Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2023-11-02 20:20:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.17445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2" Thu Nov 2 20:20:44 2023 rev:120 rq:1121463 version:2.11.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2023-09-04 13:19:31.315503380 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new.17445/libxml2.changes 2023-11-02 20:20:47.538339693 +0100 @@ -1,0 +2,8 @@ +Mon Oct 23 08:26:09 UTC 2023 - Daniel Garcia <daniel.gar...@suse.com> + +- Add python312.patch to make it compatible with python 3.12 + https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/226 +- Use pyproject_wheel and pyproject_install macros instead of + python_build, python_install + +------------------------------------------------------------------- @@ -6,0 +15,91 @@ + +------------------------------------------------------------------- +Wed Aug 9 15:34:12 UTC 2023 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 2.11.5: + + Regressions: + - parser: Make xmlSwitchEncoding always skip the BOM + - autotools: Improve iconv check + + Bug fixes: + - valid: Fix c1->parent pointer in xmlCopyDocElementContent + - encoding: Always call ucnv_convertEx with flush set to false + + Portability: autotools: fix Python module file ext for + cygwin/msys2 + + Tests: runtest: Fix compilation without LIBXML_HTML_ENABLED + +------------------------------------------------------------------- +Fri May 19 11:51:22 UTC 2023 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 2.11.4: + + Fixes a serious regression: parser: Fix regression when push + parsing UTF-8 sequences. + +------------------------------------------------------------------- +Thu May 11 13:42:48 UTC 2023 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 2.11.3: + + xinclude: Fix false positives in inclusion loop detection. + + autotools: Fix ICU detection. + + parser: Fix "huge input lookup" error with push parser. + + xpath: Fix build without LIBXML_XPATH_ENABLED. + + hash: Fix possible startup crash with old libxslt versions. + + autoconf: fix iconv library paths. + +------------------------------------------------------------------- +Fri May 5 13:55:31 UTC 2023 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 2.11.2: + + Fix regressions: + - threads: Fix startup crash with weak symbol hack + - win32: Donât depend on removed .def file + - schemas: Fix memory leak in xmlSchemaValidateStream + +------------------------------------------------------------------- +Wed May 3 13:17:35 UTC 2023 - David Anes <david.a...@suse.com> + +- Rebased patches: + * libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch + * libxml2-python3-unicode-errors.patch + +- Update to 2.11.1: + * Fixes build and ABI issues. + - cmake: Fix va_copy detection (Luca Niccoli) + - libxml.m4: Fix quoting + - Link with --undefined-version + - libxml2.syms: Revert removal of version information + +- Update to 2.11.0: + * Major changes + - Protection against entity expansion attacks, also known as + "billion laughs" has been greatly improved. Malicious files + should be detected reliably now and false positives should be + reduced. It is possible though that large documents which make + heavy use of entities are rejected now. + - This release finally fixes symbol visibility on UNIX systems. + Internal symbols will now be hidden. While these symbols were + never declared in public headers, it was still possible to + declare them manually. Now this won't work. + - All symbol information has been removed from the ELF version + script to fix link errors with --no-undefined-version. The + version nodes are kept so it should still be possible to run + binaries linked against older versions. + - About 90 memory errors in code paths handling malloc failures + have been fixed. While these issues shouldn't impact security, + this improves robustness under memory pressure. + - The XInclude engine has been reworked to properly support + nested includes. + - Several cases of quadratic behavior in the XML push parser + have been fixed. + - Refactoring has begun on some buffering and encoding code with + the goal of simplifying this part of the code base and + improving error reporting. + * Other highlights: + - Consolidated private header files. + - Major rework of the autoconf build. + - Deprecated several outdated and internal functions. + * Security + - Fix use-after-free in xmlParseContentInternal() (David Kilzer) + - xmllint: Fix use-after-free with --maxmem + - parser: Fix OOB read when formatting error message + - entities: Rework entity amplification checks + * See the full changelog at https://discourse.gnome.org/t/libxml2-2-11-0-released/15123 Old: ---- libxml2-2.10.4.tar.xz New: ---- libxml2-2.11.5.tar.xz python312.patch BETA DEBUG BEGIN: New: - Add python312.patch to make it compatible with python 3.12 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/226 BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.SxJwaS/_old 2023-11-02 20:20:48.398371339 +0100 +++ /var/tmp/diff_new_pack.SxJwaS/_new 2023-11-02 20:20:48.402371486 +0100 @@ -25,12 +25,12 @@ %endif Name: libxml2%{?dash}%{flavor} -Version: 2.10.4 +Version: 2.11.5 Release: 0 License: MIT Summary: A Library to Manipulate XML Files URL: https://gitlab.gnome.org/GNOME/libxml2 -Source0: https://download.gnome.org/sources/%{name}/2.10/libxml2-%{version}.tar.xz +Source0: https://download.gnome.org/sources/%{name}/2.11/libxml2-%{version}.tar.xz Source1: baselibs.conf # W3C Conformance tests Source2: https://www.w3.org/XML/Test/xmlts20080827.tar.gz @@ -45,6 +45,9 @@ # PATCH-FIX-UPSTREAM CVE-2023-39615 bsc#1214768 # https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9 Patch2: libxml2-CVE-2023-39615.patch +# PATCH-FIX-UPSTREAM python312.patch +# https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/226 +Patch3: python312.patch # ### -- openSUSE patches range from 1000 to 1999 -- ### # PATCH-FIX-OPENSUSE @@ -63,6 +66,9 @@ BuildRequires: pkgconfig(zlib) %if 0%{?buildpython} BuildRequires: %{python_module devel} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} BuildRequires: %{python_module xml} BuildRequires: python-rpm-macros BuildRequires: pkgconfig(libxml-2.0) @@ -182,7 +188,8 @@ %else %configure --with-python=%{__python3} pushd python -%python_build +export PYTHONPATH="." +%pyproject_wheel popd %endif @@ -191,14 +198,14 @@ %make_install BASE_DIR="%{_docdir}" DOC_MODULE="%{base_name}" find %{buildroot} -type f -name "*.la" -delete -print mkdir -p "%{buildroot}/%{_docdir}/%{base_name}" -cp -a NEWS README.md TODO* %{buildroot}%{_docdir}/%{base_name}/ +cp -a NEWS README.md %{buildroot}%{_docdir}/%{base_name}/ ln -s libxml2/libxml %{buildroot}%{_includedir}/libxml # Remove duplicated file Copyright as not found by fdupes rm -fr %{buildroot}%{_docdir}/%{base_name}/Copyright %fdupes %{buildroot}%{_datadir} %else pushd python -%python_install +%pyproject_install popd chmod a-x python/tests/*.py %python_expand %fdupes %{buildroot}%{$python_sitearch} @@ -251,7 +258,6 @@ %else %files %{python_files libxml2} -%doc python/TODO %doc python/libxml2class.txt %doc doc/*.py %doc python/README ++++++ libxml2-2.10.4.tar.xz -> libxml2-2.11.5.tar.xz ++++++ ++++ 65829 lines of diff (skipped) ++++++ libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch ++++++ --- /var/tmp/diff_new_pack.SxJwaS/_old 2023-11-02 20:20:49.710419617 +0100 +++ /var/tmp/diff_new_pack.SxJwaS/_new 2023-11-02 20:20:49.714419764 +0100 @@ -2,11 +2,11 @@ xpath.c | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) -Index: libxml2-2.10.3/xpath.c +Index: libxml2-2.11.1/xpath.c =================================================================== ---- libxml2-2.10.3.orig/xpath.c -+++ libxml2-2.10.3/xpath.c -@@ -113,14 +113,32 @@ +--- libxml2-2.11.1.orig/xpath.c ++++ libxml2-2.11.1/xpath.c +@@ -115,14 +115,32 @@ #define XPATH_MAX_STACK_DEPTH 1000000 /* @@ -44,7 +44,7 @@ /* * XPATH_MAX_RECRUSION_DEPTH: -@@ -3689,7 +3707,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, +@@ -3655,7 +3673,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; @@ -53,7 +53,7 @@ xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); return(-1); } -@@ -3745,7 +3763,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm +@@ -3713,7 +3731,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; @@ -62,7 +62,7 @@ xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); return(-1); } -@@ -3800,7 +3818,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c +@@ -3769,7 +3787,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; @@ -71,31 +71,31 @@ xmlXPathErrMemory(NULL, "growing nodeset hit limit\n"); return(-1); } -@@ -3917,7 +3935,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, +@@ -3862,7 +3880,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, } else if (val1->nodeNr == val1->nodeMax) { xmlNodePtr *temp; - if (val1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (val1->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); - return(NULL); + goto error; } -@@ -4003,7 +4021,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP +@@ -3954,7 +3972,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP } else if (set1->nodeNr >= set1->nodeMax) { xmlNodePtr *temp; - if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (set1->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); - return(NULL); + goto error; } -@@ -4057,7 +4075,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN +@@ -4015,7 +4033,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN } else if (set1->nodeNr >= set1->nodeMax) { xmlNodePtr *temp; - if (set1->nodeMax >= XPATH_MAX_NODESET_LENGTH) { + if (set1->nodeMax >= get_max_nodeset_len()) { xmlXPathErrMemory(NULL, "merging nodeset hit limit\n"); - return(NULL); + goto error; } ++++++ libxml2-python3-unicode-errors.patch ++++++ --- /var/tmp/diff_new_pack.SxJwaS/_old 2023-11-02 20:20:49.730420353 +0100 +++ /var/tmp/diff_new_pack.SxJwaS/_new 2023-11-02 20:20:49.734420500 +0100 @@ -2,9 +2,11 @@ python/libxml.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) ---- a/python/libxml.c -+++ b/python/libxml.c -@@ -1621,6 +1621,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU +Index: libxml2-2.11.1/python/libxml.c +=================================================================== +--- libxml2-2.11.1.orig/python/libxml.c ++++ libxml2-2.11.1/python/libxml.c +@@ -1606,6 +1606,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU PyObject *message; PyObject *result; char str[1000]; @@ -12,7 +14,7 @@ #ifdef DEBUG_ERROR printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); -@@ -1637,12 +1638,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU +@@ -1622,12 +1623,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU str[999] = 0; va_end(ap); @@ -28,7 +30,7 @@ - message = libxml_charPtrConstWrap(str); + message = libxml_charPtrConstWrap(ptr); PyTuple_SetItem(list, 1, message); - result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); + result = PyObject_CallObject(libxml_xmlPythonErrorFuncHandler, list); + /* Forget any errors caused in the error handler. */ + PyErr_Clear(); Py_XDECREF(list); ++++++ python312.patch ++++++ >From 548bba106dca7905b6ca915ef58481b3d71f35d8 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Moreno <daniel.gar...@suse.com> Date: Mon, 23 Oct 2023 10:16:34 +0200 Subject: [PATCH] python: Make it compatible with python3.12 Python 3.12 removes distutils so it's mandatory to use setuptools with python >= 3.12. This patch prints a message when trying to run the setup.py script with a python >= 3.12 without setuptools and try to use the setuptools import by default. This patch also creates a new file, pyproject.toml [1], to prepare for building in modern systems. [1] https://peps.python.org/pep-0517/ --- python/pyproject.toml | 3 +++ python/setup.py.in | 12 ++++++++---- 4 files changed, 13 insertions(+), 5 deletions(-) create mode 100755 python/pyproject.toml.in Index: libxml2-2.11.5/python/setup.py.in =================================================================== --- libxml2-2.11.5.orig/python/setup.py.in +++ libxml2-2.11.5/python/setup.py.in @@ -5,11 +5,15 @@ import sys, os try: - import setuptools + from setuptools import setup, Extension except ImportError: - pass - -from distutils.core import setup, Extension + try: + # Using distutils, for python < 3.12 + from distutils.core import setup, Extension + except ImportError: + # distutils is not present in python 3.12 and greater + print("setuptools is required for python >= 3.12") + sys.exit(1) # Below ROOT, we expect to find include, include/libxml2, lib and bin. # On *nix, it is not needed (but should not harm), Index: libxml2-2.11.5/python/pyproject.toml =================================================================== --- /dev/null +++ libxml2-2.11.5/python/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["setuptools"] +build-backend = "setuptools.build_meta"
