Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-lxml for openSUSE:Factory checked in at 2026-04-21 12:42:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-lxml (Old) and /work/SRC/openSUSE:Factory/.python-lxml.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-lxml" Tue Apr 21 12:42:04 2026 rev:117 rq:1348083 version:6.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-lxml/python-lxml.changes 2025-09-25 18:44:13.591487057 +0200 +++ /work/SRC/openSUSE:Factory/.python-lxml.new.11940/python-lxml.changes 2026-04-21 12:42:24.156399524 +0200 @@ -1,0 +2,27 @@ +Sun Apr 19 21:26:14 UTC 2026 - Dirk Müller <[email protected]> + +- update to 6.1.0 (CVE-2026-41066): + * This release fixes a possible external entity injection (XXE) + vulnerability in ``iterparse()`` and the ``ETCompatXMLParser``. + * GH#486: The HTML ARIA accessibility attributes were added to + the set of safe attributes in ``lxml.html.defs``. + * The default chunk size for reading from file-likes in + ``iterparse()`` is now configurable with a new ``chunk_size`` + argument. + * LP#2148019: Spurious MemoryError during namespace cleanup. + * Several out of memory error cases now raise ``MemoryError`` + that were not handled before. + * Slicing with large step values (outside of ``+/- + sys.maxsize``) could trigger undefined C behaviour. + * LP#2125399: Some failing tests were fixed or disabled in + PyPy. + * LP#2138421: Memory leak in error cases when setting the + ``public_id`` or ``system_url`` of a document. + * Memory leak in case of a memory allocation failure when + copying document subtrees. + * When mapping an XPath result to Python failed, the result + memory could leak. + * When preparing an XSLT transform failed, the XSLT parameter + memory could leak. + +------------------------------------------------------------------- Old: ---- lxml-6.0.2.tar.gz New: ---- lxml-6.1.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-lxml.spec ++++++ --- /var/tmp/diff_new_pack.4iGXsw/_old 2026-04-21 12:42:24.900430437 +0200 +++ /var/tmp/diff_new_pack.4iGXsw/_new 2026-04-21 12:42:24.900430437 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-lxml # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %{?sle15_python_module_pythons} Name: python-lxml -Version: 6.0.2 +Version: 6.1.0 Release: 0 Summary: Pythonic XML processing library License: BSD-3-Clause AND GPL-2.0-or-later @@ -29,7 +29,7 @@ # PATCH-FIX-OPENSUSE Skip a test under libxml2 2.10.4+ # https://bugs.launchpad.net/lxml/+bug/2016939 Patch1: skip-test-under-libxml2-2.10.4.patch -BuildRequires: %{python_module Cython >= 3.0.7} +BuildRequires: %{python_module Cython >= 3} BuildRequires: %{python_module base >= 3.9} BuildRequires: %{python_module cssselect >= 0.9.1} BuildRequires: %{python_module pip} @@ -113,7 +113,7 @@ %files %{python_files} %license LICENSES.txt -%doc CHANGES.txt CREDITS.txt README.rst +%doc CHANGES.txt README.rst %{python_sitearch}/lxml/ %{python_sitearch}/lxml-%{version}.dist-info %exclude %{python_sitearch}/lxml/*.h ++++++ lxml-6.0.2.tar.gz -> lxml-6.1.0.tar.gz ++++++ ++++ 268346 lines of diff (skipped) ++++++ skip-test-under-libxml2-2.10.4.patch ++++++ --- /var/tmp/diff_new_pack.4iGXsw/_old 2026-04-21 12:42:26.620501903 +0200 +++ /var/tmp/diff_new_pack.4iGXsw/_new 2026-04-21 12:42:26.628502235 +0200 @@ -1,8 +1,8 @@ -Index: lxml-5.1.0/src/lxml/tests/test_etree.py +Index: lxml-6.1.0/src/lxml/tests/test_etree.py =================================================================== ---- lxml-5.1.0.orig/src/lxml/tests/test_etree.py -+++ lxml-5.1.0/src/lxml/tests/test_etree.py -@@ -3256,6 +3256,7 @@ class ETreeOnlyTestCase(HelperTestCase): +--- lxml-6.1.0.orig/src/lxml/tests/test_etree.py ++++ lxml-6.1.0/src/lxml/tests/test_etree.py +@@ -3327,6 +3327,7 @@ class ETreeOnlyTestCase(HelperTestCase): self.assertEqual(re, e.nsmap) self.assertEqual(r, s.nsmap)
