b91659be6d70a32eba362dc6b3e1d72b455d196171079f91ae2d4f41eba9c40facaccd0766556903ffe34172104e347bff21f13964f5348dcded73ac9ca0160b31905c9d3e79cfb4e94d9f017f7d7746cf66fb0c35701087c2f5beb878fdb50d76e6241f683a2b512dc0fe9d23eddad1192469b7dacc634b6000721f9789fe506c713a5207c6e4775d8dd461f4f047f85ca798d823911835245051ce56413f2ca1ec55f7257d656c14de31972d4d6d9e88cda093f13fb2f4a70f847055c7de74edffe9cc703e79f1167845f5c82547b1451e0f1c4e7bee233b6e4b0440e8339eb80a83dcd58346531876fac2b031f4e537d65ca60d3f3701eff69a7f295062fe1f87114e7444cc579d0174bc2e4b285c68699103a4e24b4417c1892291120abe2c42ea00e65ebfc3e974ebf19f4071e7d92f18cfd7002a6463595274f15ae0f96182d7f4fb6016ae8a6edbc9e346415acbf5e98b311a15ca6de3b8f5aab3952e35b8f65a4d57d229f5968e3d8796b0f24a5cd1a67a0b72f63c5d7757c511c674c9fbe76ee247c75libxml2/libxmllibxml2.so.2.10.3rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootlibxml2-2.10.3-150500.5.17.1.src.rpmlibxml2-devellibxml2-devel(x86-64)pkgconfig(libxml-2.0)@@    /bin/sh/usr/bin/pkg-configglibc-devellibxml2libxml2-2libxml2-toolspkgconfig(liblzma)pkgconfig(zlib)readline-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)xz-develzlib-devel2.10.32.10.32.10.33.0.4-14.6.0-14.0-15.2-14.14.3f|ee@e?ddBzdBzd?c_cIO@cc cd@b)bob4t@b'E@ap`!@`!@`` @`N@`N@`N@`4@_H@_G@__V ^V@^oj@^oj@^l@] @]߶]Γ@]v>]D%]B@]A]@\s\LKZZZ@Z@Y@Y*@YéYéY)@YBvYA%@Y"XWXWH6W>@W(VTQ@TWn@TWn@TSyTAdavid.anes@suse.comdavid.anes@suse.comdavid.anes@suse.comdavid.anes@suse.comdavid.anes@suse.comdavid.anes@suse.comdaniel.garcia@suse.comdavid.anes@suse.combjorn.lie@gmail.compmonreal@suse.combjorn.lie@gmail.combjorn.lie@gmail.comdavid.anes@suse.comdavid.anes@suse.comdimstar@opensuse.orgluc14n0@opensuse.orgmcepl@suse.compmonreal@suse.comrpm@fthiessen.depmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comwicked@iki.fipmonreal@suse.compmonreal@suse.comcode@bnavigator.depmonreal@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.comtchvatal@suse.comtchvatal@suse.comstefan.bruens@rwth-aachen.depmonrealgonzalez@suse.compmonrealgonzalez@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.commgorse@suse.comkukuk@suse.detchvatal@suse.comaavindraa@gmail.comaavindraa@gmail.comjmatejek@suse.comjmatejek@suse.comjengelh@inai.detchvatal@suse.comtchvatal@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.comkstreitova@suse.compsimons@suse.comkstreitova@suse.comsflees@suse.derpm@fthiessen.devcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.com- Security fix (CVE-2024-34459, bsc#1224282) buffer over-read in xmlHTMLPrintFileContext in xmllint.c * Added libxml2-CVE-2024-34459.patch- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader * Added libxml2-CVE-2024-25062.patch- Security update: * [CVE-2023-45322, bsc#1216129] use-after-free in xmlUnlinkNode() in tree.c - Added file libxml2-CVE-2023-45322.patch- Security update: * [CVE-2023-39615, bsc#1214768] Crafted xml can cause global buffer overflow - Added file libxml2-CVE-2023-39615.patch- Security update: * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings isn't deterministic - Added patch libxml2-CVE-2023-29469.patch * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in xmlSchemaFixupComplexType - Added patch libxml2-CVE-2023-28484-1.patch - Added patch libxml2-CVE-2023-28484-2.patch- Remove unneeded dependency (bsc#1209918).- Build also for modern python version (jsc#PED-68)- Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz- Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304): + Security: - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE - Fix overflow check in SAX2.c + Build system: cmake: Set SOVERSION - Rebase patches with quilt.- Build for now with --with-legacy to enable APIs that have been deprecated recently. (bsc#1202965)- Update to version 2.10.2: * Improvements: + Remove set-but-unused variable in xmlXPathScanName + Silence -Warray-bounds warning * Build system + build: require automake-1.16.3 or later + Remove generated files from distribution * Test suite: Don't create missing.xml when running testapi - Add configure --with-python=%{__python3} inbefore python build, as upstream no longer ships pre-grenerated files. - Use sed to fix env-script-interpreter in documentation example. - Pass with-ftp to configure, build ftp support.- Update to version 2.10.1: * Regressions: Fix xmlCtxtReadDoc with encoding * Bug fixes: Fix HTML parser with threads and --without-legacy * Build system: + Fix build with Python 3.10 + cmake: Disable version script on macOS + Remove Makefile rule to build testapi.c * Documentation: + Switch back to HTML output for API documentation + Port doc/examples/index.py to Python 3 + Fix order of exports in libxml2-api.xml + Remove libxml2-refs.xml- Update to 2.10.0: * Security + [CVE-2022-2309] Reset nsNr in xmlCtxtReset + Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer + Fix missing NUL terminators in xmlBuf and xmlBuffer functions + Fix integer overflow in xmlBufferDump() + xmlBufAvail() should return length without including a byte for NUL terminator + Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() + Use xmlNewDocText in xmlXIncludeCopyRange + Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser + Use UPDATE_COMPAT() consistently in buf.c + fix: xmlXPathParserContext could be double-delete in OOM case. * Removals and deprecations + Disable XPointer location support by default + Remove outdated xml2Conf.sh + Deprecate module init and cleanup functions + Remove obsolete XML Software Autoupdate (XSA) file + Remove DOCBparser + Remove obsolete Python test framework + Remove broken VxWorks support + Remove broken Mac OS 9 support + Remove broken bakefile support + Remove broken Visual Studio 2010 support + Remove broken Windows CE support + Deprecate IDREF-related functions in valid.h + Deprecate legacy functions + Disable legacy support by default + Deprecate all functions in nanoftp.h + Disable FTP support by default + Add XML_DEPRECATED macro + Remove elfgcchack.h * Regressions + Skip incorrectly opened HTML comments + Restore behavior of htmlDocContentDumpFormatOutput() * Bug fixes + Fix memory leak with invalid XSD + Make XPath depth check work with recursive invocations + Fix memory leak in xmlLoadEntityContent error path + Avoid double-free if malloc fails in inputPush + Properly fold whitespace around the QName value when validating an XSD schema. + Add whitespace folding for some atomic data types that it's missing on. + Don't add IDs containing unexpanded entity references * Improvements + Avoid calling xmlSetTreeDoc + Simplify xmlFreeNode + Don't reset nsDef when changing node content + Fix unintended fall-through in xmlNodeAddContentLen + Remove unused xmlBuf functions + Implement xpath1() XPointer scheme + Add configuration flag for XPointer locations support + Fix compiler warnings in Python code + Mark more static data as `const` + Make xmlStaticCopyNode non-recursive + Clean up encoding switching code + Simplify recursive pthread mutex + Use non-recursive mutex in dict.c + Fix parser progress checks + Avoid arithmetic on freed pointers + Improve buffer allocation scheme + Remove unneeded #includes + Add support for some non-standard escapes in regular expressions. + htmlParseComment: handle abruptly-closed comments + Add let variable tag support + Add value-of tag support + Remove useless call to xmlRelaxNGCleanupTypes + Don't include ICU headers in public headers + Update `xmlStrlen()` to use POSIX / ISO C `strlen()` + Fix unused variable warnings with disabled features + Only warn on invalid redeclarations of predefined entities + Remove unneeded code in xmlreader.c + Rework validation context flags * Portability + Use NAN/INFINITY if available to init XPath NaN/Inf + Fix Python tests on macOS + Fix xmlCleanupThreads on Windows + Fix reinitialization of library on Windows + Don't mix declarations and code in runtest.c + Use portable python shebangs + Use critical sections as mutex on Windows + Don't set HAVE_WIN32_THREADS in win32config.h + Use stdint.h with newer MSVC + Remove cruft from win32config.h + Remove isinf/isnan emulation in win32config.h + Always fopen files with "rb" + Remove __DJGPP__ checks + Remove useless __CYGWIN__ checks * Build system + Don't autogenerate doc/examples/Makefile.am + cmake: Install libxml.m4 on UNIX-like platforms + cmake: Use symbol versioning on UNIX-like platforms + Port genUnicode.py to Python 3 + Port gentest.py to Python 3 + cmake: Fix build without thread support + cmake: Install documentation in CMAKE_INSTALL_DOCDIR + cmake: Remove non needed files in docs dir + configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set + Move local Autoconf macros into m4 directory + Use XML_PRIVATE_LIBS in libxml2_la_LIBADD + Update libxml-2.0-uninstalled.pc.in + Remove LIBS from XML_PRIVATE_LIBS + Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS + Don't overlink executables + cmake: Adjust paths for UNIX or UNIX-like target systems + build: Make use of variables in libxml's pkg-config file + Avoid obsolescent `test -a` constructs + Move AM_MAINTAINER_MODE to AM section + configure.ac: make AM_SILENT_RULES([yes]) unconditional + Streamline documentation installation + Don't try to recreate COPYING symlink + Detect libm using libtool's macros + configure.ac: disable static libraries by default + python/Makefile.am: nest python docs in $(docdir) + python/Makefile.am: rely on global AM_INIT_AUTOMAKE + Makefile.am: install examples more idiomatically + configure.ac: remove useless AC_SUBST + Respect `--sysconfdir` in source files + Ignore configure backup file created by recent autoreconf too + Only install *.html and *.c example files + Remove --with-html-dir option + Rework documentation build system + Remove old website + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings + Update genChRanges.py + Update build_glob.py + Remove ICONV_CONST test + Remove obsolete AC_HEADER checks + Don't check for standard C89 library functions + Don't check for standard C89 headers + Remove special configuration for certain maintainers * Test suite, CI + Disable network in API tests + testapi: remove leading slash from "/missing.xml" + Build Autotools CI tests out of source tree (VPATH) + Add --with-minimum build to CI tests + Fix warnings when testing --with-minimum build + cmake: Run all tests when threads are disabled + Also build CI tests with -Werror + Move doc/examples tests to new test suite + Simplify 'make check' targets + Fix schemas and relaxng tests + Remove unused result files + Allow missing result files in runtest + Move regexp tests to runtest + Move SVG tests to runtest.c + Move testModule to new test suite + Move testThreads to new test suite + Remove major parts of old test suite + Make testchar return an error on failure + Add CI job for static build + python/tests: open() relative to test scripts + Port some test scripts to Python 3 * Documentation + Improve documentation of tree manipulation API + Update xml2-config man page + Consolidate man pages + Rename xmlcatalog_man.xml + Make examples a standalone HTML page + Fix documentation in entities.c + Add note about optimization flags- Update to 2.9.14: * Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent * Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex * Improvements: + Fix recovery from invalid HTML start tags * Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build- Build python bindings in a 2nd run, using multibuild: otherwise, libxml2 requires pkgconfig(libxml-2.0) to build, causing issues to bootstrap.- Update to version 2.9.13: * Security fixes: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes (boo#1196490); + Several memory leaks and another issues. * Many regressions fixes. * Numerous bug fixes, including, among many others: + xmllint's --maxmem option should work as expected now; + xmllint now returns an error if arguments are missing. * Numerous tests and code and fuzzing fixes and improvements. * Updated documentation. - The full Libxml2 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxml2/2.9/\ libxml2-2.9.13.news. - Replace version-release macros in all 3 Obsoletes tag with plain 2.9.13 to avoid unwanted behaviors in the future. - Remove dropped upstream AUTHORS file from list of files to be installed in the documentation location with 'cp' command. - Update http://xmlsoft.org URL tag to Libxml2's new web home: https://gitlab.gnome.org/GNOME/libxml2. - Update ftp://xmlsoft.org Source tag to Libxml2's new download host: https://download.gnome.org. - Drop deprecated Python-2-related macro definitions/conditional statement from spec file. - Drop merged upstream patches: libxml2-fix-lxml-corrupted-subtree-structures.patch; libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch. - Drop libxml2.keyring source file as the new download host doesn't offer GPG signatures. - Use ldconfig_scriptlets macro for post(un) handling.- Rewrite package to the single-spec %python_subpackage_only style and eliminate unnecessary multibuild.- Fix python-lxml regression with libxml2 2.9.12: * Work around lxml API abuse: gitlab.gnome.org/GNOME/libxml2/issues/255 - Add upstream patches: * libxml2-fix-lxml-corrupted-subtree-structures.patch * libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch- Update to version 2.9.12 * Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879), CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928) * Fix null deref in legacy SAX1 parser * Fix handling of unexpected EOF in xmlParseContent * Fix user-after-free * Validate UTF8 in xmlEncodeEntities * Fix memory leak in xmlParseElementMixedContentDecl * Fix integer overflow in xmlSchemaGetParticleTotalRangeMin * Fix SEGV in xmlSAXParseFileWithData * Don't process siblings of root in xmlXIncludeProcess * Full changes: http://xmlsoft.org/news.html - Drop upstream fixed * libxml2-CVE-2021-3541.patch * libxml2-CVE-2021-3537.patch * libxml2-CVE-2021-3518.patch * libxml2-CVE-2021-3517.patch * libxml2-CVE-2021-3516.patch * libxml2-CVE-2020-7595.patch * libxml2-CVE-2019-20388.patch * libxml2-CVE-2020-24977.patch * libxml2-CVE-2019-19956.patch * libxml2-python39.patch * libxml2-Avoid-quadratic-checking-of-identity-constraints.patch - Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch - Drop since 2.8.0 merged fix-perl.diff - Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch- Security fix: [bsc#1186015, CVE-2021-3541] * Exponential entity expansion attack bypasses all existing protection mechanisms. - Add libxml2-CVE-2021-3541.patch- Security fix: [bsc#1185698, CVE-2021-3537] * NULL pointer dereference in valid.c:xmlValidBuildAContentModel * Add libxml2-CVE-2021-3537.patch- Security fix: [bsc#1185408, CVE-2021-3518] * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() * Add libxml2-CVE-2021-3518.patch- Security fix: [bsc#1185410, CVE-2021-3517] * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3517.patch- Security fix: [bsc#1185409, CVE-2021-3516] * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3516.patch- Fails to build against Python 3.9: * Add upstream commit that fixes the issue https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1 - Add patch libxml2-python39.patch- Security fix: [bsc#1161521, CVE-2019-20388] * Memory leak in xmlSchemaPreRun in xmlschemas.c - Add libxml2-CVE-2019-20388.patch- Avoid quadratic checking of identity-constraints: [bsc#1178823] * key/unique/keyref schema attributes currently use qudratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. - Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch- Make python subpackage ready for multiple python3 flavors gh#openSUSE/python-rpm-macros#66- Security fix: [bsc#1176179, CVE-2020-24977] * xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal - Add patch libxml2-CVE-2020-24977.patch- Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021] - Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549 * Add patch libxml2-CVE-2019-19956.patch- Security fix: [bsc#1161517, CVE-2020-7595] * xmlStringLenDecodeEntities in parser.c has an infinite loop in a certain end-of-file situation - Add libxml2-CVE-2020-7595.patch- Do not pull in the non-python deps on the python build- Revert the previous change and use multibuild to determine supported flavors. We need to be able to enable/disable pythons in prjconf and multibuild directly clashes with that.- Build python2 and python3 bindings in separate flavors. As python3-libxml2 is a dependency of e.g. itstools and thus many other packages these packages no longer have a build dependency on python2. Breaks a build loop for python2.- Since libxml2-2.9.10 perl-XML-LibXSLT fails to build: [bsc#1157450] * Revert upstream commit to make xmlFreeNodeList non-recursive https://github.com/GNOME/libxml2/commit/0762c9b69ba01628f72eada1c64ff3d361fb5716 - Add patch libxml2-xmlFreeNodeList-recursive.patch- Version update to 2.9.10: * Portability: + Fix exponent digits when running tests under old MSVC + Work around buggy ceil() function on AIX + Don't call printf with NULL string in runtest.c + Switched from unsigned long to ptrdiff_t in parser.c + timsort.h: support older GCCs + Make configure.ac work with older pkg-config * Bug Fixes: + Fix for conditional sections at end of document + Make sure that Python tests exit with error code + Audit memory error handling in xpath.c + Fix error code in xmlTextWriterStartDocument + Fix integer overflow when counting written bytes + Fix uninitialized memory access in HTML parser + Fix memory leak in xmlSchemaValAtomicType + Disallow conditional sections in internal subset + Fix use-after-free in xmlTextReaderFreeNodeList + Fix Regextests + Fix empty branch in regex + Fix integer overflow in entity recursion check + Don't read external entities or XIncludes from stdin + Fix Schema determinism check of ##other namespaces + Fix potential null deref in xmlSchemaIDCFillNodeTables + Fix potential memory leak in xmlBufBackToBuffer + Fix error message when processing XIncludes with fallbacks + Fix memory leak in xmlRegEpxFromParse + 14:00 is a valid timezone for xs:dateTime + Fix memory leak in xmlParseBalancedChunkMemoryRecover + Fix potential null deref in xmlRelaxNGParsePatterns + Misleading error message with xs:{min|max}Inclusive + Fix memory leak in xmlXIncludeLoadTxt + Partial fix for comparison of xs:durations + Fix null deref in xmlreader buffer + Fix unability to RelaxNG-validate grammar with choice-based name class + Fix unability to validate ambiguously constructed interleave for RelaxNG + Fix possible null dereference in xmlXPathIdFunction + fix memory leak in xmlAllocOutputBuffer + Fix unsigned int overflow + dict.h: gcc 2.95 doesn't allow multiple storage classes + Fix another code path in xmlParseQName + Make sure that xmlParseQName returns NULL in error case + Fix build without reader but with pattern + Fix memory leak in xmlAllocOutputBufferInternal error path + Fix unsigned integer overflow + Fix return value of xmlOutputBufferWrite + Fix parser termination from "Double hyphen within comment" error + Fix call stack overflow in xmlFreePattern + Fix null deref in previous commit + Fix memory leaks in xmlXPathParseNameComplex error paths + Check for integer overflow in xmlXPtrEvalChildSeq + Fix xmllint dump of XPath namespace nodes + Fix float casts in xmlXPathSubstringFunction + Fix null deref in xmlregexp error path + Fix null pointer dereference in xmlTextReaderReadOuterXml + Fix memory leaks in xmlParseStartTag2 error paths + Fix memory leak in xmlSAX2StartElement + Fix commit "Memory leak in xmlFreeID (xmlreader.c)" + Fix NULL pointer deref in xmlTextReaderValidateEntity + Memory leak in xmlFreeTextReader + Memory leak in xmlFreeID (xmlreader.c) * Improvements: + Propagate memory errors in valuePush + Propagate memory errors in xmlXPathCompExprAdd + Make xmlFreeDocElementContent non-recursive + Avoid ignored attribute warnings under GCC + Make xmlDumpElementContent non-recursive + Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE + Mark xmlExp* symbols as removed + Make xmlParseConditionalSections non-recursive + Adjust expected error in Python tests + Make xmlTextReaderFreeNodeList non-recursive + Make xmlFreeNodeList non-recursive + Make xmlParseContent and xmlParseElement non-recursive + Remove executable bit from non-executable files + Fix expected output of test/schemas/any4 + Optimize build instructions in README + xml2-config.in: Output CFLAGS and LIBS on the same line + xml2-config: Add a --dynamic switch to print only shared libraries + Annotate functions with __attribute__((no_sanitize)) + Fix warnings when compiling without reader or push parser + Remove unused member `doc` in xmlSaveCtxt + Limit recursion depth in xmlXPathCompOpEvalPredicate + Remove -Wno-array-bounds + Remove unreachable code in xmlXPathCountFunction + Improve XPath predicate and filter evaluation + Limit recursion depth in xmlXPathOptimizeExpression + Disable hash randomization when fuzzing + Optional recursion limit when parsing XPath expressions + Optional recursion limit when evaluating XPath expressions + Use break statements in xmlXPathCompOpEval + Optional XPath operation limit + Fix compilation with --with-minimum + Check XPath stack after calling functions + Remove debug printf in xmlreader.c + Always define LIBXML_THREAD_ENABLED when enabled + Fix unused function warning in testapi.c + Remove unneeded function pointer casts + Fix -Wcast-function-type warnings (GCC 8) + Fix -Wformat-truncation warnings (GCC 8) * Cleanups: + Rebuild docs + Disable xmlExp regex code + Remove redundant code in xmlRelaxNGValidateState + Remove redundant code in xmlXPathCompRelationalExpr - Rebase patch fix-perl.diff- Do not depend on setuptools to keep the depgraph small and avoid build cycles- Use python[23]-libmxl2 as python names not python-libxml2-python which is kinda confusing- Do not ship libtool archive anymore- Enable tests also in the python subpackages- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files [bsc#1135123] * Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch- Merge python-libxml2-python spec and changes files into the libxml2 ones using _multibuild [bsc#1126499, bsc#1123919]- Version update to 2.9.9: * Security: + CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (boo#1088279 boo#1105166). + CVE-2018-14404 Fix nullptr deref with XPath logic ops (boo#1102046). * Bug fixes: + Fix building relative URIs + Problem with data in interleave in RelaxNG validation + Fix memory leak in xmlSwitchInputEncodingInt error path + Set doc on element obtained from freeElems + Fix HTML serialization with UTF-8 encoding + Use actual doc in xmlTextReaderRead*Xml + Unlink node before freeing it in xmlSAX2StartElement + Check return value of nodePush in xmlSAX2StartElement + Free input buffer in xmlHaltParser + Reset HTML parser input pointers on encoding failure + Fix xmlSchemaValidCtxtPtr reuse memory leak + Fix xmlTextReaderNext with preparsed document + HTML noscript should not close p + Don't change context node in xmlXPathRoot * Improvements: + Remove redefined starts and defines inside include elements + Allow choice within choice in nameClass in RELAX NG + Look inside divs for starts and defines inside include + Add newlines to 'xmllint --xpath' output + Don't include SAX.h from globals.h + Support xmlTextReaderNextSibling w/o preparsed doc + Improve restoring of context size and position + Simplify and harden nodeset filtering + Avoid unnecessary backups of the context node + Fix inconsistency in xmlXPathIsInf - Add libxml2-python3-string-null-check.patch: fix NULL pointer dereference when parsing invalid data (bsc#1065270 glgo#libxml2!15).).- Use %license instead of %doc [bsc#1082318]- Version update to 2.9.8: * Various -Werror fixes and compilation updates as travis is now used by upstream * Few additional tests added for ICU operations - Drop patch python3.6-verify_fd.patch merged upstream- Version update to 2.9.7 release: * Bug Fixes: + xmlcatalog: restore ability to query system catalog easily + Fix comparison of nodesets to strings * Improvements: + Add Makefile rules to rebuild HTML man pages + Remove generated file python/setup.py from version control + Fix mixed decls and code in timsort.h + Rework handling of return values in thread tests + Fix unused variable warnings in testrecurse + Fix -Wimplicit-fallthrough warnings + Upgrade timsort.h to latest revision + Fix a couple of warnings in dict.c and threads.c + Fix unused variable warnings in nanohttp.c + Don't include winsock2.h in xmllint.c + Use __linux__ macro in generated code * Portability: + Add declaration for DllMain + Fix preprocessor conditional in threads.h + Fix macro redefinition warning + many Windows specific improvements * Documentation: + xmlcatalog: refresh man page wrt. quering system catalog easily - Includes bug fixes from 2.9.6: * Fix XPath stack frame logic * Report undefined XPath variable error message * Fix regression with librsvg * Handle more invalid entity values in recovery mode * Fix structured validation errors * Fix memory leak in LZMA decompressor * Set memory limit for LZMA decompression * Handle illegal entity values in recovery mode * Fix debug dump of streaming XPath expressions * Fix memory leak in nanoftp * Fix memory leaks in SAX1 parser - Drop libxml2-bug787941.patch * upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8- clean with spec-cleaner- libxml2-python3-unicode-errors.patch: work around an issue with libxml2 supplied error strings being undecodable UTF-8 (bsc#1065270)- convert to singlespec, build a python 3 version - change build instructions to use setup.py (and %python_build macros) instead of makefile-based approach - add python3.6-verify_fd.patch that fixes libxml2 on python 3.6 - rename to python-libxml2-python to conform to package naming policy (PyPI name is "libxml2-python")- Update package summaries and RPM groups. Trim descriptions for size on secondary subpackages. Replace install call by a commonly-used macro.- Add patch to fix TW integration: * libxml2-bug787941.patch- Version update to 2.9.5 release: * Merged all the previous cve fixes that were patched in * Few small tweaks - Remove merged patches: * libxml2-CVE-2016-4658.patch * libxml2-CVE-2017-0663.patch * libxml2-CVE-2017-5969.patch * libxml2-CVE-2017-9047.patch * libxml2-CVE-2017-9048.patch * libxml2-CVE-2017-9049.patch * libxml2-2.9.4-fix_attribute_decoding.patch- Security fix: * libxml2-CVE-2017-0663.patch [bsc#1044337, CVE-2017-0663] * Fix Heap buffer overflow in xmlAddID- Security fix: * libxml2-CVE-2017-5969.patch [bsc#1024989, CVE-2017-5969] * Fix NULL pointer deref in xmlDumpElementContent- Security fixes: * libxml2-CVE-2017-9049.patch [bsc#1039066] * heap-based buffer overflow (xmlDictComputeFastKey func) * libxml2-CVE-2017-9048.patch [bsc#1039063] * stack overflow vulnerability (xmlSnprintfElementContent func) * libxml2-CVE-2017-9047.patch [bsc#1039064] * stack overflow vulnerability (xmlSnprintfElementContent func)- Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in XPointer ranges. Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges [bsc#1005544] [CVE-2016-4658]- add libxml2-2.9.4-fix_attribute_decoding.patch to fix attribute decoding during XML schema validation [bnc#983288]- Update libxml2 to version libxml2-2.9.4. The new version is resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835, CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838, CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and CVE-2016-1762. - Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch, 0001-Add-missing-increments-of-recursion-depth-counter-to.patch, and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch.- add libxml2-2.9.3-bogus_UTF-8_encoding_error.patch to fix XML push parser that fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer [bnc#962796]- Add libxml2-2.9.1-CVE-2016-3627.patch to fix stack exhaustion while parsing certain XML files in recovery mode (CVE-2016-3627, bnc#972335). - Add 0001-Add-missing-increments-of-recursion-depth-counter-to.patch to improve protection against Billion Laughs Attack (bnc#975947).- Update to new upstream release 2.9.3 (bsc#954429): * Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, CVE-2015-1819, CVE-2015-7497, CVE-2015-7498, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500 and CVE-2015-8242 * And other bugfixes - Removed upstream fixed patches: * libxml2-dont_initialize_catalog.patch * 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch * 0002-Adding-example-from-bugs-738805-to-regression-tests.patch- fix a missing entities after CVE-2014-3660 fix (https://bugzilla.gnome.org/show_bug.cgi?id=738805) * added patches: 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch 0002-Adding-example-from-bugs-738805-to-regression-tests.patch- fix a regression in libxml2 2.9.2 * https://bugzilla.redhat.com/show_bug.cgi?id=1153753 - add libxml2-dont_initialize_catalog.patch- update to 2.9.2 * drop libxml2-CVE-2014-3660.patch (upstream) * add keyring to verify tarball Security: Fix for CVE-2014-3660 billion laugh variant CVE-2014-0191 Do not fetch external parameter entities Improvements: win32/libxml2.def.src after rebuild in doc elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode Provide cmake module Fix a couple of issues raised by make dist Fix and add const qualifiers Preparing for upcoming release of 2.9.2 Fix zlib and lzma libraries check via command line wrong error column in structured error when parsing end tag doc/news.html: small update to avoid line join while generating NEWS. Add methods for python3 iterator Support element node traversal in document fragments xmlNodeSetName: Allow setting the name to a substring of the currently set name Added macros for argument casts adding init calls to xml and html Read parsing entry points Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c Implement choice for name classes on attributes Two small namespace tweaks xmllint --memory should fail on empty files Cast encoding name to char pointer to match arg type- fix for CVE-2014-3660 (bnc#901546) * denial of service via recursive entity expansion (related to billion laughs) * added libxml2-CVE-2014-3660.patchh01-ch3c 1719849230  !"#$%&'()*+,-./0123456789:2.10.3-150500.5.17.12.10.3-150500.5.17.12.10.3 xml2-configlibxmllibxml2libxmlHTMLparser.hHTMLtree.hSAX.hSAX2.hc14n.hcatalog.hchvalid.hdebugXML.hdict.hencoding.hentities.hglobals.hhash.hlist.hnanoftp.hnanohttp.hparser.hparserInternals.hpattern.hrelaxng.hschemasInternals.hschematron.hthreads.htree.huri.hvalid.hxinclude.hxlink.hxmlIO.hxmlautomata.hxmlerror.hxmlexports.hxmlmemory.hxmlmodule.hxmlreader.hxmlregexp.hxmlsave.hxmlschemas.hxmlschemastypes.hxmlstring.hxmlunicode.hxmlversion.hxmlwriter.hxpath.hxpathInternals.hxpointer.hcmakelibxml2libxml2-config.cmakelibxml2.solibxml-2.0.pcaclocallibxml.m4xml2-config.1.gz/usr/bin//usr/include//usr/include/libxml2//usr/include/libxml2/libxml//usr/lib64//usr/lib64/cmake//usr/lib64/cmake/libxml2//usr/lib64/pkgconfig//usr/share//usr/share/aclocal//usr/share/man/man1/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:34533/SUSE_SLE-15-SP5_Update/d7e0afe122be8a5788151831aad91b07-libxml2.SUSE_SLE-15-SP5_Updatedrpmxz5x86_64-suse-linuxPOSIX shell script, ASCII text executabledirectoryC source, ASCII textASCII textpkgconfig fileM4 macro processor script, ASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RPR,rN퍢Dutf-8090b4c51dfa66f7dddaf325563b063a676fbe7e7f10aa5d41f67957dfa9411c7? 7zXZ !t/F%g]"k%H6_.*O?˜7:}шy<4ΐŢȱG6Tg E^FD:WplPGK–Iքb[TX7s=D` _d@QHR HP;ǮTF;U %ٌ`<5K 5-mlp֐&4PJiDVj9 Pėξ]AĪ0Ü=X?ET)rQKM+ HcZ*F/[?Hq}/ǝ Xa.6 T2 ״Aa#H=׏Ngůko`7yG',I=Cgz-tJdg]P8Q4-<%9Qr ? G*b=ozPc٢ڡ)bZ­S9[{:#ιJp!BgΝ*:FxKJ]49uawх1ybhoauQ;dkh5(iDګH=!Ŕ\ݚdbixj0'[c7&4^N}bP5VդwL69Pl <*Cub=@?7`Ws*Xx]nN/gZvhBFȐ௲XS wEaT˃ne,N Pfe06ě1w3!Y Lh_^LHģzkQA, é l|% }Xrq<v/;Ӆ1F+TOmN(پ$ G7SOqQmq"艀t k( E+ kV.p[ϗ8f9<"룸} o C/Q_S7F,)*`(0o~!n۞h]MɈ VwT)IyTs="Wo[̲'\c' ϷG_dћʽV(]U& -~t\f !.X5('Ȋt , ޽ixK#2K=8%" FE !0^L6J#N Q =+ ﵏D@rhm (6(]^a|@TzL-|- 'oح{8s>AF^Xaab [Hhh}Ql#h/ ߳l|XTw6^rehWOEE`&ua(?cpiTcZ{{<^h}5Tz,`m;шZoE˽ Ot(C\@KEWx&T\1ZZn&/ `찘rrFݒf+y 2R!WF`)=V#ԹeƂsP 4N/]|QCXe?$9OYNNjsvYcu?Qboko:Tv: L0vqUpҦoCE2!z|I}0錃]tG>&i'֫3Z{ּQWxlAfֱyi؛3 ;O4@ ncΔ|A'EXf+%z_r۞)*'ƠFR#fLvtj#ֆ)qukѷrck\w'N q80<[@<ǰ\I7aABjIE& v5l=/%AΘ0[ Qi MEc8)j~lfhD?wsw2Ĥug06Y5ucIҳ+)Bf 'I_Oľiu;>m SLk{ *O~Jo1_JB̼WG)`(.դ] O/5uQtդx#`AuJfk;#kvd@Ynޥܷ2KgJ8Gh[b~9mNخPC0AHD[M[,"Q RA5 {yp/Q'Q#2vr'd[BܱeǂBIrKf&t-I03 wbZOm ?رK3QkyȓP@I4iBqeJ ]>P^n{ifzDZ32TR< R7^p]CוbG5j-L۱XLqDb='(\Ry1K`9rGyiNjt5+S&Vhbxߡ^1<ǥT_>fA11T`c!80X7f}yi˛#/{[&9zjZav'q} Z`8ُ|g##yo;w&Grm2<>zwD/ZQ:/%GUv6$ūūnWf(ߑ:b]Q2֦%[5O_AVsV"'JsA`hDHd{Mk󢲘T9Y"[׻1:vcK9.ɛ`%FmA8-ASv"2 ϙiѱh ʞfG&׃C5x޼Q7oeXL~%^lŠ\]j@C|M.=m-wX4'Qcrͻ^ _ysе ` ]%N*pgElj7vH{f \_j?B7Qa_xdڕךdA/FG*5=; P: Բ.V?_ҝ~5MuX|ONtwM7Ft')pΑ)\U[뀫{!"Û9_v4!\Yo43p>o(byK] 7J$+qޞJ-^a/+) a &bj%vDGD/<_1K޻࢟3d.D JjY:BWܻҌFDoȉo~naQ'Ԡi431Z~+!ËDM~ʣȝ+p~fq/ yDmq|[IQiɹwuS@N=C, c_nw&Zdw0cM<ү7!e6إ f>cpF'.#dDrxfpcj=nF B`YWpW͎ҘvM)3vj9b,*5*t{:Qژe=;ǥs~DoY(5UH04k_ś&QI.h TCw 1HLx6J Uutվ8ZYS12_?i#UqHۤL륝]x4}[NDCNV*yHj @b1`W (C%T?*4pF54[wd:;1tV=f$7m#'BviZ,t)ؼ+MlFmT"&^u)B&igK,9Yc/6G9ע'#`ϑ$W~DcKӺt YDvf|aaEδg)ׇ2f]A{՚u%#!z$C)'UMeWBh,21rsg%kVt䟆SoL]Dy$v7cXa;p>/*wM/jGh@)IxhTmZSyP{4Yb5V c5?EإKrf"?fQ=cr3P'ygZd&r_6~1vkfiQ,dtjQ_l]s#TqFyZmsɢ (}!!v!d޳\3Qk𐃗aL`y.uH@#p? bR\S!q"OIQLdGRM^㏗_~Ox.lO{5&95͎Z0)cy T HtY1Wa* Q䃥wUŽ# \! 5Q"ËmԎŸGr[[<.h֠D!_ɷlke#V~L١}5O}7Bx I^)Xh/EYe&.wu4BC.+u{=oV?<7EO\4-kNy^a|sO^tp{hٴjSܡќP_U}_B3EQ\#u&h3J[7f8$7{;s0;P3ު3Z#C6ي@te :D:`u'g|%P cE̖_@ -)CB(cFʿPG[$M\kkCĽfܨ>Z-L YZ