From 1b0e3b30bc27a98468c0f3e19e985e5fd992c650 Mon Sep 17 00:00:00 2001
From: Adrian Dudau <adrian.dudau@enea.com>
Date: Wed, 22 Nov 2017 10:33:21 +0100
Subject: libxml: Remove CVE fixes

These have been fixed already in upstream poky/pyro.

Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
---
 recipes-core/libxml/libxml2/CVE-2017-0663.patch    |  47 ---
 recipes-core/libxml/libxml2/CVE-2017-5969.patch    |  68 -----
 .../libxml2/CVE-2017-9047_CVE-2017-9048.patch      | 118 --------
 .../libxml2/CVE-2017-9049_CVE-2017-9050.patch      | 321 ---------------------
 .../libxml/libxml2/libxml2-CVE-2017-8872.patch     |  41 ---
 recipes-core/libxml/libxml2_%.bbappend             |  10 -
 6 files changed, 605 deletions(-)
 delete mode 100644 recipes-core/libxml/libxml2/CVE-2017-0663.patch
 delete mode 100644 recipes-core/libxml/libxml2/CVE-2017-5969.patch
 delete mode 100644 recipes-core/libxml/libxml2/CVE-2017-9047_CVE-2017-9048.patch
 delete mode 100644 recipes-core/libxml/libxml2/CVE-2017-9049_CVE-2017-9050.patch
 delete mode 100644 recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
 delete mode 100644 recipes-core/libxml/libxml2_%.bbappend

diff --git a/recipes-core/libxml/libxml2/CVE-2017-0663.patch b/recipes-core/libxml/libxml2/CVE-2017-0663.patch
deleted file mode 100644
index a4f88b6..0000000
--- a/recipes-core/libxml/libxml2/CVE-2017-0663.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 6 Jun 2017 12:56:28 +0200
-Subject: Fix type confusion in xmlValidateOneNamespace
-
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on
-namespace declarations make no practical sense anyway.
-
-Fixes bug 780228.
-
-Found with libFuzzer and ASan.
-CVE: CVE-2017-0663
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- valid.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/valid.c b/valid.c
-index 8075d3a..c51ea29 100644
---- a/valid.c
-+++ b/valid.c
-@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- 	}
-     }
- 
-+    /*
-+     * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
-+     * xmlAddID and xmlAddRef for namespace declarations, but it makes
-+     * no practical sense to use ID types anyway.
-+     */
-+#if 0
-     /* Validity Constraint: ID uniqueness */
-     if (attrDecl->atype == XML_ATTRIBUTE_ID) {
-         if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
-@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
-         if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
- 	    ret = 0;
-     }
-+#endif
- 
-     /* Validity Constraint: Notation Attributes */
-     if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
--- 
-cgit v0.12
-
diff --git a/recipes-core/libxml/libxml2/CVE-2017-5969.patch b/recipes-core/libxml/libxml2/CVE-2017-5969.patch
deleted file mode 100644
index 0c5efbe..0000000
--- a/recipes-core/libxml/libxml2/CVE-2017-5969.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 94691dc884d1a8ada39f073408b4bb92fe7fe882 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Wed, 7 Jun 2017 16:47:36 +0200
-Subject: [PATCH] Fix NULL pointer deref in xmlDumpElementContent
-
-Can only be triggered in recovery mode.
-
-Fixes bug 758422 (CVE-2017-5969).
-
-CVE: CVE-2017-5969
-Upstream-Status: Backport
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- valid.c | 24 ++++++++++++++----------
- 1 file changed, 14 insertions(+), 10 deletions(-)
-
-diff --git a/valid.c b/valid.c
-index 9b2df56..8075d3a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
- 	    xmlBufferWriteCHAR(buf, content->name);
- 	    break;
- 	case XML_ELEMENT_CONTENT_SEQ:
--	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
--	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+	    if ((content->c1 != NULL) &&
-+	        ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+	         (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- 		xmlDumpElementContent(buf, content->c1, 1);
- 	    else
- 		xmlDumpElementContent(buf, content->c1, 0);
-             xmlBufferWriteChar(buf, " , ");
--	    if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
--	        ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
--		 (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+	    if ((content->c2 != NULL) &&
-+	        ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-+	         ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-+		  (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- 		xmlDumpElementContent(buf, content->c2, 1);
- 	    else
- 		xmlDumpElementContent(buf, content->c2, 0);
- 	    break;
- 	case XML_ELEMENT_CONTENT_OR:
--	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
--	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+	    if ((content->c1 != NULL) &&
-+	        ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+	         (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- 		xmlDumpElementContent(buf, content->c1, 1);
- 	    else
- 		xmlDumpElementContent(buf, content->c1, 0);
-             xmlBufferWriteChar(buf, " | ");
--	    if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
--	        ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
--		 (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+	    if ((content->c2 != NULL) &&
-+	        ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-+	         ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-+		  (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- 		xmlDumpElementContent(buf, content->c2, 1);
- 	    else
- 		xmlDumpElementContent(buf, content->c2, 0);
--- 
-1.9.1
-
diff --git a/recipes-core/libxml/libxml2/CVE-2017-9047_CVE-2017-9048.patch b/recipes-core/libxml/libxml2/CVE-2017-9047_CVE-2017-9048.patch
deleted file mode 100644
index d26d5c5..0000000
--- a/recipes-core/libxml/libxml2/CVE-2017-9047_CVE-2017-9048.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 932cc9896ab41475d4aa429c27d9afd175959d74 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Sat, 3 Jun 2017 02:01:29 +0200
-Subject: [PATCH] Fix buffer size checks in xmlSnprintfElementContent
-
-xmlSnprintfElementContent failed to correctly check the available
-buffer space in two locations.
-
-Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048).
-
-Thanks to Marcel Böhme and Thuan Pham for the report.
-
-CVE: CVE-2017-9047 CVE-2017-9048
-Upstream-Status: Backport
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- result/valid/781333.xml         |  5 +++++
- result/valid/781333.xml.err     |  3 +++
- result/valid/781333.xml.err.rdr |  6 ++++++
- test/valid/781333.xml           |  4 ++++
- valid.c                         | 20 +++++++++++---------
- 5 files changed, 29 insertions(+), 9 deletions(-)
- create mode 100644 result/valid/781333.xml
- create mode 100644 result/valid/781333.xml.err
- create mode 100644 result/valid/781333.xml.err.rdr
- create mode 100644 test/valid/781333.xml
-
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml
-new file mode 100644
-index 0000000..45dc451
---- /dev/null
-+++ b/result/valid/781333.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE a [
-+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
-new file mode 100644
-index 0000000..b401b49
---- /dev/null
-+++ b/result/valid/781333.xml.err
-@@ -0,0 +1,3 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got 
-+<a/>
-+    ^
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
-new file mode 100644
-index 0000000..5ff5699
---- /dev/null
-+++ b/result/valid/781333.xml.err.rdr
-@@ -0,0 +1,6 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got 
-+<a/>
-+    ^
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+
-+^
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml
-new file mode 100644
-index 0000000..b29e5a6
---- /dev/null
-+++ b/test/valid/781333.xml
-@@ -0,0 +1,4 @@
-+<!DOCTYPE a [
-+    <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/valid.c b/valid.c
-index 19f84b8..9b2df56 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
-         case XML_ELEMENT_CONTENT_PCDATA:
-             strcat(buf, "#PCDATA");
- 	    break;
--	case XML_ELEMENT_CONTENT_ELEMENT:
-+	case XML_ELEMENT_CONTENT_ELEMENT: {
-+            int qnameLen = xmlStrlen(content->name);
-+
-+	    if (content->prefix != NULL)
-+                qnameLen += xmlStrlen(content->prefix) + 1;
-+	    if (size - len < qnameLen + 10) {
-+		strcat(buf, " ...");
-+		return;
-+	    }
- 	    if (content->prefix != NULL) {
--		if (size - len < xmlStrlen(content->prefix) + 10) {
--		    strcat(buf, " ...");
--		    return;
--		}
- 		strcat(buf, (char *) content->prefix);
- 		strcat(buf, ":");
- 	    }
--	    if (size - len < xmlStrlen(content->name) + 10) {
--		strcat(buf, " ...");
--		return;
--	    }
- 	    if (content->name != NULL)
- 		strcat(buf, (char *) content->name);
- 	    break;
-+        }
- 	case XML_ELEMENT_CONTENT_SEQ:
- 	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- 	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- 		xmlSnprintfElementContent(buf, size, content->c2, 0);
- 	    break;
-     }
-+    if (size - strlen(buf) <= 2) return;
-     if (englob)
-         strcat(buf, ")");
-     switch (content->ocur) {
--- 
-1.9.1
-
diff --git a/recipes-core/libxml/libxml2/CVE-2017-9049_CVE-2017-9050.patch b/recipes-core/libxml/libxml2/CVE-2017-9049_CVE-2017-9050.patch
deleted file mode 100644
index c9ad71d..0000000
--- a/recipes-core/libxml/libxml2/CVE-2017-9049_CVE-2017-9050.patch
+++ /dev/null
@@ -1,321 +0,0 @@
-From e26630548e7d138d2c560844c43820b6767251e3 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 5 Jun 2017 15:37:17 +0200
-Subject: [PATCH] Fix handling of parameter-entity references
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-Percent sign in DTD Names
-=========================
-
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing
-"complex" names inside the DTD, this could result in entity expansion
-which created a new input buffer. The fix is to simply remove the call
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because
-no users of the macro require expansion of parameter entities.
-
-- xmlParseNameComplex
-- xmlParseNCNameComplex
-- xmlParseNmtoken
-
-The percent sign is not allowed in names, which are grammatical tokens.
-
-- xmlParseEntityValue
-
-Parameter-entity references in entity values are expanded but this
-happens in a separate step in this function.
-
-- xmlParseSystemLiteral
-
-Parameter-entity references are ignored in the system literal.
-
-- xmlParseAttValueComplex
-- xmlParseCharDataComplex
-- xmlParseCommentComplex
-- xmlParsePI
-- xmlParseCDSect
-
-Parameter-entity references are ignored outside the DTD.
-
-- xmlLoadEntityContent
-
-This function is only called from xmlStringLenDecodeEntities and
-entities are replaced in a separate step immediately after the function
-call.
-
-This bug could also be triggered with an internal subset and double
-entity expansion.
-
-This fixes bug 766956 initially reported by Wei Lei and independently by
-Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
-involved.
-
-xmlParseNameComplex with XML_PARSE_OLD10
-========================================
-
-When parsing Names inside an expanded parameter entity with the
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
-GROW macro if the input buffer was exhausted. At the end of the
-parameter entity's replacement text, this function would then call
-xmlPopInput which invalidated the input buffer.
-
-There should be no need to invoke GROW in this situation because the
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
-at least for UTF-8, in xmlCurrentChar. This also matches the code path
-executed when XML_PARSE_OLD10 is not set.
-
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
-Thanks to Marcel Böhme and Thuan Pham for the report.
-
-Additional hardening
-====================
-
-A separate check was added in xmlParseNameComplex to validate the
-buffer size.
-
-CVE: CVE-2017-9049 CVE-2017-9050
-Upstream-Status: Backport
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- Makefile.am                     | 18 ++++++++++++++++++
- parser.c                        | 18 ++++++++++--------
- result/errors10/781205.xml      |  0
- result/errors10/781205.xml.err  | 21 +++++++++++++++++++++
- result/errors10/781361.xml      |  0
- result/errors10/781361.xml.err  | 13 +++++++++++++
- result/valid/766956.xml         |  0
- result/valid/766956.xml.err     |  9 +++++++++
- result/valid/766956.xml.err.rdr | 10 ++++++++++
- runtest.c                       |  3 +++
- test/errors10/781205.xml        |  3 +++
- test/errors10/781361.xml        |  3 +++
- test/valid/766956.xml           |  2 ++
- test/valid/dtds/766956.dtd      |  2 ++
- 14 files changed, 94 insertions(+), 8 deletions(-)
- create mode 100644 result/errors10/781205.xml
- create mode 100644 result/errors10/781205.xml.err
- create mode 100644 result/errors10/781361.xml
- create mode 100644 result/errors10/781361.xml.err
- create mode 100644 result/valid/766956.xml
- create mode 100644 result/valid/766956.xml.err
- create mode 100644 result/valid/766956.xml.err.rdr
- create mode 100644 test/errors10/781205.xml
- create mode 100644 test/errors10/781361.xml
- create mode 100644 test/valid/766956.xml
- create mode 100644 test/valid/dtds/766956.dtd
-
-diff --git a/Makefile.am b/Makefile.am
-index 6fc8ffa..10e716a 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -427,6 +427,24 @@ Errtests : xmllint$(EXEEXT)
- 	      if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
- 	      rm result.$$name error.$$name ; \
- 	  fi ; fi ; done)
-+	@echo "## Error cases regression tests (old 1.0)"
-+	-@(for i in $(srcdir)/test/errors10/*.xml ; do \
-+	  name=`basename $$i`; \
-+	  if [ ! -d $$i ] ; then \
-+	  if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
-+	      echo New test file $$name ; \
-+	      $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
-+	         2> $(srcdir)/result/errors10/$$name.err \
-+		 > $(srcdir)/result/errors10/$$name ; \
-+	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
-+	  else \
-+	      log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
-+	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
-+	      diff $(srcdir)/result/errors10/$$name result.$$name ; \
-+	      diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
-+	      if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
-+	      rm result.$$name error.$$name ; \
-+	  fi ; fi ; done)
- 	@echo "## Error cases stream regression tests"
- 	-@(for i in $(srcdir)/test/errors/*.xml ; do \
- 	  name=`basename $$i`; \
-diff --git a/parser.c b/parser.c
-index df2efa5..a175ac4 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
- 	ctxt->input->line++; ctxt->input->col = 1;			\
-     } else ctxt->input->col++;						\
-     ctxt->input->cur += l;				\
--    if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt);	\
-   } while (0)
- 
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
-@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- 	    len += l;
- 	    NEXTL(l);
- 	    c = CUR_CHAR(l);
--	    if (c == 0) {
--		count = 0;
--		GROW;
--                if (ctxt->instate == XML_PARSER_EOF)
--                    return(NULL);
--		c = CUR_CHAR(l);
--	    }
- 	}
-     }
-     if ((len > XML_MAX_NAME_LENGTH) &&
-@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
-         xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
-         return(NULL);
-     }
-+    if (ctxt->input->cur - ctxt->input->base < len) {
-+        /*
-+         * There were a couple of bugs where PERefs lead to to a change
-+         * of the buffer. Check the buffer size to avoid passing an invalid
-+         * pointer to xmlDictLookup.
-+         */
-+        xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
-+                    "unexpected change of input buffer");
-+        return (NULL);
-+    }
-     if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
-         return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
-     return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
-new file mode 100644
-index 0000000..da15c3f
---- /dev/null
-+++ b/result/errors10/781205.xml.err
-@@ -0,0 +1,21 @@
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+ %a; 
-+    ^
-+Entity: line 1: 
-+<:0000
-+^
-+Entity: line 1: parser error : DOCTYPE improperly terminated
-+ %a; 
-+    ^
-+Entity: line 1: 
-+<:0000
-+^
-+namespace error : Failed to parse QName ':0000'
-+ %a; 
-+    ^
-+<:0000
-+      ^
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
-+
-+^
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
-new file mode 100644
-index 0000000..655f41a
---- /dev/null
-+++ b/result/errors10/781361.xml.err
-@@ -0,0 +1,13 @@
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
-+
-+^
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+
-+^
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
-+
-+^
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
-+
-+^
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
-new file mode 100644
-index 0000000..34b1dae
---- /dev/null
-+++ b/result/valid/766956.xml.err
-@@ -0,0 +1,9 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+   ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent; 
-+      ^
-+Entity: line 1: 
-+value
-+^
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
-new file mode 100644
-index 0000000..7760346
---- /dev/null
-+++ b/result/valid/766956.xml.err.rdr
-@@ -0,0 +1,10 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+   ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent; 
-+      ^
-+Entity: line 1: 
-+value
-+^
-+./test/valid/766956.xml : failed to parse
-diff --git a/runtest.c b/runtest.c
-index b2ce693..378b38e 100644
---- a/runtest.c
-+++ b/runtest.c
-@@ -4214,6 +4214,9 @@ testDesc testDescriptions[] = {
-     { "Error cases regression tests",
-       errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
-       0 },
-+    { "Error cases regression tests (old 1.0)",
-+      errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
-+      XML_PARSE_OLD10 },
- #ifdef LIBXML_READER_ENABLED
-     { "Error cases stream regression tests",
-       streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
-new file mode 100644
-index 0000000..d9e9e83
---- /dev/null
-+++ b/test/errors10/781205.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE D [
-+  <!ENTITY % a "<:0000">
-+  %a;
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
-new file mode 100644
-index 0000000..67476bc
---- /dev/null
-+++ b/test/errors10/781361.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE doc [
-+  <!ENTITY % elem "<!ELEMENT e0000000000">
-+  %elem;
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml
-new file mode 100644
-index 0000000..19a95a0
---- /dev/null
-+++ b/test/valid/766956.xml
-@@ -0,0 +1,2 @@
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
-+<test/>
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
-new file mode 100644
-index 0000000..dddde68
---- /dev/null
-+++ b/test/valid/dtds/766956.dtd
-@@ -0,0 +1,2 @@
-+<!ENTITY % ent "value">
-+%ä%ent;
--- 
-1.9.1
-
diff --git a/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
deleted file mode 100644
index 6319280..0000000
--- a/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 23 Aug 2017 16:04:49 +0800
-Subject: [PATCH] fix CVE-2017-8872
-
-this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
-il too here.
-
-this seems to cure this specific issue, and also passes the testsuite
-
-Signed-off-by: Marcus Meissner <meissner@suse.de>
-
-https://bugzilla.gnome.org/show_bug.cgi?id=775200
-
-CVE: CVE-2017-8872
-Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- parser.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 9506ead..6c07ffd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
- 	}
- 	ctxt->input->cur = BAD_CAST"";
- 	ctxt->input->base = ctxt->input->cur;
-+	if (ctxt->input->buf) {
-+		xmlBufEmpty (ctxt->input->buf->buffer);
-+	} else
-+		ctxt->input->length = 0;
-     }
- }
- 
--- 
-2.7.4
-
diff --git a/recipes-core/libxml/libxml2_%.bbappend b/recipes-core/libxml/libxml2_%.bbappend
deleted file mode 100644
index b4f5d38..0000000
--- a/recipes-core/libxml/libxml2_%.bbappend
+++ /dev/null
@@ -1,10 +0,0 @@
-# look for files in the layer first
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-SRC_URI += "file://CVE-2017-0663.patch \
-            file://CVE-2017-5969.patch \
-            file://CVE-2017-9047_CVE-2017-9048.patch \
-            file://CVE-2017-9049_CVE-2017-9050.patch \
-            file://libxml2-CVE-2017-8872.patch \
-           "
-
-- 
cgit v1.2.3-54-g00ecf