| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: python311-libxml2 | Distribution: openSUSE Tumbleweed |
| Version: 2.14.5 | Vendor: openSUSE |
| Release: 4.2 | Build date: Fri Feb 13 13:16:01 2026 |
| Group: Unspecified | Build host: reproducible |
| Size: 1252246 | Source RPM: libxml2-python-2.14.5-4.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://gitlab.gnome.org/GNOME/libxml2 | |
| Summary: Python Bindings for libxml2-python | |
This package contains a module that permits applications written in the Python programming language to use the interface supplied by the libxml2 library to manipulate XML files. This library allows manipulation of XML files. It includes support for reading, modifying, and writing XML and HTML files. There is DTD support that includes parsing and validation even with complex DTDs, either at parse time or later once the document has been modified.
MIT
* Fri Feb 13 2026 David Anes <david.anes@suse.com>
- CVE-2026-0990: call stack overflow leading to application crash
due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)
* Add patch libxml2-CVE-2026-0990.patch
- CVE-2026-0992: excessive resource consumption when processing XML
catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)
* Add patch libxml2-CVE-2026-0992.patch
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)
* Add patch libxml2-CVE-2025-8732.patch
* Wed Feb 04 2026 Petr Gajdos <pgajdos@suse.com>
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)
* Add patch libxml2-CVE-2026-1757.patch
* Wed Feb 04 2026 Petr Gajdos <pgajdos@suse.com>
- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)
* Add patch libxml2-CVE-2025-10911.patch
* Wed Jan 21 2026 Daniel Garcia <daniel.garcia@suse.com>
- CVE-2026-0989: call stack exhaustion leading to application crash
due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256804, bsc#1256805, bsc#1256810)
* Add patch libxml2-CVE-2026-0989.patch
* https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
* Wed Aug 27 2025 pgajdos@suse.com
- version update to 2.14.5
* * Regressions **
* html: Don't abort on encoding errors
* parser: Fix handling of invalid char refs in recovery mode
* xmllint: Print document even in case of XInclude errors
* xmllint: Fix --xinclude --path
* * Security **
* schematron: Fix memory safety issues in xmlSchematronReportOutput
* Schematron: Fix null pointer dereference leading to DoS (Michael Mann)
* Fix potential buffer overflows of interactive shell (Michael Mann)
* * Improvements **
* parser: Fix xmlCtxtIsStopped
- version update to 2.14.4
* * Regressions **
* parser: Fix parsing of PublicIds and VersionNums
* parser: Fix custom SAX parsers without cdataBlock handler
* error: Fix initGenericErrorDefaultFunc compatibility macro again
* io: Make xmlOutputBufferCreate* not free encoder on error
* reader: Fix null deref on malloc failure
* Revert "meson: Install libxml2.py"
* * Security **
* tree: Fix integer overflow in xmlBuildQName
* * Improvements **
* parser: Use parser context as default in resource loader
* parser: Only validate EnumerationTypes when requested
* parser: Undeprecate some parser context members
- version update to 2.14.3
* * Regressions **
* reader: Fix reading compressed data
* parser: Make undeclared entities in XML content fatal
* save: Fix XML escape table
* save: Fix xmlSave with NULL encoding
* Revert "valid: Remove duplicate error messages when streaming"
* * Bug fixes **
* save: Fix serialization of attribute defaults containing <
* io: Fix linkage of __xml*BufferCreateFilename functions
- version update to 2.14.2
* * Security **
* [CVE-2025-32415] schemas: Fix heap buffer overflow in xmlSchemaIDCFillNodeTables
* [CVE-2025-32414] python: Read at most len/4 characters. (Maks Verver)
- version update to 2.14.1
* * Regressions **
* parser: Fix XML_PARSE_NOBLANKS dropping non-whitespace text
- version update to 2.14.0
* * Major changes **
* The HTML tokenizer now conforms fully to HTML5.
* Binary compatibility is restricted to versions 2.14 or newer.
The soname was bumped from libxml2.so.2 to libxml2.so.16.
* The serialization API will now take user-provided or default
encodings into account when serializing attribute values.
* The XML parser won't try to merge consecutive CDATA sections
as before to align with web standards.
* Support for RELAX NG can now be disabled with a new configuration
option independently of XML Schemas support.
* The "legacy" configuration option won't enable support for HTTP
and LZMA anymore.
* Parts of the xmllint executable were refactored, allowing the
combination of more options.
* Meson is fully supported now.
* Parts of the buffering code were reworked and simplified.
* Overflow checks before reallocations were hardenend.
* Some unprefixed symbols were renamed to avoid namespace pollution.
* * New features **
* Input callbacks can now be set on a parser context and an improved
API to create parser input is available.
* The following new functions, taking a parser input object, were added:
. xmlCtxtParseDocument
. xmlCtxtParseContent
. xmlCtxtParseDtd
* The xmlSave API now has additional options to replace global settings.
* Parser options XML_PARSE_UNZIP, XML_PARSE_NO_SYS_CATALOG and
XML_PARSE_CATALOG_PI were added.
* An API function to install a custom character encoding converter is
now available.
* * Deprecations **
* Access to many public struct members is now deprecated.
* More internal functions were deprecated
* * Removals **
* Metadata about the HTML4 content model was removed from the
htmlElemDesc struct
* The FTP module and related functions were removed.
* Support for the range and point extensions of the xpointer() scheme
was removed.
* Several legacy symbols and the functions in xmlunicode.h were removed.
* ELF version information was removed.
* The shell was moved from libxml2 to xmllint. Several related functions
are no longer available.
* The libxml.m4 file containing autoconf macros was removed.
* The --with-tree configuration option was removed.
* The hack to detect single-threaded programs under glibc was removed.
- modified patches
* libxml2-CVE-2025-7425.patch (refreshed)
* libxml2-python3-string-null-check.patch (refreshed)
* libxml2-python3-unicode-errors.patch (refreshed)
- modified sources
* baselibs.conf
- deleted patches
* libxml2-CVE-2025-49794,49796.patch (upstreamed)
* libxml2-CVE-2025-49795.patch (upstreamed)
* libxml2-CVE-2025-6170,6021.patch (upstreamed)
* libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch (upstreamed)
* Fri Jul 18 2025 pgajdos@suse.com
- security update
- added patches
CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
+ libxml2-CVE-2025-7425.patch
* Mon Jul 07 2025 pgajdos@suse.com
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
CVE-2025-49795 [bsc#1244555], null pointer dereference may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49795.patch
* Tue Jul 01 2025 pgajdos@suse.com
- security update
fix CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
fix CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
* Thu Apr 17 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 2.13.8:
+ Security:
- [CVE-2025-32415] schemas: Fix heap buffer overflow in
xmlSchemaIDCFillNodeTables.
- [CVE-2025-32414] python: Read at most len/4 characters.
- bug references: [bsc#1241453], [bsc#1241551]
* Fri Mar 28 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 2.13.7:
+ Regressions:
- tree: Fix xmlTextMerge with NULL args
- io: Fix `compressed` flag for uncompressed stdin
- parser: Fix parsing of DTD content
* Tue Feb 18 2025 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 2.13.6 ([bsc#1237363], [bsc#1237370], [bsc#1237418]):
+ Security:
- [CVE-2025-24928] Fix stack-buffer-overflow in
xmlSnprintfElements
- [CVE-2024-56171] Fix use-after-free after
xmlSchemaItemListAdd
- pattern: Fix compilation of explicit child axis
+ Regressions:
- xmllint: Support compressed input from stdin
- uri: Fix handling of Windows drive letters
- reader: Fix return value of xmlTextReaderReadString again
- SAX2: Fix xmlSAX2ResolveEntity if systemId is NULL
+ Portability:
- dict: Handle ENOSYS from getentropy gracefully
- Fix compilation with uclibc (Dario Binacchi)
- python: Declare init func with PyMODINIT_FUNC
- tests: Fix sanitizer version check on old Apple clang
- cmake: Work around broken sys/random.h in old macOS SDKs
+ Build:
- autotools: Set AC_CONFIG_AUX_DIR
- cmake: Always build Python module as shared library
- cmake: add missing `Bcrypt` link on Windows
- cmake: Fix compatibility in package version file
- xmlIO: Fix reading from non-regular files like pipes
- xmlreader: Fix return value of xmlTextReaderReadString
- parser: Fix loading of parameter entities in external DTDs
- parser: Fix downstream code that swaps DTDs
- parser: Fix detection of duplicate attributes
- string: Fix va_copy fallback
- xpath: Fix parsing of non-ASCII names
- Drop libxml2-support-compressed-input-from-stdin.patch: Fixed
upstream.
- Also CVE-2025-27113 was assigned to this release.
* Wed Jan 29 2025 pgajdos@suse.com
- fix decompression from stdin [bsc#1236346]
- added patches
fix https://gitlab.gnome.org/nwellnhof/libxml2/-/commit/6208f86edd59e31a51a8d9b300d428504adb25a7
+ libxml2-support-compressed-input-from-stdin.patch
* Fri Jan 17 2025 Pedro Monreal <pmonreal@suse.com>
- Update to 2.13.5:
* Regressions:
- xmlIO: Fix reading from non-regular files like pipes
- xmlreader: Fix return value of xmlTextReaderReadString
- parser: Fix loading of parameter entities in external DTDs
- parser: Fix downstream code that swaps DTDs
- parser: Fix detection of duplicate attributes
- string: Fix va_copy fallback
* Bug fixes:
- xpath: Fix parsing of non-ASCII names
- Update to 2.13.4:
* Regressions:
- parser: Make unsupported encodings an error in declarations
- io: don't set the executable bit when creating files
- xmlcatalog: Improved fix for #699
- Revert "catalog: Fetch XML catalog before dumping"
- io: Add missing calls to xmlInitParser
- tree: Restore return value of xmlNodeListGetString with NULL list
- parser: Fix error handling after reaching limit
- parser: Make xmlParseChunk return an error if parser was stopped
* Bug fixes:
- python: Fix SAX driver with character streams
* Improvements:
- xpath: Make recursion check work with xmlXPathCompile
- parser: Report at least one fatal error
- Update to 2.13.3:
* Security:
- [bsc#1234812, CVE-2024-40896] Fix XXE protection in downstream code
* Regressions:
- autotools: Use AC_CHECK_DECL to check for getentropy
- xinclude: Fix fallback for text includes
- io: Don't call getcwd in xmlParserGetDirectory
- io: Fix return value of xmlFileRead
- parser: Fix error return of xmlParseBalancedChunkMemory
* Improvements:
- xinclude: Set error handler when parsing text
- Undeprecate xmlKeepBlanksDefault
- Update to 2.13.2:
* Regressions:
- tree: Fix handling of empty strings in xmlNodeParseContent
- valid: Restore ID lookup
- parser: Reenable ctxt->directory
- uri: Handle filesystem paths in xmlBuildRelativeURISafe
- encoding: Make xmlFindCharEncodingHandler return UTF-8 handler
- encoding: Fix encoding lookup with xmlOpenCharEncodingHandler
- include: Define ATTRIBUTE_UNUSED for clang
- uri: Fix xmlBuildURI with NULL base
* Regressions:
- parser: Selectively reenable reading from "-"
- reader: Fix xmlTextReaderReadString
- xinclude: Set XPath context doc
- xinclude: Load included documents with XML_PARSE_DTDLOAD
- include: Don't redefine ATTRIBUTE_UNUSED
- include: Readd circular dependency between tree.h and parser.h
- xinclude: Add missing include
- xinclude: Don't raise error on empty nodeset
- parser: Make failure to load main document a warning
- tree: Fix freeing entities via xmlFreeNode
- parser: Pass global object to sax->setDocumentLocator
* Improvements:
- io: Fix resetting xmlParserInputBufferCreateFilename hook
* Documentation:
- Fix typo in NEWS (--with-html -> --with-http)
- doc: Don't mention xmlNewInputURL
* Fri Nov 15 2024 Pedro Monreal <pmonreal@suse.com>
- Update to 2.13.0:
* Major changes:
- Most of the core code should now report malloc failures reliably. Some
API functions were extended with versions that report malloc failures.
- New API functions for error handling were added:
+ xmlCtxtSetErrorHandler
+ xmlXPathSetErrorHandler
+ xmlXIncludeSetErrorHandler
- This makes it possible to register per-context error handlers without
resorting to global handlers.
- A few error messages were improved and consolidated. Please update
downstream test suites accordingly.
- A new parser option XML_PARSE_NO_XXE can be used to disable loading
of external entities or DTDs. This is most useful in connection with
XML_PARSE_NOENT.
- Support for HTTP POST was removed.
- Support for zlib, liblzma and HTTP is now disabled by default and has
to be enabled by passing --with-zlib, --with-lzma or --with-http to
configure. In legacy mode (--with-legacy) these options are enabled
by default as before.
- Support for FTP will be removed in the next release.
- Support for the range and point extensions of the xpointer() scheme
will be removed in the next release. The rest of the XPointer
implementation won't be affected. The xpointer() scheme will behave
like the xpath1() scheme.
- Several more legacy symbols were deprecated. Users of the old "SAX1"
API functions are encouraged to upgrade to the new "SAX2" API,
available since version 2.6.0 from 2003.
* Some deprecated global variables were made const:
- htmlDefaultSAXHandler
- oldXMLWDcompatibility
- xmlDefaultSAXHandler
- xmlDefaultSAXLocator
- xmlParserDebugEntities
* Deprecations and removals:
- threads: Deprecate remaining ThrDef functions
- unicode: Deprecate most xmlUCSIs* functions
- memory: Remove memory debugging
- tree: Deprecate xmlRegisterNodeDefault
- tree: Deprecate xmlSetCompressMode
- html: Deprecate htmlHandleOmittedElem
- valid: Deprecate internal validation functions
- valid: Deprecate old DTD serialization API
- nanohttp: Deprecate public API
- Remove VMS support
- Remove Trio
* Bug fixes:
- parser: Fix base URI of internal parameter entities
- tree: Handle predefined entities in xmlBufGetEntityRefContent
- schemas: Allow unlimited length decimals, integers etc.
- reader: Fix preservation of attributes
- parser: Always decode entities in namespace URIs
- relaxng: Fix tree corruption in xmlRelaxNGParseNameClass
- schemas: Fix ADD_ANNOTATION
- tree: Fix tree iteration in xmlDOMWrapRemoveNode
- tree: Declare namespace on clone in xmlDOMWrapCloneNode
- tree: Fix xmlAddSibling with last sibling
- tree: Fix xmlDocSetRootElement with multiple top-level elements
- catalog: Fetch XML catalog before dumping
- html: Don't close fd in htmlCtxtReadFd
* Improvements:
- parser: Fix "Truncated multi-byte sequence" error
- Add missing _cplusplus processing clause
- parser: Rework handling of undeclared entities
- SAX2: Warn if URI resolution failed
- parser: Don't report error on invalid URI
- xmllint: Clean up option handling
- xmllint: Rework parsing
- parser: Don't create undeclared entity refs in substitution mode
- Make some globals const
- reader: Make xmlTextReaderReadString non-recursive
- reader: Rework xmlTextReaderRead{Inner,Outer}Xml
- Remove redundant size check (Niels Dossche)
- Remove redundant NULL check on cur
- Remove always-false check old == cur
- Remove redundant NULL check on cur
- tree: Don't return empty localname in xmlSplitQName{2,3}
- xinclude: Don't try to fix base of non-elements
- tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling
- SAX2: Optimize appending children
- tree: Align xmlAddChild with other node insertion functions
- html: Use binary search in htmlEntityValueLookup
- io: Allocate output buffer with XML_BUFFER_ALLOC_IO
- encoding: Don't shrink input too early in xmlCharEncOutput
- tree: Tighten source doc check in xmlDOMWrapAdoptNode
- tree: Check destParent->doc in xmlDOMWrapCloneNode
- tree: Refactor text node updates
- tree: Refactor node insertion
- tree: Refactor element creation and parsing of attribute values
- tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent
- buf: Don't use default buffer size for small strings
- string: Fix xmlStrncatNew(NULL, "")
- entities: Don't allow null name in xmlNewEntity
- html: Fix quadratic behavior in htmlNodeDump
- tree: Rewrite xmlSetTreeDoc
- valid: Rework xmlAddID
- tree: Remove unused node types
- tree: Make namespace comparison more consistent
- tree: Don't allow NULL name in xmlSetNsProp
- tree: Rework xmlNodeListGetString
- tree: Rework xmlTextMerge
- tree: Rework xmlNodeSetName
- tree: Simplify xmlAddChild with text parent
- tree: Disallow setting content of entity reference nodes
- tree: Rework xmlReconciliateNs
- schemas: fix spurious warning about truncated snprintf output
- xmlschemastypes: Remove unreachable if statement
- relaxng: Remove useless if statement
- tree: Check for integer overflow in xmlStringGetNodeList
- http: Improve error message for HTTPS redirects
- save: Move DTD serialization code to xmlsave.c
- parser: Report fatal error if document entity couldn't be loaded
- xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest
- SAX2: Limit entity URI length to 2000 bytes
- parser: Account for full size of non-well-formed entities
- parser: Pop inputs if parsing DTD failed
- parser: Fix quadratic behavior when copying entities
- writer: Implement xmlTextWriterClose
- parser: Avoid duplicate namespace errors
- parser: Add XML_PARSE_NO_XXE parser option
- parser: Make xmlParseContent more useful
- error: Make xmlFormatError public
- encoding: Check whether encoding handlers support input/output
- SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE
- parser: Lower maximum entity nesting depth
- parser: Set depth limit to 2048 with XML_PARSE_HUGE
- parser: Implement xmlCtxtSetOptions
- parser: Always prefer option members over bitmask
- parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set
- parser: Rework parsing of attribute and entity values
- save: Output U+FFFD replacement characters
- parser: Simplify entity size accounting
- parser: Avoid unwanted expansion of parameter entities
- parser: Always copy content from entity to target
- parser: Simplify control flow in xmlParseReference
- parser: Remove xmlSetEntityReferenceFunc feature
- parser: Push general entity input streams on the stack
- parser: Move progressive flag into input struct
- parser: Fix in-parameter-entity and in-external-dtd checks
- xpath: Rewrite substring-before and substring-after
- xinclude: Only set xml:base if necessary
- xinclude: Allow empty nodesets
- parser: Rework general entity parsing
- io: Fix close error handling
- io: Fix read/write error handling
- io: More refactoring and unescaping fixes
- io: Move some code from xmlIO.c to parserInternals.c
- uri: Clean up special parsing modes
- xinclude: Rework xml:base fixup
- parser: Also set document properties when push parsing
- include: Move non-generated parts from xmlversion.h.in
- io: Remove support for HTTP POST
- dict: Move local RNG state to global state
- dict: Get random seed from system PRNG
- io: Don't use "-" to read from stdin
- io: Rework initialization
- io: Consolidate error messages
- xzlib: Fix harmless unsigned integer overflow
- io: Always use unbuffered input
- io: Fix detection of compressed streams
- io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile
- io: Rework default callbacks
- error: Stop printing some errors by default
- xpath: Don't free nodes of XSLT result value trees
- valid: Fix handling of enumerations
- parser: Allow recovery in xmlParseInNodeContext
- encoding: Support ASCII in xmlLookupCharEncodingHandler
- include: Remove useless 'const' from function arguments
- Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const'
conversions (makise-homura)
- Avoid EDG deprecation warnings for LCC compiler
- Avoid EDG -Woverflow warnings on truncating conversions by manually
truncating operand (makise-homura)
- Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by
conversion from unsigned int to int (makise-homura)
- Avoid using no_sanitize attribute on EDG even if compiler shows as GCC
* Build systems:
- meson: convert boolean options to feature option
- meson: Pass LIBXML_STATIC in dependency
- meson: fix compilation with local binaries
- meson: don't use dl dependency on old meson
- meson: fix usage as a subproject
- build: Remove --with-fexceptions configuration option
- autotools: Remove --with-coverage configuration option
- build: Disable HTTP support by default
- Stop defining _REENTRANT
- doc: Don't install example code
- meson: Initial commit
- build: Disable support for compression libraries by default
- Set LIBXML2_FOUND if it has been properly configured
- Makefile.am: omit $(top_builddir) from DEPS and LDADDS
* Test suite
- runtest: Work around broken EUC-JP support in musl iconv
- runtest: Check for IBM-1141 encoding handler
- fuzz: Add xmllint fuzzer
- fuzz: Add fuzzer for XML reader API
- fuzz: New tree API fuzzer
- tests: Remove testOOM
- Don't let gentest.py cast types to 'const somethingPtr' to avoid
- Wignored-qualifiers
* Rebase libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Wed Nov 13 2024 pgajdos@suse.com
- add %{?sle15allpythons} macro [jsc#PED-68]
- use %python_build and %python_install for 15
* Thu Jul 25 2024 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 2.12.9:
+ Security: (CVE-2024-40896) Fix XXE protection in downstream
code.
+ Improvements: Undeprecate xmlKeepBlanksDefault.
* Wed Jun 12 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 2.12.8:
+ parser: Fix performance regression when parsing namespaces.
* Tue May 14 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 2.12.7:
+ Fix buffer overread with `xmllint --htmlout` (CVE-2024-34459, bsc#1224282).
+ xmllint: Fix --pedantic option.
+ save: Handle invalid parent pointers in xhtmlNodeDumpOutput.
* Wed Apr 17 2024 Christoph G <foss@grueninger.de>
- Update to version 2.12.6
* Regressions
- parser: Fix detection of duplicate attributes in XML namespace
- xmlreader: Fix xmlTextReaderConstEncoding
- html: Fix htmlCreatePushParserCtxt with encoding
- xmllint: Return error code if XPath returns empty nodeset
- Update to version 2.12.5
* Security
- [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
* Regressions
- parser: Fix crash in xmlParseInNodeContext with HTML documents
- Update to version 2.12.4
* Regressions
- parser: Fix regression parsing standalone declarations
- autotools: Readd --with-xptr-locs configuration option
- parser: Fix build --without-output
- parser: Don't grow or shrink pull parser memory buffers
- io: Fix memory lifetime issue with input buffers
- Update to version 2.12.3
* Regressions
- parser: Fix namespaces redefined from default attributes
* Build fixes
- include: Rename XML_EMPTY helper macro
- include: Move declaration of xmlInitGlobals
- include: Add missing includes
- include: Move globals from xmlsave.h to parser.h
- include: Readd circular dependency between tree.h and parser.h
- Drop libxml2-CVE-2024-25062.patch as it is part of upstream
* Sat Feb 10 2024 David Anes <david.anes@suse.com>
- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader
* Added libxml2-CVE-2024-25062.patch
* Tue Dec 05 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 2.12.2:
* Regressions:
- parser:
. Fix invalid free in xmlParseBalancedChunkMemoryRecover
. Make CRLF increment line number
- globals: Disable TLS in static Windows builds
- html: Reenable buggy detection of XML declarations
- tree: Fix regression when copying DTDs
* Build fixes
- build: Disable compiler TLS by default
- cmake: Update config.h.cmake.in
- tests: Fix tests --with-valid --without-xinclude
* Fri Nov 24 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to verson 2.12.1:
* Regressions:
- hash: Fix deletion of entries during scan
- parser: Only enable SAX2 if there are SAX2 element handlers
* Build fixes:
- autotools: Stop checking for snprintf
- dict: Fix '__thread' before 'static'
- fix: pthread weak references in globals.c
- tests: Fix build with older MSVC
* Fri Nov 17 2023 David Anes <david.anes@suse.com>
- Bring back a patch that was mistakenly removed in the last update.
* Readded libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* Thu Nov 16 2023 David Anes <david.anes@suse.com>
- Removed patches (already in upstream):
* libxml2-CVE-2023-39615.patch
* libxml2-CVE-2023-45322.patch
* libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* python312.patch
- Update to 2.12.0:
* Major changes:
- Most of the known issues leading to quadratic behavior in the
XML parser were fixed. Internal hash tables were rewritten to
reduce memory consumption.
- Starting with this release, it should be enough to add the
- -with-legacy configuration option to provide maximum ABI
compatibility.
- libxml2 will now store global variables in thread-local
storage if supported by the compiler. This avoids allocating
the data lazily which can result in a fatal error condition.
- A new API function xmlCheckThreadLocalStorage was added so the
allocation can be checked earlier if compiler TLS is not
supported.
- To prepare for future improvements, some API functions now
expect or return a const xmlError struct.
- Several cyclic dependencies in public header files were fixed.
- Refactoring of the encoding code has been mostly completed.
Calling xmlSwitchEncoding from client code is now fully
supported, for example to override the encoding for the push
parser.
- When parsing data from memory, libxml2 will now stream data
chunk by chunk instead of copying the whole buffer (possibly
twice with encodings), reducing peak memory consumption
considerably.
- A new API function xmlCtxtSetMaxAmplification was added to
allow parsing of files that would otherwise trigger the
billion laughs protection.
- Several bugs in the regex determinism checks were fixed.
Invalid XML Schemas which previous versions erroneously
accepted will now be rejected.
* Deprecations
- globals: Deprecate xmlLastError
- parser: Deprecate global parser options
- win32: Deprecate old Windows build system
* Bug fixes
- parser: Stop switching to ISO-8859-1 on encoding errors
- parser: Support encoded external PEs in entity values
- string: Fix UTF-8 validation in xmlGetUTF8Char
- SAX2: Allow multiple top-level elements
- parser: Update line number after coalescing text nodes
- parser: Check for truncated multi-byte sequences
* See the full changelog here:
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.0
* Thu Nov 16 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 2.11.6:
* Regressions:
- threads: Fix --with-thread-alloc
- xinclude: Fix ‘last’ pointer in xmlXIncludeCopyNode
* Bug fixes: parser: Fix potential use-after-free in
xmlParseCharDataInternal
* Mon Nov 13 2023 David Anes <david.anes@suse.com>
- Security fix: CVE-2023-45322 (bsc#1216129)
* use-after-free in xmlUnlinkNode() in tree.c
* Added file libxml2-CVE-2023-45322.patch
* Mon Oct 23 2023 Daniel Garcia <daniel.garcia@suse.com>
- Add python312.patch to make it compatible with python 3.12
https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/226
- Use pyproject_wheel and pyproject_install macros instead of
python_build, python_install
* Mon Sep 04 2023 David Anes <david.anes@suse.com>
- Security fix: CVE-2023-39615 (bsc#1214768)
* crafted xml can cause global buffer overflow
* Added file libxml2-CVE-2023-39615.patch
* Wed Aug 09 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 2.11.5:
+ Regressions:
- parser: Make xmlSwitchEncoding always skip the BOM
- autotools: Improve iconv check
+ Bug fixes:
- valid: Fix c1->parent pointer in xmlCopyDocElementContent
- encoding: Always call ucnv_convertEx with flush set to false
+ Portability: autotools: fix Python module file ext for
cygwin/msys2
+ Tests: runtest: Fix compilation without LIBXML_HTML_ENABLED
* Fri May 19 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 2.11.4:
+ Fixes a serious regression: parser: Fix regression when push
parsing UTF-8 sequences.
* Thu May 11 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 2.11.3:
+ xinclude: Fix false positives in inclusion loop detection.
+ autotools: Fix ICU detection.
+ parser: Fix "huge input lookup" error with push parser.
+ xpath: Fix build without LIBXML_XPATH_ENABLED.
+ hash: Fix possible startup crash with old libxslt versions.
+ autoconf: fix iconv library paths.
* Fri May 05 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 2.11.2:
+ Fix regressions:
- threads: Fix startup crash with weak symbol hack
- win32: Don’t depend on removed .def file
- schemas: Fix memory leak in xmlSchemaValidateStream
* Wed May 03 2023 David Anes <david.anes@suse.com>
- Rebased patches:
* libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
* libxml2-python3-unicode-errors.patch
- Update to 2.11.1:
* Fixes build and ABI issues.
- cmake: Fix va_copy detection (Luca Niccoli)
- libxml.m4: Fix quoting
- Link with --undefined-version
- libxml2.syms: Revert removal of version information
- Update to 2.11.0:
* Major changes
- Protection against entity expansion attacks, also known as
"billion laughs" has been greatly improved. Malicious files
should be detected reliably now and false positives should be
reduced. It is possible though that large documents which make
heavy use of entities are rejected now.
- This release finally fixes symbol visibility on UNIX systems.
Internal symbols will now be hidden. While these symbols were
never declared in public headers, it was still possible to
declare them manually. Now this won't work.
- All symbol information has been removed from the ELF version
script to fix link errors with --no-undefined-version. The
version nodes are kept so it should still be possible to run
binaries linked against older versions.
- About 90 memory errors in code paths handling malloc failures
have been fixed. While these issues shouldn't impact security,
this improves robustness under memory pressure.
- The XInclude engine has been reworked to properly support
nested includes.
- Several cases of quadratic behavior in the XML push parser
have been fixed.
- Refactoring has begun on some buffering and encoding code with
the goal of simplifying this part of the code base and
improving error reporting.
* Other highlights:
- Consolidated private header files.
- Major rework of the autoconf build.
- Deprecated several outdated and internal functions.
* Security
- Fix use-after-free in xmlParseContentInternal() (David Kilzer)
- xmllint: Fix use-after-free with --maxmem
- parser: Fix OOB read when formatting error message
- entities: Rework entity amplification checks
* See the full changelog at https://discourse.gnome.org/t/libxml2-2-11-0-released/15123
* Fri Apr 21 2023 David Anes <david.anes@suse.com>
- Remove unneeded dependency (bsc#1209918).
* Tue Apr 11 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 2.10.4:
+ Security:
- [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
isn’t deterministic
- [CVE-2023-28484, bsc#1210411] Fix null deref in
xmlSchemaFixupComplexType
- schemas: Fix null-pointer-deref in
xmlSchemaCheckCOSSTDerivedOK
+ Regressions:
- SAX2: Ignore namespaces in HTML documents
- io: Fix “buffer full” error with certain buffer sizes
* Wed Feb 01 2023 Dirk Müller <dmueller@suse.com>
- remove zlib-devel, pkgconfig(zlib) is sufficient
/usr/lib64/python3.11/site-packages/__pycache__/drv_libxml2.cpython-311.opt-1.pyc /usr/lib64/python3.11/site-packages/__pycache__/drv_libxml2.cpython-311.pyc /usr/lib64/python3.11/site-packages/__pycache__/libxml2.cpython-311.opt-1.pyc /usr/lib64/python3.11/site-packages/__pycache__/libxml2.cpython-311.pyc /usr/lib64/python3.11/site-packages/drv_libxml2.py /usr/lib64/python3.11/site-packages/libxml2.py /usr/lib64/python3.11/site-packages/libxml2_python-2.14.5.dist-info /usr/lib64/python3.11/site-packages/libxml2_python-2.14.5.dist-info/INSTALLER /usr/lib64/python3.11/site-packages/libxml2_python-2.14.5.dist-info/METADATA /usr/lib64/python3.11/site-packages/libxml2_python-2.14.5.dist-info/RECORD /usr/lib64/python3.11/site-packages/libxml2_python-2.14.5.dist-info/REQUESTED /usr/lib64/python3.11/site-packages/libxml2_python-2.14.5.dist-info/WHEEL /usr/lib64/python3.11/site-packages/libxml2_python-2.14.5.dist-info/top_level.txt /usr/lib64/python3.11/site-packages/libxml2mod.cpython-311-x86_64-linux-gnu.so /usr/share/doc/packages/python311-libxml2 /usr/share/doc/packages/python311-libxml2/README /usr/share/doc/packages/python311-libxml2/apibuild.py /usr/share/doc/packages/python311-libxml2/libxml2class.txt
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Mar 4 22:39:39 2026