From 3d17323276b485f91a5485f88875c1183492d468 Mon Sep 17 00:00:00 2001 From: Toshaan Bharvani Date: Wed, 6 Jul 2022 15:21:38 +0200 Subject: [PATCH] initial package creation Signed-off-by: Toshaan Bharvani --- SOURCES/libxml2-2.9.13-CVE-2022-29824.patch | 341 +++++++++++ ...libxml2-2.9.8-python3-unicode-errors.patch | 34 ++ SOURCES/libxml2-multilib.patch | 24 + SPECS/libxml2.spec | 541 ++++++++++++++++++ 4 files changed, 940 insertions(+) create mode 100644 SOURCES/libxml2-2.9.13-CVE-2022-29824.patch create mode 100644 SOURCES/libxml2-2.9.8-python3-unicode-errors.patch create mode 100644 SOURCES/libxml2-multilib.patch create mode 100644 SPECS/libxml2.spec diff --git a/SOURCES/libxml2-2.9.13-CVE-2022-29824.patch b/SOURCES/libxml2-2.9.13-CVE-2022-29824.patch new file mode 100644 index 0000000..314ab93 --- /dev/null +++ b/SOURCES/libxml2-2.9.13-CVE-2022-29824.patch @@ -0,0 +1,341 @@ +From ecc43dce8e2cd19f635841e788421d0f4bd72cce Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 8 Mar 2022 20:10:02 +0100 +Subject: [PATCH] [CVE-2022-29824] Fix integer overflows in xmlBuf and + xmlBuffer + +In several places, the code handling string buffers didn't check for +integer overflow or used wrong types for buffer sizes. This could +result in out-of-bounds writes or other memory errors when working on +large, multi-gigabyte buffers. + +Thanks to Felix Wilhelm for the report. +--- + buf.c | 86 +++++++++++++++++++++++----------------------------------- + tree.c | 72 ++++++++++++++++++------------------------------ + 2 files changed, 61 insertions(+), 97 deletions(-) + +diff --git a/buf.c b/buf.c +index 24368d37..40a5ee06 100644 +--- a/buf.c ++++ b/buf.c +@@ -30,6 +30,10 @@ + #include /* for XML_MAX_TEXT_LENGTH */ + #include "buf.h" + ++#ifndef SIZE_MAX ++#define SIZE_MAX ((size_t) -1) ++#endif ++ + #define WITH_BUFFER_COMPAT + + /** +@@ -156,6 +160,8 @@ xmlBufPtr + xmlBufCreateSize(size_t size) { + xmlBufPtr ret; + ++ if (size == SIZE_MAX) ++ return(NULL); + ret = (xmlBufPtr) xmlMalloc(sizeof(xmlBuf)); + if (ret == NULL) { + xmlBufMemoryError(NULL, "creating buffer"); +@@ -166,8 +172,8 @@ xmlBufCreateSize(size_t size) { + ret->error = 0; + ret->buffer = NULL; + ret->alloc = xmlBufferAllocScheme; +- ret->size = (size ? size+2 : 0); /* +1 for ending null */ +- ret->compat_size = (int) ret->size; ++ ret->size = (size ? size + 1 : 0); /* +1 for ending null */ ++ ret->compat_size = (ret->size > INT_MAX ? INT_MAX : ret->size); + if (ret->size){ + ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar)); + if (ret->content == NULL) { +@@ -442,23 +448,17 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) { + CHECK_COMPAT(buf) + + if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); +- if (buf->use + len < buf->size) ++ if (len < buf->size - buf->use) + return(buf->size - buf->use); ++ if (len > SIZE_MAX - buf->use) ++ return(0); + +- /* +- * Windows has a BIG problem on realloc timing, so we try to double +- * the buffer size (if that's enough) (bug 146697) +- * Apparently BSD too, and it's probably best for linux too +- * On an embedded system this may be something to change +- */ +-#if 1 +- if (buf->size > (size_t) len) +- size = buf->size * 2; +- else +- size = buf->use + len + 100; +-#else +- size = buf->use + len + 100; +-#endif ++ if (buf->size > (size_t) len) { ++ size = buf->size > SIZE_MAX / 2 ? SIZE_MAX : buf->size * 2; ++ } else { ++ size = buf->use + len; ++ size = size > SIZE_MAX - 100 ? SIZE_MAX : size + 100; ++ } + + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { + /* +@@ -744,7 +744,7 @@ xmlBufIsEmpty(const xmlBufPtr buf) + int + xmlBufResize(xmlBufPtr buf, size_t size) + { +- unsigned int newSize; ++ size_t newSize; + xmlChar* rebuf = NULL; + size_t start_buf; + +@@ -772,9 +772,13 @@ xmlBufResize(xmlBufPtr buf, size_t size) + case XML_BUFFER_ALLOC_IO: + case XML_BUFFER_ALLOC_DOUBLEIT: + /*take care of empty case*/ +- newSize = (buf->size ? buf->size*2 : size + 10); ++ if (buf->size == 0) { ++ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); ++ } else { ++ newSize = buf->size; ++ } + while (size > newSize) { +- if (newSize > UINT_MAX / 2) { ++ if (newSize > SIZE_MAX / 2) { + xmlBufMemoryError(buf, "growing buffer"); + return 0; + } +@@ -782,15 +786,15 @@ xmlBufResize(xmlBufPtr buf, size_t size) + } + break; + case XML_BUFFER_ALLOC_EXACT: +- newSize = size+10; ++ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); + break; + case XML_BUFFER_ALLOC_HYBRID: + if (buf->use < BASE_BUFFER_SIZE) + newSize = size; + else { +- newSize = buf->size * 2; ++ newSize = buf->size; + while (size > newSize) { +- if (newSize > UINT_MAX / 2) { ++ if (newSize > SIZE_MAX / 2) { + xmlBufMemoryError(buf, "growing buffer"); + return 0; + } +@@ -800,7 +804,7 @@ xmlBufResize(xmlBufPtr buf, size_t size) + break; + + default: +- newSize = size+10; ++ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); + break; + } + +@@ -866,7 +870,7 @@ xmlBufResize(xmlBufPtr buf, size_t size) + */ + int + xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) { +- unsigned int needSize; ++ size_t needSize; + + if ((str == NULL) || (buf == NULL) || (buf->error)) + return -1; +@@ -888,8 +892,10 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) { + if (len < 0) return -1; + if (len == 0) return 0; + +- needSize = buf->use + len + 2; +- if (needSize > buf->size){ ++ if ((size_t) len >= buf->size - buf->use) { ++ if ((size_t) len >= SIZE_MAX - buf->use) ++ return(-1); ++ needSize = buf->use + len + 1; + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { + /* + * Used to provide parsing limits +@@ -1025,31 +1031,7 @@ xmlBufCat(xmlBufPtr buf, const xmlChar *str) { + */ + int + xmlBufCCat(xmlBufPtr buf, const char *str) { +- const char *cur; +- +- if ((buf == NULL) || (buf->error)) +- return(-1); +- CHECK_COMPAT(buf) +- if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1; +- if (str == NULL) { +-#ifdef DEBUG_BUFFER +- xmlGenericError(xmlGenericErrorContext, +- "xmlBufCCat: str == NULL\n"); +-#endif +- return -1; +- } +- for (cur = str;*cur != 0;cur++) { +- if (buf->use + 10 >= buf->size) { +- if (!xmlBufResize(buf, buf->use+10)){ +- xmlBufMemoryError(buf, "growing buffer"); +- return XML_ERR_NO_MEMORY; +- } +- } +- buf->content[buf->use++] = *cur; +- } +- buf->content[buf->use] = 0; +- UPDATE_COMPAT(buf) +- return 0; ++ return xmlBufCat(buf, (const xmlChar *) str); + } + + /** +diff --git a/tree.c b/tree.c +index 9d94aa42..86afb7d6 100644 +--- a/tree.c ++++ b/tree.c +@@ -7104,6 +7104,8 @@ xmlBufferPtr + xmlBufferCreateSize(size_t size) { + xmlBufferPtr ret; + ++ if (size >= UINT_MAX) ++ return(NULL); + ret = (xmlBufferPtr) xmlMalloc(sizeof(xmlBuffer)); + if (ret == NULL) { + xmlTreeErrMemory("creating buffer"); +@@ -7111,7 +7113,7 @@ xmlBufferCreateSize(size_t size) { + } + ret->use = 0; + ret->alloc = xmlBufferAllocScheme; +- ret->size = (size ? size+2 : 0); /* +1 for ending null */ ++ ret->size = (size ? size + 1 : 0); /* +1 for ending null */ + if (ret->size){ + ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar)); + if (ret->content == NULL) { +@@ -7171,6 +7173,8 @@ xmlBufferCreateStatic(void *mem, size_t size) { + + if ((mem == NULL) || (size == 0)) + return(NULL); ++ if (size > UINT_MAX) ++ return(NULL); + + ret = (xmlBufferPtr) xmlMalloc(sizeof(xmlBuffer)); + if (ret == NULL) { +@@ -7318,28 +7322,23 @@ xmlBufferShrink(xmlBufferPtr buf, unsigned int len) { + */ + int + xmlBufferGrow(xmlBufferPtr buf, unsigned int len) { +- int size; ++ unsigned int size; + xmlChar *newbuf; + + if (buf == NULL) return(-1); + + if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); +- if (len + buf->use < buf->size) return(0); ++ if (len < buf->size - buf->use) ++ return(0); ++ if (len > UINT_MAX - buf->use) ++ return(-1); + +- /* +- * Windows has a BIG problem on realloc timing, so we try to double +- * the buffer size (if that's enough) (bug 146697) +- * Apparently BSD too, and it's probably best for linux too +- * On an embedded system this may be something to change +- */ +-#if 1 +- if (buf->size > len) +- size = buf->size * 2; +- else +- size = buf->use + len + 100; +-#else +- size = buf->use + len + 100; +-#endif ++ if (buf->size > (size_t) len) { ++ size = buf->size > UINT_MAX / 2 ? UINT_MAX : buf->size * 2; ++ } else { ++ size = buf->use + len; ++ size = size > UINT_MAX - 100 ? UINT_MAX : size + 100; ++ } + + if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) { + size_t start_buf = buf->content - buf->contentIO; +@@ -7466,7 +7465,10 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + case XML_BUFFER_ALLOC_IO: + case XML_BUFFER_ALLOC_DOUBLEIT: + /*take care of empty case*/ +- newSize = (buf->size ? buf->size : size + 10); ++ if (buf->size == 0) ++ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10); ++ else ++ newSize = buf->size; + while (size > newSize) { + if (newSize > UINT_MAX / 2) { + xmlTreeErrMemory("growing buffer"); +@@ -7476,7 +7478,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + } + break; + case XML_BUFFER_ALLOC_EXACT: +- newSize = size+10; ++ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10);; + break; + case XML_BUFFER_ALLOC_HYBRID: + if (buf->use < BASE_BUFFER_SIZE) +@@ -7494,7 +7496,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + break; + + default: +- newSize = size+10; ++ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10);; + break; + } + +@@ -7580,8 +7582,10 @@ xmlBufferAdd(xmlBufferPtr buf, const xmlChar *str, int len) { + if (len < 0) return -1; + if (len == 0) return 0; + +- needSize = buf->use + len + 2; +- if (needSize > buf->size){ ++ if ((unsigned) len >= buf->size - buf->use) { ++ if ((unsigned) len >= UINT_MAX - buf->use) ++ return XML_ERR_NO_MEMORY; ++ needSize = buf->use + len + 1; + if (!xmlBufferResize(buf, needSize)){ + xmlTreeErrMemory("growing buffer"); + return XML_ERR_NO_MEMORY; +@@ -7694,29 +7698,7 @@ xmlBufferCat(xmlBufferPtr buf, const xmlChar *str) { + */ + int + xmlBufferCCat(xmlBufferPtr buf, const char *str) { +- const char *cur; +- +- if (buf == NULL) +- return(-1); +- if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1; +- if (str == NULL) { +-#ifdef DEBUG_BUFFER +- xmlGenericError(xmlGenericErrorContext, +- "xmlBufferCCat: str == NULL\n"); +-#endif +- return -1; +- } +- for (cur = str;*cur != 0;cur++) { +- if (buf->use + 10 >= buf->size) { +- if (!xmlBufferResize(buf, buf->use+10)){ +- xmlTreeErrMemory("growing buffer"); +- return XML_ERR_NO_MEMORY; +- } +- } +- buf->content[buf->use++] = *cur; +- } +- buf->content[buf->use] = 0; +- return 0; ++ return xmlBufferCat(buf, (const xmlChar *) str); + } + + /** +-- +2.36.0 + diff --git a/SOURCES/libxml2-2.9.8-python3-unicode-errors.patch b/SOURCES/libxml2-2.9.8-python3-unicode-errors.patch new file mode 100644 index 0000000..e87dcde --- /dev/null +++ b/SOURCES/libxml2-2.9.8-python3-unicode-errors.patch @@ -0,0 +1,34 @@ +Index: libxml2-2.9.5/python/libxml.c +=================================================================== +--- libxml2-2.9.5.orig/python/libxml.c ++++ libxml2-2.9.5/python/libxml.c +@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU + PyObject *message; + PyObject *result; + char str[1000]; ++ unsigned char *ptr = (unsigned char *)str; + + #ifdef DEBUG_ERROR + printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); +@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU + str[999] = 0; + va_end(ap); + ++#if PY_MAJOR_VERSION >= 3 ++ /* Ensure the error string doesn't start at UTF8 continuation. */ ++ while (*ptr && (*ptr & 0xc0) == 0x80) ++ ptr++; ++#endif ++ + list = PyTuple_New(2); + PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); + Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); +- message = libxml_charPtrConstWrap(str); ++ message = libxml_charPtrConstWrap(ptr); + PyTuple_SetItem(list, 1, message); + result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); ++ /* Forget any errors caused in the error handler. */ ++ PyErr_Clear(); + Py_XDECREF(list); + Py_XDECREF(result); + } diff --git a/SOURCES/libxml2-multilib.patch b/SOURCES/libxml2-multilib.patch new file mode 100644 index 0000000..dee1383 --- /dev/null +++ b/SOURCES/libxml2-multilib.patch @@ -0,0 +1,24 @@ +*** XML/xml2-config.in.orig 2006-06-06 16:35:56.000000000 +0200 +--- XML/xml2-config.in 2006-06-06 16:36:24.000000000 +0200 +*************** +*** 3,9 **** + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +! libdir=@libdir@ + cflags= + libs= + +--- 3,14 ---- + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +! if [ "`ldd /bin/sh | grep lib64`" = "" ] +! then +! libdir=${exec_prefix}/lib +! else +! libdir=${exec_prefix}/lib64 +! fi + cflags= + libs= + diff --git a/SPECS/libxml2.spec b/SPECS/libxml2.spec new file mode 100644 index 0000000..fa9d053 --- /dev/null +++ b/SPECS/libxml2.spec @@ -0,0 +1,541 @@ +Name: libxml2 +Version: 2.9.13 +Release: 1%{?dist}.1 +Summary: Library providing XML and HTML support + +License: MIT +URL: http://xmlsoft.org/ +Source0: https://download.gnome.org/sources/%{name}/2.9/%{name}-%{version}.tar.xz +Patch0: libxml2-multilib.patch +# Patch from openSUSE. +# See: https://bugzilla.gnome.org/show_bug.cgi?id=789714 +Patch1: libxml2-2.9.8-python3-unicode-errors.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2082299 +Patch2: libxml2-2.9.13-CVE-2022-29824.patch + +BuildRequires: cmake-rpm-macros +BuildRequires: gcc +BuildRequires: make +BuildRequires: pkgconfig(zlib) +BuildRequires: pkgconfig(liblzma) + +%description +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DtDs, either +at parse time or later once the document has been modified. The output +can be a simple SAX stream or and in-memory DOM like representations. +In this case one can use the built-in XPath and XPointer implementation +to select sub nodes or ranges. A flexible Input/Output mechanism is +available, with existing HTTP and FTP modules and combined to an +URI library. + +%package devel +Summary: Libraries, includes, etc. to develop XML and HTML applications +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: zlib-devel%{?_isa} +Requires: xz-devel%{?_isa} + +%description devel +Libraries, include files, etc you can use to develop XML applications. +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DtDs, either +at parse time or later once the document has been modified. The output +can be a simple SAX stream or and in-memory DOM like representations. +In this case one can use the built-in XPath and XPointer implementation +to select sub nodes or ranges. A flexible Input/Output mechanism is +available, with existing HTTP and FTP modules and combined to an +URI library. + +%package static +Summary: Static library for libxml2 + +%description static +Static library for libxml2 provided for specific uses or shaving a few +microseconds when parsing, do not link to them for generic purpose packages. + +%package -n python3-%{name} +Summary: Python 3 bindings for the libxml2 library +BuildRequires: python3-devel +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-python3 < %{version}-%{release} +Provides: %{name}-python3 = %{version}-%{release} + +%description -n python3-%{name} +The libxml2-python3 package contains a Python 3 module that permits +applications written in the Python programming language, version 3, to use the +interface supplied by the libxml2 library to manipulate XML files. + +This library allows to manipulate XML files. It includes support +to read, modify and write XML and HTML files. There is DTDs support +this includes parsing and validation even with complex DTDs, either +at parse time or later once the document has been modified. + +%prep +%autosetup -p1 +find doc -type f -executable -print -exec chmod 0644 {} ';' + +# Remove files generated by python/generator.py to force regenerating them +rm python/{libxml2-py.c,libxml2-py.h,libxml2-export.c} + +%build +%configure --with-python=%{__python3} +%make_build + +%install +%make_install + +# multiarch crazyness on timestamp differences or Makefile/binaries for examples +touch -m --reference=%{buildroot}%{_includedir}/libxml2/libxml/parser.h %{buildroot}%{_bindir}/xml2-config + +find %{buildroot} -type f -name '*.la' -print -delete +rm -vf %{buildroot}{%{python2_sitearch},%{python3_sitearch}}/*.a +rm -vrf %{buildroot}%{_datadir}/doc/ +(cd doc/examples ; make clean ; rm -rf .deps Makefile) +gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz + +%check +%make_build runtests + +%ldconfig_scriptlets + +%files +%license Copyright +%doc NEWS README.md TODO +%{_libdir}/libxml2.so.2* +%{_mandir}/man3/libxml.3* +%{_bindir}/xmllint +%{_mandir}/man1/xmllint.1* +%{_bindir}/xmlcatalog +%{_mandir}/man1/xmlcatalog.1* + +%files devel +%doc doc/*.html doc/html doc/*.gif doc/*.png +%doc doc/tutorial doc/libxml2-api.xml.gz +%doc doc/examples +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%{_datadir}/gtk-doc/html/libxml2/ +%{_libdir}/libxml2.so +%{_libdir}/xml2Conf.sh +%{_includedir}/libxml2/ +%{_bindir}/xml2-config +%{_mandir}/man1/xml2-config.1* +%{_datadir}/aclocal/libxml.m4 +%{_libdir}/pkgconfig/libxml-2.0.pc +%{_libdir}/cmake/libxml2/ + +%files static +%license Copyright +%{_libdir}/libxml2.a + +%files -n python3-%{name} +%doc python/TODO python/libxml2class.txt +%doc doc/*.py doc/python.html +%{python3_sitearch}/libxml2.py +%{python3_sitearch}/__pycache__/libxml2.* +%{python3_sitearch}/drv_libxml2.py +%{python3_sitearch}/__pycache__/drv_libxml2.* +%{python3_sitearch}/libxml2mod.so + +%changelog +* Fri May 13 2022 David King - 2.9.13-1.1 +- Fix CVE-2022-29824 (#2082299) + +* Thu Feb 24 2022 David King - 2.9.13-1 +- Update to 2.9.13 (#2057665) + +* Mon Aug 09 2021 Mohan Boddu - 2.9.12-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jun 09 2021 David King - 2.9.12-3 +- Fix xmlNodeDumpOutputInternal regression (#1969892) + +* Tue May 25 2021 David King - 2.9.12-2 +- Fix multiarch conflict in devel subpackage (#1964346) + +* Fri May 14 2021 David King - 2.9.12-1 +- Rebase to 2.9.12 (#1960623) + +* Thu May 13 2021 David King - 2.9.10-12 +- Fix CVE-2021-3516 (#1956969) +- Fix CVE-2021-3517 (#1957002) +- Fix CVE-2021-3518 (#1957029) +- Fix CVE-2021-3537 (#1957285) + +* Fri Apr 16 2021 Mohan Boddu - 2.9.10-11 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.9.10-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Nov 12 11:57:41 CET 2020 Victor Stinner - 2.9.10-9 +- Build the Python extension with the PY_SSIZE_T_CLEAN macro to make it + compatible with Python 3.10. +- Fixes: rhbz#1890878. + +* Wed Nov 11 2020 Richard W.M. Jones - 2.9.10-8 +- Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot. + +* Fri Sep 11 2020 Richard W.M. Jones - 2.9.10-7 +- Add fix for CVE-2020-24977 (RHBZ#1877788). + +* Tue Jul 28 2020 Fedora Release Engineering - 2.9.10-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sat May 23 2020 Miro Hrončok - 2.9.10-5 +- Rebuilt for Python 3.9 + +* Mon Feb 10 2020 David King - 2.9.10-4 +- Fix CVE-2019-20388 (#1799736) +- Fix CVE-2020-7595 (#1799786) + +* Wed Jan 29 2020 Fedora Release Engineering - 2.9.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jan 03 2020 Jan Pokorny - 2.9.10-2 +- Fix relaxed approach to nested documents on object disposal (#1780573) + +* Fri Nov 01 2019 David King - 2.9.10-1 +- Update to 2.9.10 (#1767151) + +* Thu Oct 31 2019 Miro Hrončok - 2.9.9-7 +- Subpackage python2-libxml2 has been removed + See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal + +* Thu Oct 03 2019 Miro Hrončok - 2.9.9-6 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Fri Aug 23 2019 Florian Weimer - 2.9.9-5 +- Rebuild to fix corrupted libxml2-static package on aarch64 (#1745020) + +* Fri Aug 16 2019 Miro Hrončok - 2.9.9-4 +- Rebuilt for Python 3.8 + +* Thu Jul 25 2019 Fedora Release Engineering - 2.9.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 2.9.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jan 25 2019 David King - 2.9.9-1 +- Update to 2.9.9 + +* Sun Jan 06 2019 Björn Esser - 2.9.8-5 +- Add patch to fix crash: xmlParserPrintFileContextInternal mangles utf8 + +* Thu Aug 02 2018 Igor Gnatenko - 2.9.8-4 +- Backport patches from upstream + +* Fri Jul 13 2018 Fedora Release Engineering - 2.9.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 2.9.8-2 +- Rebuilt for Python 3.7 + +* Tue Apr 03 2018 Igor Gnatenko - 2.9.8-1 +- Update to 2.9.8 + +* Sat Feb 24 2018 Florian Weimer - 2.9.7-4 +- Rebuild with new LDFLAGS from redhat-rpm-config + +* Wed Feb 07 2018 Fedora Release Engineering - 2.9.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 30 2018 Igor Gnatenko - 2.9.7-2 +- Switch to %%ldconfig_scriptlets + +* Wed Jan 24 2018 Igor Gnatenko - 2.9.7-1 +- Update to 2.9.7 +- Cleanups in packaging + +* Tue Jan 09 2018 Iryna Shcherbina - 2.9.5-3 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Sep 22 2017 Petr Pisar - 2.9.5-2 +- Fix reporting error about undefined XPath variables (bug #1493613) + +* Mon Sep 4 2017 Daniel Veillard - 2.9.5-1 +- update to 2.9.5 + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 2.9.4-5 +- Python 2 binary package renamed to python2-libxml2 + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + +* Thu Aug 03 2017 Fedora Release Engineering - 2.9.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.9.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 2.9.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Dec 21 2016 Kevin Fenzi - 2.9.4-1 +- Update to 2.9.4. +- Apply very hacky patch that removes the no longer in python-3.6 PyVerify_fd symbol. + +* Mon Dec 12 2016 Charalampos Stratakis - 2.9.3-5 +- Rebuild for Python 3.6 + +* Tue Jul 19 2016 Fedora Release Engineering - 2.9.3-4 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Thu Feb 04 2016 Fedora Release Engineering - 2.9.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Dec 02 2015 Kalev Lember - 2.9.3-2 +- Fix obsoletes versions now that F22 has libxml2 2.9.3 (#1287262) + +* Fri Nov 20 2015 Daniel Veillard - 2.9.2-1 +- upstream release of 2.9.3 +- Fixes for CVE-2015-8035, CVE-2015-7942, CVE-2015-7941, CVE-2015-1819 + CVE-2015-7497, CVE-2015-7498, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500 + and CVE-2015-8242 +- many other bug fixes + +* Fri Nov 06 2015 Robert Kuska - 2.9.2-9 +- Rebuilt for Python3.5 rebuild +- Python3.5 has new naming convention for byte compiled files + +* Tue Nov 3 2015 Toshio Kuratomi - 2.9.2-8 +- Remove executable permissions from documentation. Complies with packaging + guidelines and solves issue of libxml2-python3 package depending on python2 + +* Thu Aug 27 2015 Miro Hrončok - 2.9.2-7 +- Remove dependency on python2 from python3 subpackage, rhbz#1250940 + +* Sat Aug 22 2015 Kalev Lember - 2.9.2-6 +- Rename the Python 3 subpackage to python3-libxml2 as per guidelines + +* Wed Jun 17 2015 Fedora Release Engineering - 2.9.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Feb 21 2015 Till Maas - 2.9.2-4 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Wed Jan 21 2015 Tomas Radej - 2.9.2-3 +- Added Python 3 subpackage + +* Thu Oct 16 2014 Lubomir Rintel - 2.9.2-2 +- Avoid corrupting the xml catalogs + +* Thu Oct 16 2014 Daniel Veillard - 2.9.2-1 +- upstream release of 2.9.2 +- Fix for CVE-214-3660 billion laugh DOS +- many other bug fixes + +* Sun Aug 17 2014 Fedora Release Engineering - 2.9.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jul 18 2014 Tom Callaway - 2.9.1-4 +- fix license handling + +* Sat Jun 07 2014 Fedora Release Engineering - 2.9.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 2.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri Apr 19 2013 Daniel Veillard - 2.9.1-1 +- upstream release of 2.9.1 +- a couple more API entry point +- compatibility with python3 +- a lot of bug fixes + +* Mon Feb 11 2013 Daniel Veillard - 2.9.0-4 +- fix --nocheck build which I broke in october rhbz#909767 + +* Mon Nov 19 2012 Jaroslav Reznik - 2.9.0-3 +- workaround for crc/len check failure, rhbz#877567 + +* Thu Oct 11 2012 Daniel Veillard - 2.9.0-2 +- remaining cleanups from merge bug rhbz#226079 +- do not put the docs in the main package, only in -devel rhbz#864731 + +* Tue Sep 11 2012 Daniel Veillard - 2.9.0-1 +- upstream release of 2.9.0 +- A few new API entry points +- More resilient push parser mode +- A lot of portability improvement +- Faster XPath evaluation +- a lot of bug fixes and smaller improvement + +* Fri Aug 10 2012 Daniel Veillard - 2.9.0-0rc1 +- upstream release candidate 1 of 2.9.0 +- introduce a small API change, but ABI compatible, see + https://mail.gnome.org/archives/xml/2012-August/msg00005.html + patches for php, gcc/libjava and evolution-data-connector are upstream + Grab me in cases of problems veillard@redhat.com +- many bug fixes including security aspects and small improvements + +* Thu Jul 19 2012 Fedora Release Engineering - 2.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed May 23 2012 Daniel Veillard - 2.8.0-1 +- upstream release of 2.8.0 +- add lzma compression support +- many bug fixes and small improvements + +* Fri Jan 13 2012 Fedora Release Engineering - 2.7.8-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Mar 4 2011 Daniel Veillard - 2.7.8-6 +- fix a double free in XPath CVE-2010-4494 bug 665965 + +* Tue Feb 08 2011 Fedora Release Engineering - 2.7.8-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Nov 5 2010 Daniel Veillard - 2.7.8-4 +- reactivate shared libs versionning script + +* Thu Nov 4 2010 Daniel Veillard - 2.7.8-1 +- Upstream release of 2.7.8 +- various bug fixes, including potential crashes +- new non-destructive formatting option +- date parsing updated to RFC 5646 + +* Wed Jul 21 2010 David Malcolm - 2.7.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Mon Mar 15 2010 Daniel Veillard - 2.7.7-1 +- Upstream release of 2.7.7 +- fix serious trouble with zlib >= 1.2.4 +- xmllint new option --xpath +- various HTML parser improvements +- includes a number of nug fixes + +* Tue Oct 6 2009 Daniel Veillard - 2.7.6-1 +- Upstream release of 2.7.6 +- restore thread support off by default in 2.7.5 + +* Thu Sep 24 2009 Daniel Veillard - 2.7.5-1 +- Upstream release of 2.7.5 +- fix a couple of Relax-NG validation problems +- couple more fixes + +* Tue Sep 15 2009 Daniel Veillard - 2.7.4-2 +- fix a problem with little data at startup affecting inkscape #523002 + +* Thu Sep 10 2009 Daniel Veillard - 2.7.4-1 +- upstream release 2.7.4 +- symbol versioning of libxml2 shared libs +- very large number of bug fixes + +* Mon Aug 10 2009 Daniel Veillard - 2.7.3-4 +- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416 + +* Sat Jul 25 2009 Fedora Release Engineering - 2.7.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 2.7.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sun Jan 18 2009 Daniel Veillard - 2.7.3-1 +- new release 2.7.3 +- limit default max size of text nodes +- special parser mode for PHP +- bug fixes and more compiler checks + +* Wed Dec 3 2008 Ignacio Vazquez-Abrams - 2.7.2-7 +- Pull back into Python 2.6 + +* Wed Dec 3 2008 Caolán McNamara - 2.7.2-6 +- AutoProvides requires BuildRequires pkgconfig + +* Wed Dec 3 2008 Caolán McNamara - 2.7.2-5 +- rebuild to get provides(libxml-2.0) into HEAD rawhide + +* Mon Dec 1 2008 Ignacio Vazquez-Abrams - 2.7.2-4 +- Rebuild for pkgconfig logic + +* Fri Nov 28 2008 Ignacio Vazquez-Abrams - 2.7.2-3 +- Rebuild for Python 2.6 + +* Wed Nov 12 2008 Daniel Veillard - 2.7.2-2.fc11 +- two patches for size overflows problems CVE-2008-4225 and CVE-2008-4226 + +* Fri Oct 3 2008 Daniel Veillard 2.7.2-1.fc10 +- new release 2.7.2 +- Fixes the known problems in 2.7.1 +- increase the set of options when saving documents + +* Thu Oct 2 2008 Daniel Veillard 2.7.1-2.fc10 +- fix a nasty bug in 2.7.x, http://bugzilla.gnome.org/show_bug.cgi?id=554660 + +* Mon Sep 1 2008 Daniel Veillard 2.7.1-1.fc10 +- fix python serialization which was broken in 2.7.0 +- Resolve: rhbz#460774 + +* Sat Aug 30 2008 Daniel Veillard 2.7.0-1.fc10 +- upstream release of 2.7.0 +- switch to XML 1.0 5th edition +- switch to RFC 3986 for URI parsing +- better entity handling +- option to remove hardcoded limitations in the parser +- more testing +- a new API to allocate entity nodes +- and lot of fixes and clanups + +* Mon Aug 25 2008 Daniel Veillard 2.6.32-4.fc10 +- fix for entities recursion problem +- Resolve: rhbz#459714 + +* Fri May 30 2008 Daniel Veillard 2.6.32-3.fc10 +- cleanup based on Fedora packaging guidelines, should fix #226079 +- separate a -static package + +* Thu May 15 2008 Daniel Veillard 2.6.32-2.fc10 +- try to fix multiarch problems like #440206 + +* Tue Apr 8 2008 Daniel Veillard 2.6.32-1.fc9 +- upstream release 2.6.32 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Wed Feb 20 2008 Fedora Release Engineering - 2.6.31-2 +- Autorebuild for GCC 4.3 + +* Fri Jan 11 2008 Daniel Veillard 2.6.31-1.fc9 +- upstream release 2.6.31 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Thu Aug 23 2007 Daniel Veillard 2.6.30-1 +- upstream release 2.6.30 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Tue Jun 12 2007 Daniel Veillard 2.6.29-1 +- upstream release 2.6.29 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Wed May 16 2007 Matthias Clasen 2.6.28-2 +- Bump revision to fix N-V-R problem + +* Tue Apr 17 2007 Daniel Veillard 2.6.28-1 +- upstream release 2.6.28 see http://xmlsoft.org/news.html +- many bug fixed upstream + +* Thu Dec 7 2006 Jeremy Katz - 2.6.27-2 +- rebuild against python 2.5 + +* Wed Oct 25 2006 Daniel Veillard 2.6.27-1 +- upstream release 2.6.27 see http://xmlsoft.org/news.html +- very large amount of bug fixes reported upstream + +* Wed Jul 12 2006 Jesse Keating - 2.6.26-2.1.1 +- rebuild + +* Wed Jul 12 2006 Jesse Keating - 2.6.26-2.1 +- rebuild + +* Wed Jun 7 2006 Daniel Veillard 2.6.26-2 +- fix bug #192873 +* Tue Jun 6 2006 Daniel Veillard 2.6.26-1 +- upstream release 2.6.26 see http://xmlsoft.org/news.html + +* Tue Jun 6 2006 Daniel Veillard +- upstream release 2.6.25 broken, do not ship ! +