libxml2: Upgrade 2.9.13 -> 2.9.14

Security [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer Fix potential double-free in xmlXPtrStringRangeFunction Fix memory leak in xmlFindCharEncodingHandler Normalize XPath strings in-place Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer) Fix leak of xmlElementContent (David Kilzer) Bug fixes Fix parsing of subtracted regex character classes Fix recursion check in xinclude.c Reset last error in xmlCleanupGlobals Fix certain combinations of regex range quantifiers Fix range quantifier on subregex Improvements Fix recovery from invalid HTML start tags Build system, portability Define LFS macros before including system headers Initialize XPath floating-point globals configure: check for icu DEFS (James Hilliard) configure.ac: produce tar.xz only (GNOME policy) (David Seifert) CMakeLists.txt: Fix LIBXML_VERSION_NUMBER Fix build with older Python versions Fix --without-valid build (From OE-Core rev: 393b81058f3b970eb906a7f9daa842d8a0747700) Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c4ba21f4012e8859fc793bec7df76e56eb8058ec) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Jiaqing Zhao <jiaqing.zhao@linux.intel.com> 2022-05-05 16:15:06 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-05-20 10:08:06 +0100
commit: 708d0151242ebb1fe2783210c68095c617ea6088 (patch)
tree: d7959f68624dfc15e6eccab35ed41c84318c9bd0 /meta
parent: 21da7a4def8f59e52b17937531a19c3fd6cda001 (diff)
download: poky-708d0151242ebb1fe2783210c68095c617ea6088.tar.gz
3 files changed, 14 insertions, 111 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
deleted file mode 100644
index e188914613..0000000000
--- a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 22 Feb 2022 11:51:08 +0100
-Subject: [PATCH] Fix --without-valid build
-Regressed in commit 652dd12a.
---
- valid.c | 58 ++++++++++++++++++++++++++++-----------------------------
- 1 file changed, 29 insertions(+), 29 deletions(-)
---
-From https://github.com/GNOME/libxml2.git
- commit 646fe48d1c8a74310c409ddf81fe7df6700052af
-CVE: CVE-2022-23308
-Upstream-Status: Backport
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-diff --git a/valid.c b/valid.c
-index 8e596f1d..9684683a 100644
--- a/valid.c
-+++ b/valid.c
-@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt)
-     return (ret);
- }
- 
-/**
- * xmlValidNormalizeString:
- * @str: a string
- *
- * Normalize a string in-place.
- */
-static void
-xmlValidNormalizeString(xmlChar *str) {
-    xmlChar *dst;
-    const xmlChar *src;
-
-    if (str == NULL)
-        return;
-    src = str;
-    dst = str;
-
-    while (*src == 0x20) src++;
-    while (*src != 0) {
-       if (*src == 0x20) {
-           while (*src == 0x20) src++;
-           if (*src != 0)
-               *dst++ = 0x20;
-       } else {
-           *dst++ = *src++;
-       }
-    }
-    *dst = 0;
-}
-
- #ifdef DEBUG_VALID_ALGO
- static void
- xmlValidPrintNode(xmlNodePtr cur) {
-@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) {
-            (xmlDictOwns(dict, (const xmlChar *)(str)) == 0)))  \
-            xmlFree((char *)(str));
- 
-+/**
-+ * xmlValidNormalizeString:
-+ * @str: a string
-+ *
-+ * Normalize a string in-place.
-+ */
-+static void
-+xmlValidNormalizeString(xmlChar *str) {
-+    xmlChar *dst;
-+    const xmlChar *src;
-+
-+    if (str == NULL)
-+        return;
-+    src = str;
-+    dst = str;
-+
-+    while (*src == 0x20) src++;
-+    while (*src != 0) {
-+       if (*src == 0x20) {
-+           while (*src == 0x20) src++;
-+           if (*src != 0)
-+               *dst++ = 0x20;
-+       } else {
-+           *dst++ = *src++;
-+       }
-+    }
-+    *dst = 0;
-+}
-+
- static int
- xmlIsStreaming(xmlValidCtxtPtr ctxt) {
-     xmlParserCtxtPtr pctxt;
-- 
-2.35.1
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index d211f65da3..cc9da88a29 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -1,4 +1,4 @@
-From f57da62218cf72c1342da82abafdac6b0a2e4997 Mon Sep 17 00:00:00 2001
+From 7196bce35954c4b46391cb0139aeb15ed628fa54 Mon Sep 17 00:00:00 2001
 From: Tony Tascioglu <tony.tascioglu@windriver.com>
 Date: Fri, 14 May 2021 11:50:35 -0400
 Subject: [PATCH] AM_PATH_XML2 uses xml-config which we disable through
@@ -16,16 +16,18 @@ Rebase to 2.9.9
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 Updated to apply cleanly to v2.9.12
 Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
+Rebase to 2.9.14
+Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
 ---
- libxml.m4 | 190 ++----------------------------------------------------
+ libxml.m4 | 189 ++----------------------------------------------------
- 1 file changed, 5 insertions(+), 185 deletions(-)
+ 1 file changed, 5 insertions(+), 184 deletions(-)
-Index: libxml2-2.9.13/libxml.m4
+diff --git a/libxml.m4 b/libxml.m4
-===================================================================
+index fc7790c..1c53585 100644
--- libxml2-2.9.13.orig/libxml.m4
+--- a/libxml.m4
-+++ libxml2-2.9.13/libxml.m4
+++ b/libxml.m4
 @@ -1,191 +1,12 @@
 -# Configure paths for LIBXML2
 -# Simon Josefsson 2020-02-12
@@ -223,3 +225,6 @@ Index: libxml2-2.9.13/libxml.m4
 -  AC_SUBST(XML_LIBS)
 -  rm -f conf.xmltest
 ])
+-- 
+2.34.1
diff --git a/meta/recipes-core/libxml/libxml2_2.9.13.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index e361b53bfd..3081ebf92f 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.13.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -23,11 +23,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
           file://remove-fuzz-from-ptests.patch \
           file://libxml-m4-use-pkgconfig.patch \
           "
-# will be in v2.9.14
-#
-SRC_URI += "file://CVE-2022-23308-fix-regression.patch"
-SRC_URI[archive.sha256sum] = "276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e"
+SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
 SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
 BINCONFIG = "${bindir}/xml2-config"
author	Jiaqing Zhao <jiaqing.zhao@linux.intel.com>	2022-05-05 16:15:06 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-20 10:08:06 +0100
commit	708d0151242ebb1fe2783210c68095c617ea6088 (patch)
tree	d7959f68624dfc15e6eccab35ed41c84318c9bd0 /meta
parent	21da7a4def8f59e52b17937531a19c3fd6cda001 (diff)
download	poky-708d0151242ebb1fe2783210c68095c617ea6088.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch deleted file mode 100644 index e188914613..0000000000 --- a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch +++ /dev/null
@@ -1,99 +0,0 @@
1	From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001
2	From: Nick Wellnhofer <wellnhofer@aevum.de>
3	Date: Tue, 22 Feb 2022 11:51:08 +0100
4	Subject: [PATCH] Fix --without-valid build
5
6	Regressed in commit 652dd12a.
7	---
8	valid.c \| 58 ++++++++++++++++++++++++++++-----------------------------
9	1 file changed, 29 insertions(+), 29 deletions(-)
10	---
11
12	From https://github.com/GNOME/libxml2.git
13	commit 646fe48d1c8a74310c409ddf81fe7df6700052af
14
15	CVE: CVE-2022-23308
16	Upstream-Status: Backport
17
18	Signed-off-by: Joe Slater <joe.slater@windriver.com>
19
20
21	diff --git a/valid.c b/valid.c
22	index 8e596f1d..9684683a 100644
23	--- a/valid.c
24	+++ b/valid.c
25	@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt)
26	return (ret);
27	}
28
29	-/**
30	- * xmlValidNormalizeString:
31	- * @str: a string
32	- *
33	- * Normalize a string in-place.
34	- */
35	-static void
36	-xmlValidNormalizeString(xmlChar *str) {
37	- xmlChar *dst;
38	- const xmlChar *src;
39	-
40	- if (str == NULL)
41	- return;
42	- src = str;
43	- dst = str;
44	-
45	- while (*src == 0x20) src++;
46	- while (*src != 0) {
47	- if (*src == 0x20) {
48	- while (*src == 0x20) src++;
49	- if (*src != 0)
50	- *dst++ = 0x20;
51	- } else {
52	- dst++ = src++;
53	- }
54	- }
55	- *dst = 0;
56	-}
57	-
58	#ifdef DEBUG_VALID_ALGO
59	static void
60	xmlValidPrintNode(xmlNodePtr cur) {
61	@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) {
62	(xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \
63	xmlFree((char *)(str));
64
65	+/**
66	+ * xmlValidNormalizeString:
67	+ * @str: a string
68	+ *
69	+ * Normalize a string in-place.
70	+ */
71	+static void
72	+xmlValidNormalizeString(xmlChar *str) {
73	+ xmlChar *dst;
74	+ const xmlChar *src;
75	+
76	+ if (str == NULL)
77	+ return;
78	+ src = str;
79	+ dst = str;
80	+
81	+ while (*src == 0x20) src++;
82	+ while (*src != 0) {
83	+ if (*src == 0x20) {
84	+ while (*src == 0x20) src++;
85	+ if (*src != 0)
86	+ *dst++ = 0x20;
87	+ } else {
88	+ dst++ = src++;
89	+ }
90	+ }
91	+ *dst = 0;
92	+}
93	+
94	static int
95	xmlIsStreaming(xmlValidCtxtPtr ctxt) {
96	xmlParserCtxtPtr pctxt;
97	--
98	2.35.1
99


diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch index d211f65da3..cc9da88a29 100644 --- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch +++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -1,4 +1,4 @@
1	From f57da62218cf72c1342da82abafdac6b0a2e4997 Mon Sep 17 00:00:00 2001	1	From 7196bce35954c4b46391cb0139aeb15ed628fa54 Mon Sep 17 00:00:00 2001
2	From: Tony Tascioglu <tony.tascioglu@windriver.com>	2	From: Tony Tascioglu <tony.tascioglu@windriver.com>
3	Date: Fri, 14 May 2021 11:50:35 -0400	3	Date: Fri, 14 May 2021 11:50:35 -0400
4	Subject: [PATCH] AM_PATH_XML2 uses xml-config which we disable through	4	Subject: [PATCH] AM_PATH_XML2 uses xml-config which we disable through
@@ -16,16 +16,18 @@ Rebase to 2.9.9
16	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>	16	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
17		17
18	Updated to apply cleanly to v2.9.12	18	Updated to apply cleanly to v2.9.12
19
20	Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>	19	Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
		20
		21	Rebase to 2.9.14
		22	Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
21	---	23	---
22	libxml.m4 \| 190 ++----------------------------------------------------	24	libxml.m4 \| 189 ++----------------------------------------------------
23	1 file changed, 5 insertions(+), 185 deletions(-)	25	1 file changed, 5 insertions(+), 184 deletions(-)
24		26
25	Index: libxml2-2.9.13/libxml.m4	27	diff --git a/libxml.m4 b/libxml.m4
26	===================================================================	28	index fc7790c..1c53585 100644
27	--- libxml2-2.9.13.orig/libxml.m4	29	--- a/libxml.m4
28	+++ libxml2-2.9.13/libxml.m4	30	+++ b/libxml.m4
29	@@ -1,191 +1,12 @@	31	@@ -1,191 +1,12 @@
30	-# Configure paths for LIBXML2	32	-# Configure paths for LIBXML2
31	-# Simon Josefsson 2020-02-12	33	-# Simon Josefsson 2020-02-12
@@ -223,3 +225,6 @@ Index: libxml2-2.9.13/libxml.m4
223	- AC_SUBST(XML_LIBS)	225	- AC_SUBST(XML_LIBS)
224	- rm -f conf.xmltest	226	- rm -f conf.xmltest
225	])	227	])
		228	--
		229	2.34.1
		230


diff --git a/meta/recipes-core/libxml/libxml2_2.9.13.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index e361b53bfd..3081ebf92f 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.13.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -23,11 +23,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
23	file://remove-fuzz-from-ptests.patch \	23	file://remove-fuzz-from-ptests.patch \
24	file://libxml-m4-use-pkgconfig.patch \	24	file://libxml-m4-use-pkgconfig.patch \
25	"	25	"
26	# will be in v2.9.14
27	#
28	SRC_URI += "file://CVE-2022-23308-fix-regression.patch"
29		26
30	SRC_URI[archive.sha256sum] = "276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e"	27	SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
31	SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"	28	SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
32		29
33	BINCONFIG = "${bindir}/xml2-config"	30	BINCONFIG = "${bindir}/xml2-config"