Upstream update available: libxmlb 0.3.26 → 0.3.27 #4

New issue

Closed

opened 2026-05-20 03:15:51 +03:00 by sbelikov · 1 comment

sbelikov commented

2026-05-20 03:15:51 +03:00

Owner

Upstream update available: `libxmlb` `0.3.26` → `0.3.27`

Package

Package: libxmlb
RPM name: libxmlb
Branch: niceos-5.2
Current EVR: 0.3.26-1
Update class: patch
Compare method: python_rpm
Update policy: leaf
Risk tags: github-upstream

Upstream

Upstream type: github
Upstream project: hughsie/libxmlb
Upstream URL: https://github.com/hughsie/libxmlb
Detected version: 0.3.27
Tag/release: 0.3.27
Source: github_release_latest
Published: 2026-05-18T15:45:28Z
Release URL: https://github.com/hughsie/libxmlb/releases/tag/0.3.27
Source URL: https://api.github.com/repos/hughsie/libxmlb/tarball/0.3.27
Pre-release: False

Signals

Security-relevant keywords detected: True
Policy blocked: False
Policy reason: -
Labels: bot, needs-build, needs-triage, priority/high, security-release, update/patch, upstream-update, upstream/github

Upstream release notes / description

New Features:

Bump the required version of GLib to 2.68 (Richard Hughes)

Bugfixes:

Do not construct an invalid silo when processing more than 30 attrs (Richard Hughes)
Fix NULL pointer dereference when searching with NULL needle (Richard Hughes)
Fix potential use-after-free when building the in() haystack (Richard Hughes)
Fix stem() type-checking the wrong stack position (Richard Hughes)
Handle NULL string opcodes in more functions (Richard Hughes)
Limit operator recursion depth in xb_machine_parse_section (Richard Hughes)
Limit the number of predicates and OR branches in each section (Richard Hughes)
Prevent an infinite loop when parsing a corrupt silo (Richard Hughes)
Reject XML with more than 65535 unique element names (Richard Hughes)

NiceOS maintainer checklist

Confirm that the detected version is a stable upstream release.
Check upstream changelog for security fixes, ABI/API changes and build-system changes.
Check ABI/API compatibility and reverse dependencies.
Download source into NiceOS lookaside storage.
Update Version and related fields in SPECS/*.spec only if policy allows it.
Regenerate SOURCES/sources.lock.json, manifests, metadata and SBOM.
Build SRPM/RPM in a clean NiceOS buildroot.
Run package smoke tests.
Link PR/build logs and close this issue after update or triage.

Bot metadata

Tool: niceos_upstream_monitor.py 1.5
Generated at: 2026-05-24T18:11:05Z

# Upstream update available: `libxmlb` `0.3.26` → `0.3.27` ## Package - Package: `libxmlb` - RPM name: `libxmlb` - Branch: `niceos-5.2` - Current EVR: `0.3.26-1` - Update class: `patch` - Compare method: `python_rpm` - Update policy: `leaf` - Risk tags: `github-upstream` ## Upstream - Upstream type: `github` - Upstream project: `hughsie/libxmlb` - Upstream URL: https://github.com/hughsie/libxmlb - Detected version: `0.3.27` - Tag/release: `0.3.27` - Source: `github_release_latest` - Published: `2026-05-18T15:45:28Z` - Release URL: https://github.com/hughsie/libxmlb/releases/tag/0.3.27 - Source URL: https://api.github.com/repos/hughsie/libxmlb/tarball/0.3.27 - Pre-release: `False` ## Signals - Security-relevant keywords detected: `True` - Policy blocked: `False` - Policy reason: `-` - Labels: `bot, needs-build, needs-triage, priority/high, security-release, update/patch, upstream-update, upstream/github` ## Upstream release notes / description New Features: - Bump the required version of GLib to 2.68 (Richard Hughes) Bugfixes: - Do not construct an invalid silo when processing more than 30 attrs (Richard Hughes) - Fix NULL pointer dereference when searching with NULL needle (Richard Hughes) - Fix potential use-after-free when building the in() haystack (Richard Hughes) - Fix stem() type-checking the wrong stack position (Richard Hughes) - Handle NULL string opcodes in more functions (Richard Hughes) - Limit operator recursion depth in xb_machine_parse_section (Richard Hughes) - Limit the number of predicates and OR branches in each section (Richard Hughes) - Prevent an infinite loop when parsing a corrupt silo (Richard Hughes) - Reject XML with more than 65535 unique element names (Richard Hughes) ## NiceOS maintainer checklist - [ ] Confirm that the detected version is a stable upstream release. - [ ] Check upstream changelog for security fixes, ABI/API changes and build-system changes. - [ ] Check ABI/API compatibility and reverse dependencies. - [ ] Download source into NiceOS lookaside storage. - [ ] Update `Version` and related fields in `SPECS/*.spec` only if policy allows it. - [ ] Regenerate `SOURCES/sources.lock.json`, manifests, metadata and SBOM. - [ ] Build SRPM/RPM in a clean NiceOS buildroot. - [ ] Run package smoke tests. - [ ] Link PR/build logs and close this issue after update or triage. ## Bot metadata - Tool: `niceos_upstream_monitor.py 1.5` - Generated at: `2026-05-24T18:11:05Z`

sbelikov added the

labels

2026-05-20 03:15:51 +03:00

sbelikov commented

2026-05-24 21:11:38 +03:00

Author

Owner

Package version is now 0.3.27 and target version was 0.3.27. Closing as resolved.\n\n_Closed by niceos_upstream_monitor.py 1.5 at 2026-05-24T18:11:38Z._

Package version is now `0.3.27` and target version was `0.3.27`. Closing as resolved.\n\n_Closed by `niceos_upstream_monitor.py 1.5` at `2026-05-24T18:11:38Z`._

sbelikov closed this issue

2026-05-24 21:11:38 +03:00