Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
---
.../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +- meta/recipes-core/libxml/
.../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ----------
.../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 -------
.../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 --
.../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ---
.../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 --
.../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ----
.../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ----------
.../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 --
...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 ---------------------
.../libxml2/libxml2-fix_node_comparison.patch | 67 ---
libxml2/runtest.patch | 34 +-
.../libxml/{libxml2_2.9.4.bb => libxml2_2.9.5.bb} | 14 +-
13 files changed, 11 insertions(+), 1723 deletions(-)
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658. patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131. patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663. patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969. patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872. patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_ CVE-2017-9048.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_ CVE-2017-9050.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_ pointer_derefs.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_ simplify_xmlParseStartTag2. patch
delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_ comparison.patch
rename meta/recipes-core/libxml/{libxml2_2.9.4.bb => libxml2_2.9.5.bb} (85%)
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use- pkgconfig.patch b/meta/recipes-core/libxml/ libxml2/libxml-m4-use- pkgconfig.patch
index 3277165..d9ed151 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use- pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use- pkgconfig.patch
@@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
- echo "*** If you have an old version installed, it is best to remove it, although"
- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
- [ echo "*** The test program failed to compile or link. See the file config.log for the"
-- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed"
+- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
- CPPFLAGS="$ac_save_CPPFLAGS"
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658. patch b/meta/recipes-core/libxml/ libxml2/libxml2-CVE-2016-4658. patch
deleted file mode 100644
index bb55eed..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658. patch
+++ /dev/null
@@ -1,269 +0,0 @@
-libxml2-2.9.4: Fix CVE-2016-4658
-
-[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
-
-xpointer: Disallow namespace nodes in XPointer points and ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id= ]c1d1f7121194036608bf555f08d306 2a36fd344b
- - [https://git.gnome.org/browse/libxml2/commit/?id= ]3f8a91036d338e51c059d54397a42d 645f019c65
-CVE: CVE-2016-4658
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..911680d 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
-
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start: the starting node
-+ * @startindex: the start index
-+ * @end: the ending point
-+ * @endindex: the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+ xmlNodePtr end, int endindex) {
-+ xmlXPathObjectPtr ret;
-+
-+ /*
-+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+ * Disallow them for now.
-+ */
-+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+
-+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+ if (ret == NULL) {
-+ xmlXPtrErrMemory("allocating range");
-+ return(NULL);
-+ }
-+ memset(ret, 0, sizeof(xmlXPathObject));
-+ ret->type = XPATH_RANGE;
-+ ret->user = start;
-+ ret->index = startindex;
-+ ret->user2 = end;
-+ ret->index2 = endindex;
-+ return(ret);
-+}
-+
-+/**
- * xmlXPtrNewRange:
- * @start: the starting node
- * @startindex: the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
- if (endindex < 0)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = startindex;
-- ret->user2 = end;
-- ret->index2 = endindex;
-+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+ end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
- if (start->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
- if (end == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- if (start == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = NULL;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
- return(ret);
- }
-
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+ xmlNodePtr endNode;
-+ int endIndex;
- xmlXPathObjectPtr ret;
-
- if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- return(NULL);
- switch (end->type) {
- case XPATH_POINT:
-+ endNode = end->user;
-+ endIndex = end->index;
-+ break;
- case XPATH_RANGE:
-+ endNode = end->user2;
-+ endIndex = end->index2;
- break;
- case XPATH_NODESET:
- /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- */
- if (end->nodesetval->nodeNr <= 0)
- return(NULL);
-+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+ endIndex = -1;
- break;
- default:
- /* TODO */
- return(NULL);
- }
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- switch (end->type) {
-- case XPATH_POINT:
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-- break;
-- case XPATH_RANGE:
-- ret->user2 = end->user2;
-- ret->index2 = end->index2;
-- break;
-- case XPATH_NODESET: {
-- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-- ret->index2 = -1;
-- break;
-- }
-- default:
-- STRANGE
-- return(NULL);
-- }
-+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
-@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- case XPATH_RANGE: {
- xmlNodePtr node = tmp->user2;
- if (node != NULL) {
-- if (node->type == XML_ATTRIBUTE_NODE) {
-- /* TODO: Namespace Nodes ??? */
-+ if ((node->type == XML_ATTRIBUTE_NODE) ||
-+ (node->type == XML_NAMESPACE_DECL)) {
- xmlXPathFreeObject(obj);
- xmlXPtrFreeLocationSet(newset);
- XP_ERROR(XPTR_SYNTAX_ERROR);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131. patch b/meta/recipes-core/libxml/ libxml2/libxml2-CVE-2016-5131. patch
deleted file mode 100644
index 9d47d02..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131. patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
-
-CVE: CVE-2016-5131
-Upstream-Status: Backport
-https://git.gnome.org/browse/libxml2/commit/?id= 9ab01a277d71f54d3143c2cf333c5c 2e9aaedd9e
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase | 1 +
- xpath.c | 7 ++++-
- xpointer.c | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d..f19193e 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
- To node
- ELEMENT p
-
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 : Object is a range :
-+ From node
-+ /
-+ To node
-+ ELEMENT chapter
-+ ATTRIBUTE id
-+ TEXT
-+ content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b146383..884b106 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[ 2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841..5a01b1b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- lc = 1;
- break;
- } else if ((NXT(len) == '(')) {
-- /* Note Type or Function */
-+ /* Node Type or Function */
- if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
- "PathExpr: Type search\n");
- #endif
- lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+ } else if (ctxt->xptr &&
-+ xmlStrEqual(name, BAD_CAST "range-to")) {
-+ lc = 1;
-+#endif
- } else {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..d74174a 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
- ret->here = here;
- ret->origin = origin;
-
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
-- xmlXPtrRangeToFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- xmlXPtrRangeFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- * @nargs: the number of args
- *
- * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
- */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-- xmlXPathObjectPtr range;
-- const xmlChar *cur;
-- xmlXPathObjectPtr res, obj;
-- xmlXPathObjectPtr tmp;
-- xmlLocationSetPtr newset = NULL;
-- xmlNodeSetPtr oldset;
-- int i;
--
-- if (ctxt == NULL) return;
-- CHECK_ARITY(1);
-- /*
-- * Save the expression pointer since we will have to evaluate
-- * it multiple times. Initialize the new set.
-- */
-- CHECK_TYPE(XPATH_NODESET);
-- obj = valuePop(ctxt);
-- oldset = obj->nodesetval;
-- ctxt->context->node = NULL;
--
-- cur = ctxt->cur;
-- newset = xmlXPtrLocationSetCreate(NULL);
--
-- for (i = 0; i < oldset->nodeNr; i++) {
-- ctxt->cur = cur;
--
-- /*
-- * Run the evaluation with a node list made of a single item
-- * in the nodeset.
-- */
-- ctxt->context->node = oldset->nodeTab[i];
-- tmp = xmlXPathNewNodeSet(ctxt->context->node);
-- valuePush(ctxt, tmp);
--
-- xmlXPathEvalExpr(ctxt);
-- CHECK_ERROR;
--
-- /*
-- * The result of the evaluation need to be tested to
-- * decided whether the filter succeeded or not
-- */
-- res = valuePop(ctxt);
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
-- if (range != NULL) {
-- xmlXPtrLocationSetAdd(newset, range);
-- }
--
-- /*
-- * Cleanup
-- */
-- if (res != NULL)
-- xmlXPathFreeObject(res);
-- if (ctxt->value == tmp) {
-- res = valuePop(ctxt);
-- xmlXPathFreeObject(res);
-- }
--
-- ctxt->context->node = NULL;
-- }
--
-- /*
-- * The result is used as the new evaluation set.
-- */
-- xmlXPathFreeObject(obj);
-- ctxt->context->node = NULL;
-- ctxt->context->contextSize = -1;
-- ctxt->context->proximityPosition = -1;
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+ int nargs ATTRIBUTE_UNUSED) {
-+ XP_ERROR(XPATH_EXPR_ERROR);
- }
-
- /**
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663. patch b/meta/recipes-core/libxml/ libxml2/libxml2-CVE-2017-0663. patch
deleted file mode 100644
index 0108265..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663. patch
+++ /dev/null
@@ -1,40 +0,0 @@
-libxml2: Fix CVE-2017-0663
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
-
-valid: Fix type confusion in xmlValidateOneNamespace
-
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
-on namespace declarations make no practical sense anyway.
-
-Fixes bug 780228
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id= ]92b9e8c8b3787068565a1820ba575d 042f9eec66
-CVE: CVE-2017-0663
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..e03d35e 100644
---- a/valid.c
-+++ b/valid.c
-@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- }
- }
-
-+ /*
-+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
-+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
-+ * no practical sense to use ID types anyway.
-+ */
-+#if 0
- /* Validity Constraint: ID uniqueness */
- if (attrDecl->atype == XML_ATTRIBUTE_ID) {
- if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
-@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
- ret = 0;
- }
-+#endif
-
- /* Validity Constraint: Notation Attributes */
- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969. patch b/meta/recipes-core/libxml/ libxml2/libxml2-CVE-2017-5969. patch
deleted file mode 100644
index 571b05c..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969. patch
+++ /dev/null
@@ -1,62 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-5969
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
-
-valid: Fix NULL pointer deref in xmlDumpElementContent
-
-Can only be triggered in recovery mode.
-
-Fixes bug 758422
-
-Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id= ]94691dc884d1a8ada39f073408b4bb 92fe7fe882
-CVE: CVE-2017-5969
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..0a8e58a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
- xmlBufferWriteCHAR(buf, content->name);
- break;
- case XML_ELEMENT_CONTENT_SEQ:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " , ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
- break;
- case XML_ELEMENT_CONTENT_OR:
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+ if ((content->c1 != NULL) &&
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- xmlDumpElementContent(buf, content->c1, 1);
- else
- xmlDumpElementContent(buf, content->c1, 0);
- xmlBufferWriteChar(buf, " | ");
-- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+ if ((content->c2 != NULL) &&
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- xmlDumpElementContent(buf, content->c2, 1);
- else
- xmlDumpElementContent(buf, content->c2, 0);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872. patch b/meta/recipes-core/libxml/ libxml2/libxml2-CVE-2017-8872. patch
deleted file mode 100644
index 26779aa..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872. patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 23 Aug 2017 16:04:49 +0800
-Subject: [PATCH] fix CVE-2017-8872
-
-this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
-il too here.
-
-this seems to cure this specific issue, and also passes the testsuite
-
-Signed-off-by: Marcus Meissner <meissner@suse.de>
-
-https://bugzilla.gnome.org/show_bug.cgi?id=775200
-Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527& ]action=diff
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- parser.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 9506ead..6c07ffd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
- }
- ctxt->input->cur = BAD_CAST"";
- ctxt->input->base = ctxt->input->cur;
-+ if (ctxt->input->buf) {
-+ xmlBufEmpty (ctxt->input->buf->buffer);
-+ } else
-+ ctxt->input->length = 0;
- }
- }
-
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_ CVE-2017-9048.patch b/meta/recipes-core/libxml/ libxml2/libxml2-CVE-2017-9047_ CVE-2017-9048.patch
deleted file mode 100644
index 8b03456..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_ CVE-2017-9048.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
-
-valid: Fix buffer size checks in xmlSnprintfElementContent
-
-xmlSnprintfElementContent failed to correctly check the available
-buffer space in two locations.
-
-Fixes bug 781333 and bug 781701
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id= ]932cc9896ab41475d4aa429c27d9af d175959d74
-CVE: CVE-2017-9047 CVE-2017-9048
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml
-new file mode 100644
-index 0000000..01baf11
---- /dev/null
-+++ b/result/valid/781333.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE a [
-+<!ELEMENT a (pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppppp pppppppppppppppppppppppppppp!
ppppppppp
pppppppppppppppppppppppppp:llllllllllllllllllllllllllllll llllllllllllllllllllllllllllll llllllllllllllllllllllllllllll llllllllllllllllllllllllllllll llllllllllllllllllllllllllllll llllllllllllllllllllllllllllll llllllllllllllllllllllllllllll llllllllllllllllllllllllllllll llllllllllllllllllllllllllllll