Navigation:
Browse pkgsrc
(this page)
textproc py-lxml
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] 2026-04-19 19:17:42 by Thomas Klausner | Files touched by this commit (2) |  |
Log message: py-lxml: update to 6.1.0. 6.1.0 (2026-04-17) ================== This release fixes a possible external entity injection (XXE) vulnerability in ``iterparse()`` and the ``ETCompatXMLParser``. Features added -------------- * GH#486: The HTML ARIA accessibility attributes were added to the set of safe \ attributes in ``lxml.html.defs``. This allows ``lxml_html_clean`` to pass them through. Patch by oomsveta. * The default chunk size for reading from file-likes in ``iterparse()`` is now \ configurable with a new ``chunk_size`` argument. Bugs fixed ---------- * LP#2146291: The ``resolve_entities`` option was still set to ``True`` for ``iterparse`` and ``ETCompatXMLParser``, allowing for external entity \ injection (XXE) when using these parsers without setting this option explicitly. The default was now changed to ``'internal'`` only (as for the normal XML and \ HTML parsers since lxml 5.0). Issue found by Sihao Qiu as CVE-2026-41066. |
| 2026-04-14 15:18:38 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-lxml: updated to 6.0.4 6.0.4 Bugs fixed * Spurious MemoryError during namespace cleanup. |
| 2026-04-10 06:00:33 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-lxml: updated to 6.0.3 6.0.3 (2026-04-09) Bugs fixed * Several out of memory error cases now raise ``MemoryError`` that were not \ handled before. * Slicing with large step values (outside of ``+/- sys.maxsize``) could trigger \ undefined C behaviour. * LP-125399: Some failing tests were fixed or disabled in PyPy. * LP-2138421: Memory leak in error cases when setting the ``public_id`` or \ ``system_url`` of a document. * Memory leak in case of a memory allocation failure when copying document subtrees. * When mapping an XPath result to Python failed, the result memory could leak. * When preparing an XSLT transform failed, the XSLT parameter memory could leak. |
| 2026-01-07 09:49:50 by Thomas Klausner | Files touched by this commit (2525) |
Log message: *: recursive bump for icu 78.1 |
| 2025-10-09 09:58:14 by Thomas Klausner | Files touched by this commit (442) |
Log message: *: remove reference to (removed) Python 3.9 |
| 2025-09-22 10:15:52 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-lxml: updated to 6.0.2 6.0.2 (2025-09-21) Bugs fixed * Compilation with libxml2 2.15.0 failed. Original patch by Xi Ruoyao. * Setting ``decompress=True`` in the parser had no effect in libxml2 2.15. * Binary wheels on Linux and macOS use the library version libxml2 2.14.6. See https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.6 * Test failures in libxml2 2.15.0 were fixed. Other changes * Binary wheels for Py3.9-3.11 on the ``riscv64`` architecture were added. * Error constants were updated to match libxml2 2.15.0. * Built using Cython 3.1.4. |
| 2025-08-23 14:48:08 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-lxml: updated to 6.0.1 6.0.1 (2025-08-22) Bugs fixed * ``lxml.sax._getNsTag()`` could fail with an exception on malformed input. * Some test adaptations were made for libxml2 2.15. Patch by Nick Wellnhofer. * A Python compatibility test was fixed for Python 3.14+. Patch by Lumír Balhar. * Wheels for "riscv64" on recent Python versions were added. Patch by ffgan. * The wheel build no longer requires the ``wheel`` package unconditionally. Patch by Miro Hrončok. * Binary wheels use the library version libxml2 2.14.5. * Windows binary wheels continue to use a security patched library version \ libxml2 2.11.9. |
| 2025-07-04 11:08:39 by Thomas Klausner | Files touched by this commit (49) |
Log message: *: mark more py-cython dependencies as needing Python>=3.11 |
New packages: